ChangeLog:
4.34 - Sunday, July 13, 2008
* SECURITY: Patch CGI::Session::Driver::file to stop \ and / characters being used in
session ids and hence in file names. These characters, possibly combined with '..',
could have been used to access files outside the designated session file directory.
Reported by TAN Chew Keong of vuln.sg.
* FIX: Patch CGI::Session to propagate error upwards when _load_pluggables() fails.
See RT#37628 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490198.
* INTERNAL: Ship a machine-readable version of this file under the name Changelog.ini.
The latter file is generated by ini.report.pl, which is shipped with Module::Metadata::Changes.
The reason Changelog.ini does not contain a separate section for each version in this file
is that some of the versions documented below have no datestamp, and ini.report.pl does not create
fake datestamps.
4.33 - Monday, July 7, 2008
* FIX: Patch CGI::Session::Driver::mysql to replace 'REPLACE INTO ...' with
'INSERT INTO ... ON DUPLICATE KEY UPDATE ...'. See RT#37069.
Thanks to Steve Kirkup for the patch. I (Ron) installed MySQL V 5.0.51a for testing.
Note: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html and similar docs
list various MySQL errors fixed recently for the above new syntax. Also, the new version
is now much more like the Postgres code, which is another reason it has been adopted.
* FIX: t/mysql.t used to test setting the global variable $CGI::Session::MySQL::TABLE_NAME.
The test for this (in t/mysql.t) was introduced in V 4.00_09.
However, since V 4.29_1, changes to CGI::Session::Driver's new() method mean
this way of setting the session table's name no longer works, and so the variable
$CGI::Session::MySQL::TABLE_NAME is now not used. Hence it has been removed.
Code in CGI::Session::Driver::DBI used to set $class::TABLE_NAME for all database drivers.
This code has also been removed. Moral: Don't use global variables.
Call $session = CGI::Session -> new(..., ..., (TableName => 'new_name'}) or,
after creating the object, call $session -> table_name('new_name').
To retrieve the name, call $name = $session -> table_name().
4.32 - Tuesday, June 17, 2008
* FIX: Packaging of 4.31 release was botched.
4.31 - Tuesday, June 10, 2008
* FIX: Patch CGI::Session::Driver::DBI to check that the DBI handle still exists before trying
to ping it. This handles the case where the DBI object is destroyed before the session object.
See RT#35925.
* FIX: Patch CGI::Session::Driver::DBI's remove() which still hard-coded the column name 'id' instead
of using the new feature which allows the user to specify the name of the column. See RT#36235.
* FIX: Patch POD yet again to emphasize that an explicit call to destroy() should be followed by
explicit call to flush(), in particular in the case where the program is not exiting and
hence auto-flushing is not activated. Sections patched are 'A Warning about Auto-flushing'
and the docs for delete(). See RT#34668.
4.30 - Friday, April 25, 2008
* FIX: Patch POD for CGI::Session in various places, to emphasize even more that auto-flushing is
unreliable, and that flush() should always be called explicitly before the program exits.
The changes are a new section just after SYNOPSIS and DESCRIPTION, and the PODs for flush(),
and delete(). See RT#17299 and RT#34668
* NEW: Add t/new_with_undef.t and t/load_with_undef.t to explicitly demonstrate the effects of
calling new() and load() with various types of undefined or fake parameters. See RT#34668
* FIX: Patch POD for new() and load() to clarify the result of calling these with undef, or with
an initialized CGI object with an undefined or fake CGISESSID. See RT#34668.
Specifically: You are strongly advised to run the old-fashioned
'make test TEST_FILES=t/new_with_undef.t TEST_VERBOSE=1' or the new-fangled
'prove -v t/new_with_undef.t', for both new*.t and load*.t, and examine the output
* FIX: Patch POD in various tiny ways to improve the grammar
4.29_2 - Thursday, March 27, 2008
* FIX: stop ExtUtils::MakeMaker trying to create Build.PL (Ron Savage)
* FIX: Disable trying to use utf8 in tests. (Ron Savage) Ref RT#21981, RT#28516
4.29_1 - Saturday, March 15, 2008
Special Thanks to Ron Savage who did the bulk of the work to put this release together.
* FIX: Patch CGI::Session to fix RT#29138 (Patch by Barry Friedman)
* NEW: Add a note to CGI::Session's POD referring to utf8 problems, and include references
to RT#21981 (Reported by erwan) and RT#28516 (Reported by jasoncrowther)
* FIX: Patch CGI::Session::Driver::DBI.pm to fix RT#24601 (Patch by latypoff)
* FIX: Patch CGI::Session::Driver::DBI.pm to fix RT#24355 (Reported by fenlisesi, patch by Ron Savage)
* NEW: Add t/bug24285.t to ensure session data files are created properly when the user specifies a
directory other than /tmp (Reported by William Pearson RT#24285, patch by Ron Savage)
* FIX: Patch t/ip_matches.t and t/bug21592.t to remove test files left in /tmp, to fix RT#29969
(Reported by ANDK, patch by Ron Savage)
* FIX: Patch POD for CGI::Session::Driver::file to clarify how to use the option to change the
file name pattern used to created session files (Report by appleaday RT#33635,
patch by Ron Savage)
* FIX: Patch CGI::Session::Driver::sqlite to add sub DESTROY to fix RT#32932
(Patch by Alexander Batyrshin, corrected by Ron Savage)
* FIX: Remove CGI::Session::Seralize::json and t/g4_dbfile_json.t until such time as this code
can be made to work reliably. Both JSON::Syck and JSON::XS have been tried, and in both
cases t/g4_dbfile_json.t dies horribly (but differently). Patch POD for CGI::Session to
remove references to JSON. RT#25325 (Reported by bkw, patch by Ron Savage)
* NEW: Patch CGI::Session's POD and load() to allow the session/cookie name default of CGISESSID
to be overridden. (Patch by Lee Carmichael RT#33437, reformatted by Ron Savage). Lee has
also patched t/name.t to test the new functionality
* NEW: Split CGI::Session::Serialize::yaml out into its own distro. Get it hot from CPAN!
* NEW: Add Build.PL for Module::Build users. This also requires adding PL_FILES => {}
to Makefile.PL to beat ExtUtils::MakeMaker over the head, otherwise it executes
'perl Build.PL Build'
* NEW: Support specification of both the id column name and the a_session column name in the
sessions table, by extending the options acceptable in CGI::Session->new(..,..,{here}).
Allow: {TableName => 'session', IdColName => 'my_id', DataColName => 'my_data'}.
Default: {TableName => 'sessions', IdColName => 'id', DataColName => 'a_session'}.
Allow any 1, 2 or 3 of these options. Missing keys default as specified.
(Patch by Chris RT#2224. Implemented differently by Ron Savage). Supported drivers:
o MySQL (native to CGI::Session)
o ODBC (separate distro, CGI::Session::Driver::odbc V 1.01)
o Oracle (separate distro, CGI::Session::Driver::oracle V 1.01)
o Postgres (native)
o SQLite (native)
* Fixed several security issues.
* Fixed several stability issues.
* Fixed an issue where the phishing and malware database did not update on first launch.
* Under certain circumstances, Firefox 3.0 did not properly save the SSL certificate exceptions list.
* Updated the internal Public Suffix list.
* In certain cases, installing Firefox 2 in the same directory in which Firefox 3 has been installed resulted in Firefox 2 being unstable. This issue was fixed as part of Firefox 2.0.0.15.
* Fixed an issue where, when printing a selected region of content from the middle of a page, some of the output was missing (bug 433373).
* Fixed a Linux issues where, for users on a PPP connection (dialup or DSL) Firefox always started in "Offline" mode (bug 424626).
* Updated translations.
* Fix album display for folders which do not contain any images. This fixes
8212.
* Fix invalid redirect in default view for comments.
* Update the sharing page:
o never reindex more than once when making changes.
o modify the search button to only search. Previously it would also
apply all changes in addition to doing a search.
o do nothing if the form is submitted but no changes were made.
o handle invalid LDAP or OpenID users correctly.
* Update Archetypes:
o use Content-Disposition instead of Content-disposition as HTTP
header for downloads. Fixes problems with MS Internet Explorer 6,
which appears to be case sensitive contrary to standards.
o Add a new viewlet manager which allows adding of content at the
bottom of content edit views.
o Add an option to the reference field to also copy references when
copying an object.
* Update reference browser widget:
o Make it possible to remove references for single-reference fields.
o Add a new property 'startup_directory_method' to use a callable
to determine the startup directory.
o Inserted references were not checked by default on Internet Explorer
7. This fixes 7936.
o Added a new property 'hide_inaccessible'. When set all items for
which the user has no View permission are hidden.
* Add a 'random items' option to the collection portlet.
* Update GenericSetup import steps at each point when loading multiple
profiles. Fixes CMF bug 213905.
* Fix group handling to use group introspection PAS plugins, making it
possible to ask, for example, LDAP groups for their members.
* Fix user search to honour the order of user enumeration PAS plugins
and correctly merge search results.
* Add support for po files inside i18n folders in Python packages.
They need to registered as a Zope2 product but don't need to be in
the Products.* namespace anymore.
* Do not create redirects for temporary URLs used while creating a new
content object. This fixes 8260 and part of 7278.
* Update viewlets to use the 'index' attribute rather than 'render' for
setting viewlet templates. This allows them to be overriden using the
'template' ZCML attribute.
* Do not show the display menu if it is disabled.
* Add an actionMenuSelected class to selected menu items.
* Standardize the rendering of the title in the folder contents template.
* Fix a problem with disappearing security context for customized
browser views.
* Make it possible to customize viewlet and portlet templates registered
with the same name for multiple browser layers.
* Correctly handle objects with a space in their id in the broken-link-checker.
Updated packages and products
* Archetypes 1.5.9
* Products.ATReferenceBrowserWidget 2.0.2
* Products.CMFPlone 3.1.3
* Products.CMFQuickInstallerTool 2.1.6
* Products.GenericSetup 1.4.1
* Products.PlacelessTranslationService 1.4.12
* Products.PlonePAS 3.6
* Products.PloneTranslations: 3.1.3
* five.customerize 0.3
* plone.app.content 1.1.3
* plone.app.contentmenu 1.1.3
* plone.app.customerize 1.1.1
* plone.app.layout 1.1.3
* plone.app.linkintegrity 1.0.10
* plone.app.portlets 1.1.3
* plone.app.redirector 1.0.9
* plone.app.workflow 1.1.3
* plone.fieldsets 1.0.2
* plone.portlet.collection 1.1.3
* plone.session 2.0
Security fixes in this version:
MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
MFSA 2008-34 Remote code execution by overflowing CSS reference counter
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.16/releasenotes/
Handel is a cart/order/checkout framework with AxKit taglib support,
TT2 (Template Toolkit) support and Catalyst::Helper support. It
was created for the conversion of an IIS/ASP based commerce site
to Apache/ModPerl, but I decided that it might be useful to others
so here it is.
For the curious, Handel is German for commerce.
Catalyst is an elegant MVC Web Application Framework. Test::WWW::Mechanize
is a subclass of WWW::Mechanize that incorporates features for web
application testing. The Test::WWW::Mechanize::Catalyst module
meshes the two to allow easy testing of Catalyst applications
without starting up a web server.
Testing web applications has always been a bit tricky, normally
starting a web server for your application and making real HTTP
requests to it. This module allows you to test Catalyst web
applications but does not start a server or issue HTTP requests.
Instead, it passes the HTTP request object directly to Catalyst.
Thus you do not need to use a real hostname: "http://localhost/"
will do.
This is an implementation of CatalystX::CRUD::Controller for
Rose::HTML::Objects. It supercedes Catalyst::Controller::Rose for
basic CRUD applications.
Catalyst is an elegant web application framework, extremely flexible yet
extremely simple. It's similar to Ruby on Rails, Spring (Java) and
Maypole, upon which it was originally based.
Catalyst follows the Model-View-Controller (MVC) design pattern, allowing
you to easily separate concerns, like content, presentation and flow control,
into separate modules. This separation allows you to modify code that handles
one concern without affecting code that handles the others. Catalyst promotes
re-use of existing Perl modules that already handle common web application
concerns well.
Serve static files with Catalyst. This module is not as optimized
for static files as a normal web server, and is most useful for
stand alone operation and development.
This plugin will enhance the standard Catalyst debug screen by including
a stack trace of your appliation up to the point where the error
occurred. Each stack frame is displayed along with the package name,
line number, file name, and code context surrounding the line number.
WWW: http://search.cpan.org/dist/Catalyst-Plugin-StackTrace/
Catalyst::Plugin::Session::Store::File is an easy to use storage
plugin for Catalyst that uses an simple file to act as a shared
memory interprocess cache. It is based on Cache::FileCache.
Catalyst::Plugin::Session::Store::FastMmap is a fast session storage
plugin for Catalyst that uses an mmap'ed file to act as a shared
memory interprocess cache. It is based on Cache::FastMmap.
This Catalyst::Plugin::Session storage module saves session data
in your database via DBIx::Class. It's actually just a wrapper
around Catalyst::Plugin::Session::Store::Delegate; if you need
complete control over how your sessions are stored, you probably
want to use that instead.
In order for Catalyst::Plugin::Session to work the session ID needs
to be stored on the client, and the session data needs to be stored
on the server.
This plugin stores the session ID on the client using the cookie
mechanism.
The Session plugin is the base of two related parts of functionality
required for session management in web applications.
The first part, the State, is getting the browser to repeat back a
session key, so that the web application can identify the client and
logically string several requests together into a session.
The second part, the Store, deals with the actual storage of information
about the client. This data is stored so that the it may be revived for
every request made by the same client.
This plugin links the two pieces together.
WWW: http://search.cpan.org/dist/Catalyst-Plugin-Session/
This module will attempt to load find and load a configuration file
of various types. Currently it supports YAML, JSON, XML, INI and
Perl formats. Special configuration for a particular driver format
can be stored in
MyApp->config->{ 'Plugin::ConfigLoader' }->{ driver }.
Role based access control is very simple: every user has a list of
roles, which that user is allowed to assume, and every restricted part
of the app makes an assertion about the necessary roles.
If the user is a member in all of the required roles access is granted.
Otherwise, access is denied.
WWW: http://search.cpan.org/dist/Catalyst-Plugin-Authorization-Roles/
This plugin uses a Rose::DB::Object object to authenticate an user.
It is based on Catalyst::Plugin::Authentication::Store::DBIC. Please
read there for a much better description.
The authentication plugin provides generic user support. It is the basis
for both authentication (checking the user is who they claim to be), and
authorization (allowing the user to do what the system authorises them
to do).
WWW: http://search.cpan.org/dist/Catalyst-Plugin-Authentication/
This is the Catalyst manual
Catalyst is a web application framework. This means that you use
it to help build applications that run on the web, or that run
using protocols used for the web. Catalyst is designed to make it
easy to manage the various tasks you need to do to run an application
on the web, either by doing them itself, or by letting you "plug
in" existing Perl modules that do what you need.
The Catalyst::Devel package includes a variety of modules useful
for the development of Catalyst applications, but not required to
run them. This is intended to make it easier to deploy Catalyst
apps. The runtime parts of Catalyst are now known as Catalyst::Runtime.
Catalyst::Devel includes the Catalyst::Helper system, which
autogenerates scripts and tests; Module::Install::Catalyst, a
Module::Install extension for Catalyst; and requirements for a
variety of development-related modules. The documentation remains
with Catalyst::Runtime.
This base controller merges the functionality of CGI::FormBuilder
with Catalyst and the following templating systems: Template Toolkit,
Mason and HTML::Template. This gives you access to all of FormBuilder's
niceties, such as controllablefield stickiness, multilingual support,
and Javascript generation. For more details, see CGI::FormBuilder
or the website at:
http://www.formbuilder.org
This plugin lets you put your lexicals on the stash and elsewhere
very easily.
It uses some funky modules to get it's job done: PadWalker,
Array::RefElem, Devel::Caller, Devel::LexAlias and attributes. In
some people's opinion this hurts this plugin's reputation ;-).
If you use the same name for two variables with the same storage
binding attribute they will be aliased to each other, so you can
use this for reading as well as writing values across controller
subs. This is almost like sharing your lexical scope.
sub bar : Local {
my ( $self, $c ) = @_;
my $x : Stashed;
my %y : Stashed;
$x = 100;
do_something( $c->stash->{x} ); # 100
$c->forward("gorch");
}
Models and Views don't usually have access to the request object,
since they probably don't really need it. Sometimes, however, having
the request context available outside of Controllers makes your
application cleaner. If that's the case, just use this module as
a base class:
package MyApp::Model::Foobar;
use base qw|Catalyst::Component::ACCEPT_CONTEXT Catalyst::Model|;
Then, you'll be able to get the current request object from within
your model:
sub do_something {
my $self = shift;
print "The current URL is ". $self->context->req->uri->as_string;
}
The final rendering action for the Catalyst web framework.
This action implements a sensible default end action, which will
forward to the first available view, unless status is set to 3xx,
or there is a response body. It also allows you to pass dump_info=1
to the url in order to force a debug screen, while in debug mode.
If you have more than one view, you can specify which one to use
with the default_view config setting (see Catalyst's $c->view($name)
method).
Rose::URI is an alternative to URI. Important differences include:
Rose::URI provides a rich set of query string manipulation methods.
Query parameters can be added, removed, and checked for their
existence. URI allows the entire query to be set or returned as a
whole via the query_form or query methods, and the URI::QueryParam
module provides a few more methods for query string manipulation.
Rose::URI supports query parameters with multiple values (e.g.
"a=1&a=2"). URI has limited support for this through query_form's
list return value. Better methods are available in URI::QueryParam.
Rose::URI uses Apache's C-based URI parsing and HTML escaping
functions when running in a mod_perl 1.x web server environment.
Rose::URI stores each URI "in pieces" (scheme, host, path, etc.)
and then assembles those pieces when the entire URI is needed as
a string. This technique is based on the assumption that the URI
will be manipulated many more times than it is stringified. If this
is not the case in your usage scenario, then URI may be a better
alternative.
This Field class extends Rose::HTML::Objects RadioButtonGroup
for boolean-type fields. The default labels are True and False,
paired with values 1 and 0 respectively.
This subclass of Rose::HTML::Form::Field::Text is intended to make
it easier to integrate Ajax autocompletion into your web applications.
You define a URL where your web application can find suggested
values for the field, and optionally, a limit on the number of
suggestions returned by the server.
This subclass is expected to be used with
Catalyst::Controller::Rose::Autocomplete but that is not required.
The Rose::HTML::Object::* family of classes represent HTML tags,
or groups of tags. These objects allow HTML to be arbitrarily
manipulated, then serialized to actual HTML (or XHTML). Currently,
the process only works in one direction. Objects cannot be constructed
from their serialized representations. In practice, given the
purpose of these modules, this is not an important limitation.
Any HTML tag can theoretically be represented by a
Rose::HTML::Object-derived class, but this family of modules was
originally motivated by a desire to simplify the use of HTML forms.
The form/field object interfaces have been heavily abstracted to
allow for input and output filtering, inflation/deflation of values,
and compound fields (fields that contain other fields). The classes
are also designed to be subclassed. The creation of custom form
and field subclasses is really the "big win" for these modules.
There is also a simple image tag class which is useful for
auto-populating the width and height attributes of img tags. Future
releases may include object representations of other HTML tags.
Contributions are welcome.
* Don't wrap root plugins to system locations, keep them private
* Fix support for Acrobat Reader 8 (focus problems)
* Fix support for mozplugger (in full-debug mode)
* Fix support for WebKit
* Fix crashes with Flash Player 9 Update 3 (9.0.115)
* Fix build with Intel compiler
* Add support for IBM XLC compiler
* Improve error handling during RPC initialization (possible memory leak
on error)
* Improve error handling in NPP_WriteReady() and NPP_Write()
Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
MFSA 2008-20 Crash in JavaScript garbage collector
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.10/
Trac-0.10.5-ja-1 (Jun 23, 2008)
* Merge trac-0.10.5
* Update to current statement.
* COPYING.trac-ja
* README.trac-ja
* wiki-default/TracJa
Trac 0.10.5 (Jun 23, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.5
Trac 0.10.5 contains two security fixes and a couple of bug fixes.
The following list contains only a few highlights:
* Fixes a cross-site redirection vulnerability in the quickjump function
reported by Russ McRee.
* Fixes a wiki engine XSS vulnerability found by Nathan Collins.
* Added PostgreSQL 8.3 support.
* Fixes FineGrainedPermissions for scoped repositories.
* Fixes problem with repository syncing raising exceptions.
The complete list of closed tickets can be found here:
http://trac.edgewall.org/query?status=closed&milestone=0.10.5
very minor update.
Trac 0.10.5 (Jun 23, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.5
Trac 0.10.5 contains two security fixes and a couple of bug fixes.
The following list contains only a few highlights:
* Fixes a cross-site redirection vulnerability in the quickjump function
reported by Russ McRee.
* Fixes a wiki engine XSS vulnerability found by Nathan Collins.
* Added PostgreSQL 8.3 support.
* Fixes FineGrainedPermissions for scoped repositories.
* Fixes problem with repository syncing raising exceptions.
The complete list of closed tickets can be found here:
http://trac.edgewall.org/query?status=closed&milestone=0.10.5
Part of patch-af has been fixed upstream.
Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
two security fixes:
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
Changes to squid-2.6.STABLE21 (27 June 2008)
- Bug #2350: Bugs in Linux kernel capabilities code
- Bug #2241: weights not applied properly in round-robin peer
selection
- Off by one error in DNS label decompression could cause valid DNS
messages to be rejected
- logformat docs contain extra whitespace
- Reject ridiculously large ASN.1 lengths
- Fix SNMP reporting of counters with a value > 0xFF80000
- Correct spelling of WCCPv2 dst_port_hash to match the source
- Plug some "squid -k reconfigure" memory leaks. Mostly SSL related.
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
- Bug #2376: Round-Robin becomes unbalanced when a peer dies and comes
back
- Bug #2387: The calculation of the number of hash buckets need to
account for the memory size, not only disk size
- Bug #2393: DNS requests retried indefinitely at full speed on failed
TCP connection
- Bug #2393: DNS retransmit queue could get hold up
- Correct socket syscalls statistics in commResetFD()
This is a new major release of the popular Firefox browser from Mozilla.
Based on Gecko 1.9, it brings improvements in the areas of performance,
stability, rendering correctness, security, usability and more.
Release notes: http://www.mozilla.com/en-US/firefox/3.0/releasenotes/
Significant changes from 0.11.3 (some where already present in pkgsrc,
as we used the 0.11.4 release candidate tarballs):
* critical bug 755: fix crashes due to dangling pointers to struct
form_state
* critical bugs 613, 714, 961: "assertion list_empty(form_controls)
failed"
* critical bug 945: don't crash if a Lua script calls e.g. error(nil)
* critical bug 1003: don't crash if a smart URI rewrite template gets
too few parameters
* critical bug 1016: avoid JSFunctionSpec for better compatibility
across versions of SpiderMonkey
* critical bugs 674, 956: don't reuse pointers to SpiderMonkey objects
that may have been collected as garbage. This fix causes bug 954.
* CVE-2007-2027: check if the program path contains "src/" before using
../po files
* important Debian bug 380347: prevent a buffer overflow in entity_cache
and a possible subsequent crash
* major bug 788: don't read STRLEN n_a, which isn't initialized by POPpx
of Perl v5.8.8 and later
* fix query parsing in file: URIs for local CGI (was broken in 0.11.3)
* bug 691: don't look up bogus IPv4 addresses based on characters of a
hostname
* bug 712: GnuTLS works on https://www-s.uiuc.edu/
* fix active and passive FTP over IPv6
* bug 938: elinks -remote no longer needs a controlling tty
* bug 939: fix FSP directory listing (some compiler options left it
empty)
* bug 978: Python's webbrowser.open_new_tab(URL) works since now
* bug 1012: compile with -fno-strict-overflow or -fwrapv if available
* bug 1014: fix incompatible pointer type in Perl_sys_init3 call
* minor bug 54, Debian bug 338402: don't force the terminal to 8 bits
with no parity, and don't disable XON/XOFF flow control either
* minor bug 951 in user SMJS: garbage-collect SMJS objects on File ->
Flush all caches to work around their holding cache entries busy
* minor bug 396: never show empty filename in the what-to-do dialog
* minor bug 461: ensure contrast in blank areas, to keep the cursor
visible
* minor bug 928: properly display no-break spaces in a UTF-8 document if
the terminal uses some other charset
* minor bug 987: English spelling and grammar corrections
* minor bug 1000: preserve any query and fragment when converting a file
name to a file:// URL
* minor: don't assume sizeof(int)==4 in bittorrent
* trivial bug 947: document.html.wrap_nbsp also affects text in tables
* trivial bug 997: fix unlikely stack corruption in active FTP
* build bug 1002: fix "comparison is always true due to limited range of
data type" warning on PowerPC and s390
* build bug 950: fix "config/install-sh: No such file or directory" on
SunOS
* build bug 936: fix errors about undefined off_t (autoheader
incompatibility)
* build bug 959: test in configure whether -lX11 works
* build: update SpiderMonkey configure check Debian compatibility
* build: use $(CPPFLAGS) rather than $(AM_CFLAGS)
* build: disable GCC 4.2 warning about builtin_modules
* build: move debian/ to contrib/debian/
* minor build bug 989: AsciiDoc 8.2.2 compatibility
* minor build bug 960: fix errors in loadmsgcat.c if mmap() exists but
munmap() doesn't
changes:
-minor bugfixes
-Changes DB schema to better handle comments during
item and subscription deletion. This makes the cache
version incompatible to 1.4.15
-Update of French translation
Small as a mouse, fast as a cheetah and available for free.
NetSurf is a web browser for RISC OS and UNIX-like platforms.
Whether you want to check your webmail, read the news or post to
discussion forums, NetSurf is your lightweight gateway to the
world wide web. Actively developed, NetSurf is continually evolving
and improving.
Although using the conventional LWP::UserAgent is fast and easy it
does have some drawbacks - the code execution blocks until the
request has been completed and it is only possible to process one
request at a time. HTTP::Async attempts to address these limitations.
It gives you a 'Async' object that you can add requests to, and
then get the requests off as they finish. The actual sending and
receiving of the requests is abstracted. As soon as you add a
request it is transmitted, if there are too many requests in progress
at the moment they are queued. There is no concept of starting or
stopping - it runs continuously.
Whilst it is waiting to receive data it returns control to the code
that called it meaning that you can carry out processing whilst
fetching data from the network. All without forking or threading
- it is actually done using select lists.
HTTP::Body parses chunks of HTTP POST data and supports
application/octet-stream, application/x-www-form-urlencoded, and
multipart/form-data.
Chunked bodies are supported by not passing a length value to new().
It is currently used by Catalyst to parse POST bodies.
CGI::Simple provides a relatively lightweight drop in replacement
for CGI.pm. It shares an identical OO interface to CGI.pm for
parameter parsing, file upload, cookie handling and header generation.
Template::Timer provides inline timings of the template processing
througout your code. It's an overridden version of Template::Context
that wraps the process() and include() methods.
2008-06-16 Gisle Aas <gisle@ActiveState.com>
Release 1.37
Gisle Aas (1):
Support ";" delimiter in $u->query_form
Jan Dubois (1):
We get different test result when www.perl.com doesn't resolve.
Kenichi Ishigaki (1):
URI::Heuristic didn't work for generic country code [RT#35156]
(I guess it is probably not needed in this case, but the changes
to ignore it for the slang option alone are much more effort).
Addresses PR 38284 by Daniel Horecki.
This class works just like LWP::UserAgent (and is based on it, by
being a subclass of it), except that when you use it to get a web page
but run into a possibly-temporary error (like a DNS lookup timeout),
it'll wait a few seconds and retry a few times.
It also adds some methods for controlling exactly what errors are
considered retry-worthy and how many times to wait and for how many
seconds, but normally you needn't bother about these, as the default
settings are relatively sane.
scripts and other scripts which output RSS. Other than most other RSS
libraries for Python, this one handles escaping of input and is supposed
to be extensible.
Some new features of Zope 2.11:
* ZODB 3.8 with blob support (binary large objects)
* Zope 3.4 integration
* transactional Mailhost implementation
* lots of minor improvements and fixes
For more information on what is new in this release, see the CHANGES.txt
files for the release:
http://www.zope.org/Products/Zope/2.11.0/CHANGES.txt
It would be last 2.6 stable release.
Changes to squid-2.6.STABLE20 (25 Apr 2008)
- Bug #2263: Custom log formats fail to log file sizes >2GB properly
on 32-bit platforms
- Fix stripping NT domain in squid_ldap_group
- Bug #2278: Cache-Control: max-stale=0 forwarded wrongly as max-stale
(without delta)
- Bug #2283: Fails to parse chunked encoding using chunk extensions
- Bug #420: Deal properly with empty list HTTP header members
- Windows Server 2008 support
- Bug #1886: tcp_outgoing_address acl doesn't work with indirect
source address (follow-x-forwarded-for)
- Bug #2296: Stuck in 100% CPU when fetching an corrupt peer digest
- Add support for the resolv.conf domain directive, and also
automatically derived default domain
- minimum_icp_query_timeout directive
- Bug #2329: Range header ignored on HIT
(17 Jun 2008, from /branches/1.5.x)
http://svn.collab.net/repos/svn/tags/1.5.0
pkgsrc changes:
- Drop patch-{aa,ag,ah,ai,aj,ak}: applied upstream.
- Drop part of patch-ad fixed upstream; only INSTALLDIRS=vendor left.
- Dropped -lib from BUILD_TARGET of ruby/perl/python, not necessary
for ages.
- Add java-subversion package, but: Only tested with sun-jdk6-6.0.5;
maybe it works with other Java, maybe no. make test only works if
you install junit by hand, as it does not seem to be packaged.
User-visible changes:
- Major new features:
* Merge Tracking [foundational] (issue #820)
* Sparse checkouts (see new '--depth' option) (issue #695)
* Interactive conflict resolution (r25670 et al)
* svn:externals handles relative URLs (issue #1336) and peg URLs
* Changelist support
* WebDAV transparent write-through proxy
* Better support for large FSFS deployments (via sharding & partitioning)
* Cyrus SASL support for ra_svn and svnserve (issue #1144)
- Minor new features and improvements:
* 'svn resolve' (with '--accept' option) replaces "resolved" (issue #2784)
* 'svn move file1 file2 ... dir' now moves the files into dir (issue #747)
* 'svn mkdir' and 'svn copy' now take '--parents' option (issue #1776)
* 'svn delete' now takes '--keep-local' to not remove working copy files
* 'svn copy', 'move' now support peg revisions (issue #2546; also r26484)
* 'svn copy A B ; svn move B C' now the same as 'svn copy A C' (issue #756)
* 'svn copy -rBASE' now works in a working copy (issue #1643)
* 'svn import' now takes '--force' (issue #2806)
* 'svn status -u' now shows of locally deleted directories (issue #2420)
* 'svn switch' now takes '--force' (issue #2392)
* 'svn switch' now takes '--ignore-externals' option (issue #2189)
* 'svn switch' now supports peg revisions (issue #2545)
* 'svn checkout' now takes '--force' option (issue #1328)
* 'svn proplist' and 'svn propget' now support peg revisions (issue #3070)
* 'svn propget' now takes '--xml' option (issue #2696)
* 'svn propedit' now support URLs (issue #2238, but see issue #2923)
* 'svn proplist --quiet' no longer prints extra info (issue #1547)
* 'svn diff --summarize' now takes '--xml' option (issue #2967)
* 'svn diff -x' now takes '-p' extension option (issue #2995)
* 'svn log' now takes '-c' option (r27933)
* 'svn log' now takes '-l' as short form of '--limit' (r25829)
* 'svn log --xml' now takes '--with-revprop' option (issue #2850)
* 'svn diff'/'svnlook diff' now show property actions better (issue #3019)
* 'svn merge' now has informative messages on reverse merges (issue #2848)
* 'svn merge FILE' now honors '--ignore-ancestry' (issue #2853, r25891)
* 'svn merge' handles multiple notifications for single items (issue #2828)
* 'svn merge' handles skipped path better (issue #2829)
* 'svn merge' handles merges from foreign repositories more completely
* 'update', 'checkout', 'switch' now handle obstructions gracefully (r22257)
* 'svn update' now takes '--force' (issue #2392)
* 'svn update' now sometimes copies or moves local files, for efficiency
* 'svnadmin lslocks' now accepts path within repository (issue #2965)
* 'svnadmin recover' now supports FSFS repositories (issue #2992)
* 'svnadmin verify' now has '-q' and '-r' options (r22103)
* 'svnadmin setrevprop' command added (r21736)
* 'svnadmin setuuid' command added (r28511)
* 'svnsync sync' now shows commit progress like 'svn commit'
* 'svnsync' now takes '-q, --quiet' option (r26465)
* 'svnsync' now supports separate authn for source/target (issue #2717)
* 'svnsync copy-revprops' now supports revision ranges (r23498)
* 'svnsync copy-revprops' now supports "HEAD" revision alias (r23500)
* 'svnmucc' is new name for contrib tool formerly called 'mucc'
* 'svnmucc' now has propset and propdel subcommands (issue #2758)
* 'svnmucc' now has more authentication options
* 'svnmucc' now now takes '--non-interactive' option (r25977)
* 'svnmucc' now takes a global base revision, for extra safety (r23764)
* 'svnlook' now takes '--extensions' option (issue #2912)
* 'svnlook' now takes '-N' option (issue #2663)
* 'svnlook history' now takes '-l' / '--limit' option (r25843)
* 'svnserve' now takes '--config-file' option (r24119)
* 'mod_dav_svn' now uses Apache default mime-type for files (issue #2304)
* new '--with-revprop' option on all commands that commit (issue #1976)
* now accept "peg dates" (URL@{DATE}), behaving like peg revs (issue #2602)
* easier to try out experimental ra_serf http:// access module
* select ra_neon vs ra_serf on a site-by-site basis in config (r25535)
* client-side post-commit processing now more efficient (issue #2607)
* windows binaries now use a custom crash handler (issue #1628)
* add vim swap file patterns to default global-ignores (r24348)
* add "*.pyc" and "*.pyo" patterns to default global-ignores (issue #2415)
* add unix/libtool library patterns to default global-ignores (issue #2415)
* naming scheme for conflict files is now configurable (issue #2474)
* removed svn-ref.tex as it's extremely out of date (issue #2762)
* improved cancellation response in many situations
* support Neon up to 0.28
* character set conversion now uses native API on Windows (r25650)
* HTTP authn protocol now configurable (for Neon 0.26 and higher) (r21531)
* http:// (over Neon) supports HTTP redirection / relocation (issue #660)
* support PKCS#11-provided (smartcard) SSL client certs with Neon (r29421)
* authz now supports aliases (r21982)
* authz token rules for authenticated-only, anonymous, and inverse (r23750)
* mailer.py now supports properties in commit messages (r21684)
* ra_serf now supports NTLM/SSPI authentication (issue #2900)
* warn if try to turn off boolean property via propset/propedit (r25486)
* display repository basename in XML and HTML index views (r25837, r25838)
* config 'http-auth-type' can be overridden to force BASIC auth (r23900)
* translation updates for all languages, as usual
* Revamp mod_dav_svn logging; see tools/server-side/svn_dav_log_parse.py
* misleading configure arg --enable-dso now --enable-runtime-module-search
- Client-side bugfixes:
* 'svn revert' of missing scheduled addition broke wc (issue #2425)
* 'svn export' should export svn:externals from local copies (issue #2429)
* 'svn status -uN' should show status of files (issue #2468)
* 'svn update' overwrote if local timestamp unchanged (issue #2746)
* 'svn update -N' errored when receiving a deletion (issue #3039)
* 'svn merge' would delete locally modified props (issue #2857)
* 'svn log --xml' could output invalid XML (issue #2866)
* 'svn copy' on URL with spaces made wrong WC file name (issue #2955)
* 'svn diff' was failing w/ large diffs on Windows (issue #1789)
* 'svn delete' no longer deletes locally-modified files (issue #1808)
* 'svn move' moved files to wrong directory on Windows (issue #1869)
* 'svn revert' mistakenly used leftover .svn-revert files (issue #2927)
* 'svn diff' output now shows relative paths (issue #2723)
* 'svn diff' wasn't ignoring all EOLs (issue #2920)
* 'svn cleanup' no longer fails on a missing .svn/tmp dir (r23370)
* infinite loop in UTF conversion in non-C locale (issue #2577)
* interrupting "svn status" could make svn crash (issue #2623)
* commit-email.pl date header output now RFC2822-compliant (issue #2633)
* authz write access to folder wasn't permitting locking (issue #2700)
* stop complaining just because $HOME is unreadable (issue #2363)
* do not display unescaped characters in error message (issue #2471)
* propchange received on subdir merge causes conflict (issue #2969)
* revert replaced-with-history files should restore checksum (issue #2928)
* catch improper arguments to diff (issue #2996)
* handle URLs like http://hostname (i.e. no path part) (issue #1851)
* config autoprops honored regardless of case of entry (issue #2036)
* "Cannot replace a directory from within" error now rarer (issue #2047)
* handle _svn/.svn as part of a path (issue #3026)
* make permissions changes on symlinks a no-op (issue #2581)
* error usefully if asked to update a URL (r22296)
* fixed infinite loop on Windows if fail to find repository root (r22483)
* 'svn info $REPO_ROOT' now supports pre-1.2 svn:// servers (r26264)
* be more resilient in the face of faulty .svn/entries files (r26482)
* 'svn diff -x --ignore-eol-style' failed to ignore all EOLs (r27094)
* rare property dataloss bug now fixed (issue #2986, see also r29538)
* fixed faulty status reporting for some missing directories (issue #2804)
* 'svn diff --summarize' showed wrong output paths (issue #2765)
* propset and move interaction could cause property weirdness (r25833)
* 'svn propget <propname> .@HEAD' now works (issue #3012)
* 'svnsync' had bug with replaced+modified rev over serf (issue #2904)
* 'svnsync --config-dir' sometimes ignored, thus tunnel agent bug (r27056)
* update/merge safely receives file on top of schedule-add file (r23506)
* http:// (over Neon) reports progress while disk-spooling delta (r26271)
* print "Out of memory" before dying from memory shortage (issue #2167)
* warn when used on old checkout without a repository root entry (r25168)
* merge to missing file target wrongly appeared to succeed (issue #2782)
* 'svn merge URL PATH -cX' could cause property corruption (issue #2781)
* URL parsing now consistently checks for error earlier (issue #2207)
* security hole: files could be created above cwd (r26047, CVE-2007-3846)
* local property mods to replaced-with-history file could be lost (r26364)
* revert of replaced-with-history path left copyfrom info (r23452)
* character encoding translation could hang (r23492)
* un-substituting keywords was buggy ($Id$ vs. $Id:$) (issue #2640)
* ra_neon and ra_serf lost pre-revprop-change hook output (issue #443)
* merge of non-empty subdir could be committed incorrectly (issue #1962)
* many other minor bugfixes, optimizations, plugs of memory leaks, etc
- Server-side bugfixes:
* segfault in svnserve and svnversion commands fixed (issue #2757)
* segfault when stopping httpd (if BDB repository) fixed (issue #2732)
* 'svnadmin dump' had a path ordering bug (issue #2641)
* better FSFS support for NFS v3 and lower (r24470)
* better FSFS support for some buggy NFS clients (r29448)
* authentication and authz bugs w.r.t. anonymous access (issue #2712)
* inconclusive authz result should deny, not allow (r23815)
* better reporting of problems parsing authz files (r22329)
* set svn:date revprop even if dumpstream does not (issue #2729)
* http:// commit can now create empty files properly (r25471, r25474)
* squelch not-a-directory errors in both FS backends (issue #2549)
* segfault on update-report response without base revision (issue #3023)
* 'svnserve --root PATH' checks that PATH exists (r22580, r22701)
* 'svnlook propget -t TXN_NAME' reports errors better (r22772)
* make location of mod_dav_svn activity database configurable (r24873)
* select only paths that are proper children of requested path (r25231)
* http:// commit error could leave empty transactions behind (r23594)
* 'svn switch --relocate' now works against unreadable repos root (r23848)
* many other minor bugfixes too numerous to list here
- Contributed tools improvements and bugfixes:
* svn_load_dirs.pl:
- Support global-ignores list (issue #2470)
- Allow "@" in filenames (r22203, Debian bug 359145)
- Add -no_auto_exe option (r26399)
* svnmerge.py:
- fixed: Always get end_rev from source instead of target (issue #2863)
- fixed: 'init' now chooses a better default revision range (issue #2810)
- fixed: Consider revs changing blocking status as reflected (issue #2814)
- Performance inmprovement (issue #2812)
- initialized revisions can be excluded (issue #2851)
* new 'svn-populate-node-origins-index' tool (issue #3024)
* new 'svn-merge-vendor.py' to assist in merging vendor branches (r23030)
* 'svn2rss.py' is now called 'svn2feed.py'
* svn2cl: New release 0.9 (r24498)
* commit-email.pl: various improvements (r22971, r22589)
* commit-email.rb: various improvements
* psvn.el: too many improvements and new features to list them all here
* dsvn.el: improve XEmacs compatibility (r24337)
* svn-tweak-author.py: make NEWAUTHOR argument optional (r24387)
* And more stuff that we just didn't have time to list. Enjoy.
Developer-visible changes:
* General:
- libsvn_ra_neon is new name for libsvn_ra_dav (to accommodate ra_serf)
- many abort() calls removed, replaced with error returns
- client and server now do capabilities exchange (r29358 et al)
- gen_win.py: auto-detect the path to the JDK on Windows (r24333)
* API changes:
- many, many new APIs and types as part of the new features in 1.5.0
- APIs to allow retrieving multiple revprops in one fetch (issue #2850)
- basic progress reporting for ra_svn (issue #901)
- new APIs for creating and using iterators (r26533)
- svn_fs_node_origin_rev finds line of history origin (issue #3017, #3024)
- svn_revnum_parse for parsing revision numbers (r26195)
- svn_path_is_canonical for validating paths (r26481)
- new API svn_fs_txn_root_base_revision() (r22610)
- pass individual arguments rather than config objects (r25182, r25190)
- clients can now extend HTTP User-Agent header (r28613)
- SVN_ERR_RA_DAV_PATH_NOT_FOUND is deprecated and no longer raised
* Bindings:
- Many improvements to all bindings (Java, Perl, Python, and Ruby)
This version of Apache is principally a bug and security fix release.
The following potential security flaws are addressed:
- CVE-2008-2364: mod_proxy_http: Better handling of excessive interim
responses from origin server to prevent potential denial of service and
high memory usage. Reported by Ryujiro Shibuya.
- CVE-2007-6420: mod_proxy_balancer: Prevent CSRF attacks against the
balancer-manager interface.
pkgsrc related notes:
- CVE-2008-2364 was already fixed in "pkgsrc"
- CVE-2007-6420 doesn't affect the package in the default configuration
because the "proxy_balancer" isn't enabled.
* Escape item names in the object browser.
* Select db before queries in MySQL SessionHandler.
* Format messages sent through MIME_Mail in flowed text format.
* Fixes for SQL shares with split read/write databases, and various fixes for hierarchical shares.
* Workaround broken IE behavior when downloading files with 8-bit filenames.
* Fix storing of unlocked preferences set by hooks.
* Allow Horde memcache driver to use UNIX sockets.
* Fix parsing of addresses in headers when the RFC 2047-encoded personal part of the address contains address list delimiters.
* Fix generation of unique keys in configuration for machines too fast for microtime().
* Added group driver for Kolab.
* Added IMAP based preferences driver for Kolab.
* Fix missing timestamp variable in Horde SQL cache driver.
* Fix over-zealous preference caching when preferences are requested for a different user.
* Fix issue in Horde_Image that caused errors when performing certain image operations immediately after an image had been cropped when using the ImageMagick driver.
The full list of changes (from version 3.2) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.392&r2=1.515.2.413&ty=h
reported by Stuart Shelton in PR pkg/38252,
I also think that the PRIVOXY_GROUP thing was a false report caused
by some pkgsrc framework glitch -- the value passed to "configure"
is correct for me (check "config.status").
* Correct registration of the Sarissa javascript library: current KSS uses it
as well. Fixes bug 8141.
* Correct handling of external links in the portal section tabs. Fixes bug 7155.
* Correct display of sub-collections. Fixes bug 8159.
* Use a custom permission for collection portlets so users can use it on their
dashboard.
* Fix handling of unicode versioning comments. Fixes bug 7400.
* Update translations.
* Do not allow backquotes in URLs but replace them with a dash.
* Make CSS classes for the navigation tree more consistent.
* KSS updates:
o kss.demo is no longer required.
o Improve support for Sarari 3.1.
o Correct logging of doubly registered actions.
* Update the quick installer tool:
o Log ImportErrors in installation methods instead of silently ignoring
them.
o Sort products by title instead of id. This fixes bug 8012.
o Fix installation/upgrade of products which had pre-Plone 3.0/CMF 21
style actions.
* Update the kupu visual editor:
o Add a hint for Deliverance so it will not style kupu pages.
o Fix Plone bugs 7779, 7958, 7990, 8003, 8009, 8014, 8039, 8080, and
8129 .
* Update Zope:
o Bug 142350: Display description for properties as row title, if present.
o Bug 143813: zopectl now exits non-zero when child processes fail.
o Bug 164783: Indexes were migrated on initial creation of a ZODB.
o Bug 173658: Removed dead code in OFS.Traversable's
unrestrictedTraverse (apparent NameError).
o Bug 198274: "empty" ZopePageTemplates could not be unpickled.
o Bug 200007: DateTime(anotherDateTime) now preserves the timezone.
o Bug 213311: Handle "unsubscriptable object" errors during publishing
traversal.
o zope.security: upgrade to version 3.3.3, which contains a backport
of a huge performance bugfix from the 3.4 branch.
The ikiwiki amazon_s3 plugin injects wiki pages into Amazon S3
allowing ikiwiki to be used without a dedicated web server.
This option just make a dependency for required perl module.
Note the plugin is installed regardless (just like the svn and img
support are installed without the options bringing in dependencies).
See http://ikiwiki.info/news/ for complete list of changes.
Major changes include:
- "fixes an important security hole"
- new plugins: amazon_s3, pingee, pinger
patch-aa removed, fixed now.
"gtkmozembed" is deprecated and not shipped with firefox 3.0+
Some packages that need firefox (like www/epiphany?) can be configured
to use libxul instead.
For those packages that support it, it might be a good idea to add a
firefox3 option when we get closer to firefox 3 launch day.
enhancements:
* Stable synchronization support through integrated SyncML server.
* A new Alarm system that can send email alarms, generate popup or inline
notifications, and play sounds for events in any Horde application.
* Support for separate read and write databases, and improved useability
when the database is unavailable.
* Improved performance, through caching and native SQL drivers for shares,
groups, and permissions; faster DataTree queries, and smarter use of
session data.
* The administrator can disable users' ability to change permissions on
their Shares.
* Two slick new themes, Tango Blue and Silver Surfer.
* WCAG 1.0 Priority 2/Section 508 accessibility guidelines compliance.
* Full Kolab webclient support.
* Improved JavaScript code including more caching, JSON support, new
spell checking and color picking widgets, replacing htmlarea with xinha,
and dynamic portal updates.
* Help is now searchable and has a tree view for easy organization and
exploration of help topics.
* Wider memcache support and easier memcache configuration, including
connection pooling and multiple memcache servers.
* A more complete WebDAV server.
* "Drop-in" configuration support for applications through
config/registry.d/.
* Many additional hooks, for performing actions on preference value
changes, and after loading an application.
* and much, much more.
patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.
=== RELEASE 2.1pre36 ===
Tue May 13 04:04:47 MET 2008 mikulas:
Fixed crash that was introduced with Sun May 4 20:13:21 MET 2008 fix
Mon May 12 23:26:51 MET 2008 mikulas:
Blacklist another broken HTTP/1.1 server - Apache Sausalito
Fri May 9 04:06:47 MET 2008 mikulas:
Take downloaded file name from Content-Type; name argument, if it exists
Also, get encoding information from Content-Type/Content-Disposition
filename
=== RELEASE 2.1pre35 ===
Mon May 5 20:06:19 MET 2008 mikulas:
The fix from Sun May 4 20:13:21 MET 2008 broke loading of animated gifs
=== RELEASE 2.1pre34 ===
Sun May 4 21:18:15 MET 2008 mikulas:
Allow displaying large images in xwindow (that do not fit into xserver
memory)
Sun May 4 20:13:21 MET 2008 mikulas:
Fixed image was sometimes not redrawn, when connection was interrupted
in the middle and resumed
Sun May 4 17:52:29 MET 2008 Ben Secrest <blsecres@gmail.com>:
Don't change Xwindow class
Wed Apr 16 03:10:02 cet 2008 Didier Mequignon <didiermequignon@wanadoo.fr>:
Updated French translation
Wed Mar 26 20:50:32 MET 2008 mikulas:
Fixed crash in text mode with small window height and bookmarks
Sat Mar 22 22:01:15 MET 2008 mikulas:
Accept </> as an empty tag
Thu Mar 20 22:47:09 CET 2008 mikulas:
Accept alternate description attributes for image buttons
Thu Mar 20 04:36:45 MET 2008 mikulas:
Fixed the bug that when displaying source, some html entities were
errorneously translated
Thu Mar 20 04:30:52 MET 2008 mikulas:
Added fallback for ‑ entity
Thu Mar 13 22:43:48 CET 2008 mikulas:
Allow multiple WWW-Authenticate headers
While here, add DESTDIR support and more adapt sample config file to default settings.
* Version 0.6.3 (30 March 2008)
- Fixed a possible race condition concerning the check for the
right symlink owner.
- Added checks for the owner of the parent directories were added.
* Version 0.6.2 (19 November 2006)
- Made mod_suphp compatible with Apache 2.2
- Modified SmartPtr implementation (hopefully) fixing
double free problem
- Fixed problem that caused the process to block
when more than 4096 were written to stderr
- Implemented userdir support
- Fixed problem with PATH_INFO and PHP scripts
* Version 0.6.1 (26 November 2005)
- Changed usage of STL to gain better compatibility with old GCC versions
(credits to Jeremy Chadwick for finding the relevant code)
- Fixed typos in mod_suphp.c (Apache 1.3)
(credits to Johan Ekenberg for finding these typos)
- Fixed potential buffer overflow in function suphp_bucket_read() in
src/apache2/mod_suphp.c
- Fix problems with scripts sending "Last-Modified" headers
- Extended autoconf script to look for an installation of APR
and to use its includedir when building mod_suphp for Apache 2
- Added support for chroot() call before execution of script
Zope 2.10.6 (2008/05/10)
Bugs fixed
Launchpad #142350: Display description for properties as row title, if present.
Launchpad #200007: DateTime(anotherDateTime) now preserves the timezone.
Launchpad #213311: Handle "unsubscriptable object" errors during publishing traversal.
Launchpad #143813: zopectl now exits non-zero when child processes fail.
Launchpad #173658: Removed dead code in OFS.Traversable's unrestrictedTraverse (apparent NameError).
Launchpad #198274: "empty" ZopePageTemplates could not be unpickled.
zope.security: switched to use standalone 3.3.3 version, which contains a backport of a huge performance bugfix from the 3.4 branch.
Launchpad #164783: Indexes were migrated on initial creation of a ZODB.
Zope 2.9.9 (2008/05/10)
Bugs fixed
Launchpad #142350: Display description for properties as row title, if present.
Launchpad #200007: DateTime(anotherDateTime) now preserves the timezone.
Launchpad #143813: zopectl now exits non-zero when child processes fail.
Launchpad #143748: remove broken use of logging module in Products.Five.fiveconfigure.handleBrokenProduct. Fixed by upgrading to Products.Five 1.3.11.
Launchpad #147201: treat container-class in zope.conf as a string, making it possible to use types from extra products directories.
Collector #2287: form :record objects did not implement enough of the mapping protocol.
Collector #2346: username logging in FCGI crashed the server
Collector #2332: SessionDataManger: don't swallow ConflictErrors
Collector #146408: fixed broken logger call in Transience.py
- re-supported DnD to bookmark folder in toolbar.
- Print copied string in Statusbar when CopyInUserFormat action is executed.
- Make it work with xulrunner 1.9.
- Resupported thumbnails.
- New German translation.
- RSS with CDATA is now parsed correctly.
- Fixed a crash when preference dialog is opened.
- HyperEstraier ANDNOT support.
- Various GTK/glib related bugfixes.
:Q operator in CONFIGURE_ARGS removed as suggested by rillig and pkglint.
Stop lying and drop maintainership of these packages. I have not
maintained them for a very long time already, so leave room for
fresh blood to take over them.
Upgrade to 2.44. Many changes. Here are a couple of them:
* The security fix in the last release had buggy handling of data:image,
now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809)
* htmlscrubber security fix: Block javascript in uris.
Adds new tool: ikiwiki-transition
No longer installs rst and externaldemo plugins.
Add patch based on bugs I found -- both fixes are now upstream.
HTML::StripScript
===========
This module strips scripting constructs out of HTML, leaving as much
non-scripting markup in place as possible. This allows web applications
to display HTML originating from an untrusted source without introducing
XSS (cross site scripting) vulnerabilities.
- assume that Python 2.4 and 2.5 are compatible and allow checking for
fallout.
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.
1.30 November 26, 2007
Added t_write_test_lib for temporary testing packages
[Fred Moyer <fred@redhotpenguin.com>]
Fix syntax error in generated PHP files t/conf/*.php.in
[Philippe M. Chiasson]
Add bwshare.so to the list of modules to not inherit b/c
it rate limits requests to less then that of a test suite.
PR: 25548
[imacat <imacat@mail.imacat.idv.tw>]
Add EXTRA_CFLAGS to c-module building if defined in the environment
[Geoffrey Young]
1.20 Wed Mar 12 23:56:11 CDT 2008
-----------------------------------
[FIXES]
stuff_inputs() used to do nothing. Now it works.
http://code.google.com/p/www-mechanize/issues/detail?id=9
Fixed punctuation in some error messages.
Fixed compatibility with WWW::Mechanize 1.36.
1.18 Thu Dec 6 10:12:14 CST 2007
------------------------------------
[ENHANCEMENTS]
Added default descriptions for most test assertions.
[FIXES]
HTML::Lint is now properly optional.
Added delays in all the tests that use HTTP::Server::Simple to give
it time to correctly fire up.
1.16 Mon Oct 29 15:34:21 CDT 2007
------------------------------------
[ENHANCEMENTS]
Added $mech->post_ok(). Thanks, Greg Sheard.
Added $mech->submit_form_ok(). Thanks, Mark Stosberg.
Added $mech->html_lint_ok()
[FIXES]
Fixed some bugs that were causing test failures.
1.14 Fri May 11 16:22:02 CDT 2007
------------------------------------
[FIXES]
Fixes test failures. Thanks to Mark Blackman for RT #26602:
The module tests currently spawn a server (based on
HTTP::Server::Simple::CGI) which is killed when a __DIE__
signal is received, normally only when the invoking
perl dies. However, as perlvar makes clear, the __DIE__
signal is received when eval blocks die as well. The
new version (1.22) of WWW::Mechanize now calles
HTTP::Message::decoded_content which calls Encode.pm
which has a eval block that require's Encode::ConfigLocal
which is usually not present, so the eval dies and the
HTTP server is killed as soon as the $mech object tries
to do a 'get'. It's simple to use a system variable,
$^S to find out if the __DIE__ signal is being called
for an eval so we ignore that case with the patch
attached.
The stuff_inputs() function now actually works.
[DOCUMENTATION]
* Made the synopsis show that T:W:M doesn't take the tests=>$x
like other Test::* modules. It'd be nice if it did, though.
0.31 Sun Mar 16 20:51:04 EDT 2008
* Test suite parallelization fixes. Thanks to Slaven Rezic
0.30 Tue Mar 11 12:14:24 EDT 2008
* Minor doc fix from Paul Miller.
* Fixing doc style from "$this" to "$self" like any self-respecting perl code
0.29 Fri Feb 15 11:43:29 EST 2008
* new example section from almut on perlmonks
0.28 Tue Jan 15 09:33:58 EST 2008
* New restartability support from Mark Stosberg
After reviewing the code in HTTP::Server::Simple,
Catalyst::Engine::HTTP and HTTP::Server::Brick, I found and
implemented an updated signal handling approach that I like and
understand, and actually works.
The current code restarted immediately if a SIGHUP came in, no
matter what was happening, including if a request was in process of
being fulfilled.
The new code works more like "apachectl graceful". It waits for the
current request cycle to finish, and then restarts the server.
This code has to be integrated in the core, but its just about
the same amount of signal handling code that was there... it just
works better. It's also written in such a way I think subclass/mixin
authors could rewrite just these parts if they wanted.
Also, it looks like a Net::Server based sub-class would already be
doing its own thing with SIGHUP handling, and should continue to
be unaffected.
1.86 2008-02-01 by Alexandr Ciornii
- Default number of semaphores for *BSD is 8 in Apache::Session::Lock::Semaphore
1.85_01 2008-01-24 by Alexandr Ciornii
- typos corrected (catched by Gerald Fox)
- more tests and diag in 99semaphore.t
- no warning "disconnect invalidates 2 active statement" in
Apache::Session::Lock::MySQL by Tony Cook (RT#32148)
1.85 2007-12-20 by Alexandr Ciornii, Perl 20th birthday version
- mention Catalyst::Plugin::Session, Session
1.84_01 2007-11-26 by Alexandr Ciornii (alexchorny AT gmail.com)
- Added Apache::Session::Lock::Semaphore::remove to remove semaphore
- 99flex.t will remove semaphore (RT#30440)
- 99flex.t should work on 5.6.1 again (no chdir now)
- 99flex.t will clean all temporary files (RT#30209)
- pod.t included in MANIFEST
- cleaner tests
1.84 2007-10-02 by Alexandr Ciornii (alexchorny AT gmail.com)
- Added constant.pm to the list of prerequisites
- Jeffrey W. Baker, Casey West, Alexandr Ciornii, Oliver Maul agreed to
change license of all files to Perl license
Alexandr Ciornii agrees to relicense to Artistic 2.0 in future if needed.
- 99flex.t will be skipped on *bsd and Solaris
1.83_01 2007-08-03 by Alexandr Ciornii
- better handling of Storable errors by Rick Delaney (RT#27476)
1.83=1.82_05 2007-05-25
1.82_05 2007-05-14 by Alexandr Ciornii
- skipping part of 99flex.t on NetBSD
1.82_04 2007-04-27 by Alexandr Ciornii
- More diagnostics in Apache::Session::Lock::Semaphore::acquire_write_lock,
acquire_read_lock
- Did not increment modules versions in previous versions of distribution
- Apache::Session::Lock::Semaphore can work with private semaphore
- 99flex.t will use private semaphore
- 99dbfile.t, 99dbfilestore.t - added undef (for RT#6216)
1.82_03 2007-03-12 by Alexandr Ciornii
- Apache::Session::Lock::File checks flock success (RT#6936)
- Apache::Session::Lock::File will not change to shared lock if write
lock is in effect and read lock is requested (RT#7072)
- 99dbfile.t, 99dbfilestore.t - added untie (for RT#6216)
- Apache::Session::Lock::Semaphore will check for $Config{d_semget} and
cygserver
1.82_02 2007-03-11 by Alexandr Ciornii
- 99semaphore.t, 99flex.t will be skipped if $Config{d_semget}==undef,
patch by Slaven Rezic
- Removed redundant code in 99filelock.t
- Removed unnecessary skip in 99nulllock.t
- Added file 'Contributing.txt'
- Apache::Session - mention CGI::Session
- Request in Makefile.PL
1.82_01 2007-03-10 by Alexandr Ciornii
- Applied part of patch of SREZIC (Slaven Rezic), RT#3670,
more diagnostics on failing file operations (Apache::Session::Lock::File,
Apache::Session::Store::DB_File, Apache::Session::Store::File)
- RT#1251, ModUniqueId.pm, ModUsertrack.pm - small error in Carp usage,
by Slaven Rezic
- 99flex.t will be skipped on perls earlier than 5.8 (RT#16539)
- Requires Storable (core from 5.7.3), as it is almost useless without it
2.0.4 April 16, 2008
Fix $r->location corruption under certain conditions
[Gozer]
Fix a crash when spawning Perl threads under Perl 5.10
[Gozer]
Fix erratic behaviour when filters were used with Perl 5.10
[Gozer]
Fix problems with redefinitions of perl_free as free and perl_malloc
as malloc on Win32, as described at
http://marc.info/?l=apache-modperl&m=119896407510526&w=2
[Tom Donovan]
Fix a crash when running a sub-request from within a filter where
mod_perl was not the content handler. [Gozer]
Refactor tests to use keepalives instead of same_interp [Gozer, Phred]
Apache2::Reload has been moved to an externally maintained
CPAN distribution [Fred Moyer <fred@redhotpenguin.com>]
PerlCleanupHandler are now registered with a subpool of $r->pool,
instead of $r->pool itself, ensuring they run _before_ any other
$r->pool cleanups [Torsten Foertsch]
Fix a bug that would prevent pnotes from being cleaned up properly
at the end of the request [Torsten Foertsch]
On Win32, embed the manifest file, if present, in mod_perl.so,
so as to work with VC 8 [Steve Hay, Randy Kobes]
Expose apr_thread_rwlock_t with the APR::ThreadRWLock module
[Torsten Foertsch]
Don't waste an extra interpreter anymore under threaded MPMs when using a
modperl handler [Torsten Foertsch]
Fix a bug that could cause a crash when using $r->push_handlers() multiple
times for a phase that has no configured handlers [Torsten Foertsch]
Catch up with some httpd API changes
2.2.4:
The full server version information is now included in the error log at
startup as well as server status reports, irrespective of the setting
of the ServerTokens directive. ap_get_server_version() is now
deprecated, and is replaced by ap_get_server_banner() and
ap_get_server_description(). [Jeff Trawick]
2.3.0:
ap_get_server_version() has been removed. Third-party modules must
now use ap_get_server_banner() or ap_get_server_description().
[Gozer]
fixed Apache2::compat Apache2::ServerUtil::server_root() resolution
issues [Joshua Hoblitt]
*) SECURITY: CVE-2007-1349 (cve.mitre.org)
fix unescaped variable interprolation in regular expression
[Randal L. Schwartz <merlyn@stonehenge.com>, Fred Moyer <fred@redhotpenguin.com>]
Make $r->the_request() writeable
[Fred Moyer <fred@redhotpenguin.com>]
fix ModPerl::RegistryCooker::read_script to handle all possible
errors, previously there was a case where Apache2::Const::OK was
returned on an error. [Eivind Eklund <eeklund@gmail.com>]
a minor compilation warning resolved in modperl_handler_new_from_sv
[Stas]
a minor compilation warning resolved in modperl_gtop_size_string
[Stas]
Prevent direct use of _deprecated_ Apache2::ReadConfig in
<Perl> sections with httpd Alias directives from
incorrectly generating
'The Alias directive in xxxxx at line y will probably never match'
messages.
[Philip M. Gollucci <pgollucci@p6m78g.com>]
Prevent Apache2::PerSections::symdump() from returning invalid
httpd.conf snippets like 'Alias undef'
[Philip M. Gollucci <pgollucci@p6m78g.com>]
Require B-Size 0.9 for Apache2::Status which fixes
Can't call method "script_name" on an undefined value
[Philip M. Gollucci <pgollucci@p6m78g.com>]
-march=pentium4 or anything with an = in it in CCFLAGS or @ARGV
that gets passed to xs/APR/APR/Makefile.PL broke the @ARGV
parsing. I.E. FreeBSD port builds when users had CPUTYPE
set in /etc/make.conf.
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
Fixes to get bleed-ithread (5.9.5+) to comile again.
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
2008-04-16 Gisle Aas <gisle@ActiveState.com>
Release 5.812
Gisle Aas (6):
Typo fix.
Simplified Net::HTTP::Methods constructor call.
Croak if Net::HTTP constructor called with no argument.
Avoid calling $self->peerport to figure out what the port is.
5.811 breaks SSL requests [RT#35090]
Make test suite compatible with perl-5.6.1.
Toru Yamaguchi (1):
Wrong treatment of qop value in Digest Authentication [RT#35055]
2008-04-14 Gisle Aas <gisle@ActiveState.com>
Release 5.811
Gisle Aas (6):
Avoid "used only once" warning for $Config::Config.
Make HTTP::Request::Common::PUT set Content-Length header [RT#34772]
Added the add_content_utf8 method to HTTP::Message.
Typo fix.
Retry syscalls when they fail with EINTR or EAGAIN [RT#34093,32356]
Allow HTTP::Content content that can be downgraded to bytes.
Gavin Peters (1):
HTML::Form does not recognise multiple select items with same name [RT#18993]
Mark Stosberg (1):
Document how HTTP::Status codes correspond to the classification functions [RT#20819]
Robert Stone (1):
Allow 100, 204, 304 responses to have content [RT#17907]
sasao (1):
HTTP::Request::Common::POST suppressed filename="0" in Content-Disposition [RT#18887]
2008-04-08 Gisle Aas <gisle@ActiveState.com>
Release 5.810
Gisle Aas (10):
Small documentation issues [RT#31346]
Explain $netloc argument to $ua->credentials [RT#31969]
Make lwp-request honour option -b while dumping links [RT#31347]
Ignore params for date convenience methods [RT#30579]
Get rid of all the old CVS $Keyword:...$ templates. Set $VERSION to 5.810.
Update Copyright year.
Drop some sample URLs that were failing.
Complement the HTTP::Status codes [RT#29619]
Don't allow HTTP::Message content to be set to Unicode strings.
Refactor test for Encode.pm
Ville Skytta (3):
Spelling fixes [RT#33272]
Trigger HTML::HeadParser for XHTML [RT#33271]
Escape status line in error_as_HTML, convert to lowercase [RT#33270]
Alexey Tourbin (2):
Typo fix [RT#33843]
Protocol/file.pm: postpone load of URI::Escape and HTML::Entities [RT#33842]
Daniel Hedlund (1):
HTML::Form Module and <button> element clicks
Adam Kennedy (1):
HTTP::Cookies handle malformed empty Set-Cookie badly [RT#29401]
Jacob J (1):
[HTTP::Request::Common] Does not handle filenames containing " [RT#30538]
Rolf Grossmann (1):
Allow malformed chars in $mess->decoded_content [RT#17368]
FWILES (1):
Croak if LWP::UserAgent is constructed with hash ref as argument [RT#28597]
Adam Sjogren (1):
Disabled, checked radiobutton being submitted [RT#33512]
DAVIDRW (1):
warn if TextInput's maxlength exceeded [RT#32239]
www/htmldoc
www/htmldoc-x11
The latter is now just www/htmldoc built with a specific set of options.
Changes include:
+ Add options.mk that supports a new option:
htmldoc-gui Build with GUI support
+ Remove Makefile.common and move all logic into htmldoc/Makefile and
htmldoc/options.mk.
+ Add full DESTDIR support.
+ Bump the PKGREVISION for htmldoc and htmldoc-x11 to 7. Both packages
now track and use the same PKGREVISION number.
it any longer.
Fixes build problem in evolution:
> ===> Creating toolchain wrappers for evolution-2.22.1
> ERROR: libgnomeprintui is not installed; can't buildlink files.
Bump BUILDLINK_ABI_DEPENDS.gtkhtml314 for dependency change.
* [bug] Rescue all types of errors when processing request
* [bug] Use Swiftiply backend when -y option is specified
* Allow passing port as a string in Server.new
* Define deferred?(env) in your Rack application to set if a request
is handled in a thread (return true) or not (return false).
Based on patch provided by Zafer Aydogan via private mail.
This update to 2.6.1 contains all patches from the Debian package:
- various bug fixes
- uploading under the temporary name `weex.tmp' with the RenameOK option
- support for FTP proxy server that requires challenge/response
- The i386 RPM was compiled on RedHat 9
- You should be able to "rpmbuild --rebuild" the SRPM on older RedHat releases
or other RPM based distros.
pkgsrc changes:
* project now on sourceforge
* no need patch to fix localedir (patch-ac)
* need msgfmt to build
* need gettext-lib
* add DESTDIR support
Version 3.35
1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.
Version 3.34
1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI@cpan.org
2. Fix url() method to not choke on path names that contain regex characters.
Version 3.33
1. Remove uninit variable warning when calling url(-relative=>1)
2. Fix uninit variable warnings for two lc calls
3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
Version 3.32
1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0
Version 3.31
1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
3. Possibly fixed "wrapped pack" error on 5.10 and higher.
Version 3.30
1. Patch from Mike Barry to handle POSTDATA in the same way as PUT.
2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values.
pkgsrc changes: replace MAKE_FLAGS+= INCLUDES="-I${LOCALBASE}/include/httpd"
with MAKE_FLAGS+= INCLUDES="-I${BUILDLINK_PREFIX.apache}/include/httpd"
Version2.2 (Jul 31st 2007)
1. Support configuration "PassHeader"
Thank Hans Christian Saustrup for the suggestion.
2. Support apr_shm_remove() in httpd.2.0.X
Thank Hans Christian Saustrup for bug report.
3. Support configuration "TimeScore"
Thank Tim Jensen for the patch.
4. Support new configurations "MaxRequestInMem" and "MaxRequestLen"
If the length of http request longer than "MaxRequestInMem", it will store in tmp file.
It the length of http request longer than "MaxRequestLen", it will return internal server error.
Thank Gabriel Barazer(gabriel at oxeva.fr) for the bug report.
Thank Steffen(info at apachelounge.com) for the help on this issue.
5. Fix miner Sanity check bug
Thank Yuya Tanaka for bug report
UNIX&Win32 source: mod_fcgid.2.2.tar.gz
Version2.1 ( Feb 15th 2007 )
1. Add missing config.m4 and Makefile.in for static linking
Thank Mark Drago for notice
2. FCGIWrapper disallowed in .htaccess
Thank Balinares for patch
3. Bug fix. Authoritative flag reversed
Thank Chris Darroch for the patch
4. Support arguments in FCGIWrapper
Thank Andre Nathan for suggestion and great help on testing it.
5. Support new config "SharememPath", which specifies the location of share memory path.
6. Check running user is root or not, while suexec is enabled.
Thank Chris Holleman for the bug report.
7. Bug fix. Should not pass respond to auth checkers.
Thank Szabolcs Hock for bug report.
Version 1.5.9 released
2008-02-17, 08:58 GMT
2008-01-25
- Added Ukrainian translation (Anton Lytvynenko)
2008-01-09
- Include Debian patch #403812, FTBFS on GNU/kFreeBSD
- Mark unread now toggles read status, Debian bug #394312
Version 1.5.8 released
2008-01-09, 08:15 GMT
1.5.8 has made it... somehow. Well actually this is just a small change
which adds two new translations and build fixes as well as moving the
manpages to share/ hierachy.
In other words, I have lost track of the changes. ;)
I'm currently going through the Debian bugtracker and integrate most of
what's pilled up there.
merb-sequel to 1. In that commit, the dependency was bumped at the
package level, but gems also track dependencies independently of
pkgsrc, so patch the Rakefile to:
+ Bump the dependency on sequel to 1.4.0.
+ Remove the dependency on sequel_model, which was merged into the
main sequel package as of version 1.4.0.
* When creating or editing a blog post or page, the preview is displayed above
the edit form rather than below it.
* Spaces in blog post URLs are replaced with - rather than _ (this change will
only affect new posts; existing post URLs will not be changed).
* Blog posts provide Atom feeds for recent comments.
* Tag pages provide Atom feeds for posts with that tag.
* Blog posts are marked up using the hAtom microformat.
* Thoth auto-generates an XML sitemap at http://yourblog.com/sitemap (set
site.enable_sitemap to false to disable).
* Comment URLs are built using the name of the post the comment is attached to
rather than the id.
* Fixed a bug that prevented Atom and RSS feeds from being cached when
server-side caching was enabled.
* Fixed entry titles in Atom feeds claiming to be type="html" when in fact
they weren't.
* Fixed a bug that sometimes caused flash messages to be cached with the
output of an action and re-displayed until the cached action expired.
