either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Changes:
Introduces a new, modern admin design
* A fresh, uncluttered design
* Clean typography with Open Sans
* Superior contrast and large, comfortable type
* Responsive interfaces throughout
* Refined, theme management
* Smoother, click-to-add widget management
New Default Theme - Twenty Fourteen
* Easily create a responsive magazine website with a sleek, modern design.
* Feature your favorite homepage content in either a grid or a slider.
* Use the three widget areas to customize your website, and change your
content's layout with a full-width page template and a contributor page to show
off your authors.
For Developers
* External Libraries have been updated.
* Better RTL support
More info on http://codex.wordpress.org/Version_3.8
Changes:
uWSGI 2.0
Changelog [20131230] Important changes
Dynamic options have been definitely removed as well as the
broken_plugins directory Bugfixes and improvements
improved log rotation do not rely on unix signals to print
request status during harakiri added magic vars for uid and
gid various Lua fixes a tons of coverity-governed bugfixes made
by Riccardo Magliocchetti
New features --attach-daemon2
this is a keyval based option for configuring external daemons.
Updated docs are: :doc:`AttachingDaemons` Linux setns() support
One of the biggest improvements in uWSGI 1.9-2.0 has been the total
support for Linux namespaces.
This last patch adds support for the setns() syscall.
This syscall allows a process to "attach" to a running namespace.
uWSGI instances can exposes their namespaces file descriptors
(basically they are the files in /proc/self/ns) via a unix socket.
External instances connects to that unix socket and automatically
enters the mapped namespace.
to spawn an instance in "namespace server mode", you use the
--setns-socket <addr> option
uwsgi --setns-socket /var/run/ns.socket --unshare net,ipc,uts ...
to attach you simply use --setns <addr>
uwsgi --setns /var/run/ns.socket ...
Updated docs: :doc:`Namespaces` "private" hooks
When uWSGI runs your hooks, it verbosely print the whole hook action
line. This could be a security problem in some scenario (for example
when you run initial phases as root user but allows unprivileged
access to logs).
Prefixing your action with a '!' will suppress full logging:
[uwsgi] hook-asap = !exec:my_secret_command
Support for yajl library (JSON parser)
Til now uWSGI only supported jansson as the json parser required
for managing .js config files.
You can now use the yajl library (available in centos) as alternative
JSON parser (will be automatically detected) Perl spooler support
The perl/PSGI plugin can now be used as a spooler server:
uwsgi::spooler(sub {
my $args = shift; print Dumper($args); return -2; });
The client part is still missing as we need to fix some internal
api problem.
Expect it in 2.0.1 ;) Gateways can drop privileges
Gateways (like http router, sslrouter, rawrouter, forkptyrouter
...) can now drop privileges independently by the master.
Currently only the http/https/spdy router exposes the new option
(--http-uid/--http-gid) Subscriptions-governed SNI contexts
The subscription subsystem now supports 3 additional keys (you can
set them with the --subscribe2 option):
sni_key
sni_cert
sni_ca
all of the takes a path to the relevant ssl files.
* [mod_auth] explicitly link ssl for SHA1 (fixes 2517)
* [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes 2515, thx mm)
* [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes 2525, CVE-2013-4508)
* [doc] update ssl.cipher-list recommendation
* [stat-cache] FAM: fix use after free (CVE-2013-4560)
* [stat-cache] fix FAM cleanup/fdevent handling
* [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
* [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
* maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
* [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes 2526)
* [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes 2533)
* [mod_mysql_vhost] fix memory leak on config init (2530)
* [mod_webdav] fix fd leak found with parfait (fixes 2530, thx kukackajiri)
the fastest and most widely support way to get Perfect Forward Secrecy
with modern web browsers if your server uses an RSA key.
Bump package revision because of this change.
Sort PLIST. Add new files.
Trac 1.0.1 (February 1, 2013)
http://svn.edgewall.org/repos/trac/tags/trac-1.0.1
- Fix zip source download for large directories in Subversion repositories
- Performance improvement for the Roadmap, by caching milestone properties
- Added a ''select all'' checkbox to table of components for each plugin on
the Plugins admin panel
- Restore the ''Modify'' link at the top of the ticket page, as it was in
Trac 0.12
- `ListOption` keeps values other than empty string and None in raw list
as default
- Prevent possibility of multiple identical info or warning messages being
presented to the user
- The BatchModify select-all checkboxes are toggled with tri-state behavior
when the ticket checkboxes are toggled
- Update the ticket changetime to the current time when deleting a ticket
comment
- ... and quite more! In particular, see also the changes for 0.12.5
which are also integrated and new since 1.0
Trac 0.12.5 (January 15, 2013)
http://svn.edgewall.org/repos/trac/tags/trac-0.12.5
Trac 0.12.5 is a maintenance release and contains
a few interesting fixes:
- upload of .mht files (MHTML web page archive files) now works
(#9880)
- more robust parsing of attachment URLs (#10280) and uploaded
file names (#10850)
- lots of improvement to the date formatting code, which is now
much more robust when timezone and daylight saving time
computations are involved (#10768, #10863, #10864, #10912, #10920)
- no longer generate invalid JSON encoded data with Python 2.4 and
2.5 (#10877)
- ... and a few more!
Version 3.2.4 (2014-01-20)
--------------------------
### Fixed
Updated the Russian translation of the TinyMCE "typolinks" plugins (see #6224).
### Fixed
Do not create multiple stylect layers upon Ajax changes.
### Fixed
Some DCAs were missing the "rem" unit (see #6634).
### Fixed
Correctly trim the SQL statements in the `Database` class (see #6623).
### Fixed
Fix some broken back end icons (see #6214).
### Fixed
Show a hint in the news archive menu if there are no items (see #5888).
### Fixed
Prevent the back end tool tips from exceeding the screen width (see #6639).
### Fixed
Support the Google+ vanity name in addition to the numeric ID (see #6454).
### Fixed
Correctly detect Android tablets in the `Environment` class (see #5869).
### Fixed
Correctly resolve the module dependencies (see #6606).
### Fixed
Correctly unset the PHP session cookie depending on its parameters.
### Fixed
Fixed the XHTML variant of the comments form (see #5675).
### Fixed
Correctly assign articles to columns (see #6595).
### Fixed
Correctly merge the CSS classes in the `Hybrid` class (see #6601).
Version 1.9.7:
SECURITY HINT: make sure you have allow_xslt = False (or just do not use
allow_xslt at all in your wiki configs, False is the internal default).
Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
New features:
* passlib support - enhanced password hash security. Special thanks go to
the Python Software Foundation (PSF) for sponsoring development of this!
Docs for passlib: http://packages.python.org/passlib/
If cfg.passlib_support is True (default), we try to import passlib and set
it up using the configuration given in cfg.passlib_crypt_context (default
is to use sha512_crypt with default configuration from passlib).
The passlib docs recommend 3 hashing schemes that have good security, but
some of them have additional requirements:
sha512_crypt needs passlib >= 1.3.0, no other requirements.
pbkdf2_sha512 needs passlib >= 1.4.0, no other requirements.
bcrypt has additional binary/compiled package requirements, please refer to
the passlib docs.
cfg.password_scheme should be '{PASSLIB}' (default) to tell that passlib is
wanted for new password hash creation and also for upgrading existing
password hashes.
For the moin code as distributed in our download release archive, passlib
support should just work, as we have passlib 1.6.1 bundled with MoinMoin
as MoinMoin/support/passlib. If you use some other moin package, please
first check if you have moin AND passlib installed (and also find out the
passlib version you have installed).
If you do NOT want to (not recommended!) or can't use (still using python
2.4?) passlib, you can disable it your wiki config:
passlib_support = False # do not import passlib
password_scheme = '{SSHA}' # use best builtin hash (like moin < 1.9.7)
Please note that after you have used moin with passlib support and have user
profiles with passlib hashes, you can't just switch off passlib support,
because if you did, moin would not be able to log in users with passlib
password hashes. Password recovery would still work, though.
password_scheme always gives the password scheme that is wanted for new or
recomputed password hashes. The code is able to upgrade and downgrade hashes
at login time and also when setting / resetting passwords for one or all
users (via the wiki web interface or via moin account resetpw script
command).
So, if you want that everybody uses strong, passlib-created hashes,
resetting the passwords for all users is strongly recommended:
First have passlib support switched on (it is on by default), use
password_scheme = '{PASSLIB}' (also default), then reset all passwords.
Same procedure can be used to go back to weaker builtin hashes (not
recommended): First switch off passlib support, use password_scheme =
'{SSHA}', then reset all passwords.
Wiki farm admins sharing the same user_dir between multiple wikis must use
consistent password hashing / passlib configuration settings for all wikis
sharing the same user_dir. Using the builtin defaults or doing the
configuration in farmconfig.py is recommended.
Admins are advised to read the passlib docs (especially when experiencing
too slow logins or when running old passlib versions which may not have
appropriate defaults for nowadays):
http://packages.python.org/passlib/new_app_quickstart.html#choosing-a-hashhttp://packages.python.org/passlib/password_hash_api.html#choosing-the-right-rounds-value
* Password mass reset/invalidation support, see docs/resetpw/.
This is useful to make sure everybody sets a new password and moin computes
the password hash using the current configuration.
* Customizable default password checker:
Moin's default password checker used and still uses min_length=6 (minimum pw
length) and min_different=4 (minimum count of different chars in the password).
If you feel that you need to require better passwords from your users, you
can customize it now like that in your wiki config:
password_checker = lambda cfg, request, name, pw: multiconfig._default_password_checker(cfg, request, name, pw, min_length=10, min_different=7)
* Removing/disabling inactive users (moin ... account inactive)
Many wikis have a lot of inactive users, that never ever made a single edit.
See help of the command for more details, be careful.
* SystemAdmin user browser: show disabled user accounts at the bottom of
the list
* At startup, announce moin version and code path in log output (makes
support and debugging easier).
* AttachList: introduced search_term parameter (optional) for listing
attachments filtered by a regular expression on their name.
* sign release archive using GnuPG with the key of tw@waldmann-edv.de
ID 31A6CB60 (main key ID FAF7B393)
Fixes:
* logging: if the logging config file can't be read, give a helpful error msg
* logging: use info loglevel (not warning) for telling about using the builtin
default logging config
* moin script commands: warn if someone gave ... to the moin script, avoids a
strange and unhelpful 'empty module name' error message
* reorder html input fields in recoverpass form, to help browsers remember
the user name and password (not erroneously the recovery token and password)
* don't try to send password recovery email to user if email address in
user profile is empty
* cache action: fix 304 http status
* rst parser: fix safe_import for level param in __import__ call of docutils 0.10
* moin maint cleancache: also kill the i18n cache 'meta' pickle file
* sendmail: catch unicode errors when E-Mail addr has non-ascii chars
* redirect last visited: if last visited page is on same wiki, use a local
redirect, do not compute via interwiki map (fixes https: usage)
Added missing include for download(1) with WebKit (as by default).
Reported by Joerg Sonnenberger of NetBSD, thanks!
Fixes building the package, no version bump required AFAICS.
= 4.3.2 (20131002) =
* Fixed a bug in which short Unicode input was improperly encoded to
ASCII when checking whether or not it was the name of a file on
disk. [bug=1227016]
* Fixed a crash when a short input contains data not valid in
filenames. [bug=1232604]
* Fixed a bug that caused Unicode data put into UnicodeDammit to
return None instead of the original data. [bug=1214983]
* Combined two tests to stop a spurious test failure when tests are
run by nosetests. [bug=1212445]
= 4.3.1 (20130815) =
* Fixed yet another problem with the html5lib tree builder, caused by
html5lib's tendency to rearrange the tree during
parsing. [bug=1189267]
* Fixed a bug that caused the optimized version of find_all() to
return nothing. [bug=1212655]
= 4.3.0 (20130812) =
* Instead of converting incoming data to Unicode and feeding it to the
lxml tree builder in chunks, Beautiful Soup now makes successive
guesses at the encoding of the incoming data, and tells lxml to
parse the data as that encoding. Giving lxml more control over the
parsing process improves performance and avoids a number of bugs and
issues with the lxml parser which had previously required elaborate
workarounds:
- An issue in which lxml refuses to parse Unicode strings on some
systems. [bug=1180527]
- A returning bug that truncated documents longer than a (very
small) size. [bug=963880]
- A returning bug in which extra spaces were added to a document if
the document defined a charset other than UTF-8. [bug=972466]
This required a major overhaul of the tree builder architecture. If
you wrote your own tree builder and didn't tell me, you'll need to
modify your prepare_markup() method.
* The UnicodeDammit code that makes guesses at encodings has been
split into its own class, EncodingDetector. A lot of apparently
redundant code has been removed from Unicode, Dammit, and some
undocumented features have also been removed.
* Beautiful Soup will issue a warning if instead of markup you pass it
a URL or the name of a file on disk (a common beginner's mistake).
* A number of optimizations improve the performance of the lxml tree
builder by about 33%, the html.parser tree builder by about 20%, and
the html5lib tree builder by about 15%.
* All find_all calls should now return a ResultSet object. Patch by
Aaron DeVore. [bug=1194034]
= 4.2.1 (20130531) =
* The default XML formatter will now replace ampersands even if they
appear to be part of entities. That is, "<" will become
"&lt;". The old code was left over from Beautiful Soup 3, which
didn't always turn entities into Unicode characters.
If you really want the old behavior (maybe because you add new
strings to the tree, those strings include entities, and you want
the formatter to leave them alone on output), it can be found in
EntitySubstitution.substitute_xml_containing_entities(). [bug=1182183]
* Gave new_string() the ability to create subclasses of
NavigableString. [bug=1181986]
* Fixed another bug by which the html5lib tree builder could create a
disconnected tree. [bug=1182089]
* The .previous_element of a BeautifulSoup object is now always None,
not the last element to be parsed. [bug=1182089]
* Fixed test failures when lxml is not installed. [bug=1181589]
* html5lib now supports Python 3. Fixed some Python 2-specific
code in the html5lib test suite. [bug=1181624]
* The html.parser treebuilder can now handle numeric attributes in
text when the hexidecimal name of the attribute starts with a
capital X. Patch by Tim Shirley. [bug=1186242]
= 4.2.0 (20130514) =
* The Tag.select() method now supports a much wider variety of CSS
selectors.
- Added support for the adjacent sibling combinator (+) and the
general sibling combinator (~). Tests by "liquider". [bug=1082144]
- The combinators (>, +, and ~) can now combine with any supported
selector, not just one that selects based on tag name.
- Added limited support for the "nth-of-type" pseudo-class. Code
by Sven Slootweg. [bug=1109952]
* The BeautifulSoup class is now aliased to "_s" and "_soup", making
it quicker to type the import statement in an interactive session:
from bs4 import _s
or
from bs4 import _soup
The alias may change in the future, so don't use this in code you're
going to run more than once.
* Added the 'diagnose' submodule, which includes several useful
functions for reporting problems and doing tech support.
- diagnose(data) tries the given markup on every installed parser,
reporting exceptions and displaying successes. If a parser is not
installed, diagnose() mentions this fact.
- lxml_trace(data, html=True) runs the given markup through lxml's
XML parser or HTML parser, and prints out the parser events as
they happen. This helps you quickly determine whether a given
problem occurs in lxml code or Beautiful Soup code.
- htmlparser_trace(data) is the same thing, but for Python's
built-in HTMLParser class.
* In an HTML document, the contents of a <script> or <style> tag will
no longer undergo entity substitution by default. XML documents work
the same way they did before. [bug=1085953]
* Methods like get_text() and properties like .strings now only give
you strings that are visible in the document--no comments or
processing commands. [bug=1050164]
* The prettify() method now leaves the contents of <pre> tags
alone. [bug=1095654]
* Fix a bug in the html5lib treebuilder which sometimes created
disconnected trees. [bug=1039527]
* Fix a bug in the lxml treebuilder which crashed when a tag included
an attribute from the predefined "xml:" namespace. [bug=1065617]
* Fix a bug by which keyword arguments to find_parent() were not
being passed on. [bug=1126734]
* Stop a crash when unwisely messing with a tag that's been
decomposed. [bug=1097699]
* Now that lxml's segfault on invalid doctype has been fixed, fixed a
corresponding problem on the Beautiful Soup end that was previously
invisible. [bug=984936]
* Fixed an exception when an overspecified CSS selector didn't match
anything. Code by Stefaan Lippens. [bug=1168167]
= 4.1.3 (20120820) =
* Skipped a test under Python 2.6 and Python 3.1 to avoid a spurious
test failure caused by the lousy HTMLParser in those
versions. [bug=1038503]
* Raise a more specific error (FeatureNotFound) when a requested
parser or parser feature is not installed. Raise NotImplementedError
instead of ValueError when the user calls insert_before() or
insert_after() on the BeautifulSoup object itself. Patch by Aaron
Devore. [bug=1038301]
= 4.1.2 (20120817) =
* As per PEP-8, allow searching by CSS class using the 'class_'
keyword argument. [bug=1037624]
* Display namespace prefixes for namespaced attribute names, instead of
the fully-qualified names given by the lxml parser. [bug=1037597]
* Fixed a crash on encoding when an attribute name contained
non-ASCII characters.
* When sniffing encodings, if the cchardet library is installed,
Beautiful Soup uses it instead of chardet. cchardet is much
faster. [bug=1020748]
* Use logging.warning() instead of warning.warn() to notify the user
that characters were replaced with REPLACEMENT
CHARACTER. [bug=1013862]
= 4.1.1 (20120703) =
* Fixed an html5lib tree builder crash which happened when html5lib
moved a tag with a multivalued attribute from one part of the tree
to another. [bug=1019603]
* Correctly display closing tags with an XML namespace declared. Patch
by Andreas Kostyrka. [bug=1019635]
* Fixed a typo that made parsing significantly slower than it should
have been, and also waited too long to close tags with XML
namespaces. [bug=1020268]
* get_text() now returns an empty Unicode string if there is no text,
rather than an empty bytestring. [bug=1020387]
= 4.1.0 (20120529) =
* Added experimental support for fixing Windows-1252 characters
embedded in UTF-8 documents. (UnicodeDammit.detwingle())
* Fixed the handling of " with the built-in parser. [bug=993871]
* Comments, processing instructions, document type declarations, and
markup declarations are now treated as preformatted strings, the way
CData blocks are. [bug=1001025]
* Fixed a bug with the lxml treebuilder that prevented the user from
adding attributes to a tag that didn't originally have
attributes. [bug=1002378] Thanks to Oliver Beattie for the patch.
* Fixed some edge-case bugs having to do with inserting an element
into a tag it's already inside, and replacing one of a tag's
children with another. [bug=997529]
* Added the ability to search for attribute values specified in UTF-8. [bug=1003974]
This caused a major refactoring of the search code. All the tests
pass, but it's possible that some searches will behave differently.
Version 1.4
-----------
- Update linkify to use etree type Treeewalker instead of simpletree.
- Updated html5lib to version >= 0.999.
- Update all code to be compatible with Python 3 and 2 using six.
- Switch to Apache License.
Version 1.3
-----------
- Used by Python 3-only fork.
Version 1.2.2
-------------
- Pin html5lib to version 0.95 for now due to major API break.
Version 1.2.1
-------------
- clean() no longer considers "feed:" an acceptable protocol due to
inconsistencies in browser behavior.
Version 1.2
-----------
- linkify() has changed considerably. Many keyword arguments have been
replaced with a single callbacks list. Please see the documentation
for more information.
- Bleach will no longer consider unacceptable protocols when linkifying.
- linkify() now takes a tokenizer argument that allows it to skip
sanitization.
- delinkify() is gone.
- Removed exception handling from _render. clean() and linkify() may now
throw.
- linkify() correctly ignores case for protocols and domain names.
- linkify() correctly handles markup within an <a> tag.
Version 7.19.3 [requires libcurl-7.19.0 or better] - 2014-01-09
---------------------------------------------------------------
* Added CURLOPT_NOPROXY.
* Added CURLINFO_LOCAL_PORT, CURLINFO_PRIMARY_PORT and
CURLINFO_LOCAL_IP (patch by Adam Jacob Muller).
* When running on Python 2.x, for compatibility with Python 3.x,
Unicode strings containing ASCII code points only are now accepted
in setopt() calls.
* PycURL now requires that compile time SSL backend used by libcurl
is the same as the one used at runtime. setup.py supports
--with-ssl, --with-gnutls and --with-nss options like libcurl does,
to specify which backend libcurl uses. On some systems PycURL can
automatically figure out libcurl's backend.
If the backend is not one for which PycURL provides crypto locks
(i.e., any of the other backends supported by libcurl),
no runtime SSL backend check is performed.
* Default PycURL user agent string is now built at runtime, and will
include the user agent string of libcurl loaded at runtime rather
than the one present at compile time.
* PycURL will now use WSAduplicateSocket rather than dup on Windows
to duplicate sockets obtained from OPENSOCKETFUNCTION.
Using dup may have caused crashes, OPENSOCKETFUNCTION should
now be usable on Windows.
* A new script, winbuild.py, was added to build PycURL on Windows
against Python 2.6, 2.7, 3.2 and 3.3.
* Added CURL_LOCK_DATA_SSL_SESSION (patch by Tom Pierce).
* Added E_OPERATION_TIMEDOUT (patch by Romuald Brunet).
* setup.py now handles --help argument and will print PycURL-specific
configuration options in addition to distutils help.
* Windows build configuration has been redone:
PYCURL_USE_LIBCURL_DLL #define is gone, use --use-libcurl-dll
argument to setup.py to build against a libcurl DLL.
CURL_STATICLIB is now #defined only when --use-libcurl-dll is not
given to setup.py, and PycURL is built against libcurl statically.
--libcurl-lib-name option can be used to override libcurl import
library name.
* Added CURLAUTH_DIGEST_IE as pycurl.HTTPAUTH_DIGEST_IE.
* Added CURLOPT_POSTREDIR option and CURL_REDIR_POST_301,
CURL_REDIR_POST_302, CURL_REDIR_POST_303 and CURL_REDIR_POST_ALL
constants. CURL_REDIR_POST_303 requires libcurl 7.26.0 or higher,
all others require libcurl 7.19.1 or higher.
* PycURL now supports Python 3.1 through 3.3. Python 3.0 might
work but it appears to ship with broken distutils, making virtualenv
not function on it.
* PycURL multi objects now have the multi constants defined on them.
Previously the constants were only available on pycurl module.
The new behavior matches that of curl and share objects.
* PycURL share objects can now be closed via the close() method.
* PycURL will no longer call `curl-config --static-libs` if
`curl-config --libs` succeeds and returns output.
Systems on which neither `curl-config --libs` nor
`curl-config --static-libs` do the right thing should provide
a `curl-config` wrapper that is sane.
* Added CURLFORM_BUFFER and CURLFORM_BUFFERPTR.
* pycurl.version and user agent string now include both
PycURL version and libcurl version as separate items.
* Added CURLOPT_DNS_SERVERS.
* PycURL can now be dynamically linked against libcurl on Windows
if PYCURL_USE_LIBCURL_DLL is #defined during compilation.
* Breaking change: opensocket callback now takes an additional
(address, port) tuple argument. Existing callbacks will need to
be modified to accept this new argument.
https://github.com/pycurl/pycurl/pull/18
Version 7.19.0.3 [requires libcurl-7.19.0 or better] - 2013-12-24
-----------------------------------------------------------------
* Re-release of 7.19.0.2 with minor changes to build Windows packages
due to botched 7.19.0.2 files on PyPi.
http://curl.haxx.se/mail/curlpython-2013-12/0021.html
Version 7.19.0.2 [requires libcurl-7.19.0 or better] - 2013-10-08
-----------------------------------------------------------------
* Fixed a bug in a commit made in 2008 but not released until 7.19.0.1
which caused CURLOPT_POSTFIELDS to not correctly increment reference
count of the object being given as its argument, despite libcurl not
copying the data provided by said object.
* Added support for libcurl pause/unpause functionality,
via curl_easy_pause call and returning READFUNC_PAUSE from
read callback function.
Version 7.19.0.1 [requires libcurl-7.19.0 or better] - 2013-09-23
-----------------------------------------------------------------
* Test matrix tool added to test against all supported Python and
libcurl versions.
* Python 2.4 is now the minimum required version.
* Source code, bugs and patches are now kept on GitHub.
* Added CURLINFO_CERTINFO and CURLOPT_CERTINFO.
* Added CURLOPT_RESOLVE.
* PycURL can now be used with Python binaries without thread
support.
* gcrypt is no longer initialized when a newer version of gnutls
is used.
* Marked NSS as supported.
* Fixed relative URL request logic.
* Fixed a memory leak in util_curl_init.
* Added CURLOPT_USERNAME and CURLOPT_PASSWORD.
* Fixed handling of big timeout values.
* Added GLOBAL_ACK_EINTR.
* setopt(..., None) can be used as unsetopt().
* CURLOPT_RANGE can now be unset.
* Write callback can return -1 to signal user abort.
* Reorganized tests into an automated test suite.
* Added CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA.
* Cleaned up website.
* Fix pycurl.reset() (patch by <johansen at sun.com>).
* Fix install routine in setup.py where
certain platforms (Solaris, Mac OSX, etc)
would search for a static copy of libcurl (dbp).
* Fixed build on OpenSolaris 0906 and other platforms on which
curl-config does not have a --static-libs option.
* No longer keep string options copies in the
Curl Python objects, since string options are
now managed by libcurl.
flup is a collection of modules for the Python Web Server Gateway
Interface, including support for AJP 1.3, FastCGI and SCGI. It also
offers a basic middleware.
This package contains the 3.x version of the module.
0.8
More fixes for the App Engine support.
Added a new feature that allows you to supply your own provider for the
CA_CERTS file. Just create a module named ca_certs_locater that has a method
get() that returns the file location of the CA_CERTS file.
Lots of clean up of the code formatting to make it more consistent.
part of PR pkg/48447
The HTTP Gem is an easy-to-use client library for making requests from Ruby.
It uses a simple method chaining system for building requests, similar to
libraries like JQuery or Python's Requests.
## v0.9.0
* Add HTTPClient adapter (@hakanensari)
* Improve Retry handler (@mislav)
* Remove autoloading by default (@technoweenie)
* Improve internal docs (@technoweenie, @mislav)
* Respect user/password in http proxy string (@mislav)
* Adapter options are structs. Reinforces consistent options across adapters
(@technoweenie)
* Stop stripping trailing / off base URLs in a Faraday::Connection. (@technoweenie)
* Add a configurable URI parser. (@technoweenie)
* Remove need to manually autoload when using the authorization header helpers on `Faraday::Connection`. (@technoweenie)
* `Faraday::Adapter::Test` respects the `Faraday::RequestOptions#params_encoder` option. (@technoweenie)
Drupal 7.26, 2014-01-15
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001.
Drupal 7.25, 2014-01-02
-----------------------
- Fixed a bug in node_save() which prevented the saved node from being updated
in hook_node_insert() and other similar hooks.
- Added a meta tag to install.php to prevent it from being indexed by search
engines even when Drupal is installed in a subfolder (minor markup change).
- Fixed a bug in the database API that caused frequent deadlock errors when
running merge queries on some servers.
- Performance improvement: Prevented block rehashing from writing blocks to the
database on every cache clear and cron run when the blocks have not changed.
This fix results in an extra 'saved' key which is added and set to TRUE for
each block returned by _block_rehash() that actually is saved to the database
(data structure change).
- Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow
queues to avoid being automatically processed on cron runs (API addition).
- Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be
invoked if the block delta had a hyphen in it. To implement the hook when the
block delta has a hyphen, modules should now replace hyphens with underscores
when constructing the function name for the hook implementation.
- Fixed a bug which caused cached pages to sometimes be sent to the browser
with incorrect compression. The fix adds a new 'page_compressed' key to the
$cache->data array returned by drupal_page_get_cache() (minor data structure
change).
- Fixed broken tests on PHP 5.5.
- Made the File and Image modules more robust when saving entities that have
deleted files attached. The code in file_field_presave() will now remove the
record of the deleted file from the entity before saving (minor data
structure change).
- Standardized menu callback functions throughout Drupal core to return
MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page
not found" or "access denied" pages (minor API change in the return value of
these functions under some circumstances).
- Fixed a bug in which caches were not properly cleared when a node was deleted
via the administrative interface.
- Changed the Bartik theme to render content contained in <pre>, <code> and
similar tags in a larger font size, so it is easier to read.
- Fixed a bug in the Search module that caused exceptions to be thrown during
searches if the server was not configured to represent decimal points as a
period.
- Fixed a regression in the Image module that made image_style_url() not work
when a relative path (rather than a complete file URI) was passed to it.
- Added an optional feature to the Statistics module to allow node views to be
tracked by Ajax requests rather than during the server-side generation of the
page. This allows the node counter to work on sites that use external page
caches (string change and new administrative option:
https://drupal.org/node/2164069).
- Added a link to the drupal.org documentation page for cron to the Cron
settings page (string change).
- Added a 'drupal_anonymous_user_object' variable to allow the anonymous user
object returned by drupal_anonymous_user() to be overridden with a classed
object (API addition).
- Changed the database API to allow inserts based on a SELECT * query to work
correctly.
- Changed the database schema of the {file_managed} table to allow Drupal to
manage files larger than 4 GB.
- Changed the File module's hook_field_load() implementation to prevent file
entity properties which have the same name as file or image field properties
from overwriting the field properties (minor API change).
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Version 1.7.1
-------------
Released January 14th 2014
- Fixed a bug where passwords would fail to verify when specifying a password hash algorithm
Version 1.7.0
-------------
Released January 10th 2014
- Python 3.3 support!
- Dependency updates
- Fixed a bug when `SECURITY_LOGIN_WITHOUT_CONFIRMATION = True` did not allow users to log in
- Added `SECURITY_SEND_PASSWORD_RESET_NOTICE_EMAIL` configuraiton option to optionally send password reset notice emails
- Add documentation for `@security.send_mail_task`
- Move to `request.get_json` as `request.json` is now deprecated in Flask
- Fixed a bug when using AJAX to change a user's password
- Added documentation for select functions in the `flask_security.utils` module
- Fixed a bug in `flask_security.forms.NextFormMixin`
- Added `CHANGE_PASSWORD_TEMPLATE` configuration option to optionally specify a different change password template
- Added the ability to specify addtional fields on the user model to be used for identifying the user via the `USER_IDENTITY_ATTRIBUTES` configuration option
- An error is now shown if a user tries to change their password and the password is the same as before. The message can be customed with the `SECURITY_MSG_PASSWORD_IS_SAME` configuration option
- Fixed a bug in `MongoEngineUserDatastore` where user model would not be updated when using the `add_role_to_user` method
- Added `SECURITY_SEND_PASSWORD_CHANGE_EMAIL` configuration option to optionally disable password change email from being sent
- Fixed a bug in the `find_or_create_role` method of the PeeWee datastore
- Removed pypy tests
- Fixed some tests
- Include CHANGES and LICENSE in MANIFEST.in
- A bit of documentation cleanup
- A bit of code cleanup including removal of unnecessary utcnow call and simplification of get_max_age method
Drupal 7.25, 2014-01-02
-----------------------
- Fixed a bug in node_save() which prevented the saved node from being updated
in hook_node_insert() and other similar hooks.
- Added a meta tag to install.php to prevent it from being indexed by search
engines even when Drupal is installed in a subfolder (minor markup change).
- Fixed a bug in the database API that caused frequent deadlock errors when
running merge queries on some servers.
- Performance improvement: Prevented block rehashing from writing blocks to the
database on every cache clear and cron run when the blocks have not changed.
This fix results in an extra 'saved' key which is added and set to TRUE for
each block returned by _block_rehash() that actually is saved to the database
(data structure change).
- Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow
queues to avoid being automatically processed on cron runs (API addition).
- Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be
invoked if the block delta had a hyphen in it. To implement the hook when the
block delta has a hyphen, modules should now replace hyphens with underscores
when constructing the function name for the hook implementation.
- Fixed a bug which caused cached pages to sometimes be sent to the browser
with incorrect compression. The fix adds a new 'page_compressed' key to the
$cache->data array returned by drupal_page_get_cache() (minor data structure
change).
- Fixed broken tests on PHP 5.5.
- Made the File and Image modules more robust when saving entities that have
deleted files attached. The code in file_field_presave() will now remove the
record of the deleted file from the entity before saving (minor data
structure change).
- Standardized menu callback functions throughout Drupal core to return
MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page
not found" or "access denied" pages (minor API change in the return value of
these functions under some circumstances).
- Fixed a bug in which caches were not properly cleared when a node was deleted
via the administrative interface.
- Changed the Bartik theme to render content contained in <pre>, <code> and
similar tags in a larger font size, so it is easier to read.
- Fixed a bug in the Search module that caused exceptions to be thrown during
searches if the server was not configured to represent decimal points as a
period.
- Fixed a regression in the Image module that made image_style_url() not work
when a relative path (rather than a complete file URI) was passed to it.
- Added an optional feature to the Statistics module to allow node views to be
tracked by Ajax requests rather than during the server-side generation of the
page. This allows the node counter to work on sites that use external page
caches (string change and new administrative option:
https://drupal.org/node/2164069).
- Added a link to the drupal.org documentation page for cron to the Cron
settings page (string change).
- Added a 'drupal_anonymous_user_object' variable to allow the anonymous user
object returned by drupal_anonymous_user() to be overridden with a classed
object (API addition).
- Changed the database API to allow inserts based on a SELECT * query to work
correctly.
- Changed the database schema of the {file_managed} table to allow Drupal to
manage files larger than 4 GB.
- Changed the File module's hook_field_load() implementation to prevent file
entity properties which have the same name as file or image field properties
from overwriting the field properties (minor API change).
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Flask-Babel is an extension to Flask that adds i18n and l10n support to any
Flask application with the help of babel, pytz and speaklater. It has builtin
support for date formatting with timezone support as well as a very simple and
friendly interface to gettext translations.
Upstream changes:
4.66 2014-01-04
- Added success attribute to Test::Mojo.
- Improved Mojo::DOM::CSS and Mojo::DOM::HTML performance.
- Fixed XML detection bug in Mojo::DOM.
- Fixed escaping bugs in Mojo::DOM::CSS.
4.65 2014-01-02
- Deprecated use of hash references for optgroup generation with
select_field helper in favor of Mojo::Collection objects.
- Added b and c helpers to Mojolicious::Plugin::DefaultHelpers.
- Fixed reference handling bug in Mojo::Collection.
4.64 2014-01-01
- Fixed helper export bug in Mojolicious::Plugin::EPRenderer.
4.63 2013-12-19
- Deprecated Mojolicious::secret in favor of Mojolicious::secrets.
- Added support for rotating secrets.
- Added secrets method to Mojolicious.
4.62 2013-12-17
- Deprecated Mojo::URL::to_rel.
4.61 2013-12-16
- Added select_one method to Mojo::DOM::CSS.
- Improved performance of Mojo::DOM::at significantly.
4.60 2013-12-11
- Improved Mojolicious::Validator::Validation to allow custom validation
errors.
4.59 2013-12-04
- Added CSRF protection support.
- Added support for permessage-deflate WebSocket compression.
- Added csrf_protect method to Mojolicious::Validator::Validation.
- Added build_message method to Mojo::Transaction::WebSocket.
- Added csrf_token attribute to Mojolicious::Validator::Validation.
- Added compressed and context_takeover attributes to
Mojo::Transaction::WebSocket.
- Added csrf_token helper to Mojolicious::Plugin::DefaultHelpers.
- Added csrf_field helper to Mojolicious::Plugin::TagHelpers.
- Removed deprecated mode specific methods in application class.
- Relicensed all artwork to CC-SA version 4.0.
uwsgitop is a top-like command that uses the stats server. Run your uWSGI server
with the stats server enabled. Ex.:
uwsgi --module myapp --socket :3030 --stats /tmp/stats.socket
Then, connect uwsgitop to the stats socket:
uwsgitop /tmp/stats.socket
Uliweb is a full-stacked Python based web framework. It has three
main design goals, they are: reusability, configurability, and
replaceability. All the functionalities revolve around these goals.
-wip for the newest supported version. Partial ChangeLog:
* 1.4.1
- fixed typos in corerouter plugins
- fixed offloading when the number of threads is higher than 1
- fixed static_maps for non-existent paths
- fixed uwsgi_connect() on modern Linux systems to reset the socket to blocking mode
* 1.4
- gevent improvements
- improved http/https router and fastrouter
- Go official support
- a new set of infos are exported to the stats system
- improved systemd support
- log filtering and routing
- improved tracebacker
- offload transfer for static files, and network transfers
- matheval support
- plugins can be written in Obj-C
- smart attach daemon
- added support for PEP 405 virtualenvs
- rawrouter with xclient support
- internal routing plugin for cache
* 1.3
- python tracebacker
- user-governed harakiri
- simplified external plugin development
- Linux namespace mountpoint improvements
- secured subscription system
- merged routers codebase (fastrouter, http, rawrouter)
- https support in the http router
- config report at the end of uWSGI build process
- improved subscription system (multicast and unix socket)
- custom options
- graceful reloads on shared sockets
- configurable log-master buffer size
- extreme-optimizations for the stats subsystem
- redislog and mongodblog plugins
- added python logger
- mongodb and postgres imperial monitors
- implemented psgix.logger and psgix.cleanup
- full rack spec compliance
- preliminary ipv6 support
- gevent graceful reloads
- support for multiple loggers and logformat
- lazy-apps to load apps after fork() but without changing reloading subsystem
- emperor heartbeat subsystem
- cheaper busyness plugin
- pluggable clock sources
- added router_rewrite and router_http plugins
- external spoolers
- support for section:// and fd:// loaders
- alarm subsystem (with curl and xmpp plugins)
Update DEPENDS
Upstream changes:
0.11 2013-12-15 14:19:22 Europe/Amsterdam
[ ENHANCEMENTS ]
* GH#481: Don't pollute @INC automatically when Dancer2 is imported, each
runner is now responsible of including the local ./lib dir if needed.
* GH#469, 418: Dancer2::Plugin provides a ':no_dsl' flag for modern Plugins
(Pedro Melo)
* GH#485: Keywords 'redirect' and 'forward' exit immediatly when executed in
a route/hook. New dependency on Return::MultiLevel (Russell Jenkins).
* GH#495: Use accessor and predicates instead of direct access.
Addresses GH#493 too. (Russell Jenkins)
* GH#502,GH#472: Rework halt to use with_return from Return::MultiLevel.
(Russell Jenkins)
* GH#479,GH#480,GH#508: Pass parameters to params() in the DSL.
(Slava Goltser, unickuity, Russell Jenkins)
* GH#505: Fix empty HTTP_REFERER in Dancer::Core::Request (Menno Blom).
* GH#503: Multiple reverse proxy support (Menno Blom).
* GH#371,GH#506: CLI tool rewrite (using App::Cmd, supports plugins, etc.).
(Ivan Kruglov, Samit Badle, Sawyer X)
* GH#498: Add some missing items in MANIFEST.SKIP (Gabor Szabo, Sawyer X).
[ DOCUMENTATION ]
* GH#489: Remove link to Dancer2::Deployment pod which does not exist
(Sweet-kid)
* GH#511: s/Deflator/Deflater/; (Cesare Gargano)
* GH#491: Updated config paths for template_toolkit in cookbook.
(Mark A. Stratman)
* GH#494: Update session config details (Dancer2::Config),
namespace fixup in Dancer2::Core::cookie.
(Russell Jenkins)
* GH#470: Fix Plack::Builder mount usage (Pedro Melo).
* GH#507: Fix plenty of typos (David Steinbrunner).
* GH#477: Document problem with Plack Shotgun on Windows (Ahmad M. Zawawi).
* GH#504: Add link to Dancer2::Plugin::Sixpack (Menno Blom).
* GH#490: Document Dancer2 should be FatPackable (Sawyer X).
* GH#452: Make a complete authors section, clean it up (Pau Amma).
* More fixes to main documentation (Pau Amma).
Upstream changes:
1.3120 24.12.2013
[ ENHANCEMENTS ]
* GH #974: Make plugins play nicely with mro 'c3'. (Fabrice Gabolde)
[ DOCUMENTATION ]
* GH #972: Correction of a truckload of typos. (David Steinbrunner)
* GH #971: Stress that the request's 'env()' method is prefered over
accessing '%ENV' directly. (isync)
* GH #968: Fix 'ScriptAlias' example in Deployment docs. (reported
by tednolan)
* GH #976: Document and trap limitation in Dancer::Test. (Tom Hukins)
* GH #976: Improve references to related modules. (Tom Hukins)
Flask-Bootstrap packages Twitter's Bootstrap into an extension that mostly
consists of a blueprint named 'bootstrap'. It can also create links to serve
Bootstrap from a CDN and works with no boilerplate code in your application.
* aggregate: Improve display of post author.
* poll: Fix behavior of poll buttons when inlined.
* Fixed unncessary tight loop hash copy in saveindex where a pointer
can be used instead. Can speed up refreshes by nearly 50% in some
circumstances.
* Optimized loadindex by caching the page name in the index.
* Added only_committed_changes config setting, which speeds up wiki
refresh by querying git to find the files that were changed, rather
than looking at the work tree. Not enabled by default as it can
break some setups where not all files get committed to git.
* comments: Write pending moderation comments to the transient underlay
to avoid conflict with only_committed_changes.
* search: Added google_search option, which makes it search google
rather than using the internal xapain database.
(googlesearch plugin is too hard to turn on when xapain databases
corrupt themselves, which happens all too frequently).
* osm: Remove invalid use of charset on embedded javascript tags.
Closes: #731197
* style.css: Add compatibility definitions for more block-level
html5 elements. Closes: #731199
* aggregrate: Fix several bugs in handling of empty and colliding
titles when generating filenames.
o update a few content types
o add support for directly calling lua scripts to handle
processes, from mbalmer@netbsd.org
o properly escape generated HTML
o add authentication for redirections, from martin@netbsd.org
o handle chained ssl certifications, from elric@netbsd.org
o add basic support for gzipped files, from elric@netbsd.org
o properly escape generated URIs
XXX: could integrate this with lua, but left undone for now.
Version 0.2.9-dev
-----------------
Released on December 28th, 2013
- Fixes anonymous user assignment.
- Fixes localization in Python 3.
Version 0.2.8
-------------
Released on December 21st 2013
- Support login via authorization header. This allows login via Basic Auth, for
example. Useful in an API presentation context.
- Ability to override user ID method name. This is useful if the ID getter is
named differently than the default.
- Session data is now only read when the user is requested. This can be
beneficial for cookie and caching control when differenting between
requests that use user information for rendering and ones where all users
(including anonymous) get the same result (e.g. static pages)
- BREAKING: User *must* always be accessed through the ``current_user``
local. This breaks any previous direct access to ``_request_ctx.top.user``.
This is because user is not loaded until current_user is accessed.
- Fixes unnecessary access to the session when the user is anonymous
and session protection is active.
see https://github.com/maxcountryman/flask-login/issues/120
- Fixes issue where order dependency of applying the login manager
before dependent applications was required.
see https://github.com/mattupstate/flask-principal/issues/22
- Fixes Python 3 ``UserMixin`` hashing.
- Fixes incorrect documentation.
Version 0.9.4
-------------
Released 2013/12/20
- Bugfix for csrf module when form has a prefix
- Compatible support for wtforms2
- Remove file API for FileField
* "git diff -- ':(icase)makefile'" was unnecessarily rejected at the
command line parser.
* "git cat-file --batch-check=ok" did not check the existence of
the named object.
* "git am --abort" sometimes complained about not being able to write
a tree with an 0{40} object in it.
* Two processes creating loose objects at the same time could have
failed unnecessarily when the name of their new objects started
with the same byte value, due to a race condition.
Also contains typofixes, documentation updates and trivial code clean-ups
HTTP request/response parser for Python compatible with Python 2.x (>=2.6),
Python 3 and Pypy. If possible a C parser based on http-parser from Ryan Dahl
will be used.
Tue Dec 10 15:49:46 GMT 2013 - surfraw 2.2.9
* New elvi:
+ S - search using w3_custom_search (see below)
+ cisco - search Cisco documentation
+ debcodesearch - search Debian codebase
+ github - search github
+ gmane - search mailing lists
+ jquery - search jQuery documentation
+ mdn - search Mozilla Developer Network
+ mysqldoc - search MySQL documentation
+ oraclesearch - search Oracle documentation
+ pgdoc - search PostgreSQL documentation
+ phpdoc - search PHP documentation
+ pin - search pinboard.in
+ wolfram - search Wolfram Alpha
+ yacy - search YaCy P2P search engines, including ScienceNet
* Changed elvi:
+ aur - uses HTTPS by default, use -no-https to disable
+ deblists
* Removed options -author, -lists, -lang
* added options -ml (message links) and -mv (list view)
+ duckduckgo:
* removed -p (clashes with global print option), use -safe instead
* stopped -l[ucky] from clobbering -lh
+ google: changed -g option to -G to avoid clash with -g for graphical view
* Fixed elvi: ask, ctan, deli, genportage, jamendo, javasun, openbsd
musicbrainz, rae, slashdot, slinuxdoc
* Removed elvi for dead sites: happypenguin, scroogle, sunonesearch (replaced by oraclesearch)
* w3_custom_search
+ elvi that use a search engine as a backend with site: and inurl:
can now choose which search engine to use.
So far, google and duckduckgo are supported, with duckduckgo the default.
+ Affected elvi: mdn, mysqldoc, netbsd, openbsd, pgdoc, slinuxdoc
+ To select on the commandline use -custom-search=google or -custom-search=duckduckgo
+ Or configure SURFRAW_customsearch_provider
* New variable: SURFRAW_bookmark_search_elvis
When using searchable bookmarks, if all else fails run this elvis.
Defaults to google
* New example elinks integration script in examples/hooks.lua.
* Debian packaging now included in release, in debian/ dir.
* Known problems at time of release
+ deblogs - down (hopefully) temporarily
+ yacy - demo portal down, ScienceNet still up
+ scicom - down, status unknown
Bug fixes
Fixed BCryptSHA256PasswordHasher with py-bcrypt and Python 3.
Fixed a regression that prevented a ForeignKey with a hidden reverse manager (related_name ending with ‘+’) from being used as a lookup for prefetch_related.
Fixed Queryset.datetimes raising AttributeError in some situations.
Fixed ModelBackend raising UnboundLocalError if get_user_model() raised an error.
Fixed a regression that prevented editable GenericRelation subclasses from working in ModelForms.
Added missing to_python method for ModelMultipleChoiceField which is required in Django 1.6 to properly detect changes from initial values.
Fixed django.contrib.humanize translations where the unicode sequence for the non-breaking space was returned verbatim.
Fixed loaddata error when fixture file name contained any dots not related to file extensions or when fixture path was relative but located in a subdirectory.
Fixed display of inline instances in formsets when parent has 0 for primary key.
Fixed a regression where custom querysets for foreign keys were overwritten if ModelAdmin had ordering set.
Removed mention of a feature in the --locale/-l option of the makemessages and compilemessages commands that never worked as promised: Support of multiple locale names separated by commas. It’s still possible to specify multiple locales in one run by using the option multiple times.
Fixed a regression that unnecessarily triggered settings configuration when importing get_wsgi_application.
Fixed test client logout() method when using the cookie-based session backend.
Fixed a crash when a GeometryField uses a non-geometric widget.
Fixed password hash upgrade when changing the iteration count.
Fixed a bug in the debug view when the URLconf only contains one element.
Re-added missing search result count and reset link in changelist admin view.
The current language is no longer saved to the session by LocaleMiddleware on every response, but rather only after a logout.
Fixed a crash when executing runserver on non-English systems and when the formatted date in its output contained non-ASCII characters.
Fixed a crash in the debug view after an exception occurred on Python ≥ 3.3.
Fixed a crash in ImageField on some platforms (Homebrew and RHEL6 reported).
Fixed a regression when using generic relations in ModelAdmin.list_filter.
* Added missing header in client_side_reply.cc for clang
* Bug 3498: FTP PUT assertion Server.cc:246: 'r->body_pipe != NULL'
* Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
* Fix \-unescaping in quoted strings from helpers
* WCCPv2: fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
* Fix missing cast in rev.13162
* Bug 3980: FATAL ERROR due to max_user_ip -s option
* Fix linker errors "relocation R_X86_64_32 against .rodata"
* Regression in URL helper API
* Bug 3806: Caching responses with Vary header
* Set sslcrtvalidator_children concurrency option default value to 1
* Release notes: update HTML version
SSL: protocol version can be specified more precisely
imap/pop3/smtp: Added graceful cancellation of SASL authentication
Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
base64: Added validation of base64 input strings when decoding
curl_easy_setopt: Added the ability to set the login options separately
smtp: Added support for additional SMTP commands
curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
nss: allow to use TLS > 1.0 if built against recent NSS
SECURITY: added this document to describe our security processes
parseconfig: warn if unquoted white spaces are detected
Bugfixes:
SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS
darwinssl: un-break iOS build after PKCS/12 feature added
tool: use XFERFUNCTION to save some casts
usercertinmem: fix memory leaks
ssh: Handle successful SSH_USERAUTH_NONE
NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
test906: Fixed failing test on some platforms
sasl: initialize NSS before using NTLM crypto
sasl: Fixed memory leak in OAUTH2 message creation
imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
cmake: unbreak for non-Windows platforms
ssh: initialize per-handle data in ssh_connect()
glob: fix broken URLs
configure: check for long long when building with cyassl
CURLOPT_RESOLVE: mention they don't time-out
docs/examples/httpput.c: fix build for MSVC
FTP: make the data connection work when going through proxy
NSS: support for CERTINFO feature
curl_multi_wait: accept 0 from multi_timeout() as valid timeout
glob_range: pass the closing bracket for a-z ranges
tool_help: Updated --list-only description to include POP3
Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
cmake: fix Windows build with IPv6 support
ares: Fixed compilation under Visual Studio 2012
curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
curl.1: mention that -O does no URL decoding
darwinssl: PKCS/12 import feature now requires Lion or later
darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
configure: Fix test with -Werror=implicit-function-declaration
sigpipe: factor out sigpipe_reset from easy.c
curl_multi_cleanup: ignore SIGPIPE
globbing: curl glob counter mismatch with {} list use
parseconfig: dash options can't specified with colon or equals
digest: fix CURLAUTH_DIGEST_IE
curl.h: for OpenBSD
darwinssl: Fix #if 10.6.0 for SecKeychainSearch
TFTP: fix return codes for connect timeout
login options: remove the ;[options] support from CURLOPT_USERPWD
imap: Fixed incorrect fallback to clear text authentication
parsedate: avoid integer overflow
curl.1: document -J doesn't %-decode
multi: add timer inaccuracy margin to timeout/connecttimeout
Changelog:
2.5.3:
Bugs Fixed
0002967: [display] Album list management display enhancement, faster load
0002964: [configuration] zero should be allowed for the recent period
0002980: [other] Fatal error when renaming a group
0002977: [albums] move a public album into a private album may create inconsistent permissions
0002975: [template] Internet Explorer 7, album creation form is broken
0002974: [configuration] avoid deprecated errors
0002973: [metadata] missing characters from IPTC when using encoding windows-1252
0002970: [other] Division by zero on batch manager
0002934: [authentication] [Smartpocket ] Can't register
2.5.2:
Bugs Fixed
0002921: [tags] Can't create tags with special chars like ( + [
0002915: [synchronization] synchronization not really disabled
0002894: [albums] set as album thumbnail on picture.php does not apply to all users
0002895: [display] dark administration theme, plugins menu flashes
0002907: [albums] wrong number of sub-albums
0002917: [web API] [pwg.images.delete] if the photo is album thumbnail, blocking error on gallery
0002909: [users & groups] give permission on an empty list of albums produces SQL error
0002901: [photos] [Batch Manager] french, set author action, default value should disappear
0002899: [metadata] ability to allow HTML in EXIF/IPTC
0002896: [technical] Apply trigger render_element_description for thumbnail title (for picture description)
Technical changes
0002922: [technical] Add caseSensitive option to TokenInput (web form for tag creation)
0002929: [photos] [multiple size] strip metadata on configurable threshold
0002925: [template] new function theme_delete
2.5.1:
Bugs Fixed
0002892: [web API] [pwg.images.setInfo] empty tag_ids input parameter produces errors
0002865: [database] [mysqli] support for mysql sockets and port number
0002891: [navigation] unexpected flat parameter in home link on picture page breadcrumb
0002864: [authentication] open_basedir restriction and new password generator
0002887: [user comments] Comments accessible anonymously if comments author is known
0002861: [installation & upgrade] invalid password on manual upgrade
0002867: [template] [LocalFiles Editor] can't create new template-extension
0002881: [web API] [pwg.images.addSimple] undefined constant tags-assumed "tags"
2.5.0
Many changes include
User features
User comments: Email and Website added
Tag duplication
Pagination on albums
Batch manager: filter on dimensions
Group manager
Better looking icons
Connect with Facebook, Google, OpenID...
Temporary image while loading
51 languages
Physical vs virtual albums
Protection of original photos
Tag exclusion in quick search
IP address and sessions
Tecnical features
New web API explorer
increased security on passwords
mysqli library for MySQL
JSmin replaced by JavaScriptPacker
Sprite for flags
Sessions can store infos, errors and warnings
Add triggers on all main pages
Add template method to sort action buttons
jquery 1.8.3, jquery.ui 1.10.1
Earlier detection of mobile device
Triggers for login system
2.4.7:
Bugs Fixed
0002819: [template] Link problem in menu with smartpocket
0002843: [security] [install.php on Windows] improved security on temporary config file download (reported by htbridge and fixed in collaboration with Gjoko Krstic)
0002844: [security] increase security on LocalFiles Editor (reported by htbridge)
0002793: [technical] Fatal error: Cannot redeclare PclZipUtilPathReduction
0002797: [template] local css for "clear" impacts admin theme "clear"
version number, as suggested in PR 47418 a year ago. Also make sure
the localization packages claim they belong to the right corresponding
firefox packages, as a number of them were wrong.
Changelog:
For WordPress 3.8 ja
* Update WP Multibyte Patch to 1.9
For WordPress 3.8
Highlights
Introduces a new, modern admin design
A fresh, uncluttered design
Clean typography with Open Sans
Superior contrast and large, comfortable type
Responsive interfaces throughout
Refined, theme management
Smoother, click-to-add widget management
New Default Theme - Twenty Fourteen
Easily create a responsive magazine website with a sleek, modern design.
Feature your favorite homepage content in either a grid or a slider.
Use the three widget areas to customize your website, and change your content's layout with a full-width page template and a contributor page to show off your authors.
For Developers
External Libraries have been updated.
Better RTL support
What's New
General
Replace PNG-based plugins ratings stars with Dashicons for performance gains
Improved help tab text in various screens
Clicking "Check Again" on the Updates screen now provides more immediate feedback
Dashboard
Consolidate several Dashboard widgets to improve readability
Replace the 'Right Now' widget with the new and improved 'At a Glance' widget
Appearance
Introduce 8 new admin color schemes
Improved readability throughout using Open Sans typeface (where supported)
Responsive Toolbar for smaller-screen devices
Leverage Dashicons instead of icon sprites for crisper experience on all resolutions
Big RTL improvements throughout
Make the dashboard more usable on any size device with responsive all the things
Improve the login screen experience for Internet Explorer 8 users
Improve Quick Edit experience for non-English users
Improve the Menus experience for mobile users
Themes
New Default Theme -- Twenty Fourteen
Make it possible to check for any post format assigned to a post with has_post_format()
Better custom background theme support defaults, can now specify 'default-repeat', 'default-position-x', and 'default-attachment' arguments for background images.
Tags for width changed to layout: responsive-layout, fluid-layout, and fixed-layout
New tag: accessibility-ready to denote a theme is aware of accessibility best practices such as color contrast, keyboard navigation, and form/link focus. See WP theme accessibility guidelines.
Theme screenshots' size have increased from 600x450 to 880x 660.
Widgets
New click-to-add interface for adding widgets to sidebars
Improved interface for devices of all resolutions
Better drag-and-drop experience
Accessibility
Make list table row actions keyboard accessible
Improve color contrast throughout the admin
Multisite
Improved performance when deleting users in Multisite
Under The Hood
General
Heartbeat performance and API improvements
A $taxonomy argument was added to each of the adjacent post functions.
Define $is_nginx in vars.php
Apply capital_P_dangit() to the wp_title filter
Make sure ajaxurl is defined in the Customizer
validate_active_plugins() now checks the manage_network_plugins capability instead of is_super_admin()
Allow passing false for the meta_box_cb argument in register_taxonomy() to turn off the meta box display entirely
Make it easier to target video shortcodes by adding a wp-video class to the parent container
Add CSSMin, SASS, CSSJanus, and jsHint to build tools for core development
Bug Fixes
Fix bug where top-level categories were only redirecting if they had no children
Fix bug in wp_get_object_terms() where returned were strings not integers
Fix a bug where passing a null value to meta_query resulted in wonkiness with the comparison operator
Fix "'wp_signups' already exists for query" error after updating a Multisite network
Fix bug in get_bookmarks() caused by missing parentheses
Fix comment_notification_recipients filter behavior so that it is still respected even on comments left by the post author
Fix a date comparison error in dashboard_relative_date()
Fix keyboard accessibility for row actions in list tables.
Fix no-js and accessibility modes in in the Widgets screen
Fix a bug where menus could still be assigned to a non-existent theme location
Silence jQuery Migrate errors in the General settings page
Multisite
Classes
Introduce WP_Screen::remove_option()
Introduce WP_Screen::remove_options()
Introduce WP_Screen::get_options()
Functions
Introduce wp_dashboard_quick_press()
Introduce wp_dashboard_site_activity()
Introduce wp_dashboard_recent_posts()
Introduce wp_dashboard_recent_comments()
Introduce wp_dashboard_primary_output()
Introduce wp_heartbeat_set_suspension()
Introduce wp_star_rating()
Introduce get_theme_update_available()
Introduce wp_prepare_themes_for_js()
Actions & Filters
Actions
Introduce automatic_updates_complete
Filters
Introduce automatic_updates_debug_email
Introduce wp_prepare_themes_for_js
External Libraries
Add a copyright notice to zxcvbn (password strength meter) script
Deprecated
screen_icon()
get_screen_icon()
wp_dashboard_incoming_links_output()
wp_dashboard_secondary_output()
wp_dashboard_incoming_links()
wp_dashboard_incoming_links_control()
wp_dashboard_plugins()
wp_dashboard_primary_control()
wp_dashboard_recent_comments_control()
wp_dashboard_secondary()
wp_dashboard_secondary_control()
no_update_actions()
Miscellaneous
Many unused images were removed from core. See the full list
* Switch to 6 branch
* Replace interpreters with REPLACE_*
Changelog:
Version 6.0.0a Dec 14th 2013
Remove wrong warnings from logfile
Fix LDAP authentication
Fix LDAP configuration
Fix Share dialog
Fix migration under certain conditions
Fix database encoding for old PHP versions
Fix select all checkbox
Fix migration with lucene search enabled
Fix migration for postgresql
Version 6.0.0 Dec 11th 2013
User Avatars
Previews in files app and other places
Updated design, less clutter and more whitespace
Public gallery sharing
Activities
Better file conflict handling dialog
Improved public App API
Sharing API
Example Files
Share Email Notifications
New Doctrine based database layer
Plural translations
Refactored OC.dialogs (both code and design wise)
Priorize often used languages in personal-settings language selection
Update jquery to 1.10.0 and add jquery-migrate 1.2.1
Show a summary as the last filelist entry
Improve app-management (more verbose error-messages)
Show ‘More apps’ link to app administration directly in app navigation
Templates for newly created files
Add MB indicator to size column
Google Drive external storage uses a new library
New icons for shared and external folders
File uploads conflicts dialog
Possibility to prepopulate a new users home with a skeleton
Public upload with encryption enabled
Users now can decrypt the files again if their encryption app was enabled
Many quota related fixes
Total used space (with quota) now only counts user’s own files
Many external storage fixes, improved performance
Improved file navigation performance by using Ajax calls (no full page reload for each folder)
The file owner can now also restore deleted shared files
New version drop-down with previews and the ability to downloading versions directly
Changelog:
SeaMonkey-specific changes
Download progress is now shown in the Mac OS X app dock icon.
EXIF orientation is now being used when displaying attached images in MailNews.
"This folder is being processed... to get messages." alerts on active MailNews folders now identify the account or folder.
MailNews notifications have a new look.
See the changes page for a more complete overview.
Mozilla platform changes
All plugins, with the exception of recent Flash plugins, now default to click-to-play.
The password manager now supports script-generated password fields.
Support for H.264 on Linux is now available if the appropriate GStreamer plugins are installed.
Support for MP3 decoding on Windows XP has been added, completing MP3 support across Windows OS versions.
The CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec.
There is no longer a prompt when websites use appcache.
Support for the CSS image orientation property has been added.
IndexedDB can now be used as an "optimistic" storage area so it does not require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage.
When displaying a standalone images, the EXIF orientation information contained within the JPEG image is now matched (bug 298619).
Page load times have been improved due to no longer decoding images that are not visible (bug 847223).
Support for the AudioToolbox MP3 backend has been added on Mac OS X (bug 914479).
Fixed several stability issues.
Fixed in SeaMonkey 2.23
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
fix a few trivial (but nasty) problems of this almost leaf package:
approved by gdt@.
Version 3.2.3 (2013-12-20)
--------------------------
### Fixed
Correctly resize the mediaboxAdvanced in IE11 (see #6504).
### Fixed
Set the correct status header for cached files (see #6585).
### Fixed
Correctly set the empty value depending on the DB field (fixes#6550, #6544).
### Fixed
Prevent saving of detached models (see #6506).
### Fixed
Correctly determine the ACE editor's height (see #6578).
### Fixed
Always fall back to English if a language does not exist (see #6581).
### Fixed
Correctly display repeated events in the event list (see #6555).
### Fixed
Correctly show the available layout columns in the article module (see #6548).
### Fixed
Correctly show the "read more" link in the news list modules (see #6439).
### Updated
Updated html5shiv to version 3.7.0 (see #6543).
### Fixed
Support browsers with both mouse and touch support in the back end (see #6520).
### Fixed
Correctly handle multiple `RadioTable` widgets on the same page (see #6389).
### Fixed
Fixed two issues with the SQL cache (see #6507).
### Fixed
Do not require a redirect page for newsletter channels (see #6521).
### Fixed
Use the related field instead of `id` in the model query builder (see #6540).
contains security fix.)
Since 2.4.0.5
- bugfix: Don't send notification when add mail.
Since 2.4.0.4
- bugfix: Deprecated functions usage.
- bugfix: Emtpy trash can was using a deprecated function with performance issues.
- bugfix: Missing parameters in function invocation.
Since 2.4.0.3
- bugfix: can't delete template task, permission denied.
Since 2.4.0.2
- bugfix: langs customer_folder and project_folder.
- bugfix: can't add contacts from mail.
- bugfix: on activity widget move action don't display.
- bugfix: when create user, notifications break mysql transaction.
Since 2.4.0.1
- bugfix: cron process to emtpy trash can does not delete members asociated to contacts.
Since 2.4.0
- bugfix: tab order fix in quick add task;
- bugfix: issue when create a subtask from task view;
Since 2.4-rc
- fetaure: error message improved when upload limit is reached.
- bugfix: on gantt, names of the tasks were not displayed completely.
- bugfix: on gantt, the time estimation for tasks was not displayed correctly.
- bugfix: date custom properties default value does not use user's timezone.
- bugfix: on people widget add user combo is not ordered by name.
- bugfix: on activity widget dates have gmt errors.
- bugfix: general search allways search for empty string.
- bugfix: url files are not saved correctly when url is not absolute.
- bugfix: imap fetch fixed when last email does not exists in server.
- bugfix: only invite automatically the "filtered user" when adding a new event, not when editing an existing one.
- bugfix: variable member_deleted uninitialized in a cycle, maintains the value of previous iterations and fills the log warnings.
- bugfix: don't display group-mailer button if user doesn't have an email account.
- bugfix: allow mail rules for all incoming messages, useful for autoreplies.
- bugfix: the invitations of the events created on google calendar will have the same special ID of the event.
Since 2.4-beta
- feature: alert users if they have mails in the outbox
- feature: contact custom reports - added columns for address, phones, webpages and im.
- feature: display time estimation in time reports when grouping by tasks
- feature: config option to add default permissions to users when creating a member.
- system: upgrade Swift Mailer from version 4.0.6 to 5.0.1, this improves and solves some issues when sending emails with exchange servers
- bugfix: on user login when save timezone don't change the update_on value
- bugfix: solved an issue when editing a repetitive task and changing its previous repetition value
- bugfix: solved when editing a template task can't remove a dimension member
- bugfix: solved using repeating tasks when applying a template
- bugfix: on tasks and timeslots reports, if grouped by task it diplay milestones
- bugfix: allow the creation of templates in the root (View all)
- bugfix: Users are now shown by default in the People tab.
- bugfix: when printing the task list view, tasks now display their progress and estimation
- bugfix: on general search prevent multiple form submit.
Since 2.3.2.1
- feature: templates have been greatly improved: they have changed completely for good!
- feature: remember selection on total task execution time report
- feature: when sending an email, if a word containing attach is found and no attachment if found, it triggers an alert.
- feature: new user config option to set how many members are shown in breadcrumbs
- feature: update plugins after running upgrade from console.
- feature: add root permission when creating executive or superior users.
- feature: contact edit form has been improved
- bugfix: when uploading avatars, if it is .png and its size is smaller than 128x128 the image is not resized
- bugfix: when sending an mail, the sender is now subscribed to it
- bugfix: when adding a file from an email attachment, its now set to be created by the account owner
- bugfix: reporting pagination fixed
- bugfix: custom reports, csv and pdf export only exports the active page..now it exports everything!
- bugfix: don't collapse task group after performing an action to the task when group is expanded.
- bugfix: email parsing removes enters and some emails were not shown correctly
- bugfix: people widget in french used to cause a syntax error
- bugfix: don't classify email in account's member if conversation is already classified.
- bugfix: task filtering by user has been improved: it loads faster and more accurate
- bugfix: the users selectbox for assignees has been improved: it loads faster and more accurate
- bugfix: check for "can manage contacts" in system permissions if column exists
- bugfix: email parsing does not fetch addresses when they are separated by semicolon
- bugfix: tasks assigned to filter doesn't filter correctly when logged user is an internal collaborator and users can add objects without classifying them.
- bugfix: search result pagination issue
- bugfix: search results ordered by date again
- bugfix: add to searchable objects failed for some emails
- bugfix: custom properties migration fix
- bugfix: feng 1 to feng 2 upgrade improved
- bugfix: style fixes in administration tabs
- bugfix: checkbox in contact tab now is working properly. initially it does not show the users
- bugfix: google calendar sync issue for events with over 100 chars has been solved
- bugfix: contact csv export fixed: when no contact is selected => export all contact csv export fixed
- bugfix: some undefined variables have been defined
- bugfix: some translations that were missing were added
- security: remove xss from request parameters
- performance: search engine has been greatly improved
- other: the search button is disabled until returns the search result
- other: when upgrading to 2.4 the completed tasks from feng 1 will change to 100% in completed percentage
* Build outside WRKSRC, fix build
Changelog:
NEW
All Java plug-ins are defaulted to 'click to play'
NEW
Password manager now supports script-generated password fields
NEW
Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service)
NEW
Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed
CHANGED
Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions
CHANGED
CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec
DEVELOPER
Social API now supports Social Bookmarking for multiple providers through its SocialMarks functionality (see MDN docs)
DEVELOPER
Math.ToFloat32 takes a JS value and converts it to a Float32, whenever possible
DEVELOPER
There is no longer a prompt when websites use appcache
DEVELOPER
Support for the CSS image orientation property
DEVELOPER
New App Manager allows you to deploy and debug HTML5 webapps on Firefox OS phones and the Firefox OS Simulator
DEVELOPER
IndexedDB can now be used as a "optimistic" storage area so it doesn't require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage
FIXED
When displaying a standalone image, Firefox matches the EXIF orientation information contained within the JPEG image (298619)
FIXED
Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 (812695)
FIXED
Improved page load times due to no longer decoding images that aren't visible (847223)
FIXED
AudioToolbox MP3 backend for OSX (914479)
FIXED
Various security fixes
Fixed in Firefox 26
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Version 0.6.6
-----------------
Released on December 6, 2013
- Fix global being passed after command by not expliciting checking
for the 'parents' argument.
on BSD but not on strict POSIX implementations, leading to failures when
building as an unprivileged user in the presence of symlinks.
Fixes recent breakage on SunOS when the '-h' flag was removed for MirBSD.
Changes since 3.0.4:
- A bad interaction between -b, -c and -m in the varnishlog tool
has been fixed.
- A malformed request could in some configurations lead to Varnish
crashing has been corrected. This is CVE-2013-4484.
- Duplicate Content-Length headers were in some cases sent to clients
when streaming is enabled, this has been fixed
- ESI parse errors are no longer printed to standard output.
- Stop segfaulting if the first part of a synthetic page is NULL.
* Bug 3589: intercepted and ICAP modified request using a cache_peer
* OpenBSD portability fix in DiskThreads
* Bug 3935: Invalid pointer dereference when peeking at origin server certificate
* Destroy ACLs in the reverse order of creation to avoid destruction segfaults
* Portability: sleep() is sometimes a macro
* Windows: fix compile errors in WinSvc.cc
* Portability: std::string:npos is not always appropriate for String::npos
* Portability: refresh_pattern requires regex
* librfcnb: portability fixes
Version 3.2.2 (2013-12-09)
--------------------------
### Fixed
Correctly support insert tags nested in shortened "iflng" tags (see #6509).
### Fixed
Do not require a foreign key to define a relation in the DCA (see #6524).
### Fixed
Use UUIDs as parent IDs in `Dbafs::addResource()` (see #6532).
### Fixed
Correctly set the default language (see #6533).
### Fixed
Correctly update the order fields in the database updater (see #6534).
### Fixed
Do not override the "href" property in `addImageToTemplate()` (see #6468).
### Fixed
Correctly handle URLs if page aliases are disabled (see #6502).
### Fixed
Handle UUIDs in `Model::getRelated()` (see #6525).
### Fixed
Hide records with only one version from the "changed elements" overview.
### Fixed
Use an auto-resizing textarea to store CSS selectors.
### Updated
Updated the ACE editor to version 1.1.2.
### Fixed
Prevent the ACE editor from overlapping the modal window (see #6497).
### Fixed
Use the default back end theme when running in safe mode (see #6505).
Squidview is an interactive console program which monitors and displays
squid logs in a nice fashion, and may then go deeper with searching and
reporting functions.
This includes security fixes.
Upstream changes:
-----------------
Tue Dec 3 21:25:56 CET 2013
Security fix: do not read past 0-terminator when unescaping
strings (thanks to Florian Weimer for reporting).
Releasing 0.9.32. -CG
Tue Dec 3 21:05:38 CET 2013
Signaling n times for shutdown works, but for resume we need to
wake up the correct daemon. Even if we signal n times in that
case also, there's no guarantee that some daemon can't run
through its select loop more than once before the daemon we want
to wake up gets a chance to read. Thus we need a signal pipe
per thread in the thread pool IF MHD_suspend_connection is used.
This introduces a new flag MHD_USE_SUSPEND_RESUME to add those
additional pipes and only allow MHD_suspend_connection to be
used in conjunction with this flag.
Also, as MHD_resume_connection() will be called on a non-daemon
thread, but none of the queue insert/delete calls are thread safe,
we need to be concerned about (a) corrupting the queue, and (b)
having to add mutex protection around every access to the queues,
including loops through timer queues, etc. This wasn't a problem
before adding resume; even suspend should be safe since it happens
in a callback from the daemon.
I think it's easier to (a) have MHD_suspend_connection() move the
connection to a suspended queue, (b) have MHD_resume_connection()
mark the connection as resuming, and then (c) do all the actual
queue manipulations in MHD_select (poll, epoll, etc.) to move the
resumed connections back to their normal queues, in response to
the wake up. The changes are simpler & cleaner. There is a cost to
the basic select loop that is avoided by making suspend/resume a
startup option. The per-worker pipes can then also be enabled only
with that option set. -MH
Fri Nov 29 20:17:03 CET 2013
Eliminating theoretical stack overflow by limiting length
of URIs in authentication headers to 32k (only applicable
if the application explicitly raised the memroy limits,
and only applies to MHD_digest_auth_check). Issue was
reported by Florian Weimer. -CG
Tue Nov 26 01:26:15 CET 2013
Fix race on shutdown signal with thread pool on non-Linux
systems by signalling n times for n threads. -CG
Sun Nov 24 13:41:15 CET 2013
Introduce state to mark connections in suspended state (with
epoll); add missing locking operations in MHD_suspend_connection.
Fix definition of MHD_TLS_CONNECTION_INIT. -MH/JC
Wed Oct 30 09:34:20 CET 2013
Fixing issue in PostProcessor when getting partial boundary
at the beginning, expanding test suite. -CG
Sun Oct 27 15:19:44 CET 2013
"work/libmicrohttpd-0.9.32/ChangeLog" 1318L, 46479C
Also, as MHD_resume_connection() will be called on a non-daemon
thread, but none of the queue insert/delete calls are thread safe,
we need to be concerned about (a) corrupting the queue, and (b)
having to add mutex protection around every access to the queues,
including loops through timer queues, etc. This wasn't a problem
before adding resume; even suspend should be safe since it happens
in a callback from the daemon.
I think it's easier to (a) have MHD_suspend_connection() move the
connection to a suspended queue, (b) have MHD_resume_connection()
mark the connection as resuming, and then (c) do all the actual
queue manipulations in MHD_select (poll, epoll, etc.) to move the
resumed connections back to their normal queues, in response to
the wake up. The changes are simpler & cleaner. There is a cost to
the basic select loop that is avoided by making suspend/resume a
startup option. The per-worker pipes can then also be enabled only
with that option set. -MH
Fri Nov 29 20:17:03 CET 2013
Eliminating theoretical stack overflow by limiting length
of URIs in authentication headers to 32k (only applicable
if the application explicitly raised the memroy limits,
and only applies to MHD_digest_auth_check). Issue was
reported by Florian Weimer. -CG
Tue Nov 26 01:26:15 CET 2013
Fix race on shutdown signal with thread pool on non-Linux
systems by signalling n times for n threads. -CG
Sun Nov 24 13:41:15 CET 2013
Introduce state to mark connections in suspended state (with
epoll); add missing locking operations in MHD_suspend_connection.
Fix definition of MHD_TLS_CONNECTION_INIT. -MH/JC
Wed Oct 30 09:34:20 CET 2013
Fixing issue in PostProcessor when getting partial boundary
at the beginning, expanding test suite. -CG
Sun Oct 27 15:19:44 CET 2013
Implementing faster processing of upload data in multipart
encoding (thanks to performance analysis by Adam Homolya). -CG
Thu Oct 24 10:40:03 CEST 2013
Adding support for connection flow control via
MHD_suspend_connection and MHD_resume_connection. -CG
Version 0.6.5
-----------------
Released on December 5, 2013
- Change warning from UserWarning to DeprecationWarning so it is
ignored by default
Version 0.6.4
-----------------
Released on December 5, 2013
- Only pass `parents` argument if a command's `create_parser`
accepts it. Workaround for #71
Changes with nginx 1.4.4 19 Nov 2013
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
Thanks to Ivan Fratric of the Google Security Team.
Changes with nginx 1.4.3 08 Oct 2013
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used with the "client_body_in_file_only"
directive.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "try_files" directive was used with an empty
parameter.
*) Bugfix: the $request_time variable did not work in nginx/Windows.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: in the mail proxy server.
Changes with nginx 1.5.7 19 Nov 2013
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
Thanks to Ivan Fratric of the Google Security Team.
*) Change: a logging level of auth_basic errors about no user/password
provided has been lowered from "error" to "info".
*) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
"scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
*) Feature: the "ssl_session_ticket_key" directive.
Thanks to Piotr Sikora.
*) Bugfix: the directive "add_header Cache-Control ''" added a
"Cache-Control" response header line with an empty value.
*) Bugfix: the "satisfy any" directive might return 403 error instead of
401 if auth_request and auth_basic directives were used.
Thanks to Jan Marc Hoffmann.
*) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
directive were ignored for listen sockets created during binary
upgrade.
Thanks to Piotr Sikora.
*) Bugfix: some data received from a backend with unbufferred proxy
might not be sent to a client immediately if "gzip" or "gunzip"
directives were used.
Thanks to Yichun Zhang.
*) Bugfix: in error handling in ngx_http_gunzip_filter_module.
*) Bugfix: responses might hang if the ngx_http_spdy_module was used
with the "auth_request" directive.
*) Bugfix: memory leak in nginx/Windows.
Changes with nginx 1.5.6 01 Oct 2013
*) Feature: the "fastcgi_buffering" directive.
*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
Thanks to Piotr Sikora.
*) Feature: optimization of SSL handshakes when using long certificate
chains.
*) Feature: the mail proxy supports SMTP pipelining.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.
*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.
*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.
*) Bugfix: in the mail proxy server.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.5 17 Sep 2013
*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
detect protocol reliably.
*) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
*) Feature: now nginx uses EPOLLRDHUP events to detect premature
connection close by clients if the "epoll" method is used.
*) Bugfix: in the "valid_referers" directive if the "server_names"
parameter was used.
*) Bugfix: the $request_time variable did not work in nginx/Windows.
*) Bugfix: in the "image_filter" directive.
Thanks to Lanshun Zhou.
*) Bugfix: OpenSSL 1.0.1f compatibility.
Thanks to Piotr Sikora.
Changes with nginx 1.5.4 27 Aug 2013
*) Change: the "js" extension MIME type has been changed to
"application/javascript"; default value of the "charset_types"
directive was changed accordingly.
*) Change: now the "image_filter" directive with the "size" parameter
returns responses with the "application/json" MIME type.
*) Feature: the ngx_http_auth_request_module.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "try_files" directive was used with an empty
parameter.
*) Bugfix: memory leak if relative paths were specified using variables
in the "root" or "auth_basic_user_file" directives.
*) Bugfix: the "valid_referers" directive incorrectly executed regular
expressions if a "Referer" header started with "https://".
Thanks to Liangbin Li.
*) Bugfix: responses might hang if subrequests were used and an SSL
handshake error happened during subrequest processing.
Thanks to Aviram Cohen.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: in the ngx_http_spdy_module.
* Deep Munge the parameters for GET and POST Fixes CVE-2013-6417
* Stop using i18n's built in HTML error handling. Fixes: CVE-2013-4491
* Escape the unit value provided to number_to_currency Fixes CVE-2013-6415
* Only use valid mime type symbols as cache keys CVE-2013-6414
* Fix more of rev.12660
* Protect aclIsProxyAuth() debugging from NULL names (via NULL AclMatchedName).
* Bug 3972: Segfault when getting the deny info page ID after a reconfigure
* Fix mistake in porting rev.12660
* Bug 3782: Digest authentication not obeying nonce_max_count
* Bug 3970: max_filedescriptors disabled due to missing setrlimit
* Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
* Re-compute Range response content offset after an FTP response was adapted.
* Source Maintenance: re-add snapshot script to branch
* Bug 3960: Dead Peers Are Not Revived
* Windows: Fix aclocal "is already registered" errors
* Windows: Ensure array index is an integer in C code
* Bug 3956: xstrndup: tried to dup a NULL pointer
* Make HTTP header parser obey relaxed_header_parser
* SourceFormat Enforcement
* Replace blocking sleep(3) and close UDS socket on failures.
* Bug 3936: error-details.txt parse error
* Bug 3906: Filedescriptor leaks in SNMP
This release fixes several bugs and adds two new pie charts about the most use top second level domains. It is also possible to do DNS lookup of Ip addresses inside SquidAnalyzer, see UseClientDNSName new configuration directive. This can slow down dramatically the squid-analyzer performances but you can adjust the DNS lookup timeout to prevent waiting slow DNS server, see DNSLookupTimeout new configuration directive.
- Update and fix first and second top level domain name.
- Add new directive DNSLookupTimeout to change the default timeout for
DNS lookup. Add 0.0001 second timeout when SquidAnalyzer look for a DNS
name and can't find a name server.
- Add pie chart of top second level domains.
- Fix some HTML tag issues and table ordering on Top domain hits and Top
url hits.
- Update INSTALL file to remove GD::Graph requirements.
- Change underscore used to replace space in user name by the special
string _SPC_ so that underscore will not be wrongly replaced on HTML
output.
- Fix pt_BR translation with charset to utf-8 and a few words with
accentuation fix.
- Allow Ip addresses on user names to be replaced by their DNS name, this
feature is activated by a new directive: UseClientDNSName.
- Add missing description of --no-year-stat option to documentation and
squid-analyzer usage.
4.58 2013-11-19
- Improved IIS and WebSphere compatibility of Mojo::Message::Request.
- Improved Mojo::Collection to allow join without arguments.
- Improved Mojo::DOM::HTML performance.
- Fixed recursion bug in Mojo::Reactor::EV where timers could run more than
once.
- Fixed a few "0" value bugs in Mojo::DOM::HTML.
Changelog:
Changes with Apache 2.4.7
*) APR 1.5.0 or later is now required for the event MPM.
*) slotmem_shm: Error detection. [Jim Jagielski]
*) event: Use skiplist data structure. [Jim Jagielski]
*) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
and align w/ trunk. [Jim Jagielski]
*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives. [Mike Rumph <mike.rumph oracle.com>]
*) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted. [Jeff Trawick]
*) mod_proxy_fcgi: Handle reading protocol data that is split between
packets. [Jeff Trawick]
*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
*) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]
*) Add experimental cmake-based build system for Windows. [Jeff Trawick,
Tom Donovan]
*) event MPM: Fix possible crashes (third party modules accessing c->sbh)
or occasional missed mod_status updates for some keepalive requests
under load. [Eric Covener]
*) mod_authn_socache: Support optional initialization arguments for
socache providers. [Chris Darroch]
*) mod_session: Reset the max-age on session save. Bug 47476. [Alexey
Varlamov <alexey.v.varlamov gmail com>]
*) mod_session: After parsing the value of the header specified by the
SessionHeader directive, remove the value from the response. Bug 55279.
[Graham Leggett]
*) mod_headers: Allow for format specifiers in the substitution string
when using Header edit. [Daniel Ruggeri]
*) mod_dav: dav_resource->uri is treated as unencoded. This was an
unnecessary ABI changed introduced in 2.4.6. Bug 55397.
*) mod_dav: Don't require lock tokens for COPY source. Bug 55306.
*) core: Don't truncate output when sending is interrupted by a signal,
such as from an exiting CGI process. Bug 55643. [Jeff Trawick]
*) WinNT MPM: Exit the child if the parent process crashes or is terminated.
[Oracle Corporation]
*) Windows: Correct failure to discard stderr in some error log
configurations. (Error message AH00093) [Jeff Trawick]
*) mod_session_crypto: Allow using exec: calls to obtain session
encryption key. [Daniel Ruggeri]
*) core: Add missing Reason-Phrase in HTTP response headers.
Bug 54946. [Rainer Jung]
*) mod_rewrite: Make rewrite websocket-aware to allow proxying.
Bug 55598. [Chris Harris <chris.harris kitware com>]
*) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]
*) ab: Add wait time, fix processing time, and output write errors only if
they occured. [Christophe Jaillet]
*) worker MPM: Don't forcibly kill worker threads if the child process is
exiting gracefully. [Oracle Corporation]
*) core: apachectl -S prints wildcard name-based virtual hosts twice.
Bug 54948 [Eric Covener]
*) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
allow migration of passwords from digest to basic authentication.
[Chris Darroch]
*) ab: Add a new -l parameter in order not to check the length of the responses.
This can be usefull with dynamic pages.
Bug 9945, Bug 27888, Bug 42040 [<ccikrs1 cranbrook edu>]
*) Suppress formatting of startup messages written to the console when
ErrorLogFormat is used. [Jeff Trawick]
*) mod_auth_digest: Be more specific when the realm mismatches because the
realm has not been specified. [Graham Leggett]
*) mod_proxy: Add a note in the balancer manager stating whether changes
will or will not be persisted and whether settings are inherited.
[Daniel Ruggeri, Jim Jagielski]
*) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
[Graham Leggett]
*) core: Add util_fcgi.h and associated definitions and support
routines for FastCGI, based largely on mod_proxy_fcgi.
[Jeff Trawick]
*) mod_headers: Add 'Header note header-name note-name' for copying a response
headers value into a note. [Eric Covener]
*) mod_headers: Add 'setifempty' command to Header and RequestHeader.
[Eric Covener]
*) mod_logio: new format-specifier %S (sum) which is the sum of received
and sent byte counts.
Bug 54015 [Christophe Jaillet]
*) mod_deflate: Improve error detection when decompressing request bodies
with trailing garbage: handle case where trailing bytes are in
the same bucket. [Rainer Jung]
*) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
from ERROR to DEBUG, since these modules do not know what mod_authz_core
is doing with their AUTHZ_DENIED return value. [Eric Covener]
*) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]
*) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]
*) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza <kaluze AT redhat.com>]
*) core: Log a message at TRACE1 when the client aborts a connection.
[Eric Covener]
*) WinNT MPM: Don't crash during child process initialization if the
Listen protocol is unrecognized. [Jeff Trawick]
*) modules: Fix some compiler warnings. [Guenter Knauf]
*) Sync 2.4 and trunk
- Avoid some memory allocation and work when TRACE1 is not activated
- fix typo in include guard
- indent
- No need to lower the string before removing the path, it is just a waste of time...
- Save a few cycles
[Christophe Jaillet <christophe.jaillet wanadoo.fr>]
*) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
to remove a providers initial flags set at registration time.
[Eric Covener]
*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
[Graham Leggett]
*) Makefile.win: Install proper pcre DLL file during debug build install.
Bug 55235. [Ben Reser <ben reser org>]
*) mod_ldap: Fix a potential memory leak or corruption. Bug 54936.
[Zhenbo Xu <zhenbo1987 gmail com>]
*) ab: Fix potential buffer overflows when processing the T and X
command-line options. Bug 55360.
[Mike Rumph <mike.rumph oracle.com>]
*) fcgistarter: Specify SO_REUSEADDR to allow starting a server
with old connections in TIME_WAIT. [Jeff Trawick]
*) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
used without patches to httpd core. [Stefan Fritsch]
*) support/htdbm: fix processing of -t command line switch. Regression
introduced in 2.4.4
Bug 55264 [Jo Rhett <jrhett netconsonance com>]
[Apache 2.3.0-dev includes those bug fixes and changes with the
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
*) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
Changes with Apache 2.0.x and later:
*) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
* pkgsrc change: drop optional php-tidy package requirement from MESSAGE.
Version 3.2.1 (2013-11-29)
--------------------------
### Updated
Updated TinyMCE to version 3.5.10 to fix the IE11 issues (see #6479).
### Fixed
Optionally override the repository tables when importing a template (see #6470).
### Fixed
Only do the UUID conversion once even if the `Database\Updater` helper methods
are called multiple times (see #6481).
### Fixed
Correctly toggle the mobile/desktop view (see #6227).
### Fixed
Correctly detect UUIDs in the "file" insert tag (see #6472).
### Fixed
Correctly assign images to FAQs (see #6465).
### Fixed
Improved the speed and memory footprint of the news archive menu (see #6463).
### Fixed
Removed `CalendarEventsModel::findBoundaries()` (see #6467).
Changelog:
The Apache Tomcat Project is proud to announce the release of version 7.0.47 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.42. The notable changes include:
Back-port the JSR-356 Java WebSocket 1.0 implementation from Apache Tomcat 8. Note that use of this functionality requires Java 7.
Deprecate the Apache Tomcat proprietary WebSocket API in favour of the new JSR-356 implementation.
Add a drawing board example to the WebSocket examples.
The minimum required APR/native library version required if the APR/native connector is used is now 1.1.29.
Upstream changes:
0.038 2013-11-18 12:56:26 America/New_York
[FIXED]
- Fixed a bug where authentication parameters in the URL would override
an existing Authorization header
0.037 2013-10-28 13:26:21 America/New_York
[FIXED]
- Basic authentication in the URL is now unescaped before being encoded
into the authentication header
[DOCUMENTED]
- Added HTTP::Tiny::UA to SEE ALSO and suggested it as the appropriate
place for new features
0.036 2013-09-25 12:10:06 America/New_York
[FIXED]
- Compile test could hang on Windows
[PREREQS]
- Dropped configure_requires for ExtUtils::MakeMaker to 6.17
[META]
- Updated support files
0.035 2013-09-10 12:29:28 America/New_York
[CHANGED]
- Encoded from data from 'post_form' preserves term order if data is
provided as an array reference. (They are still sorted for consistency
if provided as a hash reference.)
* Add mozilla-chatzilla option for chatzilla (and some JavaScript
development tools, I cannot separate them.)
Changelog:
Fixed in SeaMonkey 2.22.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
* Fix MESSAGE for sqlite3
Changelog:
Version 5.0.13 Nov 8th 2013
SECURITY: Fix a possible security bypass on admin page under certain circumstances and MariaDB
Correctly update database schema during app update
Fix automatic login rejecion error message
Several Oracle fixes
Fixing serverroot/webroot calculation
Adding detection for aborted uploads for chunked uploads
Fixing directory handling that end with a space
Fixing home storage handling
Allow to share a file/folder as public link also if one of it parents was already shared as link
Fix search in shared folders
Fix check for uploads into Shared folder
Several Shared folder handling fixes
Prefere them PNGs over core SVGs
Fall back to default log file of specified logfile doesn't exist
Several IE fixes
Fix LDAP login for certain circumstances
Fixed chunk size calculation for encrypted files
Fix recursive delete for smb
Fix using touch for creating files for smb
Support OCS Share API
Fix updating ETAGs
Don't write user passwords into logfile
Enable configuration of timezones for logfile timestamps
Cleanup share database table for files that no longer exist
Adding privilege check on move and rename operations
Contao Open Source CMS.
Contao is an Open Source Content Management Framework developed by Leo Feyer
and distributed under the LGPL license (see GPL.txt and LGPL.txt for more
information). It was formerly known as TYPOlight Open Source CMS.
Its open architecture allows everybody to extend the system to fit his
needs. Contao specializes in accessible websites and is accessbile
itself (front end and back end), rendering valid HTML5 or XHTML pages.
Changelog:
FIXED
Update branches that use 4.10 RTM to 4.10.2 RTM (see 935568)
FIXED
Update Mozilla to NSS 3.15.3 (new alternative NSS branch) to pick up a few fixes (see 935959)
FIXED
Some UI strings in Firefox 24.1.0 ESR l10n builds are in English (see 932310)
Changelog:
FIXED
25.0.1: New security fixes can be found here
FIXED
25.0.1: Pages sometimes wouldn't load without first moving the cursor
Fixed in Firefox 25.0.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
Version 2.11.13 (2013-11-19)
----------------------------
### Fixed
Sort the list of available modules (see #6391).
### Fixed
Decode entities in passwords (see #6252).
### Fixed
Replace insert tags in the details view of the listing module (see #6120).
Upstream changes:
Highlights
MDL-41252 - Accessibility improvements to course page.
MDL-34209 - Moving sections by drag and drop reorders sections correctly.
MDL-29987 - Embedded PDF files behave correctly.
Functional changes
MDL-42069 - Option to sort by last name in Quiz grading report.
MDL-38267 - Submit button is not shown after cut-off date in Assignment.
MDL-22669 - When restoring a larger course over a smaller one, the number of sections is maintained.
MDL-42666 and MDL-42668 - The Box.net repository and Box.net portfolio have been updated to use Box.net API v2. Moodle sites which have used the Box.net repository previously need to run the Box.net-alias-to-copy-conversion tool as soon as possible. Also, HTTPS is now required for sites to access Box.net. See Box.net APIv1 migration for details.
API changes
MDL-41861, MDL-41882, MDL-41853,... - Generator tools have been backported.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-32862 - Links to 1.9 resource types work after upgrade to 2.2 followed by backup and restore.
MDL-40903 - Persistent cache is now split into logical parts.
MDL-41942 - Courses in categories no longer become invisible due to caching problem.
MDL-41352 - Mymobile theme no longer producing JavaScript error on course pages.
MDL-37528 - Block drag-and-drop issue resolved.
MDL-42542 - The Portfolio cron job is now working.
MDL-42619 - Error deleting a course link from the community block is fixed.
MDL-37877 - Automated backup failure is now reported.
Changelog:
Fixed in Firefox ESR 17.0.10
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Among others, this changes using crypto:sha() to crypto:hash() for Erlang
that is new enough.
Bugfixes in pam, sendfile, generation of mime_types.erl
Other changes in the area of Webdav, sendfile, embedded mode, rebar
support, ssl options.
Optimization in ssi code.
Simplified default project and app templates
Improved transaction management
Persistent database connections
Discovery of tests in any test module
Time zone aware aggregation
Support for savepoints in SQLite
BinaryField model field
GeoDjango form widgets
check management command added for verifying compatibility
Model.save() algorithm changed
Minor features
Upstream changes:
4.57 2013-11-11
- Improved compatibility with IO::Socket::SSL 1.957.
- Fixed error event bug in Mojo::IOLoop::Delay.
4.56 2013-11-09
- Fixed backspace escaping bug in Mojo::JSON. (ig3)
4.55 2013-11-07
- Fixed Windows bug in "daemon.t".
4.54 2013-11-07
- Added parts attribute to Mojo::Home.
- Fixed keep alive connection timeout bug in Mojo::UserAgent.
- Fixed support for links within a page in Mojolicious::Plugin::PODRenderer.
- Fixed home detection bug in Mojo.
WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.
This package is WordPress of Japanese localized version.
It has Japanese locale file and some extension/modification for
website written in Japansese people, and for website located in Japan.
digiKam 3.5.0 - Release date: 2013-09-29
NEW FEATURES:
General : new RAW cameras supported : Richon GR, Panasonic LF1,
Canon EOS 70D, Sony RX100II, Sony RX1R, Olympus E-P5.
BUGFIXES FROM KDE BUGZILLA (alias B.K.O | http://bugs.kde.org):
001 ==> Removing tags limited to 250 selected pictures.
002 ==> Kipi-plugins cannot be deselected or digiKam not reading digikamrc.
003 ==> undo/redo does not take effect in the image.
004 ==> Feature request: Setting in digiKam to only detect faces, not
trying to recognize them automatically.
005 ==> digiLam crashed when validating face tag with button.
Changes:
Version 3.7:
* Background Updates
- Automatic updates for maintenance and security updates.
- Daily updates for developers using nightly builds.
* Stronger Password Meter
- New password meter to encourage users to choose stronger passwords.
* Improved Search
- More relevant search results.
* Better Global Support
- Localized versions will receive faster and more complete translations.
- Background updates will include translations
More info on http://codex.wordpress.org/Version_3.7
Version 3.7.1:
- Images with captions no longer appear broken in the visual editor.
- Allow some sites running on old or poorly configured servers to continue to check for updates from WordPress.org.
- Avoid fatal errors with certain plugins that were incorrectly calling some WordPress functions too early.
- Fix hierarchical sorting in get_pages(), exclusions in wp_list_categories(), and in_category() when called with empty values.
- Fix a warning that may occur in certain setups while performing a search, and a few other notices.
More info on http://codex.wordpress.org/Version_3.7.1
Version 3.1.5 (2013-11-08)
--------------------------
### Fixed
Correctly handle shorthand byte values (see #6345).
### Fixed
Also update the sitemap if a news/event feed is updated (see #5727).
### Fixed
Correctly sort by date in the listing module (see #5609).
### Fixed
Correctly handle the autologin key if a member is duplicated (see #5945).
### Fixed
Correctly export pages as PDF (see #6317).
* Add forgotten patch for NetBSD's cpuset(3), fix build
* Use __fstat50 etc instead of fstat on NetBSD. Based on martin@'s patch
for firefox 27.0.
Restore session is recovered on NetBSD/amd64.
* kerberos_ldap_group: fix LDAP string duplication
* Avoid "hot idle": A series of rapid select() calls with zero timeout.
* Bug 3887: tcp_outgoing_tos not working for IPv6
* Fix cbdata 'error: expression result unused' errors
* Have testRock use cachemgr stubs
* Bug 3836: Fix issues with automake 1.13 and later and make check (extra)
* Bug 3836: Fix issues with automake 1.13 and later and make check
* Append Connection:close to OPTIONS requests when icap_persistent_connections is off.
* Add cache_miss_revalidate
* Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
* Fix CBDATA_CLASS2 macro definition
* libntlmauth: Fix string field truncation
* ntlm_fake_auth: pass DOMAIN data to Squid in original case
* Fix SQUID_CC_CHECK_ARGUMENT autoconf macro
* Polish: better WARNING when workers directive is ignore on reconfigure.
* Use IPv6 localhost nameserver on DNS configuration errors
* Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
* Polish: report bytes received when bad content-length detected by quick-abort
* Bug 3918: Squid 3.3.9 Self Test Failures on Mac OS X 10.8
* Bug 3929: request_header_add not working for tunnel requests
* Fix pinning hierarchy log information
* Close idle client connections associated with closed idle pinned connections.
Changelog:
SeaMonkey-specific changes
Sorting messages by date can now be configured to look at the thread root instead of the newest message in it (pref: mailnews.sort_threads_by_root).
Plugins doorhangers now allow to activate different plugin types independently.
The proxy popup is now also available from the MailNews main window.
A new Recipients column has been added that shows all recipients (To, CC, BCC).
The default HTML5 audio/video player controls allow to change the playback rate now.
A "Validate this page" entry has been added to Tools/Web Development.
The Firefox devtools debugger can now be used to debug SeaMonkey remotely.
See the changes page for a more complete overview.
Mozilla platform changes
Web Audio support has been added.
CSS3 background-attachment:local support to control background scrolling has been implemented.
Many new ES6 functions have been implemented.
iframe document content can now be specified inline.
Fixed several stability issues.
Fixed in SeaMonkey 2.22
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
* Disable if test "A" = "A"; then fi test
SYntax error on SmartOS
* build is fine on SmartOS, hopefully other SunOS,
but I cannot confirm functionality now
