Drupal 6.22, 2011-05-25
----------------------
- Made Drupal 6 work better with IIS and Internet Explorer.
- Fixed .po file imports to work better with custom textgroups.
- Improved code documentation at various places.
- Fixed a variety of other bugs.
mirrored by NetBSD.org, had completely hosed file permissions; plus,
it differed in size (but not version) from the distfile available from
the sourceforge project site.
Since the latter actually works, I updated the checksum to use it.
* Various security hardening by Alexander Concha.
* Taxonomy query hardening by John Lamansky.
* Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
* Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
* Improves file upload security on hosts with dangerous security settings.
* Cleans up old WordPress import files if the import does not finish.
* Introduce "clickjacking" protection in modern browsers on admin and login pages.
Jekyll is a simple, blog aware, static site generator. It takes a
template directory (representing the raw form of a website), runs it
through Textile or Markdown and Liquid converters, and spits out a
complete, static website suitable for serving with Apache or your
favorite web server. This is also the engine behind GitHub Pages,
which you can use to host your project's page or blog right here
from GitHub.
Upstream changes:
Version 3.54, Apr 28, 2011
No code changes
[INTERNALS]
- Address test failures in t/tmpdir.t, thanks to Niko Tyni.
Some tests here are failing on some platforms and have been marked as TODO.
Version 3.53, Apr 25, 2011
[NEW FEATURES]
- The DELETE HTTP verb is now supported.
(RT#52614, James Robson, Eduardo Ari#o de la Rubia)
[INTERNALS]
- Correct t/tmpdir.t MANIFEST entry. (RT#64949)
- Update minimum required Perl version to be Perl 5.8.1, which
has been out since 2003. This allows us to drop some hacks
and exceptions (Mark Stosberg)
Version 3.52, Jan 24, 2011
[DOCUMENTATION]
- The documentation for multi-line header handling was been updated to reflect
the changes in 3.51. (Mark Stosberg, ntyni@iki.fi)
[INTERNALS]
- Add missing t/tmpfile.t file. (RT#64949)
- Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg)
- Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni)
Version 3.51, Jan 5, 2011
[NEW FEATURES]
- A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly
exclude a particular scope from triggering printing to the browser when
fatatlsToBrowser is set. (RT#62783, Thanks to papowell)
- The <script> tag now supports the "charset" attribute.
(RT#62907, Thanks to Fabrice Metge)
- In CGI::Cookie, "Max-Age" is now supported for better spec compliance.
(Mark Stosberg)
[BUG FIXES]
- Setting charset() now works for all content types, not just "text/*".
(RT#57945, Thanks to Yanick and Gerv.)
- support for user temporary directories ($HOME/tmp) was commented out
in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni)
- setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been
working but undocumented since 3.12 (which listed it in Changes as
$CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni)
- unfortunately the previous change broke the runtime check for looking
for a new temporary directory if the current one suddenly became
unwritable (Peter Gervai, Niko Tyni)
- A bug was fixed in CGI::Carp triggered by certain death cases in
the BEGIN phase of parent classes.
(RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg)
- CGI::Cookie->new() now follows the documentation and returns undef
if the -name and -value args aren't provided. This new behavior is also
consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg)
- CGI::Cookie->parse() now trims leading and trailing whitespace from cookie
elements as intended. The change also makes this part of the parsing
identical to CGI::Simple::Cookie (Mark Stosberg)
- Temp file handling was improved (RT#62762)
[SECURITY]
- Further improvements have been made to guard against newline injections
in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg)
[PERFORMANCE]
- Make EBCDIC a compile-time constant so there's zero overhead (and less
compiled code) in subroutines that test for it. (Tim Bunce)
- If you just want to use CGI::Cookie, CGI.pm will no longer be loaded
unless you call the bake() method, which requires it. (Mark Stosberg)
[DOCUMENTATION]
- quit referring to the <link> tag as being "rarely used". (Victor Sanders)
- typo and whitespace fixes (RT#62785, thanks to scop@cpan.org)
- The -dtd argument to start_html() is now documented
(RT#60473, Thanks to giecrilj and steve@fisharerojo.org)
- CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0.
- when creating a temporary file in the directory fails, the error message
could indicate the root of the problem better (Peter Gervai, Niko Tyni)
[INTERNALS]
- Re-fixing https test in http.t. (RT#54768, thanks to SPROUT)
- param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg)
Version 3.50, Nov 8, 2010
[SECURITY]
1. The MIME boundary in multipart_init is now random.
Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and Mark Stosberg
2. Further improvements to handling of newlines embedded in header values.
An exception is thrown if header values contain invalid newlines.
Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux,
Lincoln Stein, Fr#d#ric Buclin and Mark Stosberg
[DOCUMENTATION]
1. Correcting/clarifying documentation for param_fetch(). Thanks to
Ren#e B#cker. (RT#59132)
[INTERNALS]
1. Fixing https test in http.t. (RT#54768)
2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple.
- Revert ABI breakage in 2.2.18 caused by the function signature change
of ap_unescape_url_keep2f(). This release restores the signature from
2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
[Eric Covener]
Version 2.9.5 (2011-05-18)
--------------------------
- Updated: updated TCPDF to version 5.9.061 (#2929)
- Added: IE9 compatibility
- Added: added the Swedish editArea translation (#3016)
- Fixed: the code editor did not show up in the file manager (#2922)
- Fixed: the RSS reader did not parse HTML code correctly (#2918)
- Fixed: not all option callbacks worked correctly in override multiple mode (#2976)
- Fixed: the textarea widget did not support the readonly attribute (#2997)
- Fixed: the personal data modules did not handle checkbox fields (#3063)
- Fixed some minor issues
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
HTTP::OAI is a stub module.
HTTP::OAI::Harvester is the harvesting front-end in the OAI-PERL library.
To harvest from an OAI-PMH compliant repository create an HTTP::OAI::Harvester
object using the baseURL option and then call OAI-PMH methods to request data
from the repository. To handle version 1.0/1.1 repositories automatically you
must request Identify() first.
It is recommended that you request an Identify from the Repository and use the
repository() method to update the Identify object used by the harvester.
When making OAI requests the underlying HTTP::OAI::UserAgent module will take
care of automatic redirection (http code 302) and retry-after (http code 503).
OAI-PMH flow control (i.e. resumption tokens) is handled transparently by
HTTP::OAI::Response.
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
Original HTML::Template is written by Sam Tregar, sam@tregar.com with
contributions of many people mentioned there. Their efforts caused
HTML::Template to be mature html tempate engine which separate perl code and
html design. Yet powerful, HTML::Template is slow, especially if mod_perl isn't
available or in case of disk usage and memory limitations.
HTML::Template::Pro is a fast lightweight C/Perl+XS reimplementation of
HTML::Template (as of 2.9) and HTML::Template::Expr (as of 0.0.7). It is not
intended to be a complete replacement, but to be a fast implementation of
HTML::Template if you don't need quering, the extended facility of
HTML::Template. Designed for heavy upload, resource limitations, abcence of
mod_perl.
HTML::Template::Pro has complete support of filters and HTML::Template::Expr's
tag EXPR="<expression>", including user-defined functions and construction
<TMPL_INCLUDE EXPR="...">.
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
This library can be used by CGI::Session to serialize session data.
It uses YAML, or the faster C implementation, YAML::Syck if it is available.
YAML serializers exist not just for Perl but also other dynamic languages,
such as PHP, Python, and Ruby, so storing session data in this format makes it
easy to share session data across different languages.
YAML is made to be friendly for humans to parse as well as other computer
languages. It creates a format that is easier to read than the default
serializer.
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
CGI::Session::Driver::memcached is CGI::Session driver for memcached.
3.1.9 (stable)
- Fix regression introduced in 3.1.8 (#22687)
3.1.8 (stable)
- Windows read-write locks support on Windows XP or later and Windows
Win7 or later (use php_apc-xp.dll or php_apc-win7.dll)
- Fix variable type check in user cache update
- Make warnings that user cannot do anything about debug messages
- Fixed bug #21400 (Minor memory leak in MINFO)
- Fixed bug #18890: Ensure that --enable-apc-debug=no disables debug mode.
- Fixed bug #19459: check for expiry while looping through the iterator slots
3.1.7 (beta)
- pthread read-write locks support
- apc.serializer hooks, export apc_serializer.h as an API
- Fix regression bug #20529: Look up files in CWD
- Pool allocator fixes for large allocations
- trunk compat fixes (Kalle)
- ZTS fixes (Pierre, Hirokawa)
- Readability and warning fixes (Pierre, Kalle)
Zope 2.11.8 (2011/02/04)
Bugs fixed
- Prevent publication of acquired attributes, where the acquired
object does not have a docstring.
https://bugs.launchpad.net/zope2/+bug/713253/
Zope 2.11.7 (2010/09/01)
Bugs Fixed
- Prevent uncaught exceptions from killing ZServer worker threads.
https://bugs.launchpad.net/zope2/+bug/627988
- Ensure that mailhosts which share a queue directory do not double-
deliver mails, by sharing the thread which processes emails for
that directory. https://bugs.launchpad.net/zope2/+bug/574286
- Process "evil" JSON cookies which contain double quotes in violation
of RFC 2965 / 2616. https://bugs.launchpad.net/zope2/+bug/563229
- Ensure that Acquistion wrapper classes always have a ``__getnewargs__``
method, even if it is not provided by the underlying ExtensionClass.
- Fix the ``tp_name`` of the ImplicitAcquisitionWrapper and
ExplicitAcquisitionWrapper to match their Python visible names and thus
have a correct ``__name__``.
- Expand the ``tp_name`` of Acquisition's extension types to hold the
fully qualified name. This ensures classes have their ``__module__``
set correctly.
- Updated 'pytz' external to point to '2010b' version.
- Protect ZCTextIndex's clear method against storing Acquisition wrappers.
- LP #195761: fixed ZMI XML export / import.
- MailHost should fall back to HELO when EHLO fails.
Zope 2.11.6 (2010/01/12)
Bugs Fixed
- LP #491224: proper escaping of rendered error message
- Also look for ZEXP imports within the clienthome directory. This
provides a place to put imports that won't be clobbered by buildout
in a buildout-based Zope instance.
- LP #143444: add labels to checkboxes / radio buttons on import
/ export form.
- Fixed improper handling of IF_MODIFIED_SINCE header
inside Five/browser/resource.py
Zope 2.11.5 (2009/12/22)
Bugs Fixed
- LP #490514: preserve tainting when calling into DTML from ZPT.
- LP #360761 (backported from Acquisition trunk): fix iteration proxy
to pass `self` acquisition-wrapped into `__iter__` and `__getitem__`.
- LP #414757 (backported from Zope trunk): don't emit a IEndRequestEvent
when clearing a cloned request.
- updated to ZODB 3.8.4
Zope 2.11.4 (2009/08/06)
Restructuring
- Moved exception MountedStorageError from ZODB.POSExceptions
to Products.TemporaryFolder.mount (now its only client).
- LP #253362: Moved Zope2-specific module, ZODB/Mount.py, to
Products/TemporaryFolder/mount.py (its only client is
Products/TemporaryFolder/TemporaryFolder.py).
- Removed spurious import-time dependencies from
Products/ZODBMountPoint/MountedObject.py.
Bugs Fixed
- Fixed vulnerabilities in the ZEO network protocol
affecting ZEO storage servers.
Zope 2.11.3 (2009/05/04)
Features added
- SiteErrorLog now includes the entry id in the information copied to
the event log. This allowes you to correlate a user error report with
the event log after a restart, or let's you find the REQUEST
information in the SiteErrorLog when looking at a traceback in the
event log.
Restructuring
- Updated to match all new versions from the yet-unreleased Zope 3.4.1
release (`http://svn.zope.org/zope.release/branches/3.4/
releases/controlled-packages.cfg?rev=99659`).
- Updated to include all new versions from the final Zope 3.4.0 release
(http://download.zope.org/zope3.4/3.4.0/).
- Added 'InitializeClass' alias in 'App.class_init' to ease migration.
In Zope 2.12 it will be recommended to import 'InitializeClass' from
'App.class_init' instead of 'Globals'.
- Moved 'ApplicationDefaultPermissions' from 'App.class_init' to
'AccessControl.Permissions', in order to break an import cycle
in third-party code which avoids imports from 'Globals.' Left
the class importable from its old location without deprecation.
- configure script: setting ZOPE_VERS to '2.11'
- Products.PluginIndexes.PathIndex: backported doc fixes /
optimizations from trunk (and ExtendedPathIndex).
- Updated 'pytz' from '2007f' to '2008i'.
- Moved svn:externals for 'mechanize', 'ClientPath', and 'pytz' to
versions managed outside the Zope3 trunk.
- Testing.ZopeTestCase: Remove quota argument from DemoStorage calls in
preparation for ZODB 3.9.
Bugs Fixed
- Launchpad #373299: Removed bogus string exception in OFS.CopySupport.
- ZPublisher response.setBody: don't append Accept-Encoding to Vary
header if it is already present - this can make cache configuration
difficult. (merged 99493)
- Launchpad #267834: proper separation of HTTP header fields
using CRLF as requested by RFC 2616. (merged 90980, 92625)
- Launchpad #348223: optimize catalog query by breaking out early from
loop over indexes if the result set is already empty.
- "Permission tab": correct wrong form parameter for
the user-permission report
- Launchpad #290254, DateTime/DateTime.py:
added '__setstate__' to cope with old pickles missing a '_micros'
attribute; Python's pickling support was creating a new instance,
*with* a '_micros' attribute, but not clearing that attribute before
updating the instance dict with the unpickled state.
- Launchpad #332168, Shared/DC/RDBMS/Connection.py:
do not expose DB connection strings through exceptions
- Launchpad #324876: tighened regex for detecting the charset
from a meta-equiv header
- Launchpad #174705: ensure that the error info object exposed to a
'tal:on_error' handler has attributes visible to restricted code.
- Acquisition wrappers now correctly proxy __iter__.
Zope 2.10.13 (2011/02/04)
Bugs fixed
- Prevent publication of acquired attributes, where the acquired
object does not have a docstring.
https://bugs.launchpad.net/zope2/+bug/713253/
Zope 2.10.12 (2010/09/01)
Bugs fixed
- Prevent uncaught exceptions from killing ZServer worker threads.
https://bugs.launchpad.net/zope2/+bug/627988
- Updated 'pytz' external to point to '2010b' version (not via Zope3).
- Protect ZCTextIndex's clear method against storing Acquisition wrappers.
- LP #195761: fixed ZMI XML export / import and restored it to the UI.
Zope 2.10.11 (2010/01/12)
Bugs fixed
- LP #491224: proper escaping of rendered error message
- Also look for ZEXP imports within the clienthome directory. This
provides a place to put imports that won't be clobbered by buildout
in a buildout-based Zope instance.
- LP #143444: add labels to checkboxes / radio buttons on
import / export form.
- fixed improper usage of the IF_MODIFIED_SINCE header inside
Five/browser/resource.py (updated to Five 1.5.9)
Zope 2.10.10 (2009/12/22)
Features added
- Testing/custom_zodb.py: added support use a different storage other
than DemoStorage. A dedicated FileStorage can be mount by setting the
$TEST_FILESTORAGE environment variable to a custom Data.fs file. A
ZEO server can be configured using the $TEST_ZEO_HOST and
$TEST_ZEO_PORT environment variables. This new functionality allows us
to use the standard Zope testrunner for writing and running tests
against existing Zope installations.
Bugs fixed
- LP #490514: preserve tainting when calling into DTML from ZPT.
- LP #360761 (backported from Acquisition trunk): fix iteration proxy
to pass `self` acquisition-wrapped into `__iter__` and `__getitem__`.
- LP #414757 (backported from Zope trunk): don't emit a IEndRequestEvent
when clearing a cloned request.
Zope 2.10.9 (2009/08/06)
Restructuring
- Moved exception MountedStorageError from ZODB.POSExceptions
to Products.TemporaryFolder.mount (now its only client).
- LP #253362: Moved Zope2-specific module, ZODB/Mount.py, to
Products/TemporaryFolder/mount.py (its only client is
Products/TemporaryFolder/TemporaryFolder.py).
- Removed spurious import-time dependencies from
Products/ZODBMountPoint/MountedObject.py.
Bugs fixed
- Fixed vulnerabilities in the ZEO network protocol
affecting ZEO storage servers.
Zope 2.10.8 (2009/05/04)
Features added
- SiteErrorLog now includes the entry id in the information copied to
the event log. This allowes you to correlate a user error report with
the event log after a restart, or let's you find the REQUEST
information in the SiteErrorLog when looking at a traceback in the
event log.
Restructuring
- Added 'InitializeClass' alias in 'App.class_init' to ease migration.
In Zope 2.12 it will be recommended to import 'InitializeClass' from
'App.class_init' instead of 'Globals'.
- Moved 'ApplicationDefaultPermissions' from 'App.class_init' to
'AccessControl.Permissions', in order to break an import cycle
in third-party code which avoids imports from 'Globals.' Left
the class importable from its old location without deprecation.
Bugs fixed
- Launchpad #373299: Removed bogus string exception in OFS.CopySupport.
- ZPublisher response.setBody: don't append Accept-Encoding to Vary
header if it is already present - this can make cache configuration
difficult. (merged 99493)
- Launchpad #267834: proper separation of HTTP header fields
using CRLF as requested by RFC 2616. (merged 90980, 92625)
- Launchpad #348223: optimize catalog query by breaking out early from
loop over indexes if the result set is already empty.
- Launchpad ##332168: Connection.py: do not expose DB connection strings
through exceptions
- LP/#143873: Fixed problems when no HTTP_ACCEPT_CHARSET is in the
request. This required an update of zope.publisher to 3.3.3.
- LP/#324876: tighened regex for detecting the charset
from a meta-equiv header
- Acquisition wrappers now correctly proxy __iter__.
- Products.PluginIndexes.PathIndex: backported doc fixes /
optimizations from trunk (and ExtendedPathIndex).
- Launchpad #174705: ensure that the error info object exposed to a
'tal:on_error' handler has attributes visible to restricted code.
- Log an error for failures to read a chunk-size, and return 408 instead
413 when this is due to a read timeout. This change also fixes some cases
of two error documents being sent in the response for the same scenario.
[Eric Covener] Bug 49167
- core: Only log a 408 if it is no keepalive timeout. Bug 39785
[Ruediger Pluem, Mark Montague <markmont umich.edu>]
- core: Treat timeout reading request as 408 error, not 400.
Log 408 errors in access log as was done in Apache 1.3.x.
Bug 39785 [Nobutaka Mantani <nobutaka nobutaka.org>, Stefan Fritsch,
Dan Poirier]
- Core HTTP: disable keepalive when the Client has sent
Expect: 100-continue
but we respond directly with a non-100 response. Keepalive here led
to data from clients continuing being treated as a new request.
Bug 47087. [Nick Kew]
- htpasswd: Change the default algorithm for htpasswd to MD5 on all
platforms. Crypt with its 8 character limit is not useful anymore;
improve out of disk space handling (Bug 30877); print a warning if
a password is truncated by crypt. [Stefan Fritsch]
- mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
Win32's cscript interpreter can only use a single quote as comment char.
[Guenter Knauf]
- configure: Fix htpasswd/htdbm libcrypt link errors with some newer
linkers. [Stefan Fritsch]
- MinGW build improvements. Bug 49535. [John Vandenberg
<jayvdb gmail.com>, Jeff Trawick]
- mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
[Stefan Fritsch]
- core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
in request URL path info but not decode them. Bug 35256,
Bug 46830. [Dan Poirier]
- mod_rewrite: Allow to unset environment variables. Bug 50746.
[Rainer Jung]
- suEXEC: Add Suexec directive to disable suEXEC without renaming the
binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On). [Jeff Trawick]
- mod_proxy: Put the worker in error state if the SSL handshake with the
backend fails. Bug 50332.
[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
- prefork: Update MPM state in children during a graceful restart.
Allow the HTTP connection handling loop to terminate early
during a graceful restart. Bug 41743.
[Andrew Punch <andrew.punch 247realmedia.com>]
- mod_ssl: Correctly read full lines in input filter when the line is
incomplete during first read. Bug 50481. [Ruediger Pluem]
- mod_autoindex: Merge IndexOptions from server to directory context when
the directory has no mod_autoindex directives. Bug 47766. [Eric Covener]
- mod_cache: Make sure that we never allow a 304 Not Modified response
that we asked for to leak to the client should the 304 response be
uncacheable. Bug 45341 [Graham Leggett]
- mod_dav: Send 400 error if malformed Content-Range header is received for
a put request (RFC 2616 14.16). Bug 49825. [Stefan Fritsch]
- mod_userdir: Add merging of enable, disable, and filename arguments
to UserDir directive, leaving enable/disable of userlists unmerged.
Bug 44076 [Eric Covener]
- core: Honor 'AcceptPathInfo OFF' during internal redirects,
such as per-directory mod_rewrite substitutions. Bug 50349.
[Eric Covener]
- mod_cache: Check the request to determine whether we are allowed
to return cached content at all, and respect a "Cache-Control:
no-cache" header from a client. Previously, "no-cache" would
behave like "max-age=0". [Graham Leggett]
- mod_mem_cache: Add a debug msg when a streaming response exceeds
MCacheMaxStreamingBuffer, since mod_cache will follow up with a scary
'memory allocation failed' debug message. Bug 49604. [Eric Covener]
- proxy_connect: Don't give up in the middle of a CONNECT tunnel
when the child process is starting to exit. Bug 50220. [Eric Covener]
anti-virus toolkit. Using it will help you securing your home or enterprise
network web traffic. SquidClamav is the most efficient Squid Redirector and
ICAP service antivirus tool for HTTP traffic available for free, it is written
in C and can handle thousand of connections. The way to add more securing on
your network for free is here.
SquidClamav is build for speed and security in mind, it is first used and
tested to secure a network with 2,500 and more users. It is also known to
working fast with 15000+ users.
that support the ICAP protocol to implement content adaptation and filtering
services.
Most of the commercial HTTP proxies must support the ICAP protocol. The open
source Squid 3.x proxy server supports it.
* Fix a vulnerability that allowed Contributor-level users to improperly
publish posts.
* Fix user queries ordered by post count.
* Fix multiple tag queries.
* Prevent over-escaping of post titles when using Quick Edit for pages.
config.new, check within $(DESTDIR) rather than the host system.
Resolves DESTDIR-mode build when privoxy is also installed, common in
make replace.
(No revbump because this change only affects a case where the package
failed to build.)
=== RELEASE 2.3pre2 ===
So dub 16 20:19:07 CEST 2011 mikulas:
Utf-8 text terminal support
Sat Mar 12 23:55:56 MET 2011 mikulas:
Fixed a bug with gpm, if gpm closed a handle on its own,
links would occasionaly close it again
Mon Aug 9 01:35:29 UTC 2010 mikulas:
Don't report terminal size in User-Agent
Thu Aug 5 23:31:59 MET 2010 mikulas:
Scan for header tags even in document body
Sat Jul 31 22:35:04 MET 2010 mikulas:
link rel=prefetch
Sat Jul 31 22:24:06 MET 2010 mikulas:
Interpret style="display:none"
Fri Jun 18 20:39:46 MET 2010 mikulas:
Fixed crash when unknown Content-Enconding is returned by the server
Sat Apr 24 04:11:58 CEST 2010 mikulas:
Fix an occasional lockup with Ctrl-Z, fg and framebuffer
Fixed in 7.21.6 - April 22 2011
Changes:
Added --tr-encoding and CURLOPT_TRANSFER_ENCODING
Bugfixes:
curl-config: fix --version
curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
use HTTPS properly after CONNECT
SFTP: close file before post quote operations
Fixed in 7.21.5 - April 17 2011
Changes:
SOCKOPTFUNCTION: callback can say already-connected
Added --netrc-file
Added (new) support for cyassl
TSL-SRP: enabled with OpenSSL
Added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION
Bugfixes:
nss: avoid memory leak on SSL connection failure
nss: do not ignore failure of SSL handshake
multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
runtests.pl: fix pid number concatenation that prevented it from killing the correct process at times
PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD
multi: close connection on timeout
IMAP in multi mode does SSL connections non-blocking
honours the --disable-ldaps configure option
Force setopt constants written by --libcurl to be long
ssh_connect: treat libssh2 return code better
SFTP upload could stall the state machine when the multi_socket API was used
SFTP and SCP could leak memory when used with the multi interface and the connection was closed
Added missing file to repair the MSVC makefiles
Fixed detection of recvfrom arguments on Android/bionic
GSS: handle reuse fix
transfer: avoid insane conversion of time_t
nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
SMTP-multi: non-blocking connect
SFTP-multi: set cselect for sftp and scp to fix "stall" risk
configure: removed wrongly claimed default paths
pop3: fixed torture tests to succeed
symbols-in-versions: many corrections
if a HTTP request gets retried because the connection was dead, rewind if any data was sent as part of it
only probe for working ipv6 once and then re-use that info for further requests
requests that are asked to bound to a local interface/port will no longer wrongly re-use connections that aren't
libcurl.m4: Add missing quotes in AC_LINK_IFELSE
progress output: don't print the last update on a separate line
POP3: the command to send is STLS, not STARTTLS
POP3: PASS command was not sent after upgrade to TLS
configure: fix libtool warning
nss: allow to use multiple client certificates for a single host
HTTP pipelining: Fix handling of zero-length responses
Don't list NTLM in curl-config when HTTP is disabled
curl_easy_setopt.3: CURLOPT_RESOLVE typo version
OpenSSL: build fine with no-sslv2 versions
checkconnection: don't call with NULL pointer with RTSP and multi interface
Borland makefile updates
configure: libssh2 link fix without pkg-config
certinfo crash
CCC crash
* meta: Allow adding javascript to pages. Only when htmlscrubber is
disabled, naturally. (Thanks, Giuseppe Bilotta) Closes: #623154
* comments: Add avatar picture of comment author, using Libravatar::URL
when available. The avatar is looked up based on the user's openid,
or email address. (Thanks, Francois Marier)
* Recommend libgravatar-url-perl, which contains Libravatar::URL.
* monotone: Implement rcs_getmtime, and work around a problem with monotone
0.48 that affects rcs_getctime. (Thanks, Richard Levitte)
* meta: Fix bug in loading of HTML::Entities that can break inline
archive=yes (mostly masked by other plugins that load the module).
* Be quiet about updating wrappers, except in verbose mode. (jmtd)
* meta: Add FOAF support. Closes: #623156
* Promote Crypt::SSLeay to Recommends; needed for https openid auth.
* tag: Avoid autocreating multiple tag pages that vary only in
capitalization. The first capitalization seen of a tag will be used
for the tag page.
* Fix yaml build dep. Closes: #624712
Based on PR#44869 by Christian Sturm.
additionaly fixes shebang for scriptse.
1.16 2011-04-15 00:00:00
- Emergency release for a critical security issue that can expose
files on your system, everybody should update!
- Fixes several provlems resulting in stalling the client until the
server timed out.
- Fixes ACL bug that made it impossible to build a blacklist.
- Improved logging.
- Extended default filter list.
Firefox 4 is based on the Gecko 2.0 Web platform. This release features
JavaScript execution speeds up to six times faster than the previous
version, new capabilities for Web Developers and Add-on Developers such as
hardware accelerated graphics and HTML5 technologies, and a completely
revised user interface.
Changelog, so far:
Version 1.1.3 (r94)
- Fixed bug with "OTPAuthPINAuthProvider" and <AuthnProviderAlias>
Version 1.1.2 (r87)
- Added "OTPAuthPINAuthProvider" to allow alternate verification of PINs
- Added "OTPAuthLogoutOnIPChange" flag to auto-logout on IP address change
- Build fixes for Solaris
Version 1.1.1 (r66)
- Build fixes
Version 1.1.0 (r44)
- Moved time interval and #digits configuration into users file
- Fixed bug in time based token synchronization at large offsets
- Added support for the Mobile-OTP algorithm: http://motp.sourceforge.net/
- Added otptool(1) one-time password utility program.
- Accept either decimal or hexadecimal values (basic auth only).
Version 1.0.0 (r10)
- Initial release
switch to use gem.
= Changes in 2.2.0 =
Apr 8, 2011 - version 2.2.0
* Features
* Add HTTPClient#cookies as an alias of #cookie_manager.cookies.
* Add res.cookies method. It returns parsed cookie in response header.
It's different from client.cookie_manager.cookies. Manager keeps
persistent cookies in it.
* Add res.headers method which returns a Hash of headers.
Hash key and value are both String. Each key has a single value so you
can't extract exact value when a message has multiple headers like
'Set-Cookie'. Use header['Set-Cookie'] for that purpose.
(It returns an Array always)
* Allow keyword style argument for HTTPClient#get, post, etc.
Introduced keywords are: :body, :query, and :header.
You can write
HTTPClient.get(uri, :header => {'X-custom' => '1'})
instead of;
HTTPClient.get(uri, nil, {'X-custom' => '1'})
* Add new keyword argument :follow_redirect to get/post. Now you can
follow redirection response with passing :follow_redirect => true.
* [INCOMPAT] Rename HTTPClient::HTTP::Message#body to #http_body, then
add #body as an alias of #content. It's incompatible change though
users rarely depends on this method. (I've never seen such a case)
Users who are using req.body and/or res.body should follow this
change. (req.http_body and res.http_body)
* Bug fixes
* Reenable keep-alive for chunked response.
This feature was disabled by c206b687952e1ad3e20c20e69bdbd1a9cb38609e at
2008-12-09. I should have written a test for keep-alive. Now I added it.
Thanks Takahiro Nishimura(@dr_taka_n) for finding this bug.
= Changes in 2.1.7 =
Mar 22, 2011 - version 2.1.7
* Features
* Add MD5-sess auth support. Thanks to wimm-dking. (#47)
* Add SNI support. (Server Name Indication of HTTPS connection) (#49)
* Add GSSAPI auth support using gssapi gem. Thanks to zenchild. (#50)
* NTLM logon to exchange Web Services. [experimental] Thanks to curzonj and mccraigmccraig (#52)
* Add HTTPOnly cookie support. Thanks to nbrosnahan. (#55)
* Add HTTPClient#socket_local for specifying local binding hostname and port of TCP socket. Thanks to icblenke.
* Regression fix: Use bigger buffer for server reads.
* Regression fix: Add reply_header_replace directive for ability lost since 2.7
* Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
* Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
* Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
* Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
* Bug 3164: Total memory info display 32-bit overflows
* Bug 3155: Werror is hard-coded in libTrie build
* Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library
linkage
* Bug 2976: invalid URL on intercepted requests during reconfigure
* Bug 2720: comment in same line as cache/mem_replacement_policy causes error
* Bug 2621: Provide request headers to RESPMOD when using cache_peer.
* Bug 2330: AuthUser objects are never unlocked
* Prevent CONNECT request relaying to origin servers
* squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
* squidclient: send Cache Manager password using -w
* eCAP: give full Request-URI to adapters
* ... and several debug and error display cleanups
which can lead to crashes and possibly code injection
(cve-2010-4205, cve-2011-0471, cve-2011-0473, cve-2011-0478,
cve-2011-0981, cve-2011-0982)
bump PKGREV
Upstream changes:
0.28 Tue Mar 22 2011
If LWP is producing errors, *report them* (Ricardo SIGNES)
0.27 Thu Mar 10 2011
Correct path to Pastie (Sebastian Paaske Tørholm )
Throw an error if you specify -p and files (Shawn M Moore)
Remove Mathbin; doy moved it to a separate dist (Shawn M Moore)
0.26 Wed Feb 23 2011
Add --open (-o) for opening the nopaste in your browser (Thomas Sibley)
0.25 Mon Jan 3 2011
Add support for $GITHUB_USER/$GITHUB_TOKEN to Gist service (Maximilian Gass)
0.24 Tue Dec 21 2010
Gist requires https (Ricardo SIGNES)
0.23 Fri Nov 26 2010
Preserve the source file's extension for ssh (Thomas Sibley)
Use Config::GitLike instead of Config::INI::Reader (Thomas Sibley)
Doc fixes (Thomas Sibley, Justin Hunter)
Code style fixes (Shawn M Moore)
Remove Rafb (Justin Hunter)
Remove Husk (Shawn M Moore)
From Peter Avalos in PR pkg/44762
pkgsrc changes:
- pkglint cleanups
- set LICENSE
- Add MESSAGE to mention the change in configuration file format.
Upstream changes:
suPHP 0.7.1 has been released.
This release fixes a bug causing problems with symbol links in the script path,
which was introduced with the 0.7.0 release.
suPHP 0.7.0 has been released.
With this release, several features that have been on the wish list for a long
time, have been realized:
* The module for Apache 1.3 only supported AddHandler for older releases.
This has been fixed: Now you can use AddType, too.
* PHP source highlighting: Files of MIME type application/x-httpd-php-source
will now be shown with source highlighting. Remember to set the suPHP_PHPPath
directive to enable this feature.
* suPHP_AddHandler and suPHP_RemoveHandler directives can now be used on per
vhost level, too.
* You can configure more than one docroot and use different variables (like
user name or home directory) within docroot and chroot settings.
Attention: The configuration syntax for suphp.conf has slightly changed with
this release. Be sure to read the documentation before upgrading, because
existing configuration files will not work without changing them.
This maintenance and security release fixes almost thirty issues in 3.1,
including:
* Some security hardening to media uploads
* Performance improvements
* Fixes for IIS6 support
* Fixes for taxonomy and PATHINFO (/index.php/) permalinks
* Fixes for various query and taxonomy edge cases that caused some plugin
compatibility issues
Version 3.1.1 also addresses three security issues discovered by
WordPress core developers Jon Cave and Peter Westwood, of wordpress's security
team. The first hardens CSRF prevention in the media uploader. The
second avoids a PHP crash in certain environments when handling
devilishly devised links in comments, and the third addresses an XSS
flaw.
* new option --touch-reload <file> to reload the stack on <file> modification
* --static-map <mountpoint=documentroot> allows to serve static files
* fixed --post-limit management
* disallow empty socket names
* implemented exception_info WSGI support
* new options --reload-on-as <n> and --reload-on-rss <n> allows
to recycle workers when their memory usage is higher than <n> MB
* fixed syslog support (use --log-syslog[=facility] to enable it)
* improved plugin loading system
* added support for RabbitMQ as event dispatcher for the Emperor
* fixed FreeBSD memory report
* PSGI plugin can be compiled without ithreads
* various Emperor fixes
* fixed a regression with setgroups()
* support for shared sockets (used in jails within network namespaces)
November 26, 2006 -0.77.3
Fixed bugs:
1) A=0.65 now converts properly to $A=0.65;
2) Raised the length of parameters on function calls
Also changed
1) Request.ServerVariables("URL") to convert to $_SERVER["PHP_SELF"]
Not really a bug, but an issue when moving servers.
May 16, 2006 - 0.77.1
Matt Brown made the following additions/changes:
1) fixes key bugs in dictionary object support
2) fixes bug in filesystemobject.GetBaseName
3) fixes a couple of semi-colon generation issues
4) adds some support for filesystemobject.Attributes
5) an equal sign in an expression now gets recognized as a comparison
operator
Michael Kohn made the following changes:
1) fixed FormatCurrency so it adds a dollar sign infront of the number
May 14, 2006 - 0.77.0
Matt Brown made the following additions/changes:
1) support for server.execute
2) support for querystring("a").count and form("a").count
3) changed semantics of -phpx options. These now specify the target version.
Added -php5. Added -chgext option to include php version in the extensions
of the output files.
4) support for class constructors with -php4 and -php5.
5) support for class destructors, public and private with -php5.
6) fixed a few more bugs with single line if/then
7) added #define's for all token types and database types -- just for
readability.
8) changed gettoken so that it only returns single quote tokens when
processing jscript.
9) fixed response.expires
10) support for response.cachecontrol
11) improved "<" detection in parse_for_script
12) rudimentary support for virtual includes: a new -v option can be used to
specify a base path for virtual includes.
13) support for ByVal and ByRef
14) support for "is" in conditionals
15) support for vbSunday, etc constants
16) when parsing "sub(x,y,z)", eval_element is no longer called to process
x, y, and z.
17) support for DateSerial and DatePart functions
18) improved support for Now, Date, and Time functions (can call time() or
strftime depending on context)
19) added a -d option, which specifies a file and works like #include (calls
preparse). Useful for converting include files that depend on other
20) support for dictionary objects!
* several more FileSystemObject methods/properties (files, subfolders, size,
name, DateLastModified, GetBaseName)
* "\" in strings (gets converted to \\)
* some support for the ERR object
* in some cases getobject was getting called multiple times per token --
changed things around so that it is only called once
* limited support when "for each" is called against a collection of objects
(target var gets tracked as an object, just like set). As currently coded,
it correctly detects:
Set colFiles=objFolder.Files
For each objFile in colFiles
But does not detect:
For each objFile in objFolder.Files
Michael Kohn made the following changes:
* Removed double dim array's sessionpool and aspextension.
* Changed the way session's are done by using $_SESSION
April 11, 2006 - 0.76.26
Matt Brown made the following changes:
1) mapped vbscript SPLIT function to php EXPLODE (evalelement.c)
2) added support for vbscript MOD operator (evalelement.c)
3) corrected bug in handling of single-line if/then/else statements
(main_parser.c)
August 17, 2005 - 0.76.25
- Fixed a problem with Now()
June 23, 2005 - 0.76.24
- I was using system() calls to mkdir -p to make directories for a couple
of reasons 1) cause it would automatically create all dirs that didn't exist
and 2) cause it set up file permissions the way the system would want it.
this fails miserably on DOS (aka, Microsoft Windows) so I switched it now
to mkdir(). I'd still rather use mkdir -p, but owell. Anyway, this should
fix problems with people using DOS (aka Microsoft Windows).
September 8, 2004 - 0.76.23
- Fixed a bug with &'s from version 0.76.22
September 6, 2004 - 0.76.22
- mysql.c was modified by Tursi to add a semicolon after mysql_query($arg)
- rnd() with a parameter added an extra ). This is now fixed.
- date function changes
- added new command line switch for changing .asp text in response.write to .php
- hex literals are fixed
August 10, 2004 - 0.76.21
- the postgres conversion code has been updated.
January 11, 2004
Added FRAME to list of tags to change links from .asp to .php
December 8, 2003 - 0.76.19
Along with little bug fixes here and there, fixed a problem in the way functions
were converted. Also added a -fulltags option for creating PHP with tags that
look like this: <?php instead of <?.
May 3, 2002
Fixed a problem parsing functions that didn't have parenthesis around them.
Added some Filesystem conversion code. Added an option to convert DOS path's
with backslashes to Unix forward slashes (-fixwinpaths). Fixed a problem with
preparsing include files.
*Rails 3.0.6 (April 5, 2011)
* Fixed XSS vulnerability in `auto_link`. `auto_link` no longer marks input as
html safe. Please make sure that calls to auto_link() are wrapped in a
sanitize(), or a raw() depending on the type of input passed to auto_link().
For example:
<%= sanitize(auto_link(some_user_input)) %>
Thanks to Torben Schulz for reporting this. The fix can be found here:
61ee3449674c591747db95f9b3472c5c3bd9e84d
* Fixes the output of `rake routes` to be correctly match to the
behavior of the application, as the regular expression used to match
the path is greedy and won't capture the format part by default
[Prem Sichanugrist]
* Fixes an issue with number_to_human when converting values which are
less than 1 but greater than -1 [Josh Kalderimis]
* Sensitive query string parameters (specified in
config.filter_parameters) will now be filtered out from the request
paths in the log file. [Prem Sichanugrist, fxn]
* URL parameters which return nil for to_param are now removed from
the query string [Andrew White]
* Don't allow i18n to change the minor version, version now set to ~>
0.5.0 [Santiago Pastorino]
* Make TranslationHelper#translate use the :rescue_format option in
I18n 0.5.0 [Sven Fuchs]
* Fix regression: javascript_include_tag shouldn't raise if you
register an expansion key with nil or [] value [Santiago Pastorino]
* Fix Action caching bug where an action that has a non-cacheable
response always renders a nil response body. It now correctly
renders the response body. [Cheah Chu Yeow]
would build any other object-oriented Python program. This results in smaller
source code developed in less time.
CherryPy is now more than six years old and it is has proven very fast and
stable. It is being used in production by many sites, from the simplest ones to
the most demanding ones.
* Rename fdevent_event_add to _set to reflect what the function does. Fix some
handlers.
* Fix buffer.h to include stdio.h as it is needer for SEGFAULT()
Changes 1.4.27:
* Fix handling return value of SSL_CTX_set_options
* Fix mod_proxy HUP handling (send final chunk, fix usage counter)
* mod_proxy: close connection on write error
* Check uri instead of physical path for directory redirect
* Fix detecting git repository
* [mod_compress] Fix segfault when etags are disabled
* Reset uri.authority before TLS servername handling, reset all "keep-alive"
data in connection_del
* Print double quotes properly when dumping config file
* Include IP addresses on error log on password failures
* Fix stalls while reading from ssl sockets
* Fix etag formatting on boxes with 32-bit longs
* Fix two compiler warnings
* mod_accesslog: fix %p for ipv6 sockets
* mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for
X-Sendfile
* mod_staticfile: add debug output if we ignore a file with
static-file.exclude-extensions
* mod_cgi: fix race condition leaving response not forwarded to client
* mod_accesslog: Fix var declarations mixed in source
* mod_status: Add version to status page
* mod_accesslog: optimize accesslog_append_escaped
* openssl: silence annoying error messages for errno==0
* array.c: improve array_get_unused_element to check data type; fix mem leak if
unused_element didn't find a matching entry
* add check to stop loading plugins twice
* cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
* only require FDEVENT_IN bit to be set for listening connections
* add libev fdevent handler: server.event-handler = "libev"
* mod_proxy: return response as soon as it is available
* don't overwrite global server.force-lowercase-filenames setting
* bind to IPV6-only if ipv6 address was specified
* Ignore require-hooks which exist in %INC
* Reloads by file, not module name
* Add a no Apache::Reload directive which skips reloading for modules that have
it included (useful for Moose compatibility).
* Prepare modperl for the upcoming perl 5.14
* Add lib/ModPerl/MethodLookup.pm to MANIFEST via lib/ModPerl/Manifest.pm
* PerlIOApache_write() now throws an APR::Error object, rather than just
a string error, if modperl_wbucket_write() fails.
* Authentication tests fail with LWP 5.815 and later
* Concise test won't perform unless StatusTerse is set to ON
* Look for a usable apxs in $ENV{PATH} if all other options fail, then prompt
the user for one.
* Work around bootstrap warnings when Apache2::BuildConfig has not been
created yet.
* Remove Apache::test compatibility (part of mod_perl 1.2.7), that code causes
build issues and is 4 versions out of date.
* Make sure perl is built either with multiplicity and ithreads or without both
* Support for "install_vendor" and "install_site" make targets
* Run tests on bundled pure perl Apache::* modules
* Implement a mini-preprocess language for map-files in xs/maps.
* Implement APR::Socket::fileno
* Export PROXYREQ_RESPONSE, a missing PROXYREQ_* constant
* Make sure standard file descriptors are preserved by the perl-script handler
* Fix the filter init handler attribute check in
modperl_filter_resolve_init_handler()
* Make sure buffer is a valid SV in modperl_filter_read()
* Move modperl_response_finish() out of modperl_response_handler_run in
mod_perl.c
Pulled from upcoming 0.3.1
---------------------------------------------------------------------------
* Allow MellonUser variable to be translated through MellonSetEnv
* A /mellon/probeDisco endpoint replaces the builtin:get-metadata
IdP dicovery URL scheme
* New MellonCond directive to enable attribute filtering beyond
MellonRequire functionalities.
* New MellonIdPMetadataGlob directive to load mulitple IdP metadata
using a glob(3) pattern.
Version 0.3.0
---------------------------------------------------------------------------
* New login-endpoint, which allows easier manual initiation of login
requests, and specifying parameters such as IsPassive.
* Validation of Conditions and SubjectConfirmation data in the assertion
we receive from the IdP.
* Various bugfixes.
Summary of changes from 2.1.4 to 2.1.5
* Two bugs relating to Content-Length and possible duplication of Content-Length headers have been resolved.
* Support for bourne-like "here"-documents in the command line interface, allowing <<__EOF__ and similar schemes.
* Fixed an issue with re-using connections after Chunked-Encoding.
* Fix a bug that would inflate the "lost header" count and could cause problems during heavy traffic over a single connection, typically seen by load testing.
* Use the time of cache-insertion for "If-Modified-Since" requests if a "Last-Modified" header isn't provided by the backend.
* Merge multi-line Vary and Cache-Control headers from clients, which Google Chromium seem to split up.
* Various build fixes and documentation improvements
* Various bug fixes.
as library path instead of the source tree. install the tries to relink
the target with the new path, which fails because the just-installed
libraries are not in the buildlink directory.
Just don't rebuild makefiles, the run-time search path has been fixed
by buildlink already.
should fix PR 43385. OK wiz@
* Yaml formatted setup files are now produced by default.
(Perl formatted setup files can still be used.)
* Add timezone setting in setup file. This alows time zone to be configured
via the web.
* comment: Better fix to avoid showing comments of subpages, while
not breaking manual inlining of comments.
* meta: Security fix; don't allow alternative stylesheets to be added
on pages where the htmlscrubber is enabled.
(Updating this leaf package during the freeze for the security and
bug fixes.)
(contains security fix for CVE-2011-0728).
What's changed in loggerhead?
=============================
1.18.1 [24Mar2011]
------------------
- Fix escaping of filenames in revision views.
(William Grant, #740142)
- Add missing import to loggerhead.trace, allowing start-loggerhead
to run when a log.roll config option is set.
(Max Kanat-Alexander, #673999)
1.18 [10Nov2010]
----------------
- Syntax highlighting is no longer applied for files greater than 512K,
reducing codebrowse.launchpad.net overloading.
(Max Kanat-Alexander, #513044)
- Documentation added in the docs directory. README simplified
accordingly. (Tres Seaver).
- Show svn/git/hg revision ids in loggerhead revision view.
(Jelmer Vernooij)
- Fix .bzr/smart access to branches in shared repos. (You also need
a version of bzr with bug #348308 fixed.) (Andrew Bennetts)
- Support FastCGI, SCGI and AJP using flup. (Denis Martinez)
- Repository.get_revision_inventory() was removed in bzr 2.2; use
Repository.get_inventory() instead. (Matt Nordhoff, #528194)
- Ignore readonly+ prefix when checking if Loggerhead is serving a
local location. (Reported by Tres Seaver.) (Matt Nordhoff)
- Set Cache-Control and Expires headers on static pages.
(John Arbash Meinel)
- Generate relative links where possible (everywhere but HTTP
redirects and feed IDs). (Michael Hudson, Matt Nordhoff)
- Fix bad redirect when visiting "/download" or "/download/".
(Matt Nordhoff, #247992)
* comment: Don't show comments of subpages on parent pages.
(Fixes bug introduced in version 3.20100505.)
* darcs: Fix multiple issues preventing rcs_diff from working.
* aggregate: Read cookies from ~/.ikiwiki/cookies by default.
Also, the cookiejar configuration setting can be used by
other plugins to provide a custom `cookie_jar` object for LWP::UserAgent.
(Thanks, schmonz)
* Avoid escaping / characters in filenames when building the cgiurl,
as this confuses eg, cvsweb.
=== Ruby CSS Parser CHANGELOG
=== Version 1.1.3
* allow limiting by media type in add_block!
=== Version 1.1.2
* improve parsing of malformed declarations
* improve support for local files
* added support for loading over SSL
* added support for deflate
==== Version 1.1.1
* Ruby 1.9 compatibility
* @import regexp updates
* various bug fixes
==== Version 1.1.0
* Added support for local @import
* Better remote @import handling
== Changes
* March 13th, 2011: Twelfth public release 1.2.2/1.1.2.
* Security fix in Rack::Auth::Digest::MD5: when authenticator
returned nil, permission was granted on empty password.
== Changes
* March 13th, 2011: Twelfth public release 1.2.2/1.1.2.
* Security fix in Rack::Auth::Digest::MD5: when authenticator
returned nil, permission was granted on empty password.
Changelog
=========
Since 1.7.3.3
------------
bugfix: Security issue with cookies.
bugfix: Issue in combine.php.
bugfix: Issue with report conditions with date comparisons.
bugfix: Fixed langs for es_es and es_la.
bugfix: Logs were not written for subtasks when trashing, untrashing,
archiving and unarchiving tasks.
bugfix: Permissions issue at users history log.
bugfix: Tasks reports shows priority codes instead of showing prioriy names.
bugfix: Fixed: reminder didn't use timezone in some cases.
bugfix: Class name removed from search results.
bugfix: File revisions in search results sometimes shows html code.
bugfix: When reporting objects with list custom properties only the
first value was shown.
bugfix: When composing an email, fields to, cc and bcc not always
select the email from the list if clicking it.
bugfix: Event creator appears twice in the email when other user
accepted the invitation.
bugfix: Email signature does not change when composing an email and
changing the from address.
bugfix: Issue with upload control when attaching a file that already
exists in the system.
bugfix: Bug with CKEditor and Chrome when adding an image to a document.
bugfix: Checkbox were not cleared when reloading contact list.
bugfix: Issue when having more than one tab with Feng Office and
viewing emails in each tab.
bugfix: Templates with assigned tasks are not shown properly at tasks widgets.
bugfix: Date format config handler is not initializing correctly for
some values.
bugfix: Escape characters for report results.
bugfix: Issue with calendar reports.
bugfix: Issue with tasks widget in dashboard.
bugfix: Issue with milestone due dates in listing.
bugfix: Issue with conversation list permissions when viewing an email.
bugfix: LinkedObjectManager issue fixed.
system: CKEditor upgraded to version 3.5.1
feature: Added APC cache for config options and other frequent objects.
feature: Added languages: Bulgarian, Suomi and Svenska.
feature: Upgraded languages: cs_cz, de_de, el_gr, it_it, ja_jp, nb_no,
nl_nl, pl_pl, zh_cn.
feature: Improved the message for emails in outbox when logging in.
feature: Added some indexes and improved parts of the code to improve
performance.
feature: Added more checks when sending emails.
feature: Performance improved for reminder and email pollings.
feature: Show label "Tags" when tags panel is collapsed.
feature: Javascript injection prevention.
Since 1.7.3.2
------------
bugfix: Sending emails fixed to avoid sending an email more than one
time when receiving 'mysql has gone away' msg in the middle of the
process.
Django 1.3’s focus has mostly been on resolving smaller, long-standing feature
requests, but that hasn’t prevented a few fairly significant new features from
landing, including:
* A framework for writing class-based views.
* Built-in support for using Python’s logging facilities.
* Contrib support for easy handling of static files.
* Django’s testing framework now supports (and ships with a copy of) the
unittest2 library.
From Christian Sturm in PR pkg/44755.
1.15 2011-03-18 00:00:00
- Changed default log level in "production" mode from "error" to
"info".
- Improved lookup method in Mojo::IOLoop.
- Fixed a serious Mojo::DOM bug. (moritz)
Upstream changes:
1.14 2011-03-17 00:00:00
- Added support for multiple dns servers to Mojo::IOLoop.
- Added config helper to Mojolicious::Plugin::Config.
- Changed resolv.conf parser in Mojo::IOLoop to use the first
nameserver.
- Changed lookup method in Mojo::IOLoop to pick records randomly.
- Fixed small optional tag bugs in Mojo::DOM.
- Fixed JavaScript/CSS bug in Mojo::DOM.
- Fixed Windows home directory detection bug. (akron)
- Fixed a few warnings.
- Fixed typos.
1.13 2011-03-14 00:00:00
- Deprecated Mojo::Client in favor of the much sleeker
Mojo::UserAgent.
- Made the most common Mojo::IOLoop methods easier to access for the
singleton instance.
- Fixed typos.
1.12 2011-03-10 00:00:00
- Relicensed all artwork to CC-SA, so the whole distribution can be
considered "open" again.
- Deprecated MOJO_JSON_CONFIG environment variable in favor of
MOJO_CONFIG. (crab)
- Added EXPERIMENTAL support for IPv6.
- Added more Perl-ish configuration plugin.
- Added drain callback support for WebSockets.
- Added line numbers to Mojo::JSON error messages. (marcus)
- Removed experimental status from hypnotoad and
Mojolicious::Plugin::TagHelpers.
- Removed experimental status from many attributes and methods all
over Mojolicious.
- Improved attribute support of the select_field tag helper. (yko)
- Improved text_field tag helper.
- Improved tag helper attribute escaping.
- Improved attrs method in Mojo::DOM.
- Updated to jQuery to version 1.5.1.
- Fixed XSS issue in link_to helper.
- Fixed route unescaping bug.
- Fixed small Mojo::DOM bug. (yko)
- Fixed small documentation bug.
- Fixed typos. (kimoto)
From Christian Sturm in PR pkg/44740.
* remove unwanted CONFIGURE_ENV and CONFIGURE_ARGS items.
* add a trick to convert `-pthread' flags to apxs style.
* add user-destdir installation support
