Upstream changes:
2013-08-22 Dave Cross <dave@dave.org.uk> - RELEASE_3.04
========================================================
Dave Cross <dave@dave.org.uk> (17):
* Finish removing all references to SnipURL.pm.
* Bump to version 2.05 for release.
* Removed support for shorl.pm (now in WWW::Shorten::Shorl distribution).
* Bumped version number. Removed shorl files from MANIFEST.
* Added Config::Auto to list of dependencies (it's used by the shorten
program). Bumped version for release.
* Default to using a service that we currently support.
* Added MYMETA.yml to MANIFEST.SKIP.
* Be far more intelligent about the code that allows the user to choose
which service to use.
* Bump version number for release.
* Better examples of using bin/shorten
* Added a WWW::Shorten::UserAgent object which dies if it receives an HTTP
error response.
* Added documentation.
* Added META.json to MANIFEST.
* Licensing clean-up.
* Removed prototypes (and the ampersands in the tests that circumvented
them)
* Bump version number for release.
* Moved Pod tests into xt. (Pod coverage currently fails on some files. See
https://rt.cpan.org/Ticket/Display.html?id=87634 for details.)
Dave Cross <dave@angel.mag-sol.com> (1):
* Removed support for NotLong and OneShortLink (separate distributions to
follow soon). Bumper to version 2.06.
Dave Cross <dave@dacross.(none)> (1):
* Removed version number so it's picked up from lib/WWW/Shorten.pm
yappo <yappo@shibuya.pl> (1):
* shorl.com was change the request method ( POST to GET )
Router::Simple is a simple router class. Its main purpose is to serve as a
dispatcher for web applications. Router::Simple can match against PSGI $env
directly, which means it's easy to use with PSGI supporting web frameworks.
Upstream changes:
4.49 2013-10-17
- Added tls_ciphers option to Mojo::IOLoop::Server::listen.
- Added ciphers parameter to Mojo::Server::Daemon::listen.
- Removed experimental status from Mojolicioua::Validator.
- Removed experimental status from Mojolicioua::Validator::Validation.
- Removed experimental status from validation method in
Mojolicious::Controller.
- Removed experimental status from validator attribute in Mojolicious.
- Removed experimental status from validation helper in
Mojolicious::Plugin::DefaultHelpers.
- Fixed parameter bug in Mojolicious::Validator::Validation.
4.48 2013-10-16
- Fixed support for Net::SSLeay 1.55.
* Some old versions of bash do not grok some constructs like
'printf -v varname' which the prompt and completion code started
to use recently. The completion and prompt scripts have been
adjusted to work better with these old versions of bash.
* In FreeBSD's and NetBSD's "sh", a return in a dot script in a
function returns from the function, not only in the dot script,
breaking "git rebase" on these platforms (regression introduced
in 1.8.4-rc1).
* "git rebase -i" and other scripted commands were feeding a
random, data dependant error message to 'echo' and expecting it
to come out literally.
* Setting the "submodule.<name>.path" variable to the empty
"true" caused the configuration parser to segfault.
* Output from "git log --full-diff -- <pathspec>" looked strange
because comparison was done with the previous ancestor that
touched the specified <pathspec>, causing the patches for paths
outside the pathspec to show more than the single commit has
changed.
* The auto-tag-following code in "git fetch" tries to reuse the
same transport twice when the serving end does not cooperate and
does not give tags that point to commits that are asked for as
part of the primary transfer. Unfortunately, Git-aware transport
helper interface is not designed to be used more than once, hence
this did not work over smart-http transfer. Fixed.
* Send a large request to read(2)/write(2) as a smaller but still
reasonably large chunks, which would improve the latency when the
operation needs to be killed and incidentally works around broken
64-bit systems that cannot take a 2GB write or read in one go.
* A ".mailmap" file that ends with an incomplete line, when read
from a blob, was not handled properly.
* The recent "short-cut clone connectivity check" topic broke a
shallow repository when a fetch operation tries to auto-follow
tags.
* When send-email comes up with an error message to die with upon
failure to start an SSL session, it tried to read the error
string from a wrong place.
* A call to xread() was used without a loop to cope with short
read in the codepath to stream large blobs to a pack.
* On platforms with fgetc() and friends defined as macros, the
configuration parser did not compile.
* New versions of MediaWiki introduced a new API for returning
more than 500 results in response to a query, which would cause
the MediaWiki remote helper to go into an infinite loop.
* Subversion's serf access method (the only one available in
Subversion 1.8) for http and https URLs in skelta mode tells its
caller to open multiple files at a time, which made "git svn
fetch" complain that "Temp file with moniker 'svn_delta' already
in use" instead of fetching.
Also contains a handful of trivial code clean-ups, documentation
updates, updates to the test suite, etc.
## Rails 3.2.15 (Oct 16, 2013) ##
* Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for
spoofing attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are
set.
Fixes#12410
Backports #10844
*Tamir Duberstein*
* Fix the assert_recognizes test method so that it works when there are
constraints on the querystring.
Issue/Pull Request #9368
Backport #5219
*Brian Hahn*
* Fix to render partial by context(#11605).
*Kassio Borges*
* Fix `ActionDispatch::Assertions::ResponseAssertions#assert_redirected_to`
does not show user-supplied message.
Issue: when `assert_redirected_to` fails due to the response redirect not
matching the expected redirect the user-supplied message (second parameter)
is not shown. This message is only shown if the response is not a redirect.
*Alexey Chernenkov*
pax -rw, the destination directory must exist. pax in NetBSD creates it if
not, pax in MirBSD complains. I read through all pkgsrc Makefiles that use
pax and added an entry to INSTALLATION_DIRS, or an INSTALL_DATA_DIR
invocation.
I did not test all the changes but they should be fairly safe. If you notice
any breakage because of this change, please contact me.
* test code for testing the event based API
* CURLM_ADDED_ALREADY: new error code
* test TFTP server: support "writedelay" within
* krb4 support has been removed
* imap/pop3/smtp: added basic SASL XOAUTH2 support
* darwinssl: add support for PKCS12 files for client authentication
* darwinssl: enable BEAST workaround on iOS 7 & later
* Pass password to OpenSSL engine by user interface
* c-ares: Add support for various DNS binding options
* cookies: add expiration
* curl: added --oauth2-bearer option
Version 3.1.4 (2013-10-14)
--------------------------
### Fixed
Do not show the debug bar in the modal dialog (see #6302).
### Fixed
Ignore the "maxlength" setting in certain form fields (see #6283).
### Fixed
Correctly show the "toggle page status" icon (see #6282).
### Removed
Removed the TinyMCE spell checker (see #6247).
### Updated
Updated TCPDF to version 3.0.38 (see #6268).
### Fixed
Correctly render the pages breadcrumb menu for non-admin users (see #6067).
### Fixed
Correctly handle the accordion fields during the version 3.1 update (see #6229).
### Fixed
Correctly handle special characters in page aliases (see #6232).
Upstream changes:
4.47 2013-10-15
- Added dumper function to Mojo::Util.
- Improved compatibility with IO::Socket::SSL 1.955.
- Improved IIS compatibility of Mojo::Server::CGI.
4.46 2013-10-11
- Changed default name for generated applications from MyMojoliciousApp to
MyApp.
- Improved performance of route matching in Mojolicious::Routes::Pattern.
- Improved HTML Living Standard compliance of Mojo::DOM::HTML.
Update DEPENDS
Add LICENSE
Upstream changes:
2.20 Fri Apr 6 00:49:51 CDT 2012
[ENHANCEMENTS]
Sometimes creating HTML::Lint-compliant HTML just isn't possible.
Now, you can now turn individual errors on and off in your HTML
via comment directives, like so:
<!-- html-lint elem-img-sizes-missing: off, attr-unknown: off -->
And if you have a batch of code that's hopeless:
<!-- html-lint all: off -->
Added check for unknown entities, such as "&foo;".
Added check for unclosed entitities, such as "&" without the
closing semicolon.
Added a check for a bare ampersand that should be written as &
Version 0.7
http://svn.edgewall.org/repos/genshi/tags/0.7.0/
(Jan 27 2013, from branches/stable/0.7.x)
* Add support for Python 3.1, 3.2 and 3.3 (via 2to3) and for PyPy. The
majority of the coding was done in a sprint run by the Cape Town Python
Users Group with financial assistance from the Python Software Foundation.
* Default input and output encodings changed from UTF-8 to None (i.e. unicode
strings).
* Skip Mako benchmarks if Mako isn't installed (rather than failing
completely).
Version 0.6.1
http://svn.edgewall.org/repos/genshi/tags/0.6.1/
(Jan 27 2013, from branches/stable/0.6.x)
* Security fix to enhance sanitizing of CSS in style attributes. Genshi's
`HTMLSanitizer` disallows style attributes by default (this remains
unchanged) and warns against such attacks in its documentation, but
the provided CSS santizing is now less lacking (see #455).
* Fix for error in how `HTMLFormFiller` would handle `textarea` elements if
no value was not supplied form them.
* The `HTMLFormFiller` now correctly handles check boxes and radio buttons
with an empty `value` attribute.
* Template `Context` objects now have a `.copy` method.
* Added a simple `tox.ini` file for using tox to test against multiple
verions of Python.
* Fix for bug in `QName` comparison (see #413).
* Fix for bug in handling of trailing events in match template matches
(see #399).
* Fix i18n namespace declaration in documentation (see #400).
* Fix for bug in caching of events in serializers by no longer caching
`(TEXT, Markup)` events (see #429).
* Fix handling of `None` by `Markup.escape` in `_speedups.c` (see #439).
* Fix handling of internal state by match templates (relevant when multiple
templates match the same part of the stream, see #370).
* Fix handling of multiple events between or on either side of start and end
tags in translated messages (see #404).
* Fix test failures caused by changes in HTMLParser in Python 2.7 (see #501).
* Fix infinite loop in interplotation lexing that was introduced by a change
in Python 2.7's tokenizer (see #540).
* Fix handling of processing instructions without data (see #368).
* Updated MANIFEST.in so as not to rely on build from Subersion 1.6.
Changelog
=========
Since 2.3.2
----------------
bugfix: When creating members, do not assign permissions for all executives (or superior users) if member has a parent.
Since 2.3.2-rc2
----------------
bugfix: Cannot filter overview by tag.
bugfix: Tasks tooltip in calendar views shows description as html.
bugfix: Permissions issue when editing and subscribing for non-admins for not classiffied objects.
Since 2.3.2-rc
----------------
bugfix: Show can_manage_billing permission.
bugfix: Missing lang on javascript langs.
bugfix: Javascript plugin langs are not loaded.
bugfix: When requesting completed tasks for calendar month view, it does not filter by dates and calendar hangs if there are too much tasks.
bugfix: Administration / dimensions does not show members for dimensions that don't define permissions.
bugfix: Permissions fix when email module is not installed.
bugfix: Company object type name fixed.
bugfix: Try to reconect to database if not conected when executing a query (if connection is lost while performing other tasks).
bugfix: When users cannot see other user's tasks they can view them using the search.
bugfix: Group permissions not applied in assigned to combo (when adding or editing tasks).
bugfix: Minor bugfixes in 1.7 -> 2.x upgrade.
bugfix: Activity widget: logs for members (workspaces, etc.) were not displayed.
bugfix: General search sql query improved.
bugfix: Don't include context in the user edited notification.
bugfix: Don't show worked hours if user doesn't have permissions for it.
bugfix: Don't send archived mails.
feature: Only administrators can change system permissions.
feature: Users can change permissions of users of the same type (only dimension member permissions).
feature: Set permissions to executive, manager and admins when creating a new member.
Since 2.3.2-beta
----------------
bugfix: Archiving a submember does not archive its objects.
bugfix: Error 500 when adding group.
bugfix: Installer fixes.
bugfix: Modified the insert in read objects for emails.
bugfix: Minor bugfixes in document listing.
bugfix: Sql error when $selected_columns ins an empty array in ContentDataObjects::listing() function
bugfix: root permissions not set when installing new feng office.
bugfix: Person report fixed when displaying email field.
bugfix: contacts are always created when sending mails.
bugfix: Tasks list milestone grouping fixed.
preformance: Search query improved.
performance: Insert/delete into sharing table 500 objects x query when saving user permissions.
=== RELEASE 2.8 ===
Sat Sep 14 22:42:15 CEST 2013 mikulas:
Fixed a memory leak if TIFF download was interrupted
Sat Aug 24 17:59:01 cet 2013 mikulas:
DOS DJGPP port
Sun Jul 14 23:35:49 CEST 2013 mikulas:
Do not save lines starting with space to URL history on the disk
(idea by Volker Schatz)
Sun Jul 14 23:35:28 CEST 2013 Volker Schatz <linksbrowser@volkerschatz.com>
Do not misreport Date header value as last-modified date
in the info box popping up on "=".
New graphics glyphs
Wed May 15 00:44:53 CEST 2013 Samuli Suominen <ssuominen@gentoo.org>:
Fixed file 045e.png. It was not compatible with libpng-1.6
Wed May 15 00:43:27 CEST 2013 mikulas:
Test integers addition for overflow. This fixes possible crashes due to
overflows, they could possibly be security-sensitive.
Sat Apr 6 19:00:07 CEST 2013 mikulas:
Fixed a bug in Xwindow driver when images larger than 65536
pixels were used
Fixed some integer overflows when scaling images larger than 65536
pixels
Wed Jan 2 02:07:43 CET 2013 mikulas:
OpenVMS port
Wed Dec 12 04:52:33 MET 2012 mikulas:
Fixed invalid pointer comparison (comparing if NULL is smaller
than non-NULL pointer) that could result in failures with certain
compilers
Wed Nov 7 22:43:45 CET 2012 mikulas:
Fixed IPv6 detection on OpenBSD
Sat Sep 22 03:01:58 CEST 2012 mikulas:
Fixed an internal error in decompressed file cache if Links
was running out of memory and was freeing cached data
Wed Sep 19 22:40:04 MET 2012 mikulas:
An option that allows the user not to save URL history
Sat Sep 1 18:26:50 CEST 2012 mikulas:
An option to send do not track request
Thu Aug 16 04:19:58 CEST 2012 mikulas:
Reduced CPU consumption when downloading big files
Tue Aug 14 21:52:43 CEST 2012 mikulas:
Fixed a crash if the user selects "Save as" and the document has no
header (the bug was introduced in Links 2.7pre1)
Tue Aug 14 21:01:39 CEST 2012 mikulas:
Parse FTP directories on VMS FTP server
Mon Aug 13 21:39:09 CEST 2012 mikulas:
Use a blocking pipe when communicating with the dns process, it
fixes a possible error when system pipe buffer is too small
Mon Aug 6 23:31:44 CEST 2012 mikulas:
Workaround for bugs on GNU Hurd
Sat Jul 28 01:21:18 CEST 2012 mikulas:
data: url
Fri Jul 20 19:00:30 MET 2012 mikulas:
Accept color in #xxx format (besides usual #xxxxxx)
Tue Jul 10 22:45:19 CEST 2012 mikulas:
Fixed an infinite retry loop when the server terminates connection
prematurely
Sun Jul 8 20:23:43 CEST 2012 mikulas:
Fixed some races in the framebuffer driver that could result in
display corruption if the user is switching virtual consoles too
quickly
Thu Jul 5 22:35:57 CEST 2012 mikulas:
Don't save URLs with password to history file on a disk
Sat Jun 30 17:32:11 CEST 2012 mikulas:
Fixed a rare bug where image alpha channel was not applied correctly
Upstream downgraded their shlib major version (at least on NetBSD).
Since there are so few packages in pkgsrc depending on it, follow suit.
Recursive revbump coming next.
Serf 1.3.2 [2013-10-04, from /tags/1.3.2, r????]
Fix issue 130: HTTP headers should be treated case-insensitively
Fix issue 126: Compilation breaks with Codewarrior compiler
Fix crash during cleanup of SSL buckets in apr_terminate() (r2145)
Fix Windows build: Also export functions with capital letters in .def file
Fix host header when url contains a username or password (r2170)
Ensure less TCP package fragmentation on Windows (r2145)
Handle authentication for responses to HEAD requests (r2178,-9)
Improve serf_get: add option to add request headers, allow url with query,
allow HEAD requests (r2143,r2175,-6)
Improve RFC conformance: don't expect body for certain responses (r2011,-2)
Do not invoke progress callback when no data was received (r2144)
And more test suite fixes and build warning cleanups
SCons-related fixes:
Fix build when GSSAPI not in default include path (2155)
Fix OpenBSD build: always map all LIBPATH entries into RPATH (r2156)
Checksum generation in Windows shared libraries for release builds (2162)
Mac OS X: Use MAJOR version only in dylib install name (r2161)
Use both MAJOR and MINOR version for the shared library name (2163)
Fix the .pc file when installing serf in a non-default LIBDIR (r2191)
Upstream changes:
1.3118 01.09.2013
[ ENHANCEMENTS ]
* GH #946: new 'require_environment' setting. (Jesse van Herk)
* GH #952: don't set defaults for Template subclasses for
Dancer::Template::TemplateToolkit. (Rick Myers)
* GH #945: add function 'template_or_serialize' to
Dancer::Serializer::Mutable. (Yanick Champoux)
[ BUG FIXES ]
* GH #655: clarify logger error message. (Yanick Champoux,
reported by Gabor Szabo)
* GH #951: fix quoting of TemplateToolkit start_tag/stop_tag.
(Rick Myers)
* GH #940: carry over the session when we forward().
(Yanick Champoux, reported by sciurius)
* GH #954: don't die on autoflush for older perls.
(Yanick Champoux, reported by metateck and David Golden)
* GH #950: Dancer::Test functions now populate REQUEST_URI.
(Yanick Champoux, reported by S枚ren Kornetzki)
[ DOCUMENTATION ]
* GH #942: simpilify the Apache deployment docs for cgi/fcgi.
(bug report by Scott Penrose)
[ MISC ]
* GH #949: fixes a few errors in the serializer testsuite.
(Franck Cuny)
Upstream changes:
4.42 2013-09-30
- Added EXPERIMENTAL form validation support.
- Added EXPERIMENTAL modules Mojolicious::Validator and
Mojolicious::Validator::Validation.
- Added EXPERIMENTAL validation method to Mojolicious::Controller.
- Added EXPERIMENTAL validator attribute to Mojolicious.
- Added EXPERIMENTAL label_for and validation helpers to
Mojolicious::Plugin::DefaultHelpers.
4.41 2013-09-22
- Improved documentation browser to be a little more RESTful.
- Fixed flatten to work with older versions of Perl. (jamadam)
4.40 2013-09-21
- Added text method to Mojo::Message.
- Added siblings method to Mojo::DOM.
- Added flatten method to Mojo::Collection.
- Improved documentation browser with source links.
- Fixed smart whitespace trimming bug in Mojo::DOM.
- Fixed table parsing bug in Mojo::DOM::HTML.
- Fixed bug in Mojolicious::Types where the txt MIME type did not specify a
charset.
4.39 2013-09-17
- Improved HTML5.1 compliance of Mojo::DOM::HTML.
4.38 2013-09-16
- Added is_binary method to Mojo::Loader.
- Fixed support for binary files in inflate command.
- Fixed stylesheet helper not to enforce a media attribute.
Version 3.1.3 (2013-09-24)
--------------------------
### Fixed
Do not redirect to protected pages after logout (see #6210).
### Fixed
Consider the additional arguments in `Frontend::jumpToOrReload()` (see #5734).
### Fixed
Prevent article aliases from using reserved names (see #6066).
### Fixed
Correctly update the RSS feeds if a news item or event changes (see #6102).
### Fixed
Correctly link to news and calendar feeds via insert tag (see #6164).
### Fixed
Make the CSS ID available in the custom navigation module (see #6129).
### Fixed
Do not cache the "toggle_view" insert tag (see #6172).
### Fixed
Unset the primary key if a model is deleted (see #6162).
### Fixed
Support `tel:` and `sms:` upon IDNA conversion (see #6148).
### Fixed
Apply the width and height to the audio player as well (see #6114).
### Fixed
Do not exit after a template has been output (see #5570).
### Changed
Drop the database query cache (see #6070). This renders `executeUncached()` and
`executeCached()` deprecated. Use `execute()` instead.
### Fixed
Handle all possible errors when uploading files (see #5934).
Changelog:
SeaMonkey-specific changes
Implemented an option to thread messages received by date.
Allowed deletion of news posts by default.
Implemented optional taskbar preview-per-tab.
Added support (permission prompt) for desktop notifications.
Added Isn't operator for searching by Priority.
See the changes page for a more complete overview.
Mozilla platform changes
Support for new scrollbar style on Mac OS X 10.7 and newer.
Accessibility related improvements on using pinned tabs (bug 577727).
Major SVG rendering improvements around Image tiling and scaling (bug 600207).
Removed support for sherlock files that are loaded from application or profile directory.
Support for W3C touch events disabled (bug 888304).
Fixed several stability issues.
Fixed in SeaMonkey 2.21
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Changelog:
FIXED
Security fixes can be found here
Fixed in Firefox ESR 17.0.9
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests
Bugfixes
[SSPCPP-543] - AttributeExtractor fails to deal with multiple Logos
[SSPCPP-547] - Encoding problem with Metadata Attribute Extractor
[SSPCPP-549] - Shiboleth SP 2.5.1 breaks Apache 2.4.3's error pages
[SSPCPP-550] - Problems with native.log file rotation
[SSPCPP-551] - DiscoFeed Content-Type header lacks charset
[SSPCPP-552] - Solaris TCP Listener code is broken
[SSPCPP-568] - Unattended install pegs the CPU and never completes
[SSPCPP-569] - native log files not closed at/before CGI exec
[SSPCPP-570] - mod_shib takes over valid-user for entire server
[SSPCPP-573] - ShibDisable on breaks basic auth valid user
[SSPCPP-575] - Source build w/memcached and/or fastcgi support fails
[SSPCPP-579] - Internal stack overflow in log4shib
Improvements
[SSPCPP-493] - Default allow access to Shibboleth.sso by default in shibd.conf
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
2.5.1:
Bugfixes
[SSPCPP-409] - Shibboleth2.xml - undefined InProcess/OutOfProcess means no shibd.log/native.log
[SSPCPP-490] - CLang build issue with stream operator overload
[SSPCPP-492] - SP Release 2.5.0 does not compile with xml-security-c versions prior to 1.7.0
[SSPCPP-495] - Warning Shibboleth.PropertySet : load() skipping duplicate property set:
[SSPCPP-499] - Fresh Installation on Windows XP fails after service daemon fails to start
[SSPCPP-500] - configure fails against Apache 2.4
[SSPCPP-502] - Apache 2.4 post_read hook isn't run on subrequests, breaks module
[SSPCPP-504] - ScopedAttributeDecoder fails on non-ascii chars?
[SSPCPP-505] - shibd on Windows missing a version option
[SSPCPP-507] - Insert record failed Violation of PRIMARY KEY constraint with ODBC plugin
[SSPCPP-510] - Installer scripts (particularly the uninstall ones) should fail safe
[SSPCPP-514] - FCGI responder stdin buffer missing termination
[SSPCPP-516] - apache24.config missing from makefile target
[SSPCPP-518] - Incorrect requireLogoutWith redirection if the original URL has query string
[SSPCPP-519] - Shorthand SSO/Logout syntax not working with policyId setting
[SSPCPP-521] - Schemas are not being edited on Windows Installation
[SSPCPP-522] - Transform resolver echoes source string when match fails
[SSPCPP-526] - Transaction log crashes on SOAP-based logout
[SSPCPP-527] - Add ignoreNoPassive attribute to SSO element
[SSPCPP-540] - ISAPI header detection code is prone to false alarms
Improvements
[SSPCPP-402] - Support front-channel SLO without cookies
[SSPCPP-447] - Extension of consistentAddress for IPv6
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
[SSPCPP-517] - Windows SP installer should not always roll back when shibd fails to start
New Feature
[SSPCPP-515] - Make /Status handler report SessionCache
2.5.0:
Bugfixes
[SSPCPP-344] - Version strings in various spots are wired at compile time
[SSPCPP-345] - Split "package-level" and "user-level" settings in shib.conf to limit effect of RPM upgrades.
[SSPCPP-365] - Support for binary attributes in resolver
[SSPCPP-382] - Correct date format in Expires headers
[SSPCPP-383] - Tag entityID not usable in error templates
[SSPCPP-387] - Cryptographic nameID is longer than key length that memcache can handle
[SSPCPP-391] - Generation of keys for relay state is not strongly random
[SSPCPP-392] - Valgrind detects memory leaks
[SSPCPP-393] - Setting session timeout="0" creates infinite loop between SP and IDP
[SSPCPP-400] - NameID lookup for logout ignores logical SP boundaries
[SSPCPP-401] - IIS App Pool Crash
[SSPCPP-406] - Should check for cross platform previous versions?
[SSPCPP-408] - ECP flow fails for Session configured inside of ApplicationOverride
[SSPCPP-411] - openSUSE 12.1 erases /var/run at each reboot, so shibd fails to start
[SSPCPP-413] - Schema catalogs should be set after XMLTooling init.
[SSPCPP-416] - IIS breaks with error "isapi_shib: Attempted to insert duplicate storage key." Server restart required to fix
[SSPCPP-417] - redirectErrors configuration attribute does not handle relative URLs
[SSPCPP-419] - ExtensibleAttribute internal marshalling doesn't handle attribute naming correctly
[SSPCPP-423] - After upgrading SP to Alpha SP 2.5 RPM from previous version of SP, shibd does not start.
[SSPCPP-431] - Change links of https://spaces.inetrnet2.edu to wiki.shibboleth.net
[SSPCPP-438] - Artifact resolver code doesn't use EndpointIndex in 2.0 artifacts
[SSPCPP-439] - Auto-generated ACS endpoints improperly tracked by index
[SSPCPP-443] - SP not signing ECP AuthnRequests
[SSPCPP-444] - Multiple shib_state cookies get set -> server chokes on header field size
[SSPCPP-445] - RequestInitiator metadata generated in a case where it shouldn't be
[SSPCPP-448] - setting relayState to use ODBC storage service results in attempted redirects to an invalid URL
[SSPCPP-449] - RequestMap not normalizing hostname for comparison
[SSPCPP-459] - redirectLimit parser typo
[SSPCPP-460] - A spelling error in the configure file
[SSPCPP-461] - caching DiscoFeed fails b/c cache directory does not exist
[SSPCPP-465] - CLONE - Tag entityID not usable in error templates
[SSPCPP-467] - Cross-contamination from conflicting @relayState settings
[SSPCPP-468] - Aliases support in XML Attribute Extractor no longer working in 2.5.0 Beta 1
[SSPCPP-487] - relayStateLimitWhitelist parameter is being changed inadvertently by limitRelayState method
[SSPCPP-488] - No way to get client address set for ExternalAuth sessions
[SSPCPP-489] - Windows installer (tries to) install a 64 bit path into IIS
[SSPCPP-498] - Hardcoded path in XMLTooling is invalid on localized WinXP/2003
Improvements
[SSPCPP-319] - Augment XMLAccessControl for time based access control.
[SSPCPP-326] - Abbreviated IPv6 address format and CIDR support for acl
[SSPCPP-332] - Session cache slows down if large numbers of sessions with a single NameID are created
[SSPCPP-335] - Handle query strings on POST and avoid unintended POST data consumption
[SSPCPP-352] - Expose RelayState limiter as a public API and revisit default setting
[SSPCPP-353] - Package the SP to run as non-root user
[SSPCPP-361] - Session handler with better parseable and accessable (X)HTML code
[SSPCPP-362] - add 'metadata last refresh' to SP's status page
[SSPCPP-366] - generated metadata should include cryptographic algorithms
[SSPCPP-375] - Add httpOnly to cookieProps in the shibboleth2.xml config
[SSPCPP-376] - Add a post-filtering hashing feature to shorten long attributes, namely ePTIDs
[SSPCPP-394] - Support multiple authn context references in requests
[SSPCPP-399] - SImple Aggregation plugin should allow "prefixing" of attributes or dedicated extractors
[SSPCPP-403] - Facilitate signing Logout messages
[SSPCPP-404] - Log entry for failed consistentAddress="true" check
[SSPCPP-405] - CRIT Shibboleth.Application : no MetadataProvider available should be a warning not CRIT
[SSPCPP-407] - Improve logging on invalid XML in shibboleth2.xml configuration file
[SSPCPP-418] - Incorporating Boost libraries into code base
[SSPCPP-420] - Memcache build on RH6 and error handling fixes
[SSPCPP-425] - ShibAccessControl Relative Paths to user web content
[SSPCPP-436] - Log on DEBUG when a shibsession cookie is being cleared because no corresponding session is found by Shibboleth
[SSPCPP-446] - Try moving child_init hooks in Apache 2.x modules to post_config
[SSPCPP-458] - Unprecise error message when wrong certificate is used for SAML2 encryption
[SSPCPP-464] - Provide Logging to Recommend Production Settings
[SSPCPP-470] - Identify deprecated features or suboptimal settings and add warnings
[SSPCPP-472] - AttributeExtractor: remove leading/trailing whitespace created by formatter
New Features
[SSPCPP-245] - Support for attribute requirements in the SP
[SSPCPP-339] - Extraction of contacts and other built-in metadata information
[SSPCPP-341] - AttributeResolver plugin(s) for regexp or template-based transformation of values
[SSPCPP-342] - Metadata / Attribute filtering based on EntityAttributes
[SSPCPP-343] - Add support for capturing AuthenticatingAuthority
[SSPCPP-349] - Parseable audit logs for SP
[SSPCPP-389] - Add option to shibd to set uid and gid at startup
[SSPCPP-390] - Multiple language versions for the same attribute
[SSPCPP-396] - Simplify logout support for Native SP
[SSPCPP-410] - add support for the 'policy' query string parameter
[SSPCPP-421] - Extraction of consent attribute from SAML 2 responses
[SSPCPP-430] - Apache 2.4 support
[SSPCPP-437] - Add artifact binding for resolving artifacts via file system
[SSPCPP-440] - Loopback handler to exchange an assertion for a session
[SSPCPP-469] - Logout request extension to specify no response
[SSPCPP-471] - Shorthand settings for manipulating cookie properties
[SSPCPP-486] - Add automatic algorithm blacklist
* Merge some patches via FreeBSD ports.
* Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1.
* Use system hunspell dictionaries.
* DuckDuckGo search window.
* Enable system icu support.
Changelog:
NEW
Support for new scrollbar style in Mac OS X 10.7 and newer
NEW
Implemented Close tabs to the right
NEW
Social: Ability to tear-off chat windows to view separately by simply dragging them out
CHANGED
Accessibility related improvements on using pinned tabs (see 577727)
CHANGED
Removed support for Revocation Lists feature (see 867465)
CHANGED
Performance improvements on New Tab Page loads (see 791670)
DEVELOPER
Major SVG rendering improvements around Image tiling and scaling (see 600207 )
DEVELOPER
Improved and unified Browser console for enhanced debugging experience, replacing existing Error console
DEVELOPER
Removed support for sherlock files that are loaded from application or profile directory
FIXED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
FIXED
24.0: Security fixes can be found here
Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
These releases address a denial-of-service attack against Django's authentication framework. All users of Django are encouraged to upgrade immediately.
0.11.3 (July 29th 2013)
* FIX#1297 Added missing comma to spec_helper.rb generation (@lmorduch)
* FIX#1298 DataMapper auto_migrate/auto_upgrade the default repository
(@Ortuna)
* FIX#1276 Merged range_field_tag.* templates into form_tag.* (@Ortuna)
* FIX#1247 Ensure requiring active_record (@udzura)
* FIX#1307 Lock nokogiri to 1.5.10 (@Ortuna)
* FIX#1307 fixed haml_tag so it doesn¡Çt explode with undefined method
(@Ortuna)
* FIX#1314 Do not add authenticity token to GET form (@Ortuna)
* FIX#1320 Some auto-detection for authenticity_token & form_tag (@Ortuna)
* FIX#1319 ¡È&¡É should be escaped to ¡È&¡É (@tmtm)
* NEW #1321 Added some additional HTML boolean attributes. (@namusyaka)
* FIX#1325 Locking down active support to less than 4.0 (@Ortuna)
* NEW #1326 Add ability for cache_key to be a block (@Ortuna)
* FIX#1318 Make caption arg in submit-tag helper optional even when options
args are supplied (@dayflower)
* FIX#1313 Implemented create and drop tasks for Sequel (@dariocravero)
* FIX#1250 Prevent logging of health-check requests at log level over :debug
(@tyabe)
* FIX#1244 mat method do not working in admin views (@silentvick)
* FIX#1226 Allow users to override admin templates on a file by file basis
(@xavriley)
* FIX#1054 Implemented disabled attribute for select_tag form helper
(@dariocravero)
* FIX#1328 Added test cases for #1188 (@Ortuna)
* FIX#1186 Reverted DataMapper¡Çs explicit String to Integer
castings. (@dariocravero)
* FIX#1330 Update Twitter Bootstrap and Font-Awesome (@WaYdotNET)
* FIX#1335 Make instances of he | himself | his | him all be gender
neutral. (@didlix)
* FIX#1334 Error into admin section (@WaYdotNET)
* FIX#1336 File.read is better than ¡Èopen¡É (@namusyaka)
* FIX#1294 Use :grouped_options of select_tag (@namusyaka)
* FIX#1337 don¡Çt use block for content_tag in #select_tag (@namusyaka)
* FIX#751 introduce #absolute_url for generating absolute urls (@ujifgc)
* FIX#827 refactor padrino-cache expiration (@ujifgc)
* FIX#1327 introduce :namespace option to abstract form builder (@sshaw)
* FIX#1341 Fix module name including dashes in project generator (@tyabe)
* FIX#1261 introduce case insensitive authentication by email (@ujifgc)
* FIX skip padrino-cache with mongo on rbx engine (@ujifgc)
* FIX#1195 Generator errors without git already set-up (@ujifgc)
* FIX#1349 Redo tests for cache (@Ortuna)
* FIX#1353 Add test cases for select_tag (@namusyaka)
* FIX#1354 compatibility with 1.8.7 (@namusyaka)
* FIX#1355 Automatically add multipart option to form_for if include
file_field (@tyabe)
* FIX#1356 Breadcrumb#del does not work when name type is Str (@namusyaka)
* FIX Receive multipart option (@tyabe)
* NEW #1358 Add test file for breadcrumbs. (@namusyaka)
* FIX#1361 prioritized routes are working again (@namusyaka)
* FIX#1257 Add a test to show use case for routing priority (@jeffutter)
* FIX#1365 padrino rake mi:create_indexes task looks at subdirs (@natsumesou)
* FIX#1367 bad placement output of button_to (@namusyaka)
=== raindrops 0.12.0 - compatibility fixes / 2013-09-02 10:33 UTC
This release fixes builds on systems where compilers target i386
(and not later x86 systems). There are also minor improvements for
Ruby 2.1.0dev and Rubinius.
Eric Wong (5):
doc: add email address to generated doc/site
README: update regarding Ruby support status
extconf: try harder for gcc atomics in i386-configured systems
linux_inet_diag: improve compatibility with newer GCs
test_watcher: fix for Ruby trunk r40195 and later
=== raindrops 0.11.0 - minor fixes improvements / 2013-04-20 23:10 UTC
Eric Wong (7):
raindrops: favor configured processor count over online count
watcher: set Content-Type via assignment
Linux::TCP_Info: implement #get! instance method
linux_inet_diag: avoid unnecessary sockaddr initialization
.gitignore: add .rbx
switch back to gemspec development dependencies
linux_inet_diag: better align listener_stats struct
Lawrence Pit (1):
Watcher: Use relative paths in HTML links
3.2.10
* Use the Sass logger infrastructure for @debug directives.
* When printing a Sass error into a CSS comment, escape */ so the comment
doesn¡Çt end prematurely.
* Preserve the ! in /*! ... */-style comments.
* Fix a bug where selectors were being incorrectly trimmed when using @extend.
* Fix a bug where sass --unix-newlines and sass-convert --in-place are not
working on Windows (thanks SATO Kentaro).
3.2.9
* Fix a bug where @extends would occasionally cause a selector to be generated
with the incorrect specificity.
* Avoid loading listen v1.0, even if it¡Çs installed as a Gem (see issue 719).
* Update the bundled version of listen to 0.7.3.
* Automatically avoid the IE7 content: counter bug.
3.2.8
* Fix some edge cases where redundant selectors were emitted when using @extend.
* Fix a bug where comma-separated lists with interpolation could lose elements.
* Fix a bug in sass-convert where lists being passed as arguments to functions
or mixins would lose their surrounding parentheses.
* Fix a bug in sass-convert where null wasn¡Çt being converted correctly.
* Fix a bug where multiple spaces in a string literal would sometimes be
folded together.
* sass and sass-convert won¡Çt create an empty file before writing to it. This
fixes a flash of unstyled content when using LiveReload and similar tools.
* Fix a case where a corrupted cache could produce fatal errors on some
versions of Ruby.
* Fix a case where a mixin loop error would be incorrectly reported when using
@content.
=== unicorn 4.6.3 - fix --no-default-middleware option / 2013-06-21 08:01 UTC
Thanks to Micah Chalmer for this fix. There are also minor
documentation updates and internal cleanups.
== 1.5.1 Straight Razor
* Fix issue when running as another user/group without a PID file.
* Allow overriding Connection & Server response headers.
* Update vlad example [Mathieu Lemoine]
* Keep connections in a Hash to speedup deletion [slivu]
* Force kill using already known pid. Prevents "thin stop" from leaving
a process that removed its pid file, but is still running (e.g. hung
on some at_exit callback) [Michal Kwiatkowski]
=== 2.9 / 2013-07-24
* Minor enhancement
* Added max_requests to avoid ECONNRESET for a server that allows a limited
number of requests on a connection. Pull request #42 by James Tucker.
* Request failures are now raised with the backtrace of the original
exception. This gives better insight into the reason for the failure.
See #41 by Andrew Cholakian.
* OpenSSL is no longer required. If OpenSSL is not available an exception
will be raised when attempting to access HTTPS resources. Feature request
by André Arko
* Bug fixes
* Explain the proper way of sending parameters depending upon the request
method. Issue #35 by André Arko.
* Handle Errno::ETIMEDOUT by retrying the request. Issue #36 by André Arko.
* Requests retried by ruby 2.x are no longer retried by net-http-persistent.
* Finish the connection if an otherwise unhandled exception happens during a
request. Bug #46 by Mark Oude Veldhuis.
* detect_idle_timeout now assumes a StandardError indicates the idle timeout
has been found. Bug #43 by James Tucker.
=== 1.4 / 2013-07-23
* Minor enhancements
* Relaxed parser to accept quoted algorithm to work with Linksys SPA922.
Pull request #8 by Ismail Hanli, Issue #5 by bearded
=== 1.3 / 2012-03-28
* Minor enhancements
* The cnonce is regenerated for every request to improve security.
* SecureRandom is used to generate the cnonce instead of Kernel#rand
* Bug fix
* cnonce and nonce-count are no longer sent when qop was not provided per
RFC 2617 section 3.2.2.
changelog
===========
Version 0.5.1 (June 25, 2013)
-----------------------------
* Ensure compatability across distros by detecting if `python2` is available
Version 0.5.0 (Apr 13, 2013)
-----------------------------
* Use #rstrip to fix table mode bug
Version 0.4.2 (Feb 25, 2013)
-----------------------------
* Add new lexers, including custom lexers
HTTP::Cookie is a ruby library to handle HTTP cookies in a way both
compliant with RFCs and compatible with today's major browsers.
It was originally a part of the
[Mechanize](https://github.com/sparklemotion/mechanize) library,
separated as an independent library in the hope of serving as a common
component that is reusable from any HTTP related piece of software.
The following is an incomplete list of its features:
* Its behavior is highly compatible with that of today's major web
browsers.
* It is based on and conforms to RFC 6265 (the latest standard for the
HTTP cookie mechanism) to a high extent, with real world conventions
deeply in mind.
* It takes eTLD (effective TLD, also known as "Public Suffix") into
account just as major browsers do, to reject cookies with an eTLD
domain like "org", "co.jp", or "appspot.com". This feature is
brought to you by the domain_name gem.
* The number of cookies and the size are properly capped so that a
cookie store does not get flooded.
* It supports the legacy Netscape cookies.txt format for
serialization, maximizing the interoperability with other
implementations.
* It supports the cookies.sqlite format adopted by Mozilla Firefox for
backend store database which can be shared among multiple program
instances.
* It is relatively easy to add a new serialization format or a backend
store because of its modular API.
= 2.1
=== 19th Aug, 2010 (whyday)
* Helpers#R now calls to_param on any object it passes in
* Fix route generation issue with routes including "." (#22)
* Improved tests
* Improved 1.9 support
* Camping::Server is now built upon Rack::Server
* Add support for ERB, Haml etc through Tilt
* Introducing Camping.options and Camping#set
* Camping::Server only loads ActiveRecord when needed
4.37 2013-09-13
- Improved design of built-in templates.
4.36 2013-09-12
- Added match method to Mojo::DOM.
- Added match method to Mojo::DOM::CSS.
- Improved ancestors and children methods in Mojo::DOM to support all CSS
selectors.
- Improved syntax highlighting in documentation browser.
- Improved compatibility with different object systems.
4.35 2013-09-10
- Added origin attribute to Mojo::Cookie::Response.
- Fixed RFC 6265 compliance bugs in Mojo::Cookie::Request,
Mojo::Cookie::Response and Mojo::UserAgent::CookieJar.
4.34 2013-09-08
- Fixed portability bug in SO_REUSEPORT tests.
Changelog:
Version 5.0.11 Sep 10th 2013
Fixing upload in shared folders with create privileges
Making ldap more robust in certain situations
Handing quota violation earlier to make the desktop clients more robust
Several quota fixes
Fix issues with certain file names like 0 or false
Disable smb in files_External on windows servers
Enable user to decrypt files again after encryption app was disabled
Improved Encryption messages
Add a searchByMime call to API
Fix multiselects for Firefox on Mac in groups management
Reduce the number of ldap connections
Show a “password incorrect” notice when used shared password is wrong
Switch to the completely new Google Drive SDK.
Scanner: additional tests for reusing etags during scanning
Fix accessing files that are newly created by setting the right mime type
Several Calendar bugfixes
Fixed “Show on Map” in Contacts
A lof of Contacts fixes
Several “Tasks” fixes
This Apache LDAP authentication/authorization module tries to solve
the following problems that other such modules may not solve in all cases:
* Map the short form of the distinguished name of a certificate and its
issuer obtained from the environment of mod_ssl to a user distinguished
name in an LDAP directory.
* Check the age of a password in an LDAP directory, denying authorization
in case the password is to old.
* Authorize a user based on roles or an arbitrary LDAP filter expression.
* Authorize a user based on whether he owns a file or belongs to the group
owning a file.
* Improving the File Abstraction Layer
* UI Improvements for the Extension Manager
* Use for PHP mysqli instead of "mysql" module
* Further Changes:
- Removed extension statictemplates
- Improved TCA load mechanism
- Install Tool: Environment Checks
- Extbase: The rewritten property mapper is now the default mapper
- Fluid: Allow Fluid arrays only in ViewHelper arguments
- Extbase: Object persistence behaviour changed from implicit to explicit
save
mod_xsendfile is a small Apache2 module that processes X-SENDFILE headers
registered by the original output handler.
If it encounters the presence of such header it will discard all output
and send the file specified by that header instead using Apache internals
including all optimizations like caching-headers and sendfile or mmap if
configured.
This HTTP extension aims to provide a convenient and powerful
set of functionality for one of PHPs major applications.
It eases handling of HTTP urls, dates, redirects, headers and
messages, provides means for negotiation of clients preferred
language and charset, as well as a convenient way to send any
arbitrary data with caching and resuming capabilities.
Additionally: Version 3.6.1 fixes three security issues:
* Remote Code Execution: Block unsafe PHP de-serialization that could occur in
limited situations and setups, which can lead to remote code execution.
Reported by Tom Van Goethem. CVE-2013-4338.
* Link Injection / Open Redirect: Fix insufficient input validation that could
result in redirecting or leading a user to another website.
Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
for Disease Control and Prevention. CVE-2013-4339.
* Privilege Escalation: Prevent a user with an Author role, using a specially
crafted request, from being able to create a post "written by" another user.
Reported by Anakorn Kyavatanakij. CVE-2013-4340.
Additional security hardening:
* Updated security restrictions around file uploads to mitigate the potential
for cross-site scripting. The extensions .swf and .exe are no longer allowed
by default, and .htm and .html are only allowed if the user has the ability
to use unfiltered HTML.
More on http://codex.wordpress.org/Version_3.6.1
These releases address a directory-traversal vulnerability in one of Django's built-in template tags. While this issue requires some fairly specific factors to be exploitable, we encourage all users of Django to upgrade promptly.
* Merge `:action` from routing scope and assign endpoint if both `:controller`
and `:action` are present. The endpoint assignment only occurs if there is
no `:to` present in the options hash so should only affect routes using the
shorthand syntax (i.e. endpoint is inferred from the the path).
Fixes#9856
*Yves Senn*, *Andrew White*
* Always escape the result of `link_to_unless` method.
Before:
link_to_unless(true, '<b>Showing</b>', 'github.com')
# => "<b>Showing</b>"
After:
link_to_unless(true, '<b>Showing</b>', 'github.com')
# => "<b>Showing</b>"
*dtaniwaki*
* Use a case insensitive URI Regexp for #asset_path.
This fix a problem where the same asset path using different case are generating
different URIs.
Before:
image_tag("HTTP://google.com")
# => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
image_tag("http://google.com")
# => "<img alt=\"Google\" src=\"http://google.com\" />"
After:
image_tag("HTTP://google.com")
# => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
image_tag("http://google.com")
# => "<img alt=\"Google\" src=\"http://google.com\" />"
*David Celis + Rafael Mendon«®a Fran«®a*
* Fix explicit names on multiple file fields. If a file field tag has
the multiple option, it is turned into an array field (appending `[]`),
but if an explicit name is passed to `file_field` the `[]` is not
appended.
Fixes#9830.
*Ryan McGeary*
## Rails 3.2.14 (Jul 22, 2013) ##
* Fixes an issue that ActiveResource models ignores
ActiveResource::Base.include_root_in_json. Backported from the now
separate repo rails/activeresouce.
*Xinjiang Lu*
* APACHE_USER and APACHE_GROUP are defined somewhere else; don't redefine these here.
* Don't depend on php-zlib as Moodle does not require this module.
* Faster installation using 'pax'.
* Auto-generare PLIST.
* Don't change owner/group of Moodle files; web-server should only be able to read them, and nothing more.
Upstream changes:
Releases > Moodle 2.5.2 release notes
Release date: 9 September 2013
Here is the full list of fixed issues in 2.5.2.
Contents [hide]
1 Highlights
2 Functional changes
3 API changes
4 Security issues
5 Fixes and improvements
6 See also
Highlights
MDL-30839 - Form validation and error recovery draws the user to where focus is needed.
MDL-27953 - Uploaded users can be added with authentication options other than Manual account or No login.
MDL-38707 - Folders displayed on course pages show their name.
Functional changes
MDL-40854 - Links to course activities/resources do not appear to users without appropriate view capabilities.
MDL-35981 - Confirmation is no longer needed after deleting a comment.
MDL-38707 - Folders displayed on course pages show their name.
MDL-41036 - Question category info is now edited using the HTML editor.
API changes
MDL-40176 - Mock form submission introduced for testing.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-37333 - Clicking "Clear theme caches" in Default theme selector redirects page to "Select theme for tablet device".
MDL-41106 - MUC session cache fixes were made.
MDL-36803 - TinyMCE editor now works better with iOS.
MDL-40891 - MUC cache purge works consistently when creating directories.
MDL-31487 - Grade items remain hidden if explicitly hidden via Gradebook (regardless of activity state).
Changes since 3.0.3:
* The ACL code had a bug which could lead to false negatives.
This has been assigned CVE-2013-4090.
* Varnish will now return an error if the client sends multiple
Host headers.
* If the backend sent invalid gzip while using ESI, Varnish would
in some cases assert. It now works correctly.
* TCP_NODELAY is now enabled, which should lead to performance
improvements in some cases.
Full changelog:
https://www.varnish-cache.org/trac/browser/doc/changes.rst
Upstream changes:
Changes since 1.21.1[edit | edit source]
SECURITY: Fix extension detection with 2 .'s
SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed.
SECURITY: Sanitize ResourceLoader exception messages
Purge upstream caches when deleting file assets.
Unit test suite now runs the AutoLoader tests. Also fixed the autoloading entry for the PageORMTableForTesting class though it had no impact.
Serf 1.3.1 [2013-08-15, from /tags/1.3.1, r????]
Fix issue 77: Endless loop if server doesn't accept Negotiate authentication.
Fix issue 114: ssl/tls renegotiation fails
Fix issue 120: error with ssl tunnel over proxy with KeepAlive off and
Basic authentication.
Fixed bugs with authentication (r2057,2115,2118)
SCons-related fixes:
Fix issue 111: add flag to set custom library path
Fix issue 112: add soname
Fix issue 113: add gssapi libs in the serf pc file
Fix issue 115: Setting RPATH on Solaris broken in SConstruct
Fix issue 116: scons check should return non-zero exit staths
Fix issue 121: make CFLAGS, LIBS, LINKFLAGS and CPPFLAGS take a space-
separated list of flags.
Fix issue 122: make scons PREFIX create the folder if it doesn't exist
Mac OS X: Fix scons --install-sandbox
Solaris: Fix build with cc, don't use unsupported compiler flags
Require SCons version 2.3.0 or higher now (for the soname support).
Serf 1.3.0 [2013-07-23, from /tags/1.3.0, r2074]
Fix issue 83: use PATH rather than URI within an ssltunnel (r1952)
Fix issue 108: improved error reporting from the underlying socket (r1951)
NEW: Switch to the SCons build system; retire serfmake, serf.mak, autotools
Improved Basic and Digest authentication:
- remember credentials on a per-server basis
- properly manage authentication realms
- continue functioning when a server sets KeepAlive: off
Windows: add support for NTLM authentication
Improved 2617 compliance: always use strongest authentication (r1968,1971)
Fixed bugs with proxy authentication and SSL tunneling through a proxy
Fixed bugs the response parser (r2032,r2036)
SSL connection performance improvements
Huge expansion of the test suite
#-----------------------------------------------------------------------
# Version 2.25 - 24th July 2013
#------------------------------------------------------------------------
* Jon Jensen fixed the behaviour of split() which changed in Perl 5.18.0
* Jay Hannah added repository information for metacpan.org et. al.
* Colin Keith fixed Template::Provider's handling of directories
* Kevin Goess made the date plugin accept the ISO8601 "T" separator
* David Steinbrunner fixed various typos.
* Andreas Koenig silenced recent Pod::Simple warnings
* Slaven Rezic silenced warnings in the replace vmethod.
* Ricardo Signes made the Image plugin emit extra tags in a predictable order
* Johan Vromans added the --link option to ttree.
* Smylers added documentation for the ENCODING option.
* Andy Wardley made some minor documentation changes relating to github.
Upstream changes:
0.28 2013-05-12 15:03:47 PDT
- Use requires instead of recommends
0.27 2013-04-25 12:02:27 PDT
- Switch to Milla and use optional_features in CPAN Meta spec 2
0.26
- Upped versions
* calendar: Display the popup mouseover when there is only 1 page for a
given day, for better UI consistency.
* meta: Can now be used to add an enclosure to a page, which is a fancier
way to do podcasting than just inlining the media files directly;
this way you can write a post about the podcast episode with show notes,
author information, etc.
(schmonz)
* aggregate: Show author in addition to feedname, if different.
(schmonz)
* Consistently configure LWP::UserAgent to allow use of http_proxy
and no_proxy environment variables, as well as ~/.ikiwiki/cookies
(schmonz)
* Fix test suite to work with perl 5.18. Closes: #719969
* Fix cookiejar default setting.
about times, hits, bytes, users, networks, top urls and top domains. Statistic
reports are oriented toward user and bandwidth control; this is not a pure
cache statistics generator.
SquidAnalyzer use flat files to store data and don't need any SQL, SQL Lite or
Berkeley databases.
This log analyzer is incremental and should be run in a daily cron or more
often on huge network trafic.
Upstream changes:
4.30 2013-09-01
- Fixed memory leak in Mojolicious::Routes.
4.29 2013-08-31
- Fixed automatic rendering to work after non-blocking operations have been
performed in bridges.
(resolve PR pkg/47641, updated to newer version including the bugfix).
Revision history for Perl extension HTTP::Server::EV.
0.67
- (not recorded, but released at same date of 0.66)
0.66
- Bugfix, thanx Edgar Fuß
0.65
- ~300% Faster urldecode
- Any HTTP methods now supported. Server just parses headers, use
$cgi->fh to process body of PUT or other methods
- Added ->flush_wait and ->give_up_handle methods in
HTTP::Server::EV::Buffer
- Fixed stack corruption, thanx Edgar Fuß
0.6
- Implemented HTTP::Server::EV::Buffer onerror(ondisconnect) callback
- Listen now can accept IO::Socket::INET object with socket to listen
- Added support of sharing one listening socket per several forks, and
fork_hook cb to integrate with fork managers
- Fixed bug when only first defined port listener worked
- Fixed segfault when starting/stopping PortListener
Drupal 7.23, 2013-08-07
-----------------------
- Fixed a fatal error on PostgreSQL databases when updating the Taxonomy module
from Drupal 6 to Drupal 7.
- Fixed the default ordering of CSS files for sites using right-to-left
languages, to consistently place the right-to-left override file immediately
after the CSS it is overriding (API change: https://drupal.org/node/2058463).
- Added a drupal_check_memory_limit() API function to allow the memory limit to
be checked consistently (API addition).
- Changed the default web.config file for IIS servers to allow favicon.ico
files which are present in the filesystem to be accessed.
- Fixed inconsistent support for the 'tel' protocol in Drupal's URL filtering
functions.
- Performance improvement: Allowed all hooks to be included in the
module_implements() cache, even those that are only invoked on HTTP POST
requests.
- Made the database system replace truncate queries with delete queries when
inside a transaction, to fix issues with PostgreSQL and other databases.
- Fixed a bug which caused nested contextual links to display improperly.
- Fixed a bug which prevented cached image derivatives from being flushed for
private files and other non-default file schemes.
- Fixed drupal_render() to always return an empty string when there is no
output, rather than sometimes returning NULL (minor API change).
- Added protection to cache_clear_all() to ensure that non-cache tables cannot
be truncated (API addition: a new isValidBin() method has been added to the
default database cache implementation).
- Changed the default .htaccess file to support HTTP authorization in CGI
environments.
- Changed the password reset form to pre-fill the username when requested via a
URL query parameter, and used this in the error message that appears after a
failed login attempt (minor data structure and behavior change).
- Fixed broken support for foreign keys in the field API.
- Fixed "No active batch" error when a user cancels their own account.
- Added a description to the "access content overview" permission on the
permissions page (string change).
- Added a drupal_array_diff_assoc_recursive() function to allow associative
arrays to be compared recursively (API addition).
- Added human-readable labels to image styles, in addition to the existing
machine-readable name (API change: https://drupal.org/node/2058503).
- Moved the drupal_get_hash_salt() function to bootstrap.inc and used it in
additional places in the code, for added security in the case where there is
no hash salt in settings.php.
- Fixed a regression in Drupal 7.22 that caused internal server errors for
sites running on very old Apache 1.x web servers.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Upstream changes:
4.28 2013-08-29
- Added support for non-blocking operations in bridges to
Mojolicious::Routes.
- Added continue method to Mojolicious::Controller.
- Added continue method to Mojolicious::Routes.
- Added current attribute to Mojolicious::Routes::Match.
- Fixed automatic rendering bug in Mojolicious::Routes.
Version 0.9.4
-------------
(bugfix release, released on August 26th 2013)
- Fixed an issue with Python 3.3 and an edge case in cookie parsing.
- Fixed decoding errors not handled properly through the WSGI
decoding dance.
- Fixed URI to IRI conversion incorrectly decoding percent signs.
Version 3.1.2 (2013-08-27)
--------------------------
### Fixed
Add the global date format in `PageModel::loadDetails()` (see #6104).
### Fixed
Do not override the referer upon Ajax requests (see #5956).
### Fixed
Fixed the content slider in IE < 9 (see #5878).
### Fixed
Do not set a database driver by default (see #6088).
### Fixed
Decode punycode domains in the listing module (see #5946).
### Fixed
Show all themes a template is defined in (see #6071).
### Fixed
Do not add the domain name twice in `redirectToFrontendPage()` (see #6076).
### Fixed
Use the `currentLogin` field to sort users by their last login (see #5949).
### Fixed
Fix the offset handling in the CSS grid (see #5943).
### Fixed
Do not use the `date`, `time` and `datetime` input types (see #5918).
### Fixed
Show tooltips for selected single images in the file picker (see #6031).
### Fixed
Correctly synchronize if a sub folder is selected (see #5979).
### Fixed
Correctly handle password which are longer than 64 characters (see #6015).
### Fixed
Added missing Vietnamese characters to the UFT8 mapper (see #6010).
### Fixed
Decode entities in the page and file pickers (see #5989).
### Fixed
Ensure that the default user and group are integer values (see #6017).
### New
Added the Czech typolinks translations (thanks to ShiraNai7) (see #6051).
### Fixed
Added an option to purge the search cache (see #6041).
### Fixed
Preserve the repository tables when importing a theme (see #6037).
### Fixed
Pass the module to `getAttributesFromDca()` in the registration and personal
data module classes (see #6002).
### Fixed
Validate the e-mail address when creating an admin user (see #6003).
### Fixed
Fix the newslist pagination count (see #5997).
### Fixed
Make the GD image max width and height parameters mandatory (see #5940).
### Fixed
Replace all insert tags when exporting a page as PDF (see #5990).
### Fixed
Correctly validate the options in `Widget::isValidOption()` (see #5951).
### Fixed
Decode IDNA domains in any system mail (see #5932).
### Fixed
Store integers bigger than `PHP_INT_MAX` as string (see #5939).
### Fixed
Fix the alignment of the versions menu in IE (see #5962).
### Fixed
Do not cache the result of `Model::count*()` (see #5973).
### Fixed
Added some missing office file extensions to the configuration (see #6021).
### Fixed
Fixed the "indexPage" hook (see #5967).
### Fixed
Do not copy the autologin hash when duplicating members (see #5945).
### Fixed
Added .svgz support to the default `.htaccess` file (see #5938).
Upstream changes:
2.20 - August 10th, 2013
- Updated to support HTML5 (RT #75933, thanks to charsbar)
2.11 - June 3rd, 2013
Updated tests so that they pass with Perl 5.18 (Mark Stosberg)
Upstream changes:
1.05 Tue Jul 9 08:56:00 2013
- No code changes.
- Rename CHANGES to Changes as per CPAN::Changes::SPEC.
- Recreate META.* files so they say licence is artistic_2 rather than artistic_1.
Build.PL and Makefile.PL already said artistic_2, but the META.* files didn't.
There is no reference to licences in the source of the module itself.
This was requested by Christopher Meng who packages stuff for Fedora.
Upstream changes:
1.0029 2013-08-22 14:05:44 PDT
[NEW FEATURES]
- Plack::Test now has a simpler object-oriented interface that doesn't
take multiple callbacks. #420
[IMPROVEMENTS]
- bump dependencies for Test::TCP and HTTP::Tiny
- Set no_proxy for HTTP::Tiny in tests (kazeburo)
[INCOMPATIBLE CHANGES]
- Split HTTP::Server::Simple handler from Plack distribution and merge to
HTTP-Server-Simple-PSGI distribution
Upstream changes:
2.15 Wed Nov 14 23:22:07 CET 2012
- use the recurse parameter to also limit the number of retries to be
done, avodiing endless loops with broken servers, as reported
by Carl Chambers.
2.14 Sun Apr 22 14:57:51 CEST 2012
- Time::Local::timegm croaks on out-of-range values. Don't let
this disturb AnyEvent::HTTP (reported by: tell me, I forgot...).
Changelog:
Version 5.0.10 Aug 12th 2013
Configurable logfile date format
Several Oracle fixes
Several MSSQL fixes
Make default language configurable
New CLI upgrade script
Correctly calculate folder size
Fix display of search results
Database upgrade fixes
Smaller filesystem cache fixes
Remember password fixes
Encryption fixes
Fix problems with german “Umlauts” in folder name
IE fixes
Improved upgrade logging
Improved external storage status display
Flicker free versions dropdown
Don’t create empty versions
Less noisy debug logfile
Don’t show firstrunwizard during upgrade
Several Calendar fixes
Contacts fixes
Fixes for Gallery
Several smaller fixes
Upstream changes:
4.26 2013-08-18
- Fixed support for Netscape cookies in Mojo::Cookie::Response.
- Fixed element method bug in Mojo::Collection.
4.25 2013-08-17
- Added support for calling element methods to Mojo::Collection.
- Added compact method to Mojo::Collection.
Version 1.6.9
-------------
Released August 20th 2013
- Fix bug in SQLAlchemy datastore's `get_user` function
- Fix bug in PeeWee datastore's `remove_role_from_user` function
- Fixed import error caused by new Flask-WTF release
Upstream changes:
0.37 2013-02-25
- Fix t/live_verify_address.t to skip of Catalyst::Plugin::Authentication
is not installed, fixing RT#81506.
0.36 2012-10-19
- Re-pack with new Module::Install which doesn't get
MYMETA.yaml wrong.
- Remove use of Plack::Middleware::ForceEnv from the tests
as it was not used / needed
0.35 2012-04-24
- Implement a 'change_session_expires' method (gshank)
- Fixed bug from last version where session does not persist
across a redirect
0.34 2012-03-30
- Fixed up t/live_verify_address.t per https://rt.cpan.org/Ticket/Display.html?id=71142
- Merged in dpetrov's 0.32 changes (extend_session_expire)
0.33 2012-03-08
- Note that flash is deprecated / not recommended due to it's
inherent races. Point out Catalyst::Plugin::StatusMessage instead
Add LICENSE
Add missing DEPENDS
Switch PERL5_MODULE_TYPE to Module::Install::Bundled
Upstream changes:
0.07 2011-01-14 19:07:00
- Converted to use Module::Install instead of Module::Build.
- Removed unused 'default' method from the app (triggered a deprecation warning).
- Fix Perl Critic test for hard tabs (t0m)
- Fix POD coverage (t0m)
- Added allow_ssl() (norbi)
- Added detach_on_redirect config option (norbi)
- Cleaned up _redirect_uri() (RT #38996) (norbi)
- Switch from NEXT to MRO::Compat (RT #48328) (t0m)
Upstream changes:
0.41 2013-02-28
- New local attribute to let you override the default content type when
no content type has been set for the response.
0.40 2013-01-15 20:52:14
- Fix hash randomisation breakage in tests (RT#82703)
0.39 2012-04-11 07:40:00
- Fix warning from tests. RT#75104
- Fix ExtUtils::MakeMaker version requirement (due to last release
being made with faulty Module::Install). RT#76488
0.38 2012-02-15 20:42:00
- Change documentation to reflect use of Moose.
- Change documentation to highlight how to configure
UTF-8 in templates.
- Change documentation to recommend putting calls to MyApp->path_to
into the app class itself, ergo avoiding recursive dependencies
and making the view compile standalone.
- Change code generated by Catalyst::Helper::View::TT
to use Moose.
This module extends Catalyst::Controller::REST to work with the
CatalystX::CRUD::Controller API. It is designed for web services,
not managing CRUD actions via HTML forms.
Version 2.11.12 (2013-08-22)
----------------------------
### Fixed
Allow to paste into the root page in "edit multiple" mode (see #5620).
### Updated
Updated TCPDF to version 6.0.010 (see #5676).
### Fixed
Backported the changes from e44864d2 (see #5683).
### Fixed
Handle all possible errors when uploading files (see #5934).
### Improved
Improved the memory footprint of the search index rebuild (see #5681).
### Fixed
Do not trigger the "setNewPassword" hook twice (see #5247).
### Updated
Updated SimplePie to version 1.3.1 (see #5604).
### Fixed
Delete the `pathconfig.php` file in the install tool (see #5536).
Upstream changes:
1.016 2013-07-27
- Fix repository metadata. RT#87114
1.015 2012-06-27
- Add broken_dotnet_digest_without_query_string option
Allows digest authentication from .NET, which does not include the
query string in the uri in the digest Authorization header.
- Fix broken synopsis. RT#75254
1.014 2012-02-05
- Add require_ssl configuration setting.
- Add no_unprompted_authorization_required configuration setting.
Update DEPENDS
Upstream changes:
Tue 29 May 2012 20:19:00 BST - Release 1.01
Add Catalyst::Action::Deserialize::JSON::XS
Fix JSON::XS useage to depend on JSON.pm v2.0, and rely on the
fact that can be backed by XS code, by explicitly setting
$ENV{'PERL_JSON_BACKEND'} = 2
Fri 13 Apr 2012 09:31:00 BST - Release 1.00
Repack without auto_include to stop Module::Install inlining
Test::More without Test::Builder. RT#76524
Tue 28 Feb 2012 09:09:00 GMT - Release 0.99
Repack with new Module::Install to stop depending on an unnecessary
ExtUtils::MakeMaker version.
Tue 21 Feb 2012 11:40:00 GMT - Release 0.98
More fixes as per last release.
Tue 21 Feb 2012 09:58:00 GMT - Release 0.97
Fix test with latest Catalyst version which passes _log into
requests.
Mon 20 Jan 2012 11:22:00 GMT - Release 0.96
Added fix for RT 63537 (from Gerv) and tests to check it.
Wed 04 Jan 2012 19:34:00 GMT - Release 0.95
Fix regex for JSONP parameter name to be able to include the . character
in Catalyst::Action::Serialize::JSONP. RT#73741
Add optional location parameter to status_accepted handler. RT#73691 (ghenry)
Fri 09 Dec 2011 08:35:00 GMT - Release 0.94
Add 403 Forbidden and 302 Not Found status methods to
Catalyst::Controller::REST (Caleb Cushing)
Wed 12 Oct 2011 11:37:00 CDT - Release 0.93
Add a "Callback" serializer/deserializer to allow for more customization in
how the REST data is parsed/generated (bphillips)
Sat 01 Oct 2011 11:04:00 BST - Release 0.92
Add a Catalyst::Action::DeserializeMultiPart, allowing one part of a multipart
request to be deserialized as the REST data (allowing other parts to be used for
file uploads, for example) (bphillips)
Update DEPENDS
Upstream changes:
5.90042 - 2013-06-14
- Removed more places where an optional dependency shows up in the test
suite. Hopefully really fixed the unicode regression introduced in 5.90040
- reverted the change we introduced in 5.90040 where a unicode conversion
error warned instead of died. Now it dies again, like in the stand alone
plugin
- More work to make sure nothing happens with encoding unless you explicitly
ask for encoding
- Code to hopefully fix an issue where file uploads using the unicode plugin
caused trouble.
5.90041 - 2013-06-14
- Bug fix release to fix regressions introduced in previous. I would consider
this a likely upgrade and if you are having trouble with the previous I hope
this fixes all of them.
- Fix regression with the cored Unicode plugin that broke systems where you are
setting encoding type in an external configuration file
- Fixed circular dependency introduced when we cored the unicode plugin tests
- Fixed a longstanding problem with stats when locale uses , instead of . for
number decimals
- Fixed some docs that didn't properly date the previous release.
5.90040 - 2013-06-12
! Stricter checking of attributes in Catalyst::DispatchType::Chained:
1) Only allow one of either :CaptureArgs or :Args
2) :CaptureArgs() argument must be numeric
3) :CaptureArgs() and :Args() arguments cannot be negative
- Add Devel::InnerPackage to dependencies, fixing tests on perl 5.17.11
as it's been removed from core. RT#84787
- New support for closing over the PSGI $writer object, useful for working
with event loops.
- lets you access a psgix.io socket, if your server supports it, for manual
handling of the client - server communication, such as for websockets.
- Fix waiting for the server to start in t/author/http-server.t
- new config flag 'abort_chain_on_error_fix' that exits immediately when a
action in an action chain throws and error (fixes issues where currently
the remaining actions are processed and the error is handled at chain
termination).
- Cored the Encoding plugin. Now get unicode out of the box by just setting
$c->config->{encoding} = 'UTF-8'. BACKCOMPAT WARNING: If you are using
the Encoding plugin on CPAN, we skip it to avoid double encoding issues, so
you should remove it from your plugin list, HOWEVER the 'encoding' config
setting is now undef, rather than 'UTF-8' (this was done to avoid breaking
people's existing applications) so you should add the encoding setting to
you global config. There's some other changes between the stand alone
plugin and the cored version, if you use it be sure to see Catalyst::Upgrading
for more.
- minor documentation typo fixes and updates
5.90030 - 2013-04-12
! POSSIBLE BREAKING CHANGE: Removed Regexp dispatch type from core, and put
it in an external package. If you need Regexp dispatch types you should
add "Catalyst-DispatchType-Regex" as a distribution to your build system.
- make $app->uri_for and related methods return something sane, when called
as an application method, instead of a context method. Now if you call
MyApp::Web->uri_for(...) you will get a generic URI object that you need to
resolve manually.
- documentation updates around forwarding to chained actions.
- Fixed bug when a PSGI engine need to use psgix logger.
- Added cpanfile as a way to notice we are a dev checkout.
- Added 'x-tunneled-method' HTTP Header method override to match features in
Catalyst::Action::REST and in other similar systems on CPAN.
- smarter valiation around action attributes.
5.90020 - 2013-02-22
! Catalyst::Action now defines 'match_captures' so it is no long considered
an optional method. This might break you code if you have made custom
action roles/classes where you define 'match_captures'. You must change
your code to use a method modifier (such as 'around').
- New match method "Method($HTTP_METHOD)" where $HTTP_METHOD in (GET, POST,
PUT, HEAD, DELETE, OPTION) and shortcuts in controllers called "GET, POST
PUT, HEAD, DELETE, OPTION"). Tests and documentation. Please note if you
are currently using Catalyst::ActionRole::MatchRequestMethods there may
be compatibility issues. You should remove that actionrole since the built
in behavior is compatible on its own.
- Initial debug screen now shows HTTP Method Match info
- security fixes in the way we handle redirects
- Make Catalyst::Engine and Catalyst::Base immutable
- Some test and documentation improvements
Upstream changes:
1.39 2013-06-14 12:44:17
- Write =encoding utf8 into generated Pod files so that things
work as expected for people with utf-8 characters in their unix
username as returned by getpwuid (RT#84613)
- Fix unbalanced parenthesis in comptest.tt (RT#85661)
1.38 2013-04-11 20:54:00
- Remove all PAR based deployment options, as they're unsupported
and don't even pretend to work on 5.9 RT#83936
1.37 2012-05-19 11:19:00
- Add x_authority metadata to the distribution for PAUSE.
- Fix restarter regex to apply to files being created/changed,
not just those being deleted.
- Use iomode => ":raw" to stop PNG files getting corrupted
when being slurped on windows as noted on the mailing list.
Adjust DEPENDS
Upstream changes:
0.15 Mon Jan 7 15:59:54 PST 2013
- Cut down dependencies for tests (kazeburo)
0.14 Sat May 26 20:19:23 PDT 2012
- Fixed Plack dependency
0.13 Mon May 14 02:30:13 EEST 2012
- Reverted the fix in 0.12, instead fixing the test to not check port number
0.12 Sun May 13 09:30:58 EEST 2012
- Fixed the default HTTP port detection in case if it was https and use :80 (doy)
Upstream changes:
0.11 Tue Aug 6 23:24:07 JST 2013
- fix bug around crc calculation and footer generation. Thanks syohex-san
0.10 Fri Jul 19 10:42:33 JST 2013
- replace IO::Compress with PM::Deflater::Encoder for performance improvement
0.09 Mon May 24 14:24:04 JST 2013
- buffering a first chunk. It contains only the gzip header
0.08 Mon Jun 18 23:40:04 JST 2012
- do compress->close instead of autoflush to write gzip footer
0.07 Mon Jun 11 17:13:20 JST 2012
- added perlcriticrc, no code changes
0.06 Wed May 16 18:24:27 JST 2012
- Support Streaming, Thank you ranguard.
Changes In Version 3.4
Bugs Fixed
1. If using write() function returned by start_response() and a non string value
is passed to it, then process can crash due to errors in Python object
reference counting in error path of code.
2. If using write() function returned by start_response() under Python 3.X and a
Unicode string is passed to it rather than a byte string, then a memory leak
will occur because of errors in Python object reference counting.
3. Debug level log message about mismatch in content length generated was
generated when content returned less than that specified by Content-Length
response header even when exception occurring during response generation
from an iterator. In the case of an exception occuring, was only meant to
generate the log message if more content returned than defined by the
Content-Length response header.
4. Using writelines() on wsgi.errors was failing.
5. If a UNIX signal received by daemon mode process while still being
initialised to signal that it should be shutdown, the process could crash
rather than shutdown properly due to not registering the signal pipe prior to
registering signal handler.
6. Python doesn't initialise codecs in sub interpreters automatically which in
some cases could cause code running in WSGI script to fail due to lack of
encoding for Unicode strings when converting them. The error message in this
case was:
LookupError: no codec search functions registered: can't find encoding
The 'ascii' encoding is now forcibly loaded when initialising sub
interpreters to get Python to initialise codecs.
7. Response Content-Type header could be corrupted when being sent in
multithreaded configuration and embedded mode being used. Problem thus
affected Windows and worker MPM on UNIX.
Features Changed
1. The HTTPS variable is no longer set within the WSGI environment. The
authoritative indicator of whether a SSL connection is used is
wsgi.url_scheme and a WSGI compliant application should check for
wsgi.url_scheme. The only reason that HTTPS was supplied at all was because
early Django versions supporting WSGI interface weren't correctly using
wsgi.url_scheme. Instead they were expecting to see HTTPS to exist.
This change will cause non conformant WSGI applications to finally break.
This possibly includes some Django versions prior to Django version 1.0.
Note that you can still set HTTPS in Apache configuration using the SetEnv or
SetEnvIf directive, or via a rewrite rule. In that case, that will override
what wsgi.url_scheme is set to and once wsgi.url_scheme is set appropriately,
the HTTPS variable will be removed from the set of variables passed through
to the WSGI environment.
2. The wsgi.version variable has been reverted to 1.0 to conform to the WSGI PEP
3333 specification. It was originally set to 1.1 on expectation that revised
specification would use 1.1 but that didn't come to be.
3. Use of kernel sendfile() function by wsgi.file_wrapper is now off by default.
This was originally always on for embedded mode and completely disabled for
daemon mode. Use of this feature can be enabled for either mode using
WSGIEnableSendfile directive, setting it to On to enable it.
The default is now off because kernel sendfile() is not always able to work
on all file objects. Some instances where it will not work are described for
the Apache EnableSendfile directive.
http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
Although Apache has use of sendfile() enabled by default for static files,
they are moving to having it off by default in future version of Apache. This
change is being made because of the problems which arise and users not
knowing how to debug it and solve it.
Thus also erring on side of caution and having it off by default but allowing
more knowledgeable users to enable it where they know always using file
objects which will work with sendfile().
New Features
1. Support use of Python 3.2.
2. Support use of Apache 2.4.
3. Is now guaranteed that mod_ssl access handler is run before that for
mod_wsgi so that any per request variables setup by mod_ssl are available in
the mod_wsgi access handler as implemented by WSGIAccessScript directive.
4. Added 'python-home' option to WSGIDaemonProcess allowing a Python virtual
environment to be used directly in conjunction with daemon process. Note that
this option does not do anything if setting WSGILazyInitialization to 'Off'.
5. Added 'lang' and 'locale' options to WSGIDaemonProcess to perform same tasks
as setting 'LANG' and 'LC_ALL environment' variables. Note that if needing to
do the same for embedded mode you still need to set the environment variables
in the Apache envvars file or init.d startup scripts.
6. Split combined WWW-Authenticate header returned from daemon process back into
separate headers. This is work around for some browsers which require
separate headers when multiple authentication providers exist.
7. For Python 2.6 and above, the WSGIDontWriteBytecode directive can be used at
global scope in Apache configuration to disable writing of all byte code
files, ie., .pyc, by the Python interpreter when it imports Python code
files. To disable writing of byte code files, set directive to 'On'.
Note that this doesn't prevent existing byte code files on disk being used
in preference to the corresponding Python code files. Thus you should first
remove .pyc files from web application directories if relying on this option
to ensure that .py file is always used.
8. Add supplementary-groups option to WSGIDaemonProcess to allow group
membership to be overridden and specified comma separated list of groups to
be used instead.
9. Add 'memory-limit' option to WSGIDaemonProcess to allow memory usage of
daemon processes to be restricted. This will have no affect on some platforms
as RLIMIT_AS/RLIMIT_DATA with setrlimit() isn't always implemented. For
example MacOS X and older Linux kernel versions do not implement this
feature. You will need to test whether this feature works or not before
depending on it.
10. Add 'virtual-memory-limit' option to WSGIDaemonProcess to allow virtual
memory usage of daemon processes to be restricted. This will have no affect
on some platforms as RLIMIT_VMEM with setrlimit() isn't always implemented.
You will need to test whether this feature works or not before depending on
it.
11. Access, authentication and authorisation hooks now have additional keys in
the environ dictionary for 'mod_ssl.is_https' and 'mod_ssl.var_lookup'. These
equate to callable functions provided by mod_ssl for determining if the
client connection to Apache used SSL and what the values of variables
specified in the SSL certifcates, server or client, are. These are only
available if Apache 2.0 or later is being used.
12. Add 'mod_wsgi.queue_start' attribute to WSGI environ so tools like New Relic
can use it to track request queueing time. This is the time between when
request accepted by Apache and when handled by WSGI application.
Changes with nginx 1.5.3
*) Change in internal API: now u->length defaults to -1 if working with
backends in unbuffered mode.
*) Change: now after receiving an incomplete response from a backend
server nginx tries to send an available part of the response to a
client, and then closes client connection.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used with the "client_body_in_file_only"
directive.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFlyBSD.
Thanks to Sepherosa Ziehau.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: in the ngx_http_sub_filter_module.
Changes with nginx 1.5.2
*) Feature: now several "error_log" directives can be used.
*) Bugfix: the $r->header_in() embedded perl method did not return value
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
had appeared in 1.3.14.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Jim Radford.
*) Bugfix: nginx could not be built on Linux with x32 ABI.
Thanks to Serguei Ivantsov.
Changes with nginx 1.5.1
*) Feature: the "ssi_last_modified", "sub_filter_last_modified", and
"xslt_last_modified" directives.
Thanks to Alexey Kolpakov.
*) Feature: the "http_403" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
*) Feature: the "allow" and "deny" directives now support unix domain
sockets.
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
*) Bugfix: in the "proxy_set_body" directive.
Thanks to Lanshun Zhou.
*) Bugfix: in the "lingering_time" directive.
Thanks to Lanshun Zhou.
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: in the mail proxy server.
Thanks to Filipe Da Silva.
*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.
Changes with nginx 1.4.2
*) Bugfix: the $r->header_in() embedded perl method did not return value
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
had appeared in 1.3.14.
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
*) Bugfix: in the "proxy_set_body" directive.
Thanks to Lanshun Zhou.
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.
Version 0.6.2
-----------------
Released on August 10, 2013
- FIXED: 0.6.1 fails to embed ipython at all
Version 0.6.1
-----------------
Released on August 9, 2013
- FIXED: IPython Shell embedding fails after upgrade to IPython 1.0
Changelog:
FIXED
23.0.1 - Rendering glitches on H.264 video only in FF23 on Vista (901944)
FIXED
23.0.1 - Spellchecking broken with non-ASCII characters in profile path (902532)
FIXED
23.0.1 - Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (901527)
These releases address two cross-site scripting (XSS) vulnerabilities: one in a widget used by Django's admin interface, and one in a utility function used to validate redirects often used after login or logout.
While these issues are of limited impact and may not effect all Django users, we encourage all users to upgrade as soon as possible.
curl: allow timeouts to accept decimal values
OS400: add slist and certinfo EBCDIC support
OS400: new SSL backend GSKit
CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
LIBCURL-STRUCTS: new document
Bugfixes:
dotdot: introducing dot file path cleanup
docs: fix typo in curl_easy_getinfo manpage
test1230: avoid using hard-wired port number
test1396: invoke the correct test tool
SIGPIPE: ignored while inside the library
darwinssl: fix crash that started happening in Lion
OpenSSL: check for read errors, don't assume
c-ares: improve error message on failed resolve
printf: make sure %x are treated unsigned
formpost: better random boundaries
url: restore the functionality of 'curl -u :'
curl.1: fix typo in --xattr description
digest: improve nonce generation
configure: automake 1.14 compatibility tweak
curl.1: document the --post303 option in the man page
curl.1: document the --sasl-ir option in the man page
setup-vms.h: sk_pop symbol tweak
tool_paramhlp: try harder to catch negatives
cmake: Fix for MSVC2010 project generation
asyn-ares: Don't blank ares servers if none configured
curl_multi_wait: set revents for extra fds
Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup()
ftp_do_more: consider DO_MORE complete when server connects back
curl_easy_perform: gradually increase the delay time
curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output
curl: fix upload of a zip file in OpenVMS
build: fix linking on Solaris 10
curl_formadd: CURLFORM_FILECONTENT wrongly rejected some option combos
curl_formadd: fix file upload on VMS
curl_easy_pause: on unpause, trigger mulit-socket handling
md5 & metalink: use better build macros on Apple operating systems
darwinssl: fix build error in crypto authentication under Snow Leopard
curl: make --progress-bar update the line less frequently
configure: don't error out on variable confusions (CFLAGS, LDFLAGS etc)
mk-ca-bundle: skip more untrusted certificates
formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
FTP: when EPSV gets a 229 but fails to connect, retry with PASV
mk-ca-bundle.1: don't install on make install
VMS: lots of updates and fixes of the build procedure
global dns cache: didn't work (regression)
global dns cache: fix memory leak
Upstream changes:
1.3117 31.07.2013
[ ENHANCEMENTS ]
* GH #836: Provide more information when an engine fails to load.
(Yanick Champoux, reported by Daniel Perrett)
[ BUG FIXES ]
* GH #794: Upload data was not kept for forwarded requests.
(reported by William Wolf)
* GH #898: calling halt() doesn't discard set headers anymore.
(Yanick Champoux, reported by Nicolas Franck)
* GH #842: embedded 'prefix' now properly localized.
(Yanick Champoux, reported by Jashank Jeremy)
[ DOCUMENTATION ]
* GH #938: fix doc typos in Dancer::Serializer. (Fabrice Gabolde)
* GH #712: add all status codes known to Dancer to Dancer::HTTP.
(Yanick Champoux, reported by Brian J Miller)
* Add warning that 'forward' doesn't preserver the session. (Alberto Sim玫es)
* GH #941: minor correction to code snippets in documentation.
(Grzegorz Ro偶niecki)
* GH #929: add warning on the use of Corona as underlying web server.
(issue reported by berekuk)
* GH #943: remove mention to 'Dancer::Plugin::Validation',
clean 'dancer -a' sample output. (Grzegorz Ro偶niecki)
Upstream changes:
4.24 2013-08-08
- Added ancestors method to Mojo::DOM.
- Fixed bug where Mojo::IOLoop::Stream timeout was not always available.
4.23 2013-08-01
- Added redirects method to Mojo::Transaction::HTTP.
4.22 2013-07-30
- Improved Mojo::Server to use FindBin more defensively.
- Fixed empty attribute bug in Mojo::DOM::CSS.
- Fixed partial route handling in routes command.
4.21 2013-07-29
- Added strip method to Mojo::DOM.
- Fixed return values of remove and replace methods in Mojo::DOM.
4.20 2013-07-28
- Deprecated Mojo::DOM::attrs in favor of Mojo::DOM::attr.
- Improved Mojo::UserAgent connection management to be fork-safe.
4.19 2013-07-21
- Improved invalid tag handling in Mojo::DOM::HTML.
4.18 2013-07-08
- Added --mode option to Morbo.
- Fixed bug in Mojo::UserAgent where not all 2xx responses would be accepted
for CONNECT requests.
* Merge SunOS patches from www/firefox.
Changelog:
SeaMonkey-specific changes
The Content Security Policy (CSP) 1.0 parser has been enabled.
The Mixed Content Blocker has been enabled, blocking insecure active content loads on HTTPS pages.
New mail alert information can be customized now (Preferences/Mail & Newsgroups/Notifications).
A confirmation prompt has been introduced to protect against accidental permanent data loss when force-deleting messages using Shift+Del.
MailNews Save As Template supports multiple selections now.
The size on disk is now shown for newsgroup folders.
See the changes page for a more complete overview.
Mozilla platform changes
Added support for scrollbar style in Mac OS X 10.7 and newer.
Enabled mixed content blocking to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more).
Improved about:memory's functional UI.
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding.
Simplified interface for notifications of plugin installation.
Enabled users to switch the search provider across the entire browser.
CSP policies using the standard syntax and semantics will now be enforced.
Implemented the HTML5 <input type="range"> form control.
Added unprefixed requestAnimationFrame.
Dropped blink effect from CSS rule text-decoration:blink and completely removed <blink> element.
Fixed several stability issues.
Fixed in SeaMonkey 2.20
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Version 1.8.1
(23 July 2013, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.1
User-visible changes:
- Client- and server-side bugfixes:
* translation updates for German and Simplified Chinese
* improve sqlite error message output (r1497804)
* support platforms lacking mmap (r1498136)
* allow configuration files to start with UTF-8 BOM (r1499100 et al)
* don't fail on UTF-8 data when encoding conversion not available (r1503009)
* improve error messages when encoding conversion fails (r1503010)
- Client-side bugfixes:
* merge: rename 'automatic merge' to 'complete merge' (r1491432)
* mergeinfo: reduce network usage for '--show-revs' (r1492005)
* ra_serf: improve http status handling (r1495104)
* merge: avoid unneeded ra session (r1493475)
* merge: reduce network usage (r1478987)
* merge: remove duplicated ancestry check (r1493424, r1495597)
* ra_serf: fix 'Accept-Encoding' header for IIS interoperability (r1497551)
* svn status: improve documentation for lock columns (r1497318, r1497319)
* ra_serf: fix support for 'get-file-revs-reversed' capability (r1498456)
* log: reduce network usage on repository roots (r1496957)
* diff: avoid temporary files when calling external diff (issue #4382)
* upgrade: fix notification of 1.7.x working copies (r1493703, r1494171)
* fix crash during tree conflict resolution (issue #4388)
* interactive file merge: add two additional choices (r1491816, r1494089)
* diff: use local style paths in error messages (r1500680)
* resolve: improve the interactive conflict resolution menu (r1491739 et al)
* switch: use local style path in error message (r1500074)
* ra_serf: improve error output when receiving invalid XML (r1498851)
* svn cleanup: explain what the command does in help output (r1497310)
* blame: error on -r M:N where M>N unless server supports (r1498449 et al)
* gpg-agent auth: don't try to use agent when unavailable (r1500762 et al)
* gpg-agent auth: don't require GPG_TTY or TERM env vars (r1500801)
* update: fix some tree conflicts not triggering resolver (r1491868 et al)
* commit: remove stale entries from wc lock table when deleting (r1491756)
* merge: fix --record-only erroring out on renamed path (issue #4387)
* svnmucc: fix 'make install' symlink to work when DESTDIR is set (r1501072)
* wc: fix crash when target is symlink to a working copy root (issue #4383)
* ra_serf: change "internal malfunction" errors to normal errors (r1502577)
* ra_serf: handle proxies not supporting chunked requests (r1502401 et al)
- Server-side bugfixes:
* fsfs: resolve endless loop problem when repos/db/uuid has \r\n (r1492145)
* fsfs: remove revision property buffer limit (r1491770)
* mod_dav_svn: better status codes for anonymous user errors (r1495918)
* mod_dav_svn: better status codes for commit failures (r1490684)
* fix performance regression in 'svn log' against root (r1494913)
* allow deleting non-user-visible 'svn:' properties (r1495432)
* fsfs: fix crash on strict-alignment architectures (r1495806, r1495985)
* svnadmin upgrade: fix error of non-sharded fsfs repositories (r1494287)
* svnadmin create: deny '--fs-type=fsfs --compatible-version=1.0' (r1494223)
* svnadmin upgrade: fix data loss when cancelling in last stage (r1494298)
* mod_dav_svn: fix incorrect path canonicalization (r1503528)
- Other tool improvements and bugfixes:
* fsfs-stats (tool): resolve segfault when passing invalid path (r1492164)
* svn-bench: fix help output (r1493951)
* svnpubsub: add version header to server (r1491707)
Developer-visible changes
- General:
* ra_serf: fix some test runner issues on Windows (r1490679)
* fix two issues in reverse svn_ra_get_file_revs() (r1492148, et al)
* handle --compatible-version=1.8 in the C tests (r1494342)
* improve clang compatibility (r1480080 et al)
* use proper cancel baton when handling conflicts (r1495850)
* fs: BDB: provide proper error value from BDB (r1495428)
* ra_serf: tweak connection failed error value (r1496132, et al)
* svn_client_log5: resolve possible segfault (r1496110)
* fix metadata_only move to work when target is unversioned node (r1498564)
* ra_svn: fix segfault with a NULL commit message (r1498550, r1499727)
* Ev2: correctly initialize node kind in shims' change table (r1501058)
* Ev2: fix copyfrom URL construction in shims (r1500226)
* fs: improve test against newlines in filenames (r1498483 et al)
* make building with BDB 6 an opt-in feature (r1499438)
* sqlite: allow placing amalgamation in build dir (r1499034, r1500175)
* ra_svn: make sessions usable after log callback early out (r1503554)
- Bindings:
* swig-rb: fix tests with out-of-tree-builds (r1492295)
* javahl: fix encoding of error messages produced by javahl (r1492264)
* swig-pl: silence compiler warnings (r1487094)
* swig-pl: improve documentation (r1488693, r1490721, r1500904)
Mostly a bugfix release.
The full change log:
- Apphook edit mode bugfix
- Added option to render_placeholder tag to set language
- Huge permission cache invalidation speed up
- Doc improvements
- css cleanup in PlaceholderAdmin
- Log change of page status done via AJAX
- Use --noinput convention for delete_orphaned_plugins command
- added Testing docs
- fixed more issues with only one language
- locales updated
Version 0.6.0
-------------
Released on August 7, 2013.
- Drop support for Python 2.5
- Support Python 2.6/2.7 and >= 3.3 using same source code.
Import necessary compatibility code from flask._compat module of current
Flask repo code.
- Use proper argparse subparsers
- Tab completion using `argcomplete`
- Remove question marks from automatically being appended to
prompt_bool and prompt_choices
- FIXED: ipython with disabled bpython
- FIXED: debug parameter no longer passed in from flask_script
ChangeLog:
New Default Theme - Twenty Thirteen
* Focus on blogging
* Single column layout with Sidebar / Widgets in the footer
* Latest Theme Features support, particularly Post Formats and Semantic Markup
* Font-based icons (Genericons)
Admin Enhancements
* UI improvements on Navigation Menus Screen
* Revisions revised to be more dynamic and scalable
* Autosave and Post Locking
* Preview Audio and Video on Media Edit Screen
* In-line login following expired sessions
For Developers
* External Libraries have been updated.
* New audio/video APIs give developers access to powerful media metadata, like ID3 tags.
* Filters for revisions, allowing you to set the number of revisions ad hoc instead of only via a define.
* Semantic Markup allows themes to choose improved HTML5 markup for search forms, comment forms, and comment lists.
* Search content for shortcodes with has_shortcode() and adjust shortcode attributes with a new filter.
More info on http://codex.wordpress.org/Version_3.6
* Install SDK to firefox-sdk directory.
* Split multiple CONFIGURE_ARS's arguments.
* Enable libmozjs.so build.
Changelog:
NEW
Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more)
NEW
Options panel created for Web Developer Toolbox
CHANGED
"Enable JavaScript" preference checkbox has been removed and user-set values will be reset to the default
CHANGED
Updated Firefox Logo
CHANGED
Improved about:memory's functional UI
CHANGED
Simplified interface for notifications of plugin installation
CHANGED
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding
CHANGED
Users can now switch to a new search provider across the entire browser
CHANGED
CSP policies using the standard syntax and semantics will now be enforced
CHANGED
<input type='file'> rendering improvements (see bug 838675)
CHANGED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate
CHANGED
"Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults
DEVELOPER
HTML5 <input type="range"> form control implemented
DEVELOPER
Write more accessible pages on touch interfaces with new ARIA role for key buttons
DEVELOPER
Social share functionality
DEVELOPER
Added unprefixed requestAnimationFrame
DEVELOPER
Implemented a global browser console
DEVELOPER
Dropped blink effect from text-decoration: blink; and completely removed <blink> element
DEVELOPER
New feature in toolbox: Network Monitor
FIXED
Various security fixes
n Firefox 23
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
New features:
- Upgrade licence to GPL v3+.
- Update documentation.
Fixes:
- Since updating Webmin to 1.53, the Add New Config File screen layout is
totally messed up and unusable.
- Update broken links to maxmind.
Flask-Principal provides a very loose framework to tie in providers
of two types of service (Authentication, User information), often
located in different parts of a web application.
Looseness of the framework is provided by using signals as the
interface.
Version 1.0
-----------
(Released on July 20th 2013, no codename)
- Added Python 3.3 support.
- Dropped 2.5 compatibility.
- Various bugfixes
- Changed versioning format to do major releases for each update now.
Release date: 2013-07-04
Opera 12.16 is a recommended upgrade offering security and stability enhancements.
Fixes and Stability Enhancements since Opera 12.15
Security
* Replaced code signing certificate; see our advisory:
http://www.opera.com/security/advisory/1048
Changes with Apache 2.0.65
*) SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
log file. [Eric Covener, Jeff Trawick, Joe Orton]
*) SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose "httpOnly" cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
*) SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
to cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]
*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
bug#51714. [Jeff Trawick, Stefan Fritsch, Jim Jagielski, Ruediger Pluem,
Eric Covener, <lowprio20 gmail.com>]
*) SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
NOTE: it remains possible to exhaust all memory using a carefully
crafted .htaccess rule, which will not be addressed in 2.0; enabling
processing of .htaccess files authored by untrusted users is the root
of such security risks. Upgrade to httpd 2.2.25 or later to limit
this specific risk.
*) core: Add MaxRanges directive to control the number of ranges permitted
before returning the entire resource, with a default limit of 200.
[Eric Covener, Rainer Jung]
*) Set 'Accept-Ranges: none' in the case Ranges are being ignored with
MaxRanges none. [Eric Covener, Rainer Jung]
*) mod_rewrite: Allow merging RewriteBase down to subdirectories
if new option 'RewriteOptions MergeBase' is configured.
[Eric Covener]
*) mod_rewrite: Fix the RewriteEngine directive to work within a
location. Previously, once RewriteEngine was switched on globally,
it was impossible to switch off. [Graham Leggett]
*) mod_rewrite: Add "AllowAnyURI" option. bug#52774. [Joe Orton]
*) htdigest: Fix buffer overflow when reading digest password file
with very long lines. bug#54893. [Rainer Jung]
*) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
OpenSSL 0.9.7 flag which uses the server's cipher order rather
than the client's. bug#28665.
[Jim Schneider <jschneid netilla.com>]
*) mod_include: Prevent a case of SSI timefmt-smashing with filter chains
including multiple INCLUDES filters. bug#39369 [Joe Orton]
*) mod_rewrite: When evaluating a proxy rule in directory context, do
escape the filename by default. bug#46428 [Joe Orton]
*) Improve platform detection for bundled PCRE by updating config.guess
and config.sub. [Rainer Jung]
*) ssl-std.conf: Disable AECDH ciphers in example config. bug#51363.
[Rob Stradling <rob comodo com>]
*) ssl-std.conf: Change the SSLCipherSuite default to a shorter,
whitelist oriented definition. [Rainer Jung, Kaspar Brand]
*) ssl-std.conf: Only select old MSIE browsers for the downgrade
in http/https behavior. [Greg Stein, Stefan Fritsch]
What's new in 1.5.3 (July 2013)
===================================
1. Minor fixes
2. Updated and improved documentation
3. Several plugin fixes and updates including Tags, Pagination, and
Ajax comments
4. Improved tests
Changelog:
Security buxfixes.
SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.
SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed.
And feature enhancement and bugfixes.
The Flask-Script extension provides support for writing external
scripts in Flask. This includes running a development server, a
customised Python shell, scripts to set up your database, cronjobs,
and other command-line tasks that belong outside the web application
itself.
Version 0.9.3
-------------
(bugfix release, released on July 25th 2013)
- Restored beahvior of the ``data`` descriptor of the request class to pre 0.9
behavior. This now also means that ``.data`` and ``.get_data()`` have
different behavior. New code should use ``.get_data()`` always.
In addition to that there is now a flag for the ``.get_data()`` method that
controls what should happen with form data parsing and the form parser will
honor cached data. This makes dealing with custom form data more consistent.
Upstream changes:
0.618 (03.29.2013) - John Siracusa <siracusa@gmail.com>
* Made compatible with perl 5.17.10 (RT 84279)
0.617 (12.30.2012) - John Siracusa <siracusa@gmail.com>
* Added base 2.18 as a prerequisite to avoid a load-order bug that
occurs with some older versions.
* Preserve custom class attributes on label objects (RT 82333)
(Patch by Tom Heady)
0.616 (05.09.2012) - John Siracusa <siracusa@gmail.com>
* Added add_class(es) and delete_class(es) methods.
* Added was_submitted() method to the submit button class.
* Calling clear() on a hidden field now clears it.
0.615 (05.01.2012) - John Siracusa <siracusa@gmail.com>
* Minor efficiency improvements in HTML generation.
0.614 (04.02.2012) - John Siracusa <siracusa@gmail.com>
* Deprecated and undocumented the form_rank_counter() method. It will
be removed in a future release.
* Fixed a bug that could cause a repeated form to get the wrong rank.
0.613 (04.02.2012) - John Siracusa <siracusa@gmail.com>
* Added make_next_form() method to repeatable forms.
* Documented the empty_is_ok() attribute of repeatable forms.
0.612 (03.26.2012) - John Siracusa <siracusa@gmail.com>
* Worked around fatal error triggered by loading Rose::HTML::Form
in the perl debugger in some older versions of perl. (e.g.,
perl -I lib -d lib/Rose/HTML/Form.pm)
Upstream changes:
0.034 2013-06-26 19:02:25 America/New_York
[ADDED]
- Added support for 'Basic' authorization from
user:password parameters in the URL
0.033 2013-06-21 06:26:51 America/New_York
[FIXED]
- Modifying the 'agent' attribute with the accessor will append the
default agent string, just like setting it during construction
0.032 2013-06-20 11:41:24 America/New_York
[ADDED]
- Added 'no_proxy' attribute, defaulting to $ENV{no_proxy}
0.031 2013-06-16 23:18:18 America/New_York
[FIXED]
- Fixed bug receiving 0-length content bodies
0.030 2013-06-13 11:46:15 America/New_York
[FIXED]
- Requests with the empty string as body content no longer generate
'content-type' and 'content-length' headers.
0.029 2013-04-17 13:49:07 America/New_York
[FIXED]
- Checks for new enough OpenSSL library before using SNI (otherwise
IO::Socket::SSL throws warnings)
Changelog:
Version 5.0.9 July 15th 2013
Fixes for mounting an WebDAV into an ownCloud
Improved expiration of older versions in the case of a full storage
IE8 fixes
Increased speed when syncing shared files
Oracle compatibility fixes
Make upgrade routine more robust
Fix gallery for certain php configurations
Fix pdf viewer close button
user_external fixes
Several smaller fixes
Version 5.0.8 July 10th 2013
SECURITY: XSS vulnerability in “Share Interface” (oC-SA-2013-029)
SECURITY: Authentication bypass in “user_webdavauth” (oC-SA-2013-030)
New anonymous upload feature
Fix syncing of external filesystems
External filesystems performance improvements
Improve compatibility with Oracle
Improved and simplified theming
Internet explorer 8 fixes
Fixes for partial file uploads
LDAP: fix handling of User and Group Bases
Improved and more robust upgrade system
A lot of encryption system fixes
Do not add groups if user has no groups
Several Contacts fixes
A lot of smaller bugfixes all over the place
0.2.6
-----
* Add options to disable the login decorators.
* if availabe, use X-Forwarded-For header instead of request.remote_addr for
the session protectin id
Version 0.9.2
-------------
(bugfix release, released on July 18th 2013)
- Added `unsafe` parameter to :func:`~werkzeug.urls.url_quote`.
- Fixed an issue with :func:`~werkzeug.urls.url_quote_plus` not quoting
`'+'` correctly.
- Ported remaining parts of :class:`~werkzeug.contrib.RedisCache` to
Python 3.3.
- Ported remaining parts of :class:`~werkzeug.contrib.MemcachedCache` to
Python 3.3
- Fixed a deprecation warning in the contrib atom module.
- Fixed a regression with setting of content types through the
headers dictionary instead with the content type parameter.
- Use correct name for stdlib secure string comparision function.
- Fixed a wrong reference in the docstring of
:func:`~werkzeug.local.release_local`.
- Fixed an `AttributeError` that sometimes occurred when accessing the
:attr:`werkzeug.wrappers.BaseResponse.is_streamed` attribute.
CppCMS is a free high performance web development framework.
It uses modern C++ and a design borrowing heavily from frameworks
like Django or Java Servlets to handle very high load levels while
minimizing CPU and memory use.
- SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
log file. [Eric Covener, Jeff Trawick, Joe Orton]
- core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
strings. The default limit for ap_pregsub() can be adjusted at compile
time by defining AP_PREGSUB_MAXLEN. [Stefan Fritsch, Jeff Trawick]
- core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
on Linux kernel versions 3.x and above. Bug#55121. [Bradley Heilbrun
<apache heilbrun.org>]
- mod_setenvif: Log error on substitution overflow.
[Stefan Fritsch]
- mod_ssl/proxy: enable the SNI extension for backend TLS connections
[Kaspar Brand]
- mod_proxy: Use the the same hostname for SNI as for the HTTP request when
forwarding to SSL backends. Bug#53134.
[Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
- mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level. [William Rowe]
- mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
with SSLProxyMachineCertificateFile/Path directives. Bug#52212, Bug#54698.
[Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
- mod_proxy_balancer: Added balancer parameter failontimeout to allow server
admin to configure an IO timeout as an error in the balancer.
[Daniel Ruggeri]
- mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
password. [Daniel Ruggeri]
- htdigest: Fix buffer overflow when reading digest password file
with very long lines. Bug#54893. [Rainer Jung]
- mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
- mod_dav: Ensure URI is correctly uriencoded on return. Bug#54611
[Timothy Wood <tjw omnigroup.com>]
- mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. Bug#53910 [Timothy Wood <tjw omnigroup.com>]
- mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
result in a 412 Precondition Failed for a COPY operation. PR54610
[Timothy Wood <tjw omnigroup.com>]
- mod_dav: When a PROPPATCH attempts to remove a non-existent dead
property on a resource for which there is no dead property in the same
namespace httpd segfaults. Bug#52559 [Diego Santa Cruz
<diego.santaCruz spinetix.com>]
- mod_dav: Do not fail PROPPATCH when prop namespace is not known.
Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
- mod_dav: Do not segfault on PROPFIND with a zero length DBM.
Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
Upstream changes:
0.27 02/26/2013
- Remove more HTTP::Headers assumptions
0.26 02/26/2013
- Add parent dependency
0.25 11/10/2012
- Fix problem with META.yml
0.24 11/10/2012
- Skip CONNECT test on Windows
0.23 11/05/2012
- Fix test failures from newer HTTP::Headers
0.22
- Filter out Status header since it's forbidden in PSGI spec (miyagawa)
0.21
- Bump version to fix some CPAN issues.
0.20
- Fix auto guessing of RewriteLocation.
Upstream changes:
1.0028 2013-06-15 01:42:52 PDT
[IMPROVEMENTS]
- Skip cgi related tests for Win32 (chorny) #413
- Skip tests that could potentially write empty bytes, which could cause
issues on some servers on local sockets with HTTP::Tiny
- Skip tests that require HTTP::Cookies, if not available #414
1.0027 2013-06-13 21:30:12 PDT
[IMPROVEMENTS]
- Not a dev release, including XS free version of Plack::Test*
- Fix cgibin tests that often fail on Win32 #375
1.0026 2013-06-12 23:00:21 PDT
[INCOMPATIBLE CHANGES]
- use HTTP::Tiny in Plack::Test::Suite and Plack::Test::Server rather than skipping it.
1.0025 2013-06-12 13:08:58 PDT
[INCOMPATIBLE CHANGES]
- No XS! Eliminates dependency to LWP::UserAgent by making it completely optional for
testing. If you run Plack::Test with Server implemenetation or run Plack::Test::Suite
(for PSGI handlers) without LWP installed, the tests will automatically be skipped.
This removes the eventual sub-dependency to HTML::Parser, which is the only XS dependency
in Plack. #408
[IMPROVEMENTS]
- Fixed the warning in OO usage of Plack::Builder (doy) #407
- Shotgun loader now dies if used in Win32 since it leaks memory #320, #400
- Suppress warnings for Test::TCP (kazeburo) #406
- $res->to_app shortcut (ether) #409
* Protect against buffer overrun in DNS query generation
* SourceFormat Enforcement
* Bug 3297: Fix openSSL related build failures
* Fix build on FreeBSD 9.x platform with clang
* Update enigmail to 1.5.2.
Changelog:
SeaMonkey-specific changes
Mark -> As Read now checks the state of all selected messages instead of only the first one's.
Notifications for mixed content blocker have been implemented.
A new 3rd-party cookie restriction to visited websites option has been added to the Cookies pref pane.
The context menu Search option is now available for textareas and input fields.
Website storage mechanisms are now available in the Data Manager (localStorage, indexedDB, etc.).
"Open Containing Folder" is now already available during download.
See the changes page for minor changes.
Mozilla platform changes
asm.js optimizations (OdinMonkey) have been enabled for major performance improvements.
Improved WebGL rendering performance through asynchronous canvas updates.
Plain text files displayed within the browser will now word-wrap.
For user security, the Components object is no longer accessible from web content.
Improved memory usage and display time when rendering images.
The Pointer Lock API can now be used outside of fullscreen.
CSS3 Flexbox has been implemented and enabled by default.
The new Web Notifications API has been implemented.
Added clipboardData API for JavaScript access to a user's clipboard.
Support for new HTML5 <data> and <time> elements has been added.
Fixed several stability issues.
* Deal with git behavior change in 1.7.2 and newer that broke support
for commits with an empty commit message.
* Pass --no-edit when used with git 1.7.8 and newer.
o properly escape generated HTML
o add authentication for redirections, from martin@netbsd.org
o handle chained ssl certifications, from elric@netbsd.org
o add basic support for gzipped files, from elric@netbsd.org
o properly escape generated URIs
* blogspam: Fix encoding issue in RPC::XML call.
Thanks, Changaco
* comments: The formats allowed to be used in comments can be configured
using comments_allowformats.
Thanks, Michal Sojka
* calendar: When there are multiple pages for a given day, they're
displayed in a popup on mouseover.
Thanks, Louis
* osm: Remove trailing slash from KML maps icon.
* page.tmpl: omit searchform, trails, sidebar and most metadata in CGI
(smcv)
* openid: Automatically upgrade openid_realm to https when
accessed via https.
* The ip() pagespec can now contain glob characters to match eg, a subnet
full of spammers.
* Fix crash that could occur when a needsbuild hook returned a file
that does not exist.
* Fix python proxy to not crash when fed unicode data in getstate
and setstate.
Thanks, chrysn
* Fix committing attachments when using svn.
[SECURITY]
- CR escaping for Set-Cookie and P3P headers was improved. There was potential
for newline injection in these headers.
(Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23)
[INTERNALS]
- Changed how the deprecated endform function was defined for compatibilty
with the development version of Perl.
- Fix failures in t/tmpdir.t when run as root
https://github.com/markstos/CGI.pm/issues/22, RT#80659)
- Made it possible to force a sorted order for things like hash
attributes so that tests are not dependent on a particular hash
ordering. This will be required in modern perls which will
change the ordering per process. (Yves, RT#80659)
- formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock.
- un-TODO some tests in t/tmpdir.t that were passing in most cases.
More on this:
https://github.com/markstos/CGI.pm/issues/19#cc73dc9807
* Mock http responses to avoid unnecessary network requests -- Randy Stauner
* Fix for RT#55591: Incorrect default value for 'codes_to_determinate'
from yibe via github.
- Makefile.PL updated
- removed TLS test for now, some cpan testers reporting issues with
the configuration, seems pointless given the Makefile
- removed some of the tests that seem to fail on congested machines
(eg: cpantesters).
- [SREZIC] added mirror support:
https://rt.cpan.org/Ticket/Display.html?id=44569
Version 0.8.4
-------------
Released 2013/3/28
- Recaptcha Validator now returns provided message (issue #66)
- Minor doc fixes
- Fixed issue with tests barking because of nose/multiprocessing issue.
Version 0.10.1
--------------
(bugfix release, released on June 14th 2013)
- Fixed an issue where ``|tojson`` was not quoting single quotes which
made the filter not work properly in HTML attributes. Now it's
possible to use that filter in single quoted attributes. This should
make using that filter with angular.js easier.
- Added support for byte strings back to the session system. This broke
compatibility with the common case of people putting binary data for
token verification into the session.
- Fixed an issue were registering the same method twice for the same endpoint
would trigger an exception incorrectly.
Version 0.10
------------
Released on June 13nd 2013, codename Limoncello.
- Changed default cookie serialization format from pickle to JSON to
limit the impact an attacker can do if the secret key leaks. See
:ref:`upgrading-to-010` for more information.
- Added ``template_test`` methods in addition to the already existing
``template_filter`` method family.
- Added ``template_global`` methods in addition to the already existing
``template_filter`` method family.
- Set the content-length header for x-sendfile.
- ``tojson`` filter now does not escape script blocks in HTML5 parsers.
- ``tojson`` used in templates is now safe by default due. This was
allowed due to the different escaping behavior.
- Flask will now raise an error if you attempt to register a new function
on an already used endpoint.
- Added wrapper module around simplejson and added default serialization
of datetime objects. This allows much easier customization of how
JSON is handled by Flask or any Flask extension.
- Removed deprecated internal ``flask.session`` module alias. Use
``flask.sessions`` instead to get the session module. This is not to
be confused with ``flask.session`` the session proxy.
- Templates can now be rendered without request context. The behavior is
slightly different as the ``request``, ``session`` and ``g`` objects
will not be available and blueprint's context processors are not
called.
- The config object is now available to the template as a real global and
not through a context processor which makes it available even in imported
templates by default.
- Added an option to generate non-ascii encoded JSON which should result
in less bytes being transmitted over the network. It's disabled by
default to not cause confusion with existing libraries that might expect
``flask.json.dumps`` to return bytestrings by default.
- ``flask.g`` is now stored on the app context instead of the request
context.
- ``flask.g`` now gained a ``get()`` method for not erroring out on non
existing items.
- ``flask.g`` now can be used with the ``in`` operator to see what's defined
and it now is iterable and will yield all attributes stored.
- ``flask.Flask.request_globals_class`` got renamed to
``flask.Flask.app_ctx_globals_class`` which is a better name to what it
does since 0.10.
- `request`, `session` and `g` are now also added as proxies to the template
context which makes them available in imported templates. One has to be
very careful with those though because usage outside of macros might
cause caching.
- Flask will no longer invoke the wrong error handlers if a proxy
exception is passed through.
- Added a workaround for chrome's cookies in localhost not working
as intended with domain names.
- Changed logic for picking defaults for cookie values from sessions
to work better with Google Chrome.
- Added `message_flashed` signal that simplifies flashing testing.
- Added support for copying of request contexts for better working with
greenlets.
- Removed custom JSON HTTP exception subclasses. If you were relying on them
you can reintroduce them again yourself trivially. Using them however is
strongly discouraged as the interface was flawed.
- Python requirements changed: requiring Python 2.6 or 2.7 now to prepare
for Python 3.3 port.
- Changed how the teardown system is informed about exceptions. This is now
more reliable in case something handles an exception halfway through
the error handling process.
- Request context preservation in debug mode now keeps the exception
information around which means that teardown handlers are able to
distinguish error from success cases.
- Added the ``JSONIFY_PRETTYPRINT_REGULAR`` configuration variable.
- Flask now orders JSON keys by default to not trash HTTP caches due to
different hash seeds between different workers.
- Added `appcontext_pushed` and `appcontext_popped` signals.
- The builtin run method now takes the ``SERVER_NAME`` into account when
picking the default port to run on.
- Added `flask.request.get_json()` as a replacement for the old
`flask.request.json` property.
Version 0.9.1
-------------
(bugfix release, released on June 14th 2013)
- Fixed an issue with integers no longer being accepted in certain
parts of the routing system or URL quoting functions.
- Fixed an issue with `url_quote` not producing the right escape
codes for single digit codepoints.
- Fixed an issue with :class:`~werkzeug.wsgi.SharedDataMiddleware` not
reading the path correctly and breaking on etag generation in some
cases.
- Properly handle `Expect: 100-continue` in the development server
to resolve issues with curl.
- Automatically exhaust the input stream on request close. This should
fix issues where not touching request files results in a timeout.
- Fixed exhausting of streams not doing anything if a non-limited
stream was passed into the multipart parser.
- Raised the buffer sizes for the multipart parser.
Version 0.9
-----------
Released on June 13nd 2013, codename Planierraupe.
- Added support for :meth:`~werkzeug.wsgi.LimitedStream.tell`
on the limited stream.
- :class:`~werkzeug.datastructures.ETags` now is nonzero if it
contains at least one etag of any kind, including weak ones.
- Added a workaround for a bug in the stdlib for SSL servers.
- Improved SSL interface of the devserver so that it can generate
certificates easily and load them from files.
- Refactored test client to invoke the open method on the class
for redirects. This makes subclassing more powerful.
- :func:`werkzeug.wsgi.make_chunk_iter` and
:func:`werkzeug.wsgi.make_line_iter` now support processing of
iterators and streams.
- URL generation by the routing system now no longer quotes
``+``.
- URL fixing now no longer quotes certain reserved characters.
- The :func:`werkzeug.security.generate_password_hash` and
check functions now support any of the hashlib algorithms.
- `wsgi.get_current_url` is now ascii safe for browsers sending
non-ascii data in query strings.
- improved parsing behavior for :func:`werkzeug.http.parse_options_header`
- added more operators to local proxies.
- added a hook to override the default converter in the routing
system.
- The description field of HTTP exceptions is now always escaped.
Use markup objects to disable that.
- Added number of proxy argument to the proxy fix to make it more
secure out of the box on common proxy setups. It will by default
no longer trust the x-forwarded-for header as much as it did
before.
- Added support for fragment handling in URI/IRI functions.
- Added custom class support for :func:`werkzeug.http.parse_dict_header`.
- Renamed `LighttpdCGIRootFix` to `CGIRootFix`.
- Always treat `+` as safe when fixing URLs as people love misusing them.
- Added support to profiling into directories in the contrib profiler.
- The escape function now by default escapes quotes.
- Changed repr of exceptions to be less magical.
- Simplified exception interface to no longer require environmnts
to be passed to recieve the response object.
- Added sentinel argument to IterIO objects.
- Added pbkdf2 support for the security module.
- Added a plain request type that disables all form parsing to only
leave the stream behind.
- Removed support for deprecated `fix_headers`.
- Removed support for deprecated `header_list`.
- Removed support for deprecated parameter for `iter_encoded`.
- Removed support for deprecated non-silent usage of the limited
stream object.
- Removed support for previous dummy `writable` parameter on
the cached property.
- Added support for explicitly closing request objects to close
associated resources.
- Conditional request handling or access to the data property on responses no
longer ignores direct passthrough mode.
- Removed werkzeug.templates and werkzeug.contrib.kickstart.
- Changed host lookup logic for forwarded hosts to allow lists of
hosts in which case only the first one is picked up.
- Added `wsgi.get_query_string`, `wsgi.get_path_info` and
`wsgi.get_script_name` and made the `wsgi.pop_path_info` and
`wsgi.peek_path_info` functions perform unicode decoding. This
was necessary to avoid having to expose the WSGI encoding dance
on Python 3.
- Added `content_encoding` and `content_md5` to the request object's
common request descriptor mixin.
- added `options` and `trace` to the test client.
- Overhauled the utilization of the input stream to be easier to use
and better to extend. The detection of content payload on the input
side is now more compliant with HTTP by detecting off the content
type header instead of the request method. This also now means that
the stream property on the request class is always available instead
of just when the parsing fails.
- Added support for using :class:`werkzeug.wrappers.BaseResponse` in a with
statement.
- Changed `get_app_iter` to fetch the response early so that it does not
fail when wrapping a response iterable. This makes filtering easier.
- Introduced `get_data` and `set_data` methods for responses.
- Introduced `get_data` for requests.
- Soft deprecated the `data` descriptors for request and response objects.
- Added `as_bytes` operations to some of the headers to simplify working
with things like cookies.
- Made the debugger paste tracebacks into github's gist service as
private pastes.
Version 0.8.4
-------------
(bugfix release, release date to be announced)
- Added a favicon to the debugger which fixes problem with
state changes being triggered through a request to
/favicon.ico in Google Chrome. This should fix some
problems with Flask and other frameworks that use
context local objects on a stack with context preservation
on errors.
- Fixed an issue with scolling up in the debugger.
- Fixed an issue with debuggers running on a different URL
than the URL root.
- Fixed a problem with proxies not forwarding some rarely
used special methods properly.
- Added a workaround to prevent the XSS protection from Chrome
breaking the debugger.
- Skip redis tests if redis is not running.
- Fixed a typo in the multipart parser that caused content-type
to not be picked up properly.
Changelog:
Add support for time to first byte in the AccessLogValve. Patch provided by Jeremy Boynes.
Correct a regression introduced in 7.0.39 (refactoring of base 64 encoding and decoding) that broke the JNDI Realm when userPassword was set and passwords were hashed with MD5 or SHA1.
Ensure that the build process produces Javadoc that is not vulnerable to CVE-2013-1571. Based on a patch by Uwe Schindler.
Upstream changes:
2.5.1
Highlights
MDL-39824 - Simplification of themes
MDL-38434 - Functional tests added for the Chat activity
MDL-39723 - Two unnecessary course queries were removed from most pages
Functional changes
MDL-39790 - My Latest badges block appears on the course page
API changes
MDL-40137 - Correct naming of functions in theme/clean/lib.php
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-39778 - Course deletion now functions with badges.
MDL-40120 - Issue when recent PostgreSQL versions retrieve the number of records from course table fixed.
MDL-39697 - Bootstrap layouts now have 'Maintenance' layout and related options.
MDL-40065 - Bootstrap Theme only sends content to "side-pre" if necessary.
MDL-40088 - Can now edit course settings if course is in a hidden category.
MDL-39979 - Teachers no longer see errors when Show Activity Reports is set to yes.
MDL-39363 - SCORM pass/fail status is set for a grade of 0.
MDL-39227 - SCORM navigation panel is no longer hidden when a Bootstrap theme is active.
MDL-39177 - Overwriting files always observes the "alias" attribute.
MDL-33719 - When overwriting a copy of a file with an alias/shortcut of a file, the file thumbnail is refreshed.
MDL-40142 - No JavaScript error is caused by the navigation block in relation to course categories.
MDL-40289 - Badges capabilities now have correct risks, levels and archetypes. Note for sites which are upgrading from 2.5: See the section 'Upgrading from Moodle 2.5 to 2.5.1' in Upgrading for details of how to correctly set badge permissions for each role archetype.
enables you to integrate WebDAV server capabilities to your application.
A fully working example on how to use the library is included. You can find a
server in the DAVServer package. This server is fully functional and can even
be run as daemon.
There is no dedicated change log but version 2.10 was introduced to
pkgsrc 2.5 years ago. The current capability is described by
http://docs.adacore.com/aws-docs/aws.html
This is roughly equivalent to Adacore release 2013 of aws.
The "gnutls" option was added as an alternative to ssl.
Upstream changes:
4.17 2013-07-04
- Updated jQuery to version 2.0.3.
- Improved Mojo::IOLoop::Server to use Perfect Forward Secrecy for TLS.
- Fixed Mojo::Transaction::WebSocket to generate RFC 6455 compliant
Sec-WebSocket-Key headers. (josh)
- Fixed bug where not all uppercase methods were hidden from the router.
4.16 2013-06-19
- Improved Perl 5.10.x and 5.12.x compatibility. (trinitum)
4.15 2013-06-18
- Added around_action hook.
- Improved ojo to make the current controller object available to actions
as $_. (jberger, sri)
- Fixed a few error reporting bugs in Mojo::IOLoop::Client and
Mojo::IOLoop::Server.
- Fixed small emit_chain bug in Mojolicious::Plugins.
REPLACE_PYTHON in two files. From ChangeLog.txt:
## 2012-06-26 0.37
* Fixed datestr issue on Windows -- #155
* Fixed Python 2.4 compatability issues (tx fredludlow)
* Fixed error in utils.safewrite (tx shuge) -- #95
* Allow use of web.data() with app.request() -- #105
* Fixed an issue with session initializaton (tx beardedprojamz) -- #109
* Allow custom message on 400 Bad Request (tx patryk) -- #121
* Made djangoerror work on GAE. -- #80
* Handle malformatted data in the urls. -- #117
* Made it easier to stop the dev server -- #100, #122
* Added support fot customizing cookie_path in session (tx larsga) -- #89
* Added exception for "415 Unsupported Media" (tx JirkaChadima) -- #145
* Added GroupedDropdown to support `<optgroup>` tag (tx jzellman) -- #152
* Fixed failure in embedded interpreter - #87
* Optimized web.cookies (tx benhoyt) - #148
Version 1.8.0
(18 Jun 2013, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.0
User-visible changes:
- General:
* require serf as client-side http library (neon support removed) (r1349694)
* deprecate the Berkeley DB FS backend (libsvn_fs_base) (r1464985 et al)
- Major new features:
* working copy records moves as first-class operation (issue #3631, #4232)
* merge uses reintegrate mode automatically when needed (r1369896 et al)
* FSFS: Packing of revision property shards (issue #3944)
* support inheritable properties (r1395109)
* repository can suggest config for autoprops and ignores (r1401908)
* support gpg-agent for password caching (r1151069)
* authz rules can be stored inside the repository (r1424780)
- Minor new features and improvements (client-side):
* doubled svn:// protocol throughput (r1325899)
* optimize file/dir truename checks on Windows (r1435527)
* new 'commit --include-externals' option (related to issues #1167, #3563)
* new --include-externals option for 'svn list' (issue #4225)
* remove extraneous externals output from 'svn status -q' (issue #1935)
* reject some attempts to merge between unrelated branches (r1215273)
* new --ignore-properties option for 'svn diff' (r1239553, -617)
* new --properties-only option for 'svn diff' (r1336110)
* new --patch-compatible option for 'svn diff' (r1239561)
* new --no-diff-added option for 'svn diff' (r1433958)
* new w/c subtree duplication tool (tools/client-side/detach.py)
* new mergeinfo fixup tool (tools/client-side/mergeinfo-sanitizer.py)
* 'svn diff' can compare arbitrary files and directories (r1310291, et al)
* ra_serf avoids re-downloading content present in pristine store (r1333936)
* 'svn mergeinfo' now honors the --revision (-r) option (issue #4199)
* 'svn mergeinfo' now shows a summary graph by default (issue #4239)
* new --search and --search-and options for 'svn log' (r1354666, -83518)
* 'svn log' reports the node kind even for pre-1.6 revision files (r1242958)
* sort path list generated by "svn log -v --xml" (r1299323)
* new built-in interactive text conflict merge tool (r1357864, et al)
* 'svn --version' shows build system info (r1368662)
* 'svn --version --verbose' shows runtime environment info (r1370813 et al)
* 'svn' is now non-interactive when not run in a terminal device (r1424037)
* 'svn propset' checks spelling of reserved property names (r1470781)
* improve working copy performance on network disks (issue #4176)
* support for custom keyword definitions in svn:keywords (issue #890)
* svn:ignore __pycache__ directories by default (r1150073)
* 'svn diff --git' include copyfrom revision in "copied" headers (r1155279)
* svn:mergeinfo related operations now use much less memory (r1149519 et al)
* get list of supported schemes for RA libraries (r1148134)
* 'svn checkout' skips file externals from other repositories (r1153110)
* 'svn resolve' exits non-zero if conflicts could not be resolved (r1150439)
* let HTTPv2-aware clients fetch v2-style resources (r1161202)
* 'svn status' with better NLS support (r1157537, -682)
* better tracking of shallow-yet-complete merges (issues #4056, #4057)
* make 'svn status --quiet' w/ externals quieter still (issue #1935)
* ensure that conflict paths are shown relative-ized (r1337520)
* improve performance of local multi-target deletions (r1195873)
* various interactive conflict resolver improvements in 'svn' (r1440421 etc)
* improved tree diff implementation for diff and merge (r1440599 et al)
* tree conflicts on directories detected better during merges (issue #3150)
* allow reverting unmodified copies with 'svn remove' (r1442611)
* make 'svn diff' with mixed URL and local path targets work (r1442640)
* make 'svn patch' re-add deleted directories if needed (r1445333)
* make repos-wc diffs fully ancestry-aware (r1445904)
* 'svn diff --git' now implies 'svn diff --show-copies-as-adds' (r1446279)
* 'svn diff --show-copies-as-adds' now implies --notice-ancestry (r1446279)
* improved tree-conflict detection for 'svn switch' (r1449413, r1450582)
* allow up to 8 revision number digits in 'svn status -v' output (r1428637)
* show node kind (file or dir) in tree conflict descriptions (r1429907)
* restore deleted switched paths upon next update (issue #4295)
* add support for copying paths from foreign repositories (issue #3590)
* fix merge -cA,B with --accept option aborts if rA conflicts (issue #4238)
* 'svn resolve' interactive support; no longer requires --accept (r1336929)
* notify when removing externals leaves behind modified files (r1366021)
* new 'http-max-connections' configuration option for serf (r1421559)
* new 'http-bulk-updates' configuration option for serf (r1421490)
* 'svn cleanup' now runs SQLite "vacuum" to reclaim space (r1418459)
* 'svn info' displays repository-relative URL (r1415365)
* fix serf memory leak on checkout (issue #4194)
* detect duplicate paths setting svn:externals (issue #4227)
* make ra_serf work over HTTP/1.0 proxies (issue #3979)
* make ra_serf accept gzip compression for all responses (r1407454)
* double ra_serf performance for checkout and export (r1407545)
* improve network and disk i/o interleaving in ra_serf (r1407934)
* avoid assert in ra_serf when REPORT response was truncated (r1407935)
* rewrite ra_serf XML parser (r1409259 et al)
* ra_serf can create transaction with inline txnprops (r1375167)
* partially fix replace+propset of locked file fails over DAV (issue #3674)
* fix ra_serf doesn't handle bad baseline error from server (issue #4127)
* decreased default http timeout for ra_serf (issue #3968)
* prevent ra_serf from corrupting the working copy (issue #3993)
* ra_serf transmits property changes inline to reduce requests (r1378927)
* allow client to avoid SSL certificate prompts (issue #2410)
* improve interactive resolution of property conflicts (r1387678 et al)
* make ra_serf raise an error upon delta-base mismatch (issue #4235)
* tune ra_svn transmit buffer handling (r1391788)
* make 'svnrdump' work with serf (issue #4116)
* fix 'svnrdump' on path below repository root (issue #4101)
* support ipv6 in URLs (e.g. http://[::1]/svn/repos) (r1454047)
* conflict resolver now iterates paths in a sorted order (r1461820)
* mod_dav_svn does keyword expansion with 'kw=1' query arg (r1466055)
* add support for custom keyword definitions (issue #890)
- Minor new features and improvements (server-side):
* improve performance of config file parsing (r1344347 et al)
* new 'svnadmin load --revision' load filtering support (issue #3734)
* new 'svnadmin hotcopy --incremental' support for FSFS (issue #3815)
* new 'svnadmin lock' / 'svnadmin unlock' subcommands (issue #3942, #4092)
* new SVNUseUTF8 configuration option for mod_dav_svn (issue #2487)
* new SVNHooksEnv configuration option for mod_dav_svn (r1239966)
* new SvnPubSub distributed commit hooks (tools/server-side/svnpubsub)
* new light-weight benchmarking client (tools/client-side/svn-bench)
* svndumpfilter dependency analysis (tools/server-side/svnpredumpfilter.py)
* new automatic working copy updater (tools/server-side/svnpubsub)
* new 'svnadmin freeze' subcommand (r1376228)
* 'svndumpfilter' now supports --delta dumpfiles (r1351009, -3745)
* new --drop-all-emtpy-revs option for 'svndumpfilter' (issue #3681)
* client version info now reported to commit hooks (issue #4124)
* txn name now reported to post-commit hooks (r1240856)
* support for server-side keyword expansion in mod_dav_svn (r1466055)
* FSFS now able to cache revision properties (r1326307)
* FSFS cache for changed-paths increases 'svn log' performance (r1378358)
* FSFS cache mergeinfo requested during 'log -g' (r1395439)
* many FSFS caching improvements (r1390435, r1390447)
* directory and property deltification option in FSFS (issue #4084)
* fine-grained control deltification behavior via fsfs.conf (r1311476)
* FSFS de-duplication ("rep sharing") now works within a revision (r1397773)
* FSFS de-duplication now works for properties as well (r1243312)
* read FSFS data using fewer fopen calls (issue #3372)
* 'svnadmin verify' will now check meta data (issues #3956, #4211)
* 'svnadmin verify' now checks for issue #4129 style corruption (r1304656)
* new --client-speed option for svnserve (r1391788)
* new --single-threaded option in svnserve (r1296018)
* hook script templates are now marked as executable (r1153414)
* error out on non-canonical fspaths in the authz file (r1166111)
* improve path lookup performance in FSFS (r1442088)
* svnserve now logs explicit path and reason for authz failures (r1446542)
* validate offsets from rep-cache to prevent FSFS corruption (issue #4277)
* new AuthzSVNGroupsFile option to store authz groups separately (r1438407)
* new 'SVNAllowBulkUpdates prefer' option for mod_dav_svn (r1417642, et al)
* new 'SVNMasterVersion' option for mod_dav_svn (r1398962)
* added virtual-host support to 'svnserve' (r1401296)
* new fsfs-stats tool which prints FSFS repository stats (r1410995)
* new fsfs-reorg tool to optimize FSFS packing (r1383214, r1385395)
* new --compatible-version option for 'svnadmin create' (r1407279 )
* new --ignore-properties option for 'svnlook diff' (r1407905)
* new --properties-only option for 'svnlook diff' (r1407905)
* new --diff-cmd option for 'svnlook diff' (r1413449)
* allow leading "r"'s in http: ?p= and ?r= query parameters (r1221463)
* faster 'svn ls' for large directories (r1296627)
* mod_dav_svn now advertises supported POST types (r1375123)
* mod_dav_svn can create transaction with inline txnprops (r1375167)
* run start-commit hook after transaction creation (r1376201)
* avoid byte-for-byte comparison where it can be avoided (r1390641)
* various server-side performance improvements for 'log -g' (r1395442 et al)
* allow up to 10Gbit throughput with svnserve (r1391788)
* install mod_dontdothat correctly (r1454450)
* svnadmin verify can now verify transactions (r1462353)
* FSFS verifies revisions as they are added (r1462409)
- Client-side bugfixes:
* fix inconsistent 'svn log' output for empty revisions (issue #3964)
* fix mis-ordered text output of 'svn log --diff' on Windows (r1220783)
* fix 'svn log --diff' on moved file (issue #4153).
* fix 'svn revert' of 'svn move' (issue #876)
* fix file externals wrongly "resurrecting" a deleted file (#4017)
* fix reporting of corrupted 1.6 w/cs by 'svn upgrade' (r1182904, -9)
* fix bug caused by URI-decoding local merge source paths (r1210539)
* fix properties out of sync with repos after merge and revert (issue #4305)
* fix merge of replacement on local delete fails (issue #4011)
* fix replacements on deletes produce wrong tree conflicts (issue #3806)
* made ra_serf handle location headers that are not RFC-compliant (r1443906)
* merge no longer errors out after resolving all conflicts (issue #4316)
* fix svn blame mis-categorizing file type as binary (issue #2089)
* fix externals not removed when working copy is made shallow (issue #3741)
* fix update under add with not-present parent (issue #4111)
* fix revert of files with svn:needs-lock under copied dirs (r1343168)
* fix repos->wc diff of local copied/moved-here directories (r1341927)
* fix repos->wc diff of local copied/moved-here files (r1341544)
* fix "svn diff -cN PATH" where PATH was deleted in rN (r1338708)
* fix dependency on APR hash order in several logic paths (r1338350 et al)
* fix path inconsistencies in 'svn diff' output (r1338291)
* fix misleading error message printed by 'svn switch' (issue #2337)
* fix bug in mergeinfo recording during foreign-repos merge (r1430310)
* fix spurious merge conflicts for binary files with keywords (issue #4221)
* fix patching symlinks with 'svn patch' (issue #4273)
* make 'svn switch' refresh lock information (issue #3376)
* fix 'svn diff' output doesn't apply as patch without fuzz (issue #3362)
* fix mergeinfo recording for multiple-revision-range merge (issue #4306)
* fix diffs shown by 'show-diff' conflict prompt option (r1438879)
* don't print an update summary header with no content (r1439480)
* make 'svn rm' remove externals registrations below its targets (r1361256)
* fix crashes in ra_serf where AVG 2012 Surf-Shield is in use (issue #4175)
* don't raise conflicts on identical binary files (issue #4128)
* improve error messages when wc.db missing (issue #4118)
* fix 'svn diff' showing wrong text change (issue #4270)
* fix 'svn diff -rN' failing to show local replace (issue #3797)
* fix 'svn diff' showing wrong revision (issue #4010)
* fix 'svn merge' showing spurious notifications (issue #2910)
* parse '.@HEAD' correctly (issue #3606)
* fix 'svn revert' after conflict in sparse working copy (issue #4168)
* fix bug in global/per-server config handling in serf (r1421516)
* properly display errors from serf (r1398742)
* fix crash in ra_serf (r1408291)
* fixed svnmucc propset and propdel on repository root (issue #3663)
* fix 'svn info' output with ancient svnserve servers (pre-1.2) (r1409732)
* ra_serf shows error message for 408 Request Timeout response (r1410983)
* fix handling of "\ No newline ..." in diff/patch (r1411723, r1412382)
* allow infinite http timeout in ra_serf (r1411976)
* using unknown svn: property names now requires --force (issue #4261)
* fix handling of case insensitive configuration files (r1215089)
* properly handle errors during password caching (r1380695)
* fix svnversion output not always a number (issue #4226)
* fix conflict resolver losing executable bit of a file (r1391019)
* fix redundant notifications when merging with ra_serf (issue #3802)
* fix 'svn add --force /path/to/wcroot' should work (issue #4241)
* fix file permissions changed after commit (issue #4331)
* improve handling of http errors in ra_serf (1452792, 1452870)
* include checksum of missing pristines in error message (r1452800)
* fix an assert when merging against a replaced source (issue #4132)
* fix replacement in merge source has incorrect notification (issue #4138)
* improve performance of checkout (r1453791)
* fixed documentation regarding merge source (issue #3247)
* fix merge errors out after resolving conflicts (issue #4316)
* fix delete/move with file external in unversioned dir (issue #4293)
* fix resolving tree conflict with local node missing (r1461848)
* fix invalid read during diff suffix scanning (issue #4339)
* fix assertion when running 'svn log <SOME_URL>@PREV' (r1462134)
* optimize enumerating configuration options (r1464478)
* revert will now sleep for timestamps if using commit times (r1464769)
* don't allow externals to be deleted with 'svn rm' (r1464992)
* improved memory usage in ra_serf and ra_local (r1465280)
* replace some assertions with more helpful error messages (r1465975)
* fixed long keyword expansion truncated (issue #4349)
- Server-side bugfixes:
* SVNParentPath / repository listing now authz-filtered (r1408184)
* user/group names in the authz config file are case-sensitive (r1475772)
* limit commit runtime for nodes with very deep histories (r1224836)
* 'svnadmin recover' truncates rep-cache at the right point (issue #4077)
* fix crashes in dumpstream loading with skipped revs (r1214202, r1214216)
* fix 'svn log -g' incorrectly treating rename as merge (issue #4022)
* fix bug where fsfs file-hinting fails (issue #4320)
* don't leak path of repository on server's disk to clients (r1330906)
* remove spurious is-fresh-txn-root from empty revision files (issue #4031)
* fix a stdout handling problem in 'svnlook diff' (r1411971)
* fix erratic behaviour in 'svnlook diff' showing property diffs (r1412224)
* fix inconsistent authz error messages in 'svn log' in svnserve (r1292462)
* fix svndumpfilter for empty paths in included or excluded lists (r1294583)
* make fsfs packing threadsafe (r1376011)
* don't error out on intermittent memcached failures (r1394470)
* fix a ra_svn deadlock with zero-copy server option (r1465622)
- Other tool improvements and bugfixes:
* 'svnmucc' promoted to first-class supported utility (issue #3308, #4279)
* make 'svnmucc' prompt for log messages (issue #3418)
* rename 'svnauthz-validate' to 'svnauthz' (issue #4284)
* make 'svnauthz' optionally validate user/path access (r1197588)
* fix mailer.py test suite problems (r1449582)
* fix mailer.py not showing dirs with property deletions (r1449582)
* make mailer.py generate Date and Message-ID headers (r1449592)
* new '-?' option support for 'svnmucc' (r1339428)
* provide the repository name to mailer.py (r1439592)
* add '--force-interactive' to svnmucc (r1457789)
* add '--trust-server-cert' to svnmucc (r1458995)
Developer-visible changes:
- General:
* now require Python 2.5 for tests and dev tools (r1243627)
* now require bzip2 for tests and dev tools (r1148512)
* configure defaults to --without-apache-libexecdir (r1469862)
* support builds with APR pool debugging (r1176894)
* 'make extraclean' is more thorough now (r1149460)
* support for Serf 2 (r1147538)
* introduction of editor v2 (via private APIs only) (r1166332 et al)
* improve SQLite setup for compatibility with OS X 10.7. (r1181666)
* rework switch statement to accomodate OWC compiler limitations (r1204407)
* new --enable-sqlite-compatibility-version configure option (r1201421)
* make test suite LD_LIBRARY_PATH include just-built auth plugins (r1200474)
* packages/ directory removed, contents were outdated and unused (r1442167)
* rename 'makefile.ezt' to 'build-outputs.mk.ezt' (r1444822)
* use expensive compiler optimizations with --enable-optimize (r1445063)
* in Visual C++ builds, move temp files to different directory (r1446416)
* remove --with-ssl and --with-gssapi configure options (r1449023)
* require at least serf 1.2.0 as build dependency (issue #4296)
* fix error tracing to record file/line properly (r1331242)
* add --log-level argument to win-tests.py (r1335461)
* improve GDB pretty-printing of svn types (r1351336, r1364750, r1365035)
* load third-party FS modules (if --enable-runtime-module-search) (r1362434)
* enable running the regression tests over https (r1349699)
* support 'make davautocheck' on OS X (r1421583)
* new '--enable-gcov' configure option (r1416646)
* fix build with Apache HTTPD 2.5 (r1408985)
* allow running the test suite through a http proxy (r1410195)
* don't use non-constant initializers in struct variables (r1412911)
* allow generation of Visual Studio 2012 compatible projects (r1245152)
* nicer pretty-printing of Subversion data types in gdb (r1367262 et al)
* teach serf build on Windows to use static APR/Util and OpenSSL (r1371338)
* add --ssl-cert option to win-tests.py to run tests over https (r1372760)
* don't strip Content-Type header form .po files on Windows (r1380056)
* configure now script auto-detects GNOME keyring (r1387230)
* allow configure to detect BDB on Debian-based Linux distros (r1390633)
* auto-detect serf via pkg-config (r1391662)
* improve queries for compatability with SQLite 3.7.16 (r1455239)
* remove support for in-tree apr, apr-util and apr-memcache (r1456924)
* FSFS caching supports prefixes now (r1462436)
* maintainer mode now prints symbolic error codes (r1465157)
* don't require NLS support for kwallet support (r1466445)
* make Julian happy (r1413030)
- API changes:
* fix inconsistent handling of log revs without changed paths (issue #3694)
* deprecated SVN_ERR_SQLITE_UNSUPPORTED_SCHEMA (r1173240)
* provide API to clear cached auth credentials (issue #2775)
* improve repository location information in various APIs (issue #4170)
* major rewrite of conflict storage and handling APIs (r1354973 et al)
* hide (deprecate) svn_wc APIs that use editors (r1243339)
* svn_stringbuf_ensure() allocates an extra byte for terminator (r1308966)
* switch and update apis are now more consistent (r1465292)
* deprecated svn_client_merge_reintegrate (r1466742)
* deprecated low level ra_svn apis (r1466907)
- Bindings:
* star-imports in swig-py only import 'svn_*' symbols (r1303375)
* fix compilation of Perl bindings on Mandriva 2007 (issue #2617)
* new JavaHL testing targets (r1182983)
* enable returning an error on malfunctions for JavaHL (r1366215)
* MacOS X build fix to cope with missing GNOME keyring (r1397844)
* fix swig bindings tests on MacOS X (r1397846)
* fix assertion failure in JavaHL error reporting (r1405922)
* support ruby 1.9 (r1407206)
* JavaHL: Include OSGI Manifest information in svn-javahl.jar (r1234864)
* new svn_auth_set_gnome_keyring_unlock_prompt_func function (r1241554)
* fix svn_txdelta window ops for python bindings (r1389054)
* fix build of Perl bindings with newer versions of SWIG (r1389658)
* add missing API functions to Perl bindings (issue #2646)
* add missing API functions to Python bindings (r1392038 et al)
* add missing API functions to JavaHL bindings (issue #4326)
* fix some reference counting bugs in swig-py bindings (r1464899, r1466524)
Serf 1.2.1 [2013-06-03, from /tags/1.2.1]
Fix issue 95: add gssapi switches to configure (r1864, r1900)
Fix issue 97: skip mmap bucket if APR_HAS_MMAP is undefined (r1877)
Fix issue 100: building against an old Windows Platform SDK (r1881)
Fix issue 102: digest authentication failures (r1885)
Improve error return values in SSPI authentication (r1804)
Ensure serf-1.pc is constructed by serfmake (r1865)
Optimize SPNego authentication processing (r1868)
Reject certs that application does not like (r1794)
Fix possible endless loop in serf_linebuf_fetch() (r1816)
Windows build: dereference INTDIR in serf.mak (r1882)
Serf 1.2.0 [2013-02-22, from /tags/1.2.0, r1726]
Fixed issue 94: Serf can enter an infinite loop when server aborts conn.
Fixed issue 91: Serf doesn't handle an incoming 408 Timeout Request
Fixed issue 80: Serf is not handling Negotiate authentication correctly
Fixed issue 77: Endless loop if server doesn't accept Negotiate authn
Fixed issue 93: cleanup-after-fork interferes with parent (r1714)
Fixed most of issue 89: Support REAL SPNEGO authentication
Enable Negotiate/Kerberos support for proxy servers.
Return error when C-L, chunked, gzip encoded response bodies where
truncated (due to aborted connection) (r1688)
Add a logging mechanism that can be enabled at compile-time.
Don't lookup server address if a proxy was configured. (r1706)
Fix an off-by-one in buffer sizing (r1695)
Disable SSL compression by default + API to enable it (r1692)
New serf_connection_get_latency() for estimated network latency (r1689)
New error code and RFC compliance for the HTTPS tunnel (r1701, r1644)
Handle EINTR when a user suspends and then backgrounds the app (r1708)
Minor fixes and test suite improvements.
into www/p5-Dancer-Session-Cookie.
This module implements a session engine for sessions stored entirely in
cookies. Usually only session id is stored in cookies and the session data
itself is saved in some external storage, e.g. database. This module allows
to avoid using external storage at all.
Since server cannot trust any data returned by client in cookies, this
module uses cryptography to ensure integrity and also secrecy. The data
your application stores in sessions is completely protected from both
tampering and analysis on the client-side.
into www/p5-Session-Storage-Secure.
This module implements a secure way to encode session data. It is primarily
intended for storing session data in browser cookies, but could be used with
other backend storage where security of stored session data is important.
Features include:
() Data serialization and compression using Sereal
() Data encryption using AES with a unique derived key per encoded session
() Enforced expiration timestamp (optional)
() Integrity protected with a message authentication code (MAC)
Bug 3762: remove bogus WARNING in cache.log
Fix Ip::Address::operator =(sockaddr_storage)
Make sure %<tt includes all [failed] connection attempts.
Bug 3854: pt1: compile errors on AIX
Fix request headers logging for icap_log
Support HTTP reply ACLs in icap_log and log_icap
Bug 3802: Fix wrong check inside Format::Format::assemble
Bug 3786: Fix configure with --disable-internal-dns compile error
Polished icap_service and ecap_service documentation.
SourceFormat Enforcement
Bug 3717: assertion failed with dstdom_regex with IP based URL
Fix incorrect external_acl_type codes
Avoid segfaults on seriously malformed requests when ICAP logging is enabled.
Ask for SSL key password when started with -N but without sslpassword_program.
basic_ncsa_auth: fix unused variable warnings (typo in rev.12762)
Fix buffer null termination
Bug 1991: kqueue causes SSL to hang
=== 2.0.18 ===
1173[tip] 93c436da2d19 2013-06-14 07:21 -0700 afshar
Remove unused script.
1172 e692050ec194 2013-06-14 07:20 -0700 afshar
Updated docs.
1171 159874713088 2013-06-14 07:20 -0700 afshar
Bumped version.
1170 7b4e3c22e83c 2013-06-07 15:52 +0200 burcud
Adding missing unit attributes for unit picing elements.
1169 ad8ee900dda5 2013-06-06 19:01 +0200 burcud
Fixing identifier_exists attribute for product items.
1168 d6ce8dc4970a 2013-06-06 17:53 +0200 burcud
Fixing multipack attribute.
1167 b87779918c90 2013-06-06 15:10 +0200 burcud
Adding new product spec attributes.
1166 624d33ad26f2 2013-02-11 12:47 -0800 rkubiak
Update Sites Python API to allow page creation from a template
1165 ecb1d49b5fbe 2013-01-07 11:29 -0800 dhermes
Adding an OAuth2Token subclass which can interact with google-api-python-client.
1164 f76c53eaf151 2012-11-20 16:09 +0100 burcud
Modifying Content API for Shopping client to use schema projection.
1163 a8c25010b8b7 2012-08-27 13:50 -0700 dhermes
Adding in ability to change Content for Shopping base URI via a kwarg for client constructor. (Fixes 6479060).
1162 c5d57eff0ef4 2012-08-15 08:31 -0700 dhermes
Adding paid clicks to Content API performance datapoint. (Issue 6443130)
1161 71971b013563 2012-08-06 15:20 -0700 dhermes
Adding support for adwords_accounts settings element in managedaccounts feed of Content API. (6443092)
1160 cf0208e89433 2012-07-30 09:53 -0700 dhermes
Changing OAuth2 Authorization Header lead in from OAuth to Bearer (per http://goo.gl/QDiLZ). (issue 6455060)
1159 3b021605570f 2012-07-12 18:14 -0700 dhermes
Adding missing name XML attribute to gdata.contentforshopping.data.Group.
1158 524fc2b2e821 2012-06-19 08:43 -0700 dhermes
Renaming classes for inventory feed of Content API. (Issue 6296085)
1157 32c0cb313b2e 2012-06-14 15:36 -0700 dhermes
Updating offline URI for OAuth2 and explicity specifying approval_prompt as a kw arg. (Issue 6296072)
1156 f7593ae5d035 2012-06-14 15:35 -0700 dhermes
Added individual get for ManagedAccounts, functionality for paging and changed to correct endpoint. (issue 6304076)
1155 723e577ada7b 2012-06-14 13:53 -0700 dhermes
Adding support for Local Products feed in Content API. (Issue 6305091)
1154 75ee2830ca74 2012-06-13 12:48 -0700 dhermes
Adding support for wrong open search version hack on other ContentAPI Feed classes. (Issue 6296071)
1153 f783c64b953f 2012-06-13 10:07 -0700 dhermes
Adding support for Data Quality Feed of Content API for Shopping. (Issue 6295074)
1152 4cc916619658 2012-06-13 09:07 -0700 dhermes
Adding back accidentally removed code from commit c92bc870e3a4363bed2732d50d782189407af7ac.
1151 c92bc870e3a4 2012-06-13 09:01 -0700 dhermes
Adding support for Content API Users Feed. (Issue 6295071)
1150 0dcb1f3aff81 2012-06-12 17:25 -0700 dhermes
Adding custom id parser for Content API errors. (issue 6306073)
1149 8f11de681f03 2012-06-12 17:21 -0700 dhermes
Adding support for product status elements in app:control for content for shopping. (Fixes 6299076)
Changes:
--------
darwinssl: add TLS session resumption
darwinssl: add TLS crypto authentication
imap/pop3/smtp: Added support for ;auth= in the URL
imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD
usercertinmem.c: add example showing user cert in memory
url: Added smtp and pop3 hostnames to the protocol detection list
imap/pop3/smtp: Added support for enabling the SASL initial response
curl -E: allow to use ':' in certificate nicknames
Bugfixes:
---------
SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond
the end of the input buffer [26]
FTP: access files in root dir correctly
configure: try pthread_create without -lpthread
FTP: handle a 230 welcome response
curl-config: don't output static libs when they are disabled
CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
Various documentation updates
getinfo.c: reset timecond when clearing session-info variables
FILE: prevent an artificial timeout event due to stale speed-check data
ftp_state_pasv_resp: connect through proxy also when set by env
sshserver: disable StrictHostKeyChecking
ftpserver: Fixed imap logout confirmation data
curl_easy_init: use less mallocs
smtp: Fixed unknown percentage complete in progress bar
smtp: Fixed sending of double CRLF caused by first in EOB
bindlocal: move brace out of #ifdef
winssl: Fixed invalid memory access during SSL shutdown
OS X framework: fix invalid symbolic link
OpenSSL: allow empty server certificate subject
axtls: prevent memleaks on SSL handshake failures
cookies: only consider full path matches
Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()
Curl_cookie_add: handle IPv6 hosts
ossl_send: SSL_write() returning 0 is an error too
ossl_recv: SSL_read() returning 0 is an error too
Digest auth: escape user names with backslash or " in them
curl_formadd.3: fixed wrong "end-marker" syntax
libcurl-tutorial.3: fix incorrect backslash
curl_multi_wait: reduce timeout if the multi handle wants to
tests/Makefile: typo in the perlcheck target
axtls: honor disabled VERIFYHOST
OpenSSL: avoid double free in the PKCS12 certificate code
multi_socket: reduce timeout inaccuracy margin
digest: support auth-int for empty entity body
axtls: now done non-blocking
lib1900: use tutil_tvnow instead of gettimeofday
curl_easy_perform: avoid busy-looping
CURLOPT_COOKIELIST: take cookie share lock
multi_socket: react on socket close immediately
distribution Apache-LogFormat-Compiler in www/p5-Apache-LogFormat-Compiler
from 0.12nb1 to 0.13.
pkgsrc changes:
- correct dependencies
- apply update to force rebuild the package
Upstream changes:
0.13 2013-05-24T00:19:31Z
- fixed pod issue (Thank you fschlich)
Albanian language files are added and Spanish language files are re-added.
Version 3.1.1 (2013-06-25)
--------------------------
### Fixed
Append the query string when forwarding (see #5867).
### Fixed
Decouple the file/page picker breadcrumb from the file/page manager (see #5899).
### Fixed
Also show the mandatory star in password confirmation fields (see #5926).
### Fixed
Only return one IP address in `Environment::get('ip')` (see #5830).
### Fixed
Explicitly check for `.php` files when scanning DCA files (see #5898).
### Fixed
Replaced all dummy `.htaccess` files with `.gitignore` files.
### Fixed
Quote wildcard characters in MySQL `LIKE` queries (see #5896).
### Fixed
Correctly align the version drop-down menu in Safari (see #5854).
### Fixed
Make sure `window.$` is mapped to MooTools (see #5892).
### Fixed
Do not add sort buttons to table row headers (see #5845).
### Fixed
Show the newsletter channels upon registration (see #5874).
### Updated
Updated ACE to version 1.1.01 (fixes#5852).
### Fixed
Correctly handle hidden pages in the custom navigation module (see #5832).
### Fixed
Support FAQs with images on the FAQ page (see #5810).
### Fixed
Support using commas in folder names in the file selector (see #5823).
### Fixed
Ignore the `auto_item` parameter when forwarding internally (see #5886).
### Fixed
Added support for old IE versions to swipe.js (see #5862).
### Fixed
Correctly bypass the cache if `bypassCache` is set (see #5872).
### Fixed
Preserve the CSS3PIE behavior file path when combining style sheets (see #5848).
### Fixed
Support all known template types in the autoload creator (see #5857).
### Fixed
Correctly adjust the accordion elements to the new DB structure (see #5820).
### Fixed
Added `E_USER_DEPRECATED` to the list of error constants (see #5839).
