This is a security and bugfix release of MediaWiki 1.15.4.
Two security vulnerabilities were discovered.
Kuriaki Takashi discovered an XSS vulnerability in MediaWiki. It
affects Internet Explorer clients only. The issue is presumed to
affect all recent versions of IE, it has been confirmed on IE 6 and 8.
Noncompliant CSS parsing behaviour in Internet Explorer allows
attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. Full details can be found at:
https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
A CSRF vulnerability was discovered in our login interface. Although
regular logins are protected as of 1.15.3, it was discovered that the
account creation and password reset features were not protected from
CSRF. This could lead to unauthorised access to private wikis. See
https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 for details.
These vulnerabilities are serious and all users are advised to
upgrade. Remember that CSRF and XSS vulnerabilities can be used even
against firewall-protected intranet installations, as long as the
attacker can guess the URL.
Pkgsrc changes:
- Adjust dependencies
Upstream changes:
0.9938 Sun May 23 17:13:05 PDT 2010
- ErrorDocument: Added Content-Length to error responses (hachi)
- Improved docs about conditional middleware loading
- XSendfile: Updated (undocumented) environment key to switch frontend
- Auth::Basic: Added notes about how to use it with Apache (mod_perl and CGI) [RT #57436]
0.9937 Fri May 14 23:11:27 PDT 2010
- Fixed -I broken in 0.9936 (juster) #114
0.9936 Fri May 14 15:58:02 PDT 2010
- Remove 'use lib "lib"' from plackup
- Remove HTTP_CONTENT_* environment variables in FastCGI handlers to deal with buggy web servers.
(Justin Davis)
0.9935 Wed May 5 15:17:06 PDT 2010
- Set an empty PATH_INFO if CGI environment doesn't set so (hachi) #109
- Fixed a possible weird combination of SCRIPT_NAME and PATH_INFO in CGI handlers
- localize PATH_INFO and SCRIPT_NAME in App::File and subclasses #100
- updated COPYRIGHT notice for Debian
- Middleware::StackTrace now displays text trace to psgi.errors like Rack::ShowExceptions
(castaway, theorbtwo)
- Middleware::StackTrace: Fixed the text stack trace format to be more readable
0.9934 Tue May 4 15:47:33 PDT 2010
- Added a test in CGIBin where binmode ":utf8" causes bad content-length #110
- Doc fix for the deprecated servers
- Initialize Module::Refresh (hiratara)
- Added mime_type to ErorrDocument (kakuno)
0.9933 Tue Apr 27 14:32:23 PDT 2010
- refactored the app.psgi loading error handling
- Enable type checking of the app in Lint->wrap
- allow plackup -e'...'
- Disable FCGI::Client/Net::FastCGI test by default
Upstream changes:
0.43 Sat May 1 22:23:55 CST 2010
* Support for getting REMOTE_PORT -- rgs
0.42_01 Fri Apr 2 12:59:48 EDT 2010
* Patch to t/01live.t to prevent spurious win32 test failures.
Upstream changes:
2010-05-13 Release 5.836
Gisle Aas (1):
Fix problem where $resp->base would downcase its return value
2010-05-05 Release 5.835
Gisle Aas (12):
simple string can be simplified
Make $mess->decoded_content remove XML encoding declarations [RT#52572]
Don't allow saving to filenames starting with '.' suggested by server
Avoid race between testing for existence of output file and opening the file
Minor doc fixup -- wrongly ucfirsted word
Use decoded_content in HTTP:Response synopsis [RT#54139]
sun.com is no more. rip!
Trivial layout tweak to reduce variable scope.
Add 'make test_hudson' target
Implement alt_charset parameter for decoded_content()
Test decoding with different charset parameters
lwp-download now needs the -s option to honor the Content-Disposition header
Ville Skyttä (9):
Make LWP::MediaTypes::media_suffix case insensitive.
Skip XML decoding tests if XML::Simple is not available.
Documentation fixes.
Fix m_media_type => "xhtml" matching.
Make parse_head() apply to data: requests.
Documentation spelling fixes.
Documentation grammar fixes.
Use $uri->secure in m_secure if available.
Fix handling of multiple (same) base headers, and parameters in them.
Mark Stosberg (5):
Strip out empty lines separated by CRLF
Best Practice: avoid indirect object notation
Speed up as_string by 4% by having _sorted_field_names return a reference
Speed up scan() a bit. as_string() from this branch is now 6% faster
Port over as_string() optimizations from HTTP::Headers::Fast
Tom Hukins (2):
Link to referenced documentation.
Update repository location.
Father Chrysostomos (1):
Remove needless (and actually harmful) local $_
Sean M. Burke (1):
"Perl & LWP" is available online
variable is set to the empty string. We will otherwise end up building
all the helpers which is probably not what the user wanted.
This addresses the second halfof PR pkg/43347 by Bernd Ernesti.
DAViCal is a server for calendar sharing. It is an implementation of the
CalDAV protocol which is designed for storing calendaring resources (in
iCalendar format) on a remote shared server.
DAViCal supports basic delegation of read/write access among calendar users,
multiple users (or clients) reading and writing the same calendar entries over
time, and scheduling of meetings with free/busy time displayed.
An increasing number of calendar clients support the maintenance of shared
remote calendars through CalDAV, including Evolution, Mulberry, Chandler,
Mozilla Calendar (Sunbird/Lightning), and various other closed-source
products such as Apple's iCal and iPhone.
* page.tmpl: Accidentially broke po plugin's otherlanguages list
styling when modifying for html5; now fixed.
* Fix a bug that prevented matching deleted comments, and so did
not update pages that had contained them.
changes:
-improved kiosk use
-Yellow location for valid SSL, red for invalid
-UI improvements
-bugfixes
pkgsrc change: Drop Linux conditional for installation if the
adblock config file. It seems to depend on the shared library file
extension which might be different than .so on some platforms, but
it is just a config file which doesn't hurt if it is not found.
May 9, 2010 (1.6.1sr1)
------------
This release addresses the following security issue:
The autologin (using the long-term session cookie) is vulnerable to dictionary
attacks. This issue was originally reported by Bookoo of the Nine Situations
Group in one of his reports in April 2009 but apparently overlooked by the
Geeklog Team. Thanks to geeklog.net user Jack for pointing this out.
* Removed misc.tmpl. Now to theme ikiwiki, you only need to customise
a single template, page.tmpl.
* If you have a locally customised page.tmpl, it needs to be updated
to set <base> when BASEURL or FORCEBAREURL is set.
* comments: Comments pending moderation are now stored in the srcdir
alongside accepted comments, but with a `._comment_pending` extension.
This allows easier byhand moderation, as the "_pending" need
only be stripped off and the comment be committed to version control.
* The `comment_pending()` pagespec can be used to match such unmoderated
comments, which makes it easy to add a feed of them, or a counter
indicating how many there are.
* Belatedly added a `comment()` pagespec.
* Gave comment and page editing forms some CSS and accessability love.
* Renamed postscan hook to indexhtml, to reflect its changed position,
and typical use.
* inline: Call indexhtml when inlining internal pages, so their
text can be indexed for searching.
* Delete hooks are passed deleted internal pages.
* openid: Incorporated a fancy openid-selector signin form.
(Based on <http://code.google.com/p/openid-selector/>)
* openid: Use "openid_identifier" as the form field, as required
by OpenID Authentication v2.0 spec.
* Removed the openidsignup option. Instead, my recommendation is to
leave passwordauth enabled and let people who don't have an openid use it.
The openid selector form avoids the UI annoyance of having both openid
and passwordauth on one form.
* calendar: Allow negative month to be specified. -1 is last month, etc.
(And also negative years.)
* calendar: Display year in title of month calendar.
* Use xhtml friendly pubdate setting.
* remove, rename: Add guards against XSRF attacks.
o major rework and clean up of internal interfaces. move the main
program into main.c, the remaining parts are useable as library.
add bindings for lua. by Alistair G. Crooks <agc@netbsd.org>
o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325
special thanks to al for the majority of these changes.
Thu May 6 20:20:09 BST 2010 - surfraw 2.2.7
* New elvi (surfraw now has over one hundred elvi!):
+ by tczy:
* bing: Search using Microsoft's Bing.
+ by Ivy Foster:
* bookfinder: Search for books using www.bookfinder.com.
* bugmenot: Bypass compulsory web registration with bugmenot.com.
+ by Ian Beckwith:
* duckduckgo: Search the web via duckduckgo.com.
* scroogle: Search Google anonymously via www.scroogle.org.
+ by Simone Fittabile:
* jamendo: Search Jamendo: free music with Creative Commons licenses
* Removed elvi: genpkg (use genportage instead).
* Fixed elvi:
+ cnn
+ imdb (thanks to Sadako)
+ bbcnews (thanks to Sumant Oemrawsingh and James Rowe)
* aur: added options (thanks to Ivy Foster)
* wikipedia, ixquick: support https. Thanks to Simone Fittabile.
* debwiki: remove -w, Debian Women wiki is being merged into main
Debian wiki. Thanks to Simone Fittabile.
* Improved support for screen(1). Thanks to Ivy Foster:
+ Support for using tmux as $SURFRAW_screen.
+ Added `-ns|-newscreen' switch for setting $SURFRAW_new_screen.
+ Added $SURFRAW_screen_args for passing arguments to the defined
screen tool.
* uzbl_load_url_from_surfraw: fix menu.
Thanks to Sumant Oemrawsingh.
Numerous fixes in Konsole, KDE's terminal emulator, among them two possible
crashers in session management
Flash plugin support in KHTML has been enhanced to work with newest Youtube
skins
Case-sensitivity in renaming fixes in KIO, KDE's network-transparent I/O
library
Hiding the mouse cursor in some special cases in presentation mode and two
possible crashers have been fixed
Version 0.6
http://svn.edgewall.org/repos/genshi/tags/0.6.0/
(Apr 22 2010, from branches/stable/0.6.x)
* Support for Python 2.3 has been dropped.
* Rewrite of the XPath evaluation engine for better performance and improved
correctness. This is the result of integrating work done by Marcin Kurczych
during GSoC 2008.
* Updated the Python AST processing for template code evaluation to use the
`_ast` module instead of the deprecated `compiler` package, including an
adapter layer for Python 2.4. This, too, is the result of integrating work
done by Marcin Kurczych during GSoC 2008.
* Added caching in the serialization stage for improved performance in some
cases.
* Various improvements to the HTML sanitization filter.
* Fix problem with I18n filter that would get confused by expressions in
attribute values when inside an `i18n:msg` block (ticket #250).
* Fix problem with the transformation filter dropping events after the
selection (ticket #290).
* `for` loops in template code blocks no longer establish their own locals
scope, meaning you can now access variables assigned in the loop outside
of the loop, just as you can in regular Python code (ticket #259).
* Import statements inside function definitions in template code blocks no
longer result in an UndefinedError when the imported name is accessed
(ticket #276).
* Fixed handling of relative URLs with fragment identifiers containing colons
in the `HTMLSanitizer` (ticket #274).
* Added an option to the `HTMLFiller` to also populate password fields.
* Match template processing no longer produces unwanted duplicate output in
some cases (ticket #254).
* Templates instantiated without a loader now get an implicit loader based on
their file path, or the current directory as a fallback (ticket #320).
* Added documentation for the `TemplateLoader`.
* Enhanced documentation for internationalization.
* Add parameter to displaytime to specify that it is a pubdate,
and in html5 mode, use time tag.
* Add placeholder text in search form (in html5 mode only).
* In html5 mode, use all the nice new semantic tags. Care was taken
to not change the id/class named used in the CSS, so only CSS
that refers to tag types needed to be changed.
* Add ACTIONS variable to page.tmpl, which allows plugins to add arbitrary
links to the action bar without modifying the template further.
(COMMENTSLINK and DISCUSSIONLINK could be folded into this, but
are kept separate for now to avoid breaking modified templates.)
* websetup: Only display Setup button on admins' preferences page.
* graphviz: Fix display of preexisting images in preview mode.
* Fixes a bug in skipping of illegal source files introduced in
3.20100427.
specify DIST_SUBDIR. Fix PR pkg/43249 reported by Robert Elz.
The change was installed TYPOlight's version string only but
binary package has changed. So, bump PKGREVISION.
package gets build with "apache-shared-modules suexec ..." as the options.
Bump package revision for the benefit of users which previously compiled
the package these options and don't have the "suexec" module available.
Problem pointed out by Filip Hajny in private e-mail.
* TMPL_INCLUDE re-enabled for templates read from the templatedir.
(But not in-wiki templates.)
* Version dependency on liburi-perl to >= 1.36; previous versions
did not support building urls from utf-8 strings. Closes: #579713.
* Ikiwiki can be configured to generate html5 instead of the default xhtml
1.0. The html5 output mode is experimental, not yet fully standards
compliant, and will be subject to rapid change.
* htmlscrubber: Allow html5 semantic tags: section, nav, article, aside
hgroup, header, footer, figure, figcaption, time, mark
* htmlscrubber: Also allow some other html5 tags: canvas, progress, meter,
ruby, rt, rp, details, summary, datalist.
* htmlscrubber: Round out html5 video support with the preload
attribute and the source tag.
* htmlscrubber: Allow the html5 form attributes: placeholder, autofocus,
min, max, step, required, autocomplete, novalidate, pattern, list,
and form. (Also the form* override attributes for input and buttons.)
* htmlscrubber: Allow additional misc html5 attributes: reversed,
spellcheck, and hidden.
* template: Fix typo.
Version 2.8.3 (2010-05-01)
--------------------------
- Removed the TinyMCE autoresize plugin
- Fixed: function idnaEncode() encoded the URL multiple times (#1829)
- Fixed: insert tags were not removed in the page description (#1856)
- Fixed: the download element was not hidden if there was no downloadable file (#1853)
- Fixed: ampersand characters were not converted to entities in meta files (#1823, #1831)
- Fixed: image paths were converted to absolute URLs during PDF export (#1843)
- Fixed: search index URLs were incorrect when alias usage is disabled (#1864)
- Fixed: automatically deactivate invalid e-mail addresses while sending newsletters
- Fixed: skipFirst had no effect on news lists without pagination (#1872)
- Fixed: the ModuleWizard and TableWizard were dependent on tl_content (#1883)
- Fixed: the XML news/calendar feeds were not updated if modified via Ajax (#1833)
- Fixed: CSV import failed if the Safe Mode Hack was enabled (#1908)
- Fixed a remote code execution vulnerability in the PDF export function
- Fixed some minor issues
1.) Add missing modules "mod_proxy_scgi.so" and "mod_reqtimeout.so"
if the package is built with shared modules enabled.
This fixes PR pkg/43229 by Ryo HAYASAKA.
2.) Get rid of "PLIST.worker" and use "PLIST_VARS" instead.
3.) Use an option group instead of the "APACHE_MPM" configuration variable
to configure the worker model.
4.) Enable the "apache-shared-modules" options by default. This provides
more flexibility and matches the behaviour of a lot of other
platforms e.g. Solaris or Linux distributions like Ubuntu.
Bump the package revision as the binary package will change by default.
NetBSD Packages Collection.
The Perl 5 module Template::Toolkit::Simple is a simple wrapper
around Template Toolkit. It exports a function called tt which
returns a new Template::Toolkit::Simple object. The object supports
method calls for setting all the Template Toolkit options.
Now you can include customised versions of templates in the source
of your wiki. (For example, templates/page.tmpl.) When these templates
are changed, ikiwiki will automatically rebuild pages that use them.
The --getctime switch is renamed to --gettimes, and it also gets the
file modification time. And it's a lot faster (when using git). But
the really important change is, you don't have to remember to use this
switch. Now ikiwiki will do it when it needs to.
At last, the "tagged()" pagespec only matches tags, not regular wikilinks.
If your wiki accidentially relied on the old, buggy behavior, you might
need to change its pagespecs to use "link()".
Many of your wishes have been answered: Now tag pages can automatically be
created when new tags are used. This feature is enabled by default if you
have configured a tagbase. It can be turned on or off using the
`tag_autocreate` setting.
These changes may also affect some users:
* The `title_natural` sort method (as used by the inline directive, etc)
has been moved to the new sortnaturally plugin, which is not enabled
by default since it requires the Sort::Naturally perl module.
* `TMPL_INCLUDE` is no longer supported in any template used by ikiwiki.
It used to be allowed in certian templates, but not in others.
* The `add_templates` option has been removed from the underlay plugin.
If you used this option, you can instead use templates/ subdirectories
inside underlay directories added by the `add_underlays` option.
Due to the above and other changes, all wikis need to be rebuilt on
upgrade to this version. If you listed your wiki in /etc/ikiwiki/wikilist
this will be done automatically when the Debian package is upgraded. Or
use ikiwiki-mass-rebuild to force a rebuild.
* [ Joey Hess ]
* tag: Automatic creation of tag pages can now be enabled using
the tag_autocreate setting. (David Riebenbauer)
* Customised templates can now be included in the source of wikis
(and also in underlays), and dependencies on them are tracked.
* TMPL_INCLUDE is no longer supported in any template.
* underlay: Removed the add_templates option.
* Add template_depends function to plugin API.
* bzr: Fix bzr log parsing to work with bzr 2.0. (liw)
* comments: Fix missing entity encoding in title.
* txt: Add a special case for robots.txt.
* [ Simon McVittie ]
* Add support for link types, and make the the tagged() pagespec only
match tags, not regular links (a bugfix).
* Rebuild wikis on upgrade to this version to get tag link types recorded
correctly.
* Revamp sorting system; allow new sort methods to be added by plugins,
and add a "sortspec" syntax that can combine, reverse, etc sort methods.
* meta: Add `meta(author)`, `meta(title)` etc sortspecs to allow sorting
by metadata.
* meta: Add optional sortas parameter to author and title meta directives.
This can be used to get names sorted by last name without displaying
them last name first.
* sortnaturally: New plugin; the title_natural sort method has moved here.
* meta: store fields consistently unescaped, and escape on use.
(A wiki rebuild is also needed due to this change.)
* [ Joey Hess ]
* Update dependency for git-core to git transition.
* po: Check that translated underlay directories exist before using them
for master language.
* po: Configuring the same language as master and slave confuses processing;
so filter out such a misconfiguration.
* calendar: Add archive_pagespec, which is used by ikiwiki-calendar to
specify which pages to include on the calendar archive pages.
(The pagespec can still also be specified on the ikiwiki-calendar command
line.)
* pagestats: Class parameter can be used to override default class for
custom styling.
* pagestats: Use style=list to get a list of tags, scaled by use like
in a tag cloud. This is useful to put in a sidebar.
* Rework example blog front page.
* CSS and templates for sidebar changed to use a class, not an id.
* sidebar: Now a sidebar directive can be used to override the sidebar
shown on a page.
* Enable calendar and sidebar in auto-blog.setup.
* sidebar: Add global_sidebars setting.
* conditional: Fix bug that forced "all" mode off by default.
* calendarmonth.tmpl: The month calendar is now put in a sidebar.
* calendar: Improved display of arrows.
* Rename --getctime to --gettime. (The old name still works for
backwards compatibility.)
* --gettime now also looks up last modification time.
* Automatically run --gettime the first time ikiwiki is run on
a given srcdir. (Use --no-gettime to disable.)
* Add rcs_getmtime to plugin API; currently only implemented
for git and svn.
* Optimise --gettime for git, so it's appropriately screamingly
fast. (This could be done for most other backends too.)
* However, --gettime for git no longer follows renames. That would
be slow, and whether a renamed wiki page is the same page is really
an iffy thing.
* Use above to fix up timestamps on docwiki, as well as ensure that
timestamps on basewiki files shipped in the deb are sane.
* autoindex: Switch to using %wikistate instead of abusing
$pagestate{index}.
* bzr: Support rcs_getmtime, and fix rcs_getctime implementation
(Jelmer Vernooij)
* Quite a lot of new optimisations, and one major fix to a recent
performance regression.
* Moved javascript files under the ikiwiki/ directory, to avoid cluttering
the top of the web root. This is another things that requires a wiki
rebuild on upgrade to this version.
* Fix removal of rendered files in rebuild mode.
* Add page() PageSpec, which is like glob() but matches only pages,
not other files.
Packaged by Ryo ONODERA, from pkgsrc-wip.
llgal is a HTML gallery generator for images, videos, text and links.
It is based on igal and adds supports for various types of slides
including movies, text, links and subdirectories and several features
such as the addition of headers and footers in generated HTML files or
the generation of slide captions from JFIF, GIF or EXIF comments.
llgal generates nice web-pages through very simple HTML code that does
not require anything like php or javascript.
Collection.
The Perl 5 module Tatsumaki is a toy port of Tornado for Perl using
Plack (with non-blocking extensions) and AnyEvent.
It allows you to write a web application that does a immediate
response with template rendering, IO-bound delayed response (like
fetching third party API or XML feeds), server push streaming and
long-poll Comet in a clean unified API.
Packages Collection.
The Perl 5 module AnyEvent::HTTP is an AnyEvent user, you need to
make sure that you use and run a supported event loop. It implements
a simple, stateless and non-blocking HTTP client. It supports GET,
POST and other request methods, cookies and more, all on a very low
level. It can follow redirects supports proxies and automatically
limits the number of connections to the values specified in the
RFC.
Packages Collection.
The Perl 5 module Net::Server::Coro implements multithreaded server
for the Net::Server architecture, using Coro and Coro::Socket to
make all reads and writes non-blocking. Additionally, it supports
non-blocking SSL negotiation.
Upstream changes:
2010-01-20 Dave Cross <dave@dacross.(none)>
* Build.PL: Removed version number so it's picked up from lib/WWW/Shorten.pm
2009-12-19 Dave Cross <dave@dave.org.uk>
* Build.PL, MANIFEST: Bumped version number. Removed shorl files from
MANIFEST.
* MANIFEST, lib/WWW/Shorten/Shorl.pm, t/shorl.t: Removed support for shorl.pm
(now in WWW::Shorten::Shorl distribution).
2009-12-15 yappo <yappo@shibuya.pl>
* lib/WWW/Shorten/Shorl.pm: shorl.com was change the request method ( POST to
GET )
2009-11-21 Dave Cross <dave@angel.mag-sol.com>
* lib/WWW/Shorten/NotLong.pm, lib/WWW/Shorten/OneShortLink.pm, t/notlong.t,
t/oneshort.t: Removed support for NotLong and OneShortLink (separate
distributions to follow soon). Bumper to version 2.06.
2009-09-18 Dave Cross <dave@dave.org.uk>
* Build.PL: Bump to version 2.05 for release.
* lib/WWW/Shorten.pm, t/newnames.t: Finish removing all references to
SnipURL.pm.
2009-09-08 Dave Cross <dave@dave.org.uk>
* MANIFEST: Removed snipurl.t from MANIFEST.
* Build.PL, MANIFEST, lib/WWW/Shorten/SnipURL.pm, t/snipurl.t: Removed
WWW::Shorten::SnipURL (API changed, separate dist will follow). Bumped
version to 2.04.
2009-04-11 Dave Cross <dave@dave.org.uk>
* lib/WWW/Shorten.pm: Start using $DEFAULT_SERVICE variable.
* MANIFEST: Removed files from MANIFEST
* lib/WWW/Shorten.pm: Documenation improvements.
* lib/WWW/Shorten/BabyURL.pm, lib/WWW/Shorten/EkDk.pm,
lib/WWW/Shorten/ShortLink.pm, lib/WWW/Shorten/SmLnk.pm,
lib/WWW/Shorten/URLjr.pm, lib/WWW/Shorten/V3.pm, lib/WWW/Shorten/qURL.pm,
t/babyurl.t, t/ekdk.t, t/qurl.t, t/shortlink.t, t/smlnk.t, t/urljr.t, t/v3.t:
Removed a number of modules that supported services that are no longer
around.
Upstream changes:
0.9932 Mon Apr 19 15:23:55 JST 2010
- Enable Lint middleware by default in the development env
- Lint middleware now validates $app on startup
- Fixed documentations on middleware and handlers
2.9.2:
* Fixed problem where where logged in users can peek at trashed posts belonging to other authors.
* Fixed other issues
2.9.1:
* Fixed problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts
* Fixed other issues
2.9:
User Features
* Trash status for posts, pages, and comments (includes restore and permanent delete)
* Add support for 'include' and 'exclude' to [gallery] (Gallery Shortcode)
* Allow user registration to be enabled by an XMLRPC client
* Add support for sticky posts to the WXR exporter and importer
* 'rel=canonical' for singular pages
* Scroll back to the same location after saving a file in the Plugin and Theme editors
* Correct comments and remove unnecessary echos from the default themes sidebar template file
* Enable the APP (Atom) attachment file download to work correctly
* Support location of category templates based on 'category-slug' as well as 'category-id' (Ticket 10614)
* Support location of tag templates based on 'tag-id' as well as 'tag-slug' (Ticket 10868)
* Support location of page templates based on 'page-slug' and 'page-id'
* Set "Allow my blog to appear in search engines" to checked in installation
* Don't offer to make a category its own parent
* Remove Sphere from search list
* Minify admin CSS
* Show correct max upload filesize error message
* Add 'rel' attribute to next/previous post links
* Make the default and classic themes comment textareas valid XHTML
* Clean up '.button' and '.button[disabled]' CSS classes, add 'spinner' and 'gray-out' buttons after clicking Publish or Update post
* Fix race condition with autosave when clicking Publish immediately after entering post title
* Add Comments for Pages in the WordPress Default theme
* Define '$content_width' for Kubrick
* Better feedback on publishing of future posts and pages
* Display comments in descending date order, consistently
* Add means of automatically repairing tables
* Press This bookmarklet fixes
* Give plugins and themes simple control over the text displayed at the end of an autogenerated Excerpt
* Don't show "Change Permalinks" button when editing the page set as "Front page"
* Image editing
* Retire BunnyTags importer
* Retire Jerome's keywords importer
* Explain that the permalink is temporary for autosave generated permalinks
* Update SimplePie to 1.2
* Eliminate the redundant and confusing comment threading depth of 1
* Easier Embeds with oEmbed support (see Ticket #10337) (oEmbed discovery disabled by default, use plugin to enable it)
* TinyMCE 3.2.7
* Remove rel='tag' on links in Tag Clouds
* Add a title to the Home link output by wp_page_menu()
* Adjust comment moderation keyboard shortcut keys 'd = trash' or delete depending on the screen
* Show "Draft updated" instead of "Post updated" when saving draft
* Show the login form in a popup when autosave hits the login grace period
* Open View/Preview post in a new window from the link in the Saved/Updated message
* Separate fields for 'image alt' and 'image caption' in Media uploader
* Display better information about broken themes when there is no stylesheet
* Improve situation when tables such as wp_options table were 'corrupt' new installation message was offered. Add means of automatically repairing tables
* Export and import custom taxonomies
* Admin copy improvements
* Don't show page templates in the drop down if they are in a subdirectory
* Make codex link open in a new window
* Change 'Remove' link on widgets to 'Delete' because it doesn't just remove it, it deletes the settings for that widget instance.
Development, Themes, Plugins
* Added 'excerpt_more' filter to wp_trim_excerpt() function, which allow developers to change excerpt '[...]' more string (Ticket 10395)
* Add 'smilies_src' filter so plugins can better add smilies
* Canonical redirects for post name queries
* Allow _wp_get_comment_list() to handle custom comment types
* Return an empty array instead of false for get_children() when no children found
* Add some filters so that HTTP requests can be filtered
* Move plugin update notice output to the plugin specific hook
* Limit wp-mail 'blog by email' checks to every 5 minutes
* Make it much easier to filter contact methods from user profiles
* Allow filtering of get_edit_post_link for custom post_type
* 'get_sample_permalink_html' filter
* Enforce activation key to be a string, reject activation keys that are arrays
* Support for new post types
* Respect custom post_type in queries
* Send Retry-After header when in maintenance mode
* Various WP Filesystem related fixes and documentation
* Add constants for ftp connections timeouts
* Increase timeout on cron-based requests when checking for upgrades
* Don't use has_action() before do_action() in http.php
* Speed up jQuery based scripts
* Use the current user as author for autosave
* Show My Posts as default view on the Edit Posts screen for users without 'edit_others_posts' cap
* Ensure that drafts viewed over XMLRPC have a correct gmt date set
* Pass user id to 'get_' the_author_meta filters
* Move _wp_get_user_contactmethods() into the registrations functions file
* Machine parseable db error codes
* Add global JS vars and actions to the media uploader iframe
* Add JSON compat for PHP < 5.2
* Make option_name the primary key for the options table
* Allow a plugin to do a complete takeover of Post by Email
* Logarithmic scale for tag cloud
* Pass Post ID to the 'get_comments_number' filter
* Always filter the url in the media upload form
* Add a 'the_terms' filter
* is_blog_installed() improvements
* Allow force_ssl_admin() to properly accept false as a value
* Pass logged_in cookie to async-upload and filter the cookie scheme in auth_redirect()
* Add more actions around database add/delete/update operations
* phpDoc for wp_"check|set"_post_lock functions
* Use the old strings which are more translator friendly and add a generic default string to aid re-use by plugins adding post_types
* Filter fields through kses upon display and introduce sanitize_user_object() and sanitize_user_field()
* Use null instead of 0 when setting content length
* Include 'hidden' directories in filesystem dirlist by default
* Pass args array to 'wp_list_pages' filter
* Actions for taxonomy updates
* Key should be 'comment_id' not 'post_id' in comments table
* Add get_delete_post_link () to retrieve delete posts link for post
* Add 'separator' parameter to wp_tag_cloud() and wp_generate_tag_cloud() functions (Ticket 10315)
* Added add_comment_meta() family of functions
* Use a post_parent of 0 instead of -1 to indicate unattached posts
* Improve get_page_hierarchy() function
* Deprecate the_content_rss(), add the_content_feed() and get_the_content_feed(). Convert places that called the_content_rss() with an excerpt length to the_excerpt_rss(). Remove the rss_excerpt_length option. Use the_content_feed() where the_content() was previously used in feeds.
* Add 'pad_counts' argument to wp_dropdown_categories()
* Remove codepress
* Remove the php-gettext library
* Canonical post thumbanils
* Add a filter to the_author_posts_link()
* Merge post.js with page.js and slug.js, optimize categories and tags JS, standardize postboxes IDs and JS
* Introduce register_theme_directory() which takes a wp-content-relative path and will additionally scan it for themes. Plugins can use this to add themes without requiring copying by the user
* Add set_user_role action hook
* Allow theme devs to change attrs (like CSS class) of thumbnail images
* Add wp-post-image CSS class to post images
* Allow for plugins to enhance the number of metadata fields captured from plugin and theme headers
* Merge updated pomo code
* Switch to using NOOP_Translations for untranslated sites
* Improve wptexturize performance
* Provide context to the strings in the Plugin and Theme installers to allow for different grammatical gender
* Fixes for theme subdir support
* Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data
* Add 'orderby=comment_count' argument to query_posts()
* Honor Post Type for Sticky Posts
* Allow querying multiple post types
* Introduce add_theme_support(feature) and current_theme_supports(feature) for announcing and checking theme support for various features
* Introduce require_if_theme_supports()
* Add number of Embed related filters
* Add 'IMAGE_EDIT_OVERWRITE' constant to control edited image save or replace, most useful for setups that have dynamic image resizing
* Add load_child_theme_textdomain() to allow child themes to have their own translation files
* Add sidebar descriptions to sidebar settings and widget admin screen
* Make option_id primary. Add uniques for option_name and autoload
* Allow plugins to override the behaviour of load_textdomain() in a variety of flexible ways
* Mark _c() as deprecated. The new _x() function should be used instead.
* Allow plugins to change the redirect on post/page publishing/submitting
* Standardize on 'user_id' instead of 'user_ID' when passing comment data. Accept either 'user_id' or 'user_ID'. Remove 'user_id' global.
* Filter imported comments
* Introducing set_post_image_size(w, h, crop) so themes can register their special size/crop for canonical post images
* Standardize around "post image" instead of "post thumbnail"
* Allow registering post image support per post type
* Return false from is_paged() if on the first page.
* Check MySQL and PHP versions when auto upgrading
* Add required php and mysql versions to version.php
* Hard code required version in update-core.php
PR pkg/42765
Upstream changes:
NEXT Sat Apr 10 23:10:07 CDT 2010
========================================
[FIXED]
Fixed a declaration in the Movable Type example in
WWW::Mechanize::Examples.
Quiet warnings if %ENV has undef values.
$mech->follow_link() no longer dies with an inappropriate error if
the link is not found.
$mech->click_button() now checks to see if a form is selected.
[INCOMPATIBILITIES]
$mech->form_name() and $mech->form_number() no longer throw warnings
if they can't find the form specified. They still return undef,
though.
[DOCUMENTATION]
More additions to the FAQ.
Pkgsrc changes:
- Add more recommended dependencies
- Makefile cleanup
Upstream changes:
0.20 Fri Apr 16 23:05:10 2010
App::Nopaste::Service::Pastie would generate warnings via
Mechanize due to changes in http://pastie.org HTML (avar)
Add App::Nopaste::Service::Codepeek (arcanez)
Upstream changes:
0.9931 Fri Apr 16 23:52:27 PDT 2010
- replace kyoto.jpg test image file with smaller baybridge.jpg to strip down the tarball size
from 2.5MB to 212KB.
Inspired by PR#42892 from Wen Heping (fixes dependency pattern).
=== 2.0.9 ===
March 5, 2010 (revision 964)
- Fixed URL related bug in gdata.calendar.service. You can now edit and delete
against https URLs.
- Removed hard coded Python version from gdata.contacts. Resolves issue 347.
=== 2.0.8 ===
February 26, 2010 (revision 960)
- Added support for resumable uploads with a sample that shows it's use
with Google Docs. Thanks Eric!
- Added the publish element and copy() method to the DocsClient. Thanks Eric!
- Added support for the JSON-C data format recently released for the YouTube
API.
- Fixed import bug when using cryptomath with Python2.4 and lower.
- Modified gdata.gauth to be usable under Python2.3.
- Fixed errors which affect RetrieveAllEmailLists RetrieveEmailLists
RetrieveAllRecipients RetrieveAllNicknames RetrieveNicknames
RetrieveAllUsers in gdata.apps.service. Resolves issue 340 . Thanks
Aprotim!
- Fixed issues with contacts client returning a raw get and not a ContactEntry
and a few auth_tokens are not being passed into the HTTP request. Resolves
issue 332 . Thanks vinces!
- Fixed issue parsing worksheet feed, entry was the wrong type, corrected to
WorksheetEntry. Resolves issue 343. Thanks Igor!
- Fixed typo in gdata.spreadsheets.client (auth_service). Resolves issue 342.
Thanks to Igor once again!
- Fixed bug in Google Apps APIs UpdateSSOSettings.
- The gdata.data.LinkFinder now looks in both the link and feed_link members
for an ACL link. Resolves issue 339.
- Removed client side check on video type in YouTube service. Rely on the
server to provide an error if the format is not supported. Resolves
issue 338.
- Improved documentation for SpreadsheetsService's UpdateRow method to explain
the use case it addresses and recomment alternatives.
- Changed projecthosting to use the host member with relative URLs.
- Added a get_headers function to be used in Python2.2 and 2.3 since
httplib.HTTPResponse does not have getheaders in those versions of Python.
Resolves issue 335.
- Added a client smoke test to check version and auth related class members
which all gdata.x.client's should have.
- Updated the docs service_test.py to run as part of run_all_tests.py.
=== 2.0.7 ===
January 26, 2010 (revision 937)
- Added gdata.calendar_resource.client to support the management of calendar
resources (like conference rooms) for Google Apps domains. Thanks Vic!
- Updated the sites API client to use version 1.1 of the sites API.
- Added support for 2 Legged OAuth to the GDClient and included a sample
app. Thanks Eric!
- Added a revoke_token method to GDClient to invalidate AuthSub or OAuth
tokens.
- Added a get_record method to the Spreadsheets client to fetch a single
record entry.
- Added includeSuspendedUsers parameter to the apps groups API. Thanks Will
Charles!
- Fixed a client login bug present in the Maps API client. Thanks Roman!
- The client_id property in the YouTube service object is now optional.
- Added optional 'feed' parameter to YouTube service's Query classes.
Resolves issue 323.
- Updated tlslite's use of sha1 to use hashlib if using python2.5 or higher.
Resolves issue 290 . Thanks Jay Lee!
- Added a deadline parameter to gdata.alt.appengine to allow the urlfetch
timeout to be modified to as high as 10 seconds.
- Added GetGeneratorFromLinkFinder to GDataService which simplifies pagination
across the entries in a feed. Resolves issue 325 . Thanks Aprotim!
- Removed the default value for the test domain option.
- Moved auth scopes to gdata.gauth from gdata.service.
=== 2.0.6 ===
December 17, 2009 (revision 914)
- updated the Google Analytics Data Export API to v2. Thanks Nick!
- added support for batch operations on contacts and profiles. Thanks Julian!
- added a DocsQuery class for the Documents List v3 API.
- removed now obsolete ACL classes from gdata.docs.data in favor of using
classes in gdata.acl.data. Thanks Eric!
- fixed bug in querying group membership by email. Thanks Will Charles!
- removed import which are not present in Python2.2 from gdata.service to
maintain support for Python2.2.
- added additional debug information to MockHttpClient.
=== 2.0.5 ===
November 24, 2009 (revision 900)
- added new gdata.contacts.client (and data) which uses version 3.0 of the
contacts API. Thanks Vince!
- added new gdata.docs.client which uses version 3.0 of the Documents List
API. Thanks Eric!
- added new v2 modules for the Analytics API (gdata.analytics.client).
Thanks Nick!
- added conditional get using etags on get_entry. Thanks Eric!
- fixed bug in how Calendar redirect headers are handled when using this
library in an App Engine app.
- added new Calendar XML elements to the gdata.calendar module. Thanks
Michael Ballbach!
- added v2 data model classes for finance, notebook, webmastertools, ACLs,
opensearch and youtube.
- fixed issues with contacts.service when editing profiles. Thanks Julian!
- fixed bug in GDClient's get_next method.
- improved usability in Python2.3, though tests do not run the src modules
should be Python2.3 compatible.
=== 2.0.4 ===
October 15, 2009 (revision 864)
- Added support for the project hosting issue tracker API. Thanks Joe LaPenna!
- Added a get-with-retries method to the v1 service for use with the Google Apps
API to automatically retry. Thanks Takashi Matsuo!
- Revised Google Sites client to use text input when creating a page. Thanks Eric!
- Changed demo calendar in the Google Calendar API example. Thanks Trevor!
=== 2.0.3 ===
October 9, 2009 (revision 856)
- Added support for Google Sites Data API. Thanks Eric!
- Added support for Google Contacts profiles. Thanks Julian Toledo and Pedro
Morais!
- Added support for the Spreadsheets v3 API Tables feed and Records feed.
- Added support for the Google Apps Admin Settings API. Thanks Jay Lee!
- New sample which illustrates use of the Blogger v1 API on App Engine using
OAuth. Thanks Wiktor Gworek!
- Added a new MediaSource for use with v2 data model classes. Thanks Eric!
- The v2 client classes can now force all requests to be made over SSL.
Thanks Eric!
- Revised the test config system to allow test settings to be specified as
command line arguments or prompt the user to enter them interactively.
- Fixed UTF encoding issue in unittest on big endian architectures.
- Fixed XML parsing bug in Spreadsheets data class. Thanks ppr.vitaly!
- Fixed bug in webmaster tools service verification method arguments. Thanks
eyepulp!
- Fixed download URL recognition in Document List Data API.
- Some progress made in re-adding support for Python2.3, not sure yet if
full Python2.3 support is completely feasible. Python 2.4-2.6 should work.
=== 2.0.2 ===
August 20, 2009 (revision 823)
- Added support for the Google Maps Data API. Thanks Roman!
- Added data model classes for the v3 Spreadsheets API. This API is not
yet fully supported by the library and the gdata.spreadsheets package
should be considered experimental until the next release. The v1
gdata.spreadsheet package is unchanged and should still work.
- Auth token lookups when running in App Engine are now memcached which
should improve efficiency. Thanks Marc!
- Fixed a bug with the v2 HTTP proxy client. If behind a proxy, the full
URL is now sent as the request selector. Thanks Dody!
- Removed the gdata.client.GDataClient class which had been deprecated.
=== 2.0.1 ===
July 23, 2009 (revision 805)
- Added support for Secure AuthSub, OAuth with HMAC and with RSA to the
v2 auth code.
- Added v2 data model classes for all XML elements in the gd namespace.
- Usability improvements in the gdata.docs.service module, thanks Eric!
- Made the dependency on elementtree only required if you are using
Python 2.4 and lower. Thanks brosner!
- Setting the ssl member in atom.service.AtomService will now override a URL
which starts with http:. Many thanks to Michael Ballbach for the patch.
- Added a proxy HTTP client which will use proxy environment variables to
send all requests through the desired proxy server if present.
- Added user agent string indicating that this is from the gdata python v2
library.
- Removed unneeded title parameter from the Blogger client's add_comment
method.
- Added an all_tests_local script which runs all tests except those which
would make HTTP requests to remote servers.
- Added the birthday element to contacts entry, the reminder element to
calendar events, and the method attribute to calendar's reminder class.
All with great thanks to Marc!
- The analytics GetData method no longer requires the dimensions argument.
Thanks Jim!
=== 2.0.0 ===
June 29, 2009 (revision 777)
- Released support for version 2 of the Google Data APIs protocol. To use the
new version-aware code, use the gdata.client, atom.data, gdata.data
modules and classes that derive from them. For example, use
gdata.blogger.client.BloggerClient instead of
gdata.blogger.service.BloggerService. High level, service specific classes
are not available yet for other services, so feel free to migrate as they
become available. The v1 service classes are still included so your
existing code should be unaffected.
- Included new Blogger samples to illustrate v2 support, a command line demo
and an app for App Engine.
- Added OAuth sample app which uses App Engine.
- Added the gCal:sequence element to CalendarEventEntry (thanks Anton).
- Added two decorators to diaply warnings when deprecated methods are used.
- Added a login utility for command line samples to share to standardize the
auth process on in a sample program.
- Fixed a bug in v2 XML parsing which prevented multiversion XML classes from
correctly parsing and generating v2 code.
- Fixed v1 HTTP Host header settings, not default ports should now be
included in the Host header.
- Fixed pickle error when an OAuth-RSA token is saved to the App Engine
datastore.
- Fixed missing data in the Document List API unit tests.
- Improved backwards compatibility of v2 data model classes be adding aliases
to v1 functions.
=== 1.3.3 ===
June 5, 2009 (revision 724)
- Added support for the Google Finance API. Thanks Swee Heng!
- The Google Data Service classes now support version 1.0a of the OAuth
protocol (Thanks Eric!).
- Fixed a naming bug in unit tests for atom.service which appeared when using
Python 2.6.x
- Fixed URL parameter propogation when calling GDataService.Delete. The URL
parameters are now preserved.
- Fixed incorrect return type for gdata.FeedLinkFromString.
- Added data model classes for the Atom and AtomPub XML elements which support
version 2 of the Google Data APIs (by means of dynamic AtomPub namespace
switching). The version 2 XML classes are much more backwards compatible
with v1 classes than in previous releases.
=== 1.3.2 ===
May 22, 2009 (revision 711)
- Added support for the Google Analytics API. Thanks Sal Uryasev!
- Added support for the Google Book Search API. Thanks James Sams!
- Improved support for 2 legged OAuth and added a sample app. Thanks Eric
Bidelman!
- Simplified the way an XML response from the server is parsed into the
desired class for the version 2.0 API client (gdata.client.GDClient).
=== 1.3.1 ===
April 23, 2009 (revision 695)
- Fixed issues with setting the developer key in the YouTubeService
constructor.
- For the Document List API (thanks Eric!):
- Added writersCanInvite element
- Fixed a small errors in Document Entry
- Added category label when creating different types of docs
- Fixed DownLoad helpers which shouldn't write a file if server returns
error. Fixes issue 240.
- Added DocumentListEntryFromString converter and using DocumentListEntry
class instead of GDataEntry class to create entries.
- URLs in HTTP requests can now be unicode strings. Resolves issue 233.
- Improvements for the upcoming version 2.0.0 release:
- The v2 auth code now support AuthSub and has been tested on App Engine.
- Unit tests for the v2 client code will default to not use the local file
cache but will make live requests unless cached responses is set to
True in the test configuration module.
- Older v1 unit tests can now use the v2 testing framework, migrated
contacts API tests as a proof of concept. This will come in handy when
testing backwards compatibility for the 2.0 release.
- Improved support for unicode and other character encodings in the v2 XML
core module.
=== 1.3.0 ===
Mar 20, 2009 (revision 665)
- Added support for the Google Health API. (Thanks Eric Bidelman!)
- Added support for the groups management in the Google Apps Provisioning
API. (Thanks to Tony Chen and Oskar Casquero!)
- Added the following new features for the Google Documents List API:
(Thanks again to Eric Bidelman for adding all of these!)
- Folder create, move docs/folders in and out of other folders. (Thanks
Nizam Sayeed!)
- Suppport for modifications to Access Control Lists for documents.
- Export functionality for documents, spreadsheets, and presentations.
- Updated the docs_example.py sample app.
- New new XML elements: resourceID, lastViewed, and lastModifiedBy.
- Added ability to update web clip settings in the Google Apps email settigns
API. (Thanks Takashi Matsuo.)
- Fixed a bug in calendarExample that would cause execution to fail when an
event attendee does not have any attendeeStatus data. (Thanks Trevor
Johns!)
- Fixed AuthSub request URLs which should be https. (Yay Eric!)
- Fixed logic when changing email settings when using the Google Apps API to
only send properties which have been specified. (Thanks Jay Lee!)
- Includes a new and experimental client class (gdata.client.GDClient) which
can be used with version two of the Google Data API protocol. This class
may change in backwards incompatible ways before the 2.0.0 release, so
use at your own risk.
Collection.
The Perl 5 module Starlet provides a standalone HTTP/1.0 server.
It is suitable for running HTTP application servers behind a reverse
proxy and supports the following features: prefork and graceful
shutdown using Parallel::Prefork, hot deployment using Server::Starter,
fast HTTP processing using HTTP::Parser::XS .
Pkgsrc changes:
- adjust dependencies
Upstream changes:
0.2001 Tue Apr 13 21:45:15 PDT 2010
- Fixed the way to set the default Delayed loader
0.2000 Tue Apr 13 20:22:24 PDT 2010
- INCOMPATIBLE: starman executable by default loads the application with Delayed to be safer.
Use --preload-app command line option to preload the application in the master process.
See `starman --help` for details.
0.1007 Tue Apr 13 19:45:59 PDT 2010
- Fixed a bug where Content-Length less response are sent in Keep-Alive without chunked,
choking HTTP/1.0 clients (patspam) #6
Version 2.8.2 (2010-04-13)
--------------------------
- Updated TCPDF to version 4.9.011 (#1802)
- Updated TinyMCE to version 3.3.2 (#1711)
- Updated MooTools More to version 1.2.4.4 (#1697)
- Added: added the white Mediabox theme (#1637)
- Added: DC_Table "oncut_callback" and "oncopy_callback" (#1745)
- Added: added the active record to "ondelete_callbacks" (#1721)
- Added: added class "trail" to the custom navigation module (#1691)
- Added: added the wildcard ##token## to the newsletter subscription
module (#1729)
- Added: added the Russian typolinks translation to TinyMCE (#1744)
- Added: the image resizer now considers the file modification time (#1743)
- Added: added ­ as basic entity (#1768)
- Added: added the "mode" parameter to the image insert tag (#1712)
- Added: added a loadDataContainer hook (#1687)
- Added: added an addComment hook (#1669)
- Fixed: special HTML characters were encoded twice (#1642)
- Fixed: the newsletter reader failed to replace insert tags (#1645)
- Fixed: the subtree navigation did not work in the popup file manager (#1653)
- Fixed: the BBCode parser did not add missing URI protocols (#1658)
- Fixed: PDF exports contained incorrect download links (#1654)
- Fixed: the option "always show in sitemap" did not work for hidden
pages (#1679)
- Fixed: the downloads element did not hide meta.txt files (#1688)
- Fixed: the downloads element did not pass all meta information (#1689)
- Fixed: reverted the changes to the navigation menu (#1635)
- Fixed: the function addToUrl() generated invalid URLs in the front end (#1707)
- Fixed: the Config library did not handle numeric strings correctly (#286)
- Fixed: the Mediabox plugin did not support .jpeg file extensions (#1728)
- Fixed: the file manager allowed invalid file and folder names (#1699)
- Fixed: the news and event reader did not overwrite the page
description (#1702)
- Fixed: regular users were not able to copy/move multiple content
elements (#1715)
- Fixed: the PDF export function did not handle whitespace characters
correctly (#1716)
- Fixed: news headlines appeared twice in link headlines (#1749)
- Fixed: the search module did not remove insert tags from the
keywords string (#1750)
- Fixed: the file tree widget did not validate the mounted paths (#1746)
- Fixed: the task center e-mails contained invalid links (#1753)
- Fixed: the option "show protected pages" also showed guest pages (#1694)
- Fixed: the list wizard did not render correctly if the first item
was empty (#1740)
- Fixed: System::idnaEncode() encoded more than just the domain name (#1748)
- Fixed: the Captcha field was missing class="mandatory" (#1767)
- Fixed: the newsletter recipient importer did not count correctly (#1732)
- Fixed: regular users could not edit comments on unmounted pages (#1659)
- Fixed: the ZipReader class failed to handle empty files (#1804)
- Fixed: the Newsletter module did not embed images correctly (#1799)
- Fixed: parameters passed to the file insert tag were cached by the
Input object (#1818)
- Fixed a possible request forgery vulnerability in the back end
- Fixed some minor issues
Collection.
the Perl 5 module Twiggy is a lightweight and fast HTTP server with
unique features such as: PSGI, AnyEvent, fast header parser, and
superdaemon aware.
Collection.
Dancer is a web application framework designed to be as effortless
as possible for the developer, taking care of the boring bits as
easily as possible, yet staying out of your way and letting you get
on with writing your code.
Dancer aims to provide the simplest way for writing web applications,
and offers the flexibility to scale between a very simple lightweight
web service consisting of a few lines of code in a single file, all
the way up to a more complex fully-fledged web application with
session support, templates for views and layouts, etc.
Collection.
Starman is a PSGI perl web server that has unique features such as:
high performance, preforking, signals suport, superdaemon aware,
multiple interfaces and UNIX Domain Socket support, small memory
footprint, PSGI compatible, HTTP/1.1 support, UNIX only.
Pkgsrc changes:
- placate pkglint
Upstream changes:
Version 0.71 -- 1 Apr 2010 <rafl@debian.org> Florian Ragwitz
o Fix some more defined(%hash) warnings on perl 5.12.
Version 0.70 -- 22 Mar 2010 <bobtfish@bobtfish.net> Tomas Doran
o Fix use of defined %hash which becomes deprecated in perl 5.12
Collection.
The Perl 5 module CGI::PSGI is for web application framework
developers who currently uses CGI to handle query parameters, and
would like for the frameworks to comply with the PSGI protocol.
Packages Collection.
The Perl 5 module CGI::Emulate::PSGI allows an application designed
for the CGI environment to run in a PSGI environment, and thus on
any of the backends that PSGI supports.
Collection.
The Perl 5 module CGI::Compile is an utility to compile CGI scripts
into a code reference, like ModPerl::Registry, that can run many
times on its own namespace, as long as the script is ready to run
on a persistent environment.
Collection.
The Perl 5 module Net::FastCGI aims to provide a complete API for
working with the FastCGI protocol. The primary goal is to provide
a function oriented and object oriented API which are not tied to
a specific I/O model or framework. Secondary goal is to provide
higher level tools/API which can be used for debugging and
interoperability testing.
Packages Collection.
The Perl 5 module HTTP::Parser::XS is a fast, primitive HTTP request
parser that can be used either for writing a synchronous HTTP server
or a event-driven server.
Collection.
The Perl 5 module Plack is a set of tools for using PSGI stack. It
contains middleware components, a reference server and utilities
for Web application frameworks. Plack is like Ruby's Rack or Python's
Paste for WSGI.
Collection.
PSGI specifies a standard interface between web servers and Perl
web applications or frameworks, to promote web application portability
and reduce the duplicated efforts by web application framework
developers It is a specification to decouple web server environments
from web application framework code.
For 4.4.0 major new technologies have been introduced, including social
networking and online collaboration features, a new netbook-oriented
interface and infrastructural innovations such as the KAuth authentication
framework. According to KDE's bug-tracking system, 7293 bugs have been
fixed and 1433 new feature requests were implemented.
KDE SC 4.4.1 has a number of improvements:
A performance problem in KMail when sending emails has been fixed
Various fixes in Plasma widgets and other addons, such as the analog clock
and the picture frame
A number of fixes in Konsole, KDE's powerful terminal application
KDE SC 4.4.2 has a number of improvements:
Possible crashes in Plasma, Dolphin and Okular have been fixed
The Microblog applet now shows the correct time in the timeline
The audioplayer KRunner plugin has been fixed to not freeze the KRunner UI
anymore
v0.2.4
+ Prevent completion from overlapping
+ Fix tab order when restoring session
+ Ignore accidentally middle click search
+ Implement bookmark export to XBEL
+ Provide scroll hotkeys, default to Vim
+ Store and complete search in location
+ Fix opening externally with multiple windows
+ Only use icons in panel buttons
+ Fix build with different GTK+ versions
+ Omit micro version and arch from ident string
v0.2.3
+ Improve relocatability for Win32
+ Implement 'Close other tabs' menu item
+ Use new GTK+ accessors where available
+ Allow searching freely in History panel
+ Re-implement completion based on sqlite
+ Re-implement completion suggestion popup
+ Simplify sqlite use towards efficient calls
+ Move panel icons to the bottom
+ Merge Netscape Plugins and Extensions panels
+ Implement 'about:version' special page
+ Implement 'Preferred languages' preference
+ Improve window raising behaviour
+ Allow Ctrl+Right-click to suppress javascript menu
+ Add 'Open link as web app' in context menu
+ Add 'Block image' menu item to Adblock
+ Location progress and compat code refactored
+ Implement 'Paste and proceed' in location
+ Move DNS prefetching into the core
+ Allow selecting and deleting multiple cookies
+ Support attaching/ detaching web inspector
+ Always enable web inspector
+ --diagnostic-dialog command line switch
+ Faster file existence checks
+ Simplified, faster adblock implementation
v0.2.2
+ Turn libnotify into a proper build-time dependency
+ Use Ctrl + Return to open tabs from the location entry
+ Support right-click on bookmark menu items
+ Support -e in midori -a and with multiple commands
+ Make Middle click open selection search if needed
+ Make Ctrl+C work as expected again
+ Fix order of History, Trash and Recently opened pages
+ Revise Shortcuts dialogue to fix oddities
+ Perform Form history completion case insensitive
+ Add 'Web Cache' to Delete Private data dialogue
+ Load accels from /etc/xdg if present
+ Improve XBEL format compatibility and performance
+ Fix inline find by correcting key handling
+ Add option to open panels in separate windows
+ Support Portrait orientation in Fremantle
+ Support Hildon MIME and URI handling
+ Check status before caching in Web Cache
+ Show popup menu on news feed icon if needed
+ Support Colourful Tabs with Tab Panel
+ Tweak sqlite and dbus handling for Win32
+ 'Run as web app' and 'Show in toolbar' for bookmarks
+ Add 'Small icons' toolbar style
+ Fix build with Glib < 2.20 and GTK+ < 2.12
+ Add Import bookmarks for XBEL, Opera and RDF
+ Add Open Link in Foreground/ Background Tab menu
+ Allow closing all tabs
+ Hildon file chooser support
v0.2.1
+ Fix Mouse Gestures to work after activation
+ Explicitly link to X11 to support gold
+ Implement various Hildon specific features
+ Hide the navigationbar in fullscreen
+ Implement permanent storage of form history
+ Support keyboard shortcuts like Ctrl+Tab or "a"
+ Handle SIGHUP, SIGINT, SIGTERM and SIGQUIT
+ Make creation of new windows fast
+ Introduce the Tab History List extension
+ Load icons laziy at startup to speed up startup
+ Introduce a Web Cache extension
+ Refactor and tweak the Preferences dialogue
+ Implement combos to choose external applications
v0.2.0
+ (Kinetic) drag scrolling on touchscreen devices
+ Workaround a speed dial crasher
+ Faster Adblock with element blocking, for all WebKitGTK+ versions
+ Stripped menu, toolbar and tap on hold on Maemo, and 5.0 menu support
+ Add a DNS prefetching extension
+ Better IDN handling
+ Add a form history extension
+ Restore scrolling positions from the session
+ Keep typed address when switching tabs
+ Avoid storing duplicate history items per day
+ Fix multiple duplicate HTTP authentication dialogs
+ Pass mailto: links to the email client
+ Improve context menu with WebKitGTK+ 1.1.15
+ Checkbox "Remember password" in HTTP authentication
+ Fix a crasher when modifying bookmarks
+ Support page icons other than favicon.ico
+ iPhone identity in Network preferences
v0.1.10:
+ Fix freezing when opening multiple windows
+ Revamp Adblock with WebKitGTK+ 1.1.14 API
+ Greatly improve the address completion
+ Always show news feed icon
+ Better handling of feeds in the feed panel
+ Add Gtk+ and WebKit version to the About dialog
+ Improve tab panel and support minimized tabs
+ Implement disabling of extensions in crahs dialog
+ Don't make the web inspector transient
+ Tidy up the Preferences a bit
+ Load default bookmarks and config from /etc
+ Do not use xprop at runtime
+ Use GNOME proxy server if libsoup-gnome is installed
+ Integrate Save As with transfers
+ Save HTTP logins in a text file
+ Support Undo and Redo with WebKitGTK+ 1.1.14
This is a security and bugfix release of MediaWiki 1.15.3 and MediaWiki
1.16.0beta2.
MediaWiki was found to be vulnerable to login CSRF. An attacker who
controls a user account on the target wiki can force the victim to log
in as the attacker, via a script on an external website. If the wiki is
configured to allow user scripts, say with "$wgAllowUserJs = true" in
LocalSettings.php, then the attacker can proceed to mount a
phishing-style attack against the victim to obtain their password.
Even without user scripting, this attack is a potential nuisance, and so
all public wikis should be upgraded if possible.
Our fix includes a breaking change to the API login action. Any clients
using it will need to be updated. We apologise for making such a
disruptive change in a minor release, but we feel that security is
paramount.
For more details see https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
* websetup: Add websetup_unsafe to allow marking other settings
as unsafe.
* Improve openid url munging; do not display anchors and cgi parameters,
as used by yahoo and google urls.
* Add complete German basewiki and directives translation done by
Sebastian Kuhnert.
* Add a include setting, which can be used to make ikiwiki process
wiki source files, such as .htaccess, that would normally be skipped
for security or other reasons. Closes: #447267
(Thanks to Aaron Wilson for the original patch.)
* Add support for setup files written in YAML.
* Add --set-yaml switch for setting more complex config file options.
* filecheck: Fix bugs that prevented the pagespecs from matching when
not called by attachment plugin.
* Fix incorrect influence info returned by a failing link() pagespec,
that could lead to bad dependency handling in certian situations.
* Add preprocessed 'use lib' line to ikiwiki-transition and ikiwiki-calendar
if necessary for unusual install.
* auto-blog.setup: Set tagbase by default, since most bloggers will want it.
* Allow wrappers to be built using tcc. (Workaround #452876)
* openid: Use Openid Simple Registration or OpenID Attribute Exchange
to get the user's email address and username. (Neither is yet
used, but they are available in the session object now.)
* page.tmpl: Add Cache-Control must-revalidate to ensure that users
(especially of Firefox) see fresh page content.
* htmlscrubber: Allow colons in urls after '?'
* template: Search for templates in the templatedir, if they are not
found as pages in the wiki.
Leaf package, updating during the freeze for bugfixes.
* Security fixes (MFSA 2010-16 through MFSA 2010-24)
* Fixes for a number of non-security-relevant crashes, increasing the
stability of the whole platform and the Mail & Newsgroups part of SeaMonkey
* ChatZilla localization packs work again (Bug 540842)
* FTP file upload was fixed (Bug 467524)
* The internal help content was updated some more
The 3.1.1 is the first release of the Squid-3.1 series which has passed
the maintainer's criteria for use in production environments.
3.1.1 brings many new features and upgrades to the basic networking
protocols. A short list of the major new features is:
* Connection Pinning (for NTLM Auth Passthrough)
* Native IPv6
* Quality of Service (QoS) Flow support
* Native Memory Cache
* SSL Bump (for HTTPS Filtering and Adaptation)
* TProxy v4.1+ support
* eCAP Adaptation Module support
* Error Page Localization
* Follow X-Forwarded-For support
* X-Forwarded-For options extended (truncate, delete, transparent)
* Peer-Name ACL
* Reply headers to external ACL.
* ICAP and eCAP Logging
* ICAP Service Sets and Chains
* ICY (SHOUTcast) streaming protocol support
* HTTP/1.1 support on connections to web servers and peers.
(with plans to make this full support within the 3.1 series)
Approved by Thomas Klausner.
Add full lists of dirs to INSTALLATION_DIRS and patch away directory
creation from Makefile fragments.
Use dansgrdn:dansgrdn for user:group instead of nobody:nobody
Bump PKGREVISION
security fix for CVE-2009-1382 and CVE-2009-2459.
While here, set LICENSE=gnu-gpl-v3.
It is hard to explain detailed changes with plain text, please refer following:
http://www.forkosh.com/mimetexchangelog.html
Trac-0.11.7.ja1 (Mar 11, 2010)
* Merge Trac-0.11.7
* Fix typos
- trac/wiki/default-pages/InterTrac
Trac 0.11.7 (March 10, 2010)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.7
Trac 0.11.7 is nearly identical to 0.11.7rc1 except for a few more fixes:
- avoid an infinite loop when using an AtomicFile in a read-only
directory (#9081)
- don't report client disconnects during writes as internal errors (#9103)
- don't reuse a closed cursor, which could happen in one specific case
for the pysqlite backend (#9104)
Trac 0.11.7rc1 (February 23, 2010)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.7rc1
Security fixes:
- Fixed a ticket validation issue that would allow unauthorized users to modify the status and resolution of a ticket (#8884)
Performance improvements:
- Trac wiki had some trouble handling very long unicode words (#9025) [[comment(intentionally kept vague, we don't want to advertize a DOS, do we?)]]
- Full text search was very slow if lots of custom fields were used (#8935)
Bug fixes:
- Fixed a race condition that could lead to the destruction of the trac.ini file (#8623)
- Fixed creation of new milestone which could have been a rename if performed after a name clash has been detected (#8816)
- Fixed display of value 0 in report cells (#7512)
<http://redmine.lighttpd.net/issues/2157>. Without this patch,
lighttpd 1.4.26 will fail to start if built with the pkgsrc OpenSSL
and configured to serve HTTPS. Bump PKGREVISION.
Also add patch for PR pkg/42988 crash, effectively disabling all
sound support until we decide on what sound API to use.
The current dlopen() guesswork is bad, mkay.
Bump PKGREVISION for this and previous changes.
New Features and Fixes:
Security fixes
END OF LIFE for SeaMonkey 1.x comes with this version, which does NOT fix all
issues. Only SeaMonkey 2.0 fixes all known issues, we strongly encourage all our
users to switch to that new release series.
Rough Changelog for SeaMonkey 1.1.19:
504523 Thunderbird 2 needs NSS 3.12.3.1
512187 1.1.18 candidate fails to connect with SSL/TLS secured sites, PSM fails to initialize
512085 tracking bug for build and release of SeaMonkey 1.1.18
523984 Old (1.9.0/1.8.1) Default Plugin.plugin Makefile uses non-portable "echo -n"
376192 Thunderbird crashes immediately upon accessing IMAP server (duplicate entries in .mailboxlist) [@ nsImapServerResponseParser::mailbox] - imap protocol log "Internal Syntax Error
494706 [1.8 branch only] Thunderbird creates 4 GB Trash file out of less than 200 kB of deleted mail (If data write to file for "target folder of mail move/copy" is temporary interfered by other software, Tb 2 generates file of file_size=4GB-1)
387502 Mailboxes are allowed to grow larger than 4gb in size
535193 DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth
363455 Enhance PSM's SSL handling on blocking sockets
389087 nsILocalFileUnix affected by 32bit stat/statvfs/truncate, therefore does not work with large files
495098 Crash when using single XMLHttpRequest object for two simultaneous requests; test case included [@ nsXMLHttpRequest::StreamReaderFunc ]
537307 Update SeaMonkey's copyright strings to 2010
440982 To avoid calling JS at unsafe times from JS_GC, jsds_ScriptHookProc should not get the script hook unless it needs to and it is safe to call
305168 Too many recipients when copy/paste address line or sending from MS Access (increase max to 2000)
511521 downloading file with RTL override (RLO) presents conflicting filenames
344818 Linking - missing library deps
505305 Probably Exploitable - Read Access Violation on Block Data Move starting at MSVCR80D!memcpy+0x000000000000005a
440236 crash after connection lost [@ nsMsgDatabase::GetTableCreateIfMissing(char const*, char const*, nsIMdbTable**, unsigned int&, unsigned int&)], in v2 [@ nsMsgDatabase::GetTableCreateIfMissing]
483437 PSM doesn't properly escape AVA Values in Cert Viewer Details tab
483440 PSM doesn't detect invalid OID encodings in Cert Viewer Details tab
284876 Trunk TB10 crash while sending mail [@ nsMsgLocalMailFolder::WriteStartOfNewMessage() ]
516862 Array indexing error in js/src/dtoa.c's Balloc() leads to floating point memory vulnerability (SA36711)
506871 TreeColumns Dangling Pointer Vulnerability (ZDI-CAN-536)
519839 SVG fails to render correctly
* New modular group and dict data access, you can use group and dict
backend modules to access group and dict data stored anywhere you like.
* Improved Xapian indexing / search
* Improved drawing support
* Themes / static files related
* Syntax highlighting is based on the pygments library now
* Authentication improvements
* Sessions / cookies improvements
* Macros fuctions improved
* More Actions added/improved
* Improved logging / debugging / developer support
* GUI editor: improved attachment dialog
* "moin ... account homepage" script to create user homepages
A bunch of bugfixes!
For the full Changelog, see: http://moinmo.in/MoinMoinRelease1.9
ok'ed during the freeze by agc@
photo collections. Unlike Gallery 2, Gallery 1 does not need a database
backend. It provides users with the ability to create and maintain their
own albums via an intuitive web interface. Photo management includes
automatic thumbnail creation, image resizing, rotation, ordering,
captioning, searching and more.
provides users with the ability to create and maintain their own albums
via an intuitive web interface. Photo management includes automatic
thumbnail creation, image resizing, rotation, ordering, captioning,
searching and more. Albums can have read, write and caption permissions
per individual authenticated user for an additional level of privacy.
.2 is not formally released yet, but is release tagged in the scm and I
want to get this update in before we freeze the tree.
"Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform,
which has been under development since early 2009 and contains many
improvements for web developers, add-on developers, and users."
- Improved JavaScript performance, overall browser responsiveness,
and startup time.
- The ability for web developers to indicate that scripts should run
asynchronously to speed up page load times.
- Continued support for downloadable web fonts using the new WOFF font format.
- Support for new CSS attributes such as gradients, background sizing,
and pointer events.
- Support for new DOM and HTML5 specifications including the Drag & Drop API
and the File API, which allow for more interactive web pages.
0.9.6
* Support for PHP 5.3.
* The encoder is removed
* The user cache functions are removed
* The session handler is removed
* The minimal PHP version supported is now 5.1
* Some internal refactoring to clean up the code
* Fixed some bugs (and probably added some)
Changes to squid-3.0.STABLE25 (14 Mar 2010):
- Bug 2845: Rework the http digest auth parser
- Bug 2787: unknown/unexpected status code messages
- Bug 2507: squid_ldap_group: Strip Domain name separated by +
- Bug 2367: stale=true on digest requests with unknown nonce
- ... and several other minor corrections
pkgsrc changes:
- Add license definition
Upstream changes:
1.31 February 24, 2010
* Modify need_cgi so that it looks for cgi.c instead of cgi. This is a
fix for the case insensitive filesystem correction listed below.
[Phillipe M. Chiasson]
* t/next_available_port.t doesn't need mod_cgid, use need_cgi instead of
need_module('mod_cgi.c') [Philippe M. Chiasson]
* PR: 21554 Load mod_apreq2.so if it is available
[Derek Price, <derek@ximbiot.com>]
* Add conditional to ignore IfVersion directive if mod_version is not
built. [Adam Prime <adam.prime@utoronto.ca>,
Fred Moyer <phred@apache.org>]
* PR: 41239 t/TEST -ping does not return a valid return code to the
calling shell [ozw1z5rd <alessio.palma@staff.dada.net>]
* Prevent infinite loop when no default apxs or httpd is present and
repeated attempts to run the test suite under an automated harness
(such as a cpan smoke test). Issue reported by CORION and ANDK,
PR: 12911 [Fred Moyer <phred@apache.org>]
* Use need_module('mod_cgi.c') and need_module('mod_cgid.c') in
t/next_available_port.t instead of need_cgi. On case insensitive file
systems such as OS X, need_cgi will fulfill the requirement with
cgi.pm, when mod_cgi.c is the desired requirement.
[Fred Moyer <phred@apache.org>]
* Fix overridden get_basic_credentials test when using NTLM
authentication [Rick Frankel <cpan@rickster.com>]
* Work around a bug introduced in libwww-perl in version 5.820 for
httpd's credentials [Gunnar Wolf <gwolf@gwolf.org>, Niko Tyni <ntyni@debian.org>]
* Make Apache::TestConfig::untaint_path tolerate undefined arguments
[Torsten Foertsch <torsten.foertsch@gmx.net]
* Inherit LoadFile directives from the global httpd.conf
[Torsten Foertsch <torsten.foertsch@gmx.net]
* Don't overwrite php.ini if it already exists PR: 32994
[MAHEX <MAHEX@cpan.org>]
pkgsrc changes:
- Adjust license definition
Upstream changes:
v0.40 (released 2010/01/27):
* bug fixes
- Fixed RT #47500 (http://rt.cpan.org/Public/Bug/Display.html?id=47500),
HTTP::DAV::Comms->credentials() method erroneously autovivified
basic authentication internal values, causing wrong or undefined
credentials to be sent out, or credentials to be "forgot" by HTTP::DAV.
Thanks to stoian.iovchev at imperia.bg and Glenn Fowler for their
feedback on this.
v0.39 (released 2009/12/12):
* bug fixes
- Fixed RT #52665 (http://rt.cpan.org/Public/Bug/Display.html?id=52665),
Using dave or propfind() on URLs containing escaped chars (%xx) could fail,
due to upper/lower case differences. Thanks to cebjyre for the patch
and the test case.
Upstream changes:
0.33 2010-03-10 20:08:00
- The "render()" method now throws a warning on exception before
returning the exception. To silence the warning, pass 'render_die =>
0' to the constructor. Better yet, pass 'render_die => 1' to make it
die instead of returning the excption. This will be the default in a
future release when unspecified. The Helper will generate new views
with render_die => 1.
2010-03-14 Gisle Aas <gisle@ActiveState.com>
Release 1.53
Ville Skyttä (6):
Remove unneeded execute permissions.
Add $uri->secure() method.
Documentation and comment spelling fixes.
Fix heuristics when COUNTRY is set to "gb".
Use HTTP_ACCEPT_LANGUAGE, LC_ALL, and LANG in country heuristics.
POD linking improvements.
Michael G. Schwern (2):
Rewrite the URI::Escape tests with Test::More
Update URI::Escape for RFC 3986
Gisle Aas (1):
Bump MIN_PERL_VERSION to 5.6.1 [RT#54078]
Salvatore Bonaccorso (1):
Suppress wide caracters warnings in iri.t [RT#53737]
As per PR/42962 provided by Ivan "Rambius" Ivanov.
While here, update MASTER_SITES
Changes since 0.16.2:
Changes in release sitecopy 0.16.6, 16 July 2008
* DAV: Fix crash with progress bar enabled with neon 0.27/0.28.
Changes in release sitecopy 0.16.5, 16 July 2008
* DAV: Fix SSL cert caching to avoid repeated prompts.
* Update to neon 0.28.3 and support neon 0.24.x through 0.28.x.
Changes in release sitecopy 0.16.3, 12 March 2006
* DAV: Add PKCS#12 client cert support; "client-cert /path/to/cert.p12"
* Update to neon 0.26.0 (0.24.x and 0.25.x still supported).
Changes since 0.4.14:
0.4.18 Fri Mar 12 23:39:59 PST 2010
- Fixed Canvas.pm to correctly select MD5-hex value. (Andrey Ilyin)++
- Updated Canvas.pm docs to specify cookie method needed
- Updated copyright information
0.4.17 Thu Nov 26 09:48:03 PST 2009
- Updated Stream.publish to automatically call encode action_links
to JSON. (Larry Mak)++
- Fixed upload method in Video along with docs (Anthony Bouvier)++
- Updated server call in API.pm to allow a filename to be passed in
from the upload methods under Video and Photo. (Anthony Bouvier)++
- Didn't include Canvas testing b/c it looks like the code changes
back in August broke the mocking. (It's on the TODO list)
- Added format testing for Video.upload
0.4.16 Mon Aug 24 18:43:12 PDT 2009
Added Exception submodule for handling exceptions (Kevin Riggle)++
0.4.15 Fri Aug 21 22:26:44 PDT 2009
Updated POD and formatting (for Perl::Critic) (gregor herrmann)++
Added new namespaces that are now a part of Facebook API along with
basic tests
Added documentation for all namespaces in API.pm
Deleted deprecated namespaces and methods
Added begin and end methods to start and finish permissions mode in
Permissions.pm
Changed formatting and removed versioning information. Versioning
information is no longer specific to each submodule, but to the
distribution
* Fix utf8 issues in calls to md5_hex.
* moderatedcomments: Added moderate_pagespec that can be used
to control which users or comment locations are moderated.
This can be used, just for example, to moderate "user(http://myopenid.com/*)"
if you're getting a lot of spammers from one particular openid
provider (who should perhaps answer your emails about them),
while not moderating other users.
* moderatedcomments: The moderate_users setting is deprecated. Instead,
set moderate_pagespec to "!admin()" or "user(*)".
* Fix missing span on recentchanges page template.
* search: Avoid '$' in the wikiname appearing unescaped on omega's
query template, where it might crash omega.
* htmlscrubber: Security fix: In data:image/* uris, only allow a few
whitelisted image types. No svg.
* Change ne_sock_close() to no longer wait for SSL closure alert:
o fixes possible hang with IIS servers when closing SSL connection
o this reverts the behaviour with OpenSSL to match 0.28.x,
and changes the behaviour with GnuTLS to match that with
OpenSSL
* Fix memory leak with GnuTLS
* API clarification in ne_sock_close():
o SSL closure handling now documented
o return value semantics fixed to describe the implementation
Changes in release neon 0.29.2, 30 December 2009 (PGP signature)
* Fix spurious 'certificate verify failed' errors with OpenSSL (Tom C)
* Fix unnecessary re-authentication with SSPI (Danil Shopyrin)
o Note that this change was previously listed in the 0.29.1 changes, however the patch had not been merged.
Changes in release neon 0.29.1, 15 December 2009 (PGP signature)
* Fixes for (Unix) NTLM implementation:
o fix handling of session timeout (Kai Sommerfeld)
o fix possible crash (basic@mozdev.org)
* Build fixes for Win32:
o fix use of socklen_t with recent SDKs (Stefan Kung)
o fix USE_GETADDRINFO on Win2K (Kai Sommerfeld)
* Fix build with versions of GnuTLS older than 2.8.0.
pkgsrc changes:
- Adjust dependencies
- Adjust license definition
- Add module type
Upstream changes:
0.023 20 Feb 2010
* support for Field->description. Patch from Adam Mackler.
0.022 17 Feb 2010
* no changes but version bump to accomodate CPAN. Apparently I was too aggressive in
cleaning up old files and deleted 0.021...
0.021 03 Feb 2010
* add missing META.yml
* change base URLs for ExtJS and Livegrid to point at non-MSI URLs and remove
warning about "get your own"
0.020 1 Dec 2009
* add missing dep on Template::Plugin::Autoformat to Makefile
* fix dbic test to make sort order explicit with table prefix
* allow for cxc-* params to be set in livegrid.js and default there.
Security fixes:
* Fixed a ticket validation issue that would allow unauthorized
users to modify the status and resolution of a ticket (#8884)
Performance improvements:
* Trac wiki had some trouble handling very long unicode words
(#9025)
* Full text search was very slow if lots of custom fields were
used (#8935)
Bug fixes:
* Fixed a race condition that could lead to the destruction of the
trac.ini file (#8623)
* Fixed creation of new milestone which could have been a rename
if performed after a name clash has been detected (#8816)
* Fixed display of value 0 in report cells (#7512)
pkgsrc changes:
- Adjust dependencies
- Add license definition
Upstream changes:
0.07 17 Feb 2010
* fix bug in get_template_filename with extra dot on .tt
* add debugging
* switch to MRO::Compat from Class::C3
pkgsrc changes:
- Adjust license definition
- Adjust dependencies
Upstream changes:
0.52 Mon Mar 8 01:25 GMT 2010
- Move actions out of the test applications to avoid deprecation warnings.
- POD corrections by jhannah
- Bump version dependency of Test::WWW::Mechanize to 1.54 to fix RT#44555
- Wrap checks for the appropriate plugins to skip tests inside a BEGIN
block so that they are run before the app tries to be loaded at compile
time, fixing RT#47037
0.1083.
Upstream changes:
0.1083 2010-03-03
Tweaking exception message to better explain what people did wrong when
they pass bad columns to authenticate.
Upstream changes:
Mon 8 Feb 2010 22:17:12 GMT - Release 0.83
Make it possible to deserialize a request with a DELETE method. This probably
breaks 'strict' REST guidelines, but is useful for being able to delete multiple
resources from a single call by providing a batch delete method.
Remove JSONP from the list of default serializers (RT#54336)
Fix MANIFEST (RT#54408)
Thu 4 Feb 2010 22:31:57 GMT - Release 0.82
Integrated Catalyst::Request::REST::ForBrowsers as
Catalyst::TraitFor::Request::ForBrowsers. (Dave Rolsky)
Clarified docs so that they encourage the use of the request traits, rather
than using Catalyst::Request::REST. (Dave Rolsky)
When Catalyst::Action::REST or Controller::REST automatically add the trait,
your request class will no longer end up getting set to
Catalyst::Request::REST. Instead, creates an anon class with the appropriate
role. (Dave Rolsky)
Shut up log output from the tests. (Dave Rolsky)
Added a $VERSION to every module, mostly to make sure that when people
install Catalyst::Request::REST::ForBrowsers, they get the version in this
distro. (Dave Rolsky)
Change Catalyst::Action::Serialize, Catalyst::Action::Deserialize and
Catalyst::Action::SerializeBase to be more Moose like.
Fix JSON and JSON::XS to encode_blessed. (fREW)
Fix Catalyst::Action::Serialize to use objects instead of classes. (fREW)
Fix doc nits. (RT#53780)
Upstream changes:
1.27 2010-02-23 10:44:20
- Add the catalyst_par_options option.
- Change the version of Catalyst required to 5.80015 as retarded
packaging systems consider 5.8001402 greater than 5.80015.
Upstream changes:
5.8004 17 Feb 2010
- Tutorial:
- Add foreign key support for SQLite
(huge thanks to Caelum for that and other good edits!)
- Add "Quick Start" to Intro (Chapter 1)
- Switch to use of "-r" to auto-restart the dev svr
- Update for latest available Debian package versions
- Switch to individual files for example code vs. tarballs
- Switch to 'done_testing' and shorter 'prove' args for testing chapter
- Misc typo fixes
- Other:
- Minor Cookbook edits
pkgsrc changes:
- Adjust dependencies
Upstream changes:
0.28 Wed Mar 10 11:19:35 JST 2010
- No code changes. Fixed packaging, added YAML dep for testing
0.27 Tue Feb 23 18:09:02 PST 2010
- Added repository info to META.yml to satisfy people
pkgsrc changes:
- Adjust module type
Upstream changes:
0.08 9 Febuary 2010
- Correctly built distribution. MANIFEST.SKIP fixed to avoid the issue
in future.
0.07 9 Febuary 2010
- Catalyst::Runtime is a runtime dependency. RT#48842
pkgsrc changes:
- Adjust dependencies (>=0 -> -[0-9]*)
Upstream changes:
5.80021 2010-03-03 23:02:01
Bug fixed:
- $c->uri_for will now escape unsafe characterss in captures
($c->request->captures) and correctly encode utf8 charracters.
5.80020 2010-02-04 06:51:18
New features:
- Allow components to specify additional components to be set up by
overriding the expand_modules method. (Oliver Charles)
Two security issues were discovered:
A CSS validation issue was discovered which allows editors to display
external images in wiki pages. This is a privacy concern on public
wikis, since a malicious user may link to an image on a server they
control, which would allow that attacker to gather IP addresses and
other information from users of the public wiki. All sites running
publicly-editable MediaWiki installations are advised to upgrade. All
versions of MediaWiki (prior to this one) are affected.
A data leakage vulnerability was discovered in thumb.php which affects
wikis which restrict access to private files using img_auth.php, or
some similar scheme. All versions of MediaWiki since 1.5 are affected.
Deleting thumb.php is a suitable workaround for private wikis which do
not use $wgThumbnailScriptPath or $wgLocalRepo['thumbScriptUrl'].
Alternatively, you can upgrade to MediaWiki 1.15.2 or backport the
patch below to whatever version of MediaWiki you are using.
For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.
Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).
Changes with Apache 2.2.15
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
by rejecting any client-initiated renegotiations. Forcibly disable
keepalive for the connection if there is any buffered data readable. Any
configuration which requires renegotiation for per-directory/location
access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
*) SECURITY: CVE-2010-0408 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
*) SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
- Support all ciphers and digests typically used in client certificates
- Fix caching of FastCGI reponses with large stderr output
- Support HTTPS referrers
- Fix $date_local variable with "%s" format
- Fix client certificate verification error with ssl_session_cache=none
- Fix matching error with geo ranges
- Fix SSI issue with stub parameter
- Fix $r->sleep
- fix a race condition in the worker spawning code
- minor fixes for the spooler code
- backport of UWSGI_SCHEME for better HTTPS support
- improvements for graceful reloading code
== 1.2.7 No Hup
* Support multiple Ruby version (fat binaries under windows)
* Do not trap unsupported HUP signal on Windows
== 1.2.6 Crazy Delicious
* Make work with Rails 3 out-of-the-box.
* Auto-detect and load config.ru files on start. Makes Rails 3 work.
* Fix signals being ignored under 1.9 when daemonized.
== 1.2.5 This Is Not A Web Server
* Add rolling restart support (--onebyone option) [sikachu]
* Force external_encoding of request's body to ASCII_8BIT [jeremyz]
* Ensure Rack base API is used in Rails adapter only if version >= 2.3.2
[#111 state:resolved]
== 1.2.4 Flaming Astroboy
* Fix a few issues in thin to make it a better "gem citizen" [josh]
* Fix test for rack based Rails in adapter under Ruby >= 1.8.7
[#109 state:resolved]
* Fix Remote address spoofing vulnerability in Connection#remote_address
[Alexey Borzenkov]
* Fix uninitialized constant ActionController::Dispatcher error with
Rails 1.2.3 [Chris Anderton] [#103 state:resolved]
== 1.2.2 I Find Your Lack of Sauce Disturbing release
* Fix force kill under 1.9 [Alexey Chebotar]
* Fix regression when --only option is used w/ --socket.
* Add process name 'tag' functionality. Easier to distinguish thin daemons
from eachother in process listing [ctcherry]
== 1.2.1 Asynctilicious Ultra Supreme release
* Require Rack 1.0.0
* Require EventMachine 0.12.6
* Use Rails Rack based dispatcher when available
* Allow String for response body
* Require openssl before eventmachine to prevent crash in 1.9
== 1.2.0 Asynctilicious Supreme release
* Add support for Windows mingw Ruby distro [Juan C. Rodriguez]
* Add async response support, see example/async_*.ru [raggi]
== 1.1.1 Super Disco Power Plus release
* Fix bug when running with only options [hasimo]
== 1.1.0 Super Disco Power release
* Require EventMachine 0.12.4
* Remove Thin handler, now part of Rack 0.9.1
* Fix Rack protocol version to 0.1 in environment hash.
* Fix error when passing no_epoll option to a cluster.
* Omit parsing #defined strings [Jeremy Zurcher]
* Defaults SERVER_NAME to localhost like webrick does [#87 state:resolved]
* Namespace parser to prevent error when mongrel is required [cliffmoon]
* Set RACK_ENV based on environment option when loading rackup file
[Curtis Summers] [#83 state:resolved]
* Fixes a warning RE relative_url_root when using a prefix with Rails
2.1.1 [seriph] [#85 state:resolved]
* --only can work as a sequence number (if < 80) or a port number
(if >= 80) [jmay] [#81 state:resolved]
== 1.0.0 That's What She Said release
* Fixed vlad.rake to allow TCP or socket [hellekin]
* Updated Mack adapter to handle both <0.8.0 and >0.8.0 [Mark Bates]
* rails rack adapter uses File.readable_real? so it recognizes ACL
permissions [Ricardo Chimal]
* Log a warning if Rack application returns nil body [Michael S. Klishin]
* Handle nil and Time header values correctly [#76 state:resolved] [tmm1]
* Add Content-Length header to response automatically when possible
[#74 state:resolved] [dkubb]
* Runner now remembers -r, -D and -V parameters so that clustered servers
inherit those and 'restart' keep your parameters.
* Make Set-Cookie header, in Rails adapter, compatible with current Rack
spec [Pedro Belo] [#73, state:resolved]
* Add --no-epoll option to disable epoll usage on Linux
[#61 state:resolved]
* Add --force (-f) option to force stopping of a daemonized server
[#72 state:resolved]
* Update halycon adapter loader [mtodd]
== 0.8.2 Double Margarita release
* Require EventMachine 0.12.0
* [bug] Fix timeout handling when running command
* [bug] Fix hanging when restarting and no process is running in single
server move, fixes#67
* Added Mack adapter [markbates]
* Allow rackup .rb files by getting a conventionally named constant as
the app [bmizerany]
2.0.6:
- Fix off-by-one error in ESI handling
- Bug fixes related to session lingering
- Backend probes should now work correctly with more servers
- Portability fixes
- Make it possible to specify the per-thread stack size, useful for 32 bit
systems
2.0.5:
- Performance improvements, particularly on Linux.
- Implement support for HTTP continuation lines
- Handle illegal responses from the backend better by serving a 503 page
rather than panic-ing
- Add backtrace to assertion errors. This requires Varnish to be installed
unstripped
- Consume less memory when processing ESI
- Better standards compliance with If-None-Match support and emitting more
headers on 304 responses
- Add a FetchError? log tag which makes it easier to understand why a
backend fetch failed.
pkgsrc changes:
- Proper EGDIR/SYSCONFDIR support.
- Default user, directory, ownership and permissions support.
- Rudimentary fix for gcc vs. sunpro on Solaris, as used by varnish
to compile config files.
because the git package doesn't need that. Depend on scmgit-base
instead of scmgit because I can't see how this requires the man pages
to be installed.
Drop dependency on apache because this ought to work with other
web servers.
Take maintainership, but only because it's not maintained.
Drupal 6.16, 2010-03-03
----------------------
- Fixed security issues (Installation cross site scripting, Open redirection,
Locale module cross site scripting, Blocked user session regeneration),
see SA-CORE-2010-001.
- Better support for updated jQuery versions.
- Reduced resource usage of update.module.
- Fixed several issues relating to support of install profiles and
distributions.
- Added a locking framework to avoid data corruption on long operations.
- Fixed a variety of other bugs.
* comments: Display number of comments in comment action link.
* Rebuild wikis on upgrade to this version to get the comment counts
added to existing pages.
* Loosen regexp, to allow empty quoted parameters in directives.
* Add force_overwrite setting to make setup automator overwrite existing
files/directories.
* Fix admin openid detection in setup automator, and avoid prompting
for a password.
* Add new --clean option; this makes ikiwiki remove all built
files in the destdir, as well as wrappers and the .ikiwiki directory.
pkgsrc chage: switch to user-destdir.
2.8.1 (2010-02-28)
* Added: different update modes for overriding multiple group memberships
* Fixed: the install tool does not handle equals sings in passwords (#1338)
* Fixed: articles drop-down menu in news/events is causing a fatal error (#1593)
* Fixed: several issues in the Comments class (BBCode parser)
* Fixed: image link elements do not support the new image resize options (#1585)
* Fixed: table sort script interchanges the classes even and odd (#1589)
* Fixed: inconsistent file tree behavior (#1582)
* Fixed: Date class not supporting negative Unix timestamps (#1591)
* Fixed: apply file permissions to image thumbnails when the Safe Mode
Hack is used (#1398)
* Fixed: several issues with the new calendar/event list navigation (#1584)
* Fixed: Widget class not validating the maximum input length (#1578)
* Fixed: relative URLs in RSS feeds are not converted to absolute URLs (#1596)
* Fixed: the toggleVisibilty() methods do not support save_callbacks
and versioning
* Fixed: access control for comments is missing in the new comments module
* Fixed: no active record available in onsubmit_callbacks in
"override multiple" mode
* Fixed: Swiff does not check whether the Flash plugins is available (#1601)
* Fixed: navigation module start/stop levels fail if there is a reference
page (#1607)
* Fixed: the style sheet module does not show an error if a file is not
writeable (#1598)
* Fixed: FancyUpload does not work in the popup file manager (#1608)
* Fixed: wrong thumbnail size if only height and maximum front end width
are given
* Fixed: file manager does not urlencode filenames (#1616)
* Fixed: not all elements and modules pass the data array to the view (#1604)
* Fixed some minor issues
Lua support for libcurl.
Connect and communicate to many different types of servers with many
different types of protocols.
This project is not a fork of LuaCURL, which is a direct mapping of
parts of the libcurl-easy interface.
The intent of Lua-cURL is to adapt the
* Easy Interface
* Multi Interface
* Shared Interface
of libcurl to the functionality of Lua (for example by using iterators
instead of callbacks when possible).
pkgsrc changes:
- Adjust dependencies
Upstream changes:
0.19 Sun Feb 21 15:39:27 2009
Remove rafb.net support since it's been shut down
- See also http://rafb.net/paste/
pkgsrc changes:
- Add license definition
Upstream changes:
1.34 - January 7, 2009
Remove quadratic memory allocation during multipart_buffer reads
[joes]
have fill_buffer() completely fill the multipart_buffer. This
bug is tickled by the FireFox 2.0 when doing ssl uploads:
https://bugzilla.mozilla.org/show_bug.cgi?id=356470https://bugzilla.mozilla.org/show_bug.cgi?id=369414
move the mod_perl version detection to the top of Makefile.PL, so
Apache-Test and other things won't fool around with %INC and confuse
the detection code. [Stas]
pkgsrc changes:
- Add license definition
Upstream changes:
@section v2_12 Changes with libapreq2-2.12 (released March 13, 2009)
- C API [joes]
Make the cookie parser a little more flexible.
@section v2_11 Changes with libapreq2-2.11 (not released)
- Interactive CGI module [issac]
Allow cgi module to interactively prompt for parameters and cookies when
running a script from the command line and not from a CGI interface
@section v2_10 Changes with libapreq2-2.10 (not released)
- Perl Glue [joes]
Fix the linking of the perl modules to libapreq2 and libapr
on Solaris.
- Perl Glue [joes]
Fix install-time linking issue of the .so modules.
Previously they would remain linked against the src
library path, not the install path.
- C API [joes]
Add optional interface for apreq_handle_apache2().
- C API [joes]
Clean up buggy apreq_hook_find_param().
- Perl Glue Build [Philip M. Gollucci]
config.status format changed format yet again in autoconf 2.62+.
- License [Mladen Turk]
Add libapreq.rc and generate libapreq.res
- Build [Mladen Turk]
Add APREQ_DECLARE_EXPORT/APREQ_DECLARE_STATIC
in the same way as APR declares so that dllexport/dllimport
get correctly handled.
- Build [Randy Kobes]
Add appropriate manifest command to embed manifest files on Win32
when using VC8
- C API [Andy Grundman, joes]
Add missing bytes_read initializer to apreq_handle_custom().
- C API [suggested by Vinay Y S, tested by Steve Hay and Peter Walsham]
For Win32, remove the
flag |= APR_FILE_NOCLEANUP | APR_SHARELOCK;
in apreq_file_cleanup, to avoid problems with file uploads.
@section v2_09 Changes with libapreq2-2.09 ( not released)
- C API [joes]
Fix leak associated to calling apreq_brigade_fwrite() on an upload
brigade.
- Build [Philip M. Gollucci]
SunOS (Solaris)
Users must use gmake not make for building.
- Build [Philip M. Gollucci]
SunOS (Solaris)
Code around bug in libtool (at least in 1.5.18, 1.5.20, 1.5.22)
causing mod_apreq2 to be built instead of mod_apreq2.so
- C API [Philip M. Gollucci]
Fix comparison signed vs unsigned comparison
in apreq_fwritev() on SunOS/gcc where iovec.iov_len is a long.
- Build [Philip M. Gollucci]
SunOS (Solaris)
fix duplicate link error to libexpat.so -- by using the one from httpd
exclusively now.
- Build [Philip M. Gollucci]
code around |#_!!_#| autoconf 2.60 bug.
pkgsrc changes:
- Adjust license definition
Upstream changes:
- Bug fix:
# bug in version 0.08 and older, result was error:
# Modification of a read-only value attempted
# at lib/CSS/Squish.pm line 220
pkgsrc changes:
- Use correct module type for perl install routine
Upstream changes:
0.42 Thu Feb 18 10:13:11 PST 2010
* Inline uri_unescape to drop URI::Escape which is the only non-core
dependency of this distribution. -- miyagawa
* Do not special case COOKIE and sets Cookie header to HTTP_COOKIE. -- miyagawa
O'Reilly's WebSite server misuses COOKIE environment instead of
HTTP_COOKIE. We don't need to replicate that bug since
HTTP::Server::Simple is a server, not a CGI library like CGI.pm.
0.41_01 Tue Feb 2 12:08:15 PST 2010
* Pluggable CGI class support based on a patch from NANIS
pkgsrc changes:
- Note that it uses C language
Upstream changes:
Version 0.69 -- 15 Feb 2010 <mst@shadowcat.co.uk> Matt S Trout
o No changes since the previous development release.
Version 0.68_02 -- 13 Jan 2010 <mst@shadowcat.co.uk> Matt S Trout
o Make the PRINT method return a boolean value rather than the
number of bytes written, previous patch was incorrect.
Version 0.68_01 -- 10 Jan 2010 <mst@shadowcat.co.uk> Matt S Trout
o Force signal handler installation so that we correctly install handlers
for SIGPIPE. Fixes RT#5100 <bobtfish@bobtfish.net>
o Make the PRINT method return the number of bytes written rather than
undef to be consistent with the IO:: interface. Fixes RT#24347
<David Dick>
o Fix UTF-8 double encoding when FCGI is passed octets by downgrading
them into bytes correctly. Fixes RT#52400 <chansen@cpan.org>
