Changes:
Addressed 31 bugs in 3.8, including various fixes and improvements for the new
dashboard design and new themes admin screen.
More info at http://codex.wordpress.org/Version_3.8.1
- Django 1.6 compatibility
- Using bulk_create to speed up revision creation.
- Including docs in source distribution
- Spanish translation
- Fixing edge-case bugs in revision middleware
* A couple of issues with Django 1.6 have been fixed (including bad error handling and a loaddata incompatability)
* Migrations now import datetime from a special South module which provides the correct tz-aware or tz-naive version.
* A couple of issues fixed, including double-indexing errors, and correct persistence of non-unique indexes across ALTERs.
* The new localflavor fields are automatically accepted by the introspector.
Prevented the base geometry object of a prepared geometry to be garbage collected, which could lead to crash Django.
Fixed a crash when executing the changepassword command when the user object representation contained non-ASCII characters.
The collectstatic command will raise an error rather than default to using the current working directory if STATIC_ROOT is not set. Combined with the --clear option, the previous behavior could wipe anything below the current working directory.
Fixed mail encoding on Python 3.3.3+.
Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, the connection wasn’t in autocommit mode but Django pretended it was.
Fixed a regression in multiple-table inheritance exclude() queries.
Added missing items to django.utils.timezone.__all__.
Fixed a field misalignment issue with select_related() and model inheritance.
Fixed join promotion for negated AND conditions.
Oracle database introspection now works with boolean and float fields.
Fixed an issue where lazy objects weren’t actually marked as safe when passed through mark_safe() and could end up being double-escaped
Upstream changes:
0.039 2013-11-27 19:48:29 America/New_York
[FIXED]
- Temporary file creating during mirror() is now opened with O_EXCL
for added security
Changelog:
NEW
You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
CHANGED
Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
CHANGED
Added support for SPDY 3.1 protocol
DEVELOPER
Ability to reset style sheets using 'all:unset'
DEVELOPER
You can now choose to deobfuscate javascript in the debugger (see 762761)
DEVELOPER
Added support for scrolled fieldsets (see 261037)
DEVELOPER
Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282)
DEVELOPER
CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672)
DEVELOPER
Added support for ES6 generators in SpiderMonkey (see blog post)
DEVELOPER
Implemented support for mathematical function Math.hypot() in ES6 (see 896264)
HTML5
Dashed line support on Canvas (see 768067)
FIXED
Get Azure/Skia content rendering working on Linux (see 740200)
FIXED
27.0: Security fixes can be found here
Fixed in Firefox 27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
it will concat to next line "SPECIAL_PERMS", then it result in creating unwanted
directory and let "pinger" to install into wrong directry, and permission is not
set correctly.
Bump PKGREVISION.
0.620 (12.18.2013) - John Siracusa <siracusa@gmail.com>
* Eliminate a perl 5.19 "precedence issue with control flow operator"
warning.
0.619 (07.24.2013) - John Siracusa <siracusa@gmail.com>
* Fixed incorrect return statements (RT 87253) (Patch by Reini Urban)
This engine is designed to run as a standalone Catalyst server,
without requiring the use of another web server. Its goals are
high-performance, HTTP/1.1 compliance, and robustness. It is also
suitable for use as a faster development server with support for
automatic restarting.
This module parses HTTP headers using a C++ state machine. (Hence
this being an XS module.) The goal is to be fast, not necessarily
to do everything you could ever want.
Headers are not static, you can parse them, munge them, or even
build them using this module. See the SYNOPSIS for more information
on how to use this module.
0.1505 2013-06-10
* Fix RT#82944 - test fails on perl >= 5.17.3
* Return undef if there isn't a user. This will cause an exception
but a more helpful exception (probably from DBIC) than the inability
to call a method in this code.
0.1504 2012-10-05
* Make use_userdata_from_session use inflate_result since this is
already-stored data, not a "new" object being created
Upstream changelog:
Tomcat 6.0.39 (markt)
Catalina
fix 55166: Fix regression that broke XML validation when
running on some Java 5 JVMs. (kkolinko)
Coyote
fix Make the HTTP NIO connector tolerant of whitespace
in the individual values used for the ciphers attribute.
(markt)
fix Remove dependency introduced on the jsp-api.jar as
part of the XML validation changes introduced in 6.0.38.
(markt)
Jasper
fix Correct several errors in jspxml Schema and DTD. (kkolinko)
Cluster
code Remove an empty TestTwoPhaseCommit test from Tribes. (kkolinko)
Web applications
fix Fix broken link in Jasper How-To documentation. (markt)
fix Align index.html and index.jsp in ROOT web application.
Correct links to specifications and to the Tomcat mailing
lists. (kkolinko)
fix Remove second copy of RUNNING.txt from the full-docs
distribution. Some unpacking utilities can't handle
multiple copies of a file with the same name in a directory.
(kkolinko)
Other
update Update sample Eclipse IDE project: use JUnit 4 library
and prefer a Java 5 JDK when several JDKs are configured.
Cleanup the Ant build files. (kkolinko)
fix Correct Maven dependencies for individual JAR files. (markt)
Tomcat 6.0.38 (markt) not released
Catalina
fix Ensure that when Tomcat's anti-resource locking features
are used that the temporary copy of the web application
and not the original is removed when the web application
stops. (markt/kkolinko)
fix 55019: Fix a potential exception when accessing JSPs
while running under a SecurityManager. (jfclere)
fix 55052: Make JULI's LogManager to additionally look for
logging properties without prefixes if the property
cannot be found with a prefix. (kkolinko)
fix 55266: Ensure that the session ID is parsed from the
request before any redirect as the session ID may need
to be encoded as part of the redirect URL. (markt)
fix 55404: Log warnings about using security roles in web.xml
as warnings. (markt)
fix 55268: Added optional --service-start-wait-time
command-line option to change service start wait time
from default of 10 seconds. (schultz)
fix Correctly associate the default resource bundle with
the English locale so that requests that specify an
Accept-Language of English ahead of French, Spanish or
Japanese get the English messages they asked for. (markt)
fix Add missing JavaEE 5 XML schema definitions. (markt)
fix When Catalina parses TLD files, always use a namespace
aware parser to be consistent with how Jasper parses
TLD files. The tldNamespaceAware attribute of the Context
is now ignored. (markt)
fix As per section SRV.14.4.3 of the Servlet 2.5 specification,
a namespace aware, validating parser will be used when
processing *.tld and web.xml files if the system property
org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set
to true. (markt)
fix Ensure that sessions IDs are not parsed from URLs for
Contexts where disableURLRewriting is true. (markt)
add Add an option to the Context to control the blocking of
XML external entities when parsing XML configuration
files and enable this blocking by default when a security
manager is used. The block is implemented via a custom
resolver to enable the logging of any blocked entities.
(markt)
fix 56016: When loading resources for XML schema validation,
take account of the possibility that servlet-api.jar and
jsp-api.jar may not be loaded by the same class loader.
Patch by Juan Carlos Estibariz. (markt)
Coyote
fix 52811: Fix parsing of Content-Type header in
HttpServletResponse.setContentType(). Introduces a new
HTTP header parser that follows RFC2616. (markt)
fix 54691: Add configuration attribute "sslEnabledProtocols"
to HTTP connector and document it. (Internally this
attribute has been already implemented but not documented,
under names "protocols" and "sslProtocols". Those names
of this attribute are now deprecated). (schultz)
fix 54947: Fix the HTTP NIO connector that incorrectly
rejected a request if the CRLF terminating the request
line was split across multiple packets.
Patch by Konstantin Preißer. (markt)
fix 55228: Allow web applications to set a HTTP Date header.
(markt)
fix Better adherence to RFC2616 for content-length headers.
(markt)
fix Add support for limiting the size of chunk extensions
when using chunked encoding. (markt)
fix 55749: Improve the error message when SSLEngine is
disabled in the AprLifecycleListener and SSL is
configured for an APR/native connector. (markt)
fix Avoid possible NPE if a content type is specified without
a character set. (markt)
Jasper
fix 55198: Ensure attribute values in tagx files that include
EL and quoted XML characters are correctly quoted in
the output. (markt)
fix 55671: Consistently use the configuration option name
genStringAsCharArray rather than a mixture of
genStrAsCharArray and genStringAsCharArray but retain
support for genStrAsCharArray as in initialisation
parameter for the JSP servlet to retain backwards
compatibility with existing configurations. (markt)
fix 55691: Fix javax.el.ArrayELResolver to correctly handle
the case where the base object is an array of primitives.
(markt)
fix 55973: Fix processing of XML schemas when validation
is enabled in Jasper. (kkolinko)
Web applications
add Add documentation for
o.a.c.tribes.group.interceptors.TcpFailureDetector. (kfujino)
add Complete the documentation for MessageDispatch15Interceptor.
(kfujino)
add Add to cluster document a description of
notifyLifecycleListenerOnFailure and
heartbeatBackgroundEnabled. (kfujino)
fix 55746: Add documentation on the allRolesMode to the
CombinedRealm and LockOutRealm. Patch by Cédric Couralet.
(markt)
fix Fix the sample configuration of StaticMembershipInterceptor
in order to prevent warning log. uniqueId must be 16 bytes.
(kfujino)
fix 55119: Avoid CVE-2013-1571 when generating Javadoc. (markt)
Other
update Update Maven Central location used to download
dependencies at build time to be repo.maven.apache.org.
(kkolinko)
fix 55663: Minor correction to the wording of the NOTICE files
to align them with the requirements for NOTICE files.
(violetagg)
fix Add @since markers to the common annotations classes and
fix a few specification compliance issues. (markt)
update Update to Eclipse JDT Compiler 4.3.1. (markt)
update Update the Apache Jakarta JSTL implementation used by
the exmaples web application to 1.1.2. (markt)
0.31 2013-09-09 16:30:00
- Updated docs to reflect config key change from 'static' to
'Plugin::Static::Simple' (RT#77709)
- Migrated repository from subversion to git
- Fixed MIME::Types 2.xx compatibility be removing call to an
undocumented method
- Bumped the MIME::Types requirement to 2.03 to ensure its
improvements make it into Catalyst environments
0.30 2012-05-04 17:05:00
- Add Cache-Control:public header
- Optionally provide Expires header
- Change configuration key to 'Plugin::Static::Simple' by default.
The old 'static' key is still supported, but issues a warning.
pkgsrc changes: distfile now apparently in 'gtar' format, not standard. annoying
0.33 Mon Jan 13 2014
- Fix config loading so that if passed a directory including
a . in the file name, then loading it as a directory works
(would have previously tried to force a specific filename
and failed)
- More comprehensive tests
This module implements a very simple parser for cookies used in
HTTP applications. We've found CGI::Simple::Cookie and CGI::Cookie
rather slow according to the profiling results for our OpenResty
project, hence the rewrite in C.
WARNING: This module is obsolete; please use CGI::Cookie::XS instead.
This module implements a very simple parser for cookies used in
HTTP applications. We've found CGI::Simple::Cookie and CGI::Cookie
rather slow according to the profiling results for our OpenResty
project, hence the rewrite in C.
Special effort has been made to ensure this module works in the
same way as the latest CGI::Cookie (i.e., the pure Perl implementation).
If you find it doesn't, please let us know.
Revision history for Perl extension Catalyst::Plugin::Session
0.39 2013-10-16
- Fixed a bug when "expiry_threshold" is non-zero, where changes to the
session were not saved.
0.38 2013-09-18
- New feature: "expiry_threshold" which allows you more control over when
this plugin checks and updates the expiration date for the session.
This is useful when you have high traffic and need to reduce the number
of session expiration hits (like if you are using a database for sessions
and your db is getting pounded).
Key pkgsrc change - move p5-Class-Data-Inheritable from BUILD_DEPENDS to
DEPENDS, as is needed at runtime (previous p5-Catalyst-Runtime package would
fail to run on non build machine due to this)
5.90053 - 2013-12-21
- Reverted a change in the previous release that moved the setup_log phase
to after setup_config. This change was made to allow people to use
configuration that is late loaded (such as via the ConfigLoader Plugin)
to setup the plugin. However it also broke the ability to use the log
during plugin setup (ie, it breaks lots of plugins). Reverting the
change. See Catalyst::Delta for workarounds.
5.90052 - 2013-12-18
- Fixed first block of startup debug messages missing when using a custom
logger that gets set at runtime, for example by overriding finalize_config
- Give a more descriptive error message when trying to load middleware that
does not exist.
- Change the way we initialize plugins to fix a bug where when using the
populare ConfigLoader plugin, configs merged are not available for setting
up middleware and data handlers (and probably other things as well).
NOTE: This change might cause issues if you had code that was relying on the
broken behavior. For example external configuration that was being loaded to
late to have effect might now take effect. Please test you code carefully and
be aware of this possible issue </NOTE>.
- You may now also call 'setup_middleware' as a package method if you think
that loading middleware via configuration is a weird or broken idea.
- Various POD formating fixed.
- Improved some documentation about what type of filehandles that ->body can
accept and issues that might arise.
5.90051 - 2013-11-06
- Be more skeptical of the existance of $request->env to fix a regression
introduced in Catalyst::Action::REST by the previous release
5.90050 - 2013-11-05
- Previously public predicates on the following attributes are now considered
private and their method names have been changed to follow Perl convention
for internal methods:
-- Catalyst::Request->has_io_fh ==> _has_io_fh
-- Catalyst::Request->has_env ==> _has_env
-- Catalyst::Response->has_write_fh ==> _has_write_fh
These are breaking changes but these methods were never documented and serve
no use for external code. If you are using thing, you need to make the noted
change (but please consider finding another way to do what you are trying to
do). t0m++ for code review of Hamburg branch.
5.90049_006 - 2013-11-04
- Fixed case where test could fail when Starman was partly installed (n0body++)
- Fixed missing date information in previous release
5.90049_005 - 2013-10-31
- NEW FEATURE: New Controller action attribute 'Consumes', which allows you
to specify the content type of the incoming request. This makes it easier
to create actions that only handle certain content type POST or PUT, such
as actions that only handle JSON or actions that only understand classic
HTML forms.
- NEW FEATURE: Request->body_data is now also populated from classic HTML
Forms using CGI::Struct to support nested data. For non nested data you
should use the classic ->body_parameters method.
- Removed PSGI $env keys that are added on the 'plack.request.*' namespace
since after discussion it was clear those keys are not part of the public
API. Keys removed: 'plack.request.query', 'plack.request.body',
'plack.request.merged' and 'plack.request.http.body'. Altered some test
cases to reflect this change.
5.90049_004 - 2013-10-18
- JSON Data handler looks for both JSON::MaybeXS and JSON, and uses
whichever is first (prefering to find JSON::MaybeXS). This should
improve compatibility as you likely already have one installed.
- Fixed a warning in the server script (bokutin++)
- We now populate various Plack $env keys in order to play nice with
downstream middleware or plack apps (and to reduce processing if
those keys already exist). Keys added:
- plack.request.query
- plack.request.body
- plack.request.merged
- plack.request.http.body
(NOTE: REMOVED IN 5.90049_005)
- If incoming input (from a POST or PUT) is not buffered, create the
buffer and set the correct psgi env keys to note this for downstream
psgi apps / middleware. This should solve some issues where Catalyst
sucks up the body input but its not buffered so downstream apps can't
read it (for example FCGI does not buffer). We now also try to make
sure the body content input is reset to the start of the filehandle
so that we are polite to downstream middleware /apps.
- NEW FEATURE: Catalyst::Response can now pull response from a PSGI
specification response. This makes it easier to host external Plack
applications under Catalyst. See Catalyst::Response->from_psgi_response
- NEW FEATURE: New configuration option 'use_hash_multivalue_in_request'
will populate $request methods 'parameters', 'body_parameters' and
'query_parameters' with an instance of Hash::MultiValue instead of a
HashRef. This is used by Plack and is intended to reduce the need to
write defensive logic since you are never sure if an incoming parameter
is a scalar or arrayref.
- NEW FEATURE: We now experimentally support Net::Async::HTTP::Server
and IO-Async based event loops. Examples will follow.
5.90049_003 - 2013-09-20
- Documented the new body_data method added in the previous release
- Merged from master many important bugfixes and forward compatiblity
updates, including:
- Use modern preferred method for Moose metaclass access and many other
small changes to how we use Moose for better forward compat (ether++)
- Killed some evil use of $@ (ether++)
- spelling fixes and documentation updates (ether++), (gerda++)
- use Test::Fatal over Test::Exception (ether++)
- Misc. test case fixes to modernize code (ether++)
- Added a first pass cpanfile, to try and make it easier to bootstrap
a development setup (ether++)
5.90049_002 - 2013-08-20
- Fixed loading middleware from project directory
- Fixed some pointless warnings when middleware class lacked VERSION
- NEW FEATURE: Declare global 'data_handlers' for parsing HTTP POST/PUT
alternative content, and created default JSON handler. Yes, now Catalyst
handles JSON request content out of the box! More docs eventually but
for now see the DATA HANDLERS section in Catalyst.pm (or review the test
case t/data_handler.t
5.90049_001 - 2013-07-26
- Declare PSGI compliant Middleware as part of your Catalyst Application via
a new configuration key, "psgi_middleware".
- Increased lowest allowed module version for Module::Pluggable to be 4.7 (up
from 3.4) to solve the fact this is no longer bundled with Perl in v5.18.
Provide Regex DispatchType for Catalyst (deprecated)
Regex dispatch types have been deprecated and removed from Catalyst
core. It is recommend that you use Chained methods or other techniques
instead. As part of the refactoring, the dispatch priority of Regex
vs Regexp vs LocalRegex vs LocalRegexp may have changed. Priority
is now influenced by when the dispatch type is first seen in your
application.
This module allows transforming CGI GET/POST data into intricate
data structures. It is reminiscent of PHP's building arrays from
form data, but with a perl twist.
Upstream changes:
4.76 2014-02-04
- Added wrap method to Mojo::DOM.
- Updated IO::Socket::IP requirement to 0.20 for certain bug fixes.
- Improved Mojo::DOM::HTML to generate better HTML.
4.75 2014-02-02
- Fixed and readded support for permessage-deflate WebSocket compression.
(Mikey, sri)
4.74 2014-02-02
- Added all_contents method to Mojo::DOM.
- Removed support for permessage-deflate WebSocket compression, since there
have been too many problems with Chrome.
* pkgsrc change: remove obsolete lines for contao31.
Version 3.2.5 (2014-02-03)
--------------------------
### Fixed
Correctly load the parent pages in the navigation modules (see #6696).
### Fixed
Correctly encode URLs with GET parameters in the syndication links (see #6683).
### Fixed
Do not pass POST data to the `deserialize()` function, so it is not vulnerable
to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).
### Fixed
Allow any character in passwords, especially the less-than symbol (see #6447).
### Fixed
Purge the image cache if a file is being renamed (see #6641).
### Fixed
Preserve tags in custom CSS definitions (see #6667).
### Fixed
Make the swipe CSS selectors more specific (see #6666).
### Fixed
Correctly optimize floating-point numbers in style sheets (see #6674).
Version 2.11.14 (2014-02-03)
----------------------------
### Fixed
Do not pass POST data to the `deserialize()` function, so it is not vulnerable
to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).
Changelog:
Version 6.0.1 Jan 22th 2014
Fix handling of encryption keys
Disable xcache in case admin auth is disabled
Speed DB improvements in user home directory location fetching
Fix some APC configuration problems
Fix duplicate .exe mime-type detection
Support DECIMAL DB schema statement
Fix some API response code problems
Added download workaround for some Android versions.
Turn off not working mod_pagespeed extension
Command line tool option to show user number
Some LDAP fixes for certain configurations
Fix previews for reshared files
Fix unshare on delete behaviour
Fix a CIFS mounting timezone problem
File Trash handling fixes
Fix potential data corruption problem during massive parallel uploads of the same file
Fix versions expiration logic
Fix public upload progress bar
Fix issues with intermittent “Insufficient Storage” message when quota is enabled
Upstream changes:
4.73 2014-02-01
- Improved xml_escape performance significantly.
- Improved html_unescape and url_unescape performance.
- Fixed Mojo::UserAgent::Transactor to handle redirects more like most
common browsers.
4.72 2014-01-29
- Added accepts, template_for and template_handler methods to
Mojolicious::Renderer.
- Added accepts helper to Mojolicious::Plugin::DefaultHelpers.
- Added before_render hook.
- Fixed bug in Mojo::Transaction::WebSocket that prevented decompression
errors from being handled gracefully.
4.71 2014-01-28
- Fixed a few compression bugs in Mojo::Transaction::WebSocket and
Mojo::Content.
4.70 2014-01-26
- Added extract_usage method to Mojolicious::Command.
- Added unindent method to Mojo::ByteStream.
- Added unindent function to Mojo::Util.
- Updated jQuery to version 2.1.
- Improved all built-in commands to show usage information in their SYNOPSIS
sections.
- Improved tag helpers to make data attributes more convenient. (ravengerUA)
%= tag 'div', data => {my_id => 1, Name => 'test'} => 'some content'
is equivalent to
%= tag 'div', data-my-id => 1, data-name => 'test' => 'some content'
- Fixed indentation of code in documentation browser.
4.69 2014-01-24
- Improved router to allow format detection for bridges.
4.68 2014-01-22
- Added Mojo::DOM::Node.
- Added contents and node methods to Mojo::DOM.
- Removed deprecated http_proxy, https_proxy, name and no_proxy attributes
from Mojo::UserAgent.
- Removed deprecated app, app_url, detect_proxy and need_proxy methods from
Mojo::UserAgent.
- Improved router to allow placeholders anywhere in a pattern to become
optional.
"get '/foo/:bar/baz' => {bar => 'bar'};" now matches "/foo/baz"
"get '/foo(:bar)baz' => {bar => 'bar'};" now matches "/foobaz"
- Improved request_ok method in Test::Mojo to handle WebSocket handshakes.
- Improved Mojo::IOLoop::Server to use address and port for descriptor
inheritance.
- Improved list of available commands to be alphabetical. (jberger)
- Fixed select_field helper to be nondestructive.
- Fixed XML semantics bug in Mojo::DOM::HTML.
4.67 2014-01-11
- Added history and max_history_size attributes to Mojo::Log.
- Improved exception and not found pages with log messages.
- Improved exception page with more information.
- Improved not found page with a more generic message.
- Improved inline templates to use their checksum as name.
New features:
- Add command line option -version
- Better error management of geoip modules.
- Update domains, robots and search engines database:
- Windows 8 + iOS Support in AWStats
- Detection of 8.1 and IE11.
Fixes:
- When using builddate option of script awstats_buildstaticpages,
static link is wrong.
- Restore detection of Opera browsers versions.
- GeoIP Cities page doesnt work.
- Add missing icons.
- Avoid warning mixed http/https with module graphgooglechartapi.
- $MinHit{'Host'} rather than $MinHit{'Login'} used in sub HTMLShowLogins.
Other:
- Move version system to sourceforge Git instead of CVS.
imap/pop3/smtp: Added support for SASL authentication downgrades
imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
TheArtOfHttpScripting: major update, converted layout and more
mprintf: Added support for I, I32 and I64 size specifiers
makefile: Added support for VC7, VC11 and VC12
Bugfixes:
SECURITY ADVISORY: re-use of wrong HTTP NTLM connection
curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
pop3: Fixed APOP being determined by CAPA response rather than by timestamp
Curl_pp_readresp: zero terminate line
FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
pop3: Fixed auth preference not being honored when CAPA not supported
imap: Fixed auth preference not being honored when CAPABILITY not supported
threaded resolver: Use pthread_t * for curl_thread_t
FILE: we don't support paused transfers using this protocol
connect: Try all addresses in first connection attempt
curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
OpenSSL: Fix forcing SSLv3 connections
openssl: allow explicit sslv2 selection
FTP parselist: fix "total" parser
conncache: fix possible dereference of null pointer
multi.c: fix possible dereference of null pointer
mk-ca-bundle: introduces -d and warns about using this script
ConnectionExists: fix NTLM check for new connection
trynextip: fix build for non-IPV6 capable systems
Curl_updateconninfo: don't do anything for UDP "connections"
darwinssl: un-break Leopard build after PKCS-12 change
threaded-resolver: never use NULL hints with getaddrinf
multi_socket: remind app if timeout didn't run
OpenSSL: deselect weak ciphers by default
error message: Sensible message on timeout when transfer size unknown
curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
configure: fix gssapi linking on HP-UX
chunked-parser: abort on overflows, allow 64 bit chunks
chunked parsing: relax the CR strictness
cookie: max-age fixes
progress bar: always update when at 100%
progress bar: increase update frequency to 10Hz
tool: Fixed incorrect return code if command line parser runs out of memory
tool: Fixed incorrect return code if password prompting runs out of memory
HTTP POST: omit Content-Length if data size is unknown
GnuTLS: disable insecure ciphers
GnuTLS: honor --slv2 and the --tlsv1[.N] switches
multi: Fixed a memory leak on OOM condition
netrc: Fixed a memory and file descriptor leak on OOM
getpass: fix password parsing from console
TFTP: fix crash on time-out
hostip: don't remove DNS entries that are in use
tests: lots of tests fixed to pass the OOM torture tests
