UrlMount is a universal mount point designed for use in rack applications.
It provides a simple way to pass a url mounting point to the mounted
application.
This means that when you mount an application in the url space, it's a simple
call to url to get the mount point of where the application is.
# rack-rewrite
A rack middleware for defining and applying rewrite rules. In many cases you
can get away with rack-rewrite instead of writing Apache mod_rewrite rules.
Collection of common Sinatra extensions, semi-officially supported.
# Goals
* For every future Sinatra release, have at least one fully compatible release
* High code quality, high test coverage
* Include plugins people usually ask for a lot
= 1.3.4 / 2012-01-26
* Improve documentation. (Kashyap, Stanislav Chistenko, Konstantin Haase,
ymmtmsys, Anurag Priyam)
* Adjustments to template system to work with Tilt edge. (Konstantin Haase)
* Fix streaming with latest Rack release. (Konstantin Haase)
* Fix default content type for Sinatra::Response with latest Rack release.
(Konstantin Haase)
* Fix regression where + was no longer treated like space. (Ross Boucher)
* Status, headers and body will be set correctly in an after filter when using
halt in a before filter or route. (Konstantin Haase)
# HTTP Router
## What is it?
This is an HTTP router for use in either a web framework, or on it's own using
Rack. It takes a set of routes and attempts to find the best match for
it. Take a look at the examples directory for how you'd use it in the Rack
context.
## Features
* Ordered route resolution.
* Supports variables, and globbing, both named and unnamed.
* Regex support for variables.
* Request condition support.
* Partial matches.
* Supports interstitial variables (e.g.
/my-:variable-brings.all.the.boys/yard) and unnamed variable /one/:/two
* Very fast and small code base (~1,000 loc).
* Sinatra via https://github.com/joshbuddy/http_router_sinatra
Fixed in 7.29.0 - February 6 2013
Release contains security-related bug fix
(already fixed in pkgsrc)
Changes:
test: offer "automake" output and check for perl better
always-multi: always use non-blocking internals
imap: Added support for sasl digest-md5 authentication
imap: Added support for sasl cram-md5 authentication
imap: Added support for sasl ntlm authentication
imap: Added support for sasl login authentication
imap: Added support for sasl plain text authentication
imap: Added support for login disabled server capability
mk-ca-bundle: add -f, support passing to stdout and more
writeout: -w now supports remote_ip/port and local_ip/port
Bugfixes:
SECURITY ADVISORY: SASL buffer overflow vulnerability
nss: prevent NSS from crashing on client auth hook failure
darwinssl: Fixed inability to disable peer verification on Snow Leopard and Lion
curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
SCP: relative path didn't work as documented
setup_once.h: HP-UX issue workaround
configure: fix cross pkg-config detection
runtests: Do not add undefined values to @INC
build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
multi: fix re-sending request on early connection close
HTTP: remove stray CRLF in chunk-encoded content-free request bodies
build: fix AIX compilation and usage of events/revents
VC Makefiles: add missing hostcheck
nss: clear session cache if a client certificate from file is used
nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
fix HTTP CONNECT tunnel establishment upon delayed response
--libcurl: fix for non-zero default options
FTP: reject illegal port numbers in EPSV 229 responses
build: use per-target '_CPPFLAGS' for those currently using default
configure: fix automake 1.13 compatibility
curl: ignore SIGPIPE
pop3: Added support for non-blocking SSL upgrade
pop3: Fixed default authentication detection
imap: Fixed usernames and passwords that contain escape characters
packages/DOS/common.dj: remove COFF debug info generation
imap/pop3/smtp: Fixed failure detection during TLS upgrade
pop3: Fixed no known authentication mechanism when fallback is required
formadd: reject trying to read a directory where a file is expected
formpost: support quotes, commas and semicolon in file names
docs: update the comments about loading CA certs with NSS
docs: fix typos in man pages
darwinssl: Fix bug where packets were sometimes transmitted twice
winbuild: include version info for .dll .exe
schannel: Removed extended error connection setup flag
VMS: fix and generate the VMS build config
The most important of these new features are:
* SQL Database logging helper
* Time-Quota session helper
* SSL-Bump Server First
* Server Certificate Mimic
* Custom HTTP request headers
* Remove or modify some patches that is obsolete or fixed in another way
like devel/xulrunner.
Changelog:
Fixes in 2.15.2
Applications could not be removed from the "Application details" dialog under Preferences, Helper Applications (bug 826771).
View / Message Body As could show menu items out of context (bug 831348).
Fixes in 2.15.1
Problems involving HTTP proxy transactions have been fixed (bug list).
The Unity player crashed on Mac OS X (bug 828954).
This relase contains fix for CVE-2012-6112(TinyMCE), too.
Version 2.11.9 (2013-02-05)
---------------------------
### Fixed
Support numeric front end dates in the form generator (see #5238).
### Fixed
Support whitespace characters when parsing simple tokens (see #5323).
### Fixed
Allow to run multiple TinyMCE instances with different configurations on the
same page (thanks to Andreas Schempp) (see #4453).
### Fixed
Correctly trigger the "saveNewPassword" hook (see #5247).
### Fixed
Consider the `save_callback` of the password field in `tl_user` when a back end
user is forced to change his password (see #5138).
### Fixed
Do not group standalone lightbox elements on HTML5 pages (see #3742).
### Fixed
Anonymize IP addresses in `Form::processFormData()` (see #5255).
### Fixed
Replaced the 1200 pixel limit when resizing images with the values defined in
the system settings (see #5268).
### Fixed
Make sure there is an array in `Controller::generateMargin()` (see #5217).
### Fixed
More robust input validation in the back end filter menu and no more absolute
paths in error messages printed to the screen (thanks to aulmn) (see #4971).
### Fixed
Unset non-existing fields when restoring versions (see #5219).
Fri Feb 1 10:19:44 CET 2013
Handle case where POST data contains "key=" without value
at the end and is not new-line terminated by invoking the
callback with the "key" during MHD_destroy_post_processor (#2733). -CG
Wed Jan 30 13:09:30 CET 2013
Adding more 'const' to allow keeping of reason phrases in ROM.
(see mailinglist). -CG/MV
Tue Jan 29 21:27:56 CET 2013
Make code work with PlibC 0.1.7 (which removed plibc_init_utf8).
Only relevant for W32. Fixes#2734. -CG
Sat Jan 26 21:26:48 CET 2013
Fixing regression introduced Jan 6 (test on data_size instead
of total_size. -CG
Fri Jan 11 23:21:55 CET 2013
Also return MHD_YES from MHD_destroy_post_processor if
we did not get '\r\n' in the upload. -CG
Sun Jan 6 21:10:13 CET 2013
Enable use of "MHD_create_response_from_callback" with
body size of zero. -CG
*) Feature: the $request_time and $msec variables can now be used not
only in the "log_format" directive.
*) Bugfix: cache manager and cache loader processes might not be able to
start if more than 512 listen sockets were used.
*) Bugfix: in the ngx_http_dav_module.
+ Under NetBSD 5.1_STABLE, a large number of included vhosts led to SEGV, this
does not occur with nginx 1.2.6.
Opera 12.13 is a recommended upgrade offering security and stability
enhancements.
Fixes and Stability Enhancements since Opera 12.12
General and User Interface
* Fixed an issue where Opera gets internal communication errors on Facebook
* Fixed an issue where no webpages load on startup, if Opera is disconnected
from the Internet
* Fixed an issue where images will not load after back navigation, when a site
uses the HTML5 history API (deviantart.com)
Linux and Windows
* A new stand-alone update-checker, as part of a planned upgrade of the
auto-update system
Windows
* Improved protection against hijacking of the default search, including
a one-time reset
Security
* Fixed an issue where DOM events manipulation might be used to execute
arbitrary code, as reported by Arthur Gerkis; see our advisory:
http://www.opera.com/support/kb/view/1042/
* Fixed an issue where use of SVG clipPaths could allow execution of arbitrary
code, as reported by anonymous via the iSIGHT Partners GVP Program; see our
advisory:
http://www.opera.com/support/kb/view/1043/
* Fixed a low severity security issue; details will be disclosed at a later
date
* Fixed an issue where CORS requests could omit the preflight request, as
reported by webpentest; see our advisory:
http://www.opera.com/support/kb/view/1045/
Upstream changes:
1.0016 Thu Jan 31 13:21:14 PST 2013
[SECURITY]
- Fixed directory traversal bug in Plack::App::File on win32 environments
[INCOMPATIBLE CHANGES]
- Updated Plack::Builder OO interface to be more natural. Still keeps backward
compatible to the old ->mount() and ->to_app() interface.
[NEW FEATURES]
- Static middleware 'path' callback now takes $env as a 2nd argument (avar)
- Static middleware takes 'content_type' callback to determine custom MIME (pstadt)
[IMPROVEMENTS]
- Fixed regexp warning for blead (doy)
- Documentation update for AccessLog::Timed to suggest Runtime (ether)
- Ignore vim swap files on restarter (nihen)
- Major doucmentation overhaul on Apache2 startup files (rkitover, avar)
Features:
* Drag&Drop reordering of photos in the plugin admin
* Unlimited, auto-discovered custom templates - you can change template of
given gallery at anytime, use javascript galleries etc.
based on a source image. So whenever a thumbnail does not exist or if the
source was modified more recently than the existing thumbnail, a new thumbnail
is generated (and saved).
* `6753235d`: Return bounded output from `rcs_diff()` when asked, as
the API states.
* `e45175d5`: Always explicitly set CVS keyword substitution behavior.
Fixes behavior when a text file is added under a name formerly
used for a binary file.
* `b30cacdf`: If the previous working directory no longer exists after
a CVS operation, don't try to `chdir()` back to it afterward.
Bump PKGREVISION.
- added a sitemap.xml.
- added some templatetags.
- started using Sphinx for managing documentation.
- started using Transifex for managing translations.
- started using Travis CI.
- added 12 new translations and improved some of the existing translations.
- fixed issue 29 (quote URL of resized image properly).
- misc improvements to clarity of unit tests.
- added Django 1.4 timezone support.
Version 1.0.3
-------------
Released January 24, 2013
- Tests complete in python 3.2/3.3.
- Localization for ru, fr.
- Minor fixes in documentation for clarity.
- FieldList now can take validators on the entire FieldList.
- ext.sqlalchemy model_form:
* Fix issue with QuerySelectField
* Fix issue in ColumnDefault conversion
* Support Enum type
- Field class now allows traversal in Django 1.4 templates.
Changes:
0.3006 Wed Dec 19 09:55:05 JST 2012
- Clear out @ARGV, rather than restoring it, to avoid messing with Net::Server internals
0.3005 Wed Nov 14 19:46:31 PST 2012
- Added a warning in runtime/documentation to NOT use -r/-R with Starman
0.3004 Thu Nov 8 19:40:45 PST 2012
- Added --interval option to the sample start_server command
- Makefile.PL fix
0.3003 Thu Sep 27 09:39:56 JST 2012
- Fixed the test hang in some environments, introduced in 0.3002 [RT:79865]
0.3002 Tue Sep 25 15:26:43 JST 2012
- Added a documentation for --signal-on-term for Server::Starter 0.12 (kazuho, ether)
- Set REMOTE_PORT PSGI environment variable #50 (dex4er)
- Fix a test failure with a directory containing whitespace (clkao)
0.3001 Mon Jun 25 10:57:20 PDT 2012
- Fix SERVER_NAME and SERVER_PORT not exist on UNIX socket mode #24
- Improved documentation
- Ensure that chunk buffer contains terminating HTTP newline (Peter Makholm)
0.3000 Mon Feb 20 16:31:44 PST 2012
- This be a 0.3 release
0.29_90 Thu Dec 1 19:40:52 PST 2011
- Changed the way server handles HUP and QUIT signals
HUP will just restart all the workers gracefully
QUIT will gracefully shutdown workers and the master
See `man 1 starman` and look for SIGNALS section.
Changes:
1.50 Jul 11, 2012
[ DISTRIBUTION ]
- Switch to Dist::Zilla
- Eliminate HTML docs from distribution, available on web
- Move live Apache tests to author-only
1.49 Feb 27, 2012
[ DOCS ]
- Fixed misspellings in docs. RT #74676. Reported by Salvatore Bonaccorso.
1.48 Feb 3, 2012
[ BUG FIXES ]
- Calling a subcomponent from inside an anonymous component (created via
$interp->make_component) caused an uninitialized value warning. Reported by
Javier Amor Garcia.
Changes:
2.5 June 10th, 2012
New features, thanks to Michael Peters (RT#46258):
- Support for using an alternative HTML::FillInForm class
via param dfv_fif_class.
- Support for supplying defaults for HTML::FillInForm->fill
via param dfv_fif_defaults.
ChangeLog:
0.12 Thu Aug 4 23:56:00 BST 2011
- Changed a test case to be less picky about the actual text captured
from warnings. This was done to support some changes introduced by
the Catalyst -> PSGI port.
ChangeLog:
0.10022 08 Jan 2013
- Fix NoPasswd store (skaufman)
0.10021 30 June 2012
- Change all classes to Moose and MooseX::Emulate::Class::Accessor::Fast,
fixing undeclared dependency on Class::Accessor::Fast.
- Change Catalyst::Authentication::Realm to use String::RewritePrefix
rather than doing namespace mangling manually.
- Fix whitespace and tabs, add Test::EOL and Test::NoTabs
- Document optional methods in stores needed for auto_create_user
and auto_update_user in realms.
- Clarify support channels
- Note primary maintainer in docs.
- Add x_authority metadata.
- Get the NAME right by making it 1 line, due to crappy parsing
in EU::MM (RT#77028)
0.10020 05 May 2012
- Allow user_class to be configured for Catalyst::Authentication::Store::Minimal
(Jochen Lutz <jlu@akk.org>)
0.10019 14 April 2012
- Upgrade code to use Moose compatibility layer (jnap)
- Added some rules to .gitignore for people using macs (jnap)
- Updated copyright info
- Catalyst::Plugin::Authentication::Credential::NoPassword added
(Okko)
- Convert repository to git (fREW Schmidt)
ChangeLog:
- Fixed 'application/x-www-form-urlencoded' for AJAX POSTs post
Firefox 3.x
+ First sourceforge.net hosted version
+ Incremented version number to actually match SVN branch tag
+ Switched to Big-endian date format in the documentation.
Less chance of misunderstandings
* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.
Additionally: Version 3.5.1 fixes a few security issues:
* Server-side request forgery (SSRF) and remote port scanning via pingbacks.
Fixed by the WordPress security team.
* Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
Cave of the WordPress security team.
* Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
was released to address this issue.
ChangeLog:
Revision history for Catalyst-Manual
- Fix minor typos RT 78545, thanks Joe Axford
- Update auth class name RT 77322 Thanks Joe Axford
- Fix typo RT #77247 Thanks John Deighan
5.9004 4th May 2012
- PSGI Compat changes
- Small code changes (thanks sockmonk)
- Small changes to Manual::Components
5.9003 17 Feb 2012
- Mention PSGI in Manual::Ingro RT 74872 (thanks William Blunn).
- Better docs of :Global inspired by RT 74869 (thanks William Blunn)
- Highlight the importance of uncommenting the template line in the
list action
- Clarify docs for nginx in non-root - a trailing slash on the
location block is very much needed.
- Clarified Data::Dumper usage. RT#71410 Thanks to Bill Corr
- Mention Chef deployment in Manual::Deployment (thanks to Alexey
Melezhik)
- Cleaned deps to match current Catalyst reqs.
ChangeLog:
5.90019 - 2012-12-04 21:31:00
- Fix for perl 5.17.6 (commit g7dc8663). RT#81601
- Fix for perl 5.8. RT#61122
- Remove use of MooseX::Types as MooseX::Types is broken on perl5.8
RT#77100 & RT#81121
5.90018 - 2012-10-23 20:55:00
- Changed code in test suite so it no longer trips up on recent changes to
HTTP::Message.
5.90017 - 2012-10-19 22:33:00
- Change Catalsyt _parse_attrs so that when sub attr handlers:
1) Can return multiple pairs of new attributes.
2) Get their returned attributes passed through the correct attribute handler.
e.g sub _parse_Whatever_attr { return Chained => 'foo', PathPart => 'bar' }
Will now work because both new attributes are respected, and the Chained
attribute is passed to _parse_Chained_attr and fixed up correctly by that.
- In Catalyst::Test, don't mangle headers of non-HTML responses. RT#79043
- Refactor request and response class construction to add methods
that roles can hook to feed extra parameters into the constructor
of request or response classes.
5.90016 - 2012-08-16 15:35:00
- prepare_parameters is no longer an attribute builder. It is now a method
that calls the correct underlying functionality (Bill Moseley++)
- Updated Makefile.PL to handle MacOXS tar
- Fix uri_for to handle a stringifiable object
- Fix model/view/controller methods to handle stringifiable objects
- Fix RT#78377 - IIS7 ignores response body for 3xx requests, which
causes (a different) response to be broken when using keepalive.
Fixed by applying Middleware which removes the response body and
content length that Catalyst supplies with redirects.
5.90015 - 2012-06-30 16:57:00
- Fix $c->finalize_headers getting called twice. RT#78090
- Fix test fails in Catalyst-Plugin-Session-State-Cookie. RT#76179
- Fix test fails in Catalyst-Plugin-StackTrace
- Fix test fails in Test-WWW-Mechanize-Catalyst
5.90014 - 2012-06-26 10:00:00
- Fix calling finalize_headers before writing body when using $c->write /
$c->res->write (fixes RT#76179).
5.90013 - 2012-06-21 10:40:00
- Release previous TRIAL as stable.
- We failed to note in the previous changelog that the Makefile.PL has been
improved to make it easier for authors to bootstrap a developer install
of Catalyst.
5.90013 - TRIAL 2012-06-07 20:21:00
New features:
- Merge Catalyst::Controller::ActionRole into Catalyst::Controller.
Bug fixes:
- Fix warnings in some matching cases for Action methods with
Args(), when using Catalyst::DispatchType::Chained
- Fix request body parameters to not be undef if no parameters
are supplied.
- Fix action_args config so that it can be specified in the
top level config.
- Fix t/author/http-server.t on Win32
- Fix use of Test::Aggregate to make tests faster.
5.90012 - 2012-05-16 09:59:00
Distribution META.yml changes:
- author key is now correct, rather than what Module::Install
mis-parses from the documentation.
- x_authority key added.
Bug fixes:
- Fix request body parameters being multiply rebuilt. Fixes both
RT#75607 and CatalystX::DebugFilter
- Make plugin de-duplication work as intended originally, as whilst
duplicate plugins are totally unwise, the C3 error given to the user
is less than helpful.
- Remove dependence on obscure behaviour in B::Hooks::EndOfScope
for backward compatibility. This fixes issues with behaviour changes
in bleadperl. RT#76437
- Work around Moose bug RT#75367 which breaks
Catalyst::Controller::DBIC::API.
Documentation:
- Fix documentation in Catalyst::Component to show attributes and
calling readers, rather than accessing elements in the $self->{} hash
directly.
- Add note in Catalyst::Component to strongly disrecommend $self->config
- Fix vague 'checkout' wording in Catalyst::Utils. RT#77000
- Fix documentation for the 'secure' method in Catalyst:Request. RT#76710
5.90011 - 2012-03-08 16:43:00
Bug fixes:
- Simplification of the previous changes to Catalyst::ScriptRunner
We now just push $FindBin::Bin/../lib to the @INC path again, but
only if one of the dist indicator files (Makefile.PL Build.PL or
dist.ini) can be found in $FindBin::Bin/../$_
This avoids heuristics when the app is unloaded and therefore
works better for extensions which have entire applications in
their test suites.
- Bug fix to again correctly detect checkouts in dist zilla using
applications.
- --background option for the server script now only closes
STDIN, STDOUT and STDERR. This fixes issues with Log::Dispatch
and other loggers which open a file handle when
- Change incorrect use of File::Spec->catdir to File::Spec->catfile
so that we work on platforms which care about this (VMS?)
- Make it more obvious if our PSGI server doesn't pass in a response
callback.
5.90010 - 2012-02-18 00:01:00
Bug fixes:
- Fix the previous fix to Catalyst::ScriptRunner which was resulting
in the lib directory not being pushed onto @INC.
This meant perl ./script/myapp_server.pl failed, however
perl -Ilib ./script/myapp_server.pl would succeed.
5.90009 - 2012-02-16 09:06:00
Bug fixes:
- Fix the debug page so that it works as expected with the latest
refactoring.
- The Catalyst::Utils::home function is used to find if the application
is a checkout in Catalyst::ScriptRunner. This means that a non-existant
lib directory that is relative to the script install location is not
included when not running from a checkout.
- Fix dead links to cpansearch.perl.org to point to metacpan.org.
- Require the latest version of B::Hooks::EndOfScope (0.10) to avoid an
issue with new versions of Module::Runtime (0.012) on perl 5.10
which stopped Catalyst::Controller from compiling.
- In Catalyst::Test, don't mangle headers of non-HTML responses. RT#79043
5.90008 - TRIAL 2012-02-06 20:49:00
New features and refactoring:
- Much of the Catalyst::Engine code has been moved into Catalyst::Request
and Catalyst::Response, to be able to better support asynchronous web
servers such as Twiggy, by making the application engine more reenterant.
This change is as a prequel to full asynchronous support inside Catalyst
for AnyEvent and IO::Async backends, which allow highly scaleable streaming
(for applications such as multi-part XML HTTPRequests, and Websockets).
Deprecations:
- This means that the $c->engine->env method to access the PSGI environment
is now deprecated. The accessor for the PSGI env is now on Catalyst::Request
as per applications which were using Catalyst::Engine::PSGI
Catalyst::Engine::PSGI is now considered fully deprecated.
- The private _dump method in Catalyst::Log is now deprecated. The dumper is
not pluggable and which dumper to use should be a user choice. Using
an imported Dump() or Dumper() function is less typing than $c->log->_dump
and as this method is unused anywhere else in Catalyst, it has been scheduled
for removal as a cleanup. Calling this method will now emit a stack trace
on first call (but not on subsequent calls).
Back compatibility fixes:
- Applications still using Catalyst::Engine::PSGI as they rely on
$c->request->env - this is now the provided (and recommended) way of
accessing the raw PSGI environment.
Tests:
- Spurious warnings have been removed from the test suite
Documentation:
- Fix the display of PROJECT FOUNDER and CONTRIBUTORS sections in the
documentation. These were erroneously being emitted when the Pod
was converted to HTML for search.cpan.org
- Fix documentation for the build_psgi_app app method. Previously the
documentation advised that it provided the psgi app already wrapped
in default middleware. This is not the case - it is the raw app psgi
Faraday is an HTTP client lib that provides a common interface over many
adapters (such as Net::HTTP) and embraces the concept of Rack middleware when
processing the request/response cycle.
Collection.
Tornado is an open source version of the scalable, non-blocking web server and
tools that power FriendFeed. The FriendFeed application is written using a web
framework that looks a bit like web.py or Google's webapp, but with additional
tools and optimizations to take advantage of the underlying non-blocking
infrastructure.
The framework is distinct from most mainstream web server frameworks (and
certainly most Python frameworks) because it is non-blocking and reasonably
fast. Because it is non-blocking and uses epoll or kqueue, it can handle
thousands of simultaneous standing connections, which means it is ideal for
real-time web services. We built the web server specifically to handle
FriendFeed's real-time features -- every active user of FriendFeed maintains
an open connection to the FriendFeed servers.
Changelog:
Tomcat 7.0.35 (markt)
Catalina
fix 54247: Prevent ClassNotFoundExceptions on stop when running as a service. (markt)
fix 54249: Ensure resource properties are available when the context path contains encoded characters such as a space. This triggered compilation issues in Jasper. Patch provided by Polina Genova. (markt)
fix 54256: Improve error reporting when a JAR file fails extension validation by including the name of the JAR file in the exception. (markt)
fix Allow web applications to be stopped cleanly even if filters throw exceptions when their destroy() method is called. (markt/kkolinko)
fix Fix memory leak of servlet instances when running with a SecurityManager and either init() or destroy() methods fail or the servlet is a SingleThreadModel one. (kkolinko)
code Cleanup method cache lookup code in SecurityUtil class. (kkolinko)
add Make the Tomcat 7 non-JSR356 WebSocket implementation non-blocking (where supported by the connector) between the HTTP upgrade and the first WebSocket message from the client to the server. (markt)
fix 54262: Ensure that an empty <absolute-ordering /> element in the main web.xml file disables scanning for web fragments. Based on a patch by Violeta Georgieva. (markt)
fix 54284: As per clarification from the Servlet EG, anonymous Filters and Servlets are not permitted. Patch by Violeta Georgieva. (markt)
fix 54371: Prevent exceptions when processing web fragments for unexpanded WAR files when the context path contains characters that need to be encoded in URLs such as spaces. Based on a patch by Polina Genova. (markt)
add 54372: Make HTTP Digest authentication header parsing tolerant of invalid headers sent by known buggy clients. (markt)
fix 54377: Correctly set request attributes for AccessLog in RemoteIpFilter. Patch by Violeta Georgieva. (markt)
fix 54379: Implement support for post-construct and pre-destroy elements in web.xml. Patch by Violeta Georgieva. (markt)
fix 54380: Do not try to register servlets or contexts into the mapper too early (which just caused a warning to be logged). (kkolinko)
fix Fix NPE in WebappLoader.stopInternal when stop is called after a failed start. (kkolinko)
add 54381: Add support for receiving WebSocket pong messages. (markt)
fix 54382: Fix NPE when SSI processing is enabled and an empty SSI directive is present. (markt)
fix Fix ArrayIndexOutOfBoundsException in HttpParser when parsing incorrect HTTP headers. (kkolinko)
fix 54387: Deployment must fail when multiple servlets are mapped to the same url-pattern. (markt)
fix 54391: Provide a value for the javax.servlet.context.orderedLibs attribute. (markt)
Coyote
fix 54248: Ensure that byte order marks are swallowed when using a Reader to read a request body with a BOM for those encodings that require byte order marks. (markt)
fix Fix release of processors in AjpNioProtocol. Wrong object was used as a key in the connections map. (kkolinko)
Jasper
add 54240: Add support for auto-detection and configuration of JARs on the classpath that provide tag plug-in implementations. Based on a patch by Sheldon Shao. (markt)
fix 54241: Revert the fix for 35410 as it was not compliant with the JSP specification, specifically that <%= obj %> must be translated to out.print(obj) which in turn becomes out.write(String.valueOf(obj)). This will trigger a NullPointerException if obj.toString() returns null. The fix for 35410 incorrectly suppressed the NullPointerException in this case. (markt)
fix 54242: Correct handle null iterations with in the JSTL ForEach tag plug-in implementation. Patch provided by Sheldon Shao. (markt)
fix 54260: Avoid NullPointerException when using JSP unloading and tag files. (markt)
fix 54370: Improve handling of nulls when trying to match sets of parameters to a method in EL. (markt)
fix 54338: Correctly coerce the value to the expected type when using the tag plug-in for the JSTL set tag. Patch provided by Sheldon Shao. (markt)
Web applications
fix 54244: Clarify the documentation for the BIO and NIO SSL configuration attributes sslEnabledProtocols and sslProtocol within the documentation web application. (markt)
add Integrate documentation of Tomcat 7 with Apache Comments System. People can leave their comments when reading documentation online at the tomcat.apache.org site. (rjung)
Other
fix 54390: Use 'java_home' on Mac OS X to auto-detect JAVA_HOME. (schultz)
* Add PostgreSQL support, not tested.
Changelog:
Version 4.5.6 Jan 22th 2013
Improved language detection
Improved translations
Fix link to bugtracker
Several IE 6/7/8 fixes
SabreDAV updated to 1.6.6
Improved error reporting
Support special characters in mountpoint
Interpret http 403 and 401 as not authorized in user_webdavauth
Several fixes for special characters in files and folders
Improved PostgreSQL support
Check database names for valid characters
Fix default email address calculation
Remove debug output on send password page
Add SMTP port configuration option
Only show the max possible upload of 2GB on a 32 bit system
Show progress during file downloads
Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203
Security: Fix Code execution in external storage: CVE-2013-0204
Security: Removed remoteStorage app because of unfixed security problems.
Also bump PKGREVISION for a few packages using it.
The packages I did this for:
net/yaz
lang/parrot
misc/openoffice3 (where I noticed the run-time failure due to missing shared library)
www/webkit-gtk
sysutils/open-vm-tools
inputmethod/ibus-qt
I didn't do this recursively or for all packages using icu
since I didn't know if they used the shared library directly,
some use was optional. The list of packages I didn't touch:
devel/devhelp
databases/idzebra
databases/sqlite3
devel/gnustep-base/
finance/gnucash
games/openttd
graphics/shotwell
lang/mono
meta-pkgs/boost
misc/calibre
misc/libreoffice
news/tin
textproc/php-intl
www/deforaos-surfer
www/epiphany
www/liferea-current
www/midori
Upstream changes:
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
Functional changes
MDL-35422 - To start writing their Workshop submissions, students now click a button labelled 'Start preparing your submission' instead of 'Submit'
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
MDL-36795 - In the default course settings, numsections is not limited to maxsections
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-35717 - Quiz cron not closing old attempts after quiz close date (also MDL-36842)
MDL-37165 - Assignment summary displays on Oracle
MDL-36668 - Performance issue resolved in viewing pages in Database activity
MDL-36760 - Numerical type quiz questions now work with frozen elements changes
MDL-36551 - Database presets retain advanced search template
MDL-33863 - Importing quiz questions into new course happens without error
MDL-36683 - It is now possible to duplicate a quiz when course question bank contains matching questions
Trac-1.0.ja1 (Oct 4, 2012)
* Based on Trac 1.0 'Cell'
* Change document and parameters for this distribution.
- *.trac-ja
- setup.py
- trac/templates/about.html
- trac/templates/theme.html
* Translate default Wiki pages into Japanese.
- trac/wiki/default-pages/*
* Translate default reports into Japanese.
- trac/db_default.py
* Translate default workflow display into Japanese.
* trac/ticket/templates/report.rss
* trac/ticket/templates/report_view.html
* [Patch] Add formatting for report using Japanese column name.
- trac/ticket/report.py
- trac/ticket/templates/report.rss
- trac/ticket/templates/report_view.html
* [Patch] Fix a bug that local time will not be applied
when downloading repository files as Zip.
- trac/versioncontrol/web_ui/changeset.py
* [Patch] Small patch for Unicode
- trac/about.py
* [Patch] Fix based on ticket #10877.
-trac/util/text.py
-trac/util/test/text.py
Trac 1.0 'Cell' (September 7, 2012)
http://svn.edgewall.org/repos/trac/tags/trac-1.0
Trac 1.0 is a major release adding refreshed user interface and
improved DVCS repository support as the most visible changes.
The following list contains only a few highlights:
- The default theme looks more modern, especially on recent browsers
(no effort has been made to make it look better on older browsers
like IE6 or 7)
- The TracHacks GitPlugin has been donated by Herbert Valerio Riedel
to the Trac project (many thanks!) and is now maintained here as an
optional component
- As a consequence, the Subversion support has been moved below
`tracopt.versioncontrol` as well
- The Git and Mercurial log view feature a visualization of the
branching structure
- Usability improvements for the tickets, with a better support for
conflict detection and resolution
- Integration of the TracHacks BatchModifyPlugin, contributed by
Brian Meeker (many thanks!) and is now maintained there as a
default component
- jQuery/UI integration, featuring a date picker for date fields
- Improved integration with Pygments syntax highlighting
- ... and numerous smaller features added and bugs fixed since 0.12!
* Use Lightning in seamonkey tar ball, 2.0pre.
Changelog:
SeaMonkey-specific changes
SeaMonkey can be set as default client/browser on Mac and Linux now.
See the changes page for minor changes.
Mozilla platform changes
The new IonMonkey compiler improves JavaScript performance.
Preliminary support for WebRTC has been added.
Image quality has been improved through a new HTML scaling algorithm.
CSS3 Flexbox has been implemented.
Support for new DOM property window.devicePixelRatio has been added.
Support for @supports has been added (disabled for now).
Startup time has been improved through smart handling of signed extension certificates.
HTML5: Support for W3C touch events has been implemented, taking the place of MozTouch events
Insecure content loading has been disabled on HTTPS pages (see bug 62178).
Responsiveness for users on proxies has been improved.
Fixed several stability issues.
Fixed in SeaMonkey 2.15
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Upstream changes:
1.0015 Thu Jan 10 15:19:17 PST 2013
[BUG FIXES]
- Fixed Lint complaining about Latin-1 range characters stored internally with
utf8 flag on (Mark Fowler)
- HTTP::Message::PSGI::res_from_psgi now always returns empty string
for an empty response body, so streamed responses are consistent with
non-streamed (ether)
1.0014 Mon Dec 3 10:27:43 PST 2012
[BUG FIXES]
- Fixed Hash order in tests for perl 5.17 (doy)
- Fixed StackTrace tests to run with Devel::StackTrace
[IMPROVEMENTS]
- Plack::Middleware::AccessLog can now log the worker pid and server
port (ether)
1.0013 Wed Nov 14 19:46:49 PST 2012
[BUG FIXES]
- Make sure psgi.input is seeked even when the input is buffered (Getty, leedo)
- Delete invalid (empty) CONTENT_LENGTH and CONTENT_TYPE in FCGI (Getty, leedo)
1.0012 Wed Nov 14 12:00:17 PST 2012
[IMPROVEMENTS]
- Make conditional middleware work with initialization without an app (doy)
- Added force option to BufferedStreaming
1.0011 Sun Nov 11 11:05:30 PST 2012
[BUG FIXES]
- Fix bad Content-Length that could be caused with mod_perl (avar)
- Allow an empty PATH_INFO in Lint per PSGI spec
1.0010 Fri Nov 2 13:30:50 PDT 2012
[IMPROVEMENTS]
- Added vim .swp files to the default ignore list in Restarter
- Check if PATH_INFO begins with / in Lint
1.0009 Tue Oct 23 00:57:16 PDT 2012
[BUG FIXES]
- Correct fix to address drive letters for Win32
1.0008 Mon Oct 22 18:52:29 PDT 2012
[BUG FIXES]
- Allow drive letters for absolute paths for plackup and load_psgi #343
1.0007 Sat Oct 20 23:20:20 PDT 2012
[IMPROVEMENTS]
- Fix test failures with HTTP::Message 6.06. #345
- relaxed plackup -R ignore files and directoris. #260
1.0006 Thu Oct 18 16:06:15 PDT 2012
[INCOMPATIBLE CHANGES]
- plackup foo.psgi will not search the file in @INC anymore before the current directory
See https://github.com/plack/Plack/pull/343 for details (miyagawa)
[NEW FEATURES]
- plackup --path /foo will mount the application under /path (mattn)
[BUG FIXES]
- AccessLog: Fix the timezon offset for certain timezones
- ErrorDocument: support streaming interface
1.0005 Tue Oct 9 13:33:47 PDT 2012
[NEW FEATURES]
- Support psgix.cleanup handlers in Apache2 (avar)
- Added REMOTE_PORT environment variable to HTTP::Server::PSGI (dex4er)
[IMPROVEMENTS]
- Documentation fix for multiple cookie values (miyagawa)
- Delete MOD_PERL environment variable for better compatibilities (avar)
- Split out Plack::TempBuffer as a standalone Stream::Buffered module (doy)
- Bump Test::TCP dep
1.0004 Thu Sep 20 08:36:11 JST 2012
[NEW FEATURES]
- Added psgix.harakiri support in HTTP::Server::PSGI
[IMPROVEMENTS]
- Preload TempBuffer modules (avar)
- Documentation fixes (autarch)
Upstream changes:
2.94 Thu Jan 17 2013
- Fixed bug where options were bleeding over into subsequent calls to new()
[Michael Peters]
2.93 Wed Jan 16 2013
- Feature: Added config() method to make setting global defaults
easy so that each call to new() has less boiler plate. [Michael
Peters]
- Bug Fix: t/05-force_untaint.t now passes when run with prove
[Michael Peters]
- Bug Fix: die_on_bad_params now controls whether we die if tmpl_vars
reuse names from tmpl_loops (which can be useful in some situations)
[Michael Peters]
www/py-werkzeug-docs.
Based on PR pkg/47381 by Richard PALO.
This package contains the HTML documentation for Werkzeug.
Werkzeug is a WSGI utility library for Python. It's widely used
and BSD licensed.
Werkzeug started as a simple collection of various utilities for
WSGI applications and has become one of the most advanced WSGI
utility modules. It includes a powerful debugger, fully featured
request and response objects, HTTP utilities to handle entity tags,
cache control headers, HTTP dates, cookie handling, file uploads,
a powerful URL routing system and a bunch of community contributed
addon modules.
It does Unicode and doesn't enforce a specific template engine,
database adapter or anything else. It doesn't even enforce a specific
way of handling requests and leaves all that up to the developer.
HTTP::Server::Simple::Authen is an HTTP::Server::Simple plugin to allow
HTTP authentication. Authentication scheme is pluggable and you can use
whatever Authentication protocol that Authen::Simple supports.
* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
* [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
* Fixed erroneous test case in the 1.3.x series
* January 6th, 2013: Twenty eighth public release 1.3.7
* Add warnings when users do not provide a session secret
* Fix parsing performance for unquoted filenames
* Updated URI backports
* Fix URI backport version matching, and silence constant warnings
* Correct parameter parsing with empty values
* Correct rackup '-I' flag, to allow multiple uses
* Correct rackup pidfile handling
* Report rackup line numbers correctly
* Fix request loops caused by non-stale nonces with time limits
* Fix reloader on Windows
* Prevent infinite recursions from Response#to_ary
* Various middleware better conforms to the body close specification
* Updated language for the body close specification
* Additional notes regarding ECMA escape compatibility issues
* Fix the parsing of multiple ranges in range headers
* January 7th, 2013: Thirtieth public release 1.3.8
* Security: Prevent unbounded reads in large multipart boundaries
* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
* [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
* Fixed erroneous test case in the 1.3.x series
* January 6th, 2013: Twenty seventh public release 1.2.6
* Add warnings when users do not provide a session secret
* Fix parsing performance for unquoted filenames
* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
* [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
* Fixed erroneous test case in the 1.3.x series
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package tracks 17.0.x extended support release.
Frozen-Flask freezes a Flask application into a set of static files.
The result can be hosted without any server-side software other
than a traditional web server.
Flask-Uploads provides flexible upload handling for Flask applications.
It lets you divide your uploads into sets that the application user
can publish separately.
Version 3.0.3 (2013-01-08)
--------------------------
### Fixed
Do not separate a style sheet with a font-face selector if the definition is
invisible or the media type of the style sheet is "all" (see #5216).
### Fixed
Looking for theme templates broke the install routine (see #5210).
### Fixed
Correctly handle empty newsletter channel selections.
Flask-SQLAlchemy is an extension for Flask that adds support for
SQLAlchemy to your application. It requires SQLAlchemy 0.6 or
higher. It aims to simplify using SQLAlchemy with Flask by providing
useful defaults and extra helpers that make it easier to accomplish
common tasks.
Flask-Login provides user session management for Flask. It handles
the common tasks of logging in, logging out, and remembering your
users' sessions over extended periods of time.
