Changelog:
NEW
VP9 video decoding implemented
NEW
Mac OS X: Notification Center support for web notifications
NEW
Horizontal HTML5 audio/video volume control
NEW
Support for Opus in WebM
CHANGED
Now that spdy/3 is implemented support for spdy/2 has been removed and servers without spdy/3 will negotiate to http/1 without any penalty
DEVELOPER
Support for MathML 2.0 'mathvariant' attribute
DEVELOPER
Background thread hang reporting
DEVELOPER
Support for multi-line flexbox in layout
FIXED
Various security fixes
Fixed in Firefox 28
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Approved by: wiz@
Upstream changes:
2.5.5
Highlights
MDL-43733 - Auto-saved responses are used when a quiz attempt is submitted automatically
MDL-27414 - Random short answer matching question type now works again (with thanks to Jean-Michel Védrine)
Functional changes
MDL-40821 - Language menu in Clean shows language used
API changes
MDL-43882 - "Time spent waiting for the database" value added to performance info
UI changes
MDL-44425 - Skydrive, Box.net and Google Docs are renamed OneDrive, Box and Google Drive respectively to reflect these remote service name changes.
Security issues
MSA-14-0004 Incorrect filtering in Quiz
MSA-14-0005 Access issue in Feedback activity
MSA-14-0006 Capability issue in Chat
MSA-14-0007 Access issue in Wiki
MSA-14-0008 Cross site scripting potential in Flowplayer
MSA-14-0009 Identity information leak in Forum and Quiz
MSA-14-0010 Identity information leak in Alfresco Repository
MSA-14-0011 Cross site request forgery potential in IMS enrolments
MSA-14-0012 Access issue in Badges
Fixes and improvements
MDL-40705 - Long course names are truncated in navigation menu
MDL-40205 - Long block titles are truncated in Clean
MDL-42882 - Performance improvement to missing root directory upgrade step
MDL-40849 - Assignment marking guide screen fixed in Clean
MDL-44217 - The link colour in Bootstrapbase (and Clean) is now WCAG compliant
MDL-44029 - Quiz user overrides no longer deleted by group event handler
MDL-44018 - Variant field of question_attempts is backed up by Moodle backup
MDL-43941 - Activity show/hide toggle fixed in hidden and orphaned sections
MDL-43306 - Backup no longer introduces duplicate gradeitem sortorders when restoring
2.5.4
Highlights
MDL-41819 - Able to edit a larger number of grades in the grader report
Functional changes
MDL-42504 - Quiz auto-save detects that the connection to the server has been lost and warns students
API changes
MDL-40741 - Behat tests adapted to Clean theme
MDL-42942 - Environmental information shown at the beginning of every Behat run
Security issues
MSA-14-0001 Config passwords visibility issue
MSA-14-0002 Group constraints lacking in "login as"
MSA-14-0003 Cross-site request forgery vulnerability in profile fields
Fixes and improvements
MDL-34182 - Invalid JSON no longer output on filepicker when repository plugins output invalid content
MDL-43367 - get_child_contexts() returns correct contexts when context path missing
MDL-42913 - Group cache works as expected
MDL-40003 - Assignment submission comments are restored
MDL-42085 - Default enrolment duration is now applied when manually enrolling a user
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the "proxy_protocol" parameters of the "listen" and
"real_ip_header" directives, the $proxy_protocol_addr variable.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
*) mod_ssl: Work around a bug in some older versions of OpenSSL that
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent.
*) mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the map
handler code executes
Changes 2.4.8:
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
*) core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
non-ancient PCRE library)
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts.
*) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
execution when a handler is already set.
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request.
*) mod_ssl: Remove the hardcoded algorithm-type dependency for the
SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile).
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
*) prefork: Fix long delays when doing a graceful restart.
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5.
*) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
IDs 02445, 02446, and 02448 to TRACE1 from DEBUG.
*) mod_remoteip: Correct the trusted proxy match test.
*) mod_proxy_fcgi: Fix error message when an unexpected protocol version
number is received from the application.
*) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header.
*) mod_lua: Allow for database results to be returned as a hash with
row-name/value pairs instead of just row-number/value.
*) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
%{REMOTE_ADDR}.
*) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
save the socket for reuse by the next worker as if it were an
APR_SO_DISCONNECTED socket. Restores 2.2 behavior.
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
that was just rewritten by mod_rewrite.
*) mod_session: When we have a session we were unable to decode,
behave as if there was no session at all.
*) mod_session: Fix problems interpreting the SessionInclude and
SessionExclude configuration.
*) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
stanzas under virtual hosts.
*) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
30 seconds timeout.
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint
*) build: only search for modules (config*.m4) in known subdirectories, see
build/config-stubs.
*) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
*) mod_ssl: Add support for OpenSSL configuration commands by introducing
the SSLOpenSSLConfCmd directive.
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>.
*) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
require directives.
*) mod_proxy_http: Core dumped under high load.
*) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
previously limited to 64MB.
*) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
to prevent truncating files.
== 1.6.2 Doc Brown
* No longer replace response's body on HEAD request. Ensuring body.close will be called.
* Remove `---ssl-verify` option as EventMachine doesn't verify the certificate.
* Fix env['rack.peer_cert'] to return SSL certifcate.
== 1.6.1 Death Proof
* Regression: Default logger to STDOUT when using outside of CLI.
* Regression: Downgrade Rack required version back to 1.0 to work w/ prior Rails versions.
== 1.6.0 Greek Yogurt
* Accept absolute URL in request line, eg.: 'GET http://site.com/he/lo HTTP/1.1'.
* HEAD request no longer return a body in the response.
* No longer stop EventMachine's reactor loop unless it was started by Thin.
* Make request env keys upcasing locale-agnostic.
* Use Ruby's `Logger` for logging. [Akshay Moghe].
The logger can now be set using `Thin::Logging.logger=`.
Tracing of request is handled by a second logger, `Thin::Logging.trace_logger=`.
* Add --threadpool-size option to configure EM's thread pool size (default: 20).
* Pipelining is no longer supported.
=== raindrops 0.13.0 several minor fixes and improvements / 2014-02-18 20:59 UTC
Most notably, this release is necessary for Ruby 2.2 (dev).
Thanks to Koichi Sasada for the bug report!
Eric Wong (5):
Rakefile: remove raa_update task
last_data_recv: do not assume Unicorn includes all constants
raindrops.gemspec: add wrongdoc dev dependency
linux_inet_diag: fix Ruby 2.2 (dev) build
license: use LGPLv2.1 or later (was LGPL (2.1|3.0)-only)
Hleb Valoshka (1):
Remove Scope IDs from IPv6 addresses.
=== 2.8.1 / 2014-03-06
* 1 bug fixes:
* Run puma-wild with proper deps for prune_bundler
* 2 doc changes:
* Described the configuration file finding behavior added in 2.8.0 and how to disable it.
* Start the deployment doc
* 6 PRs merged:
* Merge pull request #471 from arthurnn/fix_test
* Merge pull request #485 from joneslee85/patch-9
* Merge pull request #486 from joshwlewis/patch-1
* Merge pull request #490 from tobinibot/patch-1
* Merge pull request #491 from brianknight10/clarify-no-config
=== 2.8.0 / 2014-02-28
* 8 minor features:
* Add ability to autoload a config file. Fixes#438
* Add ability to detect and terminate hung workers. Fixes#333
* Add booted_workers to stats response
* Add config to customize the default error message
* Add prune_bundler option
* Add worker indexes, expose them via on_worker_boot. Fixes#440
* Add pretty process name
* Show the ruby version in use
* 7 bug fixes:
* Added 408 status on timeout.
* Be more hostile with sockets that write block. Fixes#449
* Expect at_exit to exclusively remove the pidfile. Fixes#444
* Expose latency and listen backlog via bind query. Fixes#370
* JRuby raises IOError if the socket is there. Fixes#377
* Process requests fairly. Fixes#406
* Rescue SystemCallError as well. Fixes#425
* 4 doc changes:
* Add 2.1.0 to the matrix
* Add Code Climate badge to README
* Create signals.md
* Set the license to BSD. Fixes#432
* 14 PRs merged:
* Merge pull request #428 from alexeyfrank/capistrano_default_hooks
* Merge pull request #429 from namusyaka/revert-const_defined
* Merge pull request #431 from mrb/master
* Merge pull request #433 from alepore/process-name
* Merge pull request #437 from ibrahima/master
* Merge pull request #446 from sudara/master
* Merge pull request #451 from pwiebe/status_408
* Merge pull request #453 from joevandyk/patch-1
* Merge pull request #470 from arthurnn/fix_458
* Merge pull request #472 from rubencaro/master
* Merge pull request #480 from jjb/docs-on-running-test-suite
* Merge pull request #481 from schneems/master
* Merge pull request #482 from prathamesh-sonpatki/signals-doc-cleanup
* Merge pull request #483 from YotpoLtd/master
=== 2.7.1 / 2013-12-05
* 1 bug fix:
* Keep STDOUT/STDERR the right mode. Fixes#422
=== 2.7.0 / 2013-12-03
* 1 minor feature:
* Adding TTIN and TTOU to increment/decrement workers
* N bug fixes:
* Always use our Process.daemon because it's not busted
* Add capistrano restart failback to start.
* Change position of `cd` so that rvm gemset is loaded
* Clarify some platform specifics
* Do not close the pipe sockets when retrying
* Fix String#byteslice for Ruby 1.9.1, 1.9.2
* Fix compatibility with 1.8.7.
* Handle IOError closed stream in IO.select
* Increase the max URI path length to 2048 chars from 1024 chars
* Upstart jungle use config/puma.rb instead
0.12.0 (February 9th 2014)
FIX#1578 Fix latvian translations (@graudeejs)
FIX#1576 incorrect nl.yml translations (@fevers)
FIX#1564 do not reload apps with disabled or absent :reload flag (@ujifgc)
FIX#1571 Allow for url generation to accept stringified keys (@jsmpereira)
NEW #1570 add custom index option for form_for abstract form helper (@graudeejs)
FIX#1567 Add :app option to the component generator (@namusyaka)
FIX#1563 Fix behavior of content_tag when use with content that is not a string (@tyabe)
NEW #1422 allow options Hash in protect_from_csrf (@ujifgc)
0.12.0.rc3 (January 20th 2014)
FIX resolve_template should respect :views option (@ujifgc)
FIX#1547 Rename `showexceptions.rb` to `show_exceptions.rb` (@namusyaka)
NEW #1551 Introduce #default method to set application options (@ujifgc)
FIX#1553 Chinese time translations (@gokure)
FIX#1556 German translations (@Signum)
FIX#1555 Fix a problem the before/after filters (@namusyaka)
FIX#1550 Shove LOADING/RELOADING to devel log level
FIX#1445 Drop `PADRINO_ENV` in favour of `RACK_ENV` for further compatibility (@dariocravero)
0.12.0.rc2 (January 5th 2014)
FIX development dependency for padrino-gen (@namusyaka)
FIX#1520 Skip loading models for sequel migration tasks (@ujifgc)
FIX#1493 make admin aware of uri_root (@ujifgc)
NEW #854 allow -a master to rename admin path (@ujifgc)
FIX Get tests passing again on rubinius (@ujifgc)
FIX#1545 Don't raise on protect_from_csrf without sessions (@skade)
FIX#1546 Silence deprecation warnings for File.exists? (@fj)
REMOVE #1516 support for TestSpec component from generator (@ujifgc)
0.12.0.rc1 (December 31st 2013)
FIX#1421 Prevent double-escaped HTML in simple_format (@inkstak)
NEW #1424 Adds task generator for creating new task files (@namusyaka)
FIX#1423 Adds MIT license to gemspec (@ujifgc)
FIX#1121 Modify the encoding of crypted_password (@namusyaka)
NEW #1432 Rewritten Code Reloading (@ujifgc)
FIX#1428 logger constants to match stdlib (@spariev)
FIX#775 track I18n locale files properly (@ujifgc)
FIX#1434 additional fixes for slim templates (@minad)
FIX#1431 incorrect behavior when using content_tag with block (@namusyaka)
FIX#1435 broken slim templates (@namusyaka)
FIX AS4.1 constantize behavior compatibility (@ujifgc)
NEW #1436 support rails-style attribute hash of select options (@ujifgc)
NEW support disabled_options key for select_tag (@ujifgc)
FIX no longer monkeypatch colors onto string (@ujifgc, @nesquena)
FIX#1442 use `=` instead of `-` in slim and haml templating
NEW #1441 cleanup template handling logic (@ujifgc, @namusyaka)
FIX Cleanup file loading logic (@ujifgc)
FIX#1443 Don't step over :session_id setting on admin apps (@dariocravero)
NEW Modified `padrino start` to take an extra `–options` (`-O`) parameter (@dariocravero)
NEW #1018 Replaces Padrino::Cache::Store with Moneta (@minad)
NEW #1455 Steak generator written for acceptance tests (@eturk, @namusyaka)
FIX Better error generation for forms (@ujifgc)
FIX html_safe in labeled group (@ujifgc)
NEW #1452 Allow padrino start to take handler specific options
FIX#1462 cache content_type (@ujifgc)
FIX#1466 Change accepts to empty array to fix latest sinatra
FIX#1457 Major helpers cleanup (@ujifgc)
NEW #1405 Params is now converted to `HashWithIndifferentAccess` (@Ortuna)
FIX#1391 Skip path_traversal protection (@namusyaka)
NEW #1471 allow configuring codes of cascade apps (@ujifgc)
NEW #1477 Add :as option to form_for helper (@graudeejs)
FIX#1481 incorrect namespace of #named_routes (@namusyaka)
FIX Disambiguate the behavior of `url` (@namusyaka)
FIX#1461 Allow to render template with layout that using other template engine (@namusyaka)
NEW #767 introduces App.view_path and App.layout_path (@ujifgc)
FIX#1488 plugin generator url path to github (@bolshakov)
FIX#915 use app.root when mounting if available (@ujifgc)
FIX Allow to use extension with layout method. (@namusyaka)
NEW #1414 drop ruby 18mode, liberate ActiveSupport
NEW #711 Verify render with block now works as expected (@ujifgc)
NEW #1504 allow partial with block (@ujifgc)
FIX#1507 patch jruby utf-8 method naming (@ujifgc)
FIX#1505 Remove charset from json mimetype, fix sinatra edge (@namusyaka)
FIX#1513 Extracting logic to methods to improve readability (@scudelletti)
FIX#1517 correctly set a name of mounted application (@ujifgc)
NEW #1518 Add :flush option to content_for (@namusyaka)
FIX#1523 Add Rakefile tasks to the component generator (@tyabe)
FIX#1526 options on ActiveRecord version 3 (@tyabe)
NEW #1528 Allow asset_folders to be configured in settings
FIX#1529 double escaping of link urls (@ujifgc)
FIX#1532 allow asset_path with no kind (@ujifgc)
FIX#1535 rebase string urls to uri_root (@ujifgc)
NEW #1539 Enable :except option to :protect_from_csrf (@namusyaka)
FIX#1540 generator should abort if constant name already exists (@namusyaka)
NEW #922 resolve templates relative to controller name (@ujifgc)
NEW #1541 Reimplement authenticity token logic (@namusyaka)
=== 2.9.4 / 2014-02-10
* Bug fixes
* Improve proxy escaping from 2.9.2. Pull request #59 by Mislav Marohnić.
=== 2.9.3 / 2014-02-06
* Bug fixes
* Fix breakage in 2.9.2 for users without proxies. Pull request #56 by
Yoshihiro TAKAHARA (merged), #57 by ChuckLin, #58 by Kenny Meyer.
=== 2.9.2 / 2014-02-05
* Bug fixes
* Special characters in proxy passwords are now handled correctly. Issue
#48 by Mislav Marohnić. Pull request #54 by Juha Kajava
=== 2.9.1 / 2014-01-22
* Bug fixes
* Added license to gemspec. Issue #47 by Benjamin Fleischer
* Set Net::HTTP#keep_alive_timeout when supported by ruby. Pull request #53
by Dylan Thacker-Smith.
* The backtrace is preserved for errors in #reset to help with debugging.
Issue #41 by Andrew Cholakian.
3.2.15 (7 March 2014)
* Support &.foo when the parent selector has a newline followed by a comma.
3.2.14 (24 January 2014)
* Don't crash when parsing a directive with no name in the indented syntax.
* Clean up file paths when importing to avoid errors for overlong path names.
* Parse calls to functions named true, false, and null as function calls.
* Don't move CSS @imports to the top of the file unless it's necessary.
3.2.13 (19 December 2013)
* Numbers returned by user-defined functions now trigger division, just like
numbers stored in variables.
* Support importing files in paths with open brackets.
* Fix sass-convert's handling of rules with empty bodies when converting from
CSS.
* Fix CSS imports using url() with a quoted string and media queries.
3.2.12 (4 October 2013)
* Add a couple missing requires, fixing some load errors, especially when
using the command-line interface.
* Tune up some heuristics for eliminating redundant generated selectors. This
will prevent some selector elimination in cases where multi-layered @extend
is being used and where it seems intuitively like selectors shouldn't be
eliminated.
3.2.11 (27 September 2013)
* Fix @extend's semantics with respect to pseudo-elements. They are no longer
treated identically to pseudo-classes.
* A more understandable error is now provided when the -E option is passed to
the Sass command line in ruby 1.8
* Fixed a bug in the output of lists containing unary plus or minus operations
during sass <=> scss conversion.
* Avoid the IE7 content: counter bug with content: counters as well.
* Fix some thread-safety issues.
*) Security: memory corruption might occur in a worker process on 32-bit
platforms while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0088); the bug had appeared in 1.5.10.
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the $ssl_session_reused variable.
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used on 32-bit platforms; the bug had
appeared in 1.5.10.
*) Bugfix: the $upstream_status variable might contain wrong data if the
"proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
used.
Thanks to Piotr Sikora.
*) Bugfix: a segmentation fault might occur in a worker process if
errors with code 400 were redirected to a named location using the
"error_page" directive.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2013.
Changes with nginx 1.5.10 04 Feb 2014
*) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol.
Thanks to Automattic and MaxCDN for sponsoring this work.
*) Feature: the ngx_http_mp4_module now skips tracks too short for a
seek requested.
*) Bugfix: a segmentation fault might occur in a worker process if the
$ssl_session_id variable was used in logs; the bug had appeared in
1.5.9.
*) Bugfix: the $date_local and $date_gmt variables used wrong format
outside of the ngx_http_ssi_filter_module.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs
during binary upgrade on Linux; the bug had appeared in 1.5.8.
Thanks to Piotr Sikora.
Changes with nginx 1.5.9 22 Jan 2014
*) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.
*) Feature: the "ssl_buffer_size" directive.
*) Feature: the "limit_rate" directive can now be used to rate limit
responses sent in SPDY connections.
*) Feature: the "spdy_chunk_size" directive.
*) Feature: the "ssl_session_tickets" directive.
Thanks to Dirkjan Bussink.
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
Thanks to Ivan Risti?.
*) Bugfix: nginx incorrectly handled escaped "?" character in the
"include" SSI command.
*) Bugfix: the ngx_http_dav_module did not unescape destination URI of
the COPY and MOVE methods.
*) Bugfix: resolver did not understand domain names with a trailing dot.
Thanks to Yichun Zhang.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: the "xclient" directive of the mail proxy module incorrectly
handled IPv6 client addresses.
Changes with nginx 1.5.8 17 Dec 2013
*) Feature: IPv6 support in resolver.
*) Feature: the "listen" directive supports the "fastopen" parameter.
Thanks to Mathew Rodley.
*) Feature: SSL support in the ngx_http_uwsgi_module.
Thanks to Roberto De Ioris.
*) Feature: vim syntax highlighting scripts were added to contrib.
Thanks to Evan Miller.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: the "master_process" directive did not work correctly in
nginx/Windows.
*) Bugfix: the "setfib" parameter of the "listen" directive might not
work.
*) Bugfix: in the ngx_http_spdy_module.
Version 3.2.8 (2014-03-12)
--------------------------
### Fixed
Add the "href" values for active breadcrumb menus to the template (see #6796).
### Fixed
The file/page tree widget did not work properly in "edit multiple" mode (#6788).
### Fixed
Preserve the referer ID when clicking the "switch to edit" button (see #6127).
### Fixed
Encode e-mail addresses in the "explanation" form field (see #6771).
### Fixed
Use a placeholder image if no thumbnail can be created (see #6754).
### Fixed
Pass additional arguments to the "replaceInsertTags" hook (see #6672).
### Fixed
Correctly initialize the `Session` class (see #6747).
### Fixed
Do not use `Input::setGet()` in the event modules (see #6733).
### Fixed
Correctly shorten the CSS `background` property (see #6709).
### Fixed
Do not use `UNION SELECT` when searching for parent pages (see #6704).
### Fixed
Disable `zlib.output_compression` when sending files to the browser (see #6717).
### Fixed
Consider the event time in the event list module (see #6719).
### Fixed
Make the newsletter recipient address available in the template (see #5782).
### Fixed
Correctly handle Unicode characters in `Validator::isGooglePlusId` (see #6707).
### Fixed
Fixed the arguments of two `CalendarEventsModel` methods (see #6781).
### Fixed
Pass the "tableless" flag to the "form_message" template (see #6772).
### Fixed
Update the `swipe.js` script so the "continuous" option works (see #6762).
### Fixed
Improve the `Search::removeEntry()` method (see #6785).
### Fixed
Correctly set the cookie path in the front mode in debug mode (see #6723).
### Fixed
Point to `Frontend::addToUrl()` in front end templates (see #6736).
### Fixed
Do not stop the cron job execution after the first interval.
2014-03-09 (2.8.8rel.2)
* correct errata in test-files which cause broken links in break-out directory
in lynx.isc.org server -TD
* amend change from 2.8.8pre.2, to ensure that MinGW libraries already
declaring 'sleep()' will build -TD
* drop unused save/compress rules from makefile.in, because fixing umask for
these is pointless -TD
* modify makefile.in to establish sane umask value in the "install-doc" rule
(report by Rajeev V Pillai) -TD
* build-fix for NetBSD, whose curses library provides use_default_colors(),
but the package turns off the keymap feature (patch by Thomas Klausner).
The underlying issue seems to be a race; if the spawned git log
command finishes before trac kills it, the os.kill() throws an
exception which is not caught. Simply catch and ignore the exception.
I sent the patch to trac-devel@.
* Avoid assertions on Range requests that trigger Squid-generated errors.
* Protect MemBlob::append() against raw-space writes
* Copyright: Relicense helpers by Treehouse Networks Ltd.
* Portability: define CMSG related structures individually
* Fix helper ID number assignment
* Fixed stalled concurrent rock store reads by insuring their ID uniqueness.
* Bug 3186, Bug 3628: Digest authentication always sending stale=false for nonce
* dynamic_cert_mem_cache_size option related fixes
* Fix umask default on crash report generated email
* Fix pthread library detection on FreeBSD 10
* Bug 4029: intercepted HTTPS requests bypass caching checks
* Bug 4026: SSL and adaptation_access does not handle aborted connections
* Bug 4001: remove use of strsep()
* Move compat/unsafe.h protections from libcompat to source maintenance
* Bug 3969: user credentials cache lookup for Digest authentication broken
* Various fixes to configure for FreeBSD 10
* Regression Bug 3769: client_netmask not evaluated since Comm redesign
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
This release fixes a security issue that was introduced with the 0.7.0 release. This issue affected the source-highlighting feature and could only be exploited, if the suPHP_PHPPath option was set. In this case local users which could create or edit .htaccess files could possibly execute arbitrary code with the privileges of the user the webserver was running as.
Changes with mod_fcgid 2.3.9
*) Revert fix for PR 53693, added in 2.3.8 but undocumented. Fix
issues with a minor optimization added in 2.3.8. [Jeff Trawick]
Changes with mod_fcgid 2.3.8
*) SECURITY: CVE-2013-4365 (cve.mitre.org)
Fix possible heap buffer overwrite. Reported and solved by:
[Robert Matthews <rob tigertech.com>]
*) Add experimental cmake-based build system for Windows. [Jeff Trawick]
*) Correctly parse quotation and escaped spaces in FcgidWrapper and the
AAA Authenticator/Authorizor/Access directives' command line argument,
as currently documented. PR 51194 [William Rowe]
*) Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
assignments). PR 51657 [William Rowe]
*) Conform script response parsing with mod_cgid and ensure no response
body is sent when ap_meets_conditions() determines that request
conditions are met. [Chris Darroch]
*) Improve logging in access control hook functions. [Chris Darroch]
*) Avoid making internal sub-requests and processing Location headers
when in FCGI_AUTHORIZER mode, as the auth hook functions already
treat Location headers returned by scripts as an error since
redirections are not meaningful in this mode. [Chris Darroch]
Version 0.6.7
-----------------
Released on February 16, 2014
- Expose app instance in a command commands (manage.app). #83
- Show full help for submanagers if called without arguments. #85
- Fix ShowUrls command conflict. #88
0.9 (2014-02-20)
This release is compatible with webassets 0.9.
flask-assets now support Python 3, and drops support for Python 2.5.
- Support for Flask-S3 (Erik Taubeneck).
- Support latest Flask-Script (Chris Hacken).
* Use the reference for the mime type to get the format
Fixes: CVE-2014-0082
* Escape format, negative_format and units options of number helpers
Fixes: CVE-2014-0081
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
Thanks to Ivan Risti\u0107.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: memory leak in nginx/Windows.
Bugfixes
* fixed python3 support on older compilers/libc
* allow starting in spooler-only mode
* fixed cache bitmap support and added test suite (credits: Danila Shtan)
* fixed ftime log var
* added async remote signal management
* fixed end-for and end-if
* fixed loop in internal-routing response chain
* fixed pypy execute_source usage
* logpipe: Don\u2019t setsid() twice (credits: INADA Naoki)
New features and improvements
CGI plugin
The plugin has been improved to support streaming.
In addition to this the long-awaited async support is finally ready. Now you can
have CGI concurrency without spawning a gazillion of expensive threads/processes
Check: Running CGI scripts on uWSGI
PSGI loading improvements
The PSGI loader now tries to use Plack::Util::load_psgi() function instead of
simple eval. This addresses various inconsistences in the environment (like the
double parsing/compilation/execution of psgi scripts).
If the Plack module is not available, a simple do-based code is used (very
similar to load_psgi)
* Added useragent config setting. Closes: #737121
Thanks, Tuomas Jormola
* po: Add html_lang_code and html_lang_dir template variables
for the language code and direction of text.
Thanks, Mesar Hameed
* Allow up to 8 levels of nested directives, rather than previous 3
in directive infinite loop guard.
* git diffurl: Do not escape / in paths to changed files, in order to
interoperate with cgit (gitweb works either way)
Thanks, intrigeri.
* git: Explicity push master branch, as will be needed by git 2.0's
change to push.default=matching by default.
Thanks, smcv
* Deal with nasty issue with gettext clobbering $@ while printing
error message containing it.
Thanks, smcv
* Cleanup of the openid login widget, including replacing of hotlinked
images from openid providers with embedded, freely licensed artwork.
Thanks, smcv
* Improve templates testing.
Thanks, smcv
* python proxy: Avoid utf-8 related crash.
Thanks, Antoine Beaupré
* Special thanks to Simon McVittie for being the patchmeister for this
release.
Add LICENSE
Upstream changes:
2012-10-25 Mattias Holmlund
Version 1.1
Unlink temporary cachefiles if we fail to give them a proper name
Resolves https://rt.cpan.org/Ticket/Display.html?id=60065
Handle multiple simultaneous cache cleanups
Hopefully resolves https://rt.cpan.org/Public/Bug/Display.html?id=77015
Handle caching of zero-size documents
Resolves https://rt.cpan.org/Public/Bug/Display.html?id=76785
Populate $response->message with the default message for the code
Patch from Graham Barr
Ensure response has access to request when fetching from cache
Patch from Graham Barr.
Handle undefined content from servers.
Add LICENSE
Add missing BUILD_DEPENDS for regress test
Upstream changes:
0.23 2013/11/03
* Added REAL_SERVERS check to t/proxy-with-https.t
- Thanks to Gregor Herrmann, Debian Perl Group, for the patch
0.22 2013/09/12
* Added repository cpan metadata to Makefile.PL
- Thanks to David Steinbrunner for the patch
0.21 2013/08/29
* Updated Changes file to meet CPAN::Changes::Spec
* FIxed unparseable date for version 0.02
0.20 2013/07/18
* Updates Changes file to meet CPAN::Changes::Spec
* Changed and standardized date formats
* Changed name from CHANGES to Changes
* Added author/release test to check this going forward
0.19 2013/07/17
* Added ssl_options support
* Increased Net::HTTPS::NB requirement to 0.13
- Thanks to Heikki Vatiainen for the patch
0.18 2013/05/27
* Fixed typo in POD
- Added THANKS for Florian (fschlich)
0.17 2013/04/20
* Added local_addr and local_port support
* Standardised test names
* Added THANKS for github user c00ler-
0.16 2013/04/04
* Fixed CPAN Testers bug in bad-hosts.t
0.15 2013/04/04
* Two bug fixes provided by Josef Toman:
* Fixed header handling to use header_field_names()
* Replaced _make_url_absolute with URI::new_abs()
0.14 2013/04/01
* More diagnostics in bad-hosts.t on failure
0.13 2013/03/29
* Fixed t/real-servers.t to work whether or not Net::HTTPS::NB is available
0.12 2013/03/29
* New logic for making https requests through a proxy
* Made tests run ok in parallel by using different ports per test
* Set explicit SSL_verify_mode in real-servers.t
* Minor update to code comment about is_proxy mode
0.11 2012/11/13
* Use high ports to prevent test failure when 8080 is already used
* Travis config
0.10 2012/03/08
* added support for https requests - thanks Naveed Massjouni
Upstream changes:
0.16 Sat Aug 10 17:52:00 GMT 2013
- Added link to repository (D. Steinbrunner)
0.15 Mon Oct 1 19:14:05 GMT 2012
- Fix bugs in :contains("string") (Aaron Crane)
Add missing DEPENDS
Upstream changes:
1.00 2013-12-16
- TT template files changed - update them if you use a local copy.
Template file 'label_tag' renamed to 'label_element' - old file can
be deleted. 'field' file changed. New 'errors' file.
- TT no longer listed as a prerequisite. If you use the TT files,
you must add 'Template' to your own app's prereqs.
- Element::reCAPTCHA and Constraint::reCAPTCHA moved out to separate
distribution.
- HTML::FormFu::MultiForm moved out to separate distribution.
- auto_container_class(), auto_label_class(), auto_comment_class(),
auto_container_error_class(), auto_container_per_error_class(),
auto_error_class() no longer have default values.
See "RESTORING LEGACY HTML CLASSES" in HTML::FormFu docs to restore
previous behaviour.
- auto_label_class() no longer adds class to container.
auto_label_class() now adds class to label tag.
new auto_container_label_class() adds class to container.
See "RESTORING LEGACY HTML CLASSES" in HTML::FormFu docs to restore
previous behaviour.
- auto_comment_class() no longer adds class to both container and comment.
auto_comment_class() now only adds class to comment tag.
new auto_container_comment_class() adds class to container.
See "RESTORING LEGACY HTML CLASSES" in HTML::FormFu docs to restore
previous behaviour.
- Bug fix: param_value() form method now matches documented behaviour -
returns undef when field has errors. (Reported by Hailin Hu).
- New Element::Email and Element::URL HTML5 input fields.
- Role::Element::Input has new datalist_options(), datalist_values(),
datalist_id() and auto_datalist_id() methods to support HTML5 datalists.
auto_datalist_id() is an inherited accessor which can be set on the
Form, MultiForm, or Block.
- Form and Elements has new title() attribute short-cut.
- Constraint::Regex has new anchored() accessor.
- New Input attribute accessors: placeholder(), pattern(), autocomplete().
- New Input boolean attribute accessors: autofocus(), multiple(), required().
- New Field inherited accessors: auto_container_per_error_class(),
auto_error_container_class(), auto_error_container_per_error_class(),
error_tag(), error_container_tag
- Constraints have new experimental method fetch_error_message().
- All field elements have new method error_filename().
- default_args() now supports 'Block', 'Field', 'Input' pseudo-elements,
'|' alternatives, and '+' and '-' ancestor modifiers.
- New Czech (cs) I18N translation by Jan Grmela.
- mk_inherited_accessors() now also creates a *_no_inherit() method.
- Experimental new roles() form method.
- form methods start(), end() now respect render_method - no longer
force use of tt templates.
- Bug fix: del_attribute() on empty attribute no longer sets the attribute.
- All attribute accessors generated with mk_attrs() now have *_loc variants.
- form methods start(), end() now respect render_method - no longer
force use of tt templates.
- Tests now always require Test::Aggregate::Nested.
Re-enable aggregate tests on Win32.
Don't run all tests twice under both aggregate and t/ (doh!)
User-visible changes:
- Client-side bugfixes:
* use CryptoAPI to validate intermediary certificates on Windows (r1564623)
* fix automatic relocate for wcs not at repository root (r1541638 et al)
* diff: fix when target is a drive root on Windows (r1541635)
* wc: improve performance when used with SQLite 3.8 (r1542765)
* copy: fix some scenarios that broke the working copy (r1560690)
* move: fix errors when moving files between an external and the parent
working copy (r1551524, r1551579)
* log: resolve performance regression in certain scenarios (r1553101 et al)
* merge: decrease work to detect differences between 3 files (r1548486)
* checkout: don't require flush support for symlinks on Windows (r1547774)
* commit: don't change file permissions inappropriately (issue 4440)
* commit: fix assertion due to invalid pool lifetime (r1553376 et al)
* version: don't cut off the distribution version on Linux (r1544878 et al)
* flush stdout before exiting to avoid information being lost (r1499470)
* status: fix missing sentinel value on warning codes (r1543145)
* update/switch: improve some WC db queries that may return incorrect
results depending on how SQLite is built (r1567109)
- Server-side bugfixes:
* reduce memory usage during checkout and export (r1564215)
* fsfs: create rep-cache.db with proper permissions (issue 3437)
* mod_dav_svn: prevent crashes with SVNListParentPath on (CVE-2014-0032)
* mod_dav_svn: fix SVNAllowBulkUpdates directive merging (r1548105)
* mod_dav_svn: include requested property changes in reports (r1557522)
* svnserve: correct default cache size in help text (r1563110)
* svnadmin dump: reduce size of dump files with '--deltas' (r1554978)
* resolve integer underflow that resulted in infinite loops (r1567985)
Developer-visible changes:
- General:
* fix ocassional failure of check_tests.py 12 (r1496127 et al)
* fix failure with SQLite 3.8.1-3.8.3 when built with
SQLITE_ENABLE_STAT3/4 due to bug in SQLite (r1567286, r1567392)
* specify SQLite defaults that can be changed when SQLite is built
to avoid unexpected behavior with Subversion (r1567064)
- API changes:
* numerous documentation fixes
* svn_client_commit_item3_dup() fix pool lifetime issues (r1550803)
* ra_serf: properly ask multiple certificate validation providers for
acceptance of certificate failures (r1535532)
* release internal fs objects when closing commit editor (r1555499)
* svn_client_proplist4() don't call the callback multiple times for
the same path in order to deliver inherited properties (r1549858 et al)
- Bindings:
* javahl: make test suite run without installing on OS X (r1535115)
* swig: fix building out of tarball on OS X (r1555654)
* swig-pl: fix with --enable-sqlite-compatibility-version (r1559009)
* swig: fix building bindings on OS X when APR has the -no-cpp-precomp
flag in the apr-config --cppflags output. (r1535610)
* swig: fix building from tarball with an out-of-tree build (r1543187)
Change option name fcgi to fasrcgi
Upstream changes:
1.54 Jan 19, 2014
[ DISTRIBUTION ]
- Remake with gnutar
1.53 Jan 18, 2014
[ DISTRIBUTION ]
- Attempt to fix corrupted tar
1.52 Oct 9, 2013
[ BUG FIXES ]
- Ignore 'Software caused connection abort' errors. RT #49031. Submitted
by Morten Bjoernsvik.
- Sort hash keys to deal with Perl 5.18+ hash randomization. RT
#88708. Submitted by Zefram.
- Fix 'and' precedence with explicit parens. RT #87050. Submitted by
Alex Vandiver.
- Escape each part of substitution, not their
concatenation. github.com/jonswar/perl-HTML-Mason/pull/1. Submitted
by Ricardo Signes.
[ ENHANCEMENTS ]
- Add use_warnings flag, similar to
use_strict. github.com/jonswar/perl-HTML-Mason/pull/4. Submitted by
Aevar Bjarmason.
1.51 May 8, 2013
[ DISTRIBUTION ]
- Fix hardcoded version
[DOCS]
- Add HTML::Mason::FAQ, from old masonhq.com website
Changes to GoAccess 0.7.1 - Monday, February 17, 2014
* Added ability to get real OS names using --real-os. (Android, Windows, Mac)
* Added ability to log debug messages to a file.
* Added ability to parse tab-separated log format strings.
* Added ability to support terminals without colors.
* Added ability to turn off color output by using --no-color flag.
* Added command line option to append HTTP method to request.
* Added command line option to append HTTP protocol to request.
* Added long options to command-line.
* Added missing Win 9x 4.90 (Windows Me) user-agent.
* Added missing Windows RT user-agent.
* Ensure mouse click does not reset expanded module if it is the same.
* Fixed Amazon CloudFront tab-separated log format.
* Fixed "FreeBSD style" ncursesw built into system.
* Fixed HTML report issue where data cell would not wrap.
* Fixed issue when isatty() could not find a valid file descriptor.
* Fixed SymbianOS user-agent and retrieve its version.
Upstream changes:
4.83 2014-02-19
- Improved Mojo::JSON to handle encoding errors more gracefully.
- Fixed line numbers in Mojo::JSON error messages.
4.82 2014-02-19
- Added decode_json and encode_json functions to Mojo::JSON.
- Added data attribute to Mojo::JSON::Pointer.
- Fixed bug in "user_agent_online.t".
- Fixed small decoding bug in Mojo::JSON.
Upstream changes:
0.043 2014-02-20 20:40:23-05:00 America/New_York
[FIXED]
- Does not send absolute request URI when tunneling SSL via proxy
- Fixes regression in setting host name to verify SSL
- Protects tests from https_proxy and all_proxy when doing mock testing
0.042 2014-02-18 11:23:17EST-0500 America/New_York
[ADDED]
- If IO::Socket::IP 0.25+ is installed, HTTP::Tiny will use it for
transparent IPv4 or IPv6 support.
0.041 2014-02-17 13:07:54-05:00 America/New_York
[no code change, only an amended Changes file]
[INCOMPATIBLE CHANGES (from 0.039)]
- The 'proxy' attribute no longer takes precedence over the
'http_proxy' environment variable. With the addition of http_proxy
and https_proxy attributes (and corresponding environment variable
defaults), the legacy 'proxy' attribute now maps to the
all_proxy/ALL_PROXY environment variable and only takes effect when
other proxy attributes are not defined.
[ADDED (since 0.039)]
- Added 'keep_alive' attribute for single-server persistent connections
(Clinton Gormley)
- Added support for Basic authorization with proxies
- Added support for https proxies via CONNECT
[FIXED (since 0.039)]
- Requests are made with one less write for lower latency (Martin
Evans)
0.040 2014-02-17 13:02:47-05:00 America/New_York
[INCOMPATIBLE CHANGES]
- The 'proxy' attribute no longer takes precedence over the
'http_proxy' environment variable. With the addition of http_proxy
and https_proxy attributes (and corresponding environment variable
defaults), the legacy 'proxy' attribute now maps to the
all_proxy/ALL_PROXY environment variable and only takes effect when
other proxy attributes are not defined.
[ADDED]
- Added support for Basic authorization with proxies
- Added support for https proxies via CONNECT
URIs that contain other URIs. The basic format is:
{prefix}:{uri}
Some examples:
* `jdbc:oracle:scott/tiger@//myhost:1521/myservicename`
* `db:postgres://db.example.com/template1`
* Fix some syscall definitions in JavaScript are fixed.
Thank you, tho@.
Changelog:
FIXED
27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
FIXED
27.0.1 - JS math correctness issue (bug 941381
2014-02-14 (2.8.8rel.1)
2014-02-14 (2.8.8pre.5)
* change quoting for fixup to help_files.sed in 2.8.8dev.17 to work around
bug in cygwin's make/sed programs -TD
* change quality value for application/xhtml+xml mime type added for Debian
#184482, to ensure that it is offered as one of Lynx's internal types on
an "Accept:" line sent to the server (Debian #725178) -TD
* trim unexpected query-parameters from file: URIs when checking for their
presentation and compression types. Not all browsers do this, etc. -TD
* modify forms-submit to trim query-parameters from the action URI if it
happens to be a file-URL. IE and some other browsers do this. The RFCs
do not mention this since forms are an HTTP feature (Debian #738121) -TD
* reviewed command-line options which were not provided in lynx.cfg; added
others which could be useful for dumps (i.e., force_html, hiddenlinks,
listonly, list_inline, localhost, short_url, with_backspaces) -TD:
* add dont_wrap_pre to lynx.cfg (request by GV) -TD
* use idn_free() rather than ordinary free (patch by GV)
* build-fix when alt-bindings are disabled (patch by GV)
* correct sense of --disable-alt-bindings option in configure script (prompted
by report by GV) -TD
2014-02-04 (2.8.8pre.4)
* modify the LOCALE_CHARSET feature to provide a default value for the
ASSUMED_CHARSET feature aka "display-charset" (Debian #737416) -TD
* fix two bugs in print-to-file from 2.8.8dev.10 changes -TD
+ suggested filename suffix for text/html was ".html" rather than ".txt"
+ using ^U to clear the filename to print to did not cancel the prompt
(report by Klaus-Peter Wegge)
* disable EXP_JAPANESEUTF8_SUPPORT if the system has no iconv support -TD
* modify makefiles to perform the src/chrtrans rules from the top-level rather
than via the src-level, solving the issue of "makefile races" -TD
* reviewed minor fixes from OpenBSD CVS for these issues:
- fix makefile races [espie]
- read/write result checking fixes to avoid unsigned comparisons vs -1 [krw]
However, the former is not an improvement; kept only the latter -TD
2014-01-11 (2.8.8pre.3)
* apply analogous changes to tidytls.c interface -TD
* apply openssl patch from openSUSE package for Lynx to modify the SSL options
to omit the SSLv2 and compression features (report by BJP) -TD
* add check for alternate package "libssl" also used with Fedora20 -TD
* fix a check in configure-script for openssl subdirectory in includes. It
happened to work in most cases due to a spurious blank in the pkg-config
file; this was removed recently, e.g., for Fedora20 -TD
* fill-in some dangling links in test-files -TD
* build-fix for --disable-prettysrc (reported by Don Hsi-Yun Yang aka
"omoikane") -TD
* review/improve html helpfiles -TD
* ensure that $(sysconfdir) exists in makefile as dependency of install-help
rule -TD
* update config.guess (2014-01-01), config.sub (2014-01-01)
2013-12-17 (2.8.8pre.2)
* change makefile.msc and lynx-slang.iss to use dll for slang -TD
* change URL for HELPFILE in lynx.cfg, etc., to omit version-specifics -TD
* update example of options menu shown in user-guide -TD
* restore ^Z maxscreen-toggle for Windows, omitted in 2.8.8dev.17 cleanup -TD
* typographical fixes for manpage (Bjarni I. Gislason, Debian #732236).
* allow fallback sleep() function to be used for MinGW -GV
* remove special case in configure.in which added "-lcompat" to $LIBS
for OpenBSD, MirBSD and EkkoBSD (Christian Weisgerber, Thorsten Glaser).
* build-fix for --disable-forms-options -TD
* omit request for admin-access in NullSoft installer, since lynx could be
installed in user's directory -TD
* change Windows default for LYNX_LSS_FILE to not use a directory-path -TD
2013-11-28 (2.8.8pre.1)
2013-11-28 (2.8.8dev.17)
* revise/update counts in README.metrics, using a script replacing a manual
procedure -TD
* amend check for magic header bytes from 2.8.8dev.3 for "deflate" to limit it
to the 3-bit block header described in RFC-1951 -TD
* install the sample-files in the dpkg test-script -TD
* add configure option --with-cfg-path and environment variables LYNX_CFG_PATH
to provide search-list capability for the ".cfg" and ".lss" files -TD
* modify configuration of COLOR_STYLE value in lynx.cfg, allowing multiple
filenames to be specified and providing those as choices in the O'ptions
menu (Debian #404893) -TD
* updates for lynx_help_main.html -TD
* update URLs in about_lynx.html -TD
* add internal URL "LYNXEDITMAP:", which is (like "LYNXKEYMAP:") generated,
making that the primary page for field-editing help -TD
* improve DOSPATH-related logic in HomeEnv(), making this work properly with
Windows Vista and 7. The feature is needed to read Lynx's bookmarks file
from the user's "Personal" shell-folder (report by Manuel Nunez) -TD
* modify samples/*.bat to work when running in a directory whose pathname
contains spaces -TD
* reduce required privileges for installing in lynx.iss -TD
* improve sed expression appended to help_files.sed to fix a case for the
edit-helpfiles which left a ".gz.gz" suffix for compressed filename URLs,
overlooked since 2.8.1pre.3 -TD
* modify logic in lkcstring_to_lkc() to allow named keys, e.g., from curses,
to be used consistently in a KEYMAP directive -TD
* add version-info to LYIcon.rc -TD
* add symbols in Keysym_Strings[] and table in setup_vtXXX_keymap() for
function keys 2-12, to improve keymap-configurability -TD
* change extra-key #define's in LYStrings.h to enum -TD
* cleanup pre-2.7 debris from LYStrings.c and LYStrings.h -TD
* modify tables for key-bindings and edit-bindings to allow them to be reloaded
to their initial values -TD
* add check in get_connection() for ftp-connections to ensure that a password
from a URL is non-empty -TD
* add samples/oldlynx.bat to demonstrate how to use non-color-style -TD
* add NSIS script, to allow building Windows installer via cross-compiling -TD
* fixes to configure script and makefiles to work with empty $prefix, e.g.,
as used in MSYS -TD
* improve configure check for sleep() for cross-compiling to MinGW -TD
* modify configure check for inet_addr() for cross-compiling to MinGW -TD
* add configure check for Win32 flavor of PDCurses when cross-compiling to
MinGW using the "--with-screen=pdcurses" option -TD
* improve color-style simulation of old color scheme by coloring input fields
with color #5 -TD
* correct search logic to match links which are wrapped on the right margin.
Previous fixes to highlight arbitrarily long links overlooked this case
(Debian #546264) -TD
* modify the INFO page, normally bound to "=", to show decoded strings for
URLs, e.g., which use %xy hexadecimal encoding. The decoded strings are
shown on the line following the encoded URLs if the strings are different.
Also if display-charset is UTF-8, modify -dump "References" URLs to show
the corresponding decoded strings for consistency with the text which is
already in UTF-8. Other URLs such as that shown in the status area are
shown in encoded form per previous discussion which recommending doing this
to address phishing attempts (Debian #398274) -TD
* simplify file-URLs shown in reference list of -dump by trimming unnecessary
"localhost", e.g.,
file://localhost/XXX
becomes
file:///XXX
(Debian #334787) -TD
* extend the "Bad HTML" warning feature to -dump option when the -stderr
option is also set (Debian #398304) -TD
* add -list_inline option, which modifies -dump output to put links inline with
the text rather than in a list at the end of the dump (Debian #584080) -TD
* add clarification in manpage regarding -force_html option versus -dump or
-crawl (Debian #254603, Debian #295273) -TD
* improve manpage descriptions of -reload, -get_data and -post_data (Debian
#350853) -TD
* modify manpage synopsis to make it clearer that Lynx accepts more than one
path and/or URL on the command-line. The paragraph explaining this was
added in 2.8.6dev.5 (Debian #350853) -TD
* update COPYHEADER, clarifying license issues -TD
* minor change to Content-Length logic from 2.8.8dev.13 to work with Amazon's
cookies (Debian #720541) -TD
* improve warning message for GNUTLS_CERT_SIGNER_NOT_FOUND (Debian #695653) -TD
* ignore non-fatal return codes from gnutls_handshake introduced by SNI change
in 2.8.8dev.15 (Debian #724812, patch by Hans Wurst).
* updates for configure macros -TD
+ CF_ACVERSION_CHECK, fix from byacc for "newer" autoconf.
+ CF_ADD_LIB_AFTER, fix from xterm for problem with -Wl,xxx options
+ CF_CURSES_LIBS, modify to allow external script to set $cf_term_lib and/or
$cf_curs_lib
+ CF_INTEL_COMPILER, $host_os needs AC_CANONICAL_HOST
+ CF_MIXEDCASE_FILENAMES, add msys / msysdll to known host/platform types
+ CF_RPATH_HACK, use sort and uniq rather than sort -u, to work with HPUX
11.11, etc.
+ CF_TRY_PKG_CONFIG, set variables for consistent usage of this macro
+ CF_XOPEN_SOURCE, add msys / msysdll to known host/platform types
+ CF_X_ATHENA, trim extra X libraries after updating lists, to work with ld
--as-needed option which in effect uses only the first mention of the
library. If that does not follow everything that depends on the library,
ld will silently fail to resolve symbols.
* update config.guess (2013-06-10), config.sub (2013-09-05)
2013-07-29 (2.8.8dev.16)
* build-fix for setmode() definition on Cygwin -TD
* modify HTUtils.h to work around header conflict with Cygwin w32api and
openssl 1.0.1e (prompted by report/patch by Supriyo Biswas) -TD
* protect redefined errno values for Windows port from redefinition warnings
when using MinGW build, since the WSAxxx values are what the configuration
actually uses -TD
* modify <address> tag to treat it like <p> when used within a list -TD
* update fi.po from
http://translationproject.org/latest/lynx
* add on/off toggles to options menu for the color-style and default-colors
features, to help deal with packages which enable default colors without
adjusting the color-style settings to avoid having yellow text on a white
background (report by Stephen Isard) -TD
* add -default-colors command-line option to allow toggling the state of the
DEFAULT_COLORS setting from lynx.cfg -TD
* improve discussion of -dump and -force_html in manpage (Ubuntu #1112568) -TD
* cleanup quoting and use of ASCII "-" versus hyphen in manpage -TD
* add checks for zero-length strings in a few places to prevent infinite loop
when the focus moves to a text-field which is past the right margin due to
improper placement for the nested-tables configuration (report by Rajeev V
Pillai) -TD
* update doctype for html documentation to 4.01 strict -TD
* correct handling of backslash in TrimCommand() function introduced in
2.8.6dev.4, used to process the commands for "test=" in mime-types -TD
* correct 2.8.3dev.13 check for permissible place to split UTF-8 encoded text,
reported by Coverity -TD
* make DONT_TRACK_INTERNAL_LINKS logic configurable via lynx.cfg as
TRACK_INTERNAL_LINKS; the configure script now sets the default value -TD
* fix most issues found by clang 3.2 analyze -TD
* fix most issues found by Coverity scan -TD
2012-11-18 (2.8.8dev.15)
* corrected position of highlighting from search/whereis function when using
multibyte characters (Debian #673385) -TD
* modify default case for HTLoadGopher() to use the file's suffix to obtain
a MIME mapping rather than always storing unknown types to disk (suggested by
Dario Niederman) -TD
* modify ^X-e handling to not limit the result to the form field's length
(report by Keith Bowes) -TD
* modify the Inno Setup files to show lynx's version numbers. Development
and prerelease versions are indicated in the numeric-only versions by
prefixing a "10" or "20" -TD
* ask for filesize when downloading via ftp, to use this in the read-progress
ETA -TD
* fix special case when -dont_wrap_pre option is used, to restore space between
words which was lost when inserting a soft newline used to splice together
segments of a long line (Ubuntu #806749) -TD
* provide more readable ETA message as an option (prompted by patch by Joerg
Hahn) -TD
* add GNUTLS call to enable SNI (Server Name Indication) extension (Ubuntu
#732177) -TD
* correct typo for -bibhost option in manpage (Redhat #854574) -TD
* revise nsl-fork logic for passing addrinfo and hostent data back to eliminate
fixed limit on the number of records to return -TD
* correct problem with loop logic in fill_addrinfo() exposed by multiple
addresses from
http://fbcdn-sphotos-d-a.akamaihd.net
(report/analysis by TG) -TD
* updates for configure script macros (TD):
+ add 3rd parameter to AC_DEFINE's to allow autoheader to run
+ remove unused macros
* update nl.po from
http://translationproject.org/latest/lynx
* improve checking of certificates in the gnutls_certificate_verify_peers2()
by handling special case where self-signed certificates should be reported
(patch by Jamie Strandboge).
* update config.guess (2012-09-25), config.sub (2012-08-18)
2012-08-22 (2.8.8dev.14)
* reset anchor's actual-length calculation at the end of pumpData() to handle
scenario where this is used for internal data movement, i.e., for
decompressing files (report by Owen Leibman, Debian #681214) -TD
* drop two files overlooked in previous commit (TD):
lynx.rsp and WWW/Library/Implementation/HTFWriter.c
2012-08-15 (2.8.8dev.13)
* make nsl-fork work for the DNS lookup using getaddrinfo, i.e., for IPv6
configurations (report by FLWM) -TD
* add U+0218, U+0219, U+021a, and U+021b to 0x53, 0x73, 0x54, and 0x74,
respectively, for Romanian s/t with cedilla in def7_uni.tbl (Ralph Babel)
* modify handling of "set" in -cmd_script option to try both cfg-file and
rc-file settings (prompted by discussion with Andrew Watts) -TD
* update configure script to add --datarootdir option, which changes the
default for man-page from /usr/lib to /usr/share -TD
* modify configure check for sizeof(time_t), sizeof(off_t) to help recover if
it is run in a deficient environment such as busybox -TD
* limit downloaded files by Content-Length if any, to match behavior of IE,
Firefox and some other browsers; this is not addressed in RFC 2616 (Debian
#681214) -TD
For more information, see "Content-Length in the Real World" by Eric Law:
http://blogs.msdn.com/b/ieinternals/archive/2011/03/09/browsers-accommodate-incorrect-http-content-length-and-sites-depressingly-depend-on-it.aspx
* fix an unbounded loop in restrictions_fun() which could cause a core dump
(Debian #616107) -TD
* add LDFLAGS to top-level makefile.in, for consistency with other recursive
options (suggested by Naomasa Maruyama) -TD
* modify makefile.in and src/makefile.in to pass make-flags, e.g., "-n" for
POSIX make -TD
* updated configure macros (TD):
+ add check for clang warning options
+ check for tinfo library, which may be present
+ omit -Wpointer-arith check for pre-3.0 gcc
+ add check for 'make' programs ${MAKEFLAGS} versus ${MFLAGS}, for recursive
operation.
* updated list for "$(TABLES)" in src/makefile.in so that parallel builds work
properly (patch by Diego Elio Petteno)
* remove extra "$(LDFLAGS)" from src/makefile.in when linking lynx (patch by
Josef Sontgen)
* correct formatting of large file-sizes in directory listing (Debian
#666213) -TD
* improve checking of certificates in the gnutls_certificate_verify_peers2()
(report by Martin Georgiev) -TD
* update de.po eo.po sv.po vi.po from
http://translationproject.org/latest/lynx
* use PDCurses "wide" variation in makefile.msc -TD
* modified quoting for parameter values passed to blat mailer to ensure that
it handles embedded blanks (report by pfourier) -TD
* fix regression introduced by changes for Debian #603648 -TD
* modify makew32.bat and makefile.bcb to use GnuWin32 packages to simplify
builds with Borland 5.51 C++ compiler (prompted by discussion with
pfourier) -TD
* add configure check for windres needed for mingw build if cross-compiling -TD
2012-02-22 (2.8.8dev.12)
* treat charsets ISO-8859-8-E and ISO-8859-8-I as aliases of ISO-8859-8
(Owen Leibman)
* amend the dev.10 change to HTLoadDocument(), which broke caching of forms,
to limit it to just the case where the user has pressed ^R, etc (report by
TG) -TD
2012-02-19 (2.8.8dev.11)
* correct help-message for -html5_charset option -Kihara Hideto
* correct a typo in strtol change from dev.10 which caused hexadecimal numeric
entities to be misrendered -TG
* update eo.po, et.po and tr.po from
http://translationproject.org/latest/lynx
* correct dll name for bzip2 in lynx.iss package script -TD
2012-02-12 (2.8.8dev.10)
* updated po/lynx.pot; there are a few new messages -TD
* add "submit" and "reset" commands (Debian #603645) -TD
* add "pwd" command, to show current working directory in the statusline -TD
* modify check in HText_endForm() when a form contains only a single input
field, to allow a return in any text-like field other than textarea to cause
the form to be submitted (Debian #603648) -TD
* add bzlib to win32 makefile.msc -TD
* define WIN32_LEAN_AND_MEAN in makefile.msc to accommodate naming conflict
in recent Win32 SDKs, which otherwise include winsock.h in windows.h -TD
* fixes for the dev.9 Win32 feature to toggle between normal/fullscreen,
by checking the actual screensize after maximizing the display -TD
* use ASCII apostrophe for 7-bit approximation to U+02bd as well -TD
* use ASCII apostrophe 0x27 for 7-bit approximation to Unicode apostrophe
U+02bc (suggested by Ralph Babel)
* update LYLeaks.c / LYLeaks.h to include the bstring allocation, copy and free
functions -TD
* several fixes for the -find-leaks option, e.g., include LYLeaks.h in a few
modules, modify the StrAllocVsprintf function to update the bookkeeping,
etc -TD
* move call to LYCanWriteFile into LYValidateOutput, to make prompts for
download, print and upload more alike -TD
* correct an old bug in send_file_to_file(), used when printing a page to a
file, which prevented its check for appending to an existing file -TD
* modify LYValidateFilename to use LYTildeExpand -TD
* modify LYConvertToURL to use LYTildeExpand for Unix, and further modify
LYTildeExpand to lookup given user's home directory, thereby making commands
such as "g ~root/tmp" work as expected -TD
* replaced most LYgetStr calls with LYgetBString, except for LYMail.c and
LYNews.c since those do use LYgetStr's limits as it was designed. Other
calls generally did not need those limits -TD
* modify finish_ExtEditForm to eliminate wrapping when an edited line is longer
than MAX_LINE. The user is still offered the choice of wrapping to the
displayed size of a TEXTAREA, but if declined, the TEXTAREA's content will
not be wrapped -TD
* modify LYgetstr, making it call revised function LYgetBString which handles
bstring's, and allows editing fields which can grow without fixed buffer
limits. In particular, forms all use the same calls, which means that
their result is no longer limited by MAX_LINE -TD
* extend ^X-e editing of textarea's to include single-line fields -TD
* modify comparison for splitting lines to allow for long preformatted lines,
e.g., using 's to not wrap when the line-wrap mode is disabled -TD
* modify cfg2html.pl to handle options which contain a digit, e.g.,
HTML5_CHARSETS whose default value was not marked properly -TD
* modify HTLoadDocument() to not retain a cached document if user is explicitly
doing a refresh. This fixes the case for a #fragment url, which was
otherwise treated as the same as the address without the #fragment -TD
* clarify version of GPL used in README (request by Paul Menzel) -TD
* modify HTLoad() to discard charset information before reloading a document,
in case the server changes the content-type information between loads
(report by Stanislav Brabec) -TD
* use tidy to indent html documentation -TD
* provide a way to substitute parameters in URLs for jumpfiles (adapted from
patch by Mark Skilbeck -TD
* ensure that button/input tags have a value for display, in case the tag is
improperly terminated (report by Aki Helin) -TD
* work around glibc bug in sscanf in SGML_character() using strtol() (report by
Aki Helin) -TD
* add check for charset attribute on meta element -Kihara Hideto
* eliminate ON/OFF macros, using TRUE/FALSE both to work around breakage from
zlib 1.2.5.1 changes as well as because they were unnecessary (GenToo
#383113) -Nikos Chantziaras, TD
* updated several configure script macros (TD):
CF_ANSI_CC_CHECK, CF_CURSES_LIBS, CF_LD_RPATH_OPT, CF_NETLIBS,
CF_XOPEN_SOURCE, CF_X_ATHENA_LIBS
2011-06-12 (2.8.8dev.9)
* modfy cfg2html to add ".url" directive for referencing RFC's etc -TD
* document blat/blatj usage in lynx.cfg -TD
* add/use WriteStreamTitle(), to provide doctype for cookie-jar page, used to
help validate the page -TD
* improve readability of cookie-jar page by showing the unescaped cookie
values, other minor formatting changes -TD
* modify cookie domain-matching to accommodate RFC 6265, which states that a
leading dot on a domain attribute should be discarded (report by Sebastien
Hinderer) -TD
* integrate most of the changes from patch in 2.8.6rel.4 package at
http://en.sourceforge.jp/project/lynx-win32-pata -TH, TD
+ provide toggle between normal/fullscreen
+ ifdef'd changes for FEP.
+ correct a message translation in ja.po
+ modify Xsystem.c to not use MinGW's system() call.
+ add three items to lynx.cfg
conv_jisx0201kana
message_language
wait_viewer_termination
+ replace ifdef's for CONV_JISX0201KANA_JISX0208KANA with configuration
variable conv_jisx0201kana
+ modify makefile.bcb and lynx.rsp to use openssl and intl libraries.
+ add feature ifdef'd with USE_PROGRAM_DIR which adds fallback definitions
for pathnames to use the directory of lynx.exe
+ add check for unsafe filenames in DOS/Windows, e.g., those that correspond
to a device.
* update command-line syntax for the blat mailer, to work with blat 2.6.2 -TD
* change default in makelynx.bat to assume blat rather than blatj, because
the latter does not provide a way to authenticate user/password on a mail
server -TD
* change #define's for addrlist-page and alt-bindings to reflect their
non-experimental status -TD
* change default for --enable-addrlist-page configure option to enabled -TD
* modify blat/blatj configuration so that support for both is compiled-in
for DOSPATH configurations. Add "-altblat" option to select blat vs blatj.
Define USE_ALT_BLAT_MAILER to specify which is the default (prompted by
report by LarryL) -TD
* correct an interaction between LYCloseOutput() and LYRemoveTemp() as used in
send_file_to_mail(), to allow a temporary file to be closed and used by
external program before removing it -TD
* modify lkcstring_to_lkc() to accept hex/octal values, allowing those in the
KEYMAP configuration as suggested by the commented lines in lynx.cfg (report
by Richie Wood) -TD
* build-fix for DEC C 5.x with _DECC_V4_SOURCE defined, i.e., missing
declaration of "off_t" (report/analysis by Rod Reiger) -TD
* build-fixes for Alpha VMS V8.3 with C V7.1-015, based on lynx 2.8.7
development snapshot (report/analysis by Scott Harrod) -TD
* improve scripts/tbl2html.pl, to handle translation of octal escapes in the
approximation comments -TD
* amend implementation of "readonly" attribute from 2.8.7dev.10 to distinguish
it from "disabled" (report by David Paschal) -TD
* amend change to cookie prefix matching from Debian #460108. The discussion
overlooked this definition from RFC 2109:
Path Defaults to the path of the request URL that generated the
Set-Cookie response, up to, but not including, the
right-most /.
In that context, lynx was correct to extract the default "path" attribute
of
http://jukebox/cgi-bin/disorder
as
/cgi-bin
rather than
/cgi-bin/disorder
as asserted in the report. However, lynx warned unnecessarily (according to
the bug report) about the given path attribute. Deciding whether to suppress
this warning is under control of the user via the lynx.cfg setting
COOKIE_QUERY_INVALID_DOMAINS since 2.8.2dev.16 (report by Owen Leibman) -TD
* add eo.po (Esperanto) from
http://translationproject.org/latest/lynx
* modify format of ADVANCED_COOKIE_CONFIRMATION message in nl.po per guideline
to allow localized single-letter responses to prompt (report by Jurgen
Gaeremy) -TD
* add configure check for <bsd/random.h>, used in Debian package -TD
* modify src/tidy_tls.c to use gnutls_priority_set_direct() in preference to
various access functions, to eliminate deprecation warnings (report by
Andreas Metzler) -TD
* updated several configure script macros (TD):
CF_CURSES_CPPFLAGS, CF_CURSES_FUNCS, CF_CURSES_HEADER, CF_CURSES_LIBS,
CF_CURSES_TERM_H, CF_DISABLE_RPATH_HACK, CF_PDCURSES_X11, CF_PKG_CONFIG,
CF_RPATH_HACK, CF_STRUCT_TERMIOS, CF_XOPEN_CURSES, CF_XOPEN_SOURCE,
CF_X_ATHENA_LIBS
* update config.guess (2011-01-01), config.sub (2011-04-01)
2011-01-10 (2.8.8dev.8)
* correct sense of menu-name parameter in add_item_to_list() from dev.7
changes (report by Larry Hart) -TD
* remove duplicate copy of CF_TRY_PKG_CONFIG added to aclocal.m4 in 2.8.8dev.4,
which caused autoconf-2.13 to emit weird error messages about undefined
symbols (report by TG) -TD
2010-12-11 (2.8.8dev.7)
* add PERSONAL_MAIL_NAME to options menu and .lynxrc (Debian #603647) -TD
* remind user how to cancel message (Debian #292787) -TD
* add HTML5_CHARSETS feature, which allows the user to choose whether to
interpret pages without an explicit charset according to the HTML5
"compatibility" feature (Debian #604466, Debian #514897) -TD
* add EXTERNAL_MENU feature to lynx.cfg, which allows the user to customize the
menu-entry shown, e.g., to suppress the display of the URL
(Debian #603646) -TD
* cleanup URLs in lynx documentation -DK
* add check in getfile() when handling a "mailto:" url, to prevent it when the
user has requested a dump (Debian #563308) -TD
* improve configure check for IDNA library, which may depend upon intllib,
e.g., building with mingw on cygwin -DK
* modify autoconf macros which look for X libraries, e.g., for PDCurses, to
accommodate ongoing changes in xorg package scripts -TD
* reorganize autoconf macro CF_WITH_CURSES_DIR, to make it usable for both
curses and ncurses -TD
* several changes to autoconf macros to lessen use of legacy shell feature
"${name-value}" in favor of "${name:-value}", since the former is broken in
recent versions of bash -TD
* apply overlooked patch from pre-2.8.5, makes RMDIR_PATH configurable
(report/patch by Frank Heckenbach).
* correct one of the places where link-number is formatted, for form input
anchors. This was broken in dev.6 by the -unique_urls changes (report by
DK) -TD
* undo a cleanup change to link-types from dev.6 which broke some uses of
input-anchors (report by FLWM) -TD
* minor formatting improvements to sources using cindent 2.0-20101107 -TD
* restore \r to \n conversion in HTML_put_character(), broken in gcc warning
cleanup (report by FLWM) -TD
* fix a double-free in make_argv() (report by FLWM) -TD
* add a memset in RestoreSession(), fixes uninitialized memory reference for
the VLINK section -PBM
* update config.guess (2010-09-24), config.sub (2010-09-11)
2010-10-04 (2.8.8dev.6)
* amend change for Debian #514897 to exclude XML documents (Debian #592883) -TD
* use HTParsePort() in a few places, e.g., HTFinger.c, to allow for IPv6
addresses with colons (Debian #587330) -TD
* modify option -dump so it is parsed in the first pass, using that to suppress
requirement for lss file if lynx is used only to dump output -TD
* add option -unique-urls (Debian #586762) -TD
* fix most gcc type-conversion warnings -TD
* add configure check for ctags/etags programs, needed for some BSD ports -TD
* add configure --with-textdomain option to allow overriding the "lynx"
NLS textdomain, to help ensure that Lynx's build-script does not conflict
with alternative packages -TD
* use AC_ARG_PROGRAM in configure script, to support --program-suffix, etc.,
to help with packaging -TD
* add Debian build script, for testing (adapted from lynx-cur package) -TD
* add RPM build script, for testing -TD
2010-08-25 (2.8.8dev.5)
* modify convert_to_idna() to check for malformed urls (Debian #594300 reports
this as CVE-2010-2810) -TD
* correct typo in po/makefile.inn from removal of mkdirs.sh in dev.4 (Debian
#592078) -TD
* correct a sign-extension error in UpdateBoundary(), used for MIME boundary
computation, broken in dev.4 compiler-warning fixes -TD
2010-06-21 (2.8.8dev.4)
* check for SSL error when reading response from "GET". This incidentally
exposes a longstanding bug in GNUTLS:
https://savannah.gnu.org/support/index.php?106987
(google the message "A TLS packet with unexpected length was received")
which prevents connection to
https://www.mynortonaccount.com/amsweb/default.do
(report by Ignac Vucko) -TD
* fix ifdef/define's in LYMain.c to show GNUTLS version in user-agent when
built with tidy_tls.c -TD
* improve format of X509_NAME_oneline() in tidy_tls.c, making it compatible
with the OpenSSL function so that no post-processing is needed -TD
* correct typo in configure --enable-gnutls-compat option, which sometimes made
it enabled as a side-effect of setting --with-gnutls -TD
* add configure option --enable-wais, for test-compiles with freeWAIS -TD
* fixes to build with VMS -Christoph J Gartmann
+ created [.src]multinet_ucx.opt with a single line
multinet_root:[multinet.library]ucx$ipc/LIBRARY
+ modified build.com to have an additional option "Multinet with
UCX emulation"
+ modified libmake.com for the same reason
+ modified [.www.library.implementation]www_tcp.h for the same reason
+ provide definition of IS_CJK_TTY for HTWAIS.c by adding include of
LYStrings.h
* fix typo in users's guide -PBM
* drop mkdirs.sh and MKINSTALLDIRS symbol from makefiles, using "mkdir -p" -TD
* limit parsed URIs with new config parameter MAX_URI_SIZE, default 8192
(RedHat #605286, forwarded by Vincent Danen). For arbitrarily long URIs,
alloca() could run out of stack space -TD
* several changes to configure script, from ongoing work on xterm, etc -TD
+ workaround for broken ".pc" file for X Toolkit, which omits the ICE
library.
+ modify CF_NCURSES_CONFIG to use CF_CURSES_HEADER to pick out the particular
flavor of ncurses.h, e.g., <ncursesw/curses.h>
+ add parameter to CF_CURSES_HEADER to allow looking for specific
subdirectory ncurses/ncursesw/etc + restructured CF_X_ATHENA to use
pkg-config, if available.
+ use CF_ADD_LIB/CF_ADD_LIBS
+ CF_GNUTLS eliminates duplicate libraries when configuring with pkg-config
+ modified several macros to quote params of ifelse()
+ CF_AR_FLAGS allows $ARFLAGS to override the choice of ar-flags, in
particular check if a given choice is part of the current $ARFLAGS
+ workaround CF_XOPEN_CURSES for (temporary) problem with ncurses headers,
which did not account for the fact that _XOPEN_SOURCE_EXTENDED may be
defined in a system header.
* remove redundant updates for CFLAGS and LIBS in configure script which are
now done in CF_FIND_LINKAGE macro -TD
* fix a problem with configure script which broke "--with-gnutls=/usr" (report
by Atsuhito Kohda) -TD
* resolve warnings from "clang --analyze", tested with Fedora 12 and clang
2.6-0.5.pre1.fc12, 2.7-1.fc12 -TD
* further improvements to print_wwwfile_to_fd() -TD
+ corrected length used for radio/checkboxes.
+ fill in wrapped fields.
2010-04-25 (2.8.8dev.3)
* modify print_wwwfile_to_fd() to add field values to the printed form (Debian
#574940) -TD
* add check for magic (header bytes) before trying to decompress, since zlib
does not provide this check (Redhat #503921) -TD
* add workaround in CF_SSL configure macro for broken openssl pkg-config script
on Redhat, CentOS -TD
* add configure option --disable-rpath-hack -TD
* allow IPv6 addresses without "http://" prefix (Redhat #425879, patch by Kamil
Dudka)
* build-fixes for OpenSolaris aka Solaris 11 -TD
* add/use CF_RPATH_HACK, for constructing rpath references to libraries in
nonstandard locations -TD
* improve configure macros CF_CURSES_TERM_H and CF_FIND_LINKAGE -TD
* add synopsis entries for -get_data and -post_data options to lynx.man
(report by Dallas E. Legan II) -TD
* fix a possible conflict between CF_HEADER_PATH and CF_LIBRARY_PATH by setting
their respective target variables, not appending -TD
* improve configure macro CF_XOPEN_SOURCE by removing rather than undefining
preexisting symbols as they are added to the definitions -TD
* add configure check for -lnetwork, from tin -TD
* when renaming/copying a bookmark file, e.g., to delete a bookmark, modify
its permissions for compatibility with IsOurFile() (Redhat #486070) -TD
* fix most gcc writable-strings warnings -TD
* update config.guess (2009-12-30), config.sub (2009-12-31)
2009-11-25 (2.8.8dev.2)
* modify trimming of URI in LYSetCookie() to eliminate trimming of final leaf
(Debian #460108) -TD
* document the various xxx_PATH settings in lynx.cfg -TD
* modify cfg2html.pl to improve formatting of cattoc.html -TD
* split-up top-level makefile install-html rule to allow generating the
htmlized cfg without doing an install -TD
* suppress positioning for editor when using it to edit files via dired -TD
* modify samples/lynx-demo.cfg to suppress external file-utilities, since the
intent is to make the installer work standalone, but allow extension -TD
* add traces for builtin dired operations -TD
* modify built-in "touch" for dired to use binary mode when opening file -TD
* remove check from 2.8.5dev.11 which prevents user from moving a directory in
dired unless the external program "mv" is provided -TD
* regularize use of isEmpty(), non_empty() -BL
* match built-in "positionable" editor names more liberally -BL
* promote some experimental options to normal, tidy up related EXP_xxx vs
USE_xxx symbols -TD
EXP_ASCII_CTYPES is now USE_ASCII_CTYPES
EXP_JUSTIFY_ELTS is now USE_JUSTIFY_ELTS
EXP_CHARSET_CHOICE is now USE_CHARSET_CHOICE
The scrollbar, progressbar, sessions and session-cache options are now
enabled by default.
* modify scanning in HTRules.c to only trim comments where '#' is either at
the beginning of a line, or follows whitespace (patch by Kihara Hideto).
* correct a place where LYStrExtent2 was used where byte-count is needed
(patch by Bake Timmons).
* modify LYExecv() in LYLocal.c to allow win32 applications to use this
function -TD
* modify ok_stat() in LYLocal.c to retry with "." appended when the path syntax
indicates that it is probably a directory name -TD
* fix an old typo in configure macro CF_CHECK_FUNCDECL -TD
* change library dependency for gnutls from crypt to gcrypt, originally in
2.8.5dev.15 (Debian #555579) -TD
* update de.po from
http://translationproject.org/latest/lynx
* fix some tidy- and linklint-warnings in help-files -TD
* amend change from 2.8.7dev.14 to not use clrscr() function in stop_curses()
if using PDCurses, since clrscr() is not in the win32 api -TD
* modify configure script to check if linkage for bzlib and zlib succeeded,
before defining symbol which makes the compiler uses these libraries -TD
* update lynx_help_main.html to point to "release/lynx2-8-7" documentation -TD
2009-08-28 (2.8.8dev.1)
* add <sys/types.h> include in socklen_t configure check (from OpenBSD CVS)
* eliminate UCPutUtf8ToBuffer() - redundant -TD
* use memset's to simplify some initialization in HTML.c, extending a change
made in 2.8.7dev.10 (prompted by issue in OpenBSD) -TD
* add optional support for IDNA using GNU libidn (Debian #352596) -TD
* ignore LEFT-TO-RIGHT-MARK (U+200E) in HTML files (Debian #408835) -TD
* correct check for return-value from gnutls_certificate_verify_peers2(), which
in conjunction with unclean internals of gnutls caused caused some sites to
be treated as if they were version-1 X.509 CAs (Debian #231609,
Ubuntu 293708) -TD
* revise dired-mode's modify_tagged() function, correcting and extending the
source-paths to validate against the target path. Before, lynx's current
working directory was used to validate against target path, i.e., when moving
all tagged files to a new location. Lynx's check to ensure that
source/target paths are distinct prevented users from moving tagged files to
the current directory (report by Jasper) -TD
* change compiled-in default for SYSLOG_REQUESTED_URLS to false (prompted by
Debian #537907) -TD
* adjust ifdef in change_sug_filename() so that paths containing square
brackets are trimmed on VMS only (report by Gaute Strokkenes) -TD
* amend change to ifdef in LYMain.c (from 2.8.7dev.14), since it prevents build
on NetBSD, whose libintl.h does not include locale.h (report by Thomas
Klausner) -TD
* modify configure macro CF_GCC_ATTRIBUTES to make it more self-contained -TD
* improve configure check for _XOPEN_SOURCE for HPUX 11 to ensure mbstate_t is
declared -TD
* update config.guess (2009-08-19), config.sub (2009-08-19)
*) mod_dav: dav_resource->uri treated as unencoded. This was an
unnecessary ABI changed introduced in 2.2.25.
*) mod_dav: Do not validate locks against parent collection of COPY
source URI.
*) mod_ssl: Check SNI hostname against Host header case-insensitively.
*) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
OpenSSL 1.0.0b3.
*) mod_ssl: Change default for SSLCompression to off, as compression
causes security issues in most setups. (The so called "CRIME" attack).
*) mod_ssl: Fix compilation error when OpenSSL does not contain
support for SSLv2. Problem was introduced in 2.2.25.
*) mod_dav: Fix double encoding of URIs in XML and Location header (caused
by unintential ABI change in 2.2.25).
* Support for Python 3.3
* Simpler, faster and up-to-date with latest Python code for creating/maintaining interpreter and thread state.
* A much faster WSGI implementation (start_response now implemented in C)
(http://uwsgi-docs.readthedocs.org/en/latest/Changelog-2.0.1.html?highlight=changelog)
Bugfixes and improvements
* due to a wrong prototype declaration, building uWSGI without SSL resulted in
a compilation bug. The issue has been fixed.
* a race condition preventing usage of a massive number of threads in the PyPy
plugin has been fixed
* check for heartbeat status only if heartbeat subsystem has been enabled
* improved heartbeat code to support various corner cases
* improved psgi.input to support offset in read()
* fixed (and simplified) perl stacktrace usage
* fixed sni secured subscription
* CGI plugin does not require anymore that Status header is the first one
(Andjelko Horvat)
* fixed CPython mule_msg_get timeout parsing
* allows embedding of config files via absolute paths
* fixed symcall rpc
* fixed a memory leak in CPython spooler api (xiaost)
* The -no-orphans hardening has been brought back (currently Linux-only)
* improved dotsplit router mode to reduce DOS risk
* sub-Emperor are now loyal by default
* fixed non-shared ruby 1.8.7 support
* fixed harakiri CPython tracebacker
* request vars are now correctly exposed by the stats server
* support log-master for logfile-chown
* improved legion reload
* fixed tuntap netmask
* fixed busyness plugin without metrics subsystem
New features
* uWSGI 2.0 is a LTS branch, so do not expect too much new features. 2.0.1 is
the first maintainance release, so you still get a bunch of them (mainly
features not complete in 2.0)
* Perl native Spooler support
* -alarm-backlog
* -close-on-exec2
* simple notifications subsystem
* pid namespace for daemons (Linux only)
* Resubscriptions
* filesystem monitor api
* support for yajl 1.0
* for-readline
* %i and %j magic vars
* -inject-before and -inject-after
* -http-server-name-as-http-host
* better Emperor's Ragnarok (shutdown procedure)
* PyPy paste support
htmlcxx is a simple non-validating CSS1 and HTML parser for C++.
Although there are several other HTML parsers available, htmlcxx
has some characteristics that make it unique:
* STL like navigation of DOM tree, using the excellent tree.hh library
from Kasper Peeters
* It is possible to reproduce exactly, character by character, the
original document from the parse tree
* Bundled css parser
* Optional parsing of attributes
* C++ code that looks like C++ (not so true anymore)
* Offsets of tags/elements in the original document are stored in
the nodes of the DOM tree
The parsing politics of htmlcxx were created trying to mimic Mozilla
Firefox behavior. So you should expect parse trees similar to those
create by Firefox. However, differently from Firefox, htmlcxx does
not insert non-existent stuff in your html. Therefore, serializing
the DOM tree gives exactly the same bytes contained in the original
HTML document.
Upstream changes:
4.81 2014-02-15
- Added direct array access for child nodes to Mojo::DOM.
- Improved Mojolicious::Routes::Pattern to normalize more route variations.
- Improved routes command to show which routes are using certain features
with flags.
4.80 2014-02-13
- Merged Mojo::DOM::Node into Mojo::DOM.
- Added next_sibling and previous_sibling methods to Mojo::DOM.
- Added last method to Mojo::Collection.
- Improved many methods in Mojo::DOM to work with all node types.
- Improved Mojo::DOM::HTML to handle slashes between attributes more
gracefully.
- Fixed list parsing bug in Mojo::DOM::HTML.
4.79 2014-02-11
- Improved not found page to show request information and the exact path
used for route matching.
4.78 2014-02-08
- Deprecated Mojo::Util::get_line.
- Fixed ";" handling in Mojo::Parameters to be compliant with the HTML
Living Standard.
- Fixed case sensitivity bug in Mojolicious::Types.
4.77 2014-02-06
- Deprecated Mojo::DOM::text_after and Mojo::DOM::text_before in favor of
Mojo::DOM::contents.
- Deprecated Mojo::DOM::content_xml and Mojo::DOM::replace_content in favor
of Mojo::DOM::content.
- Deprecated Mojo::DOM::to_xml in favor of Mojo::DOM::to_string.
- Added wrap_content method to Mojo::DOM.
- Added tablify function to Mojo::Util.
- Improved wrap method in Mojo::DOM to allow wrapping of the root node.
Version 3.2.7 (2014-02-13)
--------------------------
### Fixed
Fix another weakness in the `Input` class and further harden the `deserialize()`
function. Thanks to Martin Auswöger for his input.
Version 2.11.16 (2014-02-13)
----------------------------
### Fixed
Fix another weakness in the `Input` class and further harden the `deserialize()`
function. Thanks to Martin Auswöger for his input.
Changes:
Addressed 31 bugs in 3.8, including various fixes and improvements for the new
dashboard design and new themes admin screen.
More info at http://codex.wordpress.org/Version_3.8.1
- Django 1.6 compatibility
- Using bulk_create to speed up revision creation.
- Including docs in source distribution
- Spanish translation
- Fixing edge-case bugs in revision middleware
* A couple of issues with Django 1.6 have been fixed (including bad error handling and a loaddata incompatability)
* Migrations now import datetime from a special South module which provides the correct tz-aware or tz-naive version.
* A couple of issues fixed, including double-indexing errors, and correct persistence of non-unique indexes across ALTERs.
* The new localflavor fields are automatically accepted by the introspector.
Prevented the base geometry object of a prepared geometry to be garbage collected, which could lead to crash Django.
Fixed a crash when executing the changepassword command when the user object representation contained non-ASCII characters.
The collectstatic command will raise an error rather than default to using the current working directory if STATIC_ROOT is not set. Combined with the --clear option, the previous behavior could wipe anything below the current working directory.
Fixed mail encoding on Python 3.3.3+.
Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, the connection wasn’t in autocommit mode but Django pretended it was.
Fixed a regression in multiple-table inheritance exclude() queries.
Added missing items to django.utils.timezone.__all__.
Fixed a field misalignment issue with select_related() and model inheritance.
Fixed join promotion for negated AND conditions.
Oracle database introspection now works with boolean and float fields.
Fixed an issue where lazy objects weren’t actually marked as safe when passed through mark_safe() and could end up being double-escaped
Upstream changes:
0.039 2013-11-27 19:48:29 America/New_York
[FIXED]
- Temporary file creating during mirror() is now opened with O_EXCL
for added security
Changelog:
NEW
You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
CHANGED
Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
CHANGED
Added support for SPDY 3.1 protocol
DEVELOPER
Ability to reset style sheets using 'all:unset'
DEVELOPER
You can now choose to deobfuscate javascript in the debugger (see 762761)
DEVELOPER
Added support for scrolled fieldsets (see 261037)
DEVELOPER
Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282)
DEVELOPER
CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672)
DEVELOPER
Added support for ES6 generators in SpiderMonkey (see blog post)
DEVELOPER
Implemented support for mathematical function Math.hypot() in ES6 (see 896264)
HTML5
Dashed line support on Canvas (see 768067)
FIXED
Get Azure/Skia content rendering working on Linux (see 740200)
FIXED
27.0: Security fixes can be found here
Fixed in Firefox 27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
it will concat to next line "SPECIAL_PERMS", then it result in creating unwanted
directory and let "pinger" to install into wrong directry, and permission is not
set correctly.
Bump PKGREVISION.
0.620 (12.18.2013) - John Siracusa <siracusa@gmail.com>
* Eliminate a perl 5.19 "precedence issue with control flow operator"
warning.
0.619 (07.24.2013) - John Siracusa <siracusa@gmail.com>
* Fixed incorrect return statements (RT 87253) (Patch by Reini Urban)
This engine is designed to run as a standalone Catalyst server,
without requiring the use of another web server. Its goals are
high-performance, HTTP/1.1 compliance, and robustness. It is also
suitable for use as a faster development server with support for
automatic restarting.
This module parses HTTP headers using a C++ state machine. (Hence
this being an XS module.) The goal is to be fast, not necessarily
to do everything you could ever want.
Headers are not static, you can parse them, munge them, or even
build them using this module. See the SYNOPSIS for more information
on how to use this module.
0.1505 2013-06-10
* Fix RT#82944 - test fails on perl >= 5.17.3
* Return undef if there isn't a user. This will cause an exception
but a more helpful exception (probably from DBIC) than the inability
to call a method in this code.
0.1504 2012-10-05
* Make use_userdata_from_session use inflate_result since this is
already-stored data, not a "new" object being created
Upstream changelog:
Tomcat 6.0.39 (markt)
Catalina
fix 55166: Fix regression that broke XML validation when
running on some Java 5 JVMs. (kkolinko)
Coyote
fix Make the HTTP NIO connector tolerant of whitespace
in the individual values used for the ciphers attribute.
(markt)
fix Remove dependency introduced on the jsp-api.jar as
part of the XML validation changes introduced in 6.0.38.
(markt)
Jasper
fix Correct several errors in jspxml Schema and DTD. (kkolinko)
Cluster
code Remove an empty TestTwoPhaseCommit test from Tribes. (kkolinko)
Web applications
fix Fix broken link in Jasper How-To documentation. (markt)
fix Align index.html and index.jsp in ROOT web application.
Correct links to specifications and to the Tomcat mailing
lists. (kkolinko)
fix Remove second copy of RUNNING.txt from the full-docs
distribution. Some unpacking utilities can't handle
multiple copies of a file with the same name in a directory.
(kkolinko)
Other
update Update sample Eclipse IDE project: use JUnit 4 library
and prefer a Java 5 JDK when several JDKs are configured.
Cleanup the Ant build files. (kkolinko)
fix Correct Maven dependencies for individual JAR files. (markt)
Tomcat 6.0.38 (markt) not released
Catalina
fix Ensure that when Tomcat's anti-resource locking features
are used that the temporary copy of the web application
and not the original is removed when the web application
stops. (markt/kkolinko)
fix 55019: Fix a potential exception when accessing JSPs
while running under a SecurityManager. (jfclere)
fix 55052: Make JULI's LogManager to additionally look for
logging properties without prefixes if the property
cannot be found with a prefix. (kkolinko)
fix 55266: Ensure that the session ID is parsed from the
request before any redirect as the session ID may need
to be encoded as part of the redirect URL. (markt)
fix 55404: Log warnings about using security roles in web.xml
as warnings. (markt)
fix 55268: Added optional --service-start-wait-time
command-line option to change service start wait time
from default of 10 seconds. (schultz)
fix Correctly associate the default resource bundle with
the English locale so that requests that specify an
Accept-Language of English ahead of French, Spanish or
Japanese get the English messages they asked for. (markt)
fix Add missing JavaEE 5 XML schema definitions. (markt)
fix When Catalina parses TLD files, always use a namespace
aware parser to be consistent with how Jasper parses
TLD files. The tldNamespaceAware attribute of the Context
is now ignored. (markt)
fix As per section SRV.14.4.3 of the Servlet 2.5 specification,
a namespace aware, validating parser will be used when
processing *.tld and web.xml files if the system property
org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set
to true. (markt)
fix Ensure that sessions IDs are not parsed from URLs for
Contexts where disableURLRewriting is true. (markt)
add Add an option to the Context to control the blocking of
XML external entities when parsing XML configuration
files and enable this blocking by default when a security
manager is used. The block is implemented via a custom
resolver to enable the logging of any blocked entities.
(markt)
fix 56016: When loading resources for XML schema validation,
take account of the possibility that servlet-api.jar and
jsp-api.jar may not be loaded by the same class loader.
Patch by Juan Carlos Estibariz. (markt)
Coyote
fix 52811: Fix parsing of Content-Type header in
HttpServletResponse.setContentType(). Introduces a new
HTTP header parser that follows RFC2616. (markt)
fix 54691: Add configuration attribute "sslEnabledProtocols"
to HTTP connector and document it. (Internally this
attribute has been already implemented but not documented,
under names "protocols" and "sslProtocols". Those names
of this attribute are now deprecated). (schultz)
fix 54947: Fix the HTTP NIO connector that incorrectly
rejected a request if the CRLF terminating the request
line was split across multiple packets.
Patch by Konstantin Preißer. (markt)
fix 55228: Allow web applications to set a HTTP Date header.
(markt)
fix Better adherence to RFC2616 for content-length headers.
(markt)
fix Add support for limiting the size of chunk extensions
when using chunked encoding. (markt)
fix 55749: Improve the error message when SSLEngine is
disabled in the AprLifecycleListener and SSL is
configured for an APR/native connector. (markt)
fix Avoid possible NPE if a content type is specified without
a character set. (markt)
Jasper
fix 55198: Ensure attribute values in tagx files that include
EL and quoted XML characters are correctly quoted in
the output. (markt)
fix 55671: Consistently use the configuration option name
genStringAsCharArray rather than a mixture of
genStrAsCharArray and genStringAsCharArray but retain
support for genStrAsCharArray as in initialisation
parameter for the JSP servlet to retain backwards
compatibility with existing configurations. (markt)
fix 55691: Fix javax.el.ArrayELResolver to correctly handle
the case where the base object is an array of primitives.
(markt)
fix 55973: Fix processing of XML schemas when validation
is enabled in Jasper. (kkolinko)
Web applications
add Add documentation for
o.a.c.tribes.group.interceptors.TcpFailureDetector. (kfujino)
add Complete the documentation for MessageDispatch15Interceptor.
(kfujino)
add Add to cluster document a description of
notifyLifecycleListenerOnFailure and
heartbeatBackgroundEnabled. (kfujino)
fix 55746: Add documentation on the allRolesMode to the
CombinedRealm and LockOutRealm. Patch by Cédric Couralet.
(markt)
fix Fix the sample configuration of StaticMembershipInterceptor
in order to prevent warning log. uniqueId must be 16 bytes.
(kfujino)
fix 55119: Avoid CVE-2013-1571 when generating Javadoc. (markt)
Other
update Update Maven Central location used to download
dependencies at build time to be repo.maven.apache.org.
(kkolinko)
fix 55663: Minor correction to the wording of the NOTICE files
to align them with the requirements for NOTICE files.
(violetagg)
fix Add @since markers to the common annotations classes and
fix a few specification compliance issues. (markt)
update Update to Eclipse JDT Compiler 4.3.1. (markt)
update Update the Apache Jakarta JSTL implementation used by
the exmaples web application to 1.1.2. (markt)
0.31 2013-09-09 16:30:00
- Updated docs to reflect config key change from 'static' to
'Plugin::Static::Simple' (RT#77709)
- Migrated repository from subversion to git
- Fixed MIME::Types 2.xx compatibility be removing call to an
undocumented method
- Bumped the MIME::Types requirement to 2.03 to ensure its
improvements make it into Catalyst environments
0.30 2012-05-04 17:05:00
- Add Cache-Control:public header
- Optionally provide Expires header
- Change configuration key to 'Plugin::Static::Simple' by default.
The old 'static' key is still supported, but issues a warning.
pkgsrc changes: distfile now apparently in 'gtar' format, not standard. annoying
0.33 Mon Jan 13 2014
- Fix config loading so that if passed a directory including
a . in the file name, then loading it as a directory works
(would have previously tried to force a specific filename
and failed)
- More comprehensive tests
This module implements a very simple parser for cookies used in
HTTP applications. We've found CGI::Simple::Cookie and CGI::Cookie
rather slow according to the profiling results for our OpenResty
project, hence the rewrite in C.
WARNING: This module is obsolete; please use CGI::Cookie::XS instead.
This module implements a very simple parser for cookies used in
HTTP applications. We've found CGI::Simple::Cookie and CGI::Cookie
rather slow according to the profiling results for our OpenResty
project, hence the rewrite in C.
Special effort has been made to ensure this module works in the
same way as the latest CGI::Cookie (i.e., the pure Perl implementation).
If you find it doesn't, please let us know.
Revision history for Perl extension Catalyst::Plugin::Session
0.39 2013-10-16
- Fixed a bug when "expiry_threshold" is non-zero, where changes to the
session were not saved.
0.38 2013-09-18
- New feature: "expiry_threshold" which allows you more control over when
this plugin checks and updates the expiration date for the session.
This is useful when you have high traffic and need to reduce the number
of session expiration hits (like if you are using a database for sessions
and your db is getting pounded).
Key pkgsrc change - move p5-Class-Data-Inheritable from BUILD_DEPENDS to
DEPENDS, as is needed at runtime (previous p5-Catalyst-Runtime package would
fail to run on non build machine due to this)
5.90053 - 2013-12-21
- Reverted a change in the previous release that moved the setup_log phase
to after setup_config. This change was made to allow people to use
configuration that is late loaded (such as via the ConfigLoader Plugin)
to setup the plugin. However it also broke the ability to use the log
during plugin setup (ie, it breaks lots of plugins). Reverting the
change. See Catalyst::Delta for workarounds.
5.90052 - 2013-12-18
- Fixed first block of startup debug messages missing when using a custom
logger that gets set at runtime, for example by overriding finalize_config
- Give a more descriptive error message when trying to load middleware that
does not exist.
- Change the way we initialize plugins to fix a bug where when using the
populare ConfigLoader plugin, configs merged are not available for setting
up middleware and data handlers (and probably other things as well).
NOTE: This change might cause issues if you had code that was relying on the
broken behavior. For example external configuration that was being loaded to
late to have effect might now take effect. Please test you code carefully and
be aware of this possible issue </NOTE>.
- You may now also call 'setup_middleware' as a package method if you think
that loading middleware via configuration is a weird or broken idea.
- Various POD formating fixed.
- Improved some documentation about what type of filehandles that ->body can
accept and issues that might arise.
5.90051 - 2013-11-06
- Be more skeptical of the existance of $request->env to fix a regression
introduced in Catalyst::Action::REST by the previous release
5.90050 - 2013-11-05
- Previously public predicates on the following attributes are now considered
private and their method names have been changed to follow Perl convention
for internal methods:
-- Catalyst::Request->has_io_fh ==> _has_io_fh
-- Catalyst::Request->has_env ==> _has_env
-- Catalyst::Response->has_write_fh ==> _has_write_fh
These are breaking changes but these methods were never documented and serve
no use for external code. If you are using thing, you need to make the noted
change (but please consider finding another way to do what you are trying to
do). t0m++ for code review of Hamburg branch.
5.90049_006 - 2013-11-04
- Fixed case where test could fail when Starman was partly installed (n0body++)
- Fixed missing date information in previous release
5.90049_005 - 2013-10-31
- NEW FEATURE: New Controller action attribute 'Consumes', which allows you
to specify the content type of the incoming request. This makes it easier
to create actions that only handle certain content type POST or PUT, such
as actions that only handle JSON or actions that only understand classic
HTML forms.
- NEW FEATURE: Request->body_data is now also populated from classic HTML
Forms using CGI::Struct to support nested data. For non nested data you
should use the classic ->body_parameters method.
- Removed PSGI $env keys that are added on the 'plack.request.*' namespace
since after discussion it was clear those keys are not part of the public
API. Keys removed: 'plack.request.query', 'plack.request.body',
'plack.request.merged' and 'plack.request.http.body'. Altered some test
cases to reflect this change.
5.90049_004 - 2013-10-18
- JSON Data handler looks for both JSON::MaybeXS and JSON, and uses
whichever is first (prefering to find JSON::MaybeXS). This should
improve compatibility as you likely already have one installed.
- Fixed a warning in the server script (bokutin++)
- We now populate various Plack $env keys in order to play nice with
downstream middleware or plack apps (and to reduce processing if
those keys already exist). Keys added:
- plack.request.query
- plack.request.body
- plack.request.merged
- plack.request.http.body
(NOTE: REMOVED IN 5.90049_005)
- If incoming input (from a POST or PUT) is not buffered, create the
buffer and set the correct psgi env keys to note this for downstream
psgi apps / middleware. This should solve some issues where Catalyst
sucks up the body input but its not buffered so downstream apps can't
read it (for example FCGI does not buffer). We now also try to make
sure the body content input is reset to the start of the filehandle
so that we are polite to downstream middleware /apps.
- NEW FEATURE: Catalyst::Response can now pull response from a PSGI
specification response. This makes it easier to host external Plack
applications under Catalyst. See Catalyst::Response->from_psgi_response
- NEW FEATURE: New configuration option 'use_hash_multivalue_in_request'
will populate $request methods 'parameters', 'body_parameters' and
'query_parameters' with an instance of Hash::MultiValue instead of a
HashRef. This is used by Plack and is intended to reduce the need to
write defensive logic since you are never sure if an incoming parameter
is a scalar or arrayref.
- NEW FEATURE: We now experimentally support Net::Async::HTTP::Server
and IO-Async based event loops. Examples will follow.
5.90049_003 - 2013-09-20
- Documented the new body_data method added in the previous release
- Merged from master many important bugfixes and forward compatiblity
updates, including:
- Use modern preferred method for Moose metaclass access and many other
small changes to how we use Moose for better forward compat (ether++)
- Killed some evil use of $@ (ether++)
- spelling fixes and documentation updates (ether++), (gerda++)
- use Test::Fatal over Test::Exception (ether++)
- Misc. test case fixes to modernize code (ether++)
- Added a first pass cpanfile, to try and make it easier to bootstrap
a development setup (ether++)
5.90049_002 - 2013-08-20
- Fixed loading middleware from project directory
- Fixed some pointless warnings when middleware class lacked VERSION
- NEW FEATURE: Declare global 'data_handlers' for parsing HTTP POST/PUT
alternative content, and created default JSON handler. Yes, now Catalyst
handles JSON request content out of the box! More docs eventually but
for now see the DATA HANDLERS section in Catalyst.pm (or review the test
case t/data_handler.t
5.90049_001 - 2013-07-26
- Declare PSGI compliant Middleware as part of your Catalyst Application via
a new configuration key, "psgi_middleware".
- Increased lowest allowed module version for Module::Pluggable to be 4.7 (up
from 3.4) to solve the fact this is no longer bundled with Perl in v5.18.
Provide Regex DispatchType for Catalyst (deprecated)
Regex dispatch types have been deprecated and removed from Catalyst
core. It is recommend that you use Chained methods or other techniques
instead. As part of the refactoring, the dispatch priority of Regex
vs Regexp vs LocalRegex vs LocalRegexp may have changed. Priority
is now influenced by when the dispatch type is first seen in your
application.
This module allows transforming CGI GET/POST data into intricate
data structures. It is reminiscent of PHP's building arrays from
form data, but with a perl twist.
Upstream changes:
4.76 2014-02-04
- Added wrap method to Mojo::DOM.
- Updated IO::Socket::IP requirement to 0.20 for certain bug fixes.
- Improved Mojo::DOM::HTML to generate better HTML.
4.75 2014-02-02
- Fixed and readded support for permessage-deflate WebSocket compression.
(Mikey, sri)
4.74 2014-02-02
- Added all_contents method to Mojo::DOM.
- Removed support for permessage-deflate WebSocket compression, since there
have been too many problems with Chrome.
* pkgsrc change: remove obsolete lines for contao31.
Version 3.2.5 (2014-02-03)
--------------------------
### Fixed
Correctly load the parent pages in the navigation modules (see #6696).
### Fixed
Correctly encode URLs with GET parameters in the syndication links (see #6683).
### Fixed
Do not pass POST data to the `deserialize()` function, so it is not vulnerable
to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).
### Fixed
Allow any character in passwords, especially the less-than symbol (see #6447).
### Fixed
Purge the image cache if a file is being renamed (see #6641).
### Fixed
Preserve tags in custom CSS definitions (see #6667).
### Fixed
Make the swipe CSS selectors more specific (see #6666).
### Fixed
Correctly optimize floating-point numbers in style sheets (see #6674).
Version 2.11.14 (2014-02-03)
----------------------------
### Fixed
Do not pass POST data to the `deserialize()` function, so it is not vulnerable
to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).
Changelog:
Version 6.0.1 Jan 22th 2014
Fix handling of encryption keys
Disable xcache in case admin auth is disabled
Speed DB improvements in user home directory location fetching
Fix some APC configuration problems
Fix duplicate .exe mime-type detection
Support DECIMAL DB schema statement
Fix some API response code problems
Added download workaround for some Android versions.
Turn off not working mod_pagespeed extension
Command line tool option to show user number
Some LDAP fixes for certain configurations
Fix previews for reshared files
Fix unshare on delete behaviour
Fix a CIFS mounting timezone problem
File Trash handling fixes
Fix potential data corruption problem during massive parallel uploads of the same file
Fix versions expiration logic
Fix public upload progress bar
Fix issues with intermittent “Insufficient Storage” message when quota is enabled
Upstream changes:
4.73 2014-02-01
- Improved xml_escape performance significantly.
- Improved html_unescape and url_unescape performance.
- Fixed Mojo::UserAgent::Transactor to handle redirects more like most
common browsers.
4.72 2014-01-29
- Added accepts, template_for and template_handler methods to
Mojolicious::Renderer.
- Added accepts helper to Mojolicious::Plugin::DefaultHelpers.
- Added before_render hook.
- Fixed bug in Mojo::Transaction::WebSocket that prevented decompression
errors from being handled gracefully.
4.71 2014-01-28
- Fixed a few compression bugs in Mojo::Transaction::WebSocket and
Mojo::Content.
4.70 2014-01-26
- Added extract_usage method to Mojolicious::Command.
- Added unindent method to Mojo::ByteStream.
- Added unindent function to Mojo::Util.
- Updated jQuery to version 2.1.
- Improved all built-in commands to show usage information in their SYNOPSIS
sections.
- Improved tag helpers to make data attributes more convenient. (ravengerUA)
%= tag 'div', data => {my_id => 1, Name => 'test'} => 'some content'
is equivalent to
%= tag 'div', data-my-id => 1, data-name => 'test' => 'some content'
- Fixed indentation of code in documentation browser.
4.69 2014-01-24
- Improved router to allow format detection for bridges.
4.68 2014-01-22
- Added Mojo::DOM::Node.
- Added contents and node methods to Mojo::DOM.
- Removed deprecated http_proxy, https_proxy, name and no_proxy attributes
from Mojo::UserAgent.
- Removed deprecated app, app_url, detect_proxy and need_proxy methods from
Mojo::UserAgent.
- Improved router to allow placeholders anywhere in a pattern to become
optional.
"get '/foo/:bar/baz' => {bar => 'bar'};" now matches "/foo/baz"
"get '/foo(:bar)baz' => {bar => 'bar'};" now matches "/foobaz"
- Improved request_ok method in Test::Mojo to handle WebSocket handshakes.
- Improved Mojo::IOLoop::Server to use address and port for descriptor
inheritance.
- Improved list of available commands to be alphabetical. (jberger)
- Fixed select_field helper to be nondestructive.
- Fixed XML semantics bug in Mojo::DOM::HTML.
4.67 2014-01-11
- Added history and max_history_size attributes to Mojo::Log.
- Improved exception and not found pages with log messages.
- Improved exception page with more information.
- Improved not found page with a more generic message.
- Improved inline templates to use their checksum as name.
New features:
- Add command line option -version
- Better error management of geoip modules.
- Update domains, robots and search engines database:
- Windows 8 + iOS Support in AWStats
- Detection of 8.1 and IE11.
Fixes:
- When using builddate option of script awstats_buildstaticpages,
static link is wrong.
- Restore detection of Opera browsers versions.
- GeoIP Cities page doesnt work.
- Add missing icons.
- Avoid warning mixed http/https with module graphgooglechartapi.
- $MinHit{'Host'} rather than $MinHit{'Login'} used in sub HTMLShowLogins.
Other:
- Move version system to sourceforge Git instead of CVS.
imap/pop3/smtp: Added support for SASL authentication downgrades
imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
TheArtOfHttpScripting: major update, converted layout and more
mprintf: Added support for I, I32 and I64 size specifiers
makefile: Added support for VC7, VC11 and VC12
Bugfixes:
SECURITY ADVISORY: re-use of wrong HTTP NTLM connection
curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
pop3: Fixed APOP being determined by CAPA response rather than by timestamp
Curl_pp_readresp: zero terminate line
FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
pop3: Fixed auth preference not being honored when CAPA not supported
imap: Fixed auth preference not being honored when CAPABILITY not supported
threaded resolver: Use pthread_t * for curl_thread_t
FILE: we don't support paused transfers using this protocol
connect: Try all addresses in first connection attempt
curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
OpenSSL: Fix forcing SSLv3 connections
openssl: allow explicit sslv2 selection
FTP parselist: fix "total" parser
conncache: fix possible dereference of null pointer
multi.c: fix possible dereference of null pointer
mk-ca-bundle: introduces -d and warns about using this script
ConnectionExists: fix NTLM check for new connection
trynextip: fix build for non-IPV6 capable systems
Curl_updateconninfo: don't do anything for UDP "connections"
darwinssl: un-break Leopard build after PKCS-12 change
threaded-resolver: never use NULL hints with getaddrinf
multi_socket: remind app if timeout didn't run
OpenSSL: deselect weak ciphers by default
error message: Sensible message on timeout when transfer size unknown
curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
configure: fix gssapi linking on HP-UX
chunked-parser: abort on overflows, allow 64 bit chunks
chunked parsing: relax the CR strictness
cookie: max-age fixes
progress bar: always update when at 100%
progress bar: increase update frequency to 10Hz
tool: Fixed incorrect return code if command line parser runs out of memory
tool: Fixed incorrect return code if password prompting runs out of memory
HTTP POST: omit Content-Length if data size is unknown
GnuTLS: disable insecure ciphers
GnuTLS: honor --slv2 and the --tlsv1[.N] switches
multi: Fixed a memory leak on OOM condition
netrc: Fixed a memory and file descriptor leak on OOM
getpass: fix password parsing from console
TFTP: fix crash on time-out
hostip: don't remove DNS entries that are in use
tests: lots of tests fixed to pass the OOM torture tests
GoAccess is an open source real-time web log analyzer and interactive
viewer that runs in a terminal in *nix systems. It provides fast and
valuable HTTP statistics for system administrators that require a visual
server report on the fly.
What's new in Tornado 3.2
=========================
Jan 14, 2014
------------
Installation
~~~~~~~~~~
* Tornado now depends on the `backports.ssl_match_hostname
<https://pypi.python.org/pypi/backports.ssl_match_hostname>`_ when
running on Python 2. This will be installed automatically when using ``pip``
or ``easy_install``
* Tornado now includes an optional C extension module, which greatly improves
performance of websockets. This extension will be built automatically
if a C compiler is found at install time.
New modules
~~~~~~~~~
* The `tornado.platform.asyncio` module provides integration with the
``asyncio`` module introduced in Python 3.4 (also available for Python
3.3 with ``pip install asyncio``).
`tornado.auth`
~~~~~~~~~~~~
* Added `.GoogleOAuth2Mixin` support authentication to Google services
with OAuth 2 instead of OpenID and OAuth 1.
* `.FacebookGraphMixin` has been updated to use the current Facebook login
URL, which saves a redirect.
`tornado.concurrent`
~~~~~~~~~~~~~~~~~~
* `.TracebackFuture` now accepts a ``timeout`` keyword argument (although
it is still incorrect to use a non-zero timeout in non-blocking code).
``tornado.curl_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~
* ``tornado.curl_httpclient`` now works on Python 3 with the
soon-to-be-released pycurl 7.19.3, which will officially support
Python 3 for the first time. Note that there are some unofficial
Python 3 ports of pycurl (Ubuntu has included one for its past
several releases); these are not supported for use with Tornado.
`tornado.escape`
~~~~~~~~~~~~~~
* `.xhtml_escape` now escapes apostrophes as well.
* `tornado.escape.utf8`, `.to_unicode`, and `.native_str` now raise
`TypeError` instead of `AssertionError` when given an invalid value.
`tornado.gen`
~~~~~~~~~~~
* Coroutines may now yield dicts in addition to lists to wait for
multiple tasks in parallel.
* Improved performance of `tornado.gen` when yielding a `.Future` that is
already done.
`tornado.httpclient`
~~~~~~~~~~~~~~~~~~
* `tornado.httpclient.HTTPRequest` now uses property setters so that
setting attributes after construction applies the same conversions
as ``__init__`` (e.g. converting the body attribute to bytes).
`tornado.httpserver`
~~~~~~~~~~~~~~~~~~
* Malformed ``x-www-form-urlencoded`` request bodies will now log a warning
and continue instead of causing the request to fail (similar to the existing
handling of malformed ``multipart/form-data`` bodies. This is done mainly
because some libraries send this content type by default even when the data
is not form-encoded.
* Fix some error messages for unix sockets (and other non-IP sockets)
`tornado.ioloop`
~~~~~~~~~~~~~~
* `.IOLoop` now uses `~.IOLoop.handle_callback_exception` consistently for
error logging.
* `.IOLoop` now frees callback objects earlier, reducing memory usage
while idle.
* `.IOLoop` will no longer call `logging.basicConfig` if there is a handler
defined for the root logger or for the ``tornado`` or ``tornado.application``
loggers (previously it only looked at the root logger).
`tornado.iostream`
~~~~~~~~~~~~~~~~
* `.IOStream` now recognizes ``ECONNABORTED`` error codes in more places
(which was mainly an issue on Windows).
* `.IOStream` now frees memory earlier if a connection is closed while
there is data in the write buffer.
* `.PipeIOStream` now handles ``EAGAIN`` error codes correctly.
* `.SSLIOStream` now initiates the SSL handshake automatically without
waiting for the application to try and read or write to the connection.
* Swallow a spurious exception from ``set_nodelay`` when a connection
has been reset.
`tornado.locale`
~~~~~~~~~~~~~~
* `.Locale.format_date` no longer forces the use of absolute
dates in Russian.
`tornado.log`
~~~~~~~~~~~
* Fix an error from `tornado.log.enable_pretty_logging` when
`sys.stderr` does not have an ``isatty`` method.
* `tornado.log.LogFormatter` now accepts keyword arguments ``fmt``
and ``datefmt``.
`tornado.netutil`
~~~~~~~~~~~~~~~
* `.is_valid_ip` (and therefore ``HTTPRequest.remote_ip``) now rejects
empty strings.
* Synchronously using `.ThreadedResolver` at import time to resolve
a unicode hostname no longer deadlocks.
`tornado.platform.twisted`
~~~~~~~~~~~~~~~~~~~~~~~~
* `.TwistedResolver` now has better error handling.
`tornado.process`
~~~~~~~~~~~~~~~
* `.Subprocess` no longer leaks file descriptors if `subprocess.Popen` fails.
``tornado.simple_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``simple_httpclient`` now applies the ``connect_timeout`` to requests
that are queued and have not yet started.
* On Python 2.6, ``simple_httpclient`` now uses TLSv1 instead of SSLv3.
* ``simple_httpclient`` now enforces the connect timeout during DNS resolution.
* The embedded ``ca-certificates.crt`` file has been updated with the current
Mozilla CA list.
`tornado.web`
~~~~~~~~~~~
* `.StaticFileHandler` no longer fails if the client requests a ``Range`` that
is larger than the entire file (Facebook has a crawler that does this).
* `.RequestHandler.on_connection_close` now works correctly on subsequent
requests of a keep-alive connection.
* New application setting ``default_handler_class`` can be used to easily
set up custom 404 pages.
* New application settings ``autoreload``, ``compiled_template_cache``,
``static_hash_cache``, and ``serve_traceback`` can be used to control
individual aspects of debug mode.
* New methods `.RequestHandler.get_query_argument` and
`.RequestHandler.get_body_argument` and new attributes
`.HTTPRequest.query_arguments` and `.HTTPRequest.body_arguments` allow access
to arguments without intermingling those from the query string with those
from the request body.
* `.RequestHandler.decode_argument` and related methods now raise
an ``HTTPError(400)`` instead of `UnicodeDecodeError` when the
argument could not be decoded.
* `.RequestHandler.clear_all_cookies` now accepts ``domain`` and ``path``
arguments, just like `~.RequestHandler.clear_cookie`.
* It is now possible to specify handlers by name when using the `.URLSpec`
class.
* `.Application` now accepts 4-tuples to specify the ``name`` parameter
(which previously required constructing a `.URLSpec` object instead of
a tuple).
* Fixed an incorrect error message when handler methods return a value
other than None or a Future.
* Exceptions will no longer be logged twice when using both ``@asynchronous``
and ``@gen.coroutine``
`tornado.websocket`
~~~~~~~~~~~~~~~~~
* `.WebSocketHandler.write_message` now raises `.WebSocketClosedError` instead
of `AttributeError` when the connection has been closed.
* `.websocket_connect` now accepts preconstructed ``HTTPRequest`` objects.
* Fix a bug with `.WebSocketHandler` when used with some proxies that
unconditionally modify the ``Connection`` header.
* `.websocket_connect` now returns an error immediately for refused connections
instead of waiting for the timeout.
* `.WebSocketClientConnection` now has a ``close`` method.
`tornado.wsgi`
~~~~~~~~~~~~
* `.WSGIContainer` now calls the iterable's ``close()`` method even if
an error is raised, in compliance with the spec.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Changes:
Introduces a new, modern admin design
* A fresh, uncluttered design
* Clean typography with Open Sans
* Superior contrast and large, comfortable type
* Responsive interfaces throughout
* Refined, theme management
* Smoother, click-to-add widget management
New Default Theme - Twenty Fourteen
* Easily create a responsive magazine website with a sleek, modern design.
* Feature your favorite homepage content in either a grid or a slider.
* Use the three widget areas to customize your website, and change your
content's layout with a full-width page template and a contributor page to show
off your authors.
For Developers
* External Libraries have been updated.
* Better RTL support
More info on http://codex.wordpress.org/Version_3.8
Changes:
uWSGI 2.0
Changelog [20131230] Important changes
Dynamic options have been definitely removed as well as the
broken_plugins directory Bugfixes and improvements
improved log rotation do not rely on unix signals to print
request status during harakiri added magic vars for uid and
gid various Lua fixes a tons of coverity-governed bugfixes made
by Riccardo Magliocchetti
New features --attach-daemon2
this is a keyval based option for configuring external daemons.
Updated docs are: :doc:`AttachingDaemons` Linux setns() support
One of the biggest improvements in uWSGI 1.9-2.0 has been the total
support for Linux namespaces.
This last patch adds support for the setns() syscall.
This syscall allows a process to "attach" to a running namespace.
uWSGI instances can exposes their namespaces file descriptors
(basically they are the files in /proc/self/ns) via a unix socket.
External instances connects to that unix socket and automatically
enters the mapped namespace.
to spawn an instance in "namespace server mode", you use the
--setns-socket <addr> option
uwsgi --setns-socket /var/run/ns.socket --unshare net,ipc,uts ...
to attach you simply use --setns <addr>
uwsgi --setns /var/run/ns.socket ...
Updated docs: :doc:`Namespaces` "private" hooks
When uWSGI runs your hooks, it verbosely print the whole hook action
line. This could be a security problem in some scenario (for example
when you run initial phases as root user but allows unprivileged
access to logs).
Prefixing your action with a '!' will suppress full logging:
[uwsgi] hook-asap = !exec:my_secret_command
Support for yajl library (JSON parser)
Til now uWSGI only supported jansson as the json parser required
for managing .js config files.
You can now use the yajl library (available in centos) as alternative
JSON parser (will be automatically detected) Perl spooler support
The perl/PSGI plugin can now be used as a spooler server:
uwsgi::spooler(sub {
my $args = shift; print Dumper($args); return -2; });
The client part is still missing as we need to fix some internal
api problem.
Expect it in 2.0.1 ;) Gateways can drop privileges
Gateways (like http router, sslrouter, rawrouter, forkptyrouter
...) can now drop privileges independently by the master.
Currently only the http/https/spdy router exposes the new option
(--http-uid/--http-gid) Subscriptions-governed SNI contexts
The subscription subsystem now supports 3 additional keys (you can
set them with the --subscribe2 option):
sni_key
sni_cert
sni_ca
all of the takes a path to the relevant ssl files.
* [mod_auth] explicitly link ssl for SHA1 (fixes 2517)
* [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes 2515, thx mm)
* [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes 2525, CVE-2013-4508)
* [doc] update ssl.cipher-list recommendation
* [stat-cache] FAM: fix use after free (CVE-2013-4560)
* [stat-cache] fix FAM cleanup/fdevent handling
* [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
* [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
* maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
* [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes 2526)
* [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes 2533)
* [mod_mysql_vhost] fix memory leak on config init (2530)
* [mod_webdav] fix fd leak found with parfait (fixes 2530, thx kukackajiri)
the fastest and most widely support way to get Perfect Forward Secrecy
with modern web browsers if your server uses an RSA key.
Bump package revision because of this change.
Sort PLIST. Add new files.
Trac 1.0.1 (February 1, 2013)
http://svn.edgewall.org/repos/trac/tags/trac-1.0.1
- Fix zip source download for large directories in Subversion repositories
- Performance improvement for the Roadmap, by caching milestone properties
- Added a ''select all'' checkbox to table of components for each plugin on
the Plugins admin panel
- Restore the ''Modify'' link at the top of the ticket page, as it was in
Trac 0.12
- `ListOption` keeps values other than empty string and None in raw list
as default
- Prevent possibility of multiple identical info or warning messages being
presented to the user
- The BatchModify select-all checkboxes are toggled with tri-state behavior
when the ticket checkboxes are toggled
- Update the ticket changetime to the current time when deleting a ticket
comment
- ... and quite more! In particular, see also the changes for 0.12.5
which are also integrated and new since 1.0
Trac 0.12.5 (January 15, 2013)
http://svn.edgewall.org/repos/trac/tags/trac-0.12.5
Trac 0.12.5 is a maintenance release and contains
a few interesting fixes:
- upload of .mht files (MHTML web page archive files) now works
(#9880)
- more robust parsing of attachment URLs (#10280) and uploaded
file names (#10850)
- lots of improvement to the date formatting code, which is now
much more robust when timezone and daylight saving time
computations are involved (#10768, #10863, #10864, #10912, #10920)
- no longer generate invalid JSON encoded data with Python 2.4 and
2.5 (#10877)
- ... and a few more!
Version 3.2.4 (2014-01-20)
--------------------------
### Fixed
Updated the Russian translation of the TinyMCE "typolinks" plugins (see #6224).
### Fixed
Do not create multiple stylect layers upon Ajax changes.
### Fixed
Some DCAs were missing the "rem" unit (see #6634).
### Fixed
Correctly trim the SQL statements in the `Database` class (see #6623).
### Fixed
Fix some broken back end icons (see #6214).
### Fixed
Show a hint in the news archive menu if there are no items (see #5888).
### Fixed
Prevent the back end tool tips from exceeding the screen width (see #6639).
### Fixed
Support the Google+ vanity name in addition to the numeric ID (see #6454).
### Fixed
Correctly detect Android tablets in the `Environment` class (see #5869).
### Fixed
Correctly resolve the module dependencies (see #6606).
### Fixed
Correctly unset the PHP session cookie depending on its parameters.
### Fixed
Fixed the XHTML variant of the comments form (see #5675).
### Fixed
Correctly assign articles to columns (see #6595).
### Fixed
Correctly merge the CSS classes in the `Hybrid` class (see #6601).
Version 1.9.7:
SECURITY HINT: make sure you have allow_xslt = False (or just do not use
allow_xslt at all in your wiki configs, False is the internal default).
Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
New features:
* passlib support - enhanced password hash security. Special thanks go to
the Python Software Foundation (PSF) for sponsoring development of this!
Docs for passlib: http://packages.python.org/passlib/
If cfg.passlib_support is True (default), we try to import passlib and set
it up using the configuration given in cfg.passlib_crypt_context (default
is to use sha512_crypt with default configuration from passlib).
The passlib docs recommend 3 hashing schemes that have good security, but
some of them have additional requirements:
sha512_crypt needs passlib >= 1.3.0, no other requirements.
pbkdf2_sha512 needs passlib >= 1.4.0, no other requirements.
bcrypt has additional binary/compiled package requirements, please refer to
the passlib docs.
cfg.password_scheme should be '{PASSLIB}' (default) to tell that passlib is
wanted for new password hash creation and also for upgrading existing
password hashes.
For the moin code as distributed in our download release archive, passlib
support should just work, as we have passlib 1.6.1 bundled with MoinMoin
as MoinMoin/support/passlib. If you use some other moin package, please
first check if you have moin AND passlib installed (and also find out the
passlib version you have installed).
If you do NOT want to (not recommended!) or can't use (still using python
2.4?) passlib, you can disable it your wiki config:
passlib_support = False # do not import passlib
password_scheme = '{SSHA}' # use best builtin hash (like moin < 1.9.7)
Please note that after you have used moin with passlib support and have user
profiles with passlib hashes, you can't just switch off passlib support,
because if you did, moin would not be able to log in users with passlib
password hashes. Password recovery would still work, though.
password_scheme always gives the password scheme that is wanted for new or
recomputed password hashes. The code is able to upgrade and downgrade hashes
at login time and also when setting / resetting passwords for one or all
users (via the wiki web interface or via moin account resetpw script
command).
So, if you want that everybody uses strong, passlib-created hashes,
resetting the passwords for all users is strongly recommended:
First have passlib support switched on (it is on by default), use
password_scheme = '{PASSLIB}' (also default), then reset all passwords.
Same procedure can be used to go back to weaker builtin hashes (not
recommended): First switch off passlib support, use password_scheme =
'{SSHA}', then reset all passwords.
Wiki farm admins sharing the same user_dir between multiple wikis must use
consistent password hashing / passlib configuration settings for all wikis
sharing the same user_dir. Using the builtin defaults or doing the
configuration in farmconfig.py is recommended.
Admins are advised to read the passlib docs (especially when experiencing
too slow logins or when running old passlib versions which may not have
appropriate defaults for nowadays):
http://packages.python.org/passlib/new_app_quickstart.html#choosing-a-hashhttp://packages.python.org/passlib/password_hash_api.html#choosing-the-right-rounds-value
* Password mass reset/invalidation support, see docs/resetpw/.
This is useful to make sure everybody sets a new password and moin computes
the password hash using the current configuration.
* Customizable default password checker:
Moin's default password checker used and still uses min_length=6 (minimum pw
length) and min_different=4 (minimum count of different chars in the password).
If you feel that you need to require better passwords from your users, you
can customize it now like that in your wiki config:
password_checker = lambda cfg, request, name, pw: multiconfig._default_password_checker(cfg, request, name, pw, min_length=10, min_different=7)
* Removing/disabling inactive users (moin ... account inactive)
Many wikis have a lot of inactive users, that never ever made a single edit.
See help of the command for more details, be careful.
* SystemAdmin user browser: show disabled user accounts at the bottom of
the list
* At startup, announce moin version and code path in log output (makes
support and debugging easier).
* AttachList: introduced search_term parameter (optional) for listing
attachments filtered by a regular expression on their name.
* sign release archive using GnuPG with the key of tw@waldmann-edv.de
ID 31A6CB60 (main key ID FAF7B393)
Fixes:
* logging: if the logging config file can't be read, give a helpful error msg
* logging: use info loglevel (not warning) for telling about using the builtin
default logging config
* moin script commands: warn if someone gave ... to the moin script, avoids a
strange and unhelpful 'empty module name' error message
* reorder html input fields in recoverpass form, to help browsers remember
the user name and password (not erroneously the recovery token and password)
* don't try to send password recovery email to user if email address in
user profile is empty
* cache action: fix 304 http status
* rst parser: fix safe_import for level param in __import__ call of docutils 0.10
* moin maint cleancache: also kill the i18n cache 'meta' pickle file
* sendmail: catch unicode errors when E-Mail addr has non-ascii chars
* redirect last visited: if last visited page is on same wiki, use a local
redirect, do not compute via interwiki map (fixes https: usage)
Added missing include for download(1) with WebKit (as by default).
Reported by Joerg Sonnenberger of NetBSD, thanks!
Fixes building the package, no version bump required AFAICS.
= 4.3.2 (20131002) =
* Fixed a bug in which short Unicode input was improperly encoded to
ASCII when checking whether or not it was the name of a file on
disk. [bug=1227016]
* Fixed a crash when a short input contains data not valid in
filenames. [bug=1232604]
* Fixed a bug that caused Unicode data put into UnicodeDammit to
return None instead of the original data. [bug=1214983]
* Combined two tests to stop a spurious test failure when tests are
run by nosetests. [bug=1212445]
= 4.3.1 (20130815) =
* Fixed yet another problem with the html5lib tree builder, caused by
html5lib's tendency to rearrange the tree during
parsing. [bug=1189267]
* Fixed a bug that caused the optimized version of find_all() to
return nothing. [bug=1212655]
= 4.3.0 (20130812) =
* Instead of converting incoming data to Unicode and feeding it to the
lxml tree builder in chunks, Beautiful Soup now makes successive
guesses at the encoding of the incoming data, and tells lxml to
parse the data as that encoding. Giving lxml more control over the
parsing process improves performance and avoids a number of bugs and
issues with the lxml parser which had previously required elaborate
workarounds:
- An issue in which lxml refuses to parse Unicode strings on some
systems. [bug=1180527]
- A returning bug that truncated documents longer than a (very
small) size. [bug=963880]
- A returning bug in which extra spaces were added to a document if
the document defined a charset other than UTF-8. [bug=972466]
This required a major overhaul of the tree builder architecture. If
you wrote your own tree builder and didn't tell me, you'll need to
modify your prepare_markup() method.
* The UnicodeDammit code that makes guesses at encodings has been
split into its own class, EncodingDetector. A lot of apparently
redundant code has been removed from Unicode, Dammit, and some
undocumented features have also been removed.
* Beautiful Soup will issue a warning if instead of markup you pass it
a URL or the name of a file on disk (a common beginner's mistake).
* A number of optimizations improve the performance of the lxml tree
builder by about 33%, the html.parser tree builder by about 20%, and
the html5lib tree builder by about 15%.
* All find_all calls should now return a ResultSet object. Patch by
Aaron DeVore. [bug=1194034]
= 4.2.1 (20130531) =
* The default XML formatter will now replace ampersands even if they
appear to be part of entities. That is, "<" will become
"&lt;". The old code was left over from Beautiful Soup 3, which
didn't always turn entities into Unicode characters.
If you really want the old behavior (maybe because you add new
strings to the tree, those strings include entities, and you want
the formatter to leave them alone on output), it can be found in
EntitySubstitution.substitute_xml_containing_entities(). [bug=1182183]
* Gave new_string() the ability to create subclasses of
NavigableString. [bug=1181986]
* Fixed another bug by which the html5lib tree builder could create a
disconnected tree. [bug=1182089]
* The .previous_element of a BeautifulSoup object is now always None,
not the last element to be parsed. [bug=1182089]
* Fixed test failures when lxml is not installed. [bug=1181589]
* html5lib now supports Python 3. Fixed some Python 2-specific
code in the html5lib test suite. [bug=1181624]
* The html.parser treebuilder can now handle numeric attributes in
text when the hexidecimal name of the attribute starts with a
capital X. Patch by Tim Shirley. [bug=1186242]
= 4.2.0 (20130514) =
* The Tag.select() method now supports a much wider variety of CSS
selectors.
- Added support for the adjacent sibling combinator (+) and the
general sibling combinator (~). Tests by "liquider". [bug=1082144]
- The combinators (>, +, and ~) can now combine with any supported
selector, not just one that selects based on tag name.
- Added limited support for the "nth-of-type" pseudo-class. Code
by Sven Slootweg. [bug=1109952]
* The BeautifulSoup class is now aliased to "_s" and "_soup", making
it quicker to type the import statement in an interactive session:
from bs4 import _s
or
from bs4 import _soup
The alias may change in the future, so don't use this in code you're
going to run more than once.
* Added the 'diagnose' submodule, which includes several useful
functions for reporting problems and doing tech support.
- diagnose(data) tries the given markup on every installed parser,
reporting exceptions and displaying successes. If a parser is not
installed, diagnose() mentions this fact.
- lxml_trace(data, html=True) runs the given markup through lxml's
XML parser or HTML parser, and prints out the parser events as
they happen. This helps you quickly determine whether a given
problem occurs in lxml code or Beautiful Soup code.
- htmlparser_trace(data) is the same thing, but for Python's
built-in HTMLParser class.
* In an HTML document, the contents of a <script> or <style> tag will
no longer undergo entity substitution by default. XML documents work
the same way they did before. [bug=1085953]
* Methods like get_text() and properties like .strings now only give
you strings that are visible in the document--no comments or
processing commands. [bug=1050164]
* The prettify() method now leaves the contents of <pre> tags
alone. [bug=1095654]
* Fix a bug in the html5lib treebuilder which sometimes created
disconnected trees. [bug=1039527]
* Fix a bug in the lxml treebuilder which crashed when a tag included
an attribute from the predefined "xml:" namespace. [bug=1065617]
* Fix a bug by which keyword arguments to find_parent() were not
being passed on. [bug=1126734]
* Stop a crash when unwisely messing with a tag that's been
decomposed. [bug=1097699]
* Now that lxml's segfault on invalid doctype has been fixed, fixed a
corresponding problem on the Beautiful Soup end that was previously
invisible. [bug=984936]
* Fixed an exception when an overspecified CSS selector didn't match
anything. Code by Stefaan Lippens. [bug=1168167]
= 4.1.3 (20120820) =
* Skipped a test under Python 2.6 and Python 3.1 to avoid a spurious
test failure caused by the lousy HTMLParser in those
versions. [bug=1038503]
* Raise a more specific error (FeatureNotFound) when a requested
parser or parser feature is not installed. Raise NotImplementedError
instead of ValueError when the user calls insert_before() or
insert_after() on the BeautifulSoup object itself. Patch by Aaron
Devore. [bug=1038301]
= 4.1.2 (20120817) =
* As per PEP-8, allow searching by CSS class using the 'class_'
keyword argument. [bug=1037624]
* Display namespace prefixes for namespaced attribute names, instead of
the fully-qualified names given by the lxml parser. [bug=1037597]
* Fixed a crash on encoding when an attribute name contained
non-ASCII characters.
* When sniffing encodings, if the cchardet library is installed,
Beautiful Soup uses it instead of chardet. cchardet is much
faster. [bug=1020748]
* Use logging.warning() instead of warning.warn() to notify the user
that characters were replaced with REPLACEMENT
CHARACTER. [bug=1013862]
= 4.1.1 (20120703) =
* Fixed an html5lib tree builder crash which happened when html5lib
moved a tag with a multivalued attribute from one part of the tree
to another. [bug=1019603]
* Correctly display closing tags with an XML namespace declared. Patch
by Andreas Kostyrka. [bug=1019635]
* Fixed a typo that made parsing significantly slower than it should
have been, and also waited too long to close tags with XML
namespaces. [bug=1020268]
* get_text() now returns an empty Unicode string if there is no text,
rather than an empty bytestring. [bug=1020387]
= 4.1.0 (20120529) =
* Added experimental support for fixing Windows-1252 characters
embedded in UTF-8 documents. (UnicodeDammit.detwingle())
* Fixed the handling of " with the built-in parser. [bug=993871]
* Comments, processing instructions, document type declarations, and
markup declarations are now treated as preformatted strings, the way
CData blocks are. [bug=1001025]
* Fixed a bug with the lxml treebuilder that prevented the user from
adding attributes to a tag that didn't originally have
attributes. [bug=1002378] Thanks to Oliver Beattie for the patch.
* Fixed some edge-case bugs having to do with inserting an element
into a tag it's already inside, and replacing one of a tag's
children with another. [bug=997529]
* Added the ability to search for attribute values specified in UTF-8. [bug=1003974]
This caused a major refactoring of the search code. All the tests
pass, but it's possible that some searches will behave differently.
Version 1.4
-----------
- Update linkify to use etree type Treeewalker instead of simpletree.
- Updated html5lib to version >= 0.999.
- Update all code to be compatible with Python 3 and 2 using six.
- Switch to Apache License.
Version 1.3
-----------
- Used by Python 3-only fork.
Version 1.2.2
-------------
- Pin html5lib to version 0.95 for now due to major API break.
Version 1.2.1
-------------
- clean() no longer considers "feed:" an acceptable protocol due to
inconsistencies in browser behavior.
Version 1.2
-----------
- linkify() has changed considerably. Many keyword arguments have been
replaced with a single callbacks list. Please see the documentation
for more information.
- Bleach will no longer consider unacceptable protocols when linkifying.
- linkify() now takes a tokenizer argument that allows it to skip
sanitization.
- delinkify() is gone.
- Removed exception handling from _render. clean() and linkify() may now
throw.
- linkify() correctly ignores case for protocols and domain names.
- linkify() correctly handles markup within an <a> tag.
Version 7.19.3 [requires libcurl-7.19.0 or better] - 2014-01-09
---------------------------------------------------------------
* Added CURLOPT_NOPROXY.
* Added CURLINFO_LOCAL_PORT, CURLINFO_PRIMARY_PORT and
CURLINFO_LOCAL_IP (patch by Adam Jacob Muller).
* When running on Python 2.x, for compatibility with Python 3.x,
Unicode strings containing ASCII code points only are now accepted
in setopt() calls.
* PycURL now requires that compile time SSL backend used by libcurl
is the same as the one used at runtime. setup.py supports
--with-ssl, --with-gnutls and --with-nss options like libcurl does,
to specify which backend libcurl uses. On some systems PycURL can
automatically figure out libcurl's backend.
If the backend is not one for which PycURL provides crypto locks
(i.e., any of the other backends supported by libcurl),
no runtime SSL backend check is performed.
* Default PycURL user agent string is now built at runtime, and will
include the user agent string of libcurl loaded at runtime rather
than the one present at compile time.
* PycURL will now use WSAduplicateSocket rather than dup on Windows
to duplicate sockets obtained from OPENSOCKETFUNCTION.
Using dup may have caused crashes, OPENSOCKETFUNCTION should
now be usable on Windows.
* A new script, winbuild.py, was added to build PycURL on Windows
against Python 2.6, 2.7, 3.2 and 3.3.
* Added CURL_LOCK_DATA_SSL_SESSION (patch by Tom Pierce).
* Added E_OPERATION_TIMEDOUT (patch by Romuald Brunet).
* setup.py now handles --help argument and will print PycURL-specific
configuration options in addition to distutils help.
* Windows build configuration has been redone:
PYCURL_USE_LIBCURL_DLL #define is gone, use --use-libcurl-dll
argument to setup.py to build against a libcurl DLL.
CURL_STATICLIB is now #defined only when --use-libcurl-dll is not
given to setup.py, and PycURL is built against libcurl statically.
--libcurl-lib-name option can be used to override libcurl import
library name.
* Added CURLAUTH_DIGEST_IE as pycurl.HTTPAUTH_DIGEST_IE.
* Added CURLOPT_POSTREDIR option and CURL_REDIR_POST_301,
CURL_REDIR_POST_302, CURL_REDIR_POST_303 and CURL_REDIR_POST_ALL
constants. CURL_REDIR_POST_303 requires libcurl 7.26.0 or higher,
all others require libcurl 7.19.1 or higher.
* PycURL now supports Python 3.1 through 3.3. Python 3.0 might
work but it appears to ship with broken distutils, making virtualenv
not function on it.
* PycURL multi objects now have the multi constants defined on them.
Previously the constants were only available on pycurl module.
The new behavior matches that of curl and share objects.
* PycURL share objects can now be closed via the close() method.
* PycURL will no longer call `curl-config --static-libs` if
`curl-config --libs` succeeds and returns output.
Systems on which neither `curl-config --libs` nor
`curl-config --static-libs` do the right thing should provide
a `curl-config` wrapper that is sane.
* Added CURLFORM_BUFFER and CURLFORM_BUFFERPTR.
* pycurl.version and user agent string now include both
PycURL version and libcurl version as separate items.
* Added CURLOPT_DNS_SERVERS.
* PycURL can now be dynamically linked against libcurl on Windows
if PYCURL_USE_LIBCURL_DLL is #defined during compilation.
* Breaking change: opensocket callback now takes an additional
(address, port) tuple argument. Existing callbacks will need to
be modified to accept this new argument.
https://github.com/pycurl/pycurl/pull/18
Version 7.19.0.3 [requires libcurl-7.19.0 or better] - 2013-12-24
-----------------------------------------------------------------
* Re-release of 7.19.0.2 with minor changes to build Windows packages
due to botched 7.19.0.2 files on PyPi.
http://curl.haxx.se/mail/curlpython-2013-12/0021.html
Version 7.19.0.2 [requires libcurl-7.19.0 or better] - 2013-10-08
-----------------------------------------------------------------
* Fixed a bug in a commit made in 2008 but not released until 7.19.0.1
which caused CURLOPT_POSTFIELDS to not correctly increment reference
count of the object being given as its argument, despite libcurl not
copying the data provided by said object.
* Added support for libcurl pause/unpause functionality,
via curl_easy_pause call and returning READFUNC_PAUSE from
read callback function.
Version 7.19.0.1 [requires libcurl-7.19.0 or better] - 2013-09-23
-----------------------------------------------------------------
* Test matrix tool added to test against all supported Python and
libcurl versions.
* Python 2.4 is now the minimum required version.
* Source code, bugs and patches are now kept on GitHub.
* Added CURLINFO_CERTINFO and CURLOPT_CERTINFO.
* Added CURLOPT_RESOLVE.
* PycURL can now be used with Python binaries without thread
support.
* gcrypt is no longer initialized when a newer version of gnutls
is used.
* Marked NSS as supported.
* Fixed relative URL request logic.
* Fixed a memory leak in util_curl_init.
* Added CURLOPT_USERNAME and CURLOPT_PASSWORD.
* Fixed handling of big timeout values.
* Added GLOBAL_ACK_EINTR.
* setopt(..., None) can be used as unsetopt().
* CURLOPT_RANGE can now be unset.
* Write callback can return -1 to signal user abort.
* Reorganized tests into an automated test suite.
* Added CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA.
* Cleaned up website.
* Fix pycurl.reset() (patch by <johansen at sun.com>).
* Fix install routine in setup.py where
certain platforms (Solaris, Mac OSX, etc)
would search for a static copy of libcurl (dbp).
* Fixed build on OpenSolaris 0906 and other platforms on which
curl-config does not have a --static-libs option.
* No longer keep string options copies in the
Curl Python objects, since string options are
now managed by libcurl.
flup is a collection of modules for the Python Web Server Gateway
Interface, including support for AJP 1.3, FastCGI and SCGI. It also
offers a basic middleware.
This package contains the 3.x version of the module.
0.8
More fixes for the App Engine support.
Added a new feature that allows you to supply your own provider for the
CA_CERTS file. Just create a module named ca_certs_locater that has a method
get() that returns the file location of the CA_CERTS file.
Lots of clean up of the code formatting to make it more consistent.
part of PR pkg/48447
The HTTP Gem is an easy-to-use client library for making requests from Ruby.
It uses a simple method chaining system for building requests, similar to
libraries like JQuery or Python's Requests.
## v0.9.0
* Add HTTPClient adapter (@hakanensari)
* Improve Retry handler (@mislav)
* Remove autoloading by default (@technoweenie)
* Improve internal docs (@technoweenie, @mislav)
* Respect user/password in http proxy string (@mislav)
* Adapter options are structs. Reinforces consistent options across adapters
(@technoweenie)
* Stop stripping trailing / off base URLs in a Faraday::Connection. (@technoweenie)
* Add a configurable URI parser. (@technoweenie)
* Remove need to manually autoload when using the authorization header helpers on `Faraday::Connection`. (@technoweenie)
* `Faraday::Adapter::Test` respects the `Faraday::RequestOptions#params_encoder` option. (@technoweenie)
Drupal 7.26, 2014-01-15
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001.
Drupal 7.25, 2014-01-02
-----------------------
- Fixed a bug in node_save() which prevented the saved node from being updated
in hook_node_insert() and other similar hooks.
- Added a meta tag to install.php to prevent it from being indexed by search
engines even when Drupal is installed in a subfolder (minor markup change).
- Fixed a bug in the database API that caused frequent deadlock errors when
running merge queries on some servers.
- Performance improvement: Prevented block rehashing from writing blocks to the
database on every cache clear and cron run when the blocks have not changed.
This fix results in an extra 'saved' key which is added and set to TRUE for
each block returned by _block_rehash() that actually is saved to the database
(data structure change).
- Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow
queues to avoid being automatically processed on cron runs (API addition).
- Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be
invoked if the block delta had a hyphen in it. To implement the hook when the
block delta has a hyphen, modules should now replace hyphens with underscores
when constructing the function name for the hook implementation.
- Fixed a bug which caused cached pages to sometimes be sent to the browser
with incorrect compression. The fix adds a new 'page_compressed' key to the
$cache->data array returned by drupal_page_get_cache() (minor data structure
change).
- Fixed broken tests on PHP 5.5.
- Made the File and Image modules more robust when saving entities that have
deleted files attached. The code in file_field_presave() will now remove the
record of the deleted file from the entity before saving (minor data
structure change).
- Standardized menu callback functions throughout Drupal core to return
MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page
not found" or "access denied" pages (minor API change in the return value of
these functions under some circumstances).
- Fixed a bug in which caches were not properly cleared when a node was deleted
via the administrative interface.
- Changed the Bartik theme to render content contained in <pre>, <code> and
similar tags in a larger font size, so it is easier to read.
- Fixed a bug in the Search module that caused exceptions to be thrown during
searches if the server was not configured to represent decimal points as a
period.
- Fixed a regression in the Image module that made image_style_url() not work
when a relative path (rather than a complete file URI) was passed to it.
- Added an optional feature to the Statistics module to allow node views to be
tracked by Ajax requests rather than during the server-side generation of the
page. This allows the node counter to work on sites that use external page
caches (string change and new administrative option:
https://drupal.org/node/2164069).
- Added a link to the drupal.org documentation page for cron to the Cron
settings page (string change).
- Added a 'drupal_anonymous_user_object' variable to allow the anonymous user
object returned by drupal_anonymous_user() to be overridden with a classed
object (API addition).
- Changed the database API to allow inserts based on a SELECT * query to work
correctly.
- Changed the database schema of the {file_managed} table to allow Drupal to
manage files larger than 4 GB.
- Changed the File module's hook_field_load() implementation to prevent file
entity properties which have the same name as file or image field properties
from overwriting the field properties (minor API change).
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Version 1.7.1
-------------
Released January 14th 2014
- Fixed a bug where passwords would fail to verify when specifying a password hash algorithm
Version 1.7.0
-------------
Released January 10th 2014
- Python 3.3 support!
- Dependency updates
- Fixed a bug when `SECURITY_LOGIN_WITHOUT_CONFIRMATION = True` did not allow users to log in
- Added `SECURITY_SEND_PASSWORD_RESET_NOTICE_EMAIL` configuraiton option to optionally send password reset notice emails
- Add documentation for `@security.send_mail_task`
- Move to `request.get_json` as `request.json` is now deprecated in Flask
- Fixed a bug when using AJAX to change a user's password
- Added documentation for select functions in the `flask_security.utils` module
- Fixed a bug in `flask_security.forms.NextFormMixin`
- Added `CHANGE_PASSWORD_TEMPLATE` configuration option to optionally specify a different change password template
- Added the ability to specify addtional fields on the user model to be used for identifying the user via the `USER_IDENTITY_ATTRIBUTES` configuration option
- An error is now shown if a user tries to change their password and the password is the same as before. The message can be customed with the `SECURITY_MSG_PASSWORD_IS_SAME` configuration option
- Fixed a bug in `MongoEngineUserDatastore` where user model would not be updated when using the `add_role_to_user` method
- Added `SECURITY_SEND_PASSWORD_CHANGE_EMAIL` configuration option to optionally disable password change email from being sent
- Fixed a bug in the `find_or_create_role` method of the PeeWee datastore
- Removed pypy tests
- Fixed some tests
- Include CHANGES and LICENSE in MANIFEST.in
- A bit of documentation cleanup
- A bit of code cleanup including removal of unnecessary utcnow call and simplification of get_max_age method
Drupal 7.25, 2014-01-02
-----------------------
- Fixed a bug in node_save() which prevented the saved node from being updated
in hook_node_insert() and other similar hooks.
- Added a meta tag to install.php to prevent it from being indexed by search
engines even when Drupal is installed in a subfolder (minor markup change).
- Fixed a bug in the database API that caused frequent deadlock errors when
running merge queries on some servers.
- Performance improvement: Prevented block rehashing from writing blocks to the
database on every cache clear and cron run when the blocks have not changed.
This fix results in an extra 'saved' key which is added and set to TRUE for
each block returned by _block_rehash() that actually is saved to the database
(data structure change).
- Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow
queues to avoid being automatically processed on cron runs (API addition).
- Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be
invoked if the block delta had a hyphen in it. To implement the hook when the
block delta has a hyphen, modules should now replace hyphens with underscores
when constructing the function name for the hook implementation.
- Fixed a bug which caused cached pages to sometimes be sent to the browser
with incorrect compression. The fix adds a new 'page_compressed' key to the
$cache->data array returned by drupal_page_get_cache() (minor data structure
change).
- Fixed broken tests on PHP 5.5.
- Made the File and Image modules more robust when saving entities that have
deleted files attached. The code in file_field_presave() will now remove the
record of the deleted file from the entity before saving (minor data
structure change).
- Standardized menu callback functions throughout Drupal core to return
MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page
not found" or "access denied" pages (minor API change in the return value of
these functions under some circumstances).
- Fixed a bug in which caches were not properly cleared when a node was deleted
via the administrative interface.
- Changed the Bartik theme to render content contained in <pre>, <code> and
similar tags in a larger font size, so it is easier to read.
- Fixed a bug in the Search module that caused exceptions to be thrown during
searches if the server was not configured to represent decimal points as a
period.
- Fixed a regression in the Image module that made image_style_url() not work
when a relative path (rather than a complete file URI) was passed to it.
- Added an optional feature to the Statistics module to allow node views to be
tracked by Ajax requests rather than during the server-side generation of the
page. This allows the node counter to work on sites that use external page
caches (string change and new administrative option:
https://drupal.org/node/2164069).
- Added a link to the drupal.org documentation page for cron to the Cron
settings page (string change).
- Added a 'drupal_anonymous_user_object' variable to allow the anonymous user
object returned by drupal_anonymous_user() to be overridden with a classed
object (API addition).
- Changed the database API to allow inserts based on a SELECT * query to work
correctly.
- Changed the database schema of the {file_managed} table to allow Drupal to
manage files larger than 4 GB.
- Changed the File module's hook_field_load() implementation to prevent file
entity properties which have the same name as file or image field properties
from overwriting the field properties (minor API change).
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Flask-Babel is an extension to Flask that adds i18n and l10n support to any
Flask application with the help of babel, pytz and speaklater. It has builtin
support for date formatting with timezone support as well as a very simple and
friendly interface to gettext translations.
Upstream changes:
4.66 2014-01-04
- Added success attribute to Test::Mojo.
- Improved Mojo::DOM::CSS and Mojo::DOM::HTML performance.
- Fixed XML detection bug in Mojo::DOM.
- Fixed escaping bugs in Mojo::DOM::CSS.
4.65 2014-01-02
- Deprecated use of hash references for optgroup generation with
select_field helper in favor of Mojo::Collection objects.
- Added b and c helpers to Mojolicious::Plugin::DefaultHelpers.
- Fixed reference handling bug in Mojo::Collection.
4.64 2014-01-01
- Fixed helper export bug in Mojolicious::Plugin::EPRenderer.
4.63 2013-12-19
- Deprecated Mojolicious::secret in favor of Mojolicious::secrets.
- Added support for rotating secrets.
- Added secrets method to Mojolicious.
4.62 2013-12-17
- Deprecated Mojo::URL::to_rel.
4.61 2013-12-16
- Added select_one method to Mojo::DOM::CSS.
- Improved performance of Mojo::DOM::at significantly.
4.60 2013-12-11
- Improved Mojolicious::Validator::Validation to allow custom validation
errors.
4.59 2013-12-04
- Added CSRF protection support.
- Added support for permessage-deflate WebSocket compression.
- Added csrf_protect method to Mojolicious::Validator::Validation.
- Added build_message method to Mojo::Transaction::WebSocket.
- Added csrf_token attribute to Mojolicious::Validator::Validation.
- Added compressed and context_takeover attributes to
Mojo::Transaction::WebSocket.
- Added csrf_token helper to Mojolicious::Plugin::DefaultHelpers.
- Added csrf_field helper to Mojolicious::Plugin::TagHelpers.
- Removed deprecated mode specific methods in application class.
- Relicensed all artwork to CC-SA version 4.0.
uwsgitop is a top-like command that uses the stats server. Run your uWSGI server
with the stats server enabled. Ex.:
uwsgi --module myapp --socket :3030 --stats /tmp/stats.socket
Then, connect uwsgitop to the stats socket:
uwsgitop /tmp/stats.socket
Uliweb is a full-stacked Python based web framework. It has three
main design goals, they are: reusability, configurability, and
replaceability. All the functionalities revolve around these goals.
-wip for the newest supported version. Partial ChangeLog:
* 1.4.1
- fixed typos in corerouter plugins
- fixed offloading when the number of threads is higher than 1
- fixed static_maps for non-existent paths
- fixed uwsgi_connect() on modern Linux systems to reset the socket to blocking mode
* 1.4
- gevent improvements
- improved http/https router and fastrouter
- Go official support
- a new set of infos are exported to the stats system
- improved systemd support
- log filtering and routing
- improved tracebacker
- offload transfer for static files, and network transfers
- matheval support
- plugins can be written in Obj-C
- smart attach daemon
- added support for PEP 405 virtualenvs
- rawrouter with xclient support
- internal routing plugin for cache
* 1.3
- python tracebacker
- user-governed harakiri
- simplified external plugin development
- Linux namespace mountpoint improvements
- secured subscription system
- merged routers codebase (fastrouter, http, rawrouter)
- https support in the http router
- config report at the end of uWSGI build process
- improved subscription system (multicast and unix socket)
- custom options
- graceful reloads on shared sockets
- configurable log-master buffer size
- extreme-optimizations for the stats subsystem
- redislog and mongodblog plugins
- added python logger
- mongodb and postgres imperial monitors
- implemented psgix.logger and psgix.cleanup
- full rack spec compliance
- preliminary ipv6 support
- gevent graceful reloads
- support for multiple loggers and logformat
- lazy-apps to load apps after fork() but without changing reloading subsystem
- emperor heartbeat subsystem
- cheaper busyness plugin
- pluggable clock sources
- added router_rewrite and router_http plugins
- external spoolers
- support for section:// and fd:// loaders
- alarm subsystem (with curl and xmpp plugins)
Update DEPENDS
Upstream changes:
0.11 2013-12-15 14:19:22 Europe/Amsterdam
[ ENHANCEMENTS ]
* GH#481: Don't pollute @INC automatically when Dancer2 is imported, each
runner is now responsible of including the local ./lib dir if needed.
* GH#469, 418: Dancer2::Plugin provides a ':no_dsl' flag for modern Plugins
(Pedro Melo)
* GH#485: Keywords 'redirect' and 'forward' exit immediatly when executed in
a route/hook. New dependency on Return::MultiLevel (Russell Jenkins).
* GH#495: Use accessor and predicates instead of direct access.
Addresses GH#493 too. (Russell Jenkins)
* GH#502,GH#472: Rework halt to use with_return from Return::MultiLevel.
(Russell Jenkins)
* GH#479,GH#480,GH#508: Pass parameters to params() in the DSL.
(Slava Goltser, unickuity, Russell Jenkins)
* GH#505: Fix empty HTTP_REFERER in Dancer::Core::Request (Menno Blom).
* GH#503: Multiple reverse proxy support (Menno Blom).
* GH#371,GH#506: CLI tool rewrite (using App::Cmd, supports plugins, etc.).
(Ivan Kruglov, Samit Badle, Sawyer X)
* GH#498: Add some missing items in MANIFEST.SKIP (Gabor Szabo, Sawyer X).
[ DOCUMENTATION ]
* GH#489: Remove link to Dancer2::Deployment pod which does not exist
(Sweet-kid)
* GH#511: s/Deflator/Deflater/; (Cesare Gargano)
* GH#491: Updated config paths for template_toolkit in cookbook.
(Mark A. Stratman)
* GH#494: Update session config details (Dancer2::Config),
namespace fixup in Dancer2::Core::cookie.
(Russell Jenkins)
* GH#470: Fix Plack::Builder mount usage (Pedro Melo).
* GH#507: Fix plenty of typos (David Steinbrunner).
* GH#477: Document problem with Plack Shotgun on Windows (Ahmad M. Zawawi).
* GH#504: Add link to Dancer2::Plugin::Sixpack (Menno Blom).
* GH#490: Document Dancer2 should be FatPackable (Sawyer X).
* GH#452: Make a complete authors section, clean it up (Pau Amma).
* More fixes to main documentation (Pau Amma).
Upstream changes:
1.3120 24.12.2013
[ ENHANCEMENTS ]
* GH #974: Make plugins play nicely with mro 'c3'. (Fabrice Gabolde)
[ DOCUMENTATION ]
* GH #972: Correction of a truckload of typos. (David Steinbrunner)
* GH #971: Stress that the request's 'env()' method is prefered over
accessing '%ENV' directly. (isync)
* GH #968: Fix 'ScriptAlias' example in Deployment docs. (reported
by tednolan)
* GH #976: Document and trap limitation in Dancer::Test. (Tom Hukins)
* GH #976: Improve references to related modules. (Tom Hukins)
