Changelog:
FIXED
Update branches that use 4.10 RTM to 4.10.2 RTM (see 935568)
FIXED
Update Mozilla to NSS 3.15.3 (new alternative NSS branch) to pick up a few fixes (see 935959)
FIXED
Some UI strings in Firefox 24.1.0 ESR l10n builds are in English (see 932310)
Changelog:
FIXED
25.0.1: New security fixes can be found here
FIXED
25.0.1: Pages sometimes wouldn't load without first moving the cursor
Fixed in Firefox 25.0.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
Version 2.11.13 (2013-11-19)
----------------------------
### Fixed
Sort the list of available modules (see #6391).
### Fixed
Decode entities in passwords (see #6252).
### Fixed
Replace insert tags in the details view of the listing module (see #6120).
Upstream changes:
Highlights
MDL-41252 - Accessibility improvements to course page.
MDL-34209 - Moving sections by drag and drop reorders sections correctly.
MDL-29987 - Embedded PDF files behave correctly.
Functional changes
MDL-42069 - Option to sort by last name in Quiz grading report.
MDL-38267 - Submit button is not shown after cut-off date in Assignment.
MDL-22669 - When restoring a larger course over a smaller one, the number of sections is maintained.
MDL-42666 and MDL-42668 - The Box.net repository and Box.net portfolio have been updated to use Box.net API v2. Moodle sites which have used the Box.net repository previously need to run the Box.net-alias-to-copy-conversion tool as soon as possible. Also, HTTPS is now required for sites to access Box.net. See Box.net APIv1 migration for details.
API changes
MDL-41861, MDL-41882, MDL-41853,... - Generator tools have been backported.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-32862 - Links to 1.9 resource types work after upgrade to 2.2 followed by backup and restore.
MDL-40903 - Persistent cache is now split into logical parts.
MDL-41942 - Courses in categories no longer become invisible due to caching problem.
MDL-41352 - Mymobile theme no longer producing JavaScript error on course pages.
MDL-37528 - Block drag-and-drop issue resolved.
MDL-42542 - The Portfolio cron job is now working.
MDL-42619 - Error deleting a course link from the community block is fixed.
MDL-37877 - Automated backup failure is now reported.
Changelog:
Fixed in Firefox ESR 17.0.10
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Among others, this changes using crypto:sha() to crypto:hash() for Erlang
that is new enough.
Bugfixes in pam, sendfile, generation of mime_types.erl
Other changes in the area of Webdav, sendfile, embedded mode, rebar
support, ssl options.
Optimization in ssi code.
Simplified default project and app templates
Improved transaction management
Persistent database connections
Discovery of tests in any test module
Time zone aware aggregation
Support for savepoints in SQLite
BinaryField model field
GeoDjango form widgets
check management command added for verifying compatibility
Model.save() algorithm changed
Minor features
Upstream changes:
4.57 2013-11-11
- Improved compatibility with IO::Socket::SSL 1.957.
- Fixed error event bug in Mojo::IOLoop::Delay.
4.56 2013-11-09
- Fixed backspace escaping bug in Mojo::JSON. (ig3)
4.55 2013-11-07
- Fixed Windows bug in "daemon.t".
4.54 2013-11-07
- Added parts attribute to Mojo::Home.
- Fixed keep alive connection timeout bug in Mojo::UserAgent.
- Fixed support for links within a page in Mojolicious::Plugin::PODRenderer.
- Fixed home detection bug in Mojo.
WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.
This package is WordPress of Japanese localized version.
It has Japanese locale file and some extension/modification for
website written in Japansese people, and for website located in Japan.
digiKam 3.5.0 - Release date: 2013-09-29
NEW FEATURES:
General : new RAW cameras supported : Richon GR, Panasonic LF1,
Canon EOS 70D, Sony RX100II, Sony RX1R, Olympus E-P5.
BUGFIXES FROM KDE BUGZILLA (alias B.K.O | http://bugs.kde.org):
001 ==> Removing tags limited to 250 selected pictures.
002 ==> Kipi-plugins cannot be deselected or digiKam not reading digikamrc.
003 ==> undo/redo does not take effect in the image.
004 ==> Feature request: Setting in digiKam to only detect faces, not
trying to recognize them automatically.
005 ==> digiLam crashed when validating face tag with button.
Changes:
Version 3.7:
* Background Updates
- Automatic updates for maintenance and security updates.
- Daily updates for developers using nightly builds.
* Stronger Password Meter
- New password meter to encourage users to choose stronger passwords.
* Improved Search
- More relevant search results.
* Better Global Support
- Localized versions will receive faster and more complete translations.
- Background updates will include translations
More info on http://codex.wordpress.org/Version_3.7
Version 3.7.1:
- Images with captions no longer appear broken in the visual editor.
- Allow some sites running on old or poorly configured servers to continue to check for updates from WordPress.org.
- Avoid fatal errors with certain plugins that were incorrectly calling some WordPress functions too early.
- Fix hierarchical sorting in get_pages(), exclusions in wp_list_categories(), and in_category() when called with empty values.
- Fix a warning that may occur in certain setups while performing a search, and a few other notices.
More info on http://codex.wordpress.org/Version_3.7.1
Version 3.1.5 (2013-11-08)
--------------------------
### Fixed
Correctly handle shorthand byte values (see #6345).
### Fixed
Also update the sitemap if a news/event feed is updated (see #5727).
### Fixed
Correctly sort by date in the listing module (see #5609).
### Fixed
Correctly handle the autologin key if a member is duplicated (see #5945).
### Fixed
Correctly export pages as PDF (see #6317).
* Add forgotten patch for NetBSD's cpuset(3), fix build
* Use __fstat50 etc instead of fstat on NetBSD. Based on martin@'s patch
for firefox 27.0.
Restore session is recovered on NetBSD/amd64.
* kerberos_ldap_group: fix LDAP string duplication
* Avoid "hot idle": A series of rapid select() calls with zero timeout.
* Bug 3887: tcp_outgoing_tos not working for IPv6
* Fix cbdata 'error: expression result unused' errors
* Have testRock use cachemgr stubs
* Bug 3836: Fix issues with automake 1.13 and later and make check (extra)
* Bug 3836: Fix issues with automake 1.13 and later and make check
* Append Connection:close to OPTIONS requests when icap_persistent_connections is off.
* Add cache_miss_revalidate
* Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
* Fix CBDATA_CLASS2 macro definition
* libntlmauth: Fix string field truncation
* ntlm_fake_auth: pass DOMAIN data to Squid in original case
* Fix SQUID_CC_CHECK_ARGUMENT autoconf macro
* Polish: better WARNING when workers directive is ignore on reconfigure.
* Use IPv6 localhost nameserver on DNS configuration errors
* Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
* Polish: report bytes received when bad content-length detected by quick-abort
* Bug 3918: Squid 3.3.9 Self Test Failures on Mac OS X 10.8
* Bug 3929: request_header_add not working for tunnel requests
* Fix pinning hierarchy log information
* Close idle client connections associated with closed idle pinned connections.
Changelog:
SeaMonkey-specific changes
Sorting messages by date can now be configured to look at the thread root instead of the newest message in it (pref: mailnews.sort_threads_by_root).
Plugins doorhangers now allow to activate different plugin types independently.
The proxy popup is now also available from the MailNews main window.
A new Recipients column has been added that shows all recipients (To, CC, BCC).
The default HTML5 audio/video player controls allow to change the playback rate now.
A "Validate this page" entry has been added to Tools/Web Development.
The Firefox devtools debugger can now be used to debug SeaMonkey remotely.
See the changes page for a more complete overview.
Mozilla platform changes
Web Audio support has been added.
CSS3 background-attachment:local support to control background scrolling has been implemented.
Many new ES6 functions have been implemented.
iframe document content can now be specified inline.
Fixed several stability issues.
Fixed in SeaMonkey 2.22
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
* Disable if test "A" = "A"; then fi test
SYntax error on SmartOS
* build is fine on SmartOS, hopefully other SunOS,
but I cannot confirm functionality now
* Remove DragonFly from SkThreadUtils_pthread_linux.cpp condition.
DragonFly has no cpuset(3) or CPU_SET(3) macros/functions.
It has usched_set(2), but I cannot implement with them.
Use SkThreadUtils_pthread_other.cpp instead.
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package tracks 24 extended support release branch.
* Enable pulseaudio by default, OSS support is dropped, and ALSA support
on NetBSD does not work properly for me
* Enable GStremer support for non-webm and non-theora video support
* Create alsa option, and enabled on Linux by default
Changelog:
NEW
Web Audio support
NEW
The find bar is no longer shared between tabs
CHANGED
If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information
CHANGED
Resetting Firefox no longer clears your browsing session
DEVELOPER
CSS3 background-attachment:local support to control background scrolling
DEVELOPER
Many new ES6 functions implemented
HTML5
iframe document content can now be specified inline
FIXED
Blank or missing page thumbnails when opening a new tab
FIXED
Security fixes can be found here
Fixed in Firefox 25
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
User-visible changes:
- Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
* stop linking against psapi.dll on Windows
* translation updates for Swedish
- Client-side bugfixes:
* revert: fix problems reverting moves
* update: fix assertion when file external access is denied
* merge: reduce network connections for automatic merge
* merge: fix path corruption during reintegration
* mergeinfo: fix crash
* ra_serf: verify the result of xml parsing
* ra_serf: improve error messages during commit
* ra_local: fix error with repository in Windows drive root
* fix crash on windows when piped command is interrupted
* fix crash in the crash handler on windows
* fix assertion when upgrading old working copies
- Server-side bugfixes:
* hotcopy: cleanup unpacked revprops with '--incremental'
* fix OOM on concurrent requests at threaded server start
* fsfs: improve error message when unsupported fsfs format found
* fix memory problem in 3rd party FS module loader
Developer-visible changes:
- General:
* allow compiling against serf 1.3 and later on Windows
- Bindings:
* javahl: canonicalize path for streaFileContent method
Fixed a bug in fixture loading signals handling
Fixed a bug in placeholder's primary key thousand formatting
Test fixes
Fixed use of cached content in the show_placeholder's preview mode
Fixed issues in cookie handling
Fixed minor unicode issues
Fixed a missing argument in ModelAdmin
Fixed a bug in WymEditor handling
Fixed bugs in migrations
Fixed bug in language fallback
Minor documentation fixes
* An issue with SQLite and default values that caused some migrations to fail has been fixed.
* South now recognises more Django MSSQL backends, and no longer fails to alter ForeignKeys that are in composite indexes.
* A small issue with the app cache on Django 1.6 has been fixed.
* The schemamigration and datamigration commands can now be properly inherited and their templates easily changed.
Upstream changes:
4.53 2013-10-30
- Fixed a few unsubscribe and error event bugs in Mojo::EventEmitter.
4.52 2013-10-29
- Improved Mojo::EventEmitter to allow unhandled error events to be fatal.
(powerman, sri)
4.51 2013-10-28
- Added tag_with_error helper to Mojolicious::Plugin::TagHelpers.
- Improved .ep template performance significantly, the number of helpers no
longer has any effect. (jberger, sri)
- Improved form_for performance.
- Improved built-in templates with documentation search.
- Fixed template inheritance bug in include helper.
- Fixed a few multipart form handling bugs.
mod_fastcgi: fix mix up of “mode” => “authorizer” in other fastcgi configs (fixes 2465, thx peex)
fix handling of If-Modified-Since if If-None-Match is present (don’t return 412 for date parsing errors);
follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
[mod_fastcgi,log] support multi line logging (fixes 2252)
call ERR_clear_error only for ssl connections in CON_STATE_ERROR
reject non ASCII characters in HTTP header names
[mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes 2483)
[mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn’t use any salt, md5 with salt is probably better.
[mod_auth] fix base64_decode (2484)
fix some bugs found with canalyze (fixes 2484, thx Zhenbo Xu)
fix undefined stuff found with clang
[cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add Wl,-as-needed to extra warnings (fixes 2448)
[mod_auth] fix invalid read in digest qop=auth-int handling (fixes 2478)
[auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes 2490)
[mod_userdir] add userdir.active option, “enabled” by default
[core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
[core] recognize more http methods to forward to backends (fixes 2346)
[ssl] use DH only if openssl supports it (fixes 2479)
[network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes 2470)
[ssl] Fix $HTTP[“scheme”] conditional, could be “http” for ssl connections if the ssl $SERVER[“socket”] conditional was nested (fixes 2501)
[ssl] accept ssl renegotiations if they are not disabled (fixes 2491)
[ssl] add option ssl.empty-fragments, defaulting to disabled (fixes 2492)
[auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes 2495)
[auth] new method “extern” to use already present REMOTE_USER (from magnet, ssl, …) (fixes 2436)
[core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
[core] check whether server.chroot exists
[mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
[mod_accesslog] add accesslog.syslog-level option (fixes 2480)
[core] allow files to be used as document-root (fixes 2475)
[core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes 2502)
Django 1.5.5 fixes a couple security-related bugs and several other bugs in the 1.5 series.
Readdressed denial-of-service via password hashers
Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a denial-of-service attack through submission of bogus but extremely large passwords. In Django 1.5.5, we’ve reverted this change and instead improved the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
Properly rotate CSRF token on login
This behaviour introduced as a security hardening measure in Django 1.5.2 did not work properly and is now fixed.
Bugfixes
Fixed a data corruption bug with datetime_safe.datetime.combine.
Fixed a Python 3 incompatability in django.utils.text.unescape_entities().
Fixed a couple data corruption issues with QuerySet edge cases under Oracle and MySQL.
Fixed crashes when using combinations of annotate(), select_related(), and only()
0.9 (2013-10-25)
webassets now support Python 3, and drops support for Python 2.5.
- Filter for Closure Soy templates (Michael Su).
- less filter can output source maps (Riccardo Forina).
- Support .pyc only deployments (Mike C. Fletcher).
- Jade template filter (Roshambo).
- YAMLLoader improvements (incl. Cédric Reginster).
- The gzip filter was removed.
Changes since 1.0.6:
* Python 3 compatibility fixes
* Redis CLI
* Dropped Flask-WTF dependency
* Upgraded to Select2 3.4.0
* Additional unit tests
* Separate loggers for each Flask-Admin component
* New, much more configurable datetime picker
* Spanish translation
* Form rendering rules
* Models: AJAX drop-down population for related models
* Models: Filter options can be translated
* Models: on_model_change now accepts third parameter is_created
* Models: New configurarion property form_extra_columns
* Models: Proper child field error highlighting
* Models: Save and continue button for edit views
* Models: FileUploadField and ImageUploadField
* Models: If Flask is running in debug mode, rethrow all exceptions
* Models: Backrefs are now displayed by default
* Models: If there are no models in the list view, message will be displayed
* MongoEngine: GridFS support for file and image uploads
* MongoEngine: Backend supports form_overrides, choices and other field
configuration properties
* MongoEngine: URLField and EmailField are now searchable
* MongoEngine: Embedded document configuration
* SQLAlchemy: Backend was renamed as flask.ext.admin.contrib.sqla
* SQLAlchemy: Automatic join for many-to-many relations
* SQLAlchemy: Fixed ambiguous primary key when building complex search query
in SQLAlchemy backend
* SQLAlchemy: Use joinedload for related model instead of subqueryload for
performance reasons
* SQLAlchemy: Improved inline model handling logic
* SQLAlchemy: Initial multi-pk support for inherited models
* SQLAlchemy: BigInt filtering support
(No changelog for 0.9.3 supplied, but includes maintainer change.)
Version 0.9.2
-------------
Released 2013/9/11
- Upgrade wtforms to 1.0.5.
- No lazy string for i18n `#77`_.
- No DateInput widget in html5 `#81`_.
- PUT and PATCH for CSRF `#86`_.
.. _`#77`: https://github.com/lepture/flask-wtf/issues/77
.. _`#81`: https://github.com/lepture/flask-wtf/issues/81
.. _`#86`: https://github.com/lepture/flask-wtf/issues/86
Version 0.9.1
-------------
Released 2013/8/21
This is a patch version for backward compitable for Flask<0.10 `#82`_.
.. _`#82`: https://github.com/lepture/flask-wtf/issues/82
Version 0.9.0
-------------
Released 2013/8/15
- Add i18n support (issue #65)
- Use default html5 widgets and fields provided by wtforms
- Python 3.3+ support
- Redesign form, replace SessionSecureForm
- CSRF protection solution
- Drop wtforms imports
- Fix recaptcha i18n support
- Fix recaptcha validator for python 3
- More test cases, it's 90%+ coverage now
- Redesign documentation
Version 1.0.5
-------------
Released September 10, 2013
- Fix a bug in validators which causes translations to happen once then
clobber any future translations.
- ext.sqlalchemy / ext.appengine: minor cleanups / deprecation.
- Allow blank string and the string 'false' to be considered false values
for BooleanField (configurable). This is technically a breaking change,
but it is not likey to affect the majority of users adversely.
- ext.i18n form allows passing LANGUAGES to the constructor.
Add LICENSE
Upstream changes:
0.11 2013-10-11 15:11:59 Europe/London
0.10 2013-09-27 15:05:03 Europe/London
- RT3008 Changed examples to be XSS free
- RT19063, RT25477 fixed handling of self closing tags,
for example '<hr />'
- * attribute rule can be a regexp
- callbacks in rules to check or adjust attributes with
custom code (RT15747)
Update DEPENDS
Upstream changes:
0.09010 2012-10-05
- Internal changes - all Repeatable/nested_name munging is moved out of
HTML::FormFu::Element::Repeatable into individual constraints
0.09009 2012-09-29
- Make sure object can('checked') before calling checked() (colinnewell)
- Updated Repeatable control to update id_field on DBIC::Unique if present
- Added support for arbitrary elements within Multi blocks so that they
don't need to support methods like _striing_field and label etc.
- ComboBox new get_select_field_nested_name(), get_text_field_nested_name()
accessors.
- Fieldset new legend_attributes() method.
- New form_error_message_class() method.
- Constraint 'when' callback now receives $constraint as 2nd argument.
0.09007 2012-01-23
- bump MooseX::Attribute::Chained version
0.09006 2012-01-23
- fixed deprecation warnings of MX::Attribute::Chained (bricas)
- Added placeholder attributes for types Text and Textarea with L10N support.
- Added L10N support for 'prefix' attributes for types Date and DateTime.
- Added 'attributes' support to types Date and DateTime.
Upstream changes:
4.50 2013-10-22
- Deprecated Mojo::UserAgent::app in favor of
Mojo::UserAgent::Server::app.
- Deprecated Mojo::UserAgent::app_url in favor of
Mojo::UserAgent::Server::url.
- Deprecated Mojo::UserAgent::detect_proxy in favor of
Mojo::UserAgent::Proxy::detect.
- Deprecated Mojo::UserAgent::http_proxy in favor of
Mojo::UserAgent::Proxy::http.
- Deprecated Mojo::UserAgent::https_proxy in favor of
Mojo::UserAgent::Proxy::https.
- Deprecated Mojo::UserAgent::no_proxy in favor of
Mojo::UserAgent::Proxy::not.
- Deprecated Mojo::UserAgent::need_proxy in favor of
Mojo::UserAgent::Proxy::is_needed.
- Deprecated Mojo::UserAgent::name in favor of
Mojo::UserAgent::Transactor::name.
- Added modules Mojo::UserAgent::Proxy and Mojo::UserAgent::Server.
- Added proxy and server attributes to Mojo::UserAgent.
- Removed deprecated attrs method from Mojo::DOM.
- Improved Mojo::Message to allow max_message_size check to be disabled.
- Fixed small assignment bug in content helper.
Upstream changes:
1.3119 26.10.2013
[ ENHANCEMENTS ]
* GH #965: Serializer also serialize content for DELETE.
(reported by Achim Adam)
[ BUG FIXES ]
* GH #959: hash randomization could cause .pl MIME to vary and test
to fail. (Olof Johansson)
* GH #961: fix bug in require_environment's logic. (reported by
sapphirecat)
[ DOCUMENTATION ]
* GH #962: Improvements of the Dancer::Test docs. (Tom Hukins)
= 1.4.4 / 2013-10-21
* Allow setting layout to false in specifically for a singe rendering engine.
(Matt Wildig)
* Allow using wildcard in argument passed to `request.accept?`. (wilkie)
* Treat missing Accept header like wild card. (Patricio Mac Adden)
* Improve tests and documentation. (Darío Javier Cravero, Armen P., michelc,
Patricio Mac Adden, Matt Wildig, Vipul A M, utenmiki, George Timoschenko,
Diogo Scudelletti)
* Fix Ruby warnings. (Vipul A M, Patricio Mac Adden)
* Improve self-hosted server started by `run!` method or in classic mode.
(Tobias Bühlmann)
* Reduce objects allocated per request. (Vipul A M)
* Drop unused, undocumented options hash from Sinatra.new. (George Timoschenko)
* Keep Content-Length header when response is a `Rack::File` or when streaming.
(Patricio Mac Adden, George Timoschenko)
* Use reel if it's the only server available besides webrick. (Tobias Bühlmann)
* Add `disable :traps` so setting up signal traps for self hosted server can be
skipped. (George Timoschenko)
* The `status` option passed to `send_file` may now be a string. (George
Timoschenko)
* Reduce file size of dev mode images for 404 and 500 pages. (Francis Go)
* Fixing build issues on OS X with CLOCK_MONOTONIC not being implemented on OS X.
* Make libmicrohttpd play nicely with upcoming libgcrypt 1.6.0.
* Improved configure checks for cURL.
* Signal connection termination as OK (and not as ERROR) if the
stream was terminated by the callback returning
MHD_CONTENT_READER_END_OF_STREAM. Also, release response
mutex before calling the termination callback, to avoid
possible deadlock if the client destroys the response in
the termination callback (due to non-recursiveness of the lock).
* Adding #define MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN.
* Also pass MHD connection handle in URI log callback.
* Improved check for proper OpenSSL version for libmicrospdy.
* Set IPV6_V6ONLY socket option correctly when IPv6 is
enabled (MHD_USE_IPv6) but not dual stack (MHD_USE_DUAL_STACK).
Upstream changes:
2013-08-22 Dave Cross <dave@dave.org.uk> - RELEASE_3.04
========================================================
Dave Cross <dave@dave.org.uk> (17):
* Finish removing all references to SnipURL.pm.
* Bump to version 2.05 for release.
* Removed support for shorl.pm (now in WWW::Shorten::Shorl distribution).
* Bumped version number. Removed shorl files from MANIFEST.
* Added Config::Auto to list of dependencies (it's used by the shorten
program). Bumped version for release.
* Default to using a service that we currently support.
* Added MYMETA.yml to MANIFEST.SKIP.
* Be far more intelligent about the code that allows the user to choose
which service to use.
* Bump version number for release.
* Better examples of using bin/shorten
* Added a WWW::Shorten::UserAgent object which dies if it receives an HTTP
error response.
* Added documentation.
* Added META.json to MANIFEST.
* Licensing clean-up.
* Removed prototypes (and the ampersands in the tests that circumvented
them)
* Bump version number for release.
* Moved Pod tests into xt. (Pod coverage currently fails on some files. See
https://rt.cpan.org/Ticket/Display.html?id=87634 for details.)
Dave Cross <dave@angel.mag-sol.com> (1):
* Removed support for NotLong and OneShortLink (separate distributions to
follow soon). Bumper to version 2.06.
Dave Cross <dave@dacross.(none)> (1):
* Removed version number so it's picked up from lib/WWW/Shorten.pm
yappo <yappo@shibuya.pl> (1):
* shorl.com was change the request method ( POST to GET )
Router::Simple is a simple router class. Its main purpose is to serve as a
dispatcher for web applications. Router::Simple can match against PSGI $env
directly, which means it's easy to use with PSGI supporting web frameworks.
Upstream changes:
4.49 2013-10-17
- Added tls_ciphers option to Mojo::IOLoop::Server::listen.
- Added ciphers parameter to Mojo::Server::Daemon::listen.
- Removed experimental status from Mojolicioua::Validator.
- Removed experimental status from Mojolicioua::Validator::Validation.
- Removed experimental status from validation method in
Mojolicious::Controller.
- Removed experimental status from validator attribute in Mojolicious.
- Removed experimental status from validation helper in
Mojolicious::Plugin::DefaultHelpers.
- Fixed parameter bug in Mojolicious::Validator::Validation.
4.48 2013-10-16
- Fixed support for Net::SSLeay 1.55.
* Some old versions of bash do not grok some constructs like
'printf -v varname' which the prompt and completion code started
to use recently. The completion and prompt scripts have been
adjusted to work better with these old versions of bash.
* In FreeBSD's and NetBSD's "sh", a return in a dot script in a
function returns from the function, not only in the dot script,
breaking "git rebase" on these platforms (regression introduced
in 1.8.4-rc1).
* "git rebase -i" and other scripted commands were feeding a
random, data dependant error message to 'echo' and expecting it
to come out literally.
* Setting the "submodule.<name>.path" variable to the empty
"true" caused the configuration parser to segfault.
* Output from "git log --full-diff -- <pathspec>" looked strange
because comparison was done with the previous ancestor that
touched the specified <pathspec>, causing the patches for paths
outside the pathspec to show more than the single commit has
changed.
* The auto-tag-following code in "git fetch" tries to reuse the
same transport twice when the serving end does not cooperate and
does not give tags that point to commits that are asked for as
part of the primary transfer. Unfortunately, Git-aware transport
helper interface is not designed to be used more than once, hence
this did not work over smart-http transfer. Fixed.
* Send a large request to read(2)/write(2) as a smaller but still
reasonably large chunks, which would improve the latency when the
operation needs to be killed and incidentally works around broken
64-bit systems that cannot take a 2GB write or read in one go.
* A ".mailmap" file that ends with an incomplete line, when read
from a blob, was not handled properly.
* The recent "short-cut clone connectivity check" topic broke a
shallow repository when a fetch operation tries to auto-follow
tags.
* When send-email comes up with an error message to die with upon
failure to start an SSL session, it tried to read the error
string from a wrong place.
* A call to xread() was used without a loop to cope with short
read in the codepath to stream large blobs to a pack.
* On platforms with fgetc() and friends defined as macros, the
configuration parser did not compile.
* New versions of MediaWiki introduced a new API for returning
more than 500 results in response to a query, which would cause
the MediaWiki remote helper to go into an infinite loop.
* Subversion's serf access method (the only one available in
Subversion 1.8) for http and https URLs in skelta mode tells its
caller to open multiple files at a time, which made "git svn
fetch" complain that "Temp file with moniker 'svn_delta' already
in use" instead of fetching.
Also contains a handful of trivial code clean-ups, documentation
updates, updates to the test suite, etc.
## Rails 3.2.15 (Oct 16, 2013) ##
* Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for
spoofing attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are
set.
Fixes#12410
Backports #10844
*Tamir Duberstein*
* Fix the assert_recognizes test method so that it works when there are
constraints on the querystring.
Issue/Pull Request #9368
Backport #5219
*Brian Hahn*
* Fix to render partial by context(#11605).
*Kassio Borges*
* Fix `ActionDispatch::Assertions::ResponseAssertions#assert_redirected_to`
does not show user-supplied message.
Issue: when `assert_redirected_to` fails due to the response redirect not
matching the expected redirect the user-supplied message (second parameter)
is not shown. This message is only shown if the response is not a redirect.
*Alexey Chernenkov*
pax -rw, the destination directory must exist. pax in NetBSD creates it if
not, pax in MirBSD complains. I read through all pkgsrc Makefiles that use
pax and added an entry to INSTALLATION_DIRS, or an INSTALL_DATA_DIR
invocation.
I did not test all the changes but they should be fairly safe. If you notice
any breakage because of this change, please contact me.
* test code for testing the event based API
* CURLM_ADDED_ALREADY: new error code
* test TFTP server: support "writedelay" within
* krb4 support has been removed
* imap/pop3/smtp: added basic SASL XOAUTH2 support
* darwinssl: add support for PKCS12 files for client authentication
* darwinssl: enable BEAST workaround on iOS 7 & later
* Pass password to OpenSSL engine by user interface
* c-ares: Add support for various DNS binding options
* cookies: add expiration
* curl: added --oauth2-bearer option
Version 3.1.4 (2013-10-14)
--------------------------
### Fixed
Do not show the debug bar in the modal dialog (see #6302).
### Fixed
Ignore the "maxlength" setting in certain form fields (see #6283).
### Fixed
Correctly show the "toggle page status" icon (see #6282).
### Removed
Removed the TinyMCE spell checker (see #6247).
### Updated
Updated TCPDF to version 3.0.38 (see #6268).
### Fixed
Correctly render the pages breadcrumb menu for non-admin users (see #6067).
### Fixed
Correctly handle the accordion fields during the version 3.1 update (see #6229).
### Fixed
Correctly handle special characters in page aliases (see #6232).
Upstream changes:
4.47 2013-10-15
- Added dumper function to Mojo::Util.
- Improved compatibility with IO::Socket::SSL 1.955.
- Improved IIS compatibility of Mojo::Server::CGI.
4.46 2013-10-11
- Changed default name for generated applications from MyMojoliciousApp to
MyApp.
- Improved performance of route matching in Mojolicious::Routes::Pattern.
- Improved HTML Living Standard compliance of Mojo::DOM::HTML.
Update DEPENDS
Add LICENSE
Upstream changes:
2.20 Fri Apr 6 00:49:51 CDT 2012
[ENHANCEMENTS]
Sometimes creating HTML::Lint-compliant HTML just isn't possible.
Now, you can now turn individual errors on and off in your HTML
via comment directives, like so:
<!-- html-lint elem-img-sizes-missing: off, attr-unknown: off -->
And if you have a batch of code that's hopeless:
<!-- html-lint all: off -->
Added check for unknown entities, such as "&foo;".
Added check for unclosed entitities, such as "&" without the
closing semicolon.
Added a check for a bare ampersand that should be written as &
Version 0.7
http://svn.edgewall.org/repos/genshi/tags/0.7.0/
(Jan 27 2013, from branches/stable/0.7.x)
* Add support for Python 3.1, 3.2 and 3.3 (via 2to3) and for PyPy. The
majority of the coding was done in a sprint run by the Cape Town Python
Users Group with financial assistance from the Python Software Foundation.
* Default input and output encodings changed from UTF-8 to None (i.e. unicode
strings).
* Skip Mako benchmarks if Mako isn't installed (rather than failing
completely).
Version 0.6.1
http://svn.edgewall.org/repos/genshi/tags/0.6.1/
(Jan 27 2013, from branches/stable/0.6.x)
* Security fix to enhance sanitizing of CSS in style attributes. Genshi's
`HTMLSanitizer` disallows style attributes by default (this remains
unchanged) and warns against such attacks in its documentation, but
the provided CSS santizing is now less lacking (see #455).
* Fix for error in how `HTMLFormFiller` would handle `textarea` elements if
no value was not supplied form them.
* The `HTMLFormFiller` now correctly handles check boxes and radio buttons
with an empty `value` attribute.
* Template `Context` objects now have a `.copy` method.
* Added a simple `tox.ini` file for using tox to test against multiple
verions of Python.
* Fix for bug in `QName` comparison (see #413).
* Fix for bug in handling of trailing events in match template matches
(see #399).
* Fix i18n namespace declaration in documentation (see #400).
* Fix for bug in caching of events in serializers by no longer caching
`(TEXT, Markup)` events (see #429).
* Fix handling of `None` by `Markup.escape` in `_speedups.c` (see #439).
* Fix handling of internal state by match templates (relevant when multiple
templates match the same part of the stream, see #370).
* Fix handling of multiple events between or on either side of start and end
tags in translated messages (see #404).
* Fix test failures caused by changes in HTMLParser in Python 2.7 (see #501).
* Fix infinite loop in interplotation lexing that was introduced by a change
in Python 2.7's tokenizer (see #540).
* Fix handling of processing instructions without data (see #368).
* Updated MANIFEST.in so as not to rely on build from Subersion 1.6.
Changelog
=========
Since 2.3.2
----------------
bugfix: When creating members, do not assign permissions for all executives (or superior users) if member has a parent.
Since 2.3.2-rc2
----------------
bugfix: Cannot filter overview by tag.
bugfix: Tasks tooltip in calendar views shows description as html.
bugfix: Permissions issue when editing and subscribing for non-admins for not classiffied objects.
Since 2.3.2-rc
----------------
bugfix: Show can_manage_billing permission.
bugfix: Missing lang on javascript langs.
bugfix: Javascript plugin langs are not loaded.
bugfix: When requesting completed tasks for calendar month view, it does not filter by dates and calendar hangs if there are too much tasks.
bugfix: Administration / dimensions does not show members for dimensions that don't define permissions.
bugfix: Permissions fix when email module is not installed.
bugfix: Company object type name fixed.
bugfix: Try to reconect to database if not conected when executing a query (if connection is lost while performing other tasks).
bugfix: When users cannot see other user's tasks they can view them using the search.
bugfix: Group permissions not applied in assigned to combo (when adding or editing tasks).
bugfix: Minor bugfixes in 1.7 -> 2.x upgrade.
bugfix: Activity widget: logs for members (workspaces, etc.) were not displayed.
bugfix: General search sql query improved.
bugfix: Don't include context in the user edited notification.
bugfix: Don't show worked hours if user doesn't have permissions for it.
bugfix: Don't send archived mails.
feature: Only administrators can change system permissions.
feature: Users can change permissions of users of the same type (only dimension member permissions).
feature: Set permissions to executive, manager and admins when creating a new member.
Since 2.3.2-beta
----------------
bugfix: Archiving a submember does not archive its objects.
bugfix: Error 500 when adding group.
bugfix: Installer fixes.
bugfix: Modified the insert in read objects for emails.
bugfix: Minor bugfixes in document listing.
bugfix: Sql error when $selected_columns ins an empty array in ContentDataObjects::listing() function
bugfix: root permissions not set when installing new feng office.
bugfix: Person report fixed when displaying email field.
bugfix: contacts are always created when sending mails.
bugfix: Tasks list milestone grouping fixed.
preformance: Search query improved.
performance: Insert/delete into sharing table 500 objects x query when saving user permissions.
=== RELEASE 2.8 ===
Sat Sep 14 22:42:15 CEST 2013 mikulas:
Fixed a memory leak if TIFF download was interrupted
Sat Aug 24 17:59:01 cet 2013 mikulas:
DOS DJGPP port
Sun Jul 14 23:35:49 CEST 2013 mikulas:
Do not save lines starting with space to URL history on the disk
(idea by Volker Schatz)
Sun Jul 14 23:35:28 CEST 2013 Volker Schatz <linksbrowser@volkerschatz.com>
Do not misreport Date header value as last-modified date
in the info box popping up on "=".
New graphics glyphs
Wed May 15 00:44:53 CEST 2013 Samuli Suominen <ssuominen@gentoo.org>:
Fixed file 045e.png. It was not compatible with libpng-1.6
Wed May 15 00:43:27 CEST 2013 mikulas:
Test integers addition for overflow. This fixes possible crashes due to
overflows, they could possibly be security-sensitive.
Sat Apr 6 19:00:07 CEST 2013 mikulas:
Fixed a bug in Xwindow driver when images larger than 65536
pixels were used
Fixed some integer overflows when scaling images larger than 65536
pixels
Wed Jan 2 02:07:43 CET 2013 mikulas:
OpenVMS port
Wed Dec 12 04:52:33 MET 2012 mikulas:
Fixed invalid pointer comparison (comparing if NULL is smaller
than non-NULL pointer) that could result in failures with certain
compilers
Wed Nov 7 22:43:45 CET 2012 mikulas:
Fixed IPv6 detection on OpenBSD
Sat Sep 22 03:01:58 CEST 2012 mikulas:
Fixed an internal error in decompressed file cache if Links
was running out of memory and was freeing cached data
Wed Sep 19 22:40:04 MET 2012 mikulas:
An option that allows the user not to save URL history
Sat Sep 1 18:26:50 CEST 2012 mikulas:
An option to send do not track request
Thu Aug 16 04:19:58 CEST 2012 mikulas:
Reduced CPU consumption when downloading big files
Tue Aug 14 21:52:43 CEST 2012 mikulas:
Fixed a crash if the user selects "Save as" and the document has no
header (the bug was introduced in Links 2.7pre1)
Tue Aug 14 21:01:39 CEST 2012 mikulas:
Parse FTP directories on VMS FTP server
Mon Aug 13 21:39:09 CEST 2012 mikulas:
Use a blocking pipe when communicating with the dns process, it
fixes a possible error when system pipe buffer is too small
Mon Aug 6 23:31:44 CEST 2012 mikulas:
Workaround for bugs on GNU Hurd
Sat Jul 28 01:21:18 CEST 2012 mikulas:
data: url
Fri Jul 20 19:00:30 MET 2012 mikulas:
Accept color in #xxx format (besides usual #xxxxxx)
Tue Jul 10 22:45:19 CEST 2012 mikulas:
Fixed an infinite retry loop when the server terminates connection
prematurely
Sun Jul 8 20:23:43 CEST 2012 mikulas:
Fixed some races in the framebuffer driver that could result in
display corruption if the user is switching virtual consoles too
quickly
Thu Jul 5 22:35:57 CEST 2012 mikulas:
Don't save URLs with password to history file on a disk
Sat Jun 30 17:32:11 CEST 2012 mikulas:
Fixed a rare bug where image alpha channel was not applied correctly
Upstream downgraded their shlib major version (at least on NetBSD).
Since there are so few packages in pkgsrc depending on it, follow suit.
Recursive revbump coming next.
Serf 1.3.2 [2013-10-04, from /tags/1.3.2, r????]
Fix issue 130: HTTP headers should be treated case-insensitively
Fix issue 126: Compilation breaks with Codewarrior compiler
Fix crash during cleanup of SSL buckets in apr_terminate() (r2145)
Fix Windows build: Also export functions with capital letters in .def file
Fix host header when url contains a username or password (r2170)
Ensure less TCP package fragmentation on Windows (r2145)
Handle authentication for responses to HEAD requests (r2178,-9)
Improve serf_get: add option to add request headers, allow url with query,
allow HEAD requests (r2143,r2175,-6)
Improve RFC conformance: don't expect body for certain responses (r2011,-2)
Do not invoke progress callback when no data was received (r2144)
And more test suite fixes and build warning cleanups
SCons-related fixes:
Fix build when GSSAPI not in default include path (2155)
Fix OpenBSD build: always map all LIBPATH entries into RPATH (r2156)
Checksum generation in Windows shared libraries for release builds (2162)
Mac OS X: Use MAJOR version only in dylib install name (r2161)
Use both MAJOR and MINOR version for the shared library name (2163)
Fix the .pc file when installing serf in a non-default LIBDIR (r2191)
Upstream changes:
1.3118 01.09.2013
[ ENHANCEMENTS ]
* GH #946: new 'require_environment' setting. (Jesse van Herk)
* GH #952: don't set defaults for Template subclasses for
Dancer::Template::TemplateToolkit. (Rick Myers)
* GH #945: add function 'template_or_serialize' to
Dancer::Serializer::Mutable. (Yanick Champoux)
[ BUG FIXES ]
* GH #655: clarify logger error message. (Yanick Champoux,
reported by Gabor Szabo)
* GH #951: fix quoting of TemplateToolkit start_tag/stop_tag.
(Rick Myers)
* GH #940: carry over the session when we forward().
(Yanick Champoux, reported by sciurius)
* GH #954: don't die on autoflush for older perls.
(Yanick Champoux, reported by metateck and David Golden)
* GH #950: Dancer::Test functions now populate REQUEST_URI.
(Yanick Champoux, reported by S枚ren Kornetzki)
[ DOCUMENTATION ]
* GH #942: simpilify the Apache deployment docs for cgi/fcgi.
(bug report by Scott Penrose)
[ MISC ]
* GH #949: fixes a few errors in the serializer testsuite.
(Franck Cuny)
Upstream changes:
4.42 2013-09-30
- Added EXPERIMENTAL form validation support.
- Added EXPERIMENTAL modules Mojolicious::Validator and
Mojolicious::Validator::Validation.
- Added EXPERIMENTAL validation method to Mojolicious::Controller.
- Added EXPERIMENTAL validator attribute to Mojolicious.
- Added EXPERIMENTAL label_for and validation helpers to
Mojolicious::Plugin::DefaultHelpers.
4.41 2013-09-22
- Improved documentation browser to be a little more RESTful.
- Fixed flatten to work with older versions of Perl. (jamadam)
4.40 2013-09-21
- Added text method to Mojo::Message.
- Added siblings method to Mojo::DOM.
- Added flatten method to Mojo::Collection.
- Improved documentation browser with source links.
- Fixed smart whitespace trimming bug in Mojo::DOM.
- Fixed table parsing bug in Mojo::DOM::HTML.
- Fixed bug in Mojolicious::Types where the txt MIME type did not specify a
charset.
4.39 2013-09-17
- Improved HTML5.1 compliance of Mojo::DOM::HTML.
4.38 2013-09-16
- Added is_binary method to Mojo::Loader.
- Fixed support for binary files in inflate command.
- Fixed stylesheet helper not to enforce a media attribute.
Version 3.1.3 (2013-09-24)
--------------------------
### Fixed
Do not redirect to protected pages after logout (see #6210).
### Fixed
Consider the additional arguments in `Frontend::jumpToOrReload()` (see #5734).
### Fixed
Prevent article aliases from using reserved names (see #6066).
### Fixed
Correctly update the RSS feeds if a news item or event changes (see #6102).
### Fixed
Correctly link to news and calendar feeds via insert tag (see #6164).
### Fixed
Make the CSS ID available in the custom navigation module (see #6129).
### Fixed
Do not cache the "toggle_view" insert tag (see #6172).
### Fixed
Unset the primary key if a model is deleted (see #6162).
### Fixed
Support `tel:` and `sms:` upon IDNA conversion (see #6148).
### Fixed
Apply the width and height to the audio player as well (see #6114).
### Fixed
Do not exit after a template has been output (see #5570).
### Changed
Drop the database query cache (see #6070). This renders `executeUncached()` and
`executeCached()` deprecated. Use `execute()` instead.
### Fixed
Handle all possible errors when uploading files (see #5934).
Changelog:
SeaMonkey-specific changes
Implemented an option to thread messages received by date.
Allowed deletion of news posts by default.
Implemented optional taskbar preview-per-tab.
Added support (permission prompt) for desktop notifications.
Added Isn't operator for searching by Priority.
See the changes page for a more complete overview.
Mozilla platform changes
Support for new scrollbar style on Mac OS X 10.7 and newer.
Accessibility related improvements on using pinned tabs (bug 577727).
Major SVG rendering improvements around Image tiling and scaling (bug 600207).
Removed support for sherlock files that are loaded from application or profile directory.
Support for W3C touch events disabled (bug 888304).
Fixed several stability issues.
Fixed in SeaMonkey 2.21
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Changelog:
FIXED
Security fixes can be found here
Fixed in Firefox ESR 17.0.9
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests
Bugfixes
[SSPCPP-543] - AttributeExtractor fails to deal with multiple Logos
[SSPCPP-547] - Encoding problem with Metadata Attribute Extractor
[SSPCPP-549] - Shiboleth SP 2.5.1 breaks Apache 2.4.3's error pages
[SSPCPP-550] - Problems with native.log file rotation
[SSPCPP-551] - DiscoFeed Content-Type header lacks charset
[SSPCPP-552] - Solaris TCP Listener code is broken
[SSPCPP-568] - Unattended install pegs the CPU and never completes
[SSPCPP-569] - native log files not closed at/before CGI exec
[SSPCPP-570] - mod_shib takes over valid-user for entire server
[SSPCPP-573] - ShibDisable on breaks basic auth valid user
[SSPCPP-575] - Source build w/memcached and/or fastcgi support fails
[SSPCPP-579] - Internal stack overflow in log4shib
Improvements
[SSPCPP-493] - Default allow access to Shibboleth.sso by default in shibd.conf
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
2.5.1:
Bugfixes
[SSPCPP-409] - Shibboleth2.xml - undefined InProcess/OutOfProcess means no shibd.log/native.log
[SSPCPP-490] - CLang build issue with stream operator overload
[SSPCPP-492] - SP Release 2.5.0 does not compile with xml-security-c versions prior to 1.7.0
[SSPCPP-495] - Warning Shibboleth.PropertySet : load() skipping duplicate property set:
[SSPCPP-499] - Fresh Installation on Windows XP fails after service daemon fails to start
[SSPCPP-500] - configure fails against Apache 2.4
[SSPCPP-502] - Apache 2.4 post_read hook isn't run on subrequests, breaks module
[SSPCPP-504] - ScopedAttributeDecoder fails on non-ascii chars?
[SSPCPP-505] - shibd on Windows missing a version option
[SSPCPP-507] - Insert record failed Violation of PRIMARY KEY constraint with ODBC plugin
[SSPCPP-510] - Installer scripts (particularly the uninstall ones) should fail safe
[SSPCPP-514] - FCGI responder stdin buffer missing termination
[SSPCPP-516] - apache24.config missing from makefile target
[SSPCPP-518] - Incorrect requireLogoutWith redirection if the original URL has query string
[SSPCPP-519] - Shorthand SSO/Logout syntax not working with policyId setting
[SSPCPP-521] - Schemas are not being edited on Windows Installation
[SSPCPP-522] - Transform resolver echoes source string when match fails
[SSPCPP-526] - Transaction log crashes on SOAP-based logout
[SSPCPP-527] - Add ignoreNoPassive attribute to SSO element
[SSPCPP-540] - ISAPI header detection code is prone to false alarms
Improvements
[SSPCPP-402] - Support front-channel SLO without cookies
[SSPCPP-447] - Extension of consistentAddress for IPv6
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
[SSPCPP-517] - Windows SP installer should not always roll back when shibd fails to start
New Feature
[SSPCPP-515] - Make /Status handler report SessionCache
2.5.0:
Bugfixes
[SSPCPP-344] - Version strings in various spots are wired at compile time
[SSPCPP-345] - Split "package-level" and "user-level" settings in shib.conf to limit effect of RPM upgrades.
[SSPCPP-365] - Support for binary attributes in resolver
[SSPCPP-382] - Correct date format in Expires headers
[SSPCPP-383] - Tag entityID not usable in error templates
[SSPCPP-387] - Cryptographic nameID is longer than key length that memcache can handle
[SSPCPP-391] - Generation of keys for relay state is not strongly random
[SSPCPP-392] - Valgrind detects memory leaks
[SSPCPP-393] - Setting session timeout="0" creates infinite loop between SP and IDP
[SSPCPP-400] - NameID lookup for logout ignores logical SP boundaries
[SSPCPP-401] - IIS App Pool Crash
[SSPCPP-406] - Should check for cross platform previous versions?
[SSPCPP-408] - ECP flow fails for Session configured inside of ApplicationOverride
[SSPCPP-411] - openSUSE 12.1 erases /var/run at each reboot, so shibd fails to start
[SSPCPP-413] - Schema catalogs should be set after XMLTooling init.
[SSPCPP-416] - IIS breaks with error "isapi_shib: Attempted to insert duplicate storage key." Server restart required to fix
[SSPCPP-417] - redirectErrors configuration attribute does not handle relative URLs
[SSPCPP-419] - ExtensibleAttribute internal marshalling doesn't handle attribute naming correctly
[SSPCPP-423] - After upgrading SP to Alpha SP 2.5 RPM from previous version of SP, shibd does not start.
[SSPCPP-431] - Change links of https://spaces.inetrnet2.edu to wiki.shibboleth.net
[SSPCPP-438] - Artifact resolver code doesn't use EndpointIndex in 2.0 artifacts
[SSPCPP-439] - Auto-generated ACS endpoints improperly tracked by index
[SSPCPP-443] - SP not signing ECP AuthnRequests
[SSPCPP-444] - Multiple shib_state cookies get set -> server chokes on header field size
[SSPCPP-445] - RequestInitiator metadata generated in a case where it shouldn't be
[SSPCPP-448] - setting relayState to use ODBC storage service results in attempted redirects to an invalid URL
[SSPCPP-449] - RequestMap not normalizing hostname for comparison
[SSPCPP-459] - redirectLimit parser typo
[SSPCPP-460] - A spelling error in the configure file
[SSPCPP-461] - caching DiscoFeed fails b/c cache directory does not exist
[SSPCPP-465] - CLONE - Tag entityID not usable in error templates
[SSPCPP-467] - Cross-contamination from conflicting @relayState settings
[SSPCPP-468] - Aliases support in XML Attribute Extractor no longer working in 2.5.0 Beta 1
[SSPCPP-487] - relayStateLimitWhitelist parameter is being changed inadvertently by limitRelayState method
[SSPCPP-488] - No way to get client address set for ExternalAuth sessions
[SSPCPP-489] - Windows installer (tries to) install a 64 bit path into IIS
[SSPCPP-498] - Hardcoded path in XMLTooling is invalid on localized WinXP/2003
Improvements
[SSPCPP-319] - Augment XMLAccessControl for time based access control.
[SSPCPP-326] - Abbreviated IPv6 address format and CIDR support for acl
[SSPCPP-332] - Session cache slows down if large numbers of sessions with a single NameID are created
[SSPCPP-335] - Handle query strings on POST and avoid unintended POST data consumption
[SSPCPP-352] - Expose RelayState limiter as a public API and revisit default setting
[SSPCPP-353] - Package the SP to run as non-root user
[SSPCPP-361] - Session handler with better parseable and accessable (X)HTML code
[SSPCPP-362] - add 'metadata last refresh' to SP's status page
[SSPCPP-366] - generated metadata should include cryptographic algorithms
[SSPCPP-375] - Add httpOnly to cookieProps in the shibboleth2.xml config
[SSPCPP-376] - Add a post-filtering hashing feature to shorten long attributes, namely ePTIDs
[SSPCPP-394] - Support multiple authn context references in requests
[SSPCPP-399] - SImple Aggregation plugin should allow "prefixing" of attributes or dedicated extractors
[SSPCPP-403] - Facilitate signing Logout messages
[SSPCPP-404] - Log entry for failed consistentAddress="true" check
[SSPCPP-405] - CRIT Shibboleth.Application : no MetadataProvider available should be a warning not CRIT
[SSPCPP-407] - Improve logging on invalid XML in shibboleth2.xml configuration file
[SSPCPP-418] - Incorporating Boost libraries into code base
[SSPCPP-420] - Memcache build on RH6 and error handling fixes
[SSPCPP-425] - ShibAccessControl Relative Paths to user web content
[SSPCPP-436] - Log on DEBUG when a shibsession cookie is being cleared because no corresponding session is found by Shibboleth
[SSPCPP-446] - Try moving child_init hooks in Apache 2.x modules to post_config
[SSPCPP-458] - Unprecise error message when wrong certificate is used for SAML2 encryption
[SSPCPP-464] - Provide Logging to Recommend Production Settings
[SSPCPP-470] - Identify deprecated features or suboptimal settings and add warnings
[SSPCPP-472] - AttributeExtractor: remove leading/trailing whitespace created by formatter
New Features
[SSPCPP-245] - Support for attribute requirements in the SP
[SSPCPP-339] - Extraction of contacts and other built-in metadata information
[SSPCPP-341] - AttributeResolver plugin(s) for regexp or template-based transformation of values
[SSPCPP-342] - Metadata / Attribute filtering based on EntityAttributes
[SSPCPP-343] - Add support for capturing AuthenticatingAuthority
[SSPCPP-349] - Parseable audit logs for SP
[SSPCPP-389] - Add option to shibd to set uid and gid at startup
[SSPCPP-390] - Multiple language versions for the same attribute
[SSPCPP-396] - Simplify logout support for Native SP
[SSPCPP-410] - add support for the 'policy' query string parameter
[SSPCPP-421] - Extraction of consent attribute from SAML 2 responses
[SSPCPP-430] - Apache 2.4 support
[SSPCPP-437] - Add artifact binding for resolving artifacts via file system
[SSPCPP-440] - Loopback handler to exchange an assertion for a session
[SSPCPP-469] - Logout request extension to specify no response
[SSPCPP-471] - Shorthand settings for manipulating cookie properties
[SSPCPP-486] - Add automatic algorithm blacklist
* Merge some patches via FreeBSD ports.
* Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1.
* Use system hunspell dictionaries.
* DuckDuckGo search window.
* Enable system icu support.
Changelog:
NEW
Support for new scrollbar style in Mac OS X 10.7 and newer
NEW
Implemented Close tabs to the right
NEW
Social: Ability to tear-off chat windows to view separately by simply dragging them out
CHANGED
Accessibility related improvements on using pinned tabs (see 577727)
CHANGED
Removed support for Revocation Lists feature (see 867465)
CHANGED
Performance improvements on New Tab Page loads (see 791670)
DEVELOPER
Major SVG rendering improvements around Image tiling and scaling (see 600207 )
DEVELOPER
Improved and unified Browser console for enhanced debugging experience, replacing existing Error console
DEVELOPER
Removed support for sherlock files that are loaded from application or profile directory
FIXED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
FIXED
24.0: Security fixes can be found here
Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
These releases address a denial-of-service attack against Django's authentication framework. All users of Django are encouraged to upgrade immediately.
0.11.3 (July 29th 2013)
* FIX#1297 Added missing comma to spec_helper.rb generation (@lmorduch)
* FIX#1298 DataMapper auto_migrate/auto_upgrade the default repository
(@Ortuna)
* FIX#1276 Merged range_field_tag.* templates into form_tag.* (@Ortuna)
* FIX#1247 Ensure requiring active_record (@udzura)
* FIX#1307 Lock nokogiri to 1.5.10 (@Ortuna)
* FIX#1307 fixed haml_tag so it doesn¡Çt explode with undefined method
(@Ortuna)
* FIX#1314 Do not add authenticity token to GET form (@Ortuna)
* FIX#1320 Some auto-detection for authenticity_token & form_tag (@Ortuna)
* FIX#1319 ¡È&¡É should be escaped to ¡È&¡É (@tmtm)
* NEW #1321 Added some additional HTML boolean attributes. (@namusyaka)
* FIX#1325 Locking down active support to less than 4.0 (@Ortuna)
* NEW #1326 Add ability for cache_key to be a block (@Ortuna)
* FIX#1318 Make caption arg in submit-tag helper optional even when options
args are supplied (@dayflower)
* FIX#1313 Implemented create and drop tasks for Sequel (@dariocravero)
* FIX#1250 Prevent logging of health-check requests at log level over :debug
(@tyabe)
* FIX#1244 mat method do not working in admin views (@silentvick)
* FIX#1226 Allow users to override admin templates on a file by file basis
(@xavriley)
* FIX#1054 Implemented disabled attribute for select_tag form helper
(@dariocravero)
* FIX#1328 Added test cases for #1188 (@Ortuna)
* FIX#1186 Reverted DataMapper¡Çs explicit String to Integer
castings. (@dariocravero)
* FIX#1330 Update Twitter Bootstrap and Font-Awesome (@WaYdotNET)
* FIX#1335 Make instances of he | himself | his | him all be gender
neutral. (@didlix)
* FIX#1334 Error into admin section (@WaYdotNET)
* FIX#1336 File.read is better than ¡Èopen¡É (@namusyaka)
* FIX#1294 Use :grouped_options of select_tag (@namusyaka)
* FIX#1337 don¡Çt use block for content_tag in #select_tag (@namusyaka)
* FIX#751 introduce #absolute_url for generating absolute urls (@ujifgc)
* FIX#827 refactor padrino-cache expiration (@ujifgc)
* FIX#1327 introduce :namespace option to abstract form builder (@sshaw)
* FIX#1341 Fix module name including dashes in project generator (@tyabe)
* FIX#1261 introduce case insensitive authentication by email (@ujifgc)
* FIX skip padrino-cache with mongo on rbx engine (@ujifgc)
* FIX#1195 Generator errors without git already set-up (@ujifgc)
* FIX#1349 Redo tests for cache (@Ortuna)
* FIX#1353 Add test cases for select_tag (@namusyaka)
* FIX#1354 compatibility with 1.8.7 (@namusyaka)
* FIX#1355 Automatically add multipart option to form_for if include
file_field (@tyabe)
* FIX#1356 Breadcrumb#del does not work when name type is Str (@namusyaka)
* FIX Receive multipart option (@tyabe)
* NEW #1358 Add test file for breadcrumbs. (@namusyaka)
* FIX#1361 prioritized routes are working again (@namusyaka)
* FIX#1257 Add a test to show use case for routing priority (@jeffutter)
* FIX#1365 padrino rake mi:create_indexes task looks at subdirs (@natsumesou)
* FIX#1367 bad placement output of button_to (@namusyaka)
=== raindrops 0.12.0 - compatibility fixes / 2013-09-02 10:33 UTC
This release fixes builds on systems where compilers target i386
(and not later x86 systems). There are also minor improvements for
Ruby 2.1.0dev and Rubinius.
Eric Wong (5):
doc: add email address to generated doc/site
README: update regarding Ruby support status
extconf: try harder for gcc atomics in i386-configured systems
linux_inet_diag: improve compatibility with newer GCs
test_watcher: fix for Ruby trunk r40195 and later
=== raindrops 0.11.0 - minor fixes improvements / 2013-04-20 23:10 UTC
Eric Wong (7):
raindrops: favor configured processor count over online count
watcher: set Content-Type via assignment
Linux::TCP_Info: implement #get! instance method
linux_inet_diag: avoid unnecessary sockaddr initialization
.gitignore: add .rbx
switch back to gemspec development dependencies
linux_inet_diag: better align listener_stats struct
Lawrence Pit (1):
Watcher: Use relative paths in HTML links
3.2.10
* Use the Sass logger infrastructure for @debug directives.
* When printing a Sass error into a CSS comment, escape */ so the comment
doesn¡Çt end prematurely.
* Preserve the ! in /*! ... */-style comments.
* Fix a bug where selectors were being incorrectly trimmed when using @extend.
* Fix a bug where sass --unix-newlines and sass-convert --in-place are not
working on Windows (thanks SATO Kentaro).
3.2.9
* Fix a bug where @extends would occasionally cause a selector to be generated
with the incorrect specificity.
* Avoid loading listen v1.0, even if it¡Çs installed as a Gem (see issue 719).
* Update the bundled version of listen to 0.7.3.
* Automatically avoid the IE7 content: counter bug.
3.2.8
* Fix some edge cases where redundant selectors were emitted when using @extend.
* Fix a bug where comma-separated lists with interpolation could lose elements.
* Fix a bug in sass-convert where lists being passed as arguments to functions
or mixins would lose their surrounding parentheses.
* Fix a bug in sass-convert where null wasn¡Çt being converted correctly.
* Fix a bug where multiple spaces in a string literal would sometimes be
folded together.
* sass and sass-convert won¡Çt create an empty file before writing to it. This
fixes a flash of unstyled content when using LiveReload and similar tools.
* Fix a case where a corrupted cache could produce fatal errors on some
versions of Ruby.
* Fix a case where a mixin loop error would be incorrectly reported when using
@content.
=== unicorn 4.6.3 - fix --no-default-middleware option / 2013-06-21 08:01 UTC
Thanks to Micah Chalmer for this fix. There are also minor
documentation updates and internal cleanups.
== 1.5.1 Straight Razor
* Fix issue when running as another user/group without a PID file.
* Allow overriding Connection & Server response headers.
* Update vlad example [Mathieu Lemoine]
* Keep connections in a Hash to speedup deletion [slivu]
* Force kill using already known pid. Prevents "thin stop" from leaving
a process that removed its pid file, but is still running (e.g. hung
on some at_exit callback) [Michal Kwiatkowski]
=== 2.9 / 2013-07-24
* Minor enhancement
* Added max_requests to avoid ECONNRESET for a server that allows a limited
number of requests on a connection. Pull request #42 by James Tucker.
* Request failures are now raised with the backtrace of the original
exception. This gives better insight into the reason for the failure.
See #41 by Andrew Cholakian.
* OpenSSL is no longer required. If OpenSSL is not available an exception
will be raised when attempting to access HTTPS resources. Feature request
by André Arko
* Bug fixes
* Explain the proper way of sending parameters depending upon the request
method. Issue #35 by André Arko.
* Handle Errno::ETIMEDOUT by retrying the request. Issue #36 by André Arko.
* Requests retried by ruby 2.x are no longer retried by net-http-persistent.
* Finish the connection if an otherwise unhandled exception happens during a
request. Bug #46 by Mark Oude Veldhuis.
* detect_idle_timeout now assumes a StandardError indicates the idle timeout
has been found. Bug #43 by James Tucker.
=== 1.4 / 2013-07-23
* Minor enhancements
* Relaxed parser to accept quoted algorithm to work with Linksys SPA922.
Pull request #8 by Ismail Hanli, Issue #5 by bearded
=== 1.3 / 2012-03-28
* Minor enhancements
* The cnonce is regenerated for every request to improve security.
* SecureRandom is used to generate the cnonce instead of Kernel#rand
* Bug fix
* cnonce and nonce-count are no longer sent when qop was not provided per
RFC 2617 section 3.2.2.
changelog
===========
Version 0.5.1 (June 25, 2013)
-----------------------------
* Ensure compatability across distros by detecting if `python2` is available
Version 0.5.0 (Apr 13, 2013)
-----------------------------
* Use #rstrip to fix table mode bug
Version 0.4.2 (Feb 25, 2013)
-----------------------------
* Add new lexers, including custom lexers
HTTP::Cookie is a ruby library to handle HTTP cookies in a way both
compliant with RFCs and compatible with today's major browsers.
It was originally a part of the
[Mechanize](https://github.com/sparklemotion/mechanize) library,
separated as an independent library in the hope of serving as a common
component that is reusable from any HTTP related piece of software.
The following is an incomplete list of its features:
* Its behavior is highly compatible with that of today's major web
browsers.
* It is based on and conforms to RFC 6265 (the latest standard for the
HTTP cookie mechanism) to a high extent, with real world conventions
deeply in mind.
* It takes eTLD (effective TLD, also known as "Public Suffix") into
account just as major browsers do, to reject cookies with an eTLD
domain like "org", "co.jp", or "appspot.com". This feature is
brought to you by the domain_name gem.
* The number of cookies and the size are properly capped so that a
cookie store does not get flooded.
* It supports the legacy Netscape cookies.txt format for
serialization, maximizing the interoperability with other
implementations.
* It supports the cookies.sqlite format adopted by Mozilla Firefox for
backend store database which can be shared among multiple program
instances.
* It is relatively easy to add a new serialization format or a backend
store because of its modular API.
= 2.1
=== 19th Aug, 2010 (whyday)
* Helpers#R now calls to_param on any object it passes in
* Fix route generation issue with routes including "." (#22)
* Improved tests
* Improved 1.9 support
* Camping::Server is now built upon Rack::Server
* Add support for ERB, Haml etc through Tilt
* Introducing Camping.options and Camping#set
* Camping::Server only loads ActiveRecord when needed
4.37 2013-09-13
- Improved design of built-in templates.
4.36 2013-09-12
- Added match method to Mojo::DOM.
- Added match method to Mojo::DOM::CSS.
- Improved ancestors and children methods in Mojo::DOM to support all CSS
selectors.
- Improved syntax highlighting in documentation browser.
- Improved compatibility with different object systems.
4.35 2013-09-10
- Added origin attribute to Mojo::Cookie::Response.
- Fixed RFC 6265 compliance bugs in Mojo::Cookie::Request,
Mojo::Cookie::Response and Mojo::UserAgent::CookieJar.
4.34 2013-09-08
- Fixed portability bug in SO_REUSEPORT tests.
Changelog:
Version 5.0.11 Sep 10th 2013
Fixing upload in shared folders with create privileges
Making ldap more robust in certain situations
Handing quota violation earlier to make the desktop clients more robust
Several quota fixes
Fix issues with certain file names like 0 or false
Disable smb in files_External on windows servers
Enable user to decrypt files again after encryption app was disabled
Improved Encryption messages
Add a searchByMime call to API
Fix multiselects for Firefox on Mac in groups management
Reduce the number of ldap connections
Show a “password incorrect” notice when used shared password is wrong
Switch to the completely new Google Drive SDK.
Scanner: additional tests for reusing etags during scanning
Fix accessing files that are newly created by setting the right mime type
Several Calendar bugfixes
Fixed “Show on Map” in Contacts
A lof of Contacts fixes
Several “Tasks” fixes
This Apache LDAP authentication/authorization module tries to solve
the following problems that other such modules may not solve in all cases:
* Map the short form of the distinguished name of a certificate and its
issuer obtained from the environment of mod_ssl to a user distinguished
name in an LDAP directory.
* Check the age of a password in an LDAP directory, denying authorization
in case the password is to old.
* Authorize a user based on roles or an arbitrary LDAP filter expression.
* Authorize a user based on whether he owns a file or belongs to the group
owning a file.
* Improving the File Abstraction Layer
* UI Improvements for the Extension Manager
* Use for PHP mysqli instead of "mysql" module
* Further Changes:
- Removed extension statictemplates
- Improved TCA load mechanism
- Install Tool: Environment Checks
- Extbase: The rewritten property mapper is now the default mapper
- Fluid: Allow Fluid arrays only in ViewHelper arguments
- Extbase: Object persistence behaviour changed from implicit to explicit
save
mod_xsendfile is a small Apache2 module that processes X-SENDFILE headers
registered by the original output handler.
If it encounters the presence of such header it will discard all output
and send the file specified by that header instead using Apache internals
including all optimizations like caching-headers and sendfile or mmap if
configured.
This HTTP extension aims to provide a convenient and powerful
set of functionality for one of PHPs major applications.
It eases handling of HTTP urls, dates, redirects, headers and
messages, provides means for negotiation of clients preferred
language and charset, as well as a convenient way to send any
arbitrary data with caching and resuming capabilities.
Additionally: Version 3.6.1 fixes three security issues:
* Remote Code Execution: Block unsafe PHP de-serialization that could occur in
limited situations and setups, which can lead to remote code execution.
Reported by Tom Van Goethem. CVE-2013-4338.
* Link Injection / Open Redirect: Fix insufficient input validation that could
result in redirecting or leading a user to another website.
Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
for Disease Control and Prevention. CVE-2013-4339.
* Privilege Escalation: Prevent a user with an Author role, using a specially
crafted request, from being able to create a post "written by" another user.
Reported by Anakorn Kyavatanakij. CVE-2013-4340.
Additional security hardening:
* Updated security restrictions around file uploads to mitigate the potential
for cross-site scripting. The extensions .swf and .exe are no longer allowed
by default, and .htm and .html are only allowed if the user has the ability
to use unfiltered HTML.
More on http://codex.wordpress.org/Version_3.6.1
These releases address a directory-traversal vulnerability in one of Django's built-in template tags. While this issue requires some fairly specific factors to be exploitable, we encourage all users of Django to upgrade promptly.
* Merge `:action` from routing scope and assign endpoint if both `:controller`
and `:action` are present. The endpoint assignment only occurs if there is
no `:to` present in the options hash so should only affect routes using the
shorthand syntax (i.e. endpoint is inferred from the the path).
Fixes#9856
*Yves Senn*, *Andrew White*
* Always escape the result of `link_to_unless` method.
Before:
link_to_unless(true, '<b>Showing</b>', 'github.com')
# => "<b>Showing</b>"
After:
link_to_unless(true, '<b>Showing</b>', 'github.com')
# => "<b>Showing</b>"
*dtaniwaki*
* Use a case insensitive URI Regexp for #asset_path.
This fix a problem where the same asset path using different case are generating
different URIs.
Before:
image_tag("HTTP://google.com")
# => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
image_tag("http://google.com")
# => "<img alt=\"Google\" src=\"http://google.com\" />"
After:
image_tag("HTTP://google.com")
# => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
image_tag("http://google.com")
# => "<img alt=\"Google\" src=\"http://google.com\" />"
*David Celis + Rafael Mendon«®a Fran«®a*
* Fix explicit names on multiple file fields. If a file field tag has
the multiple option, it is turned into an array field (appending `[]`),
but if an explicit name is passed to `file_field` the `[]` is not
appended.
Fixes#9830.
*Ryan McGeary*
## Rails 3.2.14 (Jul 22, 2013) ##
* Fixes an issue that ActiveResource models ignores
ActiveResource::Base.include_root_in_json. Backported from the now
separate repo rails/activeresouce.
*Xinjiang Lu*
* APACHE_USER and APACHE_GROUP are defined somewhere else; don't redefine these here.
* Don't depend on php-zlib as Moodle does not require this module.
* Faster installation using 'pax'.
* Auto-generare PLIST.
* Don't change owner/group of Moodle files; web-server should only be able to read them, and nothing more.
Upstream changes:
Releases > Moodle 2.5.2 release notes
Release date: 9 September 2013
Here is the full list of fixed issues in 2.5.2.
Contents [hide]
1 Highlights
2 Functional changes
3 API changes
4 Security issues
5 Fixes and improvements
6 See also
Highlights
MDL-30839 - Form validation and error recovery draws the user to where focus is needed.
MDL-27953 - Uploaded users can be added with authentication options other than Manual account or No login.
MDL-38707 - Folders displayed on course pages show their name.
Functional changes
MDL-40854 - Links to course activities/resources do not appear to users without appropriate view capabilities.
MDL-35981 - Confirmation is no longer needed after deleting a comment.
MDL-38707 - Folders displayed on course pages show their name.
MDL-41036 - Question category info is now edited using the HTML editor.
API changes
MDL-40176 - Mock form submission introduced for testing.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-37333 - Clicking "Clear theme caches" in Default theme selector redirects page to "Select theme for tablet device".
MDL-41106 - MUC session cache fixes were made.
MDL-36803 - TinyMCE editor now works better with iOS.
MDL-40891 - MUC cache purge works consistently when creating directories.
MDL-31487 - Grade items remain hidden if explicitly hidden via Gradebook (regardless of activity state).
Changes since 3.0.3:
* The ACL code had a bug which could lead to false negatives.
This has been assigned CVE-2013-4090.
* Varnish will now return an error if the client sends multiple
Host headers.
* If the backend sent invalid gzip while using ESI, Varnish would
in some cases assert. It now works correctly.
* TCP_NODELAY is now enabled, which should lead to performance
improvements in some cases.
Full changelog:
https://www.varnish-cache.org/trac/browser/doc/changes.rst
Upstream changes:
Changes since 1.21.1[edit | edit source]
SECURITY: Fix extension detection with 2 .'s
SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed.
SECURITY: Sanitize ResourceLoader exception messages
Purge upstream caches when deleting file assets.
Unit test suite now runs the AutoLoader tests. Also fixed the autoloading entry for the PageORMTableForTesting class though it had no impact.
Serf 1.3.1 [2013-08-15, from /tags/1.3.1, r????]
Fix issue 77: Endless loop if server doesn't accept Negotiate authentication.
Fix issue 114: ssl/tls renegotiation fails
Fix issue 120: error with ssl tunnel over proxy with KeepAlive off and
Basic authentication.
Fixed bugs with authentication (r2057,2115,2118)
SCons-related fixes:
Fix issue 111: add flag to set custom library path
Fix issue 112: add soname
Fix issue 113: add gssapi libs in the serf pc file
Fix issue 115: Setting RPATH on Solaris broken in SConstruct
Fix issue 116: scons check should return non-zero exit staths
Fix issue 121: make CFLAGS, LIBS, LINKFLAGS and CPPFLAGS take a space-
separated list of flags.
Fix issue 122: make scons PREFIX create the folder if it doesn't exist
Mac OS X: Fix scons --install-sandbox
Solaris: Fix build with cc, don't use unsupported compiler flags
Require SCons version 2.3.0 or higher now (for the soname support).
Serf 1.3.0 [2013-07-23, from /tags/1.3.0, r2074]
Fix issue 83: use PATH rather than URI within an ssltunnel (r1952)
Fix issue 108: improved error reporting from the underlying socket (r1951)
NEW: Switch to the SCons build system; retire serfmake, serf.mak, autotools
Improved Basic and Digest authentication:
- remember credentials on a per-server basis
- properly manage authentication realms
- continue functioning when a server sets KeepAlive: off
Windows: add support for NTLM authentication
Improved 2617 compliance: always use strongest authentication (r1968,1971)
Fixed bugs with proxy authentication and SSL tunneling through a proxy
Fixed bugs the response parser (r2032,r2036)
SSL connection performance improvements
Huge expansion of the test suite
#-----------------------------------------------------------------------
# Version 2.25 - 24th July 2013
#------------------------------------------------------------------------
* Jon Jensen fixed the behaviour of split() which changed in Perl 5.18.0
* Jay Hannah added repository information for metacpan.org et. al.
* Colin Keith fixed Template::Provider's handling of directories
* Kevin Goess made the date plugin accept the ISO8601 "T" separator
* David Steinbrunner fixed various typos.
* Andreas Koenig silenced recent Pod::Simple warnings
* Slaven Rezic silenced warnings in the replace vmethod.
* Ricardo Signes made the Image plugin emit extra tags in a predictable order
* Johan Vromans added the --link option to ttree.
* Smylers added documentation for the ENCODING option.
* Andy Wardley made some minor documentation changes relating to github.
Upstream changes:
0.28 2013-05-12 15:03:47 PDT
- Use requires instead of recommends
0.27 2013-04-25 12:02:27 PDT
- Switch to Milla and use optional_features in CPAN Meta spec 2
0.26
- Upped versions
* calendar: Display the popup mouseover when there is only 1 page for a
given day, for better UI consistency.
* meta: Can now be used to add an enclosure to a page, which is a fancier
way to do podcasting than just inlining the media files directly;
this way you can write a post about the podcast episode with show notes,
author information, etc.
(schmonz)
* aggregate: Show author in addition to feedname, if different.
(schmonz)
* Consistently configure LWP::UserAgent to allow use of http_proxy
and no_proxy environment variables, as well as ~/.ikiwiki/cookies
(schmonz)
* Fix test suite to work with perl 5.18. Closes: #719969
* Fix cookiejar default setting.
about times, hits, bytes, users, networks, top urls and top domains. Statistic
reports are oriented toward user and bandwidth control; this is not a pure
cache statistics generator.
SquidAnalyzer use flat files to store data and don't need any SQL, SQL Lite or
Berkeley databases.
This log analyzer is incremental and should be run in a daily cron or more
often on huge network trafic.
Upstream changes:
4.30 2013-09-01
- Fixed memory leak in Mojolicious::Routes.
4.29 2013-08-31
- Fixed automatic rendering to work after non-blocking operations have been
performed in bridges.
