- Allow the "error_page" directive to change the status code in a
redirect
- Support special "degration" mask in "gzip_disable" directive
- Fix a socket leak with file AIO
- Fix bug that made a server the default if none was explicitly set and
the first server has no "listen" directive
Update to 0.9.9.3. Nothing much changed between .2 and .3, update is
straightforward.
While here, make MESSAGE more helpful in case of package upgrade.
Changelog:
0.9.9.2 => 0.9.9.3
Functionality Enhancements
* Bindings available to a principal are now listed in the Admin UI.
* Attempt to login using supplied basic authentication credentials, if all else fails.
Bug Fixes
* WebDAV Sync is now supported for Addressbook collections.
* VCARD resources will no longer report a blank ETag in an XML responses.
* The ETag property will be properly quoted when appearing an XML response.
Other Changes
* 412 error responses to PUT for addressbook resources now include useful information.
* A new temporary configuration option is added to allow use of the old sync-response tag in WebDAV sync for compatibility with the Inverse CardDAV plugin for Lightning.
* Basic recognition of VLIST resources.
Changelog:
0.9.9.1 => 0.9.9.2
Functionality Enhancements
* Tickets and Bindings related to a collection or principal are now listed in the Admin UI.
Bug Fixes
* The CardDAV 'addressbook-query' report is enabled.
* A bug is fixed in the database libraries which caused some valid hexadecimal strings to be treated as numbers.
* The PAM auth method now parses the username field better (Jim Hague).
* An ETag will now be sent in response to a PUT for non-Calendar resources as well as for calendaring ones.
* Collection / Principal maintenance screens will no longer cause query errors during the create action.
0.9.9 => 0.9.9.1
Functionality Enhancements
* Initial support for vCard Extensions to WebDAV (CardDAV) - Draft
* WebDAV Sync RFC (draft) support is updated to draft version -03
* Support for /.well-known/caldav and /.well-known/carddav URLs (per RFC5785: Defining Well-Known URIs)
Bug Fixes
* Free/busy handling has been completely rewritten.
* LDAP group handling should be better
* UTF8 calendars should now be more reliably imported.
* There should be no need to override the DAV header.
* Many others.
Other Changes
* Some updated translations
* Clients which set the Content-Type incorrectly on PUT should be accommodated with a warning logged.
* Errors in the DAViCal configuration file should not generate output to the screen. This has been a common problem causing breakage in the DAV functionality. Errors will still be logged to the PHP error log (usually the Apache error log).
* txt: Fix display when used inside a format directive.
* highlight: Ensure that other, more-specific format plugins,
like txt are used in preference to this one in case of ties.
* htmltidy, sortnaturally: Add missing checkconfig hook
registration. Closes: #601912
(Thanks, Craig Lennox and Tuomas Jormola)
* git: Use author date, not committer date. Closes: #602012
(Thanks, Tuomas Jormola)
* Fix htmlscrubber_skip to be matched on the source page, not the page it is
inlined into. Should allow setting to "* and !comment(*)" to scrub
comments, but leave your blog posts unscrubbed, etc. CVE-2010-1673
* comments: Make postcomment() pagespec work when previewing a comment,
including during moderation. CVE-2010-1673
* comments: Make comment() pagespec also match comments that are being
posted. CVE-2010-1673
* Fix searching DataTree elements (groups) if backend charset is different
from interface charset
* Fix accessing IMAP ACLs that contain non-alphanumeric characters
* Avoid fatal errors when using DateTime with not properly configured PHP 5.3+
* Fix importing recurrence exceptions from vCalendar 1.0.
* Fix preferences management regression
* Fix conversion of all-day events and certain yearly recurring events for
Funambol clients.
* Fix memcache cache regression.
* Fix SyncML page sometimes deleting more anchors than selected.
New features/improvements:
- Detect Windows 7.
- Can format numbers according to language.
- More mime types.
- Added geoip_asn_maxmind plugin.
- Geoip Maxmind city plugin have now override file capabilities to complete
missing entries in geoip maxmind database.
- Added graphgooglechartapi to use online Google chart api to build graph.
- Can show map of country to report countries when using graphgooglechartapi.
- Part of codes was change to use more functions and have a cleaner code.
- Added parameter to ignore missing log files when merging for a site on
multiple servers where a single server may not have created a log for a given day.
- Update robots database.
- Added Download tracking where certain mime types are defined as downloads
and HTTP status 206 is tracked as download continuation
- Can use wrapper with parameters in WrapperScript parameter.
- Change to allow usage of AWStats inside a plugin
for Opensource Dolibarr ERP & CRM software (http://www.dolibarr.org).
Fixes:
- Webmin module works with new version of webmin.
- Security fix (Traverse directory of LoadPlugin)
- Security fix (Limit config to defined directory to avoid access to external
config file via a nfs or webdav link).
Geeklog History/Changes:
Oct 31, 2010 (1.7.1)
------------
- Fixed description of $index parameter for STORY_renderArticle (bug #0001203)
[Dirk]
- The number of successfully imported users was always reported as 0 for the
"Batch Add" option in the User Manager (bug #0001211) [Ivy, Dirk]
- Fixed a bug in the MS SQL changeDESCRIBE method to properly prefix the proper
sql query string [Randy]
- Updated Hebrew language files, provided by LWC
- New Italian language files for the Links plugin, provided by Rouslan Placella
- Updated Italian language files for the Static Pages plugin, provided by
Rouslan Placella
Calendar Plugin
---------------
- Fixed an SQL error when returning search results for the Personal Calendar
(bug #0001195) [Dirk]
Oct 10, 2010 (1.7.1rc1)
------------
- If content from an Autotag produces another Autotag it will be executed (to a
maximum of 5 times) [Tom]
- Themes can now have their own display functions for the start and end of
Blocks. (Feature #0001188) [Tom]
- Reverted a change in 1.7.0 that would send a Content-Type header when calling
COM_refresh since this conflicts with some plugins (e.g. the Forum) [Dirk]
- Fixed wrong view after posting a comment on a poll (bug #0001080, patch
provided by Wojtek Szkutnik)
- Fixed language in the dropdown for the permanent cookie in the Configuration
(bug #0001117, patch provided by Eric Brisco)
- Added cancel and delete buttons to comment edit and submission forms when
needed. (Feature #0000981) [Tom]
- Reverted parts of the changes for bug #0001057: Do _not_ escape curly braces
when displaying a block's content (bug #0001156). If you run into the problem
that words in curly braces inside blocks are interpreted as template
variables, simply add a space after the opening and/or the closing brace
[Dirk]
- Autotags can now be inserted directly into template files.
(Feature #0001181) [Tom]
- Plugins are able to control moderation and return a string to be displayed.
(Feature #0000619 patch provided by jmucchiello)
- Admin lists can now display a 0 in a column instead of being blank
(bug #0001060 patch provided by jmucchiello)
- Fixed "Show & Hide Boxes" option in My Account (reported by Pushkar) [Dirk]
- Display the topic name (instead of the topic id) in the list of draft stories
(bug #0001171) [Dirk]
- Fixed COM_formatTimeString to correctly handle intervals bigger than 4 weeks
(bug #0001158) [Dirk]
- Call PLG_templateSetVars for the Advanced Search form [Dirk]
- Make sure we keep the current status of the user's Advanced Editor option
even when Advanced Editor is disabled for the site (Thanks, Markus) [Dirk]
- Comment submissions for plugins were missing the type [Dirk]
- In the Group Editor, hide the 'Apply "Default Group" change' option until the
state of the "Default Group" checkbox changes (feature request #0001116,
patch provided by Dushyant Tiwari)
- Fixed handling of $LANG_DIRECTION in the install script (cf. bug #0000871)
- Fixed query highlighting in articles - didn't work for queries that contained
characters filtered by COM_applyFilter [Dirk]
- Updated Japanese language file, provided by the Geeklog.jp group
- New and updated French (France) language files, provided by Ben
- Updated Hebrew language file for the Links plugin, provided by LWC
Static Pages Plugin
-------------------
- Call up the Advanced Editor when enabled (bug #0001147, patch provided by
Samuel Leathers)
- A Static Page can now be marked as a template and used by other Static Pages.
(Feature #0001085) [Tom]
4.5.3 brings a number of improvements:
* KSharedDataCache has cache invalidation bug fixed that caused stability
when daylight saving time changed.
* Icon overlays in Dolphin are now positioned correctly after adjusting
the zoom level.
* Okular, KDE's universal document viewer has seen improvements in the
DjVu and XPS backends.
- Bug 3088: dnsserver is segfaulting
- Bug 3084: IPv6 without Host: header in request causes connection to hang
- Bug 3082: Typo in error message
- Bug 3073: tunnelStateFree memory leak of host member
- Bug 3058: errorSend and ICY leak MemBuf object
- Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
- Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper
dies
- Bug 3053: cache version 1 LFS support detection broken
- Bug 3051: integer display overflow
- Bug 3040: Lower-case domain entries from hosts and resolv.conf files
- Bug 3036: adaptation_access acls cannot see myportname
- Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
- Bug 2964: Prevent memory leaks when ICAP transactions fail
- Bug 2808: getRoundRobinParent not handling weights correctly
- Bug 2793: memory statistics sometimes display wrong
- Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
- Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
- Ensure /var/cache or jail equivalent exists on install
- HTTP/1.1: delete Warnings that have warning-date different from Date
- HTTP/1.1: do not remove ETag header from partial responses
- HTTP/1.1: make date parser stricter to better handle malformed Expires
- HTTP/1.1: improve age calculation
- HTTP/1.1: reply with a 504 error if required validation fails
- HTTP/1.1: add appropriate Warnings if serving a stale hit
- HTTP/1.1: support requests with Cache-Control: min-fresh
- HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
- squidclient: Display IP(s) connected to in verbose (-v) display
- Fixes several issues with ICAP persistent connections
- Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
- ... and some cosmetic polishing
Trac-0.12.1ja1 (Nov 1, 2010)
* Merge Trac-0.12.1
* Translate default Wiki pages into Japanese.
- trac/wiki/default-pages/*
* Translate document for trac.ini options into Japanese.
- trac/env.py
- trac/versioncontrol/admin.py
- trac/versioncontrol/api.py
- trac/versioncontrol/svn_authz.py
- trac/versioncontrol/web_ui/browser.py
- trac/web/chrome.py
- trac/web/main.py
- trac/wiki/api.py
Trac 0.12.1 (October 9, 2010)
http://svn.edgewall.org/repos/trac/tags/trac-0.12.1
This list contains only a few highlights:
- db: improve concurrency behavior (#9111)
- fcgi: add an environment variable `TRAC_USE_FLUP` to control the usage of flu
p vs. bundled _fcgi.py (defaults to 0, i.e. use bundled as before)
- svn authz: improve compatibility with svn 1.5 format (#8289)
- milestone: allow to set the time for the due date (#6369, #9582)
- ticket: fixes for the CC: property (#8597, #9522)
- notification: improved the formatting of ticket fields in notification e-mail
s (#9484, #9494)
- i18n: added a configuration option to set the default language (#8117)
- several fixes for upgrade (#9400, #9416, #9483, #9556)
* SECURITY: CVE-2010-1452 (cve.mitre.org)
mod_dav: Fix Handling of requests without a path segment.
* SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects.
* SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
* SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
* SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
attack when compiled against OpenSSL version 0.9.8m or later. Introduces
the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
and offer unsafe legacy renegotiation with clients which do not yet
support the new secure renegotiation protocol, RFC 5746.
* SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
for OpenSSL versions prior to 0.9.8l; reject any client-initiated
renegotiations. Forcibly disable keepalive for the connection if there
is any buffered data readable. Any configuration which requires
renegotiation for per-directory/location access control is still
vulnerable, unless using openssl 0.9.8l or later.
* SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body.
* SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage.
* SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
* SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7.
* Fix recursive ErrorDocument handling.
* mod_ssl: Do not do overlapping memcpy.
* Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass
through on a 304 response.
* apxs: Fix -A and -a options to ignore whitespace in httpd.conf
* prefork MPM: Run cleanups for final request when process exits gracefully
to work around a flaw in apr-util.
* mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
connections and other protocol handlers (like mod_ftp). Enforce the
timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering
close time from 30 to 2 seconds.
* Proxy balancer: support setting error status according to HTTP response
code from a backend.
* mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
password to UTF-8.
* core: check symlink ownership if both FollowSymlinks and
SymlinksIfOwnerMatch are set
* core: fix origin checking in SymlinksIfOwnerMatch
* mod_headers: Enable multi-match-and-replace edit option
* mod_log_config: Make ${cookie}C correctly match whole cookie names
instead of substrings.
* mod_dir, mod_negotiation: Pass the output filter information
to newly created sub requests; as these are later on used
as true requests with an internal redirect. This allows for
mod_cache et.al. to trap the results of the redirect.
* rotatelogs: Fix possible buffer overflow if admin configures a
mongo log file path.
* mod_ssl: Do not do overlapping memcpy.
* vhost: A purely-numeric Host: header should not be treated as a port.
* core: (re)-introduce -T commandline option to suppress documentroot
check at startup.
4.5.2
translation updates, performance and stability improvements and other
bugfixes.
4.5.0
new versions of the Plasma Workspaces, the KDE Applications and the KDE
Development Platform in version 4.5.0. While focus within this release
cycle lay on stability, the overall polish and performance gain is well
noticable. Features such as the reworked notification area, Marble's map
routing and support for WebKit in Konqueror round up this release.
* Fix test suite failure on other side of date line.
* htmltidy: Allow configuring tidy parameters in setup file.
(W. Trevor King)
* Updated French program translation. Closes: #598918
* git: Added new rcs_revert and rcs_preprevert hooks.
* recentchanges: Add revert buttons to RecentChanges page, and
implement web-based reversion interface.
* Thanks to Peter Gammie for his assistance with the web-based reversion
feature.
* actiontabs: More consistent styling of Hn tags.
* websetup: Fix saving of advanced mode changes.
* websetup: Fix defaults of checkboxes in advanced mode.
* monotone: Fix recentchanges page when the srcdir is not at the top
of the monotone workspace. Thanks, tommyd.
* img: If a class is specified, don't also put the img in the img
class.
* auto-blog.setup: Don't enable opendiscussion by default; require users be
logged in to post comments.
Updating this leaf package during the freeze for bugfixes.
Changes:
* curl -T: ignore file size of special files
* Added GOPHER protocol support
* Added mk-ca-bundle.vbs script
* c-ares build now requires c-ares >= 1.6.0
Bugfixes:
* --remote-header-name security vulnerability fixed
* multi: support the timeouts correctly, fixes known bug #62
* multi: use timeouts properly for MAX_RECV/SEND_SPEED
* negotiation: Wrong proxy authorization
* multi: avoid sending multiple complete messages
* cmdline: make -F type= accept ;charset=
* RESUME_FROM: clarify what ftp uploads do
* http: handle trailer headers in all chunked responses
* Curl_is_connected: use correct errno
* Added SSPI build to Watcom makefile
* progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
* linking problem on Fedora 13
* Link curl and the test apps with -lrt explicitly when necessary
* chunky parser: only rewind stream internally if needed
* remote-header-name: don't output filename when NULL
* Curl_timeleft: avoid returning "no timeout" by mistake
* timeout: use the correct start value as offset
* FTP: fix wrong timeout trigger
* buildconf got better output on failures
* rtsp: avoid SIGSEGV on malformed header
* LDAP: Support for tunnelling queries through HTTP proxy
* configure's --enable-werror had a bashism
* test565: Don't hardcode IP:PORT
* configure: check for gcrypt if using GnuTLS
* configure: don't enable RTMP if the lib detect fails
* curl_easy_duphandle: clone the c-ares handle correctly
* MacOSX-Framework: updates for Snowleopard
* support URL containing colon without trailing port number
* parsedate: allow time specified without seconds
* curl_easy_escape: don't escape "unreserved" characters
* SFTP: avoid downloading negative sizes
* Lots of GSS/KRB FTP fixes
* TFTP: Work around tftpd-hpa upload bug
* libcurl.m4: several fixes
* HTTP: remove special case for 416
* examples: use example.com in example URLs
* globbing: fix crash on unballanced open brace
* cmake: build fixed
*) Change: the "secure_link_expires" directive has been canceled.
*) Change: a logging level of resolver errors has been lowered from
"alert" to "error".
*) Feature: now a listen socket "ssl" parameter may be set several
times.
Dear TYPO3 community,
The TYPO3 core team has just released TYPO3 versions 4.2.15,
4.3.7 and 4.4.4, which are now ready for you to download. All versions
are maintenance releases and contain bugfixes and security fixes.
IMPORTANT:
These versions include important security fixes to the TYPO3 core. A
security announcement has just been released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
