even when python is enabled, comment out python dependency.
New in version 0.3.0
====================
* WARNING!!! Slight API change!!! see docs
for px_proxy_factory_get_proxies()
* Credentials support (see API change above)
* A complete rewrite of the module manager
* file:// as valid PAC URLs
* Sample Mono application
* Automake 1.11 shaved output
* gnome backend rewrite (now w/o thread issues)
* Test suite base functionality exists
* Many solaris build fixes
* Seamonkey support as JS pacrunner
* Bugfixes
* Compiles for MS Windows using Mingw
Since 1.6-rc
------------
bugfix: Some widgets in the dashboard showed wrong icons when item spanned more than one line.
bugfix: Template subtasks don't keep linked objects.
bugfix: Query error when upgrading from 1.5.3.
bugfix: Missing lang for archived objects in objects' history.
bugfix: Don't allow trashing the owner company.
bugfix: Opengoo stops working if owner company was trashed.
bugfix: When discarding an email, two confirmation prompts pop up.
bugfix: When clicking on print report, on time module, the active workspace should be set as the workspace for the report.
bugfix: Linked "Weblink files" showed a "Download" shortcut instead of an "Open weblink" shortcut.
bigfix: Importing calendar ics file wasn't working.
bugfix: When editing a document, tags were lost.
bugfix: Send email buttons unaligned on some languages.
bugfix: Some contact websites were missing the "http://" in the contacts listing.
bugfix: Fixed detection of autodetect timezone config option.
bugfix: Repeating events a fixed number of times didn't show the last repetition.
bugfix: Changed how quoted text is hidden.
bugfix: Added a tabstop to HTML email composing.
bugfix: Sorting emails by subject sorted by date.
bugfix: Sometimes completed tasks were shown when filtering by "Pending" (completed_by_id was 0).
Since 1.6-beta3
---------------
feature: User config option to hide quoted text added.
feature: Added a cron event to clear tmp folder.
usability: Added an icon for archived objects on the object's view, like there is for trashed objects.
usability: When deleting a company warn about deleting users.
bugfix: Displaying a document in IIS showed "Connection reset error".
bugfix: Tags with accents don't filter correctly on IE.
bugfix: '24 hour' / 'AM-PM' user config option not respected in listings.
bugfix: Add user: billing category is mandatory, it shouldn't be mandatory.
bugfix: Error importing companies when no workspace is selected.
bugfix: If forwarding an email with attachments, saving a draft, and sending the email, an error pops up about not being able to attach.
bugfix: When importing contacts from a vCard file, all contacts with no email were considered as the same contact.
bugfix: Fixed several Errors and warnings logged in log.php.
bugfix: Objects of archived workspaces were not being filtered out.
bugfix: Archived documents and messages were not being filtered out of the Dashboard.
bugfix: Search results were printed in reverse modified date order.
bugfix: Contact birthdays were not being shown in the dashboard calendar.
bugfix: When viewing a custom report, date parameters in conditions were shown as today's date.
Since 1.6-beta2
---------------
usability: Added pagination to the Time module.
usability: Show 'Archived by' in object properties if an object is archived.
usability: Show read/unread status in Dahsboard/View as list.
usability: Warn a user when replying or forwarding an email and a new email arrives at the conversation.
usability: Add the magnifying glass to the email views.
usability: Removed 'Account already being checked' error message.
bugfix: An empty 'Custom properties' fieldset is shown in 'Update profile'.
bugfix: Fix autodetect timezone with DST and enable by default.
bugfix: Check mail doesn't refresh view if an error occurs in one account.
bugfix: Filtering email conversations by tag is not working correctly. It should show a conversation if any one email in it is tagged.
bugfix: If someone replies to an email but changes the subject the email should be put into a new conversation.
bugfix: If you delete the newest email in a conversation, the conversation is no longer listed (when email is shown as conversation).
bugfix: Notifications are not sent when subscribing from 'Modify subscribers'.
bugfix: Put default repetition value for repeating events and tasks.
bugfix: Remove illegal UTF-8 characters before saving an email.
bugfix: Save custom fields when saving an email draft.
bugfix: Sort emails by received date instead of sent date in email listing and in conversation listing (in email view).
bugfix: Value for 'mail_drag_prompt' user config option is not loaded correctly.
bugfix: Wrap HTML emails in a div with CKEditor style.
bugfix: Delete conversation after deleting last email in conversation.
bugfix: An email's quoted reply is deleted when changing 'From' account.
bugfix: Replying to an email, saving as draft, loading the draft and sending the email doesn't add the reply to the conversation.
bugfix: Unauthenticated content warnings over SSL in FF 3.5.
bugfix: User-type custom reports fail to execute.
bugfix: When a file is downloaded it should be marked as read.
bugfix: Wrong initial email filters for new installations.
Since 1.6-beta
--------------
feature: Added an experimental new search mechanism. It can be much slower but finds more results.
usability: Added description to system permissions
usability: CKEditor is shown in user's language
usability: Linked objects section in an object's view has no title telling what it is
bugfix: Check write permissions for file installed_version.php when upgrading
bugfix: CKEditor images should point to the actual image in OpenGoo
bugfix: Contact import from csv does not import contacts if user does not have 'can manage contacts' permission but has write permissions on the workspace.
bugfix: Custom reports can only be printed once in Chrome.
bugfix: Edit comment textbox is too small.
bugfix: Email links are opened on the email's body when showing quoted text.
bugfix: Error 500 when adding a file web link.
bugfix: Forgot password token is always the same.
bugfix: If I click on 'Print' when on 'Time' tab it should print by default 'General Timeslots' or 'All timeslots', not 'Task timeslots'.
bugfix: If you delete a signature with images from the email's body, the images are sent anyway.
bugfix: MySQL Error Message when adding a user and no data has been entered.
bugfix: Removed private milestone options.
bugfix: Search ignores tags on newly uploaded files.
bugfix: Show all linked objects pagination is not working correctly.
bugfix: Show that an email has attachment on search results.
bugfix: Changed all PHP 5.3 deprecated functions for non-depracated alternatives.
bugfix: When printing reports: substitute true/false with yes/no.
bugfix: When user does not have write contact permissions over a workspace, import from csv does not display errors.
bugfix: HTML editor's height is not adjusted correctly when changing format in a new email.
bugfix: Error when creating new user.
bugfix: Error when adding a task.
- Regression Fix: myip ACL not accepted in config
- Bug 2795: acl arp lookups including port
- Bug 2794: ESI parsing fails on FreeBSD
- Bug 2778: fix linking issues using SunCC
- Bug 2724: eCAP build failure unless ICAP enabled
- Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
- Bug 2617: Performance degradation during processing list of dstdomain ACL's
- Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
- Fix: 64-bit filesize issue in squidclient POST of large files
- Fix: send correct Connection: header on intercepted replies
- Support libtool 2.x
- ESI libraries libexpat and libxml2 now optional
- ESI support default enabled
- Bump libcap minimum requirement to libcap 2.09+
- ARP / MAC support fixes for IPv6-mode
- Add outstanding IPv6 settings to squid.conf (localnet, localhost)
- ... and many additions to the background testing structure
- ... and very many minor build and code cleanups for non-GCC compilers.
KDE SC 4.3.4 has a number of improvements:
* A bugfix in Plasma's pixmap cache makes the workspace more responsive
* Okular, the document viewer improved stability in certain situations
* Marble, the desktop globe has seen some polish
* Passphrases with non-ASCII characters have been fixed in the KGpg
encryption tool
* meta: Generate meta description tags even when the html scrubber is enabled.
* meta: Allow use of DESCRIPTION in templates to get at the meta
description value. (Thanks, NicolasLimare)
* inline: Use caching of inlined pages to speed up builds of inlines
that include feeds. Speedup of about 25% for small inlines; could
be much larger for inlines of many, or complex pages.
* Added (incomplete) Turkish po file. Closes: #556744 Thanks, Recai Oktas
* date: New plugin that allows inserting date directives that expand
to pretty-printed dates, using the same formatting as used for page
modification date display, etc.
* htmllink: Allow a title attribute to be specified.
* calendar: Add title attributes for all links in the calendars.
* calendar: Fix month wraparound error that broke in December.
pkgsrc changes:
* In the automated setup, recognize CVS as a VCS (found by agc@).
* In MESSAGE, link to <URL:http://ikiwiki.info/setup/> (ditto).
Deprecations:
* WWW::Mechanize::List is gone!
* Use Nokogiri as the default HTML parser (you may switch to Hpricot by using WWW::Mechanize.html_parser =
Hpricot)
See full list of changes since 0.7.5:
http://mechanize.rubyforge.org/mechanize/CHANGELOG_rdoc.html
Changes since 1.0.0:
* Bump remainder of rack.versions.
* Support the pure Ruby FCGI implementation.
* Fix for form names containing "=": split first then unescape components
* Fixes the handling of the filename parameter with semicolons in names.
* Add anchor to nested params parsing regexp to prevent stack overflows
* Use more compatible gzip write api instead of "<<".
* Make sure that Reloader doesn't break when executed via ruby -e
* Make sure WEBrick respects the :Host option
* Many Ruby 1.9 fixes.
Patron is a Ruby HTTP client library based on libcurl. It does not try
to expose the full "power" (read complexity) of libcurl but instead
tries to provide a sane API while taking advantage of libcurl under
the hood.
vulnerability in ruby-actionpack.
Major changes:
- Improved compatibility with Ruby 1.9
- RailsXss plugin availability
- Fixes for the Nokogiri backend for XmlMini
Geeklog 1.6.1
New Features and Improvements
* Geeklog now lets you enter meta descriptions and meta keywords for the main
page, for stories, topics, static pages, and polls. Please note that these
meta tags may not be used by some search engines.
* You can now have one featured story per topic (for stories set to "Show
only in Topic").
* New autotags now allow you to embed polls in stories and everywhere else
where autotags are allowed.
* The Migrate option in the install script can now also be applied to an
existing database (i.e. you don't need to import a database dump to update
your URLs and paths).
* The Database Backup admin panel now includes options to optimize the
database and convert tables to InnoDB (MySQL only).
* Improved timezone support and let users actually set their own timezone.
* Minor security enhancements:
+ "Important" cookies (like the session cookies) are now created with the
HttpOnly flag set. This will help avoid some XSS attacks, provided your
browser supports this flag.
+ Template errors will now trigger the standard error handler instead of
exposing the template path.
+ Fixed inclusion protection for some of the Spam-X class files.
Please also see the list of theme changes.
Bugfixes
* Fixed automatic closing of stories for comments after a certain amount of
days. If you need to re-open comments on stories that were closed due to
this bug, you can use this SQL request:
UPDATE gl_stories SET commentcode = 0, comment_expire = 0 WHERE commentcode
= 1;
* The comment speed limit was being ignored.
* Fixed a bug in the Group Editor that didn't let you add groups to other
groups (this problem was only introduced in Geeklog 1.6.0).
* The admin group for the Static Pages plugin was created with a wrong name
in Geeklog 1.6.0 (fresh installs only).
* Several tweaks and minor fixes (e.g. compatibility with PHP 4) in the
search.
Fri Nov 20 03:34:19 GMT 2009 - surfraw 2.2.6
* New elvi:
+ by Sumant Oemrawsingh:
* cliki - search the common lisp wiki.
* l1sp - search lisp documentation.
* mathworld - search Wolfram MathWorld.
* mininova - search mininova for torrents.
* youtube - search youtube for videos.
+ by fittabile@lifegate.it:
* acronym - find acronyms
* gcache - search google cache.
+ by Nick White:
* genbugs - search gentoo bug tracker
+ by Ian Beckwith:
* debpkghome - view home page of a debian package.
* debvcsbrowse - browse vcs of a debian package
* rpmsearch - search for packages in rpm-based distros.
* finkpkg - search Fink packages.
* macports - search macports packages.
* Move config files to follow XDG basedir spec
This means that if your global config was in /etc/surfraw.conf
it is now in /etc/xdg/surfraw/conf, and local config is
now in $HOME/.config/surfraw/conf. The same applies to bookmarks.
See README for details on configuring config locations, and
http://standards.freedesktop.org/basedir-spec/basedir-spec-0.6.html
for the gory details. The old locations are still supported for
backwards-compatibility.
* Support per-user elvi in $HOME/.config/surfraw/elvi/
Patch by James Rowe, idea by Sumant Oemrawsingh.
* Added -o | -o=FILE option, to fetch URL and dump to
stdout or FILE.
* Modified elvi:
+ freebsd: new options -psearch=TYPE -psection=SEC
to conduct a search of type TYPE in section SEC of ports.
+ netbsd: new option -ps to search ports
+ openbsd: new option -ps to search ports
+ debsec: fixed (Thanks to Moritz Muehlenhoff, for this
and all his other work).
+ cia: fixed.
* Added examples/uzbl_load_url_from_surfraw, to integrate surfraw
with uzbl (uzbl.org), thanks to Sumant Oemrawsingh.
spz), and un-modify SUBST targets mistakenly committed in previous.
Should fix build where GNU sed wasn't available, and otherwise result
in no change to the binary package.
pkgsrc changes:
- Adding license definition
- MIME::Base is included in perl core in high enough version
Upstream changes:
0.08 Do 29. Okt 22:09:12 CET 2009
- added LWP::Debug to dependencies...
0.07 Di 27. Okt 20:51:50 CET 2009
- fixed <https://rt.cpan.org/Public/Bug/Display.html?id=50881>
Thanks to Adam Sjogren.
pkgsrc changes:
- adjusting license definition
- adjusting dependency to Test::More (0.72 is in core, 0.62 is required)
Upstream changes:
0.11 Tue Nov 10 14:14:17 EST 2009
No code changes; add Win32::Event dep for windows platforms
Upstream changes:
0.13 Fri Oct 9 15:01:07 EDT 2009
* Better cleanup temp files after tests
* No longer add a double / in the path when testing for index.html
* Better support for sending custom HTTP statuses in $m->abort
pkgsrc changes:
- Added license definition
- Removed test patch (test runs fine without)
Upstream changes:
2.2 Thu 1 Oct 2009
- Moved Lite.pm into lib directory
- Reversed the Changes file order to reverse chronological
- Moved to Makefile.PL to Module::Install to autodetect more things
- Add no_index entries for the test data
- Remove reliable on (partially) dead website for testing
- Now this module is mature and unlikely to change much, move to
a more stable and less complicated versioning scheme that suffers
less complications in the Perl toolchain. Also, dotted integers
without the use of something like version.pm isn't strictly
allowed.
Upstream changes:
0.29 2009-11-04
- Fix session being deleted when you have a new session after session
expiry when calling session_is_valid method. Tests for this.
- Allow ->session to be used as a setter method so that you can say
->session( key => $value );
0.28 2009-10-29
- Fix session fixation test with LWP 5.833 by calling $cookie_jar->set_cookie
rather than manually stuffing the cookie in the request.
pkgsrc changes:
- add license definition (perl license)
- move dependecy to Test::Exception to BUILD_DEPENDS (required for
testing only)
Upstream changes:
0.08 2009-11-19
- repackaged with a new version of Module::Install
pkgsrc changes:
- Adjusting dependencies
Upstream changes:
5.80014 2009-11-21 02:51:14
Bug fixes:
- Require MooseX::MethodAttributes 0.17. This in turn requires new
MooseX::Types to stop warnings in Moose 0.91, and correctly supports
role combination of roles containing attributed methods.
- Catalyst::Dispatcher::dispatch_types no longer throws deprecated warnings
as there is no recommended alternative.
- Improved the suggested fix warning when component resolution uses regex
fallback for fully qualified component names.
- Catalyst::Test::local_request sets ->request on the response.
- Log flush moved to the end of setup so that roles and plugins which
hook setup_finalize can log things and have them appear in application
startup, rather than with the first hit.
- Require a newer version of LWP to avoid failing tests.
- Stop warnings when actions are forwarded to during dispatch.
- Remove warnings for using Catalyst::Dispatcher->dispatch_types as this is a
valid method to publicly call on the dispatcher.
- Args ($c->request->args) and CaptureArgs ($c->request->captrues)
passed to $c->uri_for with an action object ($c->action) will now
correctly round-trip when args or captures contain / as it is now
correctly uri encoded to %2F.
Documentation:
- Document no-args call to $c->uri_for.
- Document all top level application configuration parameters.
- Clarify how to fix actions in your application class (which is
deprecated and causes warnings).
- Pod fixes for ContextClosure.
- Fix documentation for go/visit to reference captures and arguments
in the correct order.
- Update $c->forward and $c->state documentation to address scalar
context.
- Pod fix in Catalyst::Request (RT#51490)
- Pod fixes to refer to ::Controller:: rather than ::C:: as the latter
is deprecated (RT#51489)
New features:
- Added disable_component_resolution_regex_fallback config option to
switch off (deprecated) regex fallback for component resolution.
- Added an nginx-specific behavior to the FastCGI engine to allow
proper PATH_INFO and SCRIPT_NAME processing for non-root applications
- Enable Catalyst::Utils::home() to find home within Dist::Zilla built
distributions
- Added the Catalyst::Exception::Interface role defining the interface
exception classes need to implement.
- Added Catalyst::Exception::Basic as a basic implementation of
Catalyst::Exception::Interface and made the existing exception classes
use it.
Refactoring / cleanups:
- Remove documentation for the case_sensitive setting
- Warning is now emitted at application startup if the case_sensitive
setting is turned on. This setting is not used by anyone, not
believed to be useful and adds unnecessary complexity to controllers
and the dispatcher. If you are using this setting and have good reasons
why it should stay then you need to be shouting, now.
- Writing to $c->req->body now fails as doing this never makes sense.
changes:
-minor bugfixes
-Re-add grayflag.png since it is actually used
-Document that WebKitGTK+ 1.1.10 built with gcc 4.4 crashes often
-translation updates
pkgsrc note: for me, newer webkit versions are unstable too, unless
javascript is disabled
Upstream changes:
0.31 2009-10-29 19:26:00
- Moved the test actions to their own controller file to silence
warning about actions in the app class being deprecated.
* underlay: Fix example values put in setup file to be array references.
* underlay: Avoid crashing if lists of underlays (or template
directories) are not configured.
* Moved the postscan hook to run on the raw html of a page, before
the template is filled out. This improves the search plugin's
indexing, since it will not include navigational elements from
the page template or sidebar.
* localstyle: New plugin, allows overrding the toplevel local.css
with one that is closer to a page.
* httpauth: Add cgiauthurl setting that can be used to do http basic
auth only when ikiwiki needs authentication, rather than for any
access to the cgi/wiki.
* inline: Do not generated feeds for nested inlines.
* inline: Allow direct inclusion of non-page files in raw mode.
* inline: Fix display of all pages when archive=yes or show=0 are used.
changes:
--T. is now for non-blocking uploading from stdin
-SYST handling on FTP for OS/400 FTP server cases
-libcurl refuses to read a single HTTP header longer than 100K
-added the --crlfile option to curl
+bugfices
pkgsrc changes:
- Adding license definition
- Adjusting dependencies according to META.yml
Upstream changes:
1.03 5 Nov 2009 Changed min version of HTML::StripScripts to 1.0.5
pkgsrc changes:
- Adding license definition
Upstream changes:
1.05 5 Nov 2009 Fixed bug where 'false' but valid content was being ignored,
eg "<i>0</i>" became "<i></i>"
See bug https://rt.cpan.org/Public/Bug/Display.html?id=51116
Thanks to Jim Laney for reporting it
- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes
- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in certain Apache configurations
Upstream changes:
0.17 Mon Nov 2 13:20:24 2009
fix Gist support harder by using the API rather than scraping (rjbs)
Improve --lang support for Debian (gregoa@debian.org) [rt.cpan.org #47911]
0.16 Fri Oct 16 14:32:09 2009
Fix Gist support (ckuskie@sterling.net) [rt.cpan.org #50500]
Add --lang support to Debian (gregoa@debian.org) [rt.cpan.org #47911]
This tool provides code to load WSGI applications and servers from URIs; these
URIs can refer to Python Eggs for INI-style configuration files. Paste Script
provides commands to serve applications based on this configuration file.
-----
* In :mod:`paste.proxy`, added some more headers that are disallowed
in WSGI (e.g., Keep-Alive). Send Content-Length. Also fix the
missing query string when using :class:`paste.proxy.Proxy`
(:class:`paste.proxy.TransparentProxy` already worked).
* Make :mod:`paste.debug.prints` work with Google App Engine.
* Make ``environ['wsgi.input']`` with :mod:`paste.httpserver` only
have a ``seek`` method if it is wrapping something with a seek
method (which usually it is not).
* In :mod:`paste.httpserver` re-raise KeyboardInterrupt in worker
threads.
* Added support for the ``HttpOnly`` Cookie property to
:mod:`paste.wsgiwrappers`
* Added :func:`paste.reloader.add_file_callback`, which lets you watch
files based on a callback.
* Quiet Python 2.6 deprecation warnings.
* Fix :mod:`paste.auth.cookie` generating bad headers.
* Added :class:`paste.reloader.JythonMonitor` for an experimental,
optimized reloader on Jython.
mod_cband - A per-user, per-virtualhost and per-destination bandwidth
limiter for the Apache HTTP Server Version 2
mod_cband is an Apache 2 module provided to solve the problem of limiting
users' and virtualhosts' bandwidth usage. The current versions can set
virtualhosts' and users' bandwidth quotas, maximal download speed (like in
mod_bandwidth), requests-per-second speed and the maximal number of
simultanous IP connections (like in mod_limitipconn).
pkgsrc changes:
- assign devel/xulrunner maintainership to tnn@
- mozilla-common.mk: work around gcc __thread support misdetection on NetBSD
- separate distinfo related stuff into dist.mk for sharing with nss & nspr
"topcrash" bugs fixed:
468562 "ASSERTION: Inserting multiple children without flushing"
521750 Put a runtime NS_IsMainThread check in nsCycleCollector::Suspect2 ...
524462 startup crash [@ gfxWindowsFontGroup::WhichFontSupportsChar(nsTAr ...
525326 Crashes in gif decoder [@ xul.dll@0x348945][@ xul.dll@0x348864][@ ...
525276 crashes [@ nsDocument::RegisterNamedItems(nsIContent*)]
KDE 4.3.3 has a number of improvements that will make your life just a
little bit better. Some of KWin's effects have been smoothed and freed
of visual glitches, JuK should now be more stable, KDE PIM has seen its
share of improvements while in the back-rooms of KDE, the developers are
working hard on porting all applications to the new Akonadi storage and
cache.
* po: Fix breakage caused by changes to render code.
* mdwn: Avoid trying to use multimarkdown if it is not installed.
* moderatedcomments: New plugin to allow comment moderation w/o relying
on blogspam.net.
* When redirecting to a page, ie, after editing, ensure that the
url is uri-encoded. Most browsers other than MSIE don't care, but it's
the right thing to do.
* Add a spec file to allow building rpm from the source package.
* google: Pass the whole wiki url to google, not just the domain,
so that search works correctly for wikis that are located in
subdirectories of domains.
NetBSD Packages Collection.
Susy is a semantic CSS framework creator entirely native to Compass.
Susy is an expert at fluid grids in an elastic (or fluid, or fixed)
shell that will never activate that bloody side-scroll bar. Susy
sets your width on the outer element (`container`), adds a `max-width`
of `100%` and builds the rest of your grid in percentages. The
philosophy and technique are based on Natalie Downe's "CSS Systems"
- which introduces difficult math in the service of beautiful
structure. With the power of Compass/Sass, Susy will do that math
for you.
Using simple mixins, columns can be created, suffixed, prefixed,
and nested easily - and always in flexible percentages.
Packages Collection.
StaticMatic is a framework to develop or prototype static websites.
It provides concise and terse templating with the help of Haml and
helpers build on top of it, Sass support, "partials", a live preview
server for development.
Packages Collection.
Compass is a Sass-based Stylesheet Framework that streamlines the
creation and maintainance of CSS. It allows you to mix and match
any of the following CSS frameworks: Compass Core, Blueprint, YUI,
960. Other frameworks can be added relatively easily. It integrates
simply with technologies like Rails, Merb, etc.
Also fix broken DESTDIR support.
Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
Upstream changes:
Version 3.48
[BUG FIXES]
1. <optgroup> default values are now properly escaped.
Thanks to #raleigh.pm and Mark Stosberg. (RT#49606)
2. The change to exception handling in CGI::Carp introduced in 3.47 has been
reverted for now. It caused regressions reported in RT#49630.
Thanks to mkanat for the report.
[DOCUMENTATION]
1. Documentation for upload() has been overhauled, thanks to Mark Stosberg.
2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith.
3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770)
[INTERNALS]
1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
Upstream changes:
2009-10-06 Release 5.833
Gisle Aas (5):
Deal with cookies that expire far into the future [RT#50147]
Deal with cookies that expire at or before epoch [RT#49467]
Pass separate type for https to LWP::ConnCache [RT#48899]
Improved handling of the User-Agent header [RT#48461]
HTTP::Cookies add_cookie_header previous Cookies [RT#46106]
Andreas J. Koenig (1):
Improve diagnostics from LWP::UserAgent::mirror [RT#48869]
Slaven Rezic (1):
mirror should die in case X-Died is set [RT#48236]
Ville Skytt"a (1):
Increase default Net::HTTP max line length to 8k.
Upstream changes:
2009-10-22 Release 3.63
Gisle Aas (2):
Take more care to prepare the char range for encode_entities [RT#50170]
decode_entities confused by trailing incomplete entity
Upstream changes:
0.25 2009-10-22 21:40:00 BST
- Fix bug where old unrelated $@ values would result in an error.
0.24 2009-10-18 19:10:00 BST
- Fixup copyright information
0.23 2009-10-06 17:40:39
- Move actions out of TestApp into a Root controller as
this is now deprecated.
pkgsrc changes:
- Adjusting license definition
- Adjusting dependencies
- Using pkgsrc built-in Module::Install support
Upstream changes:
0.18 09 Oct 2009
- Port to new session confic key.
pkgsrc changes:
- Adding license definition
- Adjusting dependency information
Upstream changes:
0.05
- Port to new session config key.
- Port to Moose.
pkgsrc changes:
- Adjusting dependencies
Upstream changes:
0.17 2009-10-18
- Fixup copyright information
0.16 2009-10-16
- Use session config handling from Catalyst::Plugin::Session 0.27.
0.15 2009-10-06
- Fix the httponly option again (Closes RT##50249).
- Make tests not warn with latest version of Catalyst.
- Prefer session configuration to be in the 'Plugin::Session'
config key, but provide backwards compatibility for the
deprecated 'session' key.
Upstream changes:
0.27 2009-10-08
- Release 0.26_01 as stable without further changes.
0.26_01 2009-10-06
- Move actions out of the root application class in tests as this
is deprecated.
- Change configuration key to 'Plugin::Session' by default. The
old 'session' key is still supported, but will issue a warning
in a future release.
Upstream changes:
1.21 2009-10-18 18:33:33
- The Restarter code cause stack traces for certain types of errors to
grow longer and longer with every restart. (Dave Rolsky)
- Fixed an issue with the Restarter in Win32 where @INC didn't get
passed along when restarting.
* edittemplate: Allow template page name to be specified using anything
legal for a wikilink (including eg, leading slashes).
* edittemplate: Work around bug #551499 in CGI::FormBuilder.
* Fix a bug introduced in the last version that caused ikiwiki
to skip all files if a sourcedir of "./" was specified.
* Support CFLAGS when building wrapper.
* meta: Gather permalink info on scan pass so it is available
to inline when using a template that does not include page content.
found in TYPO3 core.
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
2009-10-22 Oliver Hader <oliver@typo3.org>
* Release of TYPO3 4.2.10
2009-10-22 Ernesto Baschny <ernst@cron-it.de>
* Security Issue #11664: Updated RemoveXSS code to the latest knowledge in this area (thanks to Jigal van Hemert)
* Fixed bug #11586: Potential SQL injection in frontend editing (thanks to Oliver Klee)
* Fixed bug #12309: It was possible to gain access to the Install Tool by only knowing the md5 hash of the password.
* Fixed bug #12310: Encryption key can be recalculated when using normal mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
* Fixed bug #12090: Filenames should be escaped with escapeshellarg before passing them to imagemagick (thanks to Oliver Klee)
* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset (thanks to Oliver Klee)
* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to Oliver Klee)
* Fixed bug #12306: XSS vulnerability in module dispatcher
* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)
* Fixed bug #12308: XSS vulnerability in "DB > Full search" functionality
* Fixed bug #10501: XSS vulnerability in the install tool (thanks to Oliver Klee)
2009-10-21 Rupert Germann <rupi@gmx.li>
* Fixed bug #12280: Error Message while creating empty Folders (thanks to Daniel Schmitzer)
* Fixed bug #12300 (Follow-up to 11995): Output compression breaks prompt for keyboard input in CLI scripts
2009-10-21 Steffen Kamper <info@sk-typo3.de>
* Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan Osipov)
2009-10-15 Rupert Germann <rupi@gmx.li>
* Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db in functions which depend on an existing resultset (thanks to Felix Oertel)
2009-10-11 Rupert Germann <rupi@gmx.li>
* Fixed bug #10971: Fatal error in impexp module: Call to a member function includeLLFile() on a non-object (thanks to Andre Steiling)
2009-10-10 Rupert Germann <rupi@gmx.li>
* Fixed bug #12129 (follow-up to bug #11986): Translation update broken with activated output compression (thanks to Steffen Gebert)
2009-09-29 Oliver Hader <oliver@typo3.org>
* Fixed bug #11433: touch(): Utime failed in install tool (thanks to Steffen Gebert)
- Support for aggregates and query expression in the ORM
- Suport for unamanged models and proxy models
- Support for deffered fields
- Mark individual fields as editable in the admin; support for custom
actions
- Better support for Last-Modified/ETag
- Improved GIS support
- {% for %} now has an {% empty %} to simplify handling empty lists
- Various smaller improvements
* Added support framework for multiple types of dependencies, including
dependncies that are only affected by page precence or link changes.
* Rebuild wikis on upgrade to this version to get improved dependency
info.
* pagecount, calendar, postsparkline, progress: Use a presence dependency,
which makes these directives much less expensive to use, since page
edits will no longer trigger an unnecessary update.
* map: Use a presence dependency unless show= is specified.
This makes maps efficient enough that they can be used on sidebars!
* inline: Use a presence dependency in quick mode.
* brokenlinks: Use a link dependency.
This makes it much more efficient, only updating when really necessary.
* orphans, pagestats: Use a combination of presence and link dependencies.
This makes them more efficient. It also fixes a longstanding bug,
where if only a small set of pages were considered by orphans/pagestats,
changes to links on other pages failed to cause an update.
* linkmap: Use a combination of presence and link dependencies.
This makes the map be regenerated much less frequently in many cases,
so larger maps are more practical to use now.
* Plugins providing PageSpec `match_*` functions should pass additional
influence information when creating result objects. This allows correctly
handling many more complicated dependencies.
* API change: `pagespec_match_list` has completly changed its interface.
The old interface will be removed soon, and a warning will be printed
if any plugins try to use it.
* Transitive dependencies are now correctly supported.
* ikiwiki-calendar: New command automates creation of archive pages
using the calendar plugin.
* calendar: Fix midnight rebuild trigger of calendars with explicit
month/year.
* calendar: Fix bug in next/previous year/month links, which sometimes
linked to an archive page from the wrong year, or were missing.
* git: --getctime will now follow renames back to the original creation
of a file.
* calendar: Fix CSS for year calendar to match the plugin documentation.
* Added minimal default CSS for calendar plugin, just highlighting the
current day.
* inline: Optimize generation of archives, etc by not getting inlined page
content if the template does not use it.
Bump PKGREVISION.
Introduction:
=============
This patch fixes one buffer overflow problem in sgLog.c when overlong URLs
are requested. SquidGuard will then go into emergency mode were no blocking
occurs. This is not required in this situation.
The URLs must be build with a overlong sequence of slashes (/).
ATTENTION: While squidGuard will no longer go into emergeny mode when one
overlong URL is passed to it, it is possible to use the overlong URL to
bypass the filter. This vulnerability is not fixed by this patch!
You can check if this vulnerability is actually exploited on your system
by checking the logfile squidGuard.log for the following warning (provided
you have not used the option --with-nolog=yes with configure before compiling
squidguard):
Warning: Possible bypass attempt. Found multiple slashes where only one is expected:
Requested by Joel Carnat in PR 42163.
------------------------------------------------------------------------
r61 | roseg | 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) | 13 lines
Release 2.4.5
Stable release 2.4.5
Enhancements:
- log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin)
- kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail!
Bug fixes:
- fixed parantheses problems in need_rewrite (thanks to SBR)
- added call to free_headers in http.c (thanks to SBR)
- fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro)
------------------------------------------------------------------------
r60 | roseg | 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) | 18 lines
Release 2.4.4
Stable release 2.4.4
Enhancements:
- added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4
- added support for BPROPFIND in xHTTP 4
- on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin)
Bug fixes:
- save and restore errno value in cur_time() (thanks to Albert)
- fixed problem in timer thread (thanks to Albert)
- added shutdown for failed socket connection (thanks to Albert)
- fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe)
- increased MAXBUF to default 4096
- increased T_RSA default to 30 minutes
- fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro)
------------------------------------------------------------------------
r59 | roseg | 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) | 11 lines
Release 2.4.3
Stable release 2.4.3
Enhancements:
Bug fixes:
- fixed problem in session access time updating (thanks to Piotr Jakubowski)
- fixed problem in session removal (thanks to Doriam Mori)
- fixed problem in Redirect logging (thanks to Albert)
------------------------------------------------------------------------
r58 | roseg | 2008-04-24 16:31:28 +0200 (Thu, 24 Apr 2008) | 13 lines
Release 2.4.2
Stable release 2.4.2
Enhancements:
Bug fixes:
- fixed problem with session TTL -1 (thanks to Scott Royston for pointing it out)
- fixed problem with back-end killing on failed connect
- fixed a small problem in the poundctl XML output (thanks to johnlr for the fix)
- added hints in call to getaddrinfo() (for Solaris 10 support)
- fixed redirection problem (missing slash in Location/Content-location)
------------------------------------------------------------------------
r57 | roseg | 2008-04-05 11:45:41 +0200 (Sat, 05 Apr 2008) | 12 lines
Release 2.4.1
Stable release 2.4.1
Enhancements:
- added cache control for errors (thanks to Pavel Merdin for the suggestion)
Bug fixes:
- fixed problem with double slash in header rewriting (thanks to Cédric P.)
- remove sched_policy to avoid problems on systems with poor support for it
- fixed memory corruption problem with HAport
------------------------------------------------------------------------
r56 | roseg | 2008-02-11 12:53:51 +0100 (Mon, 11 Feb 2008) | 4 lines
Release 2.4
Stable release 2.4
------------------------------------------------------------------------
r55 | roseg | 2007-12-27 12:54:32 +0100 (Thu, 27 Dec 2007) | 7 lines
Release 2.4f
Enhancements:
Bug fixes:
- fixed back-end enable/disable (priority computing)
------------------------------------------------------------------------
r54 | roseg | 2007-11-29 18:16:36 +0100 (Thu, 29 Nov 2007) | 12 lines
Enhancements:
- added PARM session type. Old PARM is now URL
- allow AddHeader for HTTP listeners as well
- allow -1 for session (all types) TTL. Will hash the key to a fixed value
- Redirect takes an optional code parameter (301, 302/default or 307)
- new config param to allow printing the SSL certificate in a single line
- new config param to control the maximal size of the input line
- added better error messages for SSL loading problems
Bug fixes:
- if the same cookie is defined more than once use LAST definition
------------------------------------------------------------------------
r53 | roseg | 2007-08-15 18:26:58 +0200 (Wed, 15 Aug 2007) | 10 lines
Release 2.4d
Enhancements:
- moved to GPLv3
- now using lh_hash for the session tables
Bug fixes:
- allow case-sensitive matching for URLs
- fixed memory leak in DNS searches
------------------------------------------------------------------------
r52 | roseg | 2007-07-04 15:29:27 +0200 (Wed, 04 Jul 2007) | 10 lines
Release 2.4c
Enhancements:
- added XML output for poundctl
- added more detailed error messages
Bug fixes:
- fixed problems with extra-long lines
- fixed problems with chunked encoding
------------------------------------------------------------------------
r51 | roseg | 2007-05-18 10:35:02 +0200 (Fri, 18 May 2007) | 11 lines
Release 2.4b
Enhancements:
- cleaned resurrection code
- added RR threads scheduling
Bug fixes:
- fixed problem long lines (thanks to Rune Saetre)
- fixed pcreposix autoconf for systems that also require pcre
- fixed problem with IP session handling
------------------------------------------------------------------------
r49 | roseg | 2007-04-30 15:01:17 +0200 (Mon, 30 Apr 2007) | 11 lines
Release 2.4a
Enhancements:
- added display of configuration switches
- added grace period for shutdown (based on an idea from Rune Saetre)
- added support for IPv6 (but host caching was removed)
Bug fixes:
- fixed test for owner/group (BSD portability)
- fixed problem with premature opening of control socket
