Upstream changes:
4.73 2014-02-01
- Improved xml_escape performance significantly.
- Improved html_unescape and url_unescape performance.
- Fixed Mojo::UserAgent::Transactor to handle redirects more like most
common browsers.
4.72 2014-01-29
- Added accepts, template_for and template_handler methods to
Mojolicious::Renderer.
- Added accepts helper to Mojolicious::Plugin::DefaultHelpers.
- Added before_render hook.
- Fixed bug in Mojo::Transaction::WebSocket that prevented decompression
errors from being handled gracefully.
4.71 2014-01-28
- Fixed a few compression bugs in Mojo::Transaction::WebSocket and
Mojo::Content.
4.70 2014-01-26
- Added extract_usage method to Mojolicious::Command.
- Added unindent method to Mojo::ByteStream.
- Added unindent function to Mojo::Util.
- Updated jQuery to version 2.1.
- Improved all built-in commands to show usage information in their SYNOPSIS
sections.
- Improved tag helpers to make data attributes more convenient. (ravengerUA)
%= tag 'div', data => {my_id => 1, Name => 'test'} => 'some content'
is equivalent to
%= tag 'div', data-my-id => 1, data-name => 'test' => 'some content'
- Fixed indentation of code in documentation browser.
4.69 2014-01-24
- Improved router to allow format detection for bridges.
4.68 2014-01-22
- Added Mojo::DOM::Node.
- Added contents and node methods to Mojo::DOM.
- Removed deprecated http_proxy, https_proxy, name and no_proxy attributes
from Mojo::UserAgent.
- Removed deprecated app, app_url, detect_proxy and need_proxy methods from
Mojo::UserAgent.
- Improved router to allow placeholders anywhere in a pattern to become
optional.
"get '/foo/:bar/baz' => {bar => 'bar'};" now matches "/foo/baz"
"get '/foo(:bar)baz' => {bar => 'bar'};" now matches "/foobaz"
- Improved request_ok method in Test::Mojo to handle WebSocket handshakes.
- Improved Mojo::IOLoop::Server to use address and port for descriptor
inheritance.
- Improved list of available commands to be alphabetical. (jberger)
- Fixed select_field helper to be nondestructive.
- Fixed XML semantics bug in Mojo::DOM::HTML.
4.67 2014-01-11
- Added history and max_history_size attributes to Mojo::Log.
- Improved exception and not found pages with log messages.
- Improved exception page with more information.
- Improved not found page with a more generic message.
- Improved inline templates to use their checksum as name.
New features:
- Add command line option -version
- Better error management of geoip modules.
- Update domains, robots and search engines database:
- Windows 8 + iOS Support in AWStats
- Detection of 8.1 and IE11.
Fixes:
- When using builddate option of script awstats_buildstaticpages,
static link is wrong.
- Restore detection of Opera browsers versions.
- GeoIP Cities page doesnt work.
- Add missing icons.
- Avoid warning mixed http/https with module graphgooglechartapi.
- $MinHit{'Host'} rather than $MinHit{'Login'} used in sub HTMLShowLogins.
Other:
- Move version system to sourceforge Git instead of CVS.
imap/pop3/smtp: Added support for SASL authentication downgrades
imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
TheArtOfHttpScripting: major update, converted layout and more
mprintf: Added support for I, I32 and I64 size specifiers
makefile: Added support for VC7, VC11 and VC12
Bugfixes:
SECURITY ADVISORY: re-use of wrong HTTP NTLM connection
curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
pop3: Fixed APOP being determined by CAPA response rather than by timestamp
Curl_pp_readresp: zero terminate line
FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
pop3: Fixed auth preference not being honored when CAPA not supported
imap: Fixed auth preference not being honored when CAPABILITY not supported
threaded resolver: Use pthread_t * for curl_thread_t
FILE: we don't support paused transfers using this protocol
connect: Try all addresses in first connection attempt
curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
OpenSSL: Fix forcing SSLv3 connections
openssl: allow explicit sslv2 selection
FTP parselist: fix "total" parser
conncache: fix possible dereference of null pointer
multi.c: fix possible dereference of null pointer
mk-ca-bundle: introduces -d and warns about using this script
ConnectionExists: fix NTLM check for new connection
trynextip: fix build for non-IPV6 capable systems
Curl_updateconninfo: don't do anything for UDP "connections"
darwinssl: un-break Leopard build after PKCS-12 change
threaded-resolver: never use NULL hints with getaddrinf
multi_socket: remind app if timeout didn't run
OpenSSL: deselect weak ciphers by default
error message: Sensible message on timeout when transfer size unknown
curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
configure: fix gssapi linking on HP-UX
chunked-parser: abort on overflows, allow 64 bit chunks
chunked parsing: relax the CR strictness
cookie: max-age fixes
progress bar: always update when at 100%
progress bar: increase update frequency to 10Hz
tool: Fixed incorrect return code if command line parser runs out of memory
tool: Fixed incorrect return code if password prompting runs out of memory
HTTP POST: omit Content-Length if data size is unknown
GnuTLS: disable insecure ciphers
GnuTLS: honor --slv2 and the --tlsv1[.N] switches
multi: Fixed a memory leak on OOM condition
netrc: Fixed a memory and file descriptor leak on OOM
getpass: fix password parsing from console
TFTP: fix crash on time-out
hostip: don't remove DNS entries that are in use
tests: lots of tests fixed to pass the OOM torture tests
GoAccess is an open source real-time web log analyzer and interactive
viewer that runs in a terminal in *nix systems. It provides fast and
valuable HTTP statistics for system administrators that require a visual
server report on the fly.
What's new in Tornado 3.2
=========================
Jan 14, 2014
------------
Installation
~~~~~~~~~~
* Tornado now depends on the `backports.ssl_match_hostname
<https://pypi.python.org/pypi/backports.ssl_match_hostname>`_ when
running on Python 2. This will be installed automatically when using ``pip``
or ``easy_install``
* Tornado now includes an optional C extension module, which greatly improves
performance of websockets. This extension will be built automatically
if a C compiler is found at install time.
New modules
~~~~~~~~~
* The `tornado.platform.asyncio` module provides integration with the
``asyncio`` module introduced in Python 3.4 (also available for Python
3.3 with ``pip install asyncio``).
`tornado.auth`
~~~~~~~~~~~~
* Added `.GoogleOAuth2Mixin` support authentication to Google services
with OAuth 2 instead of OpenID and OAuth 1.
* `.FacebookGraphMixin` has been updated to use the current Facebook login
URL, which saves a redirect.
`tornado.concurrent`
~~~~~~~~~~~~~~~~~~
* `.TracebackFuture` now accepts a ``timeout`` keyword argument (although
it is still incorrect to use a non-zero timeout in non-blocking code).
``tornado.curl_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~
* ``tornado.curl_httpclient`` now works on Python 3 with the
soon-to-be-released pycurl 7.19.3, which will officially support
Python 3 for the first time. Note that there are some unofficial
Python 3 ports of pycurl (Ubuntu has included one for its past
several releases); these are not supported for use with Tornado.
`tornado.escape`
~~~~~~~~~~~~~~
* `.xhtml_escape` now escapes apostrophes as well.
* `tornado.escape.utf8`, `.to_unicode`, and `.native_str` now raise
`TypeError` instead of `AssertionError` when given an invalid value.
`tornado.gen`
~~~~~~~~~~~
* Coroutines may now yield dicts in addition to lists to wait for
multiple tasks in parallel.
* Improved performance of `tornado.gen` when yielding a `.Future` that is
already done.
`tornado.httpclient`
~~~~~~~~~~~~~~~~~~
* `tornado.httpclient.HTTPRequest` now uses property setters so that
setting attributes after construction applies the same conversions
as ``__init__`` (e.g. converting the body attribute to bytes).
`tornado.httpserver`
~~~~~~~~~~~~~~~~~~
* Malformed ``x-www-form-urlencoded`` request bodies will now log a warning
and continue instead of causing the request to fail (similar to the existing
handling of malformed ``multipart/form-data`` bodies. This is done mainly
because some libraries send this content type by default even when the data
is not form-encoded.
* Fix some error messages for unix sockets (and other non-IP sockets)
`tornado.ioloop`
~~~~~~~~~~~~~~
* `.IOLoop` now uses `~.IOLoop.handle_callback_exception` consistently for
error logging.
* `.IOLoop` now frees callback objects earlier, reducing memory usage
while idle.
* `.IOLoop` will no longer call `logging.basicConfig` if there is a handler
defined for the root logger or for the ``tornado`` or ``tornado.application``
loggers (previously it only looked at the root logger).
`tornado.iostream`
~~~~~~~~~~~~~~~~
* `.IOStream` now recognizes ``ECONNABORTED`` error codes in more places
(which was mainly an issue on Windows).
* `.IOStream` now frees memory earlier if a connection is closed while
there is data in the write buffer.
* `.PipeIOStream` now handles ``EAGAIN`` error codes correctly.
* `.SSLIOStream` now initiates the SSL handshake automatically without
waiting for the application to try and read or write to the connection.
* Swallow a spurious exception from ``set_nodelay`` when a connection
has been reset.
`tornado.locale`
~~~~~~~~~~~~~~
* `.Locale.format_date` no longer forces the use of absolute
dates in Russian.
`tornado.log`
~~~~~~~~~~~
* Fix an error from `tornado.log.enable_pretty_logging` when
`sys.stderr` does not have an ``isatty`` method.
* `tornado.log.LogFormatter` now accepts keyword arguments ``fmt``
and ``datefmt``.
`tornado.netutil`
~~~~~~~~~~~~~~~
* `.is_valid_ip` (and therefore ``HTTPRequest.remote_ip``) now rejects
empty strings.
* Synchronously using `.ThreadedResolver` at import time to resolve
a unicode hostname no longer deadlocks.
`tornado.platform.twisted`
~~~~~~~~~~~~~~~~~~~~~~~~
* `.TwistedResolver` now has better error handling.
`tornado.process`
~~~~~~~~~~~~~~~
* `.Subprocess` no longer leaks file descriptors if `subprocess.Popen` fails.
``tornado.simple_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``simple_httpclient`` now applies the ``connect_timeout`` to requests
that are queued and have not yet started.
* On Python 2.6, ``simple_httpclient`` now uses TLSv1 instead of SSLv3.
* ``simple_httpclient`` now enforces the connect timeout during DNS resolution.
* The embedded ``ca-certificates.crt`` file has been updated with the current
Mozilla CA list.
`tornado.web`
~~~~~~~~~~~
* `.StaticFileHandler` no longer fails if the client requests a ``Range`` that
is larger than the entire file (Facebook has a crawler that does this).
* `.RequestHandler.on_connection_close` now works correctly on subsequent
requests of a keep-alive connection.
* New application setting ``default_handler_class`` can be used to easily
set up custom 404 pages.
* New application settings ``autoreload``, ``compiled_template_cache``,
``static_hash_cache``, and ``serve_traceback`` can be used to control
individual aspects of debug mode.
* New methods `.RequestHandler.get_query_argument` and
`.RequestHandler.get_body_argument` and new attributes
`.HTTPRequest.query_arguments` and `.HTTPRequest.body_arguments` allow access
to arguments without intermingling those from the query string with those
from the request body.
* `.RequestHandler.decode_argument` and related methods now raise
an ``HTTPError(400)`` instead of `UnicodeDecodeError` when the
argument could not be decoded.
* `.RequestHandler.clear_all_cookies` now accepts ``domain`` and ``path``
arguments, just like `~.RequestHandler.clear_cookie`.
* It is now possible to specify handlers by name when using the `.URLSpec`
class.
* `.Application` now accepts 4-tuples to specify the ``name`` parameter
(which previously required constructing a `.URLSpec` object instead of
a tuple).
* Fixed an incorrect error message when handler methods return a value
other than None or a Future.
* Exceptions will no longer be logged twice when using both ``@asynchronous``
and ``@gen.coroutine``
`tornado.websocket`
~~~~~~~~~~~~~~~~~
* `.WebSocketHandler.write_message` now raises `.WebSocketClosedError` instead
of `AttributeError` when the connection has been closed.
* `.websocket_connect` now accepts preconstructed ``HTTPRequest`` objects.
* Fix a bug with `.WebSocketHandler` when used with some proxies that
unconditionally modify the ``Connection`` header.
* `.websocket_connect` now returns an error immediately for refused connections
instead of waiting for the timeout.
* `.WebSocketClientConnection` now has a ``close`` method.
`tornado.wsgi`
~~~~~~~~~~~~
* `.WSGIContainer` now calls the iterable's ``close()`` method even if
an error is raised, in compliance with the spec.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Changes:
Introduces a new, modern admin design
* A fresh, uncluttered design
* Clean typography with Open Sans
* Superior contrast and large, comfortable type
* Responsive interfaces throughout
* Refined, theme management
* Smoother, click-to-add widget management
New Default Theme - Twenty Fourteen
* Easily create a responsive magazine website with a sleek, modern design.
* Feature your favorite homepage content in either a grid or a slider.
* Use the three widget areas to customize your website, and change your
content's layout with a full-width page template and a contributor page to show
off your authors.
For Developers
* External Libraries have been updated.
* Better RTL support
More info on http://codex.wordpress.org/Version_3.8
Changes:
uWSGI 2.0
Changelog [20131230] Important changes
Dynamic options have been definitely removed as well as the
broken_plugins directory Bugfixes and improvements
improved log rotation do not rely on unix signals to print
request status during harakiri added magic vars for uid and
gid various Lua fixes a tons of coverity-governed bugfixes made
by Riccardo Magliocchetti
New features --attach-daemon2
this is a keyval based option for configuring external daemons.
Updated docs are: :doc:`AttachingDaemons` Linux setns() support
One of the biggest improvements in uWSGI 1.9-2.0 has been the total
support for Linux namespaces.
This last patch adds support for the setns() syscall.
This syscall allows a process to "attach" to a running namespace.
uWSGI instances can exposes their namespaces file descriptors
(basically they are the files in /proc/self/ns) via a unix socket.
External instances connects to that unix socket and automatically
enters the mapped namespace.
to spawn an instance in "namespace server mode", you use the
--setns-socket <addr> option
uwsgi --setns-socket /var/run/ns.socket --unshare net,ipc,uts ...
to attach you simply use --setns <addr>
uwsgi --setns /var/run/ns.socket ...
Updated docs: :doc:`Namespaces` "private" hooks
When uWSGI runs your hooks, it verbosely print the whole hook action
line. This could be a security problem in some scenario (for example
when you run initial phases as root user but allows unprivileged
access to logs).
Prefixing your action with a '!' will suppress full logging:
[uwsgi] hook-asap = !exec:my_secret_command
Support for yajl library (JSON parser)
Til now uWSGI only supported jansson as the json parser required
for managing .js config files.
You can now use the yajl library (available in centos) as alternative
JSON parser (will be automatically detected) Perl spooler support
The perl/PSGI plugin can now be used as a spooler server:
uwsgi::spooler(sub {
my $args = shift; print Dumper($args); return -2; });
The client part is still missing as we need to fix some internal
api problem.
Expect it in 2.0.1 ;) Gateways can drop privileges
Gateways (like http router, sslrouter, rawrouter, forkptyrouter
...) can now drop privileges independently by the master.
Currently only the http/https/spdy router exposes the new option
(--http-uid/--http-gid) Subscriptions-governed SNI contexts
The subscription subsystem now supports 3 additional keys (you can
set them with the --subscribe2 option):
sni_key
sni_cert
sni_ca
all of the takes a path to the relevant ssl files.
* [mod_auth] explicitly link ssl for SHA1 (fixes 2517)
* [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes 2515, thx mm)
* [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes 2525, CVE-2013-4508)
* [doc] update ssl.cipher-list recommendation
* [stat-cache] FAM: fix use after free (CVE-2013-4560)
* [stat-cache] fix FAM cleanup/fdevent handling
* [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
* [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
* maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
* [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes 2526)
* [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes 2533)
* [mod_mysql_vhost] fix memory leak on config init (2530)
* [mod_webdav] fix fd leak found with parfait (fixes 2530, thx kukackajiri)
the fastest and most widely support way to get Perfect Forward Secrecy
with modern web browsers if your server uses an RSA key.
Bump package revision because of this change.
Sort PLIST. Add new files.
Trac 1.0.1 (February 1, 2013)
http://svn.edgewall.org/repos/trac/tags/trac-1.0.1
- Fix zip source download for large directories in Subversion repositories
- Performance improvement for the Roadmap, by caching milestone properties
- Added a ''select all'' checkbox to table of components for each plugin on
the Plugins admin panel
- Restore the ''Modify'' link at the top of the ticket page, as it was in
Trac 0.12
- `ListOption` keeps values other than empty string and None in raw list
as default
- Prevent possibility of multiple identical info or warning messages being
presented to the user
- The BatchModify select-all checkboxes are toggled with tri-state behavior
when the ticket checkboxes are toggled
- Update the ticket changetime to the current time when deleting a ticket
comment
- ... and quite more! In particular, see also the changes for 0.12.5
which are also integrated and new since 1.0
Trac 0.12.5 (January 15, 2013)
http://svn.edgewall.org/repos/trac/tags/trac-0.12.5
Trac 0.12.5 is a maintenance release and contains
a few interesting fixes:
- upload of .mht files (MHTML web page archive files) now works
(#9880)
- more robust parsing of attachment URLs (#10280) and uploaded
file names (#10850)
- lots of improvement to the date formatting code, which is now
much more robust when timezone and daylight saving time
computations are involved (#10768, #10863, #10864, #10912, #10920)
- no longer generate invalid JSON encoded data with Python 2.4 and
2.5 (#10877)
- ... and a few more!
Version 3.2.4 (2014-01-20)
--------------------------
### Fixed
Updated the Russian translation of the TinyMCE "typolinks" plugins (see #6224).
### Fixed
Do not create multiple stylect layers upon Ajax changes.
### Fixed
Some DCAs were missing the "rem" unit (see #6634).
### Fixed
Correctly trim the SQL statements in the `Database` class (see #6623).
### Fixed
Fix some broken back end icons (see #6214).
### Fixed
Show a hint in the news archive menu if there are no items (see #5888).
### Fixed
Prevent the back end tool tips from exceeding the screen width (see #6639).
### Fixed
Support the Google+ vanity name in addition to the numeric ID (see #6454).
### Fixed
Correctly detect Android tablets in the `Environment` class (see #5869).
### Fixed
Correctly resolve the module dependencies (see #6606).
### Fixed
Correctly unset the PHP session cookie depending on its parameters.
### Fixed
Fixed the XHTML variant of the comments form (see #5675).
### Fixed
Correctly assign articles to columns (see #6595).
### Fixed
Correctly merge the CSS classes in the `Hybrid` class (see #6601).
Version 1.9.7:
SECURITY HINT: make sure you have allow_xslt = False (or just do not use
allow_xslt at all in your wiki configs, False is the internal default).
Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
New features:
* passlib support - enhanced password hash security. Special thanks go to
the Python Software Foundation (PSF) for sponsoring development of this!
Docs for passlib: http://packages.python.org/passlib/
If cfg.passlib_support is True (default), we try to import passlib and set
it up using the configuration given in cfg.passlib_crypt_context (default
is to use sha512_crypt with default configuration from passlib).
The passlib docs recommend 3 hashing schemes that have good security, but
some of them have additional requirements:
sha512_crypt needs passlib >= 1.3.0, no other requirements.
pbkdf2_sha512 needs passlib >= 1.4.0, no other requirements.
bcrypt has additional binary/compiled package requirements, please refer to
the passlib docs.
cfg.password_scheme should be '{PASSLIB}' (default) to tell that passlib is
wanted for new password hash creation and also for upgrading existing
password hashes.
For the moin code as distributed in our download release archive, passlib
support should just work, as we have passlib 1.6.1 bundled with MoinMoin
as MoinMoin/support/passlib. If you use some other moin package, please
first check if you have moin AND passlib installed (and also find out the
passlib version you have installed).
If you do NOT want to (not recommended!) or can't use (still using python
2.4?) passlib, you can disable it your wiki config:
passlib_support = False # do not import passlib
password_scheme = '{SSHA}' # use best builtin hash (like moin < 1.9.7)
Please note that after you have used moin with passlib support and have user
profiles with passlib hashes, you can't just switch off passlib support,
because if you did, moin would not be able to log in users with passlib
password hashes. Password recovery would still work, though.
password_scheme always gives the password scheme that is wanted for new or
recomputed password hashes. The code is able to upgrade and downgrade hashes
at login time and also when setting / resetting passwords for one or all
users (via the wiki web interface or via moin account resetpw script
command).
So, if you want that everybody uses strong, passlib-created hashes,
resetting the passwords for all users is strongly recommended:
First have passlib support switched on (it is on by default), use
password_scheme = '{PASSLIB}' (also default), then reset all passwords.
Same procedure can be used to go back to weaker builtin hashes (not
recommended): First switch off passlib support, use password_scheme =
'{SSHA}', then reset all passwords.
Wiki farm admins sharing the same user_dir between multiple wikis must use
consistent password hashing / passlib configuration settings for all wikis
sharing the same user_dir. Using the builtin defaults or doing the
configuration in farmconfig.py is recommended.
Admins are advised to read the passlib docs (especially when experiencing
too slow logins or when running old passlib versions which may not have
appropriate defaults for nowadays):
http://packages.python.org/passlib/new_app_quickstart.html#choosing-a-hashhttp://packages.python.org/passlib/password_hash_api.html#choosing-the-right-rounds-value
* Password mass reset/invalidation support, see docs/resetpw/.
This is useful to make sure everybody sets a new password and moin computes
the password hash using the current configuration.
* Customizable default password checker:
Moin's default password checker used and still uses min_length=6 (minimum pw
length) and min_different=4 (minimum count of different chars in the password).
If you feel that you need to require better passwords from your users, you
can customize it now like that in your wiki config:
password_checker = lambda cfg, request, name, pw: multiconfig._default_password_checker(cfg, request, name, pw, min_length=10, min_different=7)
* Removing/disabling inactive users (moin ... account inactive)
Many wikis have a lot of inactive users, that never ever made a single edit.
See help of the command for more details, be careful.
* SystemAdmin user browser: show disabled user accounts at the bottom of
the list
* At startup, announce moin version and code path in log output (makes
support and debugging easier).
* AttachList: introduced search_term parameter (optional) for listing
attachments filtered by a regular expression on their name.
* sign release archive using GnuPG with the key of tw@waldmann-edv.de
ID 31A6CB60 (main key ID FAF7B393)
Fixes:
* logging: if the logging config file can't be read, give a helpful error msg
* logging: use info loglevel (not warning) for telling about using the builtin
default logging config
* moin script commands: warn if someone gave ... to the moin script, avoids a
strange and unhelpful 'empty module name' error message
* reorder html input fields in recoverpass form, to help browsers remember
the user name and password (not erroneously the recovery token and password)
* don't try to send password recovery email to user if email address in
user profile is empty
* cache action: fix 304 http status
* rst parser: fix safe_import for level param in __import__ call of docutils 0.10
* moin maint cleancache: also kill the i18n cache 'meta' pickle file
* sendmail: catch unicode errors when E-Mail addr has non-ascii chars
* redirect last visited: if last visited page is on same wiki, use a local
redirect, do not compute via interwiki map (fixes https: usage)
Added missing include for download(1) with WebKit (as by default).
Reported by Joerg Sonnenberger of NetBSD, thanks!
Fixes building the package, no version bump required AFAICS.
= 4.3.2 (20131002) =
* Fixed a bug in which short Unicode input was improperly encoded to
ASCII when checking whether or not it was the name of a file on
disk. [bug=1227016]
* Fixed a crash when a short input contains data not valid in
filenames. [bug=1232604]
* Fixed a bug that caused Unicode data put into UnicodeDammit to
return None instead of the original data. [bug=1214983]
* Combined two tests to stop a spurious test failure when tests are
run by nosetests. [bug=1212445]
= 4.3.1 (20130815) =
* Fixed yet another problem with the html5lib tree builder, caused by
html5lib's tendency to rearrange the tree during
parsing. [bug=1189267]
* Fixed a bug that caused the optimized version of find_all() to
return nothing. [bug=1212655]
= 4.3.0 (20130812) =
* Instead of converting incoming data to Unicode and feeding it to the
lxml tree builder in chunks, Beautiful Soup now makes successive
guesses at the encoding of the incoming data, and tells lxml to
parse the data as that encoding. Giving lxml more control over the
parsing process improves performance and avoids a number of bugs and
issues with the lxml parser which had previously required elaborate
workarounds:
- An issue in which lxml refuses to parse Unicode strings on some
systems. [bug=1180527]
- A returning bug that truncated documents longer than a (very
small) size. [bug=963880]
- A returning bug in which extra spaces were added to a document if
the document defined a charset other than UTF-8. [bug=972466]
This required a major overhaul of the tree builder architecture. If
you wrote your own tree builder and didn't tell me, you'll need to
modify your prepare_markup() method.
* The UnicodeDammit code that makes guesses at encodings has been
split into its own class, EncodingDetector. A lot of apparently
redundant code has been removed from Unicode, Dammit, and some
undocumented features have also been removed.
* Beautiful Soup will issue a warning if instead of markup you pass it
a URL or the name of a file on disk (a common beginner's mistake).
* A number of optimizations improve the performance of the lxml tree
builder by about 33%, the html.parser tree builder by about 20%, and
the html5lib tree builder by about 15%.
* All find_all calls should now return a ResultSet object. Patch by
Aaron DeVore. [bug=1194034]
= 4.2.1 (20130531) =
* The default XML formatter will now replace ampersands even if they
appear to be part of entities. That is, "<" will become
"&lt;". The old code was left over from Beautiful Soup 3, which
didn't always turn entities into Unicode characters.
If you really want the old behavior (maybe because you add new
strings to the tree, those strings include entities, and you want
the formatter to leave them alone on output), it can be found in
EntitySubstitution.substitute_xml_containing_entities(). [bug=1182183]
* Gave new_string() the ability to create subclasses of
NavigableString. [bug=1181986]
* Fixed another bug by which the html5lib tree builder could create a
disconnected tree. [bug=1182089]
* The .previous_element of a BeautifulSoup object is now always None,
not the last element to be parsed. [bug=1182089]
* Fixed test failures when lxml is not installed. [bug=1181589]
* html5lib now supports Python 3. Fixed some Python 2-specific
code in the html5lib test suite. [bug=1181624]
* The html.parser treebuilder can now handle numeric attributes in
text when the hexidecimal name of the attribute starts with a
capital X. Patch by Tim Shirley. [bug=1186242]
= 4.2.0 (20130514) =
* The Tag.select() method now supports a much wider variety of CSS
selectors.
- Added support for the adjacent sibling combinator (+) and the
general sibling combinator (~). Tests by "liquider". [bug=1082144]
- The combinators (>, +, and ~) can now combine with any supported
selector, not just one that selects based on tag name.
- Added limited support for the "nth-of-type" pseudo-class. Code
by Sven Slootweg. [bug=1109952]
* The BeautifulSoup class is now aliased to "_s" and "_soup", making
it quicker to type the import statement in an interactive session:
from bs4 import _s
or
from bs4 import _soup
The alias may change in the future, so don't use this in code you're
going to run more than once.
* Added the 'diagnose' submodule, which includes several useful
functions for reporting problems and doing tech support.
- diagnose(data) tries the given markup on every installed parser,
reporting exceptions and displaying successes. If a parser is not
installed, diagnose() mentions this fact.
- lxml_trace(data, html=True) runs the given markup through lxml's
XML parser or HTML parser, and prints out the parser events as
they happen. This helps you quickly determine whether a given
problem occurs in lxml code or Beautiful Soup code.
- htmlparser_trace(data) is the same thing, but for Python's
built-in HTMLParser class.
* In an HTML document, the contents of a <script> or <style> tag will
no longer undergo entity substitution by default. XML documents work
the same way they did before. [bug=1085953]
* Methods like get_text() and properties like .strings now only give
you strings that are visible in the document--no comments or
processing commands. [bug=1050164]
* The prettify() method now leaves the contents of <pre> tags
alone. [bug=1095654]
* Fix a bug in the html5lib treebuilder which sometimes created
disconnected trees. [bug=1039527]
* Fix a bug in the lxml treebuilder which crashed when a tag included
an attribute from the predefined "xml:" namespace. [bug=1065617]
* Fix a bug by which keyword arguments to find_parent() were not
being passed on. [bug=1126734]
* Stop a crash when unwisely messing with a tag that's been
decomposed. [bug=1097699]
* Now that lxml's segfault on invalid doctype has been fixed, fixed a
corresponding problem on the Beautiful Soup end that was previously
invisible. [bug=984936]
* Fixed an exception when an overspecified CSS selector didn't match
anything. Code by Stefaan Lippens. [bug=1168167]
= 4.1.3 (20120820) =
* Skipped a test under Python 2.6 and Python 3.1 to avoid a spurious
test failure caused by the lousy HTMLParser in those
versions. [bug=1038503]
* Raise a more specific error (FeatureNotFound) when a requested
parser or parser feature is not installed. Raise NotImplementedError
instead of ValueError when the user calls insert_before() or
insert_after() on the BeautifulSoup object itself. Patch by Aaron
Devore. [bug=1038301]
= 4.1.2 (20120817) =
* As per PEP-8, allow searching by CSS class using the 'class_'
keyword argument. [bug=1037624]
* Display namespace prefixes for namespaced attribute names, instead of
the fully-qualified names given by the lxml parser. [bug=1037597]
* Fixed a crash on encoding when an attribute name contained
non-ASCII characters.
* When sniffing encodings, if the cchardet library is installed,
Beautiful Soup uses it instead of chardet. cchardet is much
faster. [bug=1020748]
* Use logging.warning() instead of warning.warn() to notify the user
that characters were replaced with REPLACEMENT
CHARACTER. [bug=1013862]
= 4.1.1 (20120703) =
* Fixed an html5lib tree builder crash which happened when html5lib
moved a tag with a multivalued attribute from one part of the tree
to another. [bug=1019603]
* Correctly display closing tags with an XML namespace declared. Patch
by Andreas Kostyrka. [bug=1019635]
* Fixed a typo that made parsing significantly slower than it should
have been, and also waited too long to close tags with XML
namespaces. [bug=1020268]
* get_text() now returns an empty Unicode string if there is no text,
rather than an empty bytestring. [bug=1020387]
= 4.1.0 (20120529) =
* Added experimental support for fixing Windows-1252 characters
embedded in UTF-8 documents. (UnicodeDammit.detwingle())
* Fixed the handling of " with the built-in parser. [bug=993871]
* Comments, processing instructions, document type declarations, and
markup declarations are now treated as preformatted strings, the way
CData blocks are. [bug=1001025]
* Fixed a bug with the lxml treebuilder that prevented the user from
adding attributes to a tag that didn't originally have
attributes. [bug=1002378] Thanks to Oliver Beattie for the patch.
* Fixed some edge-case bugs having to do with inserting an element
into a tag it's already inside, and replacing one of a tag's
children with another. [bug=997529]
* Added the ability to search for attribute values specified in UTF-8. [bug=1003974]
This caused a major refactoring of the search code. All the tests
pass, but it's possible that some searches will behave differently.
Version 1.4
-----------
- Update linkify to use etree type Treeewalker instead of simpletree.
- Updated html5lib to version >= 0.999.
- Update all code to be compatible with Python 3 and 2 using six.
- Switch to Apache License.
Version 1.3
-----------
- Used by Python 3-only fork.
Version 1.2.2
-------------
- Pin html5lib to version 0.95 for now due to major API break.
Version 1.2.1
-------------
- clean() no longer considers "feed:" an acceptable protocol due to
inconsistencies in browser behavior.
Version 1.2
-----------
- linkify() has changed considerably. Many keyword arguments have been
replaced with a single callbacks list. Please see the documentation
for more information.
- Bleach will no longer consider unacceptable protocols when linkifying.
- linkify() now takes a tokenizer argument that allows it to skip
sanitization.
- delinkify() is gone.
- Removed exception handling from _render. clean() and linkify() may now
throw.
- linkify() correctly ignores case for protocols and domain names.
- linkify() correctly handles markup within an <a> tag.
Version 7.19.3 [requires libcurl-7.19.0 or better] - 2014-01-09
---------------------------------------------------------------
* Added CURLOPT_NOPROXY.
* Added CURLINFO_LOCAL_PORT, CURLINFO_PRIMARY_PORT and
CURLINFO_LOCAL_IP (patch by Adam Jacob Muller).
* When running on Python 2.x, for compatibility with Python 3.x,
Unicode strings containing ASCII code points only are now accepted
in setopt() calls.
* PycURL now requires that compile time SSL backend used by libcurl
is the same as the one used at runtime. setup.py supports
--with-ssl, --with-gnutls and --with-nss options like libcurl does,
to specify which backend libcurl uses. On some systems PycURL can
automatically figure out libcurl's backend.
If the backend is not one for which PycURL provides crypto locks
(i.e., any of the other backends supported by libcurl),
no runtime SSL backend check is performed.
* Default PycURL user agent string is now built at runtime, and will
include the user agent string of libcurl loaded at runtime rather
than the one present at compile time.
* PycURL will now use WSAduplicateSocket rather than dup on Windows
to duplicate sockets obtained from OPENSOCKETFUNCTION.
Using dup may have caused crashes, OPENSOCKETFUNCTION should
now be usable on Windows.
* A new script, winbuild.py, was added to build PycURL on Windows
against Python 2.6, 2.7, 3.2 and 3.3.
* Added CURL_LOCK_DATA_SSL_SESSION (patch by Tom Pierce).
* Added E_OPERATION_TIMEDOUT (patch by Romuald Brunet).
* setup.py now handles --help argument and will print PycURL-specific
configuration options in addition to distutils help.
* Windows build configuration has been redone:
PYCURL_USE_LIBCURL_DLL #define is gone, use --use-libcurl-dll
argument to setup.py to build against a libcurl DLL.
CURL_STATICLIB is now #defined only when --use-libcurl-dll is not
given to setup.py, and PycURL is built against libcurl statically.
--libcurl-lib-name option can be used to override libcurl import
library name.
* Added CURLAUTH_DIGEST_IE as pycurl.HTTPAUTH_DIGEST_IE.
* Added CURLOPT_POSTREDIR option and CURL_REDIR_POST_301,
CURL_REDIR_POST_302, CURL_REDIR_POST_303 and CURL_REDIR_POST_ALL
constants. CURL_REDIR_POST_303 requires libcurl 7.26.0 or higher,
all others require libcurl 7.19.1 or higher.
* PycURL now supports Python 3.1 through 3.3. Python 3.0 might
work but it appears to ship with broken distutils, making virtualenv
not function on it.
* PycURL multi objects now have the multi constants defined on them.
Previously the constants were only available on pycurl module.
The new behavior matches that of curl and share objects.
* PycURL share objects can now be closed via the close() method.
* PycURL will no longer call `curl-config --static-libs` if
`curl-config --libs` succeeds and returns output.
Systems on which neither `curl-config --libs` nor
`curl-config --static-libs` do the right thing should provide
a `curl-config` wrapper that is sane.
* Added CURLFORM_BUFFER and CURLFORM_BUFFERPTR.
* pycurl.version and user agent string now include both
PycURL version and libcurl version as separate items.
* Added CURLOPT_DNS_SERVERS.
* PycURL can now be dynamically linked against libcurl on Windows
if PYCURL_USE_LIBCURL_DLL is #defined during compilation.
* Breaking change: opensocket callback now takes an additional
(address, port) tuple argument. Existing callbacks will need to
be modified to accept this new argument.
https://github.com/pycurl/pycurl/pull/18
Version 7.19.0.3 [requires libcurl-7.19.0 or better] - 2013-12-24
-----------------------------------------------------------------
* Re-release of 7.19.0.2 with minor changes to build Windows packages
due to botched 7.19.0.2 files on PyPi.
http://curl.haxx.se/mail/curlpython-2013-12/0021.html
Version 7.19.0.2 [requires libcurl-7.19.0 or better] - 2013-10-08
-----------------------------------------------------------------
* Fixed a bug in a commit made in 2008 but not released until 7.19.0.1
which caused CURLOPT_POSTFIELDS to not correctly increment reference
count of the object being given as its argument, despite libcurl not
copying the data provided by said object.
* Added support for libcurl pause/unpause functionality,
via curl_easy_pause call and returning READFUNC_PAUSE from
read callback function.
Version 7.19.0.1 [requires libcurl-7.19.0 or better] - 2013-09-23
-----------------------------------------------------------------
* Test matrix tool added to test against all supported Python and
libcurl versions.
* Python 2.4 is now the minimum required version.
* Source code, bugs and patches are now kept on GitHub.
* Added CURLINFO_CERTINFO and CURLOPT_CERTINFO.
* Added CURLOPT_RESOLVE.
* PycURL can now be used with Python binaries without thread
support.
* gcrypt is no longer initialized when a newer version of gnutls
is used.
* Marked NSS as supported.
* Fixed relative URL request logic.
* Fixed a memory leak in util_curl_init.
* Added CURLOPT_USERNAME and CURLOPT_PASSWORD.
* Fixed handling of big timeout values.
* Added GLOBAL_ACK_EINTR.
* setopt(..., None) can be used as unsetopt().
* CURLOPT_RANGE can now be unset.
* Write callback can return -1 to signal user abort.
* Reorganized tests into an automated test suite.
* Added CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA.
* Cleaned up website.
* Fix pycurl.reset() (patch by <johansen at sun.com>).
* Fix install routine in setup.py where
certain platforms (Solaris, Mac OSX, etc)
would search for a static copy of libcurl (dbp).
* Fixed build on OpenSolaris 0906 and other platforms on which
curl-config does not have a --static-libs option.
* No longer keep string options copies in the
Curl Python objects, since string options are
now managed by libcurl.
flup is a collection of modules for the Python Web Server Gateway
Interface, including support for AJP 1.3, FastCGI and SCGI. It also
offers a basic middleware.
This package contains the 3.x version of the module.
0.8
More fixes for the App Engine support.
Added a new feature that allows you to supply your own provider for the
CA_CERTS file. Just create a module named ca_certs_locater that has a method
get() that returns the file location of the CA_CERTS file.
Lots of clean up of the code formatting to make it more consistent.
