Pkgsrc changes:
o Add commented-out additional HOMEPAGE using search.cpan.org
o Adjust dependencies in accordance with updated requirements
Upstream changes:
v0.35 (released 2008/11/03):
* bug fixes
- Fixed RT #40318
(http://rt.cpan.org/Public/Bug/Display.html?id=40318),
about getting single or multiple files directly to
\*STDOUT.
v0.34 (released 2008/09/11):
* bug fixes
- Fixed RT #39150
(http://rt.cpan.org/Public/Bug/Display.html?id=39150),
about downloading multiple files in the same directory.
v0.33 (released 2008/08/24):
* documentation
- Clearly state that opera software asa is now co-maintainer
of http::dav
- Fixed various inconsistencies in the v0.32 documentation
v0.32 (released 2008/08/24):
* incompatibilities
- Now HTTP::DAV requires Perl 5.6.0+ and Scalar::Util
(core in 5.8.x).
* bug fixes
- Now HTTP::DAV objects are correctly released from memory
when they go out of scope. Now it should be possible to
use multiple instances of HTTP::DAV even in long-running
processes.
Was caused by circular references between HTTP::DAV and
HTTP::DAV::Resource.
Pkgsrc changes:
o Adjust dependencies according to new META.yml
Upstream changes:
version: 0.63
date: 2008-11-11
changes:
- improved support for nested blocked elements (needed, e.g., for
MediaWiki support of 'p' elements within table cells, bug #37911)
Upstream changes:
2008-11-24 Gisle Aas <gisle@ActiveState.com>
Release 3.59
Restore perl-5.6 compatibility for HTML::HeadParser.
Improved META.yml
2008-11-17 Gisle Aas <gisle@ActiveState.com>
Release 3.58
Suppress "Parsing of undecoded UTF-8 will give garbage" warning
with attr_encoded [RT#29089]
HTML::HeadParser:
- Recognize the Unicode BOM in utf8_mode as well [RT#27522]
- Avoid ending up with '/' keys attribute in Link headers.
2008-11-16 Gisle Aas <gisle@ActiveState.com>
Release 3.57
The <iframe> element content is now parsed in literal mode.
Parsing of <script> and <style> content ends on the first end tag
even when that tag was in a quoted string. That seems to be the
behaviour of all modern browsers.
Implement backquote() attribute as requested by Alex Kapranoff.
Test and documentation tweaks from Alex Kapranoff.
Pkgsrc changes:
o Change to Module::Build
Upstream changes:
1.106 2008-09-14
- Added missing Apache2 modules. Refs #39146 and #38931. Thanks
to RSAVAGE.
- Applied BEROV's patch for UTF-8 form data handling. Refs #12481.
Thanks to BEROV.
Pkgsrc changes:
o Add HOMEPAGE using search.cpan.org
Upstream changes:
4.38 - Friday, October 31, 2008
* INTERNAL: Rename SimpleObjectClass to
CGI::Session::Test::SimpleObjectClass to avoid
namespace ownership issue (Mark Stosberg).
* INTERNAL: We now list CGI.pm 3.26 or greater as a dependency.
You are still welcome to use other query objects,
but this version of CGI.pm fixes a bug in the
strictness of HTTP expiration times, which Safari
in particular is sensitive to. So, if you are using
CGI.pm, you should upgrade to at least this version.
RT#34216, thanks to Astar, Michael Hampton, Ron
Savage and Mark Stosberg.
* INTERNAL: return explicit values in _set_status and _unset_status
(RT#39201, Mario Domgoergen, Mark Stosberg)
* FIX: RT#37877: The storable serializer wasn't properly
inheriting the 'errstr' method. This could have resulted
an error like: "Can't locate errstr via package
"CGI::Session::Serialize::storable" Thanks to Michael
Greenish, Mark Stosberg.
* FIX: RT#40405 reported a case where the default serializer
would have a problem after the user set a parameter's
value to undef, in certain circumstances.
A test file was kindly provided by cowomally[...]nullium.net.
The fix was spelled out by Matt LeBlanc
* FIX: RT#39679 pointed out a simplification in method remove()
in CGI::Session::Driver::file.
By calling _file() instead of duplicating code, we get
the benefit of extra error checking. Thanx to Sergiy
Borodych for noticing this
* FIX: Stop using the return value of delete() in t/find.t.
This means that when the patch provided in RT#37752 is
applied, t/find.t will not start failing
4.37 - Wednesday, October 22, 2008
* INTERNAL: Patch Makefile.PL and Build.PL to request that
SimpleObjectClass not be indexed.
4.36 - Friday, September 12, 2008
* FIX: The sample code for find() had 2 errors in it:
o It assumed delete() returned a meaningful value, which it doesn't
o It did not follow the call to delete() with a
(recommended) call to flush()
o Thanks to Mario Domgoergen for the report, RT#39201
Upstream changes:
2.04 - Fri Nov 28 15:41:33 PST 2008
Incorporated bug fix for authen_ses_key() provided by
Carl Gustafsson. authen_ses_key() was not properly handling
any extra_session_info - the fix is to get $hashed_string with
my $hashed_string = pop @rest;
Also releasing the work done between April 26, 2005 and February 4, 2007,
plus bug fix for authen_ses_key
- Added basic framework for unit tests.
- Factored out some of the DBI code into new methods:
- _dbi_connect()
- _get_crypted_password()
- Changes to satisfy Perl::Critic, e.g.
- Removed function prototypes (they are ignored for methods.)
- Cleaned up regular expressions: use /x, etc.
Midori is a lightweight web browser.
Features
Full integration with GTK+ 2
Fast rendering with WebKit
Tabs, windows and session management
Bookmarks with XBEL and token support
Flexibly configurable Web Searchbox
Custom context menu actions
User scripts and user styles support
Extensible via Javascript
WebKit is an open source web browser engine. WebKit is also the name of
the Mac OS X system framework version of the engine that's used by
Safari, Dashboard, Mail, and many other OS X applications. WebKit's HTML
and JavaScript code began as a branch of the KHTML and KJS libraries
from KDE.
This is the GTK2+ port of the engine.
cleanup Makefile
0.08 Wed Nov 26 10:02:52 EST 2008
- Workaround possible errors with Storable::thaw and empty
strings (thanks to kevin montuori for suggesting a fix)
Changelog:
0.10009 2008-11-27
- Including progressive realm for multiple authentication attempts
in a single request.
0.10008 2008-10-23
- Updating config to allow for inclusion of realm ref's in the main
config hash rather than in a subref called 'realms'
* Update Bulgarian translation which catch up to TYPOlight 2.6.2.
* Fix PLIST for Romanian (PLIST.ro) which should be updated by previous commit.
* Update French and Latvian translations.
The seventh maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-2008-073 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 6.6 release:
* - Patch #324118 by winterheart: fixed invalid XHTML being generated for forum topic listings.
* - Patch #329019 by dww, sun: fixed PHP warning.
* #315739 by sun: The theme name is in arg(4) on the block admin page, so only redirect to theme specific page if that is set.
* - Patch #329646 by Damien Tournoud: properly reset user_access().
* - Patch #255293 by Gribnif, maartenvg: incorrect regex causes some aggregated CSS to fail.
* #329998 by pwolanin: escape markup looking non-HTML tags in schema descriptions
* #258089 by JohnAlbin, Arancaytar, merlinofchaos: themes cannot have a preprocess function without a corresponding .tpl.php file
* #255150 by dropcube, tested by catch, asimmonds: content type names were double escaped on create content page
* #329660 by pwolanin: node_configure_validate() should be replaced with a #submit handler to conform to FormAPI rules
* #299742 by Darren Oh: missing #ahah support on checkboxes
* #193580 follow up by gpk: late but important changelog entry for Drupal 6.0
* #302638 by pwolanin: avoid running several no-op queries while the menu is being rebuilt; improves performance
* Rolling back #302638, it caused problems reported in #328110
* #319165 by Alex_Tutubalin: add explicit UTF-8 client encoding setting for PostgreSQL
* - Patch #277644 by lilou: documentation improvement.
* - Patch #335385 by Dave Reid: fixed maxlength of path alias fields to be consistent with the database.
* - Patch #337454 by earnie: fixed the phpdoc of drupal_render_form().
* - Patch #293370 by swentel et al: make block sorting work when there are more than 20 blocks.
* - Patch #325908 by kbahey: removed redundant cache flusing.
* - Patch #281131 by Damien Tournoud: document the missing quote in .htaccess.
* - Patch #336115 by Nedjo: better documentation for t().
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is lowercased and only valid characters are allowed.
* #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of items to make stuff easier to find.
* #305653 by snowball43, cdale, Dave Reid, sun: All themes were disabled when update.php was run
* #344661 by Dave Reid: fix phpdoc documentation on translation_translation_link_alter()
* #333060 by neclimdul, merlinofchaos, dvessel: child themes did not inherit patterns correctly, so more specific template files are not detected
* #206138 by pwolanin et al: little documentation fix for node base module name handling
* #276111 by pwolanin, meba and myself: disallow possibly dangerous submissions in locale translations and imports
* #345167 by JacobSingh, pwolanin, Heine: drupal_http_request() includes an extra CRLF, not conformant to HTTP specs
http://drupal.org/node/345462
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-2008-073 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 5.12 release:
* #318102 by Damien Tournoud and Dave Reid: hook_exit() not invoked for some cached requests.
* #278821 by teezee. More isset() checking.
* #293612 by egfrith, Bart Jansens: let user_authenticate() be called without cookies previously set; allows web service modules to start a session with the authentication.
* #123556 by maartenvg and dvdweide. Do not show empty user info categories.
* #294450 by blakehall. Match up DB and form max length.
* More code style removing trivial differences with 6.x.
* #195161 by mcarbone with some modifications: only show 'login to post comments' if logging in actually lets you post comments. Backport by salvis.
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is lowercased and only valid characters are allowed.
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of items to make stuff easier to find.
http://drupal.org/node/345467
- Remove description of using PostgreSQL for backend database
from files/README.
- Replace remained www/www to APACHE_USER/APACHE_GROUP in Makefile.
- Don't hardcord /typolight in files/typolight.conf.
Bump PKGREVISION.
Trac-0.11.2.1.ja1 (Nov 30, 2008)
* Merge Trac-0.11.2 and Trac-0.11.2.1
* Change encodings on Option's doc from unicode to UTF-8 for `pydoc`.
- trac/wiki/macros.py
- trac/attachment.py
- trac/db/api.py
- trac/env.py
- trac/mimeview/api.py
- trac/mimeview/enscript.py
- trac/mimeview/php.py
- trac/mimeview/pygments.py
- trac/mimeview/silvercity.py
- trac/notification.py
- trac/perm.py
- trac/search/web_ui.py
- trac/ticket/api.py
- trac/ticket/notification.py
- trac/ticket/query.py
- trac/ticket/report.py
- trac/ticket/roadmap.py
- trac/ticket/web_ui.py
- trac/timeline/web_ui.py
- trac/versioncontrol/api.py
- trac/versioncontrol/svn_authz.py
- trac/versioncontrol/svn_fs.py
- trac/versioncontrol/web_ui/browser.py
- trac/versioncontrol/web_ui/changeset.py
- trac/versioncontrol/web_ui/log.py
- trac/web/auth.py
- trac/web/chrome.py
- trac/web/main.py
- trac/wiki/api.py
Trac 0.11.2.1 (November 17, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.2.1
Trac 0.11.2.1 fixes a Python 2.3 incompatibility introduced in Trac 0.11.2.
Python 2.4+ users already running Trac 0.11.2 do not need to upgrade.
Trac 0.11.2 (November 8, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.2
Trac 0.11.2 contains two security fixes and a couple of bug fixes.
The following list contains only a few highlights:
Bug fixes:
* Fixes potential DOS vulnerability with certain wiki markup. Reported by
Matt Murphy.
* Improved HTML sanitizer filter to detect possible phishing attempts.
Reported by Simon Willison.
* MySQL db backend improvement (reconnect after idle timeout #4465)
* TicketQuery speed improvements (#6436)
* Fixes for RSS feeds (timeline entries no longer truncated #7316, no longer
download some feeds under Firefox #3899)
* Search now works for custom fields (#2530)
* Same order for ticket fields for new and existing tickets (#7018)
* Enforce fine-grained permission for "quickjump" search results (#7655)
* E-mail obfuscation was not done in a few remaining places (#7688, #6532)
* Uninstall of plugins from WebAdmin was not working - feature disabled
for now
* More robust pagination of results for reports and custom queries (#7424,
#7544)
* Support for newer version of pygments (#7622)
* Documentation updated (#7603, #7205, #7318)
Minor improvements:
* Better support for Wiki page hierarchy (show path #2780, link to
parent #2150)
* Custom query allow to search in description and other text fields (#4824)
Pkgsrc changes:
- Add dependencies for test target so most of this Perl module's
tests can be run
Upstream changes:
0.10 27 Oct 2008
* calling $form->reset or $form->clear will now refetch
objects from db for interrelated menus, re-populating the
options.
0.11 27 Oct 2008
* fix dbic tests so they skip the correct number of tests
0.12 17 Nov 2008
* support the new 'unqiue_value()' method in RDBOHelpers
and MoreHelpers, which will now override
show_related_field_using() when called in foreign_field_value().
0.13 24 Nov 2008
* fix autocomplete bug to call get_controller() rather than
simply controller()
* add map_to_column, map_from_column and map_class_controller_class
to RelInfo
* add as_hash() to RelInfo
2.24.2
Fix multi-dnd with gtk 2.14
Convert strings to UTF16 before passing them to nsIPrintSettings with
Gecko 1.9.
Analysis by Vincent Caron, fixes bug #549361.
Update Ukrainian translation.
Updated Brazilian Portuguese translation.
Updated Swedish translation
Added Asturian translation on behalf of Mikel Gonzalez
2.24.2.1
Re-dist with libtool 2.
actually still exists.
Changes since 2.01-10:
* Fixed problem with timing totals.
* Fixed referrer linking to avoid possible xss injection.
* Fixed month change detection error that caused incorrect report
dates when logs had a 'gap' longer than a year.
* Fixed buffer overrun possibility in parsing code and user agent
mangle logic.
* Added symbolic link checks for file I/O to prevent possible
privilege escalation exploits. Disallows reading from or writing
to any file that is a symlink. Thanks to Julien Danjou.
* Added code to preserve the history and incremental data files in
the event of a crash before writing to them completely. Thanks
to Robert Millan for the idea and initial code.
* Added native geolocation services, which fully supports both IPv4
and IPv6 lookups. Adds the configuration keywords 'GeoDB' and
'GeoDBDatabase' along with the '-j' and '-J' command line options.
* Added 'wcmgr', "The Webalizer (DNS) Cache file Manager" to the
distribution to provide cache file maintenance. See the supplied
man page for a description and usage information.
* Changed history code and main index page to allow for more than
12 months of reports to be displayed. Added the config keywords
'IndexMonths' (-K command line option), 'GraphMonths' (-k command
line option) and 'YearHeaders' to control how index is displayed.
* Changed Berkeley DB code to use current 4.x APIs.
* Added support for bzip2 compressed log files (.bz2) as a compile
time option (--enable-bz2). If enabled, bzipped files will be
decompressed automatically during processing.
* Added support for W3C formatted logs. Based on code submitted
by Klaus Reimer.
* Added GeoIP support as compile time option (--enable-geoip). Adds
'GeoIP' and 'GeoIPDatabase' config keywords, '-w' and '-W'
command line options. (http://www.maxmind.com/)
* Added IPv6 support. Based on initial code by Jose Carlos Meneiros
and modified to support Solaris and other problematic platforms.
* Added 'CacheIPs' config option to allow saving unresolved addresses
in the DNS cache.
* Added 'CacheTTL' config option which allows the DNS cache time to
live (TTL) value to be specified at run-time.
* Added 'SearchCaseI' config option to specify if search strings
should be treated as case insensitive or not. The default value,
'yes', causes search strings to be treated as case insensitive.
* Added 'HTAccess' config option. Allows writing a default .htaccess
file to the output directory.
* Added ability to display flags in the top country table. Adds the
config keywords 'CountryFlags' and 'FlagDir', and -z command line
option.
* Added 'StripCGI' config option to configure how CGI variables on
the end of URLs are treated (can now be stripped or left in place).
* Added 'DefaultIndex' config option to enable/disable the use of
"index." as a default index name to be stripped from the end of URLs.
* Added 'TrimSquidURL' config option to allow squid log URLs to be
reduced in granularity by a user definable amount. Thanks to code
submitted by Stuart Gall.
* Added 'OmitPage' config option (and the '-O' command line switch)
to prevent specified URLs from being counted as pages even if they
otherwise would be. Thanks to code submitted by Adam Morton.
* Added 'IgnoreState' config option (and the -b command line switch)
to allow ignoring any existing incremental data file (similar to
the IgnoreHist/-i option).
* Changed logic to always generate summary report (index.html),
even if no records were processed.
* Added color support to allow changing graph colors. Based on the
Webalizer-usecolor code submitted by Benoit Rouits. Adds 11 new
config options, see the README file for complete descriptions.
* Added language 'lang=' specification in generated HTML files.
* Added 'LinkReferrer' config option to allow/disallow links in the
top referrers table.
* Added 'PagePrefix' config option to allow URL prefix matches to
be counted as pages, regardless of file extension or type. Thanks
to code submitted by Remco Van de Meent.
* Enabled large file support (LFS) to support logs greater than 2Gb
in size on systems that support LFS. Also increased the size of
most internal counters to handle larger sites.
* Minor changes to generated HTML output
* Updated language files country codes for current IANA TLDs
* Changed the meaning of the -v command line switch. It now
causes verbose information to be displayed at run-time
(Informational and Debug messages).
* Changed Group* config options to allow a quoted string for
the match string. This allows spaces to be embedded in the
string.
* Changed log record parsing logic to allow spaces in URLs.
* Made configuration keywords, boolean configuration values
(yes/no), and log file types case insensitive. Also fixed
defaults for invalid values to reflect documented defaults.
* Changed configure script to use --sysconfdir to specify the
location of the default webalizer.conf configuration file.
Also added support for DESTDIR during install to aid binary
package builds.
Changes:
* FIX) qCgiRequestParseQueries() - quoted boundary patch. (by Hidai
Kenichi)
* NEW) qStrUnchar() - remove character from head and tail of the
string.
* NEW) qDecoderVersion() - get the version string of qDecoder library.
* FIX) minor fixes related packaging.
* Add release date of each translation as comment in options.mk.
* Add some patch to use double quotation instead of singe quotation
which prevents parsing "\n" as newline.
* Update Russian and Serbian language translations which catch up to
TYPOlight 2.6.2.
* Add new Thai language translation.
General Public License (GPL). It's designed to be run on a large server
farm for a website that gets millions of hits per day. MediaWiki is an
extremely powerful, scalable software and a feature-rich wiki implementation,
that uses PHP to process and display data stored in its MySQL database.
GtkHTML-3.24.2 2008-11-24
-------------------------
Bug Fixes:
#472517: Always update the pop-up menu before showing it, whether we're clicking in a selection or not (Matthew Barnes)
Security fixes in this version:
MFSA 2008-59 Script access to .documentURI and .textContent in mail
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
MFSA 2008-48 Image stealing via canvas and HTTP redirect
MFSA 2008-47 Information stealing via local shortcut files
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.13/
"Don't put emails directly on the page, they will be scraped"
Stuff that I'm sick of looking at "bob at smith dot com". Why can't
we just write emails in a way that looks normal to people, but is
very, very difficult to scrape off. Most email scrapers only use
very very simple parsing methods. And it isn't as if it is hard to
just do
# Before we search for email addresses...
$page =~ s/\s+at\s+/@/g;
$page =~ s/\s+dot\s+/./g;
This is an arms war dammit, and I want nukes!
Pkgsrc changes:
o Accept default TT options, don't set them explicitly.
o Add commented-out additional HOMEPAGE using search.cpan.org.
o Add a patch related to module bug
http://rt.cpan.org/Public/Bug/Display.html?id=39100
Thanks to Jens Rehsack for the update, provided in PR pkg/39600!
Upstream changes:
#------------------------------------------------------------------------
# Version 2.20 - 13th August 2008
#------------------------------------------------------------------------
* Updated all the documentation.
* Restored the GIF images that got mangled in the switch from CVS to
Subversion.
* Fixed the Makefile.PL to pre-glob the tests to keep things working
smoothly in Win32.
http://rt.cpan.org/Ticket/Display.html?id=25573
* Applied a patch to Template::Directives from Ben Morrow to fix the
SWITCH/CASE directive when matching strings containing regex metacharacters.
http://rt.cpan.org/Ticket/Display.html?id=24183
* Applied a patch to Template::Parser from Koichi Taniguchi to make it
treat TAGS with case sensitivity.
http://rt.cpan.org/Ticket/Display.html?id=19975
* Changed html_entity_filter_factory() in Template::Filters to only look for
Apache::Utils and HTML::Entities once.
http://rt.cpan.org/Ticket/Display.html?id=19837
Template::Stash
---------------
* Applied a patch to Template::Stash from Jess Robinson which allows you
to call a list method on a single object and have it automatically
upgraded to a single item list. Changed the XS Stash to do the same.
http://lists.tt2.org/pipermail/templates/2006-November/009115.html
* Fixed a minor bug in the XS Stash which prevented it from updating
hash entries with empty, but defined keys. Thanks to Yitzchak
Scott-Thoennes for reporting the problem.
http://lists.tt2.org/pipermail/templates/2007-November/009819.html
* Applied a patch from Alexandr Ciornii to make the XS Stash compile
cleanly under VC++ 6.0 and with Sun's C compiler.
http://rt.cpan.org/Ticket/Display.html?id=20291
Template::Provider
------------------
* Fixed a minor bug in the Template::Provider code added in 2.19 that
caused errors in templates to only be reported once. Subsequent
fetches incorrectly returned 'not found' instead of repeating the
error.
* Made Template::Provider use File::Spec->catfile instead of using '/'
and letting Perl worry about Doing The Right Thing.
http://rt.cpan.org/Ticket/Display.html?id=34489
* Applied patch from Lyle Brooks to add binmode to the _template_content()
method in Template::Provider.
http://rt.cpan.org/Ticket/Display.html?id=38075
* Applied patch from Ted Carnahan to silence UNIVERSAL::isa warnings in
Template::Provider.
http://rt.cpan.org/Ticket/Display.html?id=25468
* Applied patch to Template::Provider from Andrew Hamlin which works around
a bug in Strawberry Perl on Win32.
http://rt.cpan.org/Ticket/Display.html?id=34578
Template::VMethods
------------------
* Applied a patch from Paul "LeoNerd" Evans to make the list.slice vmethod
work properly with negative indices.
http://lists.tt2.org/pipermail/templates/2008-March/010105.html
Plugins
-------
* Added the Math plugin and related files to the MANIFEST so they
actually get shipped out as part of the distribution. D'Oh!
http://rt.cpan.org/Ticket/Display.html?id=27375
* Added the Scalar plugin which adds the .scalar vmethod for calling
object methods and subroutines in scalar context.
* Added Template::Plugin::Assert which allows you to assert that values
are defined.
* Changed Template::Plugin::Filter to weaken the $self reference to avoid
circular references and memory leaks. Thanks to Masahiro Honma for
reporting the problem and suggesting the fix.
* Applied patch from Ronald J Kimball to make Template::Plugin::Date accept
dates with the year coming first.
http://lists.tt2.org/pipermail/templates/2007-July/009540.html
* Added C<1;> to the end of a few plugin modules that were missing it.
ttree
-----
* Changed the --accept option in ttree to match against the full file
path (relative to --src dir) rather than just the file name. This
makes it behave the same way as the --ignore option.
* Applied patch from Lyle Brooks to add binmode to the process()
call in ttree.
http://rt.cpan.org/Ticket/Display.html?id=38076
* Added a patch from Nigel Metheringham also to set binmode in ttree
but via a configuration option.
https://rt.cpan.org/Ticket/Display.html?id=30760
Change log
* Allow _ as a valid character in file names and URLs. Do not remove #
from file names. It only has a special meaning for URLs.
* Enable unlock on unload for inline edits
Updated packages and products
* Products.CMFPlone 3.1.7
* plone.i18n 1.0.7
* archetypes.kss 1.4.3
Pkgsrc changes:
- Remove now unneeded patch file.
Upstream changes:
1.11 13.11.2008
- removed =begin BUGS section in Pod that was preventing proper display
- fixed perlio layer for pass-through binary files
- ref to PodPOMWeb.css used wrong case (undetected on -Win32!)
- fixed page titles when the name has no "-- description"
- Fixed the following security issues:
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase
principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin
violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption
(rv:1.9.0.4/1.8.1.18)
MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome
MFSA 2008-47 Information stealing via local shortcut files
- Fixed several stability issues.
- Official releases for the Icelandic and Thai languages are now available.
- Beta releases for the Bulgarian, Esperanto, Estonian, Latvian, Occitan,
and Welsh languages are available for testing.
- Updated the internal Public Suffix list.
- Fixed an issue where the IME input tool used to enter Japanese, Korean,
Chinese and Indic characters was covered by the "Add Bookmark" panel.
(bug 433340)
- Enabled additional EV root certificates. (bug 451305)
- Fixed an issue where some passwords saved using Firefox 3.0.2 did not
work properly. (bug 457358)
- In some cases, Firefox would not properly save proxy settings for
protocols other than HTTP. (bug 446536)
Security fixes in this version:
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
MFSA 2008-48 Image stealing via canvas and HTTP redirect
MFSA 2008-47 Information stealing via local shortcut files
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.18/releasenotes/
authenticate users by checking credentials via the Cyrus SASL library.
This may be interesting for setups where other daemons (e.g. for SMTP, IMAP
or LDAP) already running at a machine use SASL to authenticate users. The
module is also useful to authenticate users against databases that use shadow
passwords. You do not need to elevate Apache HTTPD's access rights to
superuser privileges.
* Added AuthExternalContext directive, which defines a string that will be
passed to the authenticator in the CONTEXT environment variable. This can
be set from the .htaccess file or the <Directory> block to give slightly
different behavior from the same authenticator in different directories.
Thanks to Olivier Thauvin <nanardon at mandriva dot org> for this patch.
* Rewrite external authenticator launching code to use Apache's cross-OS
process/thread library instead of directly calling Unix functions.
Theoretically this should get us much closer to being usable on non-
Unix platforms.
* Support alternate syntax for configuration, using DefineAuthExternal and
DefineAuthGroup commands.
* More detailed error logging.
* Much cleanup of documentation.
Trac 0.11.2 (November 8, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.2
Trac 0.11.2 contains two security fixes and a couple of bug fixes.
The following list contains only a few highlights:
Bug fixes:
* Fixes potential DOS vulnerability with certain wiki markup. Reported by
Matt Murphy.
* Improved HTML sanitizer filter to detect possible phishing attempts.
Reported by Simon Willison.
* MySQL db backend improvement (reconnect after idle timeout #4465)
* TicketQuery speed improvements (#6436)
* Fixes for RSS feeds (timeline entries no longer truncated #7316, no longer
download some feeds under Firefox #3899)
* Search now works for custom fields (#2530)
* Same order for ticket fields for new and existing tickets (#7018)
* Enforce fine-grained permission for "quickjump" search results (#7655)
* E-mail obfuscation was not done in a few remaining places (#7688, #6532)
* Uninstall of plugins from WebAdmin was not working - feature disabled
for now
* More robust pagination of results for reports and custom queries (#7424,
#7544)
* Support for newer version of pygments (#7622)
* Documentation updated (#7603, #7205, #7318)
Minor improvements:
* Better support for Wiki page hierarchy (show path #2780, link to
parent #2150)
* Custom query allow to search in description and other text fields (#4824)
- took maintainership
- added depends on p5-Test-Warn
Changelog:
0.07 Wed Sep 24 17:08:34 EDT 2008
- Code was silently truncating storage to MySQL, rendering the
session unreadable. Patched to check DBIx::Class size from
column_info (if available)
- Wrap find_or_create calls in a transaction to (hopefully)
avoid issues with duplicate flash rows
- took maintainership
ChangeLog:
0.108 2008-09-25
Adding SimpleDB realm to simplify basic auth configuration
Changing user_class to user_model, per req. by mst to avoid confusing newbies.
0.107 2008-09-29
Fix the typo in exception during authenticate
Doc fixes and clarifications
Added missing dependency on Catalyst::Model::DBIC::Schema to Makefile.PL
0.105 2008-03-19
Throw an exception if no fields are provided during authenticate
- better than retrieving a random user.
- still possible to do an empty search by using searchargs
- took maintainership
Changelog:
0.10007 2008-10-23
- Updating config to allow for inclusion of realm ref's in the main
config hash rather than in a subref called 'realms'
0.10007 2008-08-17
- Update tests prereqs to include Test::Exception (RT #36339)
- Some documentation fixes (including RT #36062)
- Compatibility fix where the use of new style config and old
style Authentication::Store::Minimal would cause a crash
(Reported & fixed by Jos Boumans C<kane@cpan.org>)
- Documentation update on Password - to indicate proper field naming
- Decouple Authentication system from session. The realm class
now allows complete control over how a user is persisted across
requests.
- pod fixes (RT #36062, RT #36063)
- took maintainership
ChangeLog:
5.7014 04 Nov 2008
- Remove a reference to a FOREACH loop that did not exist (RT #39046)
- Changed some Template Toolkit links to perldoc links (RT #38354)
- Fix Template Toolkit website link (RT #37574)
- Fix part numbering (RT #37963)
- Improvements to the ACCEPT_CONTEXT docs in Manual::Intro
- Happy Election Day, America!
2008-11-05 Release 5.820
Main news is the ability to control the heuristics used to determine
the expiry time for response objects.
Gisle Aas (8):
Reformat later parts of Changes
Add a paragraph to summarize the motivation for releases since 5.815
all_pod_files_ok();
Fix POD markup error
Calculation of current_age with missing Client-Date.
The age/freshness methods now take an optional 'time' argument
More correct matching of 'max-age' in freshness_lifetime method
The freshness_lifetime method now support options to control its heuristics
Pkgsrc changes:
- Add dependency on mail/p5-MIME-Types
- Add minor patch to fix POD formatting
Upstream changes:
1.10 07.11.2008
- passthrough for non-POD files (i.e. images, css, etc.)
- clicking hrefs in the TOC really loads the pages
- recompute height of treeNavigator
- alphabetical sort of Perl docs in each section
- sync displayed pages / TOC
- tooltips for Perl docs
- fixed hyperlinks in perlfunc
- initial page is 'perl' instead of 'perlintro', with hyperlinks
Changes:
1.10
treeNavigator
- new option noPingOnFirstClick
- new option treeTabIndex
- by default, tree element gets tabIndex 0
- better focus management when quick navigation through keys
- doubleClick handler
- up/down at end of tree falls back to default navigator behaviour
choiceList
- new option choiceItemTagName
autoCompleter
- multivalued
- click handler on drowpdown lists
- new options :
completeOnTab
actionItems
multivalued
multivalue_separator
choiceItemTagName
htmlWrapper
observed_scroll
additional_params
http_method
to make directory name match PKGNAME.
This is CGI_Lite.pm, a light-weight easy-to-use Perl5 library for writing
forms-based World Wide Web CGI scripts.
- drop allowing dependecy to php-pgsql since TYPOlight's framework
has support for PostgreSQL (and some other databases), but TYPOlight
itself runs with MySQL only.
- Add typolight-liveupdate option which alllow using TYPOlight Live Update
service though it inherently conflicts with pkgsrc's framework.
Version 2.6.2 (2008-11-01)
--------------------------
- Updated TinyMCE to version 3.2.0.2
- Improved TinyMCE plugin "typolinks" (#111)
- Added extension repository client
- Added front end module "article navigation"
- Added automatic insertion of the invisible copyright notice
- Added option to copy or move news and events between archives
- Added hook "addCustomRegexp" to add custom regular expressions to widgets
- Added workaround to determine the server IP on Strato servers (#113)
- Added option to add labels to back end drop-down menus (#5)
- Added config/langconfig.php to store custom labels (#119)
- Added a close button to the preview pane (#188)
- Added classes "first" and "last" to comments (#183)
- Added insert tag "image" to insert resized images (#55)
- Added the creator's name to tasks in the task list (#136)
- Added option to define date formats per root page (#190)
- Added event titles to calendar RSS/Atom feeds (#50)
- Fixed a small issue with the style sheet importer (#117)
- Fixed issue with mandatory select menus not throwing errors (#45)
- Fixed issue with flash movies being displayed in the back end (#121)
- Fixed issue with limited number of archives/calendars in front end modules (#159)
- Fixed issue with external news items without text not showing the "read more" link (#128)
- Fixed issue with module personal data not updating newsletter subscriptions (#149)
- Fixed issue with article teaser links not working with empty page ID (#180)
- Fixed issue with Analytics ID being shown in the front end preview (#103)
- Fixed issue with multi-day events and daylight saving time (#199)
- Fixed issue with incorrect e-mail address validation (#182)
- Fixed issue with style sheets not being written after import (#184)
- Fixed a few minor bugs
as well as support for boehm-gc and utf8. Myriad bug fixes.
I've switched the javascript support library over too lang/see,
as it seems to work better. If a release does not come out by
the next branch, I will package a snapshot, as it seems like
they've fixed even more bugs in the development tree.
* 6 Sep 2008 -- An image like XXX doesn't look as good as the same image XXX
that's vertically aligned with your surrounding text. Along with several
standard HTTP header fields, mimeTeX now also emits a special
Vertical-Align: -nn header, where -nn is the number of pixels (usually
negative as illustrated) needed for a style="Vertical-Align: -nn px"
attribute in the <img> tag used to render your expression.
See the mimeTeX manual for further discussion.
* 5 Sep 2008 -- Users running mimeTeX as a Win32 DLL with Shital Shah's Code
Project reported that color directives aren't reset, e.g., an expression
containing \red is rendered red as directed, but all subsequent images are
red, too.
This has been fixed (along with several similar bugs nobody noticed).
It never affected users running mimeTeX in the usual way, as a cgi.
- Don't set MAINTAINER and HOMEPAGE variables here, they should be set by
individual packages including this file (I don't want to implicitly be
maintainer for all packages including this Makefile fragment).
- SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
- Allow for smax to be 0 for balancer members so that all idle
connections are able to be dropped should they exceed ttl.
Apache Bug #43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,
Jim Jagielski]
- mod_proxy_http: Don't trigger a retry by the client if a failure to
read the response line was the result of a timeout.
[Adam Woodworth <mirkperl gmail.com>]
- Support chroot on Unix-family platforms
Apache Bug #43596 [Dimitar Pashev <mitko banksoft-bg.com>]
- mod_ssl: implement dynamic mutex callbacks for the benefit of
OpenSSL. [Sander Temme]
- mod_proxy_balancer: Add 'bybusyness' load balance method.
[Joel Gluth <joelgluth yahoo.com.au>, Jim Jagielski]
- mod_authn_alias: Detect during startup when AuthDigestProvider
is configured to use an incompatible provider via AuthnProviderAlias.
Apache Bug #45196 [Eric Covener]
- mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be
used as a session path separator/delim Apache Bug #45158. [Jim Jagielski]
- mod_charset_lite: Avoid dropping error responses by handling meta buckets
correctly. Apache Bug #45687 [Dan Poirier <poirier pobox.com>]
- mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
avoid reusing pooled connections if the client connection is an initial
connection. Apache Bug #37770. [Ruediger Pluem]
- mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
Apache Bug #44799 [Christian Wenz <christian wenz.org>]
- mod_ssl: Rewrite shmcb to avoid memory alignment issues.
Apache Bug #42101. [Geoff Thorpe]
- mod_proxy: Add connectiontimeout parameter for proxy workers in order to
be able to set the timeout for connecting to the backend separately.
Apache Bug #45445. [Ruediger Pluem, rahul <rahul sun.com>]
- mod_dav_fs: Retrieve minimal system information about directory
entries when walking a DAV fs, resolving a performance degradation on
Windows. Apache Bug #45464. [Joe Orton, Jeff Trawick]
- mod_cgid: Pass along empty command line arguments from an ISINDEX
query that has consecutive '+' characters in the QUERY_STRING,
matching the behavior of mod_cgi.
[Eric Covener]
- mod_headers: Prevent Header edit from processing only the first header
of possibly multiple headers with the same name and deleting the
remaining ones. Apache Bug #45333. [Ruediger Pluem]
- mod_proxy_balancer: Move nonce field in the balancer manager page inside
the html form where it belongs. Apache Bug #45578. [Ruediger Pluem]
- mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
[Ruediger Pluem]
- mod_rewrite: Preserve the query string when [proxy,noescape].
Apache Bug #45247. [Tom Donovan]
pkgsrc related note:
The security fix for CVE-2008-2939 has already been integrated as patch
before this update.
Catalyst plugin to force the application to restart server processes
when they reach a configurable memory threshold. Memory checks are
performed every 'N' requests. This is intended as a band-aid to
deal with problems like memory leaks; it's here to buy you time to
find and solve the underlying issues.
ssl, as there is no reason for it to be package-specific.
Most visible changes:
- Switch from GTK1 to FLTK2
- Tabbed browsing
- Downloads and FTP now work (at the expense of a wget dependency)
== Ruby-GNOME2 0.18.1: 2008-10-23
This release is bug fix release of 0.18.0.
=== Changes
Ruby/GTK2:
* fix a bug that init function is deleted. [Kouhei Sutou]
This bundle defines all required modules for ParallelUserAgent.
ExtUtils::MakeMaker - should be in perl disribution
LWP::UserAgent - Base for Parallel::UserAgent
LWP::RobotUA - Base for Parallel::RobotUA
LWP::Protocol - Base Protocol implementations
LWP::Parallel - Parallel User Agent itself
Zope 2.11.2 (2008/10/24)
Bugs Fixed
* Ensure that response header values cannot embed CRLF pairs,
which violate the HTTP spec (RFC 2616).
* Launchpad #282677: fixed implementation of guarded_map and provided
tests and implementation for guarded_zip (RestrictedPython).
* updated to ZODB 3.8.1
* Lauchpad #143736,#271395: fixed AttributeError' on _ltid in TempStorage
* AccessControl.ZopeGuards.guarded_import mapped some Unauthorized
exceptions onto ImportErrors: don't do that! Also, removed mutable
defaults from argument list, improved tests.
* LP #281156: AccessControl.SecurityInfo.secureModule dropped
ModuleSecurity for failed imports, obscuring later attempts to import
the same broken module.
* DateTime conversion of datetime objects with non-pytz
tzinfo. Timezones() returns a copy of the timezone list (allows tests
to run). (Backport of r89373 from trunk).
* LP #253362: better dealing with malformed HTTP_ACCEPT_CHARSET headers
* integrated Hotfix-2008-08-12
* Launchpad #267545: DateTime(DateTime()) now preserves the correct hour
* Launchpad #262313: respect the Expand macros when editing flag when
editing a page template through the ZMI
Zope 2.10.7 (2008/10/24)
Bugs fixed
* Ensure that response header values cannot embed CRLF pairs,
which violate the HTTP spec (RFC 2616).
* Launchpad #282677: fixed implementation of guarded_map and
provided tests and implementation for guarded_zip
(RestrictedPython).
* Lauchpad #143736,#271395: fixed AttributeError' on _ltid in TempStorage
* AccessControl.ZopeGuards.guarded_import mapped some Unauthorized
exceptions onto ImportErrors: don't do that! Also, removed
mutable defaults from argument list, improved tests.
* LP #281156: AccessControl.SecurityInfo.secureModule dropped
ModuleSecurity for failed imports, obscuring later attempts to
import the same broken module.
* LP #142667: Updated to ZODB-3.7.3 to fix problem with product
auto-refresh.
* Updated to Five 1.5.8
* Launchpad #245649: the Products package is now a proper
"namespace package" under the rules specified by setuptools.
* Fixed outdated transaction.commit(1) call in
ZODBMountPoint.SimpleTrailblazer
* Launchpad #239636: Ensure that HEAD requests lock an empty body
for NotFound errors.
* Launchpad #229549: Don't ignore debug flag when rendering page
templates (thanks to Eric Steele for the patch).
* integrated Hotfix-2008-08-12
* Launchpad #267545: DateTime(DateTime()) now preserves the correct hour
* Launchpad #262313: respect the Expand macros when editing flag
when editing a page template through the ZMI
Zope 2.9.10 (2008/10/24)
Bugs fixed
* Ensure that response header values cannot embed CRLF pairs,
which violate the HTTP spec (RFC 2616).
* Launchpad #282677: fixed implementation of guarded_map and
provided tests and implementation for guarded_zip
(RestrictedPython).
* AccessControl.ZopeGuards.guarded_import mapped some Unauthorized
exceptions onto ImportErrors: don't do that! Also, removed
mutable defaults from argument list, improved tests.
* LP #281156: AccessControl.SecurityInfo.secureModule dropped
ModuleSecurity for failed imports, obscuring later attempts to
import the same broken module.
* LP #142667: Updated to ZODB-3.6.4 to fix problem with product
auto-refresh.
* Launchpad #267545: DateTime(DateTime()) now preserves the
correct hour
* Launchpad #245649: the Products package is now a proper
"namespace package" under the rules specified by setuptools.
* Launchpad #239636: Ensure that HEAD requests lock an empty body
for NotFound errors.
* Launchpad #234209: De-tabify ZPublisher/HTTPRequest.py
* integrated Hotfix-2008-08-12
2.24.1:
Bug fixes and translation updates.
====================================================
Epiphany 2.24.0.1
====================================================
In this release, the address entry has improved logic which should
result in faster autocompletion lookups.
Bug fixes:
* Crash when showing download notification bubble (bug #536768)
* Window title copied the status bar (bug #524587)
* Fix RDF import (bug #523414)
* Proxy password prompt missing with gecko 1.9 (bug #539417)
* Password manager doesn't remove passwords with gecko 1.9 (bug #539418)
* Printing scales incorrectly (bug #541168)
* do not activate the smart bookmark entry after middle-clicking paste
text into it. (bug #378165)
* Address entry fixes:
- substring suggestions (bug #151932)
- unicode support (bug #343906)
- diacritics in topic keywords (bug #328162)
- completion on history items titles (bug #534218)
Enhancements:
* Update lock icon to a tango style one (bug #547936)
* Documentation updates (bug #552436, #552555, #534744)
* Enable complete-download sound with libcanberra
* revert special handling of double click in the address entry (bug
#426349)
Contributors to this release:
Diego Escalante Urrelo, Sebastian Keller, Josselin Mouette, Mike Hommey,
Paul Drain, Cosimo Cecchi, Bruce Cowan, Lucas Lommer, Colin Walters,
Loïc Minier, Vincent Untz, Christian Persch, Reinout van Schouwen
Translators:
Jorge Gonzalez (es), Kjartan Maraas (nb), Khaled Hosny (ar), Ivar Smolin
(et), Sweta Kothari, Reinout van Schouwen (nl), Daniel Nylander (sv),
Yair Hershkovitz (he), icq, Lucas Lommer (cz), Duarte Loreto (pt), Gil
Forcada (ca), Takeshi AIHANA (ja), sprasad, Theppitak Karoonboonyanan
(th), ituohela (fi), Robert-André Mauchin (fr), grakic (sr@latin), Inaki
Larranaga Murgoitio (eu), pgeyleg (dz), Hendrik Richter (de), Nguyễn
Thái Ngọc Duy (vi), Funda Wang (zh_CN), Philip Withnall (en_GB), Claude
Peroz (fr), mateju, rranjan (hi), apravi, Sankarshan Mukhopadhyay,
Gintautas Miliauskas (lt), Baris Ciçek (tr), Gabor Kelemen (hu), ifelix,
sandeeps, kelemeng, cwryu (kr), Alexander Shopov (bg), tvainika (fi),
Nickolay V. Shmyrev (ru), Mugurel Tudor (ro), Ask H. Larsen (dk)
GtkHTML-3.24.1 2008-10-20
-------------------------
Bug Fixes:
#546155: Composer crash after pasting text and deleting parts of it (Milan Crha)
#548540: Spellchecker reports possessive plurals (e.g. "horses'") as misspelled (Matthew Barnes)
#554326: Critical warning when opening new composer and have preset a signature (Milan Crha)
#554424: Spellchecker breaks after enabling more languages (Matthew Barnes)
#554849: Unlocalized strings in Compose mail dialog (Takao Fujiwara)
#556239: Inline spell-check not redone after changing the language (Matthew Barnes)
Updated Translations:
Djihed Afifi (ar)
Pema Geyleg (dz)
Gil Forcada (ca)
Takeshi AIHANA (ja)
GtkHTML-3.24.0 2008-09-22
-------------------------
Bug Fixes:
#423395: Ensure cursor at the right position even when first time focusing to the widget (Milan Crha)
#549232: Revise the translator comments to reference GtkComboBox, from which the "popup-shown" property and associated descriptions are taken (Matthew Barnes)
Updated Translations:
Gintautas Miliauskas (lt)
Lucas Lommer (cs)
Ask H. Larsen (da)
Hendrik Richter (de)
Inaki Larrañaga Murgoitio (eu)
Ilkka Tuohela (fi)
Chao-Hsiung Liao (zh_HK, zh_TW)
Djihed Afifi (ar)
Gabor Kelemen (hu)
Sandeep Shedmake (mr)
Tirumurthi Vasudevan (ta)
Milo Casagrande (it)
Leonardo Ferreira Fontenelle (pt_BR)
Changwoo Ryu (ko)
Yavor Doganov (bg)
Ivar Smolin (et)
Shankar Prasad (kn)
Philip Withnall (en_GB)
Åsmund Skjæveland (nn)
Funda Wang (zh_CN)
GtkHTML-3.23.92 2008-09-08
--------------------------
Bug Fixes:
#516680: Remember focus object same as in other functions (Milan Crha)
Updated Translations:
Philip Withnall (en_GB)
Rodrigo Marques Flores (pt_BR)
Sweta Kothari (gu)
Daniel Nylander (sv)
GtkHTML-3.23.91 2008-09-01
--------------------------
Updated Translations:
Og Maciel (pt_BR)
Sweta Kothari (gu)
Shankar Prasad (kn)
Daniel Nylander (sv)
Lucas Hermann Negri (pt_BR)
Inaki Larranaga Murgoitio (eu)
Ivar Smolin (et)
GtkHTML-3.23.90 2008-08-16
--------------------------
Bug Fixes:
#540794: Sanitize HTMLENGINE by checking whether we have a HTMLEngine (Tobias Mueller)
#543318: Force the codeset to UTF-8 (Pascal Terjan)
Other Contributors:
Fix compiler warnings (Matthew Barnes)
Updated Translations:
Harivishnu (ml)
Takeshi AIHANA (ja)
Duarte Loreto (pt)
Ilkka Tuohela (fi)
Yair Hershkovitz (he)
Chao-Hsiung Liao (zh_HK)
Chao-Hsiung Liao (zh_TW)
Youssef Chahibi (ar)
GtkHTML-3.23.6 2008-08-04
--------------------------
Bug Fixes:
#545559: Respect Gnome settings regarding cursor blinking (Milan Crha)
Updated Translations:
Ivar Smolin (et)
Youssef Chahibi (ar)
Vladimir Melo (pt_BR)
Bruno Brouard (fr)
GtkHTML-3.23.5 2008-07-21
--------------------------
Bug Fixes:
#244888: Add accelerators for "justify-left" (Ctrl+L), "justify-center" (Ctrl+E) and "justify-right" (Ctrl+R). Change the "word-wrap" accelerator from Ctrl+L to Ctrl+Backslash (Matthew Barnes)
#408707: Implements the first of several suggested UI improvements in the bug (Matthew Barnes)
#423395: New API to let GtkHTML know where to place cursor on the first focus event, based on the anchor name (Milan Crha)
#446894: Use the widget style's font rather than a hardcoded font (Matthew Barnes)
#493783: Restore last scrollbar position when done with substreams (Milan Crha)
#538703: Delay loading of all dictionaries to improve performance (Wang Xin)
#539289: Don't use deprecated gtk type macros (Christian Persch)
#540342: Fix a security vulnerability (Milan Crha)
#540929: Stop expanding columns as soon as there were no columns expanded during the cycle (Milan Crha)
#542567: Correct the shortcuts for increasing and decreasing indents (B S Srinidhi)
Updated Translations:
Luca Ferretti (it)
Andre Klapper (de)
Ignacio Casal Quinteiro (gl)
Daniel Nylander (sv)
Matej Urbanči (sl)
Theppitak Karoonboonyanan (th)
Kjartan Maraas (nb)
Jorge Gonzalez (es)
Yannig Marchegay (oc)
GtkHTML-3.23.4 2008-06-16
--------------------------
Bug Fixes:
#533741: Don't insert BOM into UTF-8 text when copying to clipboard; filter it out when pasting from clipboard (Vaclav Slavik)
#536635: Allow gtkhtml to build with G_DISABLE_SINGLE_INCLUDES and GTK_DISABLE_SINGLE_INCLUDES defined (Matthew Barnes)
#537397: Fix a duplicate mnemonic (Matthew Barnes)
Updated Translations:
Ivar Smolin (et)
Theppitak Karoonboonyanan (th)
Khaled Hosny (ar)
Ignacio Casal Quinteiro (gl)
GtkHTML-3.23.3 2008-06-02
--------------------------
Bug Fixes:
#524338: Reverting the fix for bug #342659 which caused the fickering (Srinivasa Ragavan)
Updated Translations:
Máté Őry (hu)
Clytie Siddall (vi)
Khaled Hosny (ar)
GtkHTML-3.23.2 2008-05-12
--------------------------
Bug Fixes:
#525996: Look for data files in our own installation prefix, to make running local builds easier (Matthew Barnes)
Other Contributors:
Don't translate a bunch of useless widget labels. (Kjartan Maraas)
Updated Translations:
Yair Hershkovitz (he)
Kjartan Maraas (nb)
Jorge Gonzalez (es)
GtkHTML-3.23.1 2008-04-21
--------------------------
Bug Fixes:
#266206: Bunch of input method fixes (Owen Taylor, Matthew Barnes)
#339093: Skip ZOOM commands only when in non-editing mode and when not invoked by key bindings. (Milan Crha)
#458369: Merge two similar translated strings. (Matthew Barnes)
#483745: Add tooltip for text color combo. (Milan Crha)
#512046: Gtkhtml freezes when backward searching in e-mail editing window (Takao Fujiwara)
#520711: Fix runtime critical warnings (Milan Crha)
#525977: Add a --with-glade-catalog option for installing Glade 3 catalog files (for maintainers only). Defaults to 'no'. (Matthew Barnes)
#526152: Defer management of spell check languages and color to the editor component. (Matthew Barnes)
Updated Translations:
Kjartan Maraas (nb)
Jorge Gonzalez (es)
Eskild Hustvedt (nn)
After some feedback from Roy Marples set up the package so it's easier
to get drupal to run under other web servers than apache. As the
default web server, apache will remain. Users can disable it using
the options.mk framework.
Rename APACHE_* variables to WWW_* and set some sane defaults.
This is the GNOME 2.24 version of gtkhtml. It goes with the new
version of x11/gtk2.
XXX This packages doesn't work yet due to errors from msgfmt.
I'm importing it to get a start on fixing the problems caused by
the x11/gtk2 update. Could somebody fix it, please?
version of x11/gtk2.
XXX This packages doesn't work yet due to errors from msgfmt.
I'm importing it to get a start on fixing the problems caused by
the x11/gtk2 update. Could somebody fix it, please?
The sixth maintenance and security release of the Drupal 6 series. Only
fixes for security vulnerabilities and other bugs have been committed. New
features are only being added to the forthcoming Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement:
* SA-2008-067 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been
fixed since the 6.5 release:
- Patch #315656 by Damien Tournoud: fixed bug in drupal_lookup_path('wipe').
#318102 by Dave Reid: hook_exit() was not invoked for some cached requests.
#277206 by Damien Tournoud, lilou, fp: untranslatable string in the installer
- Patch #324080 by winterheart: missing </td>-tag.
See http://drupal.org/node/324832 for all the details
The twelfth maintenance and security release of the Drupal 5 series. Only
fixes for security vulnerabilities and other bugs have been committed. New
features are only being added to the forthcoming Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement:
* SA-2008-067 - Drupal core - Multiple vulnerabilities
Pkgsrc changes:
Fixes "libwww-aliases" option, reported by PR 39776.
The knob for command aliases was changed when update to 5.815(?),
it is disabled by default, and libwww-alias option is no effect since the update.
So remove it from PKG_SUGGESTED_OPTIONS.
Changes:
2008-10-20
Release 5.819
Gisle Aas (2):
Don't override $Net::HTTPS::SSL_SOCKET_CLASS if it's already set.
Wrong content handlers would sometimes be skipped [RT#40187]
2008-10-16
Release 5.818
Gisle Aas (8):
Use deflate compression instead of gzip for the test
Simplify; Get rid of the $USE_STORABLE_DCLONE configuration
Add dump method to HTTP::Message.
Use $res->dump instead of rolling our own.
Layout change; move headers() methods to a more logical place.
Add support for x-bzip2 encoding; fix bzip2 decoding.
Add send_header method to HTTP::Daemon
Make the lwp-request User-Agent string include the LWP version.
Slaven Rezic (1):
clone implemented in terms of Storable::dclone [RT#39611]
Upstream changes:
0.18 09 Oct 2008
* fix bug where form was not cleared during initial search
0.17 11 Sept 2008
* change tact altogether in form_to_object() and assume
there are no autoincrement fields in $form
* move the form/object seeding in create() to the core
Controller create() method. This change
is as much to solve a strange Class::C3/Dispatcher issue
with multiple inheritance as anything.
* add missing $c in call to $self->form
* do_search calls field_names() on controller rather than form object
Rose::HTMLx::Form::Related is a subclass of Rose::HTML::Form.
Rose::HTMLx::Form::Related can interrogate the relationships between
ORM classes and the Forms that represent them, and use that data
to tie multiple Rose::HTMLx::Form::Related classes together.
Changes to squid-3.0.STABLE10 (14 Oct 2008):
- Bug 2391: Regression: bad assert in forwarding
- Bug 2447: Segfault on failed TCP DNS query
- Bug 2393: DNS requests getting stuck in idns queue
- Bug 2433: FTP PUT gives bad gateway
- Bug 2465: Limited DragonflyBSD support
- ... and other minor bugs and documentation
Changes to squid-2.7.STABLE5 (17 October 2008)
- Bug #2439: configuration file contains non-ASCII characters
- Bug #2441: Shut down store url rewrite helpers on squid -k
reconfigure
- foreground rebuild should do all of the rebuilding before Squid
accepts requests.
- Bug #2464: assertion failed: sc->new_callback == NULL at
store_client.c:190
- Bug #2394: add upgrade_http0.9 option making it possible to disable
upgrade of HTTP/0.9 responses
- Bug #2426: Increase negotiate auth token buffer size
- Bug #2468: Limit stale-if-error to 500-504 responses
- Bug #2477: swap.state permission issues if crashing during "squid -k
reconfigure"
- Bug #2430: Old headers still returned after a cache validation if
the request triggering the cache validation was itself a
If-Modified-Since request.
- Bug #2481: Don't set expires: now in generated error responses
- Windows port: Fix build error using latest MinGW runtime.
Changes to squid-2.6.STABLE22 (19 October 2008)
- Bug #2396: Correct the opening of the PF device file.
- Make --with-large-files and --with-build-envirnment=default play
nice together
- Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
__u32 problem
- Make dns_nameserver work when using --disable-internal-dns on glibc
based systems
- Bug #2426: Increase negotiate auth token buffer size
- Bug #2427: squid_ldap_group -h reports the old % codes for -f
- Bug #2477: swap.state permission issues if crashing during "squid -k
reconfigure"
- Windows port: Fix build error using latest MinGW runtime.
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
Server(tm) and Microsoft Internet Explorer(tm). While it is not really
secure, it offers background authentication (the workstation logon
credentials of users are passed through to the web server). This feature is
widely used in intranets based on these Microsoft products.
This module is implementing NTLM authentication for Apache on Unix
platforms. It is available free of charges under the BSD License.
2008-10-10
Release 5.817
Gisle Aas (16):
Should store "wire" headers field names with _ without translation.
Test HTTP::Request->parse().
Restore pre-5.815 behaviour of returning "400 Bad Request" [RT#39694]
Rename the HTTP::Status constants to have HTTP_ prefix
Detection of unsupported schemes was broken [RT#37637]
Allow tainted methods to be forwarded to HTTP::Headers [RT#38736]
Add strict mode to HTML::Form
Fix test now that less warnings are generated.
Add content_is_xml method
Make split_header_words() lower case returned tokens/keys
Avoid invoking AUTOLOAD on object destruction [RT#39852]
Add decode() method to HTTP::Message
Add encode() method to HTTP::Message
Allow multiple fields to be set with push_header().
Make content_type and content_is_xhtml methods faster
Faster push_header()
2008-09-29
Release 5.816
Gisle Aas (2):
Add missing binmode() [RT#39668]
Doc tweaks
2008-09-24
Release 5.815
Gisle Aas (23):
We don't need to build the docs to run the tests.
Style tweaks.
The jigsaw service isn't up to much good these days.
HTTP::Cookies produces warnings for undefined cookie param names [RT#38480]
Typo fix; HTTP::Message will never include x-bzip2 in Accept-Encoding [RT#38617]
Added HTTP::Config module
Add methods to configure processing handlers.
100 Continue response not complete.
Use 3-arg open when response content to files.
Make the show_progress attribute official (by documenting it).
Start using handlers for driving the inner logic of LWP::UserAgent.
Expose the content_is_html and content_is_xhtml methods from HTTP::Headers.
Make credentials method able to get/set values.
An auth handler per realm.
Match proxy setting for request.
Set up separate handler for adding proxy authentication.
Add request_preprepare to be able to initialize proxy early enough.
Smarter get_my_handler() that can also create handlers.
Refactor; introduce run_handlers method
Pass in handler hash to the handler callback.
Don't let version=1 override behaviour if specified with a plan Set-Cookie header.
Remove handler when we don't have a username/password for the realm.
Make tests use Test.pm
Bron Gondwana (2):
Double-check that username or password has changed after a failed login.
Update Digest Authen to subclass Basic.
Ondrej Hanak (1):
Avoid running out of filehandles with DYNAMIC_FILE_UPLOAD.
Todd Lipcon (1):
Fixed parsing of header values starting with ':' [RT#39367]
amire80 (1):
Documentation typo fixes [RT#38203]
(10 Oct 2008, from /branches/1.5.x)
http://svn.collab.net/repos/svn/tags/1.5.3
User-visible changes:
* Allow switch to continue after deleting locally modified dirs (issue #2505)
* Update bash_completion to be compatible with 1.5 (r32900, -11, -12)
* Improve 'svn merge' execution time by 30% on Windows (r33447)
* Reuse network sessions during 'svn merge', improving performance (r33476)
* Improve temp file creation time on Windows (r33464)
* Greatly improve merge performance (r29969, r32463, r33013, -016, -022, -112)
* Improve file IO performance on Windows (r33178, -85)
* fixed: merging files with spaces in name (r33109, -121, -369)
* fixed: incorrect relative externals expansion (r33109, -121, -369)
* fixed: 'svn mv' hangs and consumes infinite memory (r33201, -12)
* fixed: correctness regression in 'svn log -g' (issue #3285)
* fixed: current early bailout of 'svn log -g' (r32977)
Developer-visible changes:
* Allow the tests to run as non-administrator on Windows Vista (r31203)
* Allow out-of-tree build of bindings on BSD (r32409)
* Translate messages in svn_fs_util.h (r32771)
* fixed: bindings test for Perl 5.10 (r31546)
* fixed: building bindings and C API tests with VS2008 (r32012)
* fixed: svn_ra_replay API over ra_serf (r33173)
Pkgsrc changes:
- does not support Module::Build anymore.
Changes since version 1.01:
===========================
1.03 2008-08-07
Forgot the Changelog for 1.02. Oops.
1.02 2008-08-07
Added support for strict HTML output. Fixes#34378. Thanks JUERD
and SIGZERO for the report and VRK for the patch that fixes it.
created or not. Packages that include other ELP's buildlink3.mk must define
EMACS_BUILDLINK. Other packages don't create wrappers, which reduces build
time a lot.
Rose::HTMLx::Form::Field::Serial is a subclass of
Rose::HTML::Form::Field::Hidden. It exists simply to isolate a
particular kind of form field that should not be updated via form
but may need to be passed as a param or viewed in a (x)html serialized
format. The namespace is reserved in the event that future
functionality may be added, but mostly to uniquely identify this
field type for use with Rose::DBx::Garden.
Catalyst is an elegant web application framework, extremely flexible yet
extremely simple. It's similar to Ruby on Rails, Spring (Java) and
Maypole, upon which it was originally based.
Catalyst follows the Model-View-Controller (MVC) design pattern, allowing
you to easily separate concerns, like content, presentation and flow control,
into separate modules. This separation allows you to modify code that handles
one concern without affecting code that handles the others. Catalyst promotes
re-use of existing Perl modules that already handle common web application
concerns well.
----
v3.3
----
[jan] Fix synchronization issues with Blackberry clients (bug 6949).
[mms] Fix setting the horde user when using application authentication with
realms (bug 6749).
[jan] Fix user name conversion with user hooks in the permissions interfaces
(bug 6371).
[jan] Provide all settings for the read server in split SQL configuration
(Request #7024).
[jan] Improve HTML to text filter.
[mjr] Hierarchical SQL Share driver now correctly removes all children when
removing a share (Bug: 7347).
[mjr] Fix an issue with various date/time fields in horde form that was causing
erroneous validation errors.
[cjh] Sign parameters to go.php with an HMAC based on a new secret key
configuration value, to prevent using go.php as an open referrer.
[cjh] Make logout tokens only valid for a configurable length of time.
--------
v3.3-RC1
--------
[mms] Fix garbage collection handling on SQL session handler backends.
[mjr] Change MDB2 sequence names to 'id' in SQL share driver (bug 7240).
[cjh] When a URL is supplied for pass-through after logging in, go to that URL
in mobile browsers instead of going to the mobile portal (bug 6332).
[mms] Memcache session handler no longer writes data with a lifetime.
[cjh] Add DIMP to the horde LDAP OIDs and hordePerson objectclass (bug 7243).
[mms] Update FCKeditor to v2.6.3.
[jan] Use global mailer configuration when sending alarm emails
(adrieder@sbox.tugraz.at, bug 7058).
[jan] Reset background colors when resetting the category form (bug 7226).
[jan] Improve Funambol contacts support (Requests #7099, #7100).
[jan] Correctly parse GEO tags in vCard 2.1 data (bug 6563).
[jan] Remove Horde portal link from application menus (bug 7221).
[cjh] Create a driver for signups, allowing backends other than DataTree
(Duck <duck@obala.net>, Request #7161).
[jan] Fix displaying images with the image form field.
[mjr] Fix issue with hierarchical SQL share driver that caused permissons to
erroneously be denied when the share contained group permissions and was
instantiated by a listShares call.
[mjr] Fix issue with hierarchical SQL share driver that caused any child shares
to be orphaned when the parent share was moved in the hierarchy.
[mjr] Fix issue with SQL share drivers that was causing permission checks to
fail under certain conditions by no longer explicitly storing owner
permissions in the Perms backend.
[cjh] Fix overwriting a variable in the tableset_html VarRenderer
(Paul Roy <proy@corom.ca>, bug 7120).
[mms] Fix MIME encoding when using the ISO-2022-JP charset (bug 1621).
[jan] Fix SQL Share driver not using the correct database when using different
databases in Horde applications (bug 6997).
[cjh] Fix SQL portability in Share_sql driver (bug 7084).
[jan] Fix synchronizing large amounts of data split across several SyncML
messages.
[jan] Add Basque translation (Euskal Herriko Unibertsitatea EHU/UPV
<xabier.arrieta@ehu.es>).
[cjh] Fix Horde_Lock::getLockInfo (duck@obala.net, Bub #7046).
[cjh] Fix SQL portability in Group_sql driver (bug 7075).
[jan] Fix PAM authentication driver, but also mark it as deprecated (bug 6982).
[mjr] Fix issue with native SQL Share driver that caused filtering shares by
attributes to fail.
[jan] Fix synchronization of event alarms with Funambol clients (bug 7003).
[jan] Correctly detect Funambol clients on Blackberry devices (bug 6995).
[mjr] Remove all user application permissions and group memberships from storage
when removing the user from the system (Bug: 6999)
[cjh] Call the postauthenticate hook in Auth::setAuth(), and allow the
postauthenticate hook to cause setAuth() to fail. Allows postauthenticate
to fire on any event, including transparent authentication, that could
result in a user being successfully logged in.
[jan] Improve attribute support and charset conversion in vCard viewer.
[jan] Show photos in vCard object if provided with an URL.
[mjr] Remove permissions from storage also when removing a share.
[jan] Add Horde_Form fields for string arrays and PGP and S/MIME keys.
[jan] Only show Add Permission icons in permissions interface where adding
them is possible.
[mjr] Fix issue in Horde_Image that was causing erratic results when cropping
images.
[jan] Fix validation of phone fields marked as required (bug 6948).
[mms] Fix quoting periods in display part of e-mail address (bug 6899).
[mms] Fix error checking when parsing an undisclosed recipients mail header
and using an older version of PEAR::Mail (bug 6930).
[jan] Return to portal after editing or deleting blocks directly from there.
The 6th maintenance release of Plone 3.1 is now available. The important
changes since version 3.1.5.1 are:
* Improve handling of stale catalog entries encountered during folder
reordering.
* Fix the silent failure of the group membership management of users via
the user membership form.
* Restore icons for the language control panel in the 3.0.1 to 3.0.2
migration.
* Fix test for automatically generated ids to handle content types with
a dot in their name.
* By default, keep the styling when managing portlets separate from the
styling when viewing the portlets, to improve usability with custom
themes.
* Hide link to the dashboard from the personal preferences page if the
user is not allowed to view the dashboard.
* Improve styling in MS Internet Explorer.
* Fix non XML syntax compliant ids in content menus.
* Correct problems with Firefox 3.0 and kupu.
The following packages and products were upgrades as part of this
release:
* Products.kupu 1.4.12
* Products.CMFPlone 3.1.6
* plone.app.contentmenu 1.1.5
More information about this release and links to installers can be found
at http://plone.org/products/plone/releases/3.1.6
* SA-2008-060 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 6.4 release:
* - Patch 246143 by bjaspan, Damien Tournoud: make sure updates are run in numeric order, not in definition order.
* - Patch 221230 by Heine: convert requirement error on update to requirement warning.
* - Patch 252430 by quicksketch: allow base theme prefix in preprocessor function names to correct expected behavior.
* - Patch 245322 by mfb: fixed breadcrumb behavior.
* - Patch 287949 by Freso, Damien Tournoud: keep language icons in consistent order across nodes.
* - Patch 265899 by mfb: uri_brief mail token did not support https URLs.
* - Patch 272952 by NancyDru and chx: fixed documentation issue.
* - Patch 170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie.
* - Patch 243063 by GoofyX: fixed typo in context-sensitve help.
* - Patch 295152 by dww, Damien Tournoud, et al: fixed version comparison.
* - Patch 278759 by douggreen, fletchgqc: improved code comment.
* - Patch 276018 by mfb: extend the lifetime of temporary files.
* - Patch 228576 by sun: too ambiguous stylesheet in dblog.css when form_altering the watchdog table.
* - Patch 285309 by pwolanin: menu_name in hook_menu is ignored on updates.
* - Patch 261859 by rse, Damien Tournoud: make the trigger module work on PostgreSQL.
* - Patch 305436 by Damien Tournoud, lelutin: fixed unclosed <li> tag in the context-sensitive help.
Any many more. See http://drupal.org/node/318701 for all the details
* SA-2008-060 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed in the 5.11 release:
* - Patch 265899 by mfb: uri_brief mail token did not support https URLs.
* - Patch 170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie.
* 296096 by Damien Tournoud. Fix 5.10 Postgres install & update.
* - Patch 246143 by bjaspan, Damien Tournoud: make sure updates are run in numeric order, not in definition order.
* 181831 by Rob Loach. Backport of #130630 by chx: provide an id on the form item wrapper div.
* 283026 by Damien Tournoud. Make user_authenticate from external source (for existing users) work with no server part.
* 298535 by mkalkbrenner. Correct HTTP status code for failed connection.
* 108717 by add1sun and neclimdul. Code style.
* - Patch 230932 by ryanlath: file_scan_directory() didn't scan the directory called '0'. Backport by cridenour.
* follow up to 280621 by lilou: the object tag was disallowed in a previous version in filter_xss_admin(), so disallow param as well, which is only meaningful inside an object tag
* 208270 reported by Dries, patch by jvandyk: it was not possible to clear the XML-RPC error cache, making it impossible to do multiple queries in one request. Add xmlrpc_clear_error() and slightly modify xmlrpc_error() to fix.
* - Patch 308549 by lyrincz, Dave Reid: fixed broken link in PHPdoc.
* 67895 patch by goba, tested by JirkaRybka and blackdog: move poll votes with poll options, when an option is removed, instead of dropping all old votes, solving an old data loss bug. Backport by dww.
* 312730 by Damien Tournoud. hook_requirements('install') should work for modules that don't reside in the main './modules' folder.
Don't call pkg_info to get the installed Emacs version; always use the
version matching EMACS_TYPE set by users. Be DEPENDS to it. This should
address pkg/37146 by Aleksey Cheusov.
While here convert some emacs lisp packages to user-destdir.
Sat Sep 13 20:40:01 BST 2008 - surfraw 2.2.3
* Surfraw now defaults to graphical mode. See surfraw(1)
for how to change the default back.
* Search for default browsers during build.
This can be overridden by passing --with-text-browser=BROWSER
and --with-graphical-browser=BROWSER to ./configure.
* New elvis: piratebay, genportage. Thanks to J.R. Mauro.
* Detect which awk to use.
* Fixed slinuxdoc and webster.
* Removed bashisms.
* Fixed uninstall.
* Add --disable-sr option to ./configure to disable installing the
'sr' symbolic link, to avoid clashes with the SR programming language.
Changes since 2.2a5 [2008-05-03]:
- Added trend display pages.
- Dashboard style display for templates lacked links.
- Suppressed undefined variable warnings (courtesy of Martin Schuster).
- Replace "missing" graphs with "unknown" icon (courtesy of R.P. Aditya).
- Rcs module now(?) needs more to be untainted (reported by "Matt Perry).
* recentchanges: Fix redirects to non-page files.
* aggregate: Avoid uninitialized value warnings for pages with no recorded
ctime.
* attachment: Add admin() pagespec to test if the uploading user is a wiki
admin.
* git: Fix handling of utf-8 filenames in recentchanges.
* tag: Make edit link for new tags ensure that the tags are created
inside tagbase, when it's set.
* template: Make edit link for new templates ensure the page is located
under toplevel templates directory.
* htmlscrubber: Add a config setting that can be used to disable the
scrubber acting on a set of pages.
* Expand usage message and add --help. Closes: #[500344]
* Beautify urls used in various places. (smcv)
* Export pagetitle, titlepage, linkpage.
* htmltidy: Avoid returning undef if tidy fails. Also avoid returning the
untidied content if tidy crashes. In either case, it seems best to tidy
the content to nothing.
* htmltidy: Avoid spewing tidy errors to stderr.
* Reorganize index file, add a format version field. Upgrades to the new
index format should be transparent.
* Add %wikistate, which is like %pagestate except not specific to a given
page, and is preserved across rebuilds.
* editpage: Be more aggressive (and less buggy) about cleaning up
temporary files rendered during page preview.
* Add an indexpages option, which causes foo/index.mdwn to be the source
for page foo when foo.mdwn doesn't exist. Also, when it's enabled,
creating a new page will save it to foo/index.mdwn by default.
Closes: #[474611]
(Sponsored by The TOVA Company.)
* httpauth: Document that ikiwiki.cgi has to be in a directory subject to
authentication. Closes: #[500524]
* inline: Fix handling of rootpage that doesn't exist.
* attachment: Support adding attachments to pages even as they are being
created.
* remove, rename: Allow acting on attachments as a page is being created.
* Updated French translation. Closes: #[500929]
* progress: Display an error if the progress cannot be parsed, and allow
the percent parameter to only optionally end with "%".
* Fix reversion in use of ikiwiki -verbose -setup with a setup file that
enables syslog. Setup output is once again output to stdout in this
case.
* edittemplate: Default new page file type to the same type as the template.
(willu)
* edittemplate: Add "silent" parameter. (Willu)
* edittemplate: Link to template, to allow creating it. (Willu)
* editpage: Add a missing check that the page name contains only legal
characters, in addition to the existing check for pruned filenames.
* Print a debug message if a page has multiple source files.
* Add keepextension parameter to htmlize hook. (Willu)
* rename, remove: Don't rely on a form parameter to tell whether the page
should be treated as an attachment.
* rename: Add support for moving SubPages of a page when renaming it.
(Sponsored by The TOVA Company.)
* rename: Hide type field from rename form when renaming attachments.
pkgsrc change
* Add README and sample additional apatch's configuration fratment.
* Fix dependency line for php-gd.
==========================
TYPOlight webCMS CHANGELOG
==========================
Version 2.6.1 (2008-09-20)
--------------------------
- Added content element "article alias"
- Added interface "uploadable" for file upload widgets
- Added optgroups to the TinyMCE "typolinks" file drop-down menu
- Added forum/helpdesk hook to template "member_grouped"
- Added month names to calendar templates (#27)
- Added workaround for PCRE unicode word boundary limitation (#65)
- Added callbacks "executePreActions" and "executePostActions" (#16)
- Added option to send personalized mails to the newsletter module (#108)
- Added a variable timeout between each newsletter sending cycle (#56)
- Added a "check all" box to all checkbox widgets (#32)
- Replaced back end multi-filter with a more efficient implementation
- Replaced all Template objects with FrontendTemplate or BackendTemplate (#64)
- Improved preview pane to show only members with a username
- Improved search algorithm to check for duplicate content URLs (#98)
- Fixed issue with external PHP templates breaking insert tags (#12)
- Fixed issue with domains containing "www" in multi-domain mode (#73)
- Fixed issue with wrong newsletter URLs when page alias usage is disabled (#26)
- Fixed issue with ambiguous image names in HTML newsletters (#84)
- Fixed issue with wrong color in dpSyntaxHighlighter (#30)
- Fixed issue with backlinks not working on cached pages (#15)
- Fixed issue with MySQL convertig aliases starting with a digit (#82)
- Fixed issue with incorrect download URLs (#24)
- Fixed a few spelling issues (#110)
- Fixed a few minor bugs
Changes:
- GCC printf attributes for all printf like functions for better
compiler time warnings (Nikolai Kondrashov)
- Better support for other compilers for handling CPP variable
argument macros (Raphaël HUCK)
- Fix for some symlinking/hdf_get_obj bugs (Nikolai Kondrashov)
- Performance improvements to Perl wrapper (Sergey Skvortsov)
- New url_validate Clearsilver method (Mugdha Bendre @ Google)
- Quick Hello World example for using with FastCGI (Mike Tsao @ Google)
- Updates to the Ruby wrapper (Dan Janowski)
- Updates to the Java wrapper (Joe Walnes @ Google)
- Add support to Java wrapper for hooking the file loader
- Add string.crc builtin-function
- Make it easier to write XSS free clearsilver code
- Ability to setup file load hooks for cs and hdf files
- fix for non-thread safe nerr_init call (causes java jni wrapper to
core dump when server is started under heavy load)
- python egg support (if you have the egg version of distutils
installed)
- some parser edge case fixes.
- some cleanups to cgiwrap that make it easier to use with
fastcgi. fastcgi wrapper to come in the future.
safe to tie it to one specific version), so remove the dependency.
Dansguardian will work with any upstream web proxy; it requires a parent
proxy for the actual fetching, but we don't need to dictate which one.
This contains security fix: http://trac.lighttpd.net/trac/ticket/1774
- 1.4.20 -
* Fix mod_compress to compile with old gcc version (#1592)
* Fix mod_extforward to compile with old gcc version (#1591)
* Update documentation for #1587
* Fix#285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531)
* Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308)
* Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601)
* Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628)
* Don't send empty Server headers (#1620)
* Fix conditional interpretation of core options
* Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$"
* Fix accesslog port (should be port from the connection, not the "server.port") (#1618)
* Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local)
* Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst
* Handle EINTR in mod_cgi during write() (#1640)
* Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639)
* Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn't append an error page
* Remove lighttpd.spec* from source, fixing all problems with it ;-)
* Do not rely on PATH_MAX (POSIX does not require it) (#580)
* Disable logging to access.log if filename is an empty string
* Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624)
* merge spawn-fcgi changes from trunk (from @2191)
* let spawn-fcgi propagate exit code from spawned fcgi application
* close connection after redirect in trigger_b4_dl (thx icy)
* close connection in mod_magnet if returned status code
* fix bug with IPv6 in mod_evasive (#1579)
* fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com
* [tests] fixed system, use foreground daemons and waitpid
* [tests] removed pidfile from test system
* [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi)
* fixed typo in mod_accesslog (#1699)
* replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt)
* case insensitive match for secdownload md5 token (#1710)
* Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687)
* fixed mod_secdownload problem with unsigned time_t (#1688)
* handle EAGAIN and EINTR for freebsd sendfile (#1675)
* Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716)
* fixed round-robin balancing in mod_proxy (#1715)
* fixed EINTR handling for waitpid in mod_fastcgi
* mod_{fast,s}cgi: overwrite environment variables (#1722)
* inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631)
* fixed url encoding to encode more characters (#266)
* allow digits in [s]cgi env vars (#1712)
* fixed dropping last character of evhost pattern (#161)
* print helpful error message on conditionals in global block (#1550)
* decode url before matching in mod_rewrite (#1720)
* fixed conditional patching of ldap filter (#1564)
* Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
* fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
* fixed format string bugs in mod_accesslog for SYSLOG
* replaced fprintf with log_error_write in fastcgi debug
* fixed mem leak in ssi expression parser (#1753), thx Take5k
* hide some ssl errors per default, enable them with debug.log-ssl-noise (#397)
* do not send content-encoding for 304 (#1754), thx yzlai
* fix segfault for stat_cache(fam) calls with relative path (without '/', can be triggered by x-sendfile) (#1750)
* fix splitting of auth-ldap filter
* workaround ldap connection leak if a ldap connection failed (restarting ldap)
* fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
* fix memleak in request header parsing (#1774, thx qhy)
* fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!)
* use decoded url for matching in mod_redirect (#1720)
2.4.6
*) Fix a bug I introduced in 2.4.4 that broke dynamic application
restarts. Reported by [Yar <yarodin gmail.com>]
2.4.4
*) Allow FastCgiServer and FastCgiExternal server directives
to be used within VirtualHosts (again). Add docs to explain
potential accessibility from other VirtualHosts.
[Rob Saccoccio <robs fastcgi.com>]
*) Check for a null filename in the request to prevent an NPE that
was occurring when a WebSphere Apache module was also in use.
[Fabian Pehla <fabian pehla.de>}
*) [AP2] Call ap_set_content_type() rather than setting the content_type
directly so that the AddOutputFilterByType directive can work correctly.
[Thomas 'Freaky' Hurst <tom.hurst clara.net>]
*) Don't use initializers for timeval structs because on 64bit
MVS there is a padding field in between tv_sec and tv_usec.
[Eric Covener <covener gmail.com>]
*) [AP2] Add support for nph (non parsed header) scripts.
[Peter Zijlstra <peterz nedstat.com>]
*) Abort the request if the client connection ends prematurely.
[Peter Zijlstra <peterz nedstat.com>]
*) Introduce the apr_* backward compatibility macros removed
in Apache 2.2. ["Daniel Smertnig" <daniel.smertnig gmail.com>]
*) Fix a problem (remove install-modules) in Makefile.AP2 under
Apache 2.2. ["Daniel Smertnig" <daniel.smertnig gmail.com>]
*) Don't count an application exit towards the number of
failures when doing restart backoff handling if the exit
status is 0. ["Rob Saccoccio" <robs fastcgi.com>]
*) [*nix] Don't use suexec when there is no user/group in effect.
This change is consistent with Apache2 handling. Identified
by ["Florian Effenberger" <floeff arcor.de>].
*) Add a -min-server-life option to the FastCgiConfig and
FastCgiServer directives to provide better control of the
restart backoff feature. ["Benjamin Osheroff" <ben gimbo.net>]