Upstream changes:
0.28 Tue Mar 22 2011
If LWP is producing errors, *report them* (Ricardo SIGNES)
0.27 Thu Mar 10 2011
Correct path to Pastie (Sebastian Paaske Tørholm )
Throw an error if you specify -p and files (Shawn M Moore)
Remove Mathbin; doy moved it to a separate dist (Shawn M Moore)
0.26 Wed Feb 23 2011
Add --open (-o) for opening the nopaste in your browser (Thomas Sibley)
0.25 Mon Jan 3 2011
Add support for $GITHUB_USER/$GITHUB_TOKEN to Gist service (Maximilian Gass)
0.24 Tue Dec 21 2010
Gist requires https (Ricardo SIGNES)
0.23 Fri Nov 26 2010
Preserve the source file's extension for ssh (Thomas Sibley)
Use Config::GitLike instead of Config::INI::Reader (Thomas Sibley)
Doc fixes (Thomas Sibley, Justin Hunter)
Code style fixes (Shawn M Moore)
Remove Rafb (Justin Hunter)
Remove Husk (Shawn M Moore)
From Peter Avalos in PR pkg/44762
pkgsrc changes:
- pkglint cleanups
- set LICENSE
- Add MESSAGE to mention the change in configuration file format.
Upstream changes:
suPHP 0.7.1 has been released.
This release fixes a bug causing problems with symbol links in the script path,
which was introduced with the 0.7.0 release.
suPHP 0.7.0 has been released.
With this release, several features that have been on the wish list for a long
time, have been realized:
* The module for Apache 1.3 only supported AddHandler for older releases.
This has been fixed: Now you can use AddType, too.
* PHP source highlighting: Files of MIME type application/x-httpd-php-source
will now be shown with source highlighting. Remember to set the suPHP_PHPPath
directive to enable this feature.
* suPHP_AddHandler and suPHP_RemoveHandler directives can now be used on per
vhost level, too.
* You can configure more than one docroot and use different variables (like
user name or home directory) within docroot and chroot settings.
Attention: The configuration syntax for suphp.conf has slightly changed with
this release. Be sure to read the documentation before upgrading, because
existing configuration files will not work without changing them.
This maintenance and security release fixes almost thirty issues in 3.1,
including:
* Some security hardening to media uploads
* Performance improvements
* Fixes for IIS6 support
* Fixes for taxonomy and PATHINFO (/index.php/) permalinks
* Fixes for various query and taxonomy edge cases that caused some plugin
compatibility issues
Version 3.1.1 also addresses three security issues discovered by
WordPress core developers Jon Cave and Peter Westwood, of wordpress's security
team. The first hardens CSRF prevention in the media uploader. The
second avoids a PHP crash in certain environments when handling
devilishly devised links in comments, and the third addresses an XSS
flaw.
* new option --touch-reload <file> to reload the stack on <file> modification
* --static-map <mountpoint=documentroot> allows to serve static files
* fixed --post-limit management
* disallow empty socket names
* implemented exception_info WSGI support
* new options --reload-on-as <n> and --reload-on-rss <n> allows
to recycle workers when their memory usage is higher than <n> MB
* fixed syslog support (use --log-syslog[=facility] to enable it)
* improved plugin loading system
* added support for RabbitMQ as event dispatcher for the Emperor
* fixed FreeBSD memory report
* PSGI plugin can be compiled without ithreads
* various Emperor fixes
* fixed a regression with setgroups()
* support for shared sockets (used in jails within network namespaces)
November 26, 2006 -0.77.3
Fixed bugs:
1) A=0.65 now converts properly to $A=0.65;
2) Raised the length of parameters on function calls
Also changed
1) Request.ServerVariables("URL") to convert to $_SERVER["PHP_SELF"]
Not really a bug, but an issue when moving servers.
May 16, 2006 - 0.77.1
Matt Brown made the following additions/changes:
1) fixes key bugs in dictionary object support
2) fixes bug in filesystemobject.GetBaseName
3) fixes a couple of semi-colon generation issues
4) adds some support for filesystemobject.Attributes
5) an equal sign in an expression now gets recognized as a comparison
operator
Michael Kohn made the following changes:
1) fixed FormatCurrency so it adds a dollar sign infront of the number
May 14, 2006 - 0.77.0
Matt Brown made the following additions/changes:
1) support for server.execute
2) support for querystring("a").count and form("a").count
3) changed semantics of -phpx options. These now specify the target version.
Added -php5. Added -chgext option to include php version in the extensions
of the output files.
4) support for class constructors with -php4 and -php5.
5) support for class destructors, public and private with -php5.
6) fixed a few more bugs with single line if/then
7) added #define's for all token types and database types -- just for
readability.
8) changed gettoken so that it only returns single quote tokens when
processing jscript.
9) fixed response.expires
10) support for response.cachecontrol
11) improved "<" detection in parse_for_script
12) rudimentary support for virtual includes: a new -v option can be used to
specify a base path for virtual includes.
13) support for ByVal and ByRef
14) support for "is" in conditionals
15) support for vbSunday, etc constants
16) when parsing "sub(x,y,z)", eval_element is no longer called to process
x, y, and z.
17) support for DateSerial and DatePart functions
18) improved support for Now, Date, and Time functions (can call time() or
strftime depending on context)
19) added a -d option, which specifies a file and works like #include (calls
preparse). Useful for converting include files that depend on other
20) support for dictionary objects!
* several more FileSystemObject methods/properties (files, subfolders, size,
name, DateLastModified, GetBaseName)
* "\" in strings (gets converted to \\)
* some support for the ERR object
* in some cases getobject was getting called multiple times per token --
changed things around so that it is only called once
* limited support when "for each" is called against a collection of objects
(target var gets tracked as an object, just like set). As currently coded,
it correctly detects:
Set colFiles=objFolder.Files
For each objFile in colFiles
But does not detect:
For each objFile in objFolder.Files
Michael Kohn made the following changes:
* Removed double dim array's sessionpool and aspextension.
* Changed the way session's are done by using $_SESSION
April 11, 2006 - 0.76.26
Matt Brown made the following changes:
1) mapped vbscript SPLIT function to php EXPLODE (evalelement.c)
2) added support for vbscript MOD operator (evalelement.c)
3) corrected bug in handling of single-line if/then/else statements
(main_parser.c)
August 17, 2005 - 0.76.25
- Fixed a problem with Now()
June 23, 2005 - 0.76.24
- I was using system() calls to mkdir -p to make directories for a couple
of reasons 1) cause it would automatically create all dirs that didn't exist
and 2) cause it set up file permissions the way the system would want it.
this fails miserably on DOS (aka, Microsoft Windows) so I switched it now
to mkdir(). I'd still rather use mkdir -p, but owell. Anyway, this should
fix problems with people using DOS (aka Microsoft Windows).
September 8, 2004 - 0.76.23
- Fixed a bug with &'s from version 0.76.22
September 6, 2004 - 0.76.22
- mysql.c was modified by Tursi to add a semicolon after mysql_query($arg)
- rnd() with a parameter added an extra ). This is now fixed.
- date function changes
- added new command line switch for changing .asp text in response.write to .php
- hex literals are fixed
August 10, 2004 - 0.76.21
- the postgres conversion code has been updated.
January 11, 2004
Added FRAME to list of tags to change links from .asp to .php
December 8, 2003 - 0.76.19
Along with little bug fixes here and there, fixed a problem in the way functions
were converted. Also added a -fulltags option for creating PHP with tags that
look like this: <?php instead of <?.
May 3, 2002
Fixed a problem parsing functions that didn't have parenthesis around them.
Added some Filesystem conversion code. Added an option to convert DOS path's
with backslashes to Unix forward slashes (-fixwinpaths). Fixed a problem with
preparsing include files.
*Rails 3.0.6 (April 5, 2011)
* Fixed XSS vulnerability in `auto_link`. `auto_link` no longer marks input as
html safe. Please make sure that calls to auto_link() are wrapped in a
sanitize(), or a raw() depending on the type of input passed to auto_link().
For example:
<%= sanitize(auto_link(some_user_input)) %>
Thanks to Torben Schulz for reporting this. The fix can be found here:
61ee3449674c591747db95f9b3472c5c3bd9e84d
* Fixes the output of `rake routes` to be correctly match to the
behavior of the application, as the regular expression used to match
the path is greedy and won't capture the format part by default
[Prem Sichanugrist]
* Fixes an issue with number_to_human when converting values which are
less than 1 but greater than -1 [Josh Kalderimis]
* Sensitive query string parameters (specified in
config.filter_parameters) will now be filtered out from the request
paths in the log file. [Prem Sichanugrist, fxn]
* URL parameters which return nil for to_param are now removed from
the query string [Andrew White]
* Don't allow i18n to change the minor version, version now set to ~>
0.5.0 [Santiago Pastorino]
* Make TranslationHelper#translate use the :rescue_format option in
I18n 0.5.0 [Sven Fuchs]
* Fix regression: javascript_include_tag shouldn't raise if you
register an expansion key with nil or [] value [Santiago Pastorino]
* Fix Action caching bug where an action that has a non-cacheable
response always renders a nil response body. It now correctly
renders the response body. [Cheah Chu Yeow]
would build any other object-oriented Python program. This results in smaller
source code developed in less time.
CherryPy is now more than six years old and it is has proven very fast and
stable. It is being used in production by many sites, from the simplest ones to
the most demanding ones.
* Rename fdevent_event_add to _set to reflect what the function does. Fix some
handlers.
* Fix buffer.h to include stdio.h as it is needer for SEGFAULT()
Changes 1.4.27:
* Fix handling return value of SSL_CTX_set_options
* Fix mod_proxy HUP handling (send final chunk, fix usage counter)
* mod_proxy: close connection on write error
* Check uri instead of physical path for directory redirect
* Fix detecting git repository
* [mod_compress] Fix segfault when etags are disabled
* Reset uri.authority before TLS servername handling, reset all "keep-alive"
data in connection_del
* Print double quotes properly when dumping config file
* Include IP addresses on error log on password failures
* Fix stalls while reading from ssl sockets
* Fix etag formatting on boxes with 32-bit longs
* Fix two compiler warnings
* mod_accesslog: fix %p for ipv6 sockets
* mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for
X-Sendfile
* mod_staticfile: add debug output if we ignore a file with
static-file.exclude-extensions
* mod_cgi: fix race condition leaving response not forwarded to client
* mod_accesslog: Fix var declarations mixed in source
* mod_status: Add version to status page
* mod_accesslog: optimize accesslog_append_escaped
* openssl: silence annoying error messages for errno==0
* array.c: improve array_get_unused_element to check data type; fix mem leak if
unused_element didn't find a matching entry
* add check to stop loading plugins twice
* cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
* only require FDEVENT_IN bit to be set for listening connections
* add libev fdevent handler: server.event-handler = "libev"
* mod_proxy: return response as soon as it is available
* don't overwrite global server.force-lowercase-filenames setting
* bind to IPV6-only if ipv6 address was specified
* Ignore require-hooks which exist in %INC
* Reloads by file, not module name
* Add a no Apache::Reload directive which skips reloading for modules that have
it included (useful for Moose compatibility).
* Prepare modperl for the upcoming perl 5.14
* Add lib/ModPerl/MethodLookup.pm to MANIFEST via lib/ModPerl/Manifest.pm
* PerlIOApache_write() now throws an APR::Error object, rather than just
a string error, if modperl_wbucket_write() fails.
* Authentication tests fail with LWP 5.815 and later
* Concise test won't perform unless StatusTerse is set to ON
* Look for a usable apxs in $ENV{PATH} if all other options fail, then prompt
the user for one.
* Work around bootstrap warnings when Apache2::BuildConfig has not been
created yet.
* Remove Apache::test compatibility (part of mod_perl 1.2.7), that code causes
build issues and is 4 versions out of date.
* Make sure perl is built either with multiplicity and ithreads or without both
* Support for "install_vendor" and "install_site" make targets
* Run tests on bundled pure perl Apache::* modules
* Implement a mini-preprocess language for map-files in xs/maps.
* Implement APR::Socket::fileno
* Export PROXYREQ_RESPONSE, a missing PROXYREQ_* constant
* Make sure standard file descriptors are preserved by the perl-script handler
* Fix the filter init handler attribute check in
modperl_filter_resolve_init_handler()
* Make sure buffer is a valid SV in modperl_filter_read()
* Move modperl_response_finish() out of modperl_response_handler_run in
mod_perl.c
Pulled from upcoming 0.3.1
---------------------------------------------------------------------------
* Allow MellonUser variable to be translated through MellonSetEnv
* A /mellon/probeDisco endpoint replaces the builtin:get-metadata
IdP dicovery URL scheme
* New MellonCond directive to enable attribute filtering beyond
MellonRequire functionalities.
* New MellonIdPMetadataGlob directive to load mulitple IdP metadata
using a glob(3) pattern.
Version 0.3.0
---------------------------------------------------------------------------
* New login-endpoint, which allows easier manual initiation of login
requests, and specifying parameters such as IsPassive.
* Validation of Conditions and SubjectConfirmation data in the assertion
we receive from the IdP.
* Various bugfixes.
Summary of changes from 2.1.4 to 2.1.5
* Two bugs relating to Content-Length and possible duplication of Content-Length headers have been resolved.
* Support for bourne-like "here"-documents in the command line interface, allowing <<__EOF__ and similar schemes.
* Fixed an issue with re-using connections after Chunked-Encoding.
* Fix a bug that would inflate the "lost header" count and could cause problems during heavy traffic over a single connection, typically seen by load testing.
* Use the time of cache-insertion for "If-Modified-Since" requests if a "Last-Modified" header isn't provided by the backend.
* Merge multi-line Vary and Cache-Control headers from clients, which Google Chromium seem to split up.
* Various build fixes and documentation improvements
* Various bug fixes.
as library path instead of the source tree. install the tries to relink
the target with the new path, which fails because the just-installed
libraries are not in the buildlink directory.
Just don't rebuild makefiles, the run-time search path has been fixed
by buildlink already.
should fix PR 43385. OK wiz@
* Yaml formatted setup files are now produced by default.
(Perl formatted setup files can still be used.)
* Add timezone setting in setup file. This alows time zone to be configured
via the web.
* comment: Better fix to avoid showing comments of subpages, while
not breaking manual inlining of comments.
* meta: Security fix; don't allow alternative stylesheets to be added
on pages where the htmlscrubber is enabled.
(Updating this leaf package during the freeze for the security and
bug fixes.)
(contains security fix for CVE-2011-0728).
What's changed in loggerhead?
=============================
1.18.1 [24Mar2011]
------------------
- Fix escaping of filenames in revision views.
(William Grant, #740142)
- Add missing import to loggerhead.trace, allowing start-loggerhead
to run when a log.roll config option is set.
(Max Kanat-Alexander, #673999)
1.18 [10Nov2010]
----------------
- Syntax highlighting is no longer applied for files greater than 512K,
reducing codebrowse.launchpad.net overloading.
(Max Kanat-Alexander, #513044)
- Documentation added in the docs directory. README simplified
accordingly. (Tres Seaver).
- Show svn/git/hg revision ids in loggerhead revision view.
(Jelmer Vernooij)
- Fix .bzr/smart access to branches in shared repos. (You also need
a version of bzr with bug #348308 fixed.) (Andrew Bennetts)
- Support FastCGI, SCGI and AJP using flup. (Denis Martinez)
- Repository.get_revision_inventory() was removed in bzr 2.2; use
Repository.get_inventory() instead. (Matt Nordhoff, #528194)
- Ignore readonly+ prefix when checking if Loggerhead is serving a
local location. (Reported by Tres Seaver.) (Matt Nordhoff)
- Set Cache-Control and Expires headers on static pages.
(John Arbash Meinel)
- Generate relative links where possible (everywhere but HTTP
redirects and feed IDs). (Michael Hudson, Matt Nordhoff)
- Fix bad redirect when visiting "/download" or "/download/".
(Matt Nordhoff, #247992)
* comment: Don't show comments of subpages on parent pages.
(Fixes bug introduced in version 3.20100505.)
* darcs: Fix multiple issues preventing rcs_diff from working.
* aggregate: Read cookies from ~/.ikiwiki/cookies by default.
Also, the cookiejar configuration setting can be used by
other plugins to provide a custom `cookie_jar` object for LWP::UserAgent.
(Thanks, schmonz)
* Avoid escaping / characters in filenames when building the cgiurl,
as this confuses eg, cvsweb.
=== Ruby CSS Parser CHANGELOG
=== Version 1.1.3
* allow limiting by media type in add_block!
=== Version 1.1.2
* improve parsing of malformed declarations
* improve support for local files
* added support for loading over SSL
* added support for deflate
==== Version 1.1.1
* Ruby 1.9 compatibility
* @import regexp updates
* various bug fixes
==== Version 1.1.0
* Added support for local @import
* Better remote @import handling
