- Add PHP 5.4 support (Dmitry, Anatoliy, Pierre)
- Fixed bug #22679: Fix apc_bin_dump for constants. Use IS_CONSTANT_TYPE_MASK
to handle all the constants, including the unqalified ones (instead of
~IS_CONSTANT_INDEX check)
- Fixed bug #23822, php crashes on apache restart
Patches from Bernd Ernesti on pkgsrc-users.
Changelog:
The following problems are fixed.
* Security fixes
* extensions.checkCompatibility.* prefs didn't work as expected
in ESR releases (734848)
* Firefox ESR 10.0.3 opened "Whats New" page after update (737535)
=== 2.4
* Security fix:
Mechanize#auth and Mechanize#basic_auth allowed disclosure of passwords to
malicious servers and have been removed.
In prior versions of mechanize only one set of HTTP authentication
credentials were allowed for all connections. If a mechanize instance
connected to more than one server then a malicious server detecting
mechanize could ask for HTTP Basic authentication. This would expose the
username and password intended only for one server.
Mechanize#auth and Mechanize#basic_auth now warn when used.
To fix the warning switch to Mechanize#add_auth which requires at the URI
the credentials are intended for, the username and the password.
Optionally an HTTP authentication realm or NTLM domain may be provided.
* Minor enhancement
* Improved exception messages for 401 Unauthorized responses. Mechanize now
tells you if you were missing credentials, had an incorrect password, etc.
Changelog
* The Redis adapter (Ramaze::Cache::Redis) has been fixed so that it works
with sessions, previously this would result in "Can't convert into symbol"
errors and the like. This problem was caused by not encoding data using
Marshal. Thanks to EdvardM for reporting the issue.
* The Redis cache adapter namespaces keys just like the other adapters.
* Ramaze::Cache::MemCache has been updated for the latest version of Dalli and
should no longer display deprecation warnings. The minimum required version
of Dalli has been set to at least 2.0.2.
* Various documentation improvements and additions.
* The HTML of the pagination helper can now be customized, thanks to Leucos
and bougyman for adding it.
=== unicorn 4.3.1 - shutdown() fixes / 2012-04-29 07:04 UTC
* Call shutdown(2) if a client EOFs on us during upload.
We can avoid holding a socket open if the Rack app forked a
process during uploads.
* ignore potential Errno::ENOTCONN errors (from shutdown(2)).
Even on LANs, connections can occasionally be accept()-ed but
be unusable afterwards.
Thanks to Joel Nimety <jnimety@continuity.net>,
Matt Smith <matt@nearapogee.com> and George <lists@southernohio.net>
on the mongrel-unicorn@rubyforge.org mailing list for their
feedback and testing for this release.
=== unicorn 4.3.0 - minor fixes and updates / 2012-04-17 21:51 UTC
* PATH_INFO (aka REQUEST_PATH) increased to 4096 (from 1024).
This allows requests with longer path components and matches
the system PATH_MAX value common to GNU/Linux systems for
serving filesystem components with long names.
* Apps that fork() (but do not exec()) internally for background
tasks now indicate the end-of-request immediately after
writing the Rack response.
Thanks to Hongli Lai, Lawrence Pit, Patrick Wenger and Nuo Yan
for their valuable feedback for this release.
=== unicorn 4.2.1 - minor fix and doc updates / 2012-03-26 21:39 UTC
* Stale pid files are detected if a pid is recycled by processes
belonging to another user, thanks to Graham Bleach.
* nginx example config updates thanks to to Eike Herzbach.
* KNOWN_ISSUES now documents issues with apps/libs that install
conflicting signal handlers.
3.1.16
* Fix some bugs in sass-convert selector parsing when converting from CSS.
* Substantially improve compilation performance on Ruby 1.8.
* Support the @-moz-document directive¡Çs non-standard url-prefix and domain
function syntax.
* Support the @supports directive.
* Fix a performance issue when using /*! */ comments with the Rails asset
pipeline.
* Support -moz-element.
* Properly handle empty lists in sass-convert.
* Move from FSSM to Listen for file-system monitoring.
=== 2.6 / 2010-03-26
* Minor enhancement
* Net::HTTP::Persistent#idle_timeout may be set to nil to disable expiration
of connections. Pull Request #21 by Aaron Stone
## 2.0.2 (03 April 2012)
- Updated to jQuery 1.7.2
- Updated to jQuery UI 1.8.18
- Updated to latest jquery-ujs
- Override provided for obtaining `href`
- Edit `crossDomain` and `dataType` from `ajax:before` event
## Rails 3.2.3 (unreleased) ##
* Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*
* Fix#5632, render :inline set the proper rendered format. *Santiago Pastorino*
* Fix textarea rendering when using plugins like HAML. Such plugins encode the first newline character in the content. This issue was introduced in https://github.com/rails/rails/pull/5191 *James Coleman*
* Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*
* Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*
* Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
check that info. Closes#5245. *Santiago Pastorino*
* Fix#5238, rendered_format is not set when template is not rendered. *Piotr Sarnacki*
* Upgrade rack-cache to 1.2. *José Valim*
* ActionController::SessionManagement is deprecated. *Santiago Pastorino*
* Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*
* Add a new line after the textarea opening tag. Closes#393 *Rafael Mendonça França*
* Always pass a respond block from to responder. We should let the responder to decide what to do with the given overridden response block, and not short circuit it. *sikachu*
* Fixes layout rendering regression from 3.2.2. *José Valim*
* Remove unused option.
* Restore jemalloc option.
Changelog:
* The File and Move Bookmarks dialogs are resizable now.
* HTML5 videos that do not start automatically show a large play button now.
* Add-ons Sync can now be configured without the Add-ons Sync Prefs add-on.
* Pasting a URL from the clipboard into the Download Manager window will
download it.
* Plugins can be disabled for the whole suite now in addition to
Mail & Newsgroups only.
* View Source now has line numbers.
* Line breaks are now supported in the title attribute.
* Find in Page search results are scrolled into view now.
* The column-fill CSS property has been implemented.
* Support for the text-align-last CSS property has been added.
* Experimental support for ECMAScript 6 Map and Set objects has been
implemented.
* Fixed several stability issues.
Changelog:
* Page Source now has line numbers
* Line breaks are now supported in the title attribute
* Improvements to "Find in Page" to center search result
* URLs pasted into the download manager window are now automatically downloaded
* Support for the text-align-last CSS property has been added
* Various security fixes
* Some TinyMCE-based editors failed to load (739141)
Upstream changes:
Highlights
MDL-27891 Tag flagging is now logged
Functional changes
MDL-31095 Quiz max grade maintained when adding and removing questions
MDL-30031 Quiz Adaptive mode ignores invalid answers without penalty
Security issues
MSA-12-0013 - Database activity export permission issue
MSA-12-0014 - Password and Web services issue
MSA-12-0015 - Backup and private files issue
MSA-12-0016 - Default repository capabilities issue
MSA-12-0017 - Personal information leak issue
MSA-12-0018 - Course information leak in Gradebook export
MSA-12-0019 - Overview report and hidden course issue
MSA-12-0020 - Forum subscription permission issue
MSA-12-0021 - Course information leak through tags
MSA-12-0022 - Security conflict in Web services
Fixes and improvements
MDL-31248 Change to RC4 encryption is now backwards compatible
- Note: all users will need to log in to set a new cookie after this update
MDL-31213 Problem with new password form was fixed
MDL-29254 Problem adding blog entries after an update from 1.9 was resolved
MDL-22896 Forum messages with ampersands are now sent correctly by email
MDL-27793 Login names now appear consistently in all themes across all languages
MDL-26037 When importing in a site with lots of courses, all courses are checked
MDL-30484 Regrading quiz causes essay attachments to disappear
MDL-28364 Correct import formats accepted when importing questions
MDL-31407 Quiz grades are saved properly when the submitter is not the user taking the quiz
MDL-31876, MDL-31495 Quiz performance improvements have been made
Three external libraries included in WordPress received security updates:
* Plupload (version 1.5.4), which WordPress uses for uploading media.
* SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
* SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
WordPress 3.3.2 also addresses:
* Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
* Cross-site scripting vulnerability when making URLs clickable.
* Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
2012-02-16 HTTP-Message 6.03
Support 'bzip2' as alternative to Content-Encoding: x-bzip2. Some
servers seem to return it.
Make newlines in forms be "\r\n" terminated.
Added some more status codes.
Restore perl-5.8.1 compatiblity.
2012-03-25 Gisle Aas <gisle@ActiveState.com>
Release 1.60
Gisle Aas (3):
Merge pull request #4 from hiratara/fix-repourl
Updated repository URL
Avoid failure if the local hostname is 'foo' [RT#75519]
Masahiro Honma (1):
Fix the URL of the repository.
Matt Lawrence (1):
Do not reverse the order of new parameters
Peter Rabbitson (1):
Fix RT#59274 - courtesy of a stupid 5.8.[12] join bug
* Remove dead link from plugins/teximg. Closes: #664885
* inline: When the pagenames list includes pages that do not exist, skip
them.
* meta: Export author information in html <meta> tag. Closes: #664779
Thanks, Martin Michlmayr
* notifyemail: New plugin, sends email notifications about new and
changed pages, and allows subscribing to comments.
* Added a "changes" hook. Renamed the "change" hook to "rendered", but
the old hook name is called for now for back-compat.
* meta: Support keywords header. Closes: #664780
Thanks, Martin Michlmayr
* passwordauth: Fix url in password recovery email to be absolute.
* httpauth: When it's the only auth method, avoid a pointless and
confusing signin form, and go right to the httpauthurl.
* rename: Allow rename to be started not from the edit page; return to
the renamed page in this case.
* remove: Support removing of pages in the transient underlay. (smcv)
* inline, trail: The pagenames parameter is now a list of absolute
pagenames, not relative wikilink type names. This is necessary to fix
a bug, and makes pagenames more consistent with the pagespec used
in the pages parameter. (smcv)
* link: Fix renaming wikilinks that contain embedded urls.
* graphviz: Handle self-links.
* trail: Improve CSS, also display trail links at bottom of page,
and a bug fix. (smcv)
Add dependency on p5-HTML-Tree, suggested by Matthias Rampke in PR pkg/45688.
* Disable mod_proxy_html explicitly.
Changes with Apache 2.4.2
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
*) mod_slotmem_shm: Honor DefaultRuntimeDir [Jim Jagielski]
*) mod_ssl: Fix crash with threaded MPMs due to race condition when
initializing EC temporary keys. [Stefan Fritsch]
*) mod_proxy: Add the forcerecovery balancer parameter that determines if
recovery for balancer workers is enforced. [Ruediger Pluem]
*) Fix MPM DSO load failure on AIX. [Jeff Trawick]
*) mod_proxy: Correctly set up reverse proxy worker. PR 52935.
[Petter Berntsen <petterb gmail.com>]
*) mod_sed: Don't define PATH_MAX to a potentially undefined value, causing
compile problems on GNU hurd. [Stefan Fritsch]
*) core: Add ap_runtime_dir_relative() and DefaultRuntimeDir.
[Jeff Trawick]
*) core: Fix breakage of Listen directives with MPMs that use a
per-directory config. PR 52904. [Stefan Fritsch]
*) core: Disallow directives in AllowOverrideList which are only allowed
in VirtualHost or server context. These are usually not prepared to be
called in .htaccess files. [Stefan Fritsch]
*) core: In AllowOverrideList, do not allow 'None' together with other
directives. PR 52823. [Stefan Fritsch]
*) mod_slotmem_shm: Support DEFAULT_REL_RUNTIMEDIR for file-based shm.
[Jim Jagielski]
*) core: Fix merging of AllowOverrideList and ContentDigest.
[Stefan Fritsch]
*) mod_request: Fix validation of the KeptBodySize argument so it
doesn't always throw a configuration error. PR 52981 [Eric Covener]
*) core: Add filesystem paths to access denied / access failed messages
AH00035 and AH00036. [Eric Covener]
*) mod_dumpio: Properly handle errors from subsequent input filters.
PR 52914. [Stefan Fritsch]
*) Unix MPMs: Fix small memory leak in parent process if connect()
failed when waking up children. [Joe Orton]
*) "DirectoryIndex disabled" now undoes DirectoryIndex settings in
the current configuration section, not just previous config sections.
PR 52845. [Eric Covener]
*) mod_xml2enc: Fix broken handling of EOS buckets which could lead to
response headers not being sent. PR 52766. [Stefan Fritsch]
*) mod_ssl: Properly free the GENERAL_NAMEs. PR 32652. [Kaspar Brand]
*) core: Check during config test that directories for the access
logs actually exist. PR 29941. [Stefan Fritsch]
*) mod_xml2enc, mod_proxy_html: Enable per-module loglevels.
[Stefan Fritsch]
*) mod_filter: Fix segfault with AddOutputFilterByType. PR 52755.
[Stefan Fritsch]
*) mod_session: Sessions are encoded as application/x-www-form-urlencoded
strings, however we do not handle the encoding of spaces properly.
Fixed. [Graham Leggett]
*) Configuration: Example in comment should use a path consistent
with the default configuration. PR 52715.
[Rich Bowen, Jens Schleusener, Rainer Jung]
*) Configuration: Switch documentation links from trunk to 2.4.
[Rainer Jung]
*) configure: Fix out of tree build using apr and apr-util in srclib.
[Rainer Jung]
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
* Support for time zones
* Support for in-browser testing frameworks
* Updated default project layout and manage.py
* Custom project and app templates
* Improved WSGI support
* Improved password hashing
* HTML5 doctype
* List filters in admin interface
* Multiple sort in admin interface
* New ModelAdmin methods
More...
