(while here, set LICENSE=gnu-lgpl-v2, move empty directory handling to PLIST)
-------
v3.3.13
-------
[mms] SECURITY: Fix XSS vulnerability in email form field validation.
[jan] Fix UTF-8 support with Firefox 10 or later.
[jan] Add support for resetting passwords to LDAP driver.
-------
v3.3.12
-------
[jan] Convert charset of group names in SQL driver (Bug #9611).
[jan] Fix deleting of SyncML anchors if PHP short_open_tag is off (Bug #9349).
[jan] Add an experimental new Share SQL driver with better performance.
[jan] Fix integer overflow in ASN.1 parser for S/MIME messages.
[jan] Fix splitread database usage in VFS (Bug #9467).
[jan] Fix invalidating permission cache in SQL driver (Bug #9392).
pkgsrc changes:
* use own mozilla-common.mk, some dependency differ from recent Firefox.
* switch to use system cairo.
Fixed in Firefox 3.6.27
* MFSA 2012-11 libpng integer overflow
Fixed in Firefox 3.6.26
* MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
* MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
* MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
* MFSA 2012-02 Overly permissive IPv6 literal syntax
* MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
Fixed in Firefox 3.6.25
* MFSA 2011-59 .jar not treated as executable in Firefox 3.6 on Mac
PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI
implementation with some additional features useful for sites
of any size, especially busier sites.
These features include:
* Adaptive process spawning (NEW!)
* Basic statistics (ala Apache's mod_status) (NEW!)
* Advanced process management with graceful stop/start
* Ability to start workers with different uid/gid/chroot/environment
and different php.ini (replaces safe_mode)
* Stdout & stderr logging
* Emergency restart in case of accidental opcode cache destruction
* Accelerated upload support
* Support for a "slowlog"
* Enhancements to FastCGI, such as fastcgi_finish_request() - a special
function to finish request & flush all data while continuing to do
something time-consuming (video converting, stats processing, etc.)
... and much more.
It was not designed with virtual hosting in mind (large amounts of pools)
however it can be adapted for any usage model.
* IP Filter declar function debug(...) visible to user land.
* Squid defines is own cpp(1) macro debug() before include system's
header files.a
Build problem noted by pettai@ via private mail.
Drupal 7.12, 2012-02-01
----------------------
- Fixed bug preventing custom menus from receiving an active trail.
- Fixed hook_field_delete() no longer invoked during field_purge_data().
- Fixed bug causing entity info cache to not be cleared with the rest of caches.
- Fixed file_unmanaged_copy() fails with Drupal 7.7+ and safe_mode() or
open_basedir().
- Fixed Nested transactions throw exceptions when they got out of scope.
- Fixed bugs with the Return-Path when sending mail on both Windows and
non-Windows systems.
- Fixed bug with DrupalCacheArray property visibility preventing others from
extending it (API change: http://drupal.org/node/1422264).
- Fixed bug with handling of non-ASCII characters in file names (API change:
http://drupal.org/node/1424840).
- Reconciled field maximum length with database column size in image and
aggregator modules.
- Fixes to various core JavaScript files to allow for minification and
aggregation.
- Fixed Prevent tests from deleting main installation's tables when
parent::setUp() is not called.
- Fixed several Poll module bugs.
- Fixed several Shortcut module bugs.
- Added new hook_system_theme_info() to provide ability for contributed modules
to test theme functionality.
- Added ability to cancel mail sending from hook_mail_alter().
- Added support for configurable PDO connection options, enabling master-master
database replication.
- Numerous improvements to tests and test runner to pave the way for faster test
runs.
- Expanded test coverage.
- Numerous API documentation improvements.
- Numerous performance improvements, including token replacement and render
cache.
Drupal 6.24, 2012-02-01
----------------------
- Improved performance of search indexing and user operations by adding indexes.
- Fixed issues with themes getting disabled due to missing locking in
system_theme_data().
- Fix issue with blocks being disabled on updates in _block_rehash().
- Further improvements to PHP 5.3, PHP 4 and PostgreSQL compatibility.
- Improved code documentation at various places.
- Fixed a variety of other bugs.
Language translation files for Contao Open Source CMS version 2.11.x.
From this package, it contains only ready for Conao 2.11.0 and curretly
it supports French, Italian, Japanese, Latvian, Dutch, Polish, Portuguese,
Romanian, Russian and Swedish.
* Multilingual website URLs
* Global style sheet variables
* Improved FAQ module
* News archive/Event list/FAQ list/ and each reader on the same page
* Disabling the CSS framework
* Make style sheets static
* Modified request token system
* Contao safe mode
* Autogenerated local configuration files
* Adding system messages
* Insert tag changes
* Website root pages are required
* Make ListView output a table
* Embed Google web fonts
* Advanced image crop modes
* Forced password change
* Privacy settings
* Updated plugins (not extension)
* New hooks
* New methods in the File/Folder class
* Remove some old function
* Fix MESSAGE.
* Sort DEPENDS.
Changelog:
* Add some features (online text editing, PDF viewer, and Photo Gallery etc.).
* Some improvements.
See http://owncloud.org/owncloud-3-release/
- Improved documentation.
- Improved tests.
- Fixed Hypnotoad HTTPS bug.
- Fixed small URL escaping bug in Mojo::UserAgent::Transactor.
- Fixed small MIME::Base64 and MIME::QuotedPrint related bugs in
Mojo::Util. (sestegra, sri)
2.47 2012-02-06 00:00:00
- Deprecated Hypnotoad configuration files in favor of more powerful
application configuration files.
- Deprecated Mojo::Server::Daemon->prepare_ioloop in favor of
Mojo::Server::Daemon->start.
- Deprecated Mojo::Headers->x_forwarded_for.
- Added EXPERIMENTAL config method to Mojo.
- Added EXPERIMENTAL ca attribute to Mojo::UserAgent.
- Added EXPERIMENTAL drain event to Mojo::Content.
- Added EXPERIMENTAL drain event to Mojo::Transaction::WebSocket.
- Added EXPERIMENTAL support for RSV1-3 flags to
Mojo::Transaction::WebSocket.
- Added EXPERIMENTAL tls_ca option to Mojo::IOLoop::Client->connect.
- Added lock_timeout parameter to Hypnotoad.
- Removed experimental status from JSON Pointer support.
- Removed Cygwin exception from Hypnotoad.
- Replaced drop_handle and drop_timer methods in Mojo::IOWatcher with
drop method.
- Renamed change and watch methods in Mojo::IOWatcher to watch and
io.
- Renamed resume and pause methods in Mojo::IOLoop::Server to start
and stop.
- Renamed resume and pause methods in Mojo::IOLoop::Stream to start
and stop.
- Added pdf MIME type. (bfaist)
- Improved documentation.
- Improved tests.
- Improved CSS of some built-in templates.
- Fixed bug that prevented newer dual-life modules to be loaded.
- Fixed small bug in Mojo::IOLoop::Stream that caused close events to
fail sometimes.
- Fixed small relative URL detection bug in get command.
2.46 2012-01-25 00:00:00
- Added EXPERIMENTAL request_timeout attribute to Mojo::UserAgent.
- Added EXPERIMENTAL text_after and text_before methods to Mojo::DOM.
- Improved all uses of syswrite to be more defensive. (bduggan, sri)
- Improved documentation.
- Improved tests.
- Fixed small parser bug in Mojo::Message::Response.
- Fixed small partial rendering bug.
- Fixed small HTML5 parser bug in Mojo::DOM::HTML. (dougwilson)
2.45 2012-01-18 00:00:00
- Removed T-Shirt link.
- Fixed small caching bug in Mojolicious::Plugin::EPRenderer.
- Fixed typo in exception template.
2.44 2012-01-18 00:00:00
- Added new not_found page for development mode.
- Added EXPERIMENTAL url_with helper to
Mojolicious::Plugin::DefaultHelpers. (diegok, marcus, judofyr, sri)
- Added EXPERIMENTAL support for removing query parameters while
merging to query method of Mojo::URL. (marcus, judofyr, sri)
- Removed experimental status from Mojo::IOLoop::Delay.
- Removed defer method from Mojo::IOLoop.
- Improved exception page for development mode.
- Improved syntax highlighting in perldoc browser slightly.
- Improved Mojo::Base tests.
- Improved documentation.
- Fixed Mojo::Command->app to be an attribute and not a method.
- Fixed Mojo::ByteStream, Mojo::Collection and Mojo::DOM to not be
subclasses of Mojo::Base.
- Bug fixes:
- Prevent a segmentation fault when de-chunking buffered content.
It could be triggered by malicious web servers if Privoxy was
configured to filter the content and running on a platform
where SIZE_T_MAX isn't larger than UINT_MAX, which probably
includes most 32-bit systems.
- Do not expect a response from the SOCKS4/4A server until it
got something to respond to. This regression was introduced
in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
- General improvements:
- Fix an off-by-one in an error message about connect failures.
- Use a GNUMakefile variable for the webserver root directory and
update the path. Sourceforge changed it which broke various
web-related targets.
- Update the CODE_STATUS description.
compatibility with Subversion 1.7 (#10414)
easier troubleshooting of common startup errors (#10024)
jQuery upgraded to 1.4.4 (#10001)
improve fine-grained permission handling in the source browser (#9976, #10208, #10110)
... and dozens more fixes!
Unicorn is an HTTP server for Rack applications designed to only serve
fast clients on low-latency, high-bandwidth connections and take
advantage of features in Unix/Unix-like kernels. Slow clients should
only be served by placing a reverse proxy capable of fully buffering
both the the request and response in between Unicorn and slow clients.
Raindrops is a real-time stats toolkit to show statistics for Rack HTTP
servers. It is designed for preforking servers such as Rainbows! and
Unicorn, but should support any Rack HTTP server under Ruby 1.9, 1.8
and Rubinius on platforms supporting POSIX shared memory. It may also
be used as a generic scoreboard for sharing atomic counters across
multiple processes.
* mdwn: Added nodiscount setting, which can be used to avoid using the
markdown discount engine, when maximum compatability is needed.
* Switch to YAML::XS to work around insanity in YAML::Mo. Closes: #657533
* cvs: Ensure text files are added in non-binary mode. (Amitai Schlair)
* cvs: Various cleanups and testing. (Amitai Schlair)
* calendar: Fix strftime encoding bug.
* shortcuts: Fixed a broken shortcut to wikipedia (accidentially
made into a shortcut to wikiMedia).
* Various portability improvements. (Amitai Schlair)
- SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]
- SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
- SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations.
[Joe Orton]
- SECURITY: CVE-2012-0021 (cve.mitre.org)
mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
string is in use and a client sends a nameless, valueless cookie, causing
a denial of service. The issue existed since version 2.2.17. Bug#52256.
[Rainer Canavan <rainer-apache 7val com>]
- SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
- SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose "httpOnly" cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
- mod_proxy_ajp: Try to prevent a single long request from marking a worker
in error. [Jean-Frederic Clere]
- config: Update the default mod_ssl configuration: Disable SSLv2, only
allow >= 128bit ciphers, add commented example for speed optimized cipher
list, limit MSIE workaround to MSIE <= 5. [Kaspar Brand]
- core: Fix segfault in ap_send_interim_response(). Bug#52315.
[Stefan Fritsch]
- mod_log_config: Prevent segfault. Bug#50861. [Torsten Foertsch
<torsten.foertsch gmx.net>]
- mod_win32: Invert logic for env var UTF-8 fixing.
Now we exclude a list of vars which we know for sure they dont hold UTF-8
chars; all other vars will be fixed. This has the benefit that now also
all vars from 3rd-party modules will be fixed. Bug#13029 / 34985.
[Guenter Knauf]
- core: Fix hook sorting for Perl modules, a regression introduced in
2.2.21. Bug#45076. [Torsten Foertsch <torsten foertsch gmx net>]
- Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
A range of '0-' will now return 206 instead of 200. Bug#51878.
[Jim Jagielski]
- Example configuration: Fix entry for MaxRanges (use "unlimited" instead
of "0"). [Rainer Jung]
- mod_substitute: Fix buffer overrun. [Ruediger Pluem, Rainer Jung]
Please note that all the security fixes had been integrated into
"pkgsrc" as patches previously.
