* remove unwanted CONFIGURE_ENV and CONFIGURE_ARGS items.
* add a trick to convert `-pthread' flags to apxs style.
* add user-destdir installation support
- Addresses SA http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
- Added LICENSE entry to pkgsrc
- Drop MAINTAINERship
- Changes since 5.5.28 below
Tomcat 5.5.33 (jim)
General
fix Fix permissions of version.sh in bin tarball. (rjung)
fix 45332, 45852, 50140: Backport numerous improvements to the Windows installer. Specify the correct encoding (the current Windows code page) rather than assuming UTF-8 when creating tomcat-users.xml - 45332, 45852. Update install/uninstall icons. Create an installation log. Allow 32-bit JVMs to be selected when installing on a 64-bit platform. Do not ignore install directory if it is specified with the command line switch on 64-bit platforms - 50140. Add support for the /? command line switch. Replace the .ini files with the script equivalents. Provide the ability to edit the roles for the added user. Clean up fully after installation. Add DetailPrint statements for operations that may take time. Improve the descriptions of the components. (kkolinko, mturk, markt)
add Add roles (admin-gui, admin-script, manager-gui, manager-script, manager-jmx, manager-status) to the Manager, Host Manager and Admin applications to allow more fine-grained control of permissions. The old roles are deprecated but will still work in the same way. (kkolinko)
Catalina
fix Improve HTTP specification compliance in support of Accept-Language header. (kkolinko)
fix 50620: Stop exceptions that occur during Session.endAccess() from preventing the normal completion of Request.recycle(). (markt/kkolinko)
Coyote
update Remove JSSE13Factory, JSSE13SocketFactory classes, as Tomcat 5.5 always runs on JRE 1.4 or later. (kkolinko)
fix 50325: When the JVM indicates support for RFC 5746, disable Tomcat's allowUnsafeLegacyRenegotiation configuration attribute and use the JVM configuration to control renegotiation. (markt/kkolinko)
Tomcat 5.5.32 (jim) released 2011-02-01
General
update Update to Commons Daemon 1.0.5. (mturk)
update Update to commons-pool 1.5.5. (markt)
fix Ensure POM files have correct line endings in source distributions. (rjung/markt)
Catalina
add 43960: Expose available property of StandardWrapper via JMX. (markt)
fix 50131: Avoid possible NPE in debug output in PersistentValve. Patch provided by sebb. (kkolinko)
fix 50413: Ensure 304s are not returned when using static files as error pages. (markt/kkolinko)
fix Avoid unnecessary cast in StandardContext. (markt)
fix 50460: Avoid a possible memory leak caused by using a cached exception instance. (kkolinko)
fix 50550: When a new directory is created (e.g. via WebDAV) ensure that a subsequent request for that directory does not result in a 404 response. (markt/kkolinko)
Coyote
fix 47913: Return the IP address rather than null for getRemoteHost() with the APR connector if the IP address does not resolve. (markt)
fix 49521: Disable scanning for a free port in Jk AJP/1.3 connector by default. Do not change maxPort field value of ChannelSocket in its setPort() and init() methods. Add support for maxPort attribute on a Connector element as a synonym for channelSocket.maxPort. (kkolinko)
Jasper
fix 49935: Handle compilation of recursive tag files. (markt)
Cluster
fix Improve sending an access message in DeltaManager. maxInactiveInterval of not Manager but the session is used. If maxInactiveInterval is negative, an access message is not sending. (kfujino)
fix 50547: Add time stamp for CHANGE_SESSION_ID message and SESSION_EXPIRED message. (kfujino)
Webapps
add 50294: Add more information to documentation regarding format of configuration files. Patch provided by Luke Meyer. (markt)
update Improve documentation of database connection factory. (rjung)
fix Improve filtering of Manager display output. (kkolinko)
update Configure the Admin, Manager and Host-Manager web applications to use HttpOnly flag for their session cookies. (kkolinko)
Tomcat 5.5.31 (jim) released 2010-09-16
General
fix Add svn:executable property to some script files and remove it from non-executable files. (rjung)
Catalina
fix 38113 Add system property (ALLOW_EMPTY_QUERY_STRING) to allow spec compliant handling of query string. (markt/kkolinko/jim)
fix Return a copy of the URL being used from the webapp class loader, not the original array. (kkolinko/markt)
fix 49749: Use HttpOnly flag of current context when genrating a Single-Sign-On cookie. (markt)
Coyote
fix 49718: Fix regression in previous fix for 46984 caused by the patch being applied to the wrong section of code. The regression caused HTTP 0.9 requests to fail. (markt)
Webapps
fix 49585: Update JSVC documentation to reflect new packaging of Commons Daemon. (markt)
fix 49774: Add support for SSL with either JSSE or APR baaed connectors to the admin app. (markt)
Cluster
fix Add Null check when CHANGE_SESSION_ID message received. (kfujino)
Tomcat 5.5.30 (jim) released 2010-07-09
General
update Update to Commons Daemon 1.0.2. Use service launcher (procrun) from the Commons Daemon release. Do not keep a copy of it in our source tree. (mturk/kkolinko)
update Update to NSIS 2.46. (kkolinko)
update Update to Apache Commons DBCP 1.3. (markt)
fix 48840: Swallow output (if any) from use of cd when determining $CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch provided by mdietze. (markt/kkolinko)
fix 49236: Do not use indexing when packing Tomcat JARs. (kkolinko)
fix 48990: Build windows distributions correctly on Linux and add support for the skip.installer property. (kkolinko)
Catalina
fix Fix CVE-2010-1157. Prevent possible disclosure of host name or IP address via the HTTP WWW-Authenticate header when using BASIC or DIGEST authentication. (markt)
fix 44041, 48694: Fix duplicate class definition under load. Avoid possible deadlock in class loading. (markt/kkolinko)
fix 47774: Ensure web application class loader is used when calling session listeners. (kfujino)
update 48179: Improve error handling when reading or writing TLD cache file ("tldCache.ser"). (kkolinko)
fix 49398: ByteChunk.indexOf(String, int, int, int) could not find a string of length 1. (kkolinko)
fix Ensure all required i18n messages are present for the APR/native Listener. (kkolinko)
fix Fix possible overflows when calculating session statistics. (kkolinko)
fix 49424: Avoid NPE if client provides no data with a chunked POST request. (markt)
fix Minor code cleanup in AccessLogValve and FastCommonAccessLogValve classes. (kkolinko)
Coyote
fix Arrange filter logic. (jfclere)
fix 48613: Only attempt APR/native connector initialization if the Listener element has been specified in server.xml. (fhanik/kkolinko)
fix 48843: Prevent possible deadlock and correct queue handling for worker allocation in APR connectors. (kkolinko)
fix Use chunked encoding for http 1.1 responses with no content-length (regardless of keep-alive) so client can differentiate between complete and partial responses. (markt)
Jasper
fix 42390, 48616: Fix compilation error with some nested tag files and simple tags. Do not declare or synchronize scripting variables for JSP fragments since they are scriptless. (kkolinko)
fix 47878: Return “404”s rather than a permanent “500” if a JSP is deleted. Make sure first response after deletion is correct. (markt/kkolinko)
fix 48701: Add a system property to allow disabling enforcement of JSP.5.3. The specification recommends, but does not require, this enforcement. (kkolinko)
fix 48580: Prevent AccessControlException when running under a security manager if the first access is to a JSP that uses a FunctionMapper. (markt/kknko)
fix 49196: Avoid NullPointerException in PageContext.getErrorData() if an error-handling JSP page is called directly. (kkolinko)
Cluster
fix 48717: When a node joins a cluster and it receives all the current sessions, ensure the sessionCreated event is fired if the Manager is configured to replicate session events. (markt)
fix 49170: Do not send duplicated session. (kfujino)
fix 49445: When session ID is changed after authentication, ensure the DeltaManager replicates the change in ID to the other nodes in the cluster. (kfujino)
Webapps
add Backport documentation stylesheet improvements from Tomcat 6: use CSS styles to provide printer-friendly layout, support generation of TOC tables, support links revision numbers, use underscores instead of spaces in anchor names. (kkolinko)
Tomcat 5.5.29 (fhanik) released 2010-04-20
General
add 37847: Make location and filename of catalina.out configurable in catalina.sh. (fhanik/kkolinko)
fix 47609: Provide fail-safe EOL conversion for build process. (sebb/markt/kkolinko)
fix 47689: Enable the test Ant target to work. (markt)
fix 47712: Loading tcnative was broken in 5.5.28. (rjung)
fix Correct CVE-2009-3548. When installed via the Windows installer and using defaults, don't create an administrative user with a blank password. Additionally, the administrative user is only created if the manager or host-manager web applications are selected for installation. (markt/kkolinko)
update Deprecate the jni Buffer and Thread classes. (rjung)
update Include 32-bit and 64-bit versions of Tomcat Native DLLs into the Windows installer, instead of downloading them from a web site during install, and allow it to automatically select the correct one for the current platform. (kkolinko/mturk)
update Update Windows installer to use NSIS 2.45. (kkolinko)
update Update to commons-pool 1.5.4. This fixes regressions in 1.5.2. (markt)
fix Align server.xml installed by the Windows installer with the one bundled in zip/tar.gz archives. (kkolinko)
fix Encode all property files using ascii escaped UTF-8. (rjung)
fix Correct MD5 generation in the build process. (kkolinko)
Catalina
fix 37848: Re-fix. Don't display info output when there is no terminal. (markt)
fix 39231: Call LoginModule.logout() when using JAASRealm. (markt/kkolinko)
fix 39844: Fix NPE when performing a non-HTTP forward. (billbarker)
fix 41059: Reduce the chances of errors when using ENABLE_CLEAR_REFERENCES. Patch by Curt Arnold. (markt)
add 45255: Add the ability to change session ID on authentication to protect against session fixation attacks. This is disabled by default. (markt/kkolinko)
fix 46967: Better handling of errors when trying to use Manager.randomFile. Based on a patch by Kirk Wolf. (kkolinko)
fix 47518: Correct reference in Valve Javadoc that referred to an old method. Patch provided by Christopher Schultz. (markt)
fix 47537: Return an error page rather than a zero length 200 response if the forward to the login or error page fails during FORM authentication. (markt)
fix 47718: Fix file descriptor leak on context stop/reload. Patch provided by George Sexton. (markt)
fix 47826: Correct error in debug message in org.apache.catalina.Bootstrap (markt)
fix 47963: Ensure that any HTTP status messages are compliant with RFC2616. (markt/kkolinko)
fix 47997: Enable the NamingResourcesMBean to work with non-Server (i.e. Context) containers. Patch provided by Michael Allman. (markt)
fix 48004: Allow applications to set the Server header. (markt)
fix 48007: Improve exception processing in CustomObjectInputStream. (kkolinko)
fix 48049: Fix copy and paste error so NamingContext.destroySubContext() works correctly. Patch provided by gingyang.xu (markt)
update 48097: Make WebappClassLoader to do not swallow AccessControlException. (kkolinko)
fix 48097: Avoid throwing an AccessControlException which can lead to a NoClassDefFoundError on first access of first jsp. (kkolinko/markt)
fix 48322: Single quote characters are not HTTP separators and should not be treated as such in the cookie handling. (markt)
add Provide an option to allow the use of equals characters in cookie values. (markt)
fix 48516: Prevent NPE in JNDIRealm if requested user does not exist. Patch provided by Kevin Conaway. (markt)
fix 48577: Filter URL when displaying missing included page. (markt)
fix 48760: Remove race condition that can result in multiple threads trying to use the same InputStream. (markt)
fix Add an additional permission required by JULI when running under newer JDKs and a security manager. (markt)
fix Close resource stream in WebappClassLoader after read error. (pero)
fix Do not swallow exceptions in ApplicationContextFacade.doPrivileged() (kkolinko)
fix Various related (un)deploy improvements including: better handling of failed (un)deployment; adding checking for invalid zip file entries that don't make sense in a WAR file; and improved validation of WAR file names. These changes address CVE-2009-2693, CVE-2009-2901 and CVE-2009-2902.
Coyote
fix 43327: Allow APR/native connector to work correctly on systems when IPv6 is enabled. (markt)
fix 46950: Support SSL renegotiation with APR/native connector. Note that this requires APR/native 1.1.17 or later. (markt)
fix 47225: Fix error in calculation of a buffer length in the mapper. (markt)
fix 47744: Prevent a medium term memory leak if using SSl with the JSSE provider and also using a security manager. Based on a patch by Greg Vanore. (markt)
fix 47987: Limit size of not found resources cache. (markt)
fix 48109: Ensure InputStream is closed in WebappClassLoader on error conditions. (markt)
fix 48311: APR should not be initialised if the APR life-cycle listener is not enabled. (markt)
fix 48581: Avoid security exception on first access. (markt)
fix 48584: Prevent the APR connector logging an error if the acceptor fails during shutdown since this is expected. (mturk)
fix CVE-2009-3555. Provide option to disable legacy SSL renegotiation. (markt/costin)
fix Fix Windows installer to bundle an up-to-date version of native/APR with it. When asked to install TC-Native it was downloading some very old (1.1.4) version of it from the HEAnet site. (kkolinko)
update Update the native/APR library version bundled with Tomcat to 1.1.20. (kkolinko)
update Update recommended version for native to 1.1.19. (rjung)
fix Remove unneeded line from the method that normalizes decodedURI. (kkolinko)
Jasper
fix 38797: Fix regression in previous fix for this bug. (markt)
fix 41661: Fix thread safety issue in JspConfig.init() (markt)
fix 41824: Need to use canonical rather than binary form when writing code. (markt)
fix 46907: Don't swallow input stream when debug logging is enabled. (markt)
fix 48582: Avoid NPE on background compile. (markt)
Cluster
fix DeltaManager needs to replicate changed attributes even if session gets invalidated. Otherwise session listeners will not see the right data on the secondary nodes. (rjung)
fix Remove unnecessary Java5 dependencies. (markt)
fix 46384: Correct synchronisation issue that could lead to a cluster member disappering permanently. (markt)
fix 47554: Include httpOnly attribute when re-writing session cookie after fail over. (markt)
Webapps
fix 41564: Add some information on installing Tomcat as a service on operating systems with User Account Control, e.g. Vista. (markt)
fix 47656: Add information to documentation on system property replacement in configuration files. (markt)
fix 47769: Clarify the JNDI docs with repect to use of <resource-ref> and related elements, specifically when they are required and when they may be omitted. (markt)
fix 48381: Add information on how Tomcat treats host names to the host configuration documentation. (markt)
add 48530: Add information on the Manager Server Status page to the Manager How-To in the documentation webapp. Based on a patch by Arnaud Espy. (markt)
add 48532: Add information to the BIO/NIO SSL configuration page in the documentation web application to specify how the defaults for the various trust store attributes are determined. (markt)
fix 48686: Fix deleting a host via the Administration web application rather than failign with a HTTP 500 response. (markt)
add Make changelog.xml be directly rendered as HTML by certain browsers. (kkolinko)
Tomcat 5.5.28 (fhanik) released 2009-09-04
General
fix 39194: Make the setting of the classpath consistent for the .sh and .bat startup scripts. (markt/kkolinko)
fix 45880: Include NOTICE file in Windows installer and make sure src files are excluded. (markt)
update Update to NSIS 2.44 (kkolinko)
update Build scripts: Use different values for ${tomcat-dbcp.home} and ${jasper-compiler-jdt.home} in tomcat-deps. Fix download task checks for commons-pool and commons-dbcp. (kkolinko)
add Add the 64-bit windows service binaries to the distribution and get the Windows installer to automatically select the correct one for the current platform. (markt/kkolinko)
update Update to commons-pool 1.5.2. This includes various fixes to prevent deadlocks, reduce syncs and make object allocation occur fairly - i.e. objects are allocated to threads in the order that the threads request them. This fixes a number of issues with the version of DBCP embedded within Tomcat. (markt)
update Update Tomcat Windows service application (procrun) to version 2.0.5. It contains a fix for issue 41538 (mturk)
fix 47149: Explicitly specify encoding when performing filtering during copy, fixcrlf or replace operations in build scripts. Don't add blank lines to files when fixing line endings. Explicitly specify encoding when compiling. (kkolinko)
fix 47464: Some class files were accidentally included into the source distributions of TC 5.5.27. (kkolinko)
docs Document that building Tomcat requires Ant 1.6.2 or later. (kkolinko)
Catalina
fix 37458: Fix sync error that may lead to NPE in rare circumstances. Patch by Konstantin Kolinko. (markt)
fix 37498: Fall back to container log if application log is unavailable during context destruction. (markt)
fix 37794: Handle POSTed parameters when sent with chunked encoding. (markt)
fix 37984: Strip {MD5} as well as {SHA} if present in digest passwords in LDAP directories. (markt)
fix 38553: A lack of certificates is normal if a user doesn't have a certificate. Return a 401 rather than a 400 in this case. (markt)
fix 38570: When checking docBase against appBase, make sure we check for an exact match against the appBase. (markt)
fix 39013: When testing for an invalid docBase, use an exact match for the appBase. (markt)
fix 39396: Only include TRACE in an OPTIONS response if we know it has been enabled. (markt)
fix Remove wrong "No role found" realm debug log message, even if a role was found. (rjung)
fix 39997: Add the SSLRandomSeed option to the AprLifecycleListener to enable faster starts on development systems. (markt)
fix 40380: Fix potential synchronization issue in StandardSession.expire(). (markt)
fix 41407: JAAS Realm now works with CLIENT-CERT authentication. (markt)
add 42419: Add a system property that enables the name of the session cookie and session path parameter to be configured. (markt)
fix 42579: Support both relative and absolute search results in the JNDI Realm implementation. Patch provided by Brandon DuRette. (markt)
fix 42707: Make adding a host alias via JMX take effect immediately. (markt)
fix 43343: Correctly handle requesting a session we are in the middle of persisting. Based on a suggestion by Wade Chandler. (markt/kkolinko)
add 44382: Add support for using httpOnly for session cookies. This is disabled by default. (markt/fhanik)
fix 45576: JAAS Realm now works with DIGEST authentication. (markt)
fix 45628: JARs that do not declare any dependencies should always be considered as fulfilled. (markt)
fix 45933: Don't use a web application provided parser to process TLD files. (markt)
fix 45996: Add Accept-Ranges header to responses from the DefaultServlet with an option to disable it. (markt)
fix 46105: Correctly set URI encoding when replaying a request after FORM authentication. (markt)
fix 46408: Correct possible invalid case in SecurityUtil. (markt)
fix 46552: Return a 400 response rather than a 200 response if the request headers are too large. (markt)
fix 46597: Port all cookie handling changes from Tomcat 6.0.x. (markt)
fix 46606: Make max depth limit for WebDAV servlet configurable. (markt)
fix 46717: Fix hard to reproduce thread safety issue with session expiration. (markt)
fix 46982: Fix DST problem with AccessLogValve. (markt)
fix Improve handling of situation where web application tries to configure logging at the context level but the security policy prevents this. (markt/rjung)
fix Fix an information disclosure vulnerability in a number of the Realms that allowed user enumeration when using FORM authentication. This is CVE-2009-0580. (markt)
fix Fix various WebDAV compliance issues identified by the Litmus test suite. (markt)
fix Use a better default (webapps) for a Host's appBase. (idarwin/markt)
fix 44943: Reduce copy/paste issues caused by different engine names in server.xml. (markt, kkolinko)
fix Remove obsolete classpath entry for commons-logging from start script. It is already present in the classpath set by the manifest in bootstrap.jar. (rjung)
fix 38483: Thread safety issues in AccessLogValve classes. (kkolinko)
add Allow log file encoding to be configured for JULI FileHandler. (kkolinko)
Jasper
fix 36923: Parse deactivated EL expressions correctly. (markt)
fix 37084: Fix JspC compilation with Ant when compiling JSPs that use a custom taglib. (markt/kkolinko)
fix 37515: Add options for Java 1.6 and 1.7 to the JDT compiler. (markt)
fix 38197: Fix tag pooling when tags are used with jsp:attribute. (markt)
fix 38352: Make the directory defined by javax.servlet.context.tempdir readable for JSPs when running under a security manager as required by the specification. (markt)
fix 38797: Revert previous fix for 37933 and implement a new fix that does not have the side effects described in 38797.
fix 38897: Add uri of broken TLD to error message to aid debugging. (markt)
fix 41606: Fix double initialisation of JSPs. Patch provided by Chris Halstead. (markt)
fix 45666: Fix infinite loop on include. Patch provided by Tom Wadzinski. (markt)
fix 46354: Fix ArrayIndexOutOfBoundsException when using org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true. Patch provided by Konstantin Kolinko. (markt)
fix 46909: Only include semi-colon in type attribute for <jsp:plugin> when it is required. (markt)
Cluster
fix Fix minor memory leak found by find bugs. (markt, rjung)
fix 40551: Enable the JvmRouteBinderValve to work with PersistentManagers as well as clustering. Patch by Chris Chandler. (markt)
fix 46357: Corrected test for host's parent must be an engine. (markt, rjung)
update 45317: Properly log the value of the state transfer timeout flag. (fhanik, rjung)
fix 45279: Properly close multicast socket. (fhanik, rjung)
fix 45447: Add Spanish resource files. Patch provided by Jesus Marin. (markt, rjung)
fix 46990: Fix synchronization issues in cluster membership reported by FindBugs. Patch provided by Sebb. (markt, rjung)
fix 47389: DeltaManager doesn't do session replication if notifySessionListenersOnReplication=false. Patch by Keiichi Fujino. (fhanik, rjung)
fix Separate statistics counter lock in FastAsyncSocketSender from inherited DataSender lock to reduce blocking during failed node detection. (rjung)
fix Handle situation session ID rewriting on fail-over with parallel requests from the same client. (pero)
fix 43641: Use of bind attribute for membership element breaks multicast. (rjung)
Webapps
fix Fix CVE-2009-0781. XSS in calendar example. (markt)
fix 36574: Fix broken PDFs. (markt)
fix 39603: Admin app only showed ROOT web application when clustering was enabled. (markt)
fix 47032: Fix /status/all in Manager webapp when using the PersistentManager. (markt)
fix 47235: Remove use of autoReconnect from MySQL examples. (mark)
fix 46509: Use correct link on error page in JSP security example. Patch provided by Michael Moody. (markt)
fix 46562: Close file when reading has finished when using SSI. (markt)
Coyote
fix 37869: Correctly extract client certificates, including the full certificate chain when using the APR/native HTTP connector. (markt)
fix 39637: Correctly extract client certificates, including the full certificate chain when using the AJP connectors. Patch by Patrik Schnellmann. (markt)
update Set remote port for AJP connectors from the optional request attribute AJP_REMOTE_PORT. (rjung)
fix 45026: Never return an empty HTTP status reason phrase. mod_jk and httpd 2.x do not like that. (rjung)
fix 45528: An invalid SSL configuration could cause an infinite logging loop on startup. (markt)
fix 46984: Reject requests with invalid HTTP methods with a 400 rather than a 501. (markt)
update Update the APR/native connector to 1.1.16. (markt, kkolinko)
fix Correct potential DOS issue in Java AJP connector when processing invalid request headers. This is CVE-2009-0033. (markt)
fix Make DateTool thread safe. (fhanik)
* Correction of bugs
Changes 3.2.8:
* Correction of bugs on compilation
Changes 3.2.7:
* Correction of bugs on compilation
Changes 3.2.6:
* Correction of bugs, see changelog file
Changes 3.2.5:
* Add the XHTML support from David Roberts work
Trac 0.12.2 (January 31, 2011)
http://svn.edgewall.org/repos/trac/tags/trac-0.12.2
This list contains only a few highlights:
- install: improved robustness of Trac installation if Babel is
installed after the fact (#9439, #9595, #9961)
- notifications: support for Asian character width (#4717)
- roadmap: fix display of progress bar in some corner cases (#9718)
and respect the overall_completion milestone group setting (#9721)
- reports: reports and queries look much better, as the columns now
keep the same width across groups; the absence of word wrapping in
reports has been fixed (#9825)
- web admin: improved layout (#8866, #9963)
- web: it's now possible to log in different Trac instances sharing
the same URL prefix (e.g. /project and /project-test) (#9951)
Trac 0.12.1 (October 9, 2010)
http://svn.edgewall.org/repos/trac/tags/trac-0.12.1
This list contains only a few highlights:
- db: improve concurrency behavior (#9111)
- fcgi: add an environment variable `TRAC_USE_FLUP` to control the usage of flup vs. bundled _fcgi.py (defaults to 0, i.e. use bundled as before)
- svn authz: improve compatibility with svn 1.5 format (#8289)
- milestone: allow to set the time for the due date (#6369, #9582)
- ticket: fixes for the CC: property (#8597, #9522)
- notification: improved the formatting of ticket fields in notification e-mails (#9484, #9494)
- i18n: added a configuration option to set the default language (#8117)
- several fixes for upgrade (#9400, #9416, #9483, #9556)
These comments are based on private mail with obache@, but errors are
my fault. They are intended to be useful primarily to package
maintainers, but also to people administering trac via pkgsrc.
This release includes the following changes:
o CURLINFO_FTP_ENTRY_PATH now supports SFTP
o introduced new framework for unit-testing
o IDN: use win32 API if told to
o ares: ask for both IPv4 and IPv6 addresses
o HTTP: do Negotiate authentication using SSPI on windows
o Windows build: alternative makefile
o TLS-SRP: support added when using GnuTLS
This release includes the following bugfixes:
o SMTP: add brackets for MAIL FROM
o ossl_seed: no more RAND_screen (on Windows)
o multi: connect fail => use next IP address
o use the timeout when using multiple IP addresses similar to how
the easy interface does it
o cookies: tricked dotcounter fixed
o pubkey_show: allocate buffer to fit any-size result
o Curl_nss_connect: avoid PATH_MAX
o Curl_do: avoid using stale conn pointer
o tftpd test server: avoid buffer overflow report from glibc
o nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
o nss: fix a bug in handling of CURLOPT_CAPATH
o CMake: Use upstream CheckTypeSize module
o OpenSSL get_cert_chain: support larger data sets
o SCP/SFTP transfers: acknowledge speedcheck
o GnuTLS builds: fix memory leak
o connect problem: use UDP correctly
o Borland C++ makefile tweaks
o OpenSSL: improved error message on SSL_CTX_new failures
o HTTP: memory leak on multiple Location:
o ares_query_completed_cb: don't touch invalid data
o ares: memory leak fix
o mk-ca-bundle: use new cacert url
o Curl_gmtime: added a portable gmtime and check for NULL
o curl.1: typo in -v description
o CURLOPT_SOCKOPTFUNCTION: return proper error code
o --keepalive-time: warn if not supported properly
o file: add support for CURLOPT_TIMECONDITION
o nss: avoid memory leaks and failure of NSS shutdown
o multi: fix CURLM_STATE_TOOFAST for multi_socket
2.9.4 (2011-03-08)
* Added: pass the number of comments to the template (#2753)
* Added: added methods to the Template class to read and write the template
name (#2694)
* Added: add support for __isset() to module, element and template classes
(#2897)
* Added: added a "compileDefinition" and a "createDefinition" hook (#2883)
* Fixed: wrong sorting values when copying multiple elements (#2433)
* Fixed: correct invalid XHTML in the extension catalog (#2651)
* Fixed: textual publication dates in RSS feeds were not translated (#2760)
* Fixed: the description of the newsletter offset was wrong (#2824)
* Fixed: remove insert tags in page names from title attributes (#2853)
* Fixed: do not generate RSS feeds of protected archives/calendars (#2699)
* Fixed: the CSS classes of image galleries with pagination were not set
correctly (#2803)
* Fixed: remove shy-entities from the page title tag (#2709)
* Fixed: assign unique IDs to search box elements in case multiple boxes are
used (#2829)
* Fixed: adjust the file paths in style sheets and modules during theme import
(#2882)
* Fixed: support PNGs and JPGs in the toggleVisibility() function (#2854)
* Fixed: the style sheet importer still did not support some CSS3 selectors
(#2781)
* Fixed: check the target page and article status in the article teaser
element (#2714)
* Fixed: do not send lost password mails if an account is not active (#2685)
* Fixed: the wizard labels can conflict with the field labels (#2860)
* Fixed: allow multiple editArea instances on one page in "edit all" mode
(#2783)
* Fixed some minor issues
MFSA 2011-10 CSRF risk with plugins and 307 redirects
MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
MFSA 2011-07 Memory corruption during text run construction (Windows)
MFSA 2011-06 Use-after-free error using Web Workers
MFSA 2011-05 Buffer overflow in JavaScript atom map
MFSA 2011-04 Buffer overflow in JavaScript upvarMap
MFSA 2011-03 Use-after-free error in JSON.stringify
MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
Trac-0.12.2.ja1 (Mar 4, 2011)
* Merge Trac-0.12.2.
* Translate default Wiki pages into Japanese.
- trac/wiki/default-pages/*
* Translate document for trac.ini options into Japanese.
- trac/ticket/api.py
- trac/ticket/notification.py
- trac/search/web_ui.py
Trac 0.12.2 (January 31, 2011)
http://svn.edgewall.org/repos/trac/tags/trac-0.12.2
This list contains only a few highlights:
- install: improved robustness of Trac installation if Babel is
installed after the fact (#9439, #9595, #9961)
- notifications: support for Asian character width (#4717)
- roadmap: fix display of progress bar in some corner cases (#9718)
and respect the overall_completion milestone group setting (#9721)
- reports: reports and queries look much better, as the columns now
keep the same width across groups; the absence of word wrapping in
reports has been fixed (#9825)
- web admin: improved layout (#8866, #9963)
- web: it's now possible to log in different Trac instances sharing
the same URL prefix (e.g. /project and /project-test) (#9951)
and could cause problems when building as non-root, from John Marino
-put the build of demo programs (which was optionally, not switched
on per default) into its own pkg, to avoid builds in the "install"
phase and conditional PLIST entries
-misc cleanup, fix a DESTDIR glitch
* Bug 3149: not caching eCAP adapted body
* Bug 3144: redirector program blocks while reading STDIN
* Bug 3140: memory leak in error page generation
* Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
* Bug 3115: logging segfaults if access_log is set to a directory
* Bug 2968: Show the Vary: headers information in cachemgr objects report
* Bug 2959: remove SAMBAPREFIX dependency
* Bug 2868: icc doesn't like string literal in assert checks
* HTTP/1.1: Send 307 status on deny_info redirection
* HTTP/1.1: Support POST/PUT with no body
* HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
* Support RFC 5861 Cache-Control: stale-if-error option
* Add ftp_eprt directive to disable EPRT extensions in FTP
* Fix external_acl_type grace=0 to obey TTL
* Fix IP/FQDN cache accounting to avoid idle caches on busy servers
* Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
* ... and some documentation updates and corrections
* ... and some portability and stability fixes
Back in the early days of the web there was this wonderful Perl
library called CGI, many people only learned Perl because of it.
It was simple enough to get started without knowing much about the
language and powerful enough to keep you going, learning by doing
was much fun. While most of the techniques used are outdated now,
the idea behind it is not. Mojolicious is a new attempt at implementing
this idea using state of the art technology. Features:
* An amazing MVC web framework supporting a simplified single
file mode through Mojolicious::Lite. Powerful out of the box
with RESTful routes, plugins, Perl-ish templates, session
management, signed cookies, testing framework, static file
server, I18N, first class unicode support and much more for
you to discover.
* Very clean, portable and Object Oriented pure Perl API without
any hidden magic and no requirements besides Perl 5.8.7.
* Full stack HTTP 1.1 and WebSocket client/server implementation
with IPv6, TLS, Bonjour, IDNA, Comet (long polling), chunking
and multipart support.
* Builtin async IO web server supporting epoll, kqueue, UNIX
domain sockets and hot deployment, perfect for embedding.
* Automatic CGI, FastCGI and PSGI detection.
* JSON and XML/HTML5 parser with CSS3 selector support.
* Fresh code based upon years of experience developing Catalyst.
Changes:
* Internal Linking - click a button for an internal link and it allows
you to search for a post or browse a list of existing content and select it
for inclusion.
* Admin Bar - contains various links to useful admin screens. By default,
the admin bar is displayed when a user is logged in and visiting the site
and is not displayed in admin screens for single blog installs. For multisite
installs, the admin bar is displayed both when visiting the site and in the
admin screens.
* Streamlined Writing Interface - new users of WordPress will find the write
screen much less cluttered than before, as more of the options are hidden by
default. You can click on Screen Options in the top right to bring them back.
* Post Formats - meta information that can be used by themes to customize
presentation of a post. Read more in the article Post Formats.
* Network Admin - move Super Admin menus and related pages out of the regular
admin and into a new Network Admin screen.
* List-type Admin Screens - sortable columns for list-type screens and better
pagination.
* Exporter/Importer Overhaul - many under the hood changes including adding
author information, better handling for taxonomies and terms, and proper
support for navigation menus.
* Custom Content Type Improvements - allows developers to generate archive
pages, and have better menu and capability controls.
* Advanced Queries - allows developers to query multiple taxonomies and custom
fields.
* Refreshed Blue Admin Color Scheme - puts the focus more squarely on your
content.
More changes at http://codex.wordpress.org/Version_3.1
* editpage: Avoid inheriting internal page types.
* htmltidy: Avoid breaking the sidebar when websetup is running.
* transient: New utility plugin that allows transient pages to
be stored in .ikiwiki/transient/ (smcv)
* aggregate: Aggregated content is stored in the transient underlay.
(Existing aggregated content is not moved, since it will eventually
expire and be removed) (smcv)
* autoindex, tag: Added autoindex_commit and tag_autocreate_commit that
can be unset to make index files and tags respectively not be committed,
and instead be stored in the transient underlay.
Closes: #544322 (smcv)
* autoindex: Adapted to use add_autofile. Slight behavior changes
in edge cases that are probably really bug fixes. (smcv)
* recentchanges: Use transient underlay (smcv)
* map: Avoid unnecessary ul's in maps with nested directories.
(Giuseppe Bilotta)
* Fix broken baseurl in cgi mode when usedirs is disabled. Bug introduced
in 3.20101231.
* inline: Fix link to nested inlined pages's feeds. (Giuseppe Bilotta)
* inline: Add 'id' parameter that can be used when styling individual
feedlinks and postforms. (Giuseppe Bilotta)
2011-02-26 Ernesto Baschny <ernesto.baschny@typo3.org>
* Release of TYPO3 4.5.2
2011-02-25 Steffen Kamper <steffen@typo3.org>
* Fixed bug #17772: Repository update deletes description of repository
* Fixed bug #17769: Em use wrong property for db updates
* Removed double applied patch in tx_em_tools
2011-02-25 Ernesto Baschny <ernst@cron-it.de>
* Merged Linkvalidator 1.0.2 to be included in 4.5.2 (Thanks to Michael Miousse and Christopher Stelmaszyk)
* Fixed bug #17728: PHP warning in page module (e.g. in TemplaVoila) with active open_basedir
* Fixed bug #17732: Install Tool doing Fatal error when APC PHP module is loaded (no session is stored)
2011-02-25 Stefan Galinski <stefan.galinski@gmail.com>
* Fixed bug #17431: "Show Page" in contextmenu results in new browser window (Thanks to Simon Schaufelberger)
2011-02-24 Steffen Kamper <steffen@typo3.org>
* Fixed bug #16788: Flexform inputfields remain empty (Thanks to Andreas Kiessling)
* Fixed bug #17735: Class 'tx_em_XmlException' not found when Retrieve / Update
* Fixed bug #17692: Updating translations does not work anymore
* Fixed bug #17758: EM: After update repository the info labels are not updated
* Fixed bug #13309 Text on "Settings" tab needs more space
* Fixed bug #13310: PHP Warning "array_merge(): Argument #2 is not an array" in class.tx_em_settings.php
* Fixed bug EM rev 4188: Reimplemented removed function in em_tools and deprecate it
* Renewed fix#17701: Generated t3x are corrupted in 4.5.1-dev and trunk
Feb 20, 2011 (1.7.2)
------------
Note: This will be the last Geeklog version to work on PHP 4. We will provide
security fixes for this version until 2012. Future versions of Geeklog will
require PHP 5.2.0 or later. For details, please see
http://www.geeklog.net/article.php/end-of-php4-support
- PostgreSQL fixes:
* It wasn't possible for several Geeklog instances to share a Postgres
database (bug #0001251) [Rouslan]
* Fixed dbSave [Dirk]
* Fixed error reporting [Dirk]
* Fixed compatibility with PHP 4 [Dirk]
- Fixed replacing the [imageX] tags when changing a story's id (bug #0001256)
[Dirk]
- Fixed Static Pages plugin to work with PHP 4 (bug #0001239) [Tom]
* Fixed a serious security issue in PlaceholderAdmin
* Fixed bug with submenus showing pages that are not 'in_navigation'
* Fixed PlaceholderField not respecting limits in CMS_PLACEHOLDER_CONF
* Fixed the double-monkeypatch check for url reversing
in the app folder itself.
<application1>/media/<application1>/js/script.js
<application2>/media/<application2>/js/script.js
<project>/media/logo.jpg
To use this view in development you should add something like the following to
urls.py:
if settings.DEBUG:
urlpatterns += (r'^media/(?P<path>.*)$', 'site.media.serve_apps',
{'document_root' : settings.MEDIA_ROOT})
For deployment there is a managament command called `symlinkmedia` that will
create symlinks to each applications media directory in `MEDIA_ROOT`.
Now all apps in INSTALLED_APPS that have a "media" directory in them will be
reachable as '/media/<application_name>/'.
You can then have the admin media files served by setting
ADMIN_MEDIA_PREFIX = '/media/admin/'
* Fixed issues with the CSRF fix from 2.1.1.
* Updated translation files from transifex.
Changes 2.1.1:
* Fixed CMS AJAX requests not being CSRF protected, thus not working in
Django 1.2.5
* Fixed toolbar CSS issues in Chrome/Firefox
changes:
-fix some security problems (CVE-2010-4492, CVE-2010-4493, CVE-2011-0482,
CVE-2010-4199, CVE-2010-4578)
-fix some crashes (which were partly patched in pkgsrc before)
* Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role.
* Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role.
* Fix potential information disclosure of posts through the media uploader. Affects users of the Author role.
* Enhancement: Force HTML filtering on comment text in the admin
* Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid.
* Update the license to GPLv2 (or later) and update copyright information for the KSES library.
* More strict dependency reflect gemspec's description.
*Rails 3.0.3 (November 16, 2010)*
* When ActiveRecord::Base objects are sent to predicate methods, the id of
the object should be sent to ARel, not the ActiveRecord::Base object.
* :constraints routing should only do sanity checks against regular
expressions. String arguments are OK.
*Rails 3.0.2 (November 15, 2010)*
* The helper number_to_currency accepts a new :negative_format option to be
able to configure how to render negative amounts. [Don Wilson]
