Changes:
2016-04-04 Lars Windolf <lars.windolf@gmx.de>
Version 1.10.19
* Fixes#317: Compilation problems in 1.10.18 release
* Fixes#73: Problem with updating favicons
(reported by asl97)
Changes:
=================
WebKitGTK+ 2.10.9
=================
What's new in WebKitGTK+ 2.10.9?
- Revert the patch to limit the number of tiles according to the visible area introduced in 2.10.8,
because it caused rendering issues in several popular websites.
- Fix the build with musl libc library.
- Fix the build with clang-3.8.
=================
WebKitGTK+ 2.10.8
=================
What's new in WebKitGTK+ 2.10.8?
- Limit the number of tiles according to the visible area. This was causing a huge memory
consumption with some websites.
- Fix flickering and rendering artifacts when entering accelerated compositing mode
before the web view is realized.
- Fix rendering of form controls and scrollbars with GTK+ >= 3.19.
- Fix HTTP authentication dialog rendering when accelerated compositing mode is enabled.
- Fix rendering artifacts when using a web view background color.
- Fix a crash when creating a WebKitWebView without providing a WebKitWebContext.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2016-1726.
Changes:
=================
WebKitGTK+ 2.4.11
=================
- Fix a crash when changing element attributes with DOM bindings.
- Fix the build on ARM64.
- Translation updates: Chinese, Japanese.
Upstream changes:
Moodle 3.0.3 release notes
Releases > Moodle 3.0.3 release notes
Release date: 14 March 2016
Here is the full list of fixed issues in 3.0.3.
Contents
1 Highlights
2 Fixes and improvements
3 Security issues
4 See also
Highlights
MDL-48778 - Fixed problems with assign quick grading in case of multiple attempts
MDL-21912 - New setting 'Allow admin conflict resolution' for restoring a course from a different Moodle site
MDL-31635 - Course completion "grade" criteria now correctly shows grades as points and not percents
MDL-51702 - Restored ability to assign roles to blocks in Default dashboard and My home
MDL-49807 - Wiki table of contents correctly displays headers created in Atto editor
Fixes and improvements
MDL-48015 - Fixed misalignment in gradebook when category has no total and items
MDL-52566 - Releasing assignment with team submission now releases grades to all group members
MDL-52486 - Fixed javascript errors in languages with _ in the name such as en_us (for example when editing user interests)
MDL-52249 - Custom menus with subitems now work correctly on touch screen devices
MDL-51723 - Fixed bug with unenrolling users on login under LDAP auth with Active Directory
MDL-38020 - Corrected user enrollment workflow through Participant list using Edit Icon
MDL-41531 - Fixed irregular characters in course name interfering with PayPal enrolment
MDL-51075 - Centered positioning of glossary popup
MDL-52217 - Cleaning temporary download directory for dropbox repository
MDL-52637 - Fixed problems with connection to SMTP mail in some configurations
MDL-52589 - Allow non-default cache stores to be uninstalled
MDL-50083 - Unlock submissions when reopening locked assignment
MDL-43620 - Allow to reset the course start date when having a chat activity
MDL-49338 - Fixed bug when quiz statistics report displays the preview icons to the wrong variant
MDL-52763 - Users with the mod/assign:viewblinddetails capability are able to cross reference users with their blind identities
MDL-52435 - Plagiarism prevention links are moved to the top of the submission text
MDL-52814 - Fixed overlapping of redo button in Quiz
MDL-53012 - Behat: Add step to run scheduled task
MDL-50218 - If there is no grade, an external tool (LTI) module will now return a grade of '' instead of 0 to the LTI tool producer
Security issues
MSA-16-0003 Incorrect capability check when displaying users emails in Participants list
MSA-16-0004 XSS from profile fields from external db
MSA-16-0005 Reflected XSS in mod_data advanced search
MSA-16-0006 Hidden courses are shown to students in Event Monitor
MSA-16-0007 Non-Editing Instructor role can edit exclude checkbox in Single View
MSA-16-0008 External function get_calendar_events return events that pertains to hidden activities
MSA-16-0009 CSRF in Assignment plugin management page
MSA-16-0010 Enumeration of category details possible without authentication
MSA-16-0011 Add no referrer to links with _blank target attribute
MSA-16-0012 External function mod_assign_save_submission does not check due dates
Made MultiPartParser ignore filenames that normalize to an empty string to fix crash in MemoryFileUploadHandler on specially crafted user input.
Fixed a race condition in BaseCache.get_or_set(). It now returns the default value instead of False if there’s an error when trying to add the value to the cache.
Fixed data loss on SQLite where DurationField values with fractional seconds could be saved as None.
The forms in contrib.auth no longer strip trailing and leading whitespace from the password fields. The change requires users who set their password to something with such whitespace after a site updated to Django 1.9 to reset their password. It provides backwards-compatibility for earlier versions of Django.
Fixed a memory leak in the cached template loader.
Fixed a regression that caused collectstatic --clear to fail if the storage doesn’t implement path().
Fixed a crash when using a reverse lookup with a subquery when a ForeignKey has a to_field set to something other than the primary key.
Fixed a regression in CommonMiddleware that caused spurious warnings in logs on requests missing a trailing slash.
Restored the functionality of the admin’s raw_id_fields in list_editable.
Fixed a regression with abstract model inheritance and explicit parent links.
Fixed a migrations crash on SQLite when renaming the primary key of a model containing a ForeignKey to 'self'.
Fixed JSONField inadvertently escaping its contents when displaying values after failed form validation.
2.1 (2016-03-20)
++++++++++++++++
- Memory consumption optimizations. The library should consume significantly
less memory through smarter data structures being used to represent
relevant Unicode properties. Many thanks to Shivaram Lingamneni for this
patch.
- Patches to make library work better with Python 2.6. The core library
currently works however the unit testing does not. (Thanks, Robert
Buchholz)
- Better affix all Unicode codepoint properties to a specific version.
- CURLINFO_TLS_SSL_PTR.3: Warn about limitations
- Revert "sshserver: remove use of AuthorizedKeysFile2"
It seems we may have some autobuild problems after this commit went
in. Trying to see if a revert helps to get them back.
- maketgz: add -j to make dist
... makes it a lot faster
- libcurl-thread.3: minor nroff format fix
- CURLINFO_TLS_SSL_PTR.3: minor nroff format fix
- CODE_STYLE: indend example code
... to make it look nicer in markdown outputa
Previosly SSL certs were not automatically recognised without setting a ca_bundle
in ~/.config/netsurf/Choices (except if installed in the hardcoded
/etc/ssl/certs directory).
Thanks to medfly/coypu for noticing that!
Please refer release note for other changes:
http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html
* SQUID-2016:4 - Denial of Service issue in HTTP Response processing
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
aka. CVE-2016-3948
This is another of the bugs left unfixed by the SQUID-2016:2 patches.
The visible symptom is assertions about:
"String.cc:*: 'len_ + len <65536'"
There is an attack in the wild for this one, but not as widely as for
the previous issues.
* SQUID-2016:3 - Buffer overrun issue in pinger ICMPv6 processing.
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
aka. CVE-2016-3947
This bug shows up as pinger crashing with Icmp6::Recv errors. This may
affect Squid HTTP routing decisions. In some configurations, sub-optimal
routing decisions may result in serious service degradation or even
transaction failures.
All previous Squid-3 releases are affected by both these issues. See the
advisory for further details. Upgrade or patching should be considered a
high priority.
* pinger: drop capabilities on Linux
On Linux, it is now possible to install pinger helper with only
CAP_NET_RAW permissions raised instead of full setuid-root:
(setcap cap_net_raw+ep /path/to/pinger &&
chmod u-s /path/to/pinger) || :
Other operating systems without libcap capabilities features are not
affected by this change.
* Bug #4447: FwdState.cc:447 "serverConnection() == conn" assertion
This rather cripling bug appears after the CVE-2016-2569 patch. It
turned out to be a race condition closing connections and has now been
fully fixed.
### 4.1.2 (2016-03-22)
* Handle derived classes in the exception converter (see #462).
* Prevent the autofocus attribute from being added multiple times (see contao/core#8281).
* Respect the SSL settings of the root page when generating sitemaps (see contao/core#8270).
* Read from the temporary file if it has not been closed yet (see contao/core#8269).
* Always use HTTPS if the target server supports SSL connections (see contao/core#8183).
* Adjust the meta wizard field length to the column length (see contao/core#8277).
* Correctly handle custom mime icon paths (see contao/core#8275).
* Show the 404 error page if an unpublished article is requested (see contao/core#8264).
* Correctly count the URLs when rebuilding the search index (see contao/core#8262).
* Ensure that every image has a width and height attribute (see contao/core#8162).
* Set the correct mime type when embedding SVG images (see contao/core#8245).
* Handle the "float_left" and "float_right" classes in the back end (see contao/core#8239).
* Consider the fallback language if a page alias is ambiguous (see contao/core#8142).
* Fix the error 403/404 redirect (see contao/website#74).
Version 3.5.9 (2016-03-21)
--------------------------
### Fixed
Prevent the autofocus attribute from being added multiple times (see #8281).
### Fixed
Respect the SSL settings of the root page when generating sitemaps (see #8270).
### Fixed
Read from the temporary file if it has not been closed yet (see #8269).
### Fixed
Always use HTTPS if the target server supports SSL connections (see #8183).
### Fixed
Adjust the meta wizard field length to the column length (see #8277).
### Fixed
Correctly handle custom mime icon paths (see #8275).
### Fixed
Only log errors that have been configured to get logged (see #8267).
### Fixed
Show the 404 error page if an unpublished article is requested (see #8264).
### Fixed
Correctly count the URLs when rebuilding the search index (see #8262).
### Fixed
Ensure that every image has a width and height attribute (see #8162).
### Fixed
Set the correct mime type when embedding SVG images (see #8245).
### Fixed
Handle the "float_left" and "float_right" classes in the back end (see #8239).
### Fixed
Consider the fallback language if a page alias is ambiguous (see #8142).
### Fixed
Fix the error 403/404 redirect (see contao/website#74).
Changelog:
Version 9.0.0 March 8 2016
Major new ownCloud release, more info announcement and upgrading blogs. Summary:
New: Comments on files
New: Tags for files
New: Notifications (separate from Activity feed)
New: (Federation) Auto-complete of user names
New: (Federation) Trusted Servers
New: Code signing, checked when updating or installing core and apps
New: Stand-alone updater for more reliable upgrading
Improved sharing behavior and performance
New External Storage API's for improved scalability
Calendar and Contacts Apps were rewritten. The CalDAV and CardDAV backends are now part of core
Security hardening
ownCloud API work to improve scalability
Many small improvements
Changelog:
Fixed
Fix a potential performance regression (Youtube for example) (1220502)
Fix a regression causing search engine settings to be lost in some context (1254694)
Bring back non-standard jar: URIs to fix a regression in IBM iNotes (1255139)
XSLTProcessor.importStylesheet was failing when <import> was used (1249572)
Fix an issue which could cause the list of search provider to be empty (1255605)
Fix a regression when using the location bar (1254503)
Fix some loading issues when Accept third-party cookies: was set to Never (1254856)
Changed
Disabled Graphite font shaping library
Upstream changes:
6.56 2016-03-16
- Added hidden option to list_files method in Mojo::Home. (batman, sri)
- Added hidden option to files function in Mojo::Util. (batman, sri)
- Fixed bug where Morbo would not ignore hidden files. (batman, sri)
- Fixed bug where Morbo would ignore the --verbose option.
- Fixed keep-alive bug in Mojo::UserAgent. (jberger)
Changes to GoAccess 0.9.8 - Monday, February 29, 2016
- Added a more complete list of static extensions to the config file.
- Added Android 6.0 Marshmallow to the list of OSs.
- Added the ability to scroll through panels on TAB with option to disable it
--no-tab-scroll.
- Added the first and last log dates to the overall statistics panel.
- Ensure GoAccess links correctly against libtinfo.
- Ensure static content is case-insensitive verified.
- Fixed bandwidth overflow issue (numbers > 2GB on non-x86_64 arch).
- Fixed broken HTML layout when html-method/protocol is missing in config file.
- Refactored parsing and display of available modules/panels.
Changes:
WebKitGTK+ 2.4.10 released!
This is a bug fix release in the stable 2.4 series.
What's new in the WebKitGTK+ 2.4.10 release?
* Fix rendering of form controls and scrollbars with GTK+ >= 3.19
* Fix crashes on PPC64.
* Fix the build on powerpc 32 bits.
* Add ARM64 build support.
* Translation updates: German, Spanish, French, Italian, Korean, Brazilian
Portuguese, Russian, Chinese.
* Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081,
CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809,
CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743,
CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741,
CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794,
CVE-2015-1127, CVE-2015-1153, CVE-2015-1083.
Thanks to all the contributors who made possible this release.
* Cast request body to string when uploading
* Add the ability to override the Response class
* Ensure the form data is freed in cleanup
* Don't fail with invalid charset names
=== raindrops 0.16.0 - minor fixes and workarounds / 2016-02-29 12:36 UTC
There's mainly a fix/workaround for Ruby 2.3 now returning
locale-aware strings for File.readlink and our test suite
using strange paths allowed by *nix.
https://bugs.ruby-lang.org/issues/12034
tcp_listener_stats won't return "true" object placeholders
if stats are configured for a non-existent listener.
There are also minor optimizations for Ruby 2.2+ (at the expense
of 2.1 and earlier).
And the usual round of minor tweaks and doc updates.
10 changes since v0.15.0:
gemspec: avoid circular dependency on unicorn
remove optimizations which made sense for older rubies
linux: workaround Ruby 2.3 change
linux: remove Pathname stdlib dependency
add .gitattributes for Ruby method detection
middleware: minor bytecode size reduction
doc: update URLs and references
README: remove indentation from URLs in RDoc
linux: tcp_listener_stats drops "true" placeholders
build: use '--local' domain for dev gem install
=== 2.16.0 / 2016-01-27
* 7 minor features:
* Add 'set_remote_address' config option
* Allow to run puma in silent mode
* Expose cli options in DSL
* Support passing JRuby keystore info in ssl_bind DSL
* Allow umask for unix:/// style control urls
* Expose `old_worker_count` in stats url
* Support TLS client auth (verify_mode) in jruby
* 7 bug fixes:
* Don't persist before_fork hook in state file
* Reload bundler before pulling in rack. Fixes#859
* Remove NEWRELIC_DISPATCHER env variable
* Cleanup C code
* Use Timeout.timeout instead of Object.timeout
* Make phased restarts faster
* Ignore the case of certain headers, because HTTP
* 1 doc changes:
* Test against the latest Ruby 2.1, 2.2, 2.3, head and JRuby 9.0.4.0 on Travis
* 12 merged PRs
* Merge pull request #822 from kwugirl/remove_NEWRELIC_DISPATCHER
* Merge pull request #833 from joemiller/jruby-client-tls-auth
* Merge pull request #837 from YuriSolovyov/ssl-keystore-jruby
* Merge pull request #839 from mezuka/master
* Merge pull request #845 from deepj/timeout-deprecation
* Merge pull request #846 from sriedel/strip_before_fork
* Merge pull request #850 from deepj/travis
* Merge pull request #853 from Jeffrey6052/patch-1
* Merge pull request #857 from zendesk/faster_phased_restarts
* Merge pull request #858 from mlarraz/fix_some_warnings
* Merge pull request #860 from zendesk/expose_old_worker_count
* Merge pull request #861 from zendesk/allow_control_url_umask
Padrino 0.13.1 - Router and Reloader Updates, Ruby Compatibility, and Bug Fixes
Posted on January 17, 2016 by Nathan Esquenazi
Padrino 0.13.0 was shipped 3 months ago on October 2015 and laid important
groundwork towards our eventual 1.0 release but also introduced some new
issues. After a few months of effort, we are excited to announce the release
of Padrino 0.13.1! This version is filled with routing and reloader
optimizations, compatibility updates, and bug fixes. Full details for this
release are below.
Router and Reloader Updates
The biggest improvement in this release is a significant reduction in the
memory usage of Padrino apps by changing the configuration of the underlying
mustermann router. Full list of improvements to router and reloader include:
* FIX#1975 Improve routing memory usage and performance (@namusyaka)
* FIX#1982 Support nested query for expanding path (@namusyaka)
* FIX#1978 Enable reloading of custom dependencies (@markglenfletcher)
Ruby Compatibility
Padrino 0.13.1 has been fixed to be fully compatible with Ruby 2.3 thanks to
@tyabe:
* FIX#2000 Fix mutex handling for Ruby 2.3 (@tyabe)
Bug Fixes and Miscellaneous
There are also several bug fixes and other updates:
* FIX Remove use of ActiveSupport in tests (@ujifgc)
* FIX#1994 Missing new line in mocha generator (@peter50216)
* FIX#1995 Invalid german dates (@ujifgc)
* FIX#1998 Only output a warning message if the spec task is invoked
(@postmodern)
* FIX#1882 test for selected values for select tag (@ujifgc)
* FIX rendering exception for custom mime types (@nesquena)
* FIX relax mail gem dependency (@ujifgc)
* FIX minor doc typos (@lokyoung, @markglenfletcher)
3.4.21 (11 January 2016)
This is a bug fix release.
* Consistent output formatting for numbers close to an integer.
Issue #1931
* Correctly round negative numbers that were almost but not quite a whole
number (slightly greater than the negative number).
Issue #1938
* Don't strip escaped semicolons from compressed output.
Issue #1932
* Only compress around dashes within nth selectors.
Issue #1933
* Selector compression of whitespace around commas was affecting attribute
values.
Issue #1947
* Make subtraction work when a unit is followed directly by a hyphen and then
a period. For example, 1em-.75em now returns 0.25em rather than
1em-0.75em. This is consistent with the behavior when the subtrahend begins
with a 0.
Issue #1954
## 1.6.1
* Revert 'No longer read responses from cache when we already have them'
## 1.6.0
* Noop backend
* No longer read responses from cache when we already have them
* renamed files from entitystore -> entity_store (metastore/cachecontrol/appengine) and added warns for old ones
