Pkgsrc changes:
o Changed MAINTAINER to pkgsrc-users@, hope that's ok
o Adjusted dependencies according to new requirements
Upstream changes:
1.52 Tue Nov 25 09:52:30 CST 2008
========================================
[FIXED]
Improved some error messages in $mech->submit_form(). Thanks to
Norbert Buchmuller.
1.51_03 Thu Nov 20 11:05:49 CST 2008
========================================
[FIXED]
The $mech->clone() method was not passing the cookie jar to its
clone properly. Thanks to David Sainty.
The $mech->back() can fail if there's nothing on the stack to go
back to. Thanks to Dave Page.
$mech->follow_link() did not complain if a link could not be found,
even with autocheck on. Now it does. Thanks, Flavio Poletti.
[ENHANCEMENTS]
Added a $mech->form_id() method so you can look up forms by ID.
Added $mech->content_type(), because $mech->ct() is too cryptic.
1.51_02 Tue Nov 18 01:30:54 CST 2008
========================================
[STILL BROKEN]
t/local/click_button.t is still failing its tests for calling ->click
on an HTML::Form object. I suspect this is an LWP change, but I
haven't dug into it enough yet.
[FIXES]
Fixed the bad credentials API that stomped on LWP::UserAgent's
credentials() method. Thanks to Max Maschien and Matt Lawrence.
The $mech->links method now finds <link href="..."> links. Thanks
to H.Merijn Brand.
Makefile.PL explicitly requires Perl 5.8.0.
URI.pm has to be version 1.36 or else URIs don't get encoded
correctly.
LWP has to be 5.819 or we have encoding problems.
1.51_01 Thu Nov 6 15:13:03 CST 2008
========================================
[FIXES]
Page history is now working much better. The $mech->back() method
should behave more like a browser now. Most notably, it no longer
restores the cookie state, just like your browser doesn't restore
cookie state when you page back. It also should use much less
memory.
1.50 Sun Sun Oct 26 22:42:46 CDT 2008
========================================
[THINGS THAT MAY BREAK YOUR CODE]
WWW::Mechanize now requires version 5.815 of LWP. This in itself
may cause problems for you because of changes in how LWP does
authentication.
1.49_01 Sat Sep 27 23:50:04 CDT 2008
========================================
[THINGS THAT MAY BREAK YOUR CODE]
The autocheck argument to the constructor is now ON by default,
unless WWW::Mechanize is being subclassed. There are so many new
programmers whose ->get() calls fail unchecked that I'm now putting
on the seat belts for them.
[FIXES]
I do believe we are on the way to having all the encoding problems
ironed out. This version incorporates a patch from here:
http://code.google.com/p/www-mechanize/issues/detail?id=61
and tests from Miyagawa's WWW::Mechanize::DecodedContent
http://search.cpan.org/dist/WWW-Mechanize-DecodedContent/
to finally fix this.
[ENHANCEMENTS]
You can now specify not to set up the proxy, if there is one. The
proxy causes problems for Crypt::SSLeay. For details see:
http://code.google.com/p/www-mechanize/issues/detail?id=39
[DOCUMENTATION]
Fixed internal links.
[INTERNALS]
Lots of refactoring based on Schwern's "Skimmable Code" talk.
http://use.perl.org/~schwern/journal/36704http://schwern.org/~schwern/talks/Skimmable%20Code%20-%20YAPC-NA-2008.pdf
Pkgsrc changes:
o Adjust dependencies according to new requirements
Upstream changes:
1.22 Fri Nov 21 20:29:30 CST 2008
------------------------------------
[ENHANCEMENTS]
Added $mech->head_ok() and $mech->put_ok() methods. Thanks to
Jaldhar Vyas.
Pkgsrc changes:
o Canonicalize HOMEPAGE
Upstream changes:
0.50 (10.21.2008) - John Siracusa <siracusa@gmail.com>
* Fixed a bug that caused empty query parameters to be omitted
from the query string.
* Added the omit_empty_query_params object attribute (with class-
wide default override) to preserve the old behavior.
Pkgsrc changes:
o Canonicalize HOMEPAGE
o Adjust dependencies according to new requirements
Upstream changes:
0.600 (12.13.2008) - John Siracusa <siracusa@gmail.com>
* Added localization support.
* Added private library support.
* Rose::HTML::Form::Field::PopUpMenu's internal_value() is now
unconditionally singular, and undef when no items are selected.
* Fixed a bug in Rose::HTML::Image that made detection of image
sizes dependent on method call order. (Reported by Sean Allen)
* Added mod_perl 2.x support to Rose::HTML::Image. (Reported by
Sean Allen)
0.555 (10.22.2008) - John Siracusa <siracusa@gmail.com>
* Fixed a memory leak in group fields (RT #38837)
* Corrected documentation and implementation of init_with_objects().
The PEAR::HTML_TreeMenu PHP package provides methods for HTML tree menus.
PHP Based api creates a tree structure using a couple of small PHP classes.
This can then be converted to javascript using the printMenu() method. The
tree is dynamic in IE 4 or higher, NN6/Mozilla and Opera 7, and maintains state
(the collapsed/expanded status of the branches) by using cookies.
Other browsers display the tree fully expanded. Each node can have an
optional link and icon.
Upstream changes:
2008-11-20: version 0.104
* Include ChangeLog (#38278)
Older chnagelog entries:
2008-07-16: version 0.103
* Changes for more recent Kwiki
* Get rid of quote marks from old CVS commit messages (#32306)
* CVS revision number should start with major version number (#13846)
2004-11-27: version 0.102
* Initial working release
This despite one test still fails, but at least it's an improvement
over the old version, which failed 6-7 of the tests.
Pkgsrc changes:
o Add commented-out HOMEPAGE using search.cpan.org.
Upstream changes:
1.00011 Wed Aug 20 19:32:44 2008
- Order->create($cart) uses storage->has_column instead of can
- Removed Build.PL to make Module::Install happy
- Removed $self->stash->clear call in Checkout->process
- Checkout->new phases now eval strings in arrayref correctly
- Deprecating phase names as constants. Just use strings and be happy.
- Added tests for plugins add_handler using strings
- Fixed compat.t tests under 5.10
- Fixed storage_dbic_clone.t failure under 5.10
------
v3.3.2
------
[mms] Fix prototypejs regression on IE (Bug #6590).
------
v3.3.1
------
[cjh] SECURITY: Add another check to the XSS filter.
[jan] Add script to import preferences from SquirrelMail database.
[cjh] Allow the password file Auth driver to require a specific group.
[cjh] Use YYYY-MM-DDTHH:MM:SS for Alarm date queries (Bug #7580).
[jan] Add XPath wrapper to Horde_DOM library.
[cjh] Don't use executeMultiple in the SQL Share driver when we might
reset the connection in between queries (Bug #7542).
[jan] Fix database XML schema to create all lock table fields (Bug #7433).
[jan] Fix showing two sidebars after saving the display preference group for
the first time (Bug #7475).
[jan] Fix sharing with LDAP groups (Bug #6883).
[jan] Add javascript event handler for access keys.
[cjh] Remove UNSIGNED from PostgreSQL scripts.
[cjh] Call preference hooks in the scope of the preference
(vlukashov (at) parallels (dot) com, Bug #7445).
[jan] Fix resuming synchronization session on server farms
(adrieder@sbox.tugraz.at, Bug #7394).
[jan] Fix synchronization of tasks with many items (adrieder@sbox.tugraz.at,
Bug #7395).
[mms] Upgrade prototype.js to v1.6.0.3.
[jwm] Fix regression: SOAP wsdl/disco shouldn't require authorization.
Upstream changes:
0.11 Mon Dec 1 09:45:52 EST 2008
* The previous release didn't actually fix 30113
0.10 Fri Oct 19 12:37:48 BST 2007
* [rt.cpan.org #30113] Cleaning up /tmp directory; predictable
tmp filenames
- Don't use predictable tempfile names for our test dir.
- Clean up the test dir after running
Reported by ANDK
Version 2.6.3 (2008-12-13)
--------------------------
- Added insert tag "env::page_id" (#276)
- Added option to use insert tags in the listing module (#276)
- Added option to show hidden pages in the quick navigation module (#280)
- Added field names to the back end form preview (#227)
- Hardened Input class to recognize even more malicious code
- Improved insert tag "image" to support the "rel" attribute (#298)
- Improved file manager to rename copied files if they exist in the target directory (#273)
- Declared all private methods protected so they can be overwritten (#310)
- Fixed issue with safe mode hack messing up the owner of new files
- Fixed issue with naming conflict in listing and memberlist module (#297)
- Fixed issue with calendar feeds not linking to external pages (#283)
- Fixed issue with custom menus with hidden pages not showing class "last" (#259)
- Fixed issue with TinyMCE hyperlink popup not loading for regular users (#274)
- Fixed issue with style sheet categories not being duplicated (#236)
- Fixed issue with regular users not being able to edit multiple content elements (#272)
- Fixed issue with regular users not being able to cut/copy news and events (#294)
- Fixed a few minor bugs
Pkgsrc changes:
o Add commented-out additional HOMEPAGE using search.cpan.org
o Adjust dependencies in accordance with updated requirements
Upstream changes:
v0.35 (released 2008/11/03):
* bug fixes
- Fixed RT #40318
(http://rt.cpan.org/Public/Bug/Display.html?id=40318),
about getting single or multiple files directly to
\*STDOUT.
v0.34 (released 2008/09/11):
* bug fixes
- Fixed RT #39150
(http://rt.cpan.org/Public/Bug/Display.html?id=39150),
about downloading multiple files in the same directory.
v0.33 (released 2008/08/24):
* documentation
- Clearly state that opera software asa is now co-maintainer
of http::dav
- Fixed various inconsistencies in the v0.32 documentation
v0.32 (released 2008/08/24):
* incompatibilities
- Now HTTP::DAV requires Perl 5.6.0+ and Scalar::Util
(core in 5.8.x).
* bug fixes
- Now HTTP::DAV objects are correctly released from memory
when they go out of scope. Now it should be possible to
use multiple instances of HTTP::DAV even in long-running
processes.
Was caused by circular references between HTTP::DAV and
HTTP::DAV::Resource.
Pkgsrc changes:
o Adjust dependencies according to new META.yml
Upstream changes:
version: 0.63
date: 2008-11-11
changes:
- improved support for nested blocked elements (needed, e.g., for
MediaWiki support of 'p' elements within table cells, bug #37911)
Upstream changes:
2008-11-24 Gisle Aas <gisle@ActiveState.com>
Release 3.59
Restore perl-5.6 compatibility for HTML::HeadParser.
Improved META.yml
2008-11-17 Gisle Aas <gisle@ActiveState.com>
Release 3.58
Suppress "Parsing of undecoded UTF-8 will give garbage" warning
with attr_encoded [RT#29089]
HTML::HeadParser:
- Recognize the Unicode BOM in utf8_mode as well [RT#27522]
- Avoid ending up with '/' keys attribute in Link headers.
2008-11-16 Gisle Aas <gisle@ActiveState.com>
Release 3.57
The <iframe> element content is now parsed in literal mode.
Parsing of <script> and <style> content ends on the first end tag
even when that tag was in a quoted string. That seems to be the
behaviour of all modern browsers.
Implement backquote() attribute as requested by Alex Kapranoff.
Test and documentation tweaks from Alex Kapranoff.
Pkgsrc changes:
o Change to Module::Build
Upstream changes:
1.106 2008-09-14
- Added missing Apache2 modules. Refs #39146 and #38931. Thanks
to RSAVAGE.
- Applied BEROV's patch for UTF-8 form data handling. Refs #12481.
Thanks to BEROV.
Pkgsrc changes:
o Add HOMEPAGE using search.cpan.org
Upstream changes:
4.38 - Friday, October 31, 2008
* INTERNAL: Rename SimpleObjectClass to
CGI::Session::Test::SimpleObjectClass to avoid
namespace ownership issue (Mark Stosberg).
* INTERNAL: We now list CGI.pm 3.26 or greater as a dependency.
You are still welcome to use other query objects,
but this version of CGI.pm fixes a bug in the
strictness of HTTP expiration times, which Safari
in particular is sensitive to. So, if you are using
CGI.pm, you should upgrade to at least this version.
RT#34216, thanks to Astar, Michael Hampton, Ron
Savage and Mark Stosberg.
* INTERNAL: return explicit values in _set_status and _unset_status
(RT#39201, Mario Domgoergen, Mark Stosberg)
* FIX: RT#37877: The storable serializer wasn't properly
inheriting the 'errstr' method. This could have resulted
an error like: "Can't locate errstr via package
"CGI::Session::Serialize::storable" Thanks to Michael
Greenish, Mark Stosberg.
* FIX: RT#40405 reported a case where the default serializer
would have a problem after the user set a parameter's
value to undef, in certain circumstances.
A test file was kindly provided by cowomally[...]nullium.net.
The fix was spelled out by Matt LeBlanc
* FIX: RT#39679 pointed out a simplification in method remove()
in CGI::Session::Driver::file.
By calling _file() instead of duplicating code, we get
the benefit of extra error checking. Thanx to Sergiy
Borodych for noticing this
* FIX: Stop using the return value of delete() in t/find.t.
This means that when the patch provided in RT#37752 is
applied, t/find.t will not start failing
4.37 - Wednesday, October 22, 2008
* INTERNAL: Patch Makefile.PL and Build.PL to request that
SimpleObjectClass not be indexed.
4.36 - Friday, September 12, 2008
* FIX: The sample code for find() had 2 errors in it:
o It assumed delete() returned a meaningful value, which it doesn't
o It did not follow the call to delete() with a
(recommended) call to flush()
o Thanks to Mario Domgoergen for the report, RT#39201
Upstream changes:
2.04 - Fri Nov 28 15:41:33 PST 2008
Incorporated bug fix for authen_ses_key() provided by
Carl Gustafsson. authen_ses_key() was not properly handling
any extra_session_info - the fix is to get $hashed_string with
my $hashed_string = pop @rest;
Also releasing the work done between April 26, 2005 and February 4, 2007,
plus bug fix for authen_ses_key
- Added basic framework for unit tests.
- Factored out some of the DBI code into new methods:
- _dbi_connect()
- _get_crypted_password()
- Changes to satisfy Perl::Critic, e.g.
- Removed function prototypes (they are ignored for methods.)
- Cleaned up regular expressions: use /x, etc.
Midori is a lightweight web browser.
Features
Full integration with GTK+ 2
Fast rendering with WebKit
Tabs, windows and session management
Bookmarks with XBEL and token support
Flexibly configurable Web Searchbox
Custom context menu actions
User scripts and user styles support
Extensible via Javascript
WebKit is an open source web browser engine. WebKit is also the name of
the Mac OS X system framework version of the engine that's used by
Safari, Dashboard, Mail, and many other OS X applications. WebKit's HTML
and JavaScript code began as a branch of the KHTML and KJS libraries
from KDE.
This is the GTK2+ port of the engine.
cleanup Makefile
0.08 Wed Nov 26 10:02:52 EST 2008
- Workaround possible errors with Storable::thaw and empty
strings (thanks to kevin montuori for suggesting a fix)
Changelog:
0.10009 2008-11-27
- Including progressive realm for multiple authentication attempts
in a single request.
0.10008 2008-10-23
- Updating config to allow for inclusion of realm ref's in the main
config hash rather than in a subref called 'realms'
* Update Bulgarian translation which catch up to TYPOlight 2.6.2.
* Fix PLIST for Romanian (PLIST.ro) which should be updated by previous commit.
* Update French and Latvian translations.
The seventh maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-2008-073 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 6.6 release:
* - Patch #324118 by winterheart: fixed invalid XHTML being generated for forum topic listings.
* - Patch #329019 by dww, sun: fixed PHP warning.
* #315739 by sun: The theme name is in arg(4) on the block admin page, so only redirect to theme specific page if that is set.
* - Patch #329646 by Damien Tournoud: properly reset user_access().
* - Patch #255293 by Gribnif, maartenvg: incorrect regex causes some aggregated CSS to fail.
* #329998 by pwolanin: escape markup looking non-HTML tags in schema descriptions
* #258089 by JohnAlbin, Arancaytar, merlinofchaos: themes cannot have a preprocess function without a corresponding .tpl.php file
* #255150 by dropcube, tested by catch, asimmonds: content type names were double escaped on create content page
* #329660 by pwolanin: node_configure_validate() should be replaced with a #submit handler to conform to FormAPI rules
* #299742 by Darren Oh: missing #ahah support on checkboxes
* #193580 follow up by gpk: late but important changelog entry for Drupal 6.0
* #302638 by pwolanin: avoid running several no-op queries while the menu is being rebuilt; improves performance
* Rolling back #302638, it caused problems reported in #328110
* #319165 by Alex_Tutubalin: add explicit UTF-8 client encoding setting for PostgreSQL
* - Patch #277644 by lilou: documentation improvement.
* - Patch #335385 by Dave Reid: fixed maxlength of path alias fields to be consistent with the database.
* - Patch #337454 by earnie: fixed the phpdoc of drupal_render_form().
* - Patch #293370 by swentel et al: make block sorting work when there are more than 20 blocks.
* - Patch #325908 by kbahey: removed redundant cache flusing.
* - Patch #281131 by Damien Tournoud: document the missing quote in .htaccess.
* - Patch #336115 by Nedjo: better documentation for t().
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is lowercased and only valid characters are allowed.
* #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of items to make stuff easier to find.
* #305653 by snowball43, cdale, Dave Reid, sun: All themes were disabled when update.php was run
* #344661 by Dave Reid: fix phpdoc documentation on translation_translation_link_alter()
* #333060 by neclimdul, merlinofchaos, dvessel: child themes did not inherit patterns correctly, so more specific template files are not detected
* #206138 by pwolanin et al: little documentation fix for node base module name handling
* #276111 by pwolanin, meba and myself: disallow possibly dangerous submissions in locale translations and imports
* #345167 by JacobSingh, pwolanin, Heine: drupal_http_request() includes an extra CRLF, not conformant to HTTP specs
http://drupal.org/node/345462
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-2008-073 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 5.12 release:
* #318102 by Damien Tournoud and Dave Reid: hook_exit() not invoked for some cached requests.
* #278821 by teezee. More isset() checking.
* #293612 by egfrith, Bart Jansens: let user_authenticate() be called without cookies previously set; allows web service modules to start a session with the authentication.
* #123556 by maartenvg and dvdweide. Do not show empty user info categories.
* #294450 by blakehall. Match up DB and form max length.
* More code style removing trivial differences with 6.x.
* #195161 by mcarbone with some modifications: only show 'login to post comments' if logging in actually lets you post comments. Backport by salvis.
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is lowercased and only valid characters are allowed.
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of items to make stuff easier to find.
http://drupal.org/node/345467
- Remove description of using PostgreSQL for backend database
from files/README.
- Replace remained www/www to APACHE_USER/APACHE_GROUP in Makefile.
- Don't hardcord /typolight in files/typolight.conf.
Bump PKGREVISION.
Trac-0.11.2.1.ja1 (Nov 30, 2008)
* Merge Trac-0.11.2 and Trac-0.11.2.1
* Change encodings on Option's doc from unicode to UTF-8 for `pydoc`.
- trac/wiki/macros.py
- trac/attachment.py
- trac/db/api.py
- trac/env.py
- trac/mimeview/api.py
- trac/mimeview/enscript.py
- trac/mimeview/php.py
- trac/mimeview/pygments.py
- trac/mimeview/silvercity.py
- trac/notification.py
- trac/perm.py
- trac/search/web_ui.py
- trac/ticket/api.py
- trac/ticket/notification.py
- trac/ticket/query.py
- trac/ticket/report.py
- trac/ticket/roadmap.py
- trac/ticket/web_ui.py
- trac/timeline/web_ui.py
- trac/versioncontrol/api.py
- trac/versioncontrol/svn_authz.py
- trac/versioncontrol/svn_fs.py
- trac/versioncontrol/web_ui/browser.py
- trac/versioncontrol/web_ui/changeset.py
- trac/versioncontrol/web_ui/log.py
- trac/web/auth.py
- trac/web/chrome.py
- trac/web/main.py
- trac/wiki/api.py
Trac 0.11.2.1 (November 17, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.2.1
Trac 0.11.2.1 fixes a Python 2.3 incompatibility introduced in Trac 0.11.2.
Python 2.4+ users already running Trac 0.11.2 do not need to upgrade.
Trac 0.11.2 (November 8, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.2
Trac 0.11.2 contains two security fixes and a couple of bug fixes.
The following list contains only a few highlights:
Bug fixes:
* Fixes potential DOS vulnerability with certain wiki markup. Reported by
Matt Murphy.
* Improved HTML sanitizer filter to detect possible phishing attempts.
Reported by Simon Willison.
* MySQL db backend improvement (reconnect after idle timeout #4465)
* TicketQuery speed improvements (#6436)
* Fixes for RSS feeds (timeline entries no longer truncated #7316, no longer
download some feeds under Firefox #3899)
* Search now works for custom fields (#2530)
* Same order for ticket fields for new and existing tickets (#7018)
* Enforce fine-grained permission for "quickjump" search results (#7655)
* E-mail obfuscation was not done in a few remaining places (#7688, #6532)
* Uninstall of plugins from WebAdmin was not working - feature disabled
for now
* More robust pagination of results for reports and custom queries (#7424,
#7544)
* Support for newer version of pygments (#7622)
* Documentation updated (#7603, #7205, #7318)
Minor improvements:
* Better support for Wiki page hierarchy (show path #2780, link to
parent #2150)
* Custom query allow to search in description and other text fields (#4824)
Pkgsrc changes:
- Add dependencies for test target so most of this Perl module's
tests can be run
Upstream changes:
0.10 27 Oct 2008
* calling $form->reset or $form->clear will now refetch
objects from db for interrelated menus, re-populating the
options.
0.11 27 Oct 2008
* fix dbic tests so they skip the correct number of tests
0.12 17 Nov 2008
* support the new 'unqiue_value()' method in RDBOHelpers
and MoreHelpers, which will now override
show_related_field_using() when called in foreign_field_value().
0.13 24 Nov 2008
* fix autocomplete bug to call get_controller() rather than
simply controller()
* add map_to_column, map_from_column and map_class_controller_class
to RelInfo
* add as_hash() to RelInfo
2.24.2
Fix multi-dnd with gtk 2.14
Convert strings to UTF16 before passing them to nsIPrintSettings with
Gecko 1.9.
Analysis by Vincent Caron, fixes bug #549361.
Update Ukrainian translation.
Updated Brazilian Portuguese translation.
Updated Swedish translation
Added Asturian translation on behalf of Mikel Gonzalez
2.24.2.1
Re-dist with libtool 2.
actually still exists.
Changes since 2.01-10:
* Fixed problem with timing totals.
* Fixed referrer linking to avoid possible xss injection.
* Fixed month change detection error that caused incorrect report
dates when logs had a 'gap' longer than a year.
* Fixed buffer overrun possibility in parsing code and user agent
mangle logic.
* Added symbolic link checks for file I/O to prevent possible
privilege escalation exploits. Disallows reading from or writing
to any file that is a symlink. Thanks to Julien Danjou.
* Added code to preserve the history and incremental data files in
the event of a crash before writing to them completely. Thanks
to Robert Millan for the idea and initial code.
* Added native geolocation services, which fully supports both IPv4
and IPv6 lookups. Adds the configuration keywords 'GeoDB' and
'GeoDBDatabase' along with the '-j' and '-J' command line options.
* Added 'wcmgr', "The Webalizer (DNS) Cache file Manager" to the
distribution to provide cache file maintenance. See the supplied
man page for a description and usage information.
* Changed history code and main index page to allow for more than
12 months of reports to be displayed. Added the config keywords
'IndexMonths' (-K command line option), 'GraphMonths' (-k command
line option) and 'YearHeaders' to control how index is displayed.
* Changed Berkeley DB code to use current 4.x APIs.
* Added support for bzip2 compressed log files (.bz2) as a compile
time option (--enable-bz2). If enabled, bzipped files will be
decompressed automatically during processing.
* Added support for W3C formatted logs. Based on code submitted
by Klaus Reimer.
* Added GeoIP support as compile time option (--enable-geoip). Adds
'GeoIP' and 'GeoIPDatabase' config keywords, '-w' and '-W'
command line options. (http://www.maxmind.com/)
* Added IPv6 support. Based on initial code by Jose Carlos Meneiros
and modified to support Solaris and other problematic platforms.
* Added 'CacheIPs' config option to allow saving unresolved addresses
in the DNS cache.
* Added 'CacheTTL' config option which allows the DNS cache time to
live (TTL) value to be specified at run-time.
* Added 'SearchCaseI' config option to specify if search strings
should be treated as case insensitive or not. The default value,
'yes', causes search strings to be treated as case insensitive.
* Added 'HTAccess' config option. Allows writing a default .htaccess
file to the output directory.
* Added ability to display flags in the top country table. Adds the
config keywords 'CountryFlags' and 'FlagDir', and -z command line
option.
* Added 'StripCGI' config option to configure how CGI variables on
the end of URLs are treated (can now be stripped or left in place).
* Added 'DefaultIndex' config option to enable/disable the use of
"index." as a default index name to be stripped from the end of URLs.
* Added 'TrimSquidURL' config option to allow squid log URLs to be
reduced in granularity by a user definable amount. Thanks to code
submitted by Stuart Gall.
* Added 'OmitPage' config option (and the '-O' command line switch)
to prevent specified URLs from being counted as pages even if they
otherwise would be. Thanks to code submitted by Adam Morton.
* Added 'IgnoreState' config option (and the -b command line switch)
to allow ignoring any existing incremental data file (similar to
the IgnoreHist/-i option).
* Changed logic to always generate summary report (index.html),
even if no records were processed.
* Added color support to allow changing graph colors. Based on the
Webalizer-usecolor code submitted by Benoit Rouits. Adds 11 new
config options, see the README file for complete descriptions.
* Added language 'lang=' specification in generated HTML files.
* Added 'LinkReferrer' config option to allow/disallow links in the
top referrers table.
* Added 'PagePrefix' config option to allow URL prefix matches to
be counted as pages, regardless of file extension or type. Thanks
to code submitted by Remco Van de Meent.
* Enabled large file support (LFS) to support logs greater than 2Gb
in size on systems that support LFS. Also increased the size of
most internal counters to handle larger sites.
* Minor changes to generated HTML output
* Updated language files country codes for current IANA TLDs
* Changed the meaning of the -v command line switch. It now
causes verbose information to be displayed at run-time
(Informational and Debug messages).
* Changed Group* config options to allow a quoted string for
the match string. This allows spaces to be embedded in the
string.
* Changed log record parsing logic to allow spaces in URLs.
* Made configuration keywords, boolean configuration values
(yes/no), and log file types case insensitive. Also fixed
defaults for invalid values to reflect documented defaults.
* Changed configure script to use --sysconfdir to specify the
location of the default webalizer.conf configuration file.
Also added support for DESTDIR during install to aid binary
package builds.
Changes:
* FIX) qCgiRequestParseQueries() - quoted boundary patch. (by Hidai
Kenichi)
* NEW) qStrUnchar() - remove character from head and tail of the
string.
* NEW) qDecoderVersion() - get the version string of qDecoder library.
* FIX) minor fixes related packaging.
* Add release date of each translation as comment in options.mk.
* Add some patch to use double quotation instead of singe quotation
which prevents parsing "\n" as newline.
* Update Russian and Serbian language translations which catch up to
TYPOlight 2.6.2.
* Add new Thai language translation.
General Public License (GPL). It's designed to be run on a large server
farm for a website that gets millions of hits per day. MediaWiki is an
extremely powerful, scalable software and a feature-rich wiki implementation,
that uses PHP to process and display data stored in its MySQL database.
GtkHTML-3.24.2 2008-11-24
-------------------------
Bug Fixes:
#472517: Always update the pop-up menu before showing it, whether we're clicking in a selection or not (Matthew Barnes)
Security fixes in this version:
MFSA 2008-59 Script access to .documentURI and .textContent in mail
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
MFSA 2008-48 Image stealing via canvas and HTTP redirect
MFSA 2008-47 Information stealing via local shortcut files
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.13/
"Don't put emails directly on the page, they will be scraped"
Stuff that I'm sick of looking at "bob at smith dot com". Why can't
we just write emails in a way that looks normal to people, but is
very, very difficult to scrape off. Most email scrapers only use
very very simple parsing methods. And it isn't as if it is hard to
just do
# Before we search for email addresses...
$page =~ s/\s+at\s+/@/g;
$page =~ s/\s+dot\s+/./g;
This is an arms war dammit, and I want nukes!
Pkgsrc changes:
o Accept default TT options, don't set them explicitly.
o Add commented-out additional HOMEPAGE using search.cpan.org.
o Add a patch related to module bug
http://rt.cpan.org/Public/Bug/Display.html?id=39100
Thanks to Jens Rehsack for the update, provided in PR pkg/39600!
Upstream changes:
#------------------------------------------------------------------------
# Version 2.20 - 13th August 2008
#------------------------------------------------------------------------
* Updated all the documentation.
* Restored the GIF images that got mangled in the switch from CVS to
Subversion.
* Fixed the Makefile.PL to pre-glob the tests to keep things working
smoothly in Win32.
http://rt.cpan.org/Ticket/Display.html?id=25573
* Applied a patch to Template::Directives from Ben Morrow to fix the
SWITCH/CASE directive when matching strings containing regex metacharacters.
http://rt.cpan.org/Ticket/Display.html?id=24183
* Applied a patch to Template::Parser from Koichi Taniguchi to make it
treat TAGS with case sensitivity.
http://rt.cpan.org/Ticket/Display.html?id=19975
* Changed html_entity_filter_factory() in Template::Filters to only look for
Apache::Utils and HTML::Entities once.
http://rt.cpan.org/Ticket/Display.html?id=19837
Template::Stash
---------------
* Applied a patch to Template::Stash from Jess Robinson which allows you
to call a list method on a single object and have it automatically
upgraded to a single item list. Changed the XS Stash to do the same.
http://lists.tt2.org/pipermail/templates/2006-November/009115.html
* Fixed a minor bug in the XS Stash which prevented it from updating
hash entries with empty, but defined keys. Thanks to Yitzchak
Scott-Thoennes for reporting the problem.
http://lists.tt2.org/pipermail/templates/2007-November/009819.html
* Applied a patch from Alexandr Ciornii to make the XS Stash compile
cleanly under VC++ 6.0 and with Sun's C compiler.
http://rt.cpan.org/Ticket/Display.html?id=20291
Template::Provider
------------------
* Fixed a minor bug in the Template::Provider code added in 2.19 that
caused errors in templates to only be reported once. Subsequent
fetches incorrectly returned 'not found' instead of repeating the
error.
* Made Template::Provider use File::Spec->catfile instead of using '/'
and letting Perl worry about Doing The Right Thing.
http://rt.cpan.org/Ticket/Display.html?id=34489
* Applied patch from Lyle Brooks to add binmode to the _template_content()
method in Template::Provider.
http://rt.cpan.org/Ticket/Display.html?id=38075
* Applied patch from Ted Carnahan to silence UNIVERSAL::isa warnings in
Template::Provider.
http://rt.cpan.org/Ticket/Display.html?id=25468
* Applied patch to Template::Provider from Andrew Hamlin which works around
a bug in Strawberry Perl on Win32.
http://rt.cpan.org/Ticket/Display.html?id=34578
Template::VMethods
------------------
* Applied a patch from Paul "LeoNerd" Evans to make the list.slice vmethod
work properly with negative indices.
http://lists.tt2.org/pipermail/templates/2008-March/010105.html
Plugins
-------
* Added the Math plugin and related files to the MANIFEST so they
actually get shipped out as part of the distribution. D'Oh!
http://rt.cpan.org/Ticket/Display.html?id=27375
* Added the Scalar plugin which adds the .scalar vmethod for calling
object methods and subroutines in scalar context.
* Added Template::Plugin::Assert which allows you to assert that values
are defined.
* Changed Template::Plugin::Filter to weaken the $self reference to avoid
circular references and memory leaks. Thanks to Masahiro Honma for
reporting the problem and suggesting the fix.
* Applied patch from Ronald J Kimball to make Template::Plugin::Date accept
dates with the year coming first.
http://lists.tt2.org/pipermail/templates/2007-July/009540.html
* Added C<1;> to the end of a few plugin modules that were missing it.
ttree
-----
* Changed the --accept option in ttree to match against the full file
path (relative to --src dir) rather than just the file name. This
makes it behave the same way as the --ignore option.
* Applied patch from Lyle Brooks to add binmode to the process()
call in ttree.
http://rt.cpan.org/Ticket/Display.html?id=38076
* Added a patch from Nigel Metheringham also to set binmode in ttree
but via a configuration option.
https://rt.cpan.org/Ticket/Display.html?id=30760
Change log
* Allow _ as a valid character in file names and URLs. Do not remove #
from file names. It only has a special meaning for URLs.
* Enable unlock on unload for inline edits
Updated packages and products
* Products.CMFPlone 3.1.7
* plone.i18n 1.0.7
* archetypes.kss 1.4.3
Pkgsrc changes:
- Remove now unneeded patch file.
Upstream changes:
1.11 13.11.2008
- removed =begin BUGS section in Pod that was preventing proper display
- fixed perlio layer for pass-through binary files
- ref to PodPOMWeb.css used wrong case (undetected on -Win32!)
- fixed page titles when the name has no "-- description"
- Fixed the following security issues:
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase
principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin
violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption
(rv:1.9.0.4/1.8.1.18)
MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome
MFSA 2008-47 Information stealing via local shortcut files
- Fixed several stability issues.
- Official releases for the Icelandic and Thai languages are now available.
- Beta releases for the Bulgarian, Esperanto, Estonian, Latvian, Occitan,
and Welsh languages are available for testing.
- Updated the internal Public Suffix list.
- Fixed an issue where the IME input tool used to enter Japanese, Korean,
Chinese and Indic characters was covered by the "Add Bookmark" panel.
(bug 433340)
- Enabled additional EV root certificates. (bug 451305)
- Fixed an issue where some passwords saved using Firefox 3.0.2 did not
work properly. (bug 457358)
- In some cases, Firefox would not properly save proxy settings for
protocols other than HTTP. (bug 446536)
Security fixes in this version:
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
MFSA 2008-48 Image stealing via canvas and HTTP redirect
MFSA 2008-47 Information stealing via local shortcut files
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.18/releasenotes/
authenticate users by checking credentials via the Cyrus SASL library.
This may be interesting for setups where other daemons (e.g. for SMTP, IMAP
or LDAP) already running at a machine use SASL to authenticate users. The
module is also useful to authenticate users against databases that use shadow
passwords. You do not need to elevate Apache HTTPD's access rights to
superuser privileges.
* Added AuthExternalContext directive, which defines a string that will be
passed to the authenticator in the CONTEXT environment variable. This can
be set from the .htaccess file or the <Directory> block to give slightly
different behavior from the same authenticator in different directories.
Thanks to Olivier Thauvin <nanardon at mandriva dot org> for this patch.
* Rewrite external authenticator launching code to use Apache's cross-OS
process/thread library instead of directly calling Unix functions.
Theoretically this should get us much closer to being usable on non-
Unix platforms.
* Support alternate syntax for configuration, using DefineAuthExternal and
DefineAuthGroup commands.
* More detailed error logging.
* Much cleanup of documentation.
Trac 0.11.2 (November 8, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.2
Trac 0.11.2 contains two security fixes and a couple of bug fixes.
The following list contains only a few highlights:
Bug fixes:
* Fixes potential DOS vulnerability with certain wiki markup. Reported by
Matt Murphy.
* Improved HTML sanitizer filter to detect possible phishing attempts.
Reported by Simon Willison.
* MySQL db backend improvement (reconnect after idle timeout #4465)
* TicketQuery speed improvements (#6436)
* Fixes for RSS feeds (timeline entries no longer truncated #7316, no longer
download some feeds under Firefox #3899)
* Search now works for custom fields (#2530)
* Same order for ticket fields for new and existing tickets (#7018)
* Enforce fine-grained permission for "quickjump" search results (#7655)
* E-mail obfuscation was not done in a few remaining places (#7688, #6532)
* Uninstall of plugins from WebAdmin was not working - feature disabled
for now
* More robust pagination of results for reports and custom queries (#7424,
#7544)
* Support for newer version of pygments (#7622)
* Documentation updated (#7603, #7205, #7318)
Minor improvements:
* Better support for Wiki page hierarchy (show path #2780, link to
parent #2150)
* Custom query allow to search in description and other text fields (#4824)
- took maintainership
- added depends on p5-Test-Warn
Changelog:
0.07 Wed Sep 24 17:08:34 EDT 2008
- Code was silently truncating storage to MySQL, rendering the
session unreadable. Patched to check DBIx::Class size from
column_info (if available)
- Wrap find_or_create calls in a transaction to (hopefully)
avoid issues with duplicate flash rows
- took maintainership
ChangeLog:
0.108 2008-09-25
Adding SimpleDB realm to simplify basic auth configuration
Changing user_class to user_model, per req. by mst to avoid confusing newbies.
0.107 2008-09-29
Fix the typo in exception during authenticate
Doc fixes and clarifications
Added missing dependency on Catalyst::Model::DBIC::Schema to Makefile.PL
0.105 2008-03-19
Throw an exception if no fields are provided during authenticate
- better than retrieving a random user.
- still possible to do an empty search by using searchargs
- took maintainership
Changelog:
0.10007 2008-10-23
- Updating config to allow for inclusion of realm ref's in the main
config hash rather than in a subref called 'realms'
0.10007 2008-08-17
- Update tests prereqs to include Test::Exception (RT #36339)
- Some documentation fixes (including RT #36062)
- Compatibility fix where the use of new style config and old
style Authentication::Store::Minimal would cause a crash
(Reported & fixed by Jos Boumans C<kane@cpan.org>)
- Documentation update on Password - to indicate proper field naming
- Decouple Authentication system from session. The realm class
now allows complete control over how a user is persisted across
requests.
- pod fixes (RT #36062, RT #36063)
- took maintainership
ChangeLog:
5.7014 04 Nov 2008
- Remove a reference to a FOREACH loop that did not exist (RT #39046)
- Changed some Template Toolkit links to perldoc links (RT #38354)
- Fix Template Toolkit website link (RT #37574)
- Fix part numbering (RT #37963)
- Improvements to the ACCEPT_CONTEXT docs in Manual::Intro
- Happy Election Day, America!
2008-11-05 Release 5.820
Main news is the ability to control the heuristics used to determine
the expiry time for response objects.
Gisle Aas (8):
Reformat later parts of Changes
Add a paragraph to summarize the motivation for releases since 5.815
all_pod_files_ok();
Fix POD markup error
Calculation of current_age with missing Client-Date.
The age/freshness methods now take an optional 'time' argument
More correct matching of 'max-age' in freshness_lifetime method
The freshness_lifetime method now support options to control its heuristics
Pkgsrc changes:
- Add dependency on mail/p5-MIME-Types
- Add minor patch to fix POD formatting
Upstream changes:
1.10 07.11.2008
- passthrough for non-POD files (i.e. images, css, etc.)
- clicking hrefs in the TOC really loads the pages
- recompute height of treeNavigator
- alphabetical sort of Perl docs in each section
- sync displayed pages / TOC
- tooltips for Perl docs
- fixed hyperlinks in perlfunc
- initial page is 'perl' instead of 'perlintro', with hyperlinks
Changes:
1.10
treeNavigator
- new option noPingOnFirstClick
- new option treeTabIndex
- by default, tree element gets tabIndex 0
- better focus management when quick navigation through keys
- doubleClick handler
- up/down at end of tree falls back to default navigator behaviour
choiceList
- new option choiceItemTagName
autoCompleter
- multivalued
- click handler on drowpdown lists
- new options :
completeOnTab
actionItems
multivalued
multivalue_separator
choiceItemTagName
htmlWrapper
observed_scroll
additional_params
http_method
to make directory name match PKGNAME.
This is CGI_Lite.pm, a light-weight easy-to-use Perl5 library for writing
forms-based World Wide Web CGI scripts.
- drop allowing dependecy to php-pgsql since TYPOlight's framework
has support for PostgreSQL (and some other databases), but TYPOlight
itself runs with MySQL only.
- Add typolight-liveupdate option which alllow using TYPOlight Live Update
service though it inherently conflicts with pkgsrc's framework.
Version 2.6.2 (2008-11-01)
--------------------------
- Updated TinyMCE to version 3.2.0.2
- Improved TinyMCE plugin "typolinks" (#111)
- Added extension repository client
- Added front end module "article navigation"
- Added automatic insertion of the invisible copyright notice
- Added option to copy or move news and events between archives
- Added hook "addCustomRegexp" to add custom regular expressions to widgets
- Added workaround to determine the server IP on Strato servers (#113)
- Added option to add labels to back end drop-down menus (#5)
- Added config/langconfig.php to store custom labels (#119)
- Added a close button to the preview pane (#188)
- Added classes "first" and "last" to comments (#183)
- Added insert tag "image" to insert resized images (#55)
- Added the creator's name to tasks in the task list (#136)
- Added option to define date formats per root page (#190)
- Added event titles to calendar RSS/Atom feeds (#50)
- Fixed a small issue with the style sheet importer (#117)
- Fixed issue with mandatory select menus not throwing errors (#45)
- Fixed issue with flash movies being displayed in the back end (#121)
- Fixed issue with limited number of archives/calendars in front end modules (#159)
- Fixed issue with external news items without text not showing the "read more" link (#128)
- Fixed issue with module personal data not updating newsletter subscriptions (#149)
- Fixed issue with article teaser links not working with empty page ID (#180)
- Fixed issue with Analytics ID being shown in the front end preview (#103)
- Fixed issue with multi-day events and daylight saving time (#199)
- Fixed issue with incorrect e-mail address validation (#182)
- Fixed issue with style sheets not being written after import (#184)
- Fixed a few minor bugs
as well as support for boehm-gc and utf8. Myriad bug fixes.
I've switched the javascript support library over too lang/see,
as it seems to work better. If a release does not come out by
the next branch, I will package a snapshot, as it seems like
they've fixed even more bugs in the development tree.
* 6 Sep 2008 -- An image like XXX doesn't look as good as the same image XXX
that's vertically aligned with your surrounding text. Along with several
standard HTTP header fields, mimeTeX now also emits a special
Vertical-Align: -nn header, where -nn is the number of pixels (usually
negative as illustrated) needed for a style="Vertical-Align: -nn px"
attribute in the <img> tag used to render your expression.
See the mimeTeX manual for further discussion.
* 5 Sep 2008 -- Users running mimeTeX as a Win32 DLL with Shital Shah's Code
Project reported that color directives aren't reset, e.g., an expression
containing \red is rendered red as directed, but all subsequent images are
red, too.
This has been fixed (along with several similar bugs nobody noticed).
It never affected users running mimeTeX in the usual way, as a cgi.
- Don't set MAINTAINER and HOMEPAGE variables here, they should be set by
individual packages including this file (I don't want to implicitly be
maintainer for all packages including this Makefile fragment).
- SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
- Allow for smax to be 0 for balancer members so that all idle
connections are able to be dropped should they exceed ttl.
Apache Bug #43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,
Jim Jagielski]
- mod_proxy_http: Don't trigger a retry by the client if a failure to
read the response line was the result of a timeout.
[Adam Woodworth <mirkperl gmail.com>]
- Support chroot on Unix-family platforms
Apache Bug #43596 [Dimitar Pashev <mitko banksoft-bg.com>]
- mod_ssl: implement dynamic mutex callbacks for the benefit of
OpenSSL. [Sander Temme]
- mod_proxy_balancer: Add 'bybusyness' load balance method.
[Joel Gluth <joelgluth yahoo.com.au>, Jim Jagielski]
- mod_authn_alias: Detect during startup when AuthDigestProvider
is configured to use an incompatible provider via AuthnProviderAlias.
Apache Bug #45196 [Eric Covener]
- mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be
used as a session path separator/delim Apache Bug #45158. [Jim Jagielski]
- mod_charset_lite: Avoid dropping error responses by handling meta buckets
correctly. Apache Bug #45687 [Dan Poirier <poirier pobox.com>]
- mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
avoid reusing pooled connections if the client connection is an initial
connection. Apache Bug #37770. [Ruediger Pluem]
- mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
Apache Bug #44799 [Christian Wenz <christian wenz.org>]
- mod_ssl: Rewrite shmcb to avoid memory alignment issues.
Apache Bug #42101. [Geoff Thorpe]
- mod_proxy: Add connectiontimeout parameter for proxy workers in order to
be able to set the timeout for connecting to the backend separately.
Apache Bug #45445. [Ruediger Pluem, rahul <rahul sun.com>]
- mod_dav_fs: Retrieve minimal system information about directory
entries when walking a DAV fs, resolving a performance degradation on
Windows. Apache Bug #45464. [Joe Orton, Jeff Trawick]
- mod_cgid: Pass along empty command line arguments from an ISINDEX
query that has consecutive '+' characters in the QUERY_STRING,
matching the behavior of mod_cgi.
[Eric Covener]
- mod_headers: Prevent Header edit from processing only the first header
of possibly multiple headers with the same name and deleting the
remaining ones. Apache Bug #45333. [Ruediger Pluem]
- mod_proxy_balancer: Move nonce field in the balancer manager page inside
the html form where it belongs. Apache Bug #45578. [Ruediger Pluem]
- mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
[Ruediger Pluem]
- mod_rewrite: Preserve the query string when [proxy,noescape].
Apache Bug #45247. [Tom Donovan]
pkgsrc related note:
The security fix for CVE-2008-2939 has already been integrated as patch
before this update.
Catalyst plugin to force the application to restart server processes
when they reach a configurable memory threshold. Memory checks are
performed every 'N' requests. This is intended as a band-aid to
deal with problems like memory leaks; it's here to buy you time to
find and solve the underlying issues.
ssl, as there is no reason for it to be package-specific.
Most visible changes:
- Switch from GTK1 to FLTK2
- Tabbed browsing
- Downloads and FTP now work (at the expense of a wget dependency)
== Ruby-GNOME2 0.18.1: 2008-10-23
This release is bug fix release of 0.18.0.
=== Changes
Ruby/GTK2:
* fix a bug that init function is deleted. [Kouhei Sutou]
This bundle defines all required modules for ParallelUserAgent.
ExtUtils::MakeMaker - should be in perl disribution
LWP::UserAgent - Base for Parallel::UserAgent
LWP::RobotUA - Base for Parallel::RobotUA
LWP::Protocol - Base Protocol implementations
LWP::Parallel - Parallel User Agent itself
Zope 2.11.2 (2008/10/24)
Bugs Fixed
* Ensure that response header values cannot embed CRLF pairs,
which violate the HTTP spec (RFC 2616).
* Launchpad #282677: fixed implementation of guarded_map and provided
tests and implementation for guarded_zip (RestrictedPython).
* updated to ZODB 3.8.1
* Lauchpad #143736,#271395: fixed AttributeError' on _ltid in TempStorage
* AccessControl.ZopeGuards.guarded_import mapped some Unauthorized
exceptions onto ImportErrors: don't do that! Also, removed mutable
defaults from argument list, improved tests.
* LP #281156: AccessControl.SecurityInfo.secureModule dropped
ModuleSecurity for failed imports, obscuring later attempts to import
the same broken module.
* DateTime conversion of datetime objects with non-pytz
tzinfo. Timezones() returns a copy of the timezone list (allows tests
to run). (Backport of r89373 from trunk).
* LP #253362: better dealing with malformed HTTP_ACCEPT_CHARSET headers
* integrated Hotfix-2008-08-12
* Launchpad #267545: DateTime(DateTime()) now preserves the correct hour
* Launchpad #262313: respect the Expand macros when editing flag when
editing a page template through the ZMI
Zope 2.10.7 (2008/10/24)
Bugs fixed
* Ensure that response header values cannot embed CRLF pairs,
which violate the HTTP spec (RFC 2616).
* Launchpad #282677: fixed implementation of guarded_map and
provided tests and implementation for guarded_zip
(RestrictedPython).
* Lauchpad #143736,#271395: fixed AttributeError' on _ltid in TempStorage
* AccessControl.ZopeGuards.guarded_import mapped some Unauthorized
exceptions onto ImportErrors: don't do that! Also, removed
mutable defaults from argument list, improved tests.
* LP #281156: AccessControl.SecurityInfo.secureModule dropped
ModuleSecurity for failed imports, obscuring later attempts to
import the same broken module.
* LP #142667: Updated to ZODB-3.7.3 to fix problem with product
auto-refresh.
* Updated to Five 1.5.8
* Launchpad #245649: the Products package is now a proper
"namespace package" under the rules specified by setuptools.
* Fixed outdated transaction.commit(1) call in
ZODBMountPoint.SimpleTrailblazer
* Launchpad #239636: Ensure that HEAD requests lock an empty body
for NotFound errors.
* Launchpad #229549: Don't ignore debug flag when rendering page
templates (thanks to Eric Steele for the patch).
* integrated Hotfix-2008-08-12
* Launchpad #267545: DateTime(DateTime()) now preserves the correct hour
* Launchpad #262313: respect the Expand macros when editing flag
when editing a page template through the ZMI
Zope 2.9.10 (2008/10/24)
Bugs fixed
* Ensure that response header values cannot embed CRLF pairs,
which violate the HTTP spec (RFC 2616).
* Launchpad #282677: fixed implementation of guarded_map and
provided tests and implementation for guarded_zip
(RestrictedPython).
* AccessControl.ZopeGuards.guarded_import mapped some Unauthorized
exceptions onto ImportErrors: don't do that! Also, removed
mutable defaults from argument list, improved tests.
* LP #281156: AccessControl.SecurityInfo.secureModule dropped
ModuleSecurity for failed imports, obscuring later attempts to
import the same broken module.
* LP #142667: Updated to ZODB-3.6.4 to fix problem with product
auto-refresh.
* Launchpad #267545: DateTime(DateTime()) now preserves the
correct hour
* Launchpad #245649: the Products package is now a proper
"namespace package" under the rules specified by setuptools.
* Launchpad #239636: Ensure that HEAD requests lock an empty body
for NotFound errors.
* Launchpad #234209: De-tabify ZPublisher/HTTPRequest.py
* integrated Hotfix-2008-08-12
2.24.1:
Bug fixes and translation updates.
====================================================
Epiphany 2.24.0.1
====================================================
In this release, the address entry has improved logic which should
result in faster autocompletion lookups.
Bug fixes:
* Crash when showing download notification bubble (bug #536768)
* Window title copied the status bar (bug #524587)
* Fix RDF import (bug #523414)
* Proxy password prompt missing with gecko 1.9 (bug #539417)
* Password manager doesn't remove passwords with gecko 1.9 (bug #539418)
* Printing scales incorrectly (bug #541168)
* do not activate the smart bookmark entry after middle-clicking paste
text into it. (bug #378165)
* Address entry fixes:
- substring suggestions (bug #151932)
- unicode support (bug #343906)
- diacritics in topic keywords (bug #328162)
- completion on history items titles (bug #534218)
Enhancements:
* Update lock icon to a tango style one (bug #547936)
* Documentation updates (bug #552436, #552555, #534744)
* Enable complete-download sound with libcanberra
* revert special handling of double click in the address entry (bug
#426349)
Contributors to this release:
Diego Escalante Urrelo, Sebastian Keller, Josselin Mouette, Mike Hommey,
Paul Drain, Cosimo Cecchi, Bruce Cowan, Lucas Lommer, Colin Walters,
Loïc Minier, Vincent Untz, Christian Persch, Reinout van Schouwen
Translators:
Jorge Gonzalez (es), Kjartan Maraas (nb), Khaled Hosny (ar), Ivar Smolin
(et), Sweta Kothari, Reinout van Schouwen (nl), Daniel Nylander (sv),
Yair Hershkovitz (he), icq, Lucas Lommer (cz), Duarte Loreto (pt), Gil
Forcada (ca), Takeshi AIHANA (ja), sprasad, Theppitak Karoonboonyanan
(th), ituohela (fi), Robert-André Mauchin (fr), grakic (sr@latin), Inaki
Larranaga Murgoitio (eu), pgeyleg (dz), Hendrik Richter (de), Nguyễn
Thái Ngọc Duy (vi), Funda Wang (zh_CN), Philip Withnall (en_GB), Claude
Peroz (fr), mateju, rranjan (hi), apravi, Sankarshan Mukhopadhyay,
Gintautas Miliauskas (lt), Baris Ciçek (tr), Gabor Kelemen (hu), ifelix,
sandeeps, kelemeng, cwryu (kr), Alexander Shopov (bg), tvainika (fi),
Nickolay V. Shmyrev (ru), Mugurel Tudor (ro), Ask H. Larsen (dk)
GtkHTML-3.24.1 2008-10-20
-------------------------
Bug Fixes:
#546155: Composer crash after pasting text and deleting parts of it (Milan Crha)
#548540: Spellchecker reports possessive plurals (e.g. "horses'") as misspelled (Matthew Barnes)
#554326: Critical warning when opening new composer and have preset a signature (Milan Crha)
#554424: Spellchecker breaks after enabling more languages (Matthew Barnes)
#554849: Unlocalized strings in Compose mail dialog (Takao Fujiwara)
#556239: Inline spell-check not redone after changing the language (Matthew Barnes)
Updated Translations:
Djihed Afifi (ar)
Pema Geyleg (dz)
Gil Forcada (ca)
Takeshi AIHANA (ja)
GtkHTML-3.24.0 2008-09-22
-------------------------
Bug Fixes:
#423395: Ensure cursor at the right position even when first time focusing to the widget (Milan Crha)
#549232: Revise the translator comments to reference GtkComboBox, from which the "popup-shown" property and associated descriptions are taken (Matthew Barnes)
Updated Translations:
Gintautas Miliauskas (lt)
Lucas Lommer (cs)
Ask H. Larsen (da)
Hendrik Richter (de)
Inaki Larrañaga Murgoitio (eu)
Ilkka Tuohela (fi)
Chao-Hsiung Liao (zh_HK, zh_TW)
Djihed Afifi (ar)
Gabor Kelemen (hu)
Sandeep Shedmake (mr)
Tirumurthi Vasudevan (ta)
Milo Casagrande (it)
Leonardo Ferreira Fontenelle (pt_BR)
Changwoo Ryu (ko)
Yavor Doganov (bg)
Ivar Smolin (et)
Shankar Prasad (kn)
Philip Withnall (en_GB)
Åsmund Skjæveland (nn)
Funda Wang (zh_CN)
GtkHTML-3.23.92 2008-09-08
--------------------------
Bug Fixes:
#516680: Remember focus object same as in other functions (Milan Crha)
Updated Translations:
Philip Withnall (en_GB)
Rodrigo Marques Flores (pt_BR)
Sweta Kothari (gu)
Daniel Nylander (sv)
GtkHTML-3.23.91 2008-09-01
--------------------------
Updated Translations:
Og Maciel (pt_BR)
Sweta Kothari (gu)
Shankar Prasad (kn)
Daniel Nylander (sv)
Lucas Hermann Negri (pt_BR)
Inaki Larranaga Murgoitio (eu)
Ivar Smolin (et)
GtkHTML-3.23.90 2008-08-16
--------------------------
Bug Fixes:
#540794: Sanitize HTMLENGINE by checking whether we have a HTMLEngine (Tobias Mueller)
#543318: Force the codeset to UTF-8 (Pascal Terjan)
Other Contributors:
Fix compiler warnings (Matthew Barnes)
Updated Translations:
Harivishnu (ml)
Takeshi AIHANA (ja)
Duarte Loreto (pt)
Ilkka Tuohela (fi)
Yair Hershkovitz (he)
Chao-Hsiung Liao (zh_HK)
Chao-Hsiung Liao (zh_TW)
Youssef Chahibi (ar)
GtkHTML-3.23.6 2008-08-04
--------------------------
Bug Fixes:
#545559: Respect Gnome settings regarding cursor blinking (Milan Crha)
Updated Translations:
Ivar Smolin (et)
Youssef Chahibi (ar)
Vladimir Melo (pt_BR)
Bruno Brouard (fr)
GtkHTML-3.23.5 2008-07-21
--------------------------
Bug Fixes:
#244888: Add accelerators for "justify-left" (Ctrl+L), "justify-center" (Ctrl+E) and "justify-right" (Ctrl+R). Change the "word-wrap" accelerator from Ctrl+L to Ctrl+Backslash (Matthew Barnes)
#408707: Implements the first of several suggested UI improvements in the bug (Matthew Barnes)
#423395: New API to let GtkHTML know where to place cursor on the first focus event, based on the anchor name (Milan Crha)
#446894: Use the widget style's font rather than a hardcoded font (Matthew Barnes)
#493783: Restore last scrollbar position when done with substreams (Milan Crha)
#538703: Delay loading of all dictionaries to improve performance (Wang Xin)
#539289: Don't use deprecated gtk type macros (Christian Persch)
#540342: Fix a security vulnerability (Milan Crha)
#540929: Stop expanding columns as soon as there were no columns expanded during the cycle (Milan Crha)
#542567: Correct the shortcuts for increasing and decreasing indents (B S Srinidhi)
Updated Translations:
Luca Ferretti (it)
Andre Klapper (de)
Ignacio Casal Quinteiro (gl)
Daniel Nylander (sv)
Matej Urbanči (sl)
Theppitak Karoonboonyanan (th)
Kjartan Maraas (nb)
Jorge Gonzalez (es)
Yannig Marchegay (oc)
GtkHTML-3.23.4 2008-06-16
--------------------------
Bug Fixes:
#533741: Don't insert BOM into UTF-8 text when copying to clipboard; filter it out when pasting from clipboard (Vaclav Slavik)
#536635: Allow gtkhtml to build with G_DISABLE_SINGLE_INCLUDES and GTK_DISABLE_SINGLE_INCLUDES defined (Matthew Barnes)
#537397: Fix a duplicate mnemonic (Matthew Barnes)
Updated Translations:
Ivar Smolin (et)
Theppitak Karoonboonyanan (th)
Khaled Hosny (ar)
Ignacio Casal Quinteiro (gl)
GtkHTML-3.23.3 2008-06-02
--------------------------
Bug Fixes:
#524338: Reverting the fix for bug #342659 which caused the fickering (Srinivasa Ragavan)
Updated Translations:
Máté Őry (hu)
Clytie Siddall (vi)
Khaled Hosny (ar)
GtkHTML-3.23.2 2008-05-12
--------------------------
Bug Fixes:
#525996: Look for data files in our own installation prefix, to make running local builds easier (Matthew Barnes)
Other Contributors:
Don't translate a bunch of useless widget labels. (Kjartan Maraas)
Updated Translations:
Yair Hershkovitz (he)
Kjartan Maraas (nb)
Jorge Gonzalez (es)
GtkHTML-3.23.1 2008-04-21
--------------------------
Bug Fixes:
#266206: Bunch of input method fixes (Owen Taylor, Matthew Barnes)
#339093: Skip ZOOM commands only when in non-editing mode and when not invoked by key bindings. (Milan Crha)
#458369: Merge two similar translated strings. (Matthew Barnes)
#483745: Add tooltip for text color combo. (Milan Crha)
#512046: Gtkhtml freezes when backward searching in e-mail editing window (Takao Fujiwara)
#520711: Fix runtime critical warnings (Milan Crha)
#525977: Add a --with-glade-catalog option for installing Glade 3 catalog files (for maintainers only). Defaults to 'no'. (Matthew Barnes)
#526152: Defer management of spell check languages and color to the editor component. (Matthew Barnes)
Updated Translations:
Kjartan Maraas (nb)
Jorge Gonzalez (es)
Eskild Hustvedt (nn)
After some feedback from Roy Marples set up the package so it's easier
to get drupal to run under other web servers than apache. As the
default web server, apache will remain. Users can disable it using
the options.mk framework.
Rename APACHE_* variables to WWW_* and set some sane defaults.
