2010-03-14 Gisle Aas <gisle@ActiveState.com>
Release 1.53
Ville Skyttä (6):
Remove unneeded execute permissions.
Add $uri->secure() method.
Documentation and comment spelling fixes.
Fix heuristics when COUNTRY is set to "gb".
Use HTTP_ACCEPT_LANGUAGE, LC_ALL, and LANG in country heuristics.
POD linking improvements.
Michael G. Schwern (2):
Rewrite the URI::Escape tests with Test::More
Update URI::Escape for RFC 3986
Gisle Aas (1):
Bump MIN_PERL_VERSION to 5.6.1 [RT#54078]
Salvatore Bonaccorso (1):
Suppress wide caracters warnings in iri.t [RT#53737]
As per PR/42962 provided by Ivan "Rambius" Ivanov.
While here, update MASTER_SITES
Changes since 0.16.2:
Changes in release sitecopy 0.16.6, 16 July 2008
* DAV: Fix crash with progress bar enabled with neon 0.27/0.28.
Changes in release sitecopy 0.16.5, 16 July 2008
* DAV: Fix SSL cert caching to avoid repeated prompts.
* Update to neon 0.28.3 and support neon 0.24.x through 0.28.x.
Changes in release sitecopy 0.16.3, 12 March 2006
* DAV: Add PKCS#12 client cert support; "client-cert /path/to/cert.p12"
* Update to neon 0.26.0 (0.24.x and 0.25.x still supported).
Changes since 0.4.14:
0.4.18 Fri Mar 12 23:39:59 PST 2010
- Fixed Canvas.pm to correctly select MD5-hex value. (Andrey Ilyin)++
- Updated Canvas.pm docs to specify cookie method needed
- Updated copyright information
0.4.17 Thu Nov 26 09:48:03 PST 2009
- Updated Stream.publish to automatically call encode action_links
to JSON. (Larry Mak)++
- Fixed upload method in Video along with docs (Anthony Bouvier)++
- Updated server call in API.pm to allow a filename to be passed in
from the upload methods under Video and Photo. (Anthony Bouvier)++
- Didn't include Canvas testing b/c it looks like the code changes
back in August broke the mocking. (It's on the TODO list)
- Added format testing for Video.upload
0.4.16 Mon Aug 24 18:43:12 PDT 2009
Added Exception submodule for handling exceptions (Kevin Riggle)++
0.4.15 Fri Aug 21 22:26:44 PDT 2009
Updated POD and formatting (for Perl::Critic) (gregor herrmann)++
Added new namespaces that are now a part of Facebook API along with
basic tests
Added documentation for all namespaces in API.pm
Deleted deprecated namespaces and methods
Added begin and end methods to start and finish permissions mode in
Permissions.pm
Changed formatting and removed versioning information. Versioning
information is no longer specific to each submodule, but to the
distribution
* Fix utf8 issues in calls to md5_hex.
* moderatedcomments: Added moderate_pagespec that can be used
to control which users or comment locations are moderated.
This can be used, just for example, to moderate "user(http://myopenid.com/*)"
if you're getting a lot of spammers from one particular openid
provider (who should perhaps answer your emails about them),
while not moderating other users.
* moderatedcomments: The moderate_users setting is deprecated. Instead,
set moderate_pagespec to "!admin()" or "user(*)".
* Fix missing span on recentchanges page template.
* search: Avoid '$' in the wikiname appearing unescaped on omega's
query template, where it might crash omega.
* htmlscrubber: Security fix: In data:image/* uris, only allow a few
whitelisted image types. No svg.
* Change ne_sock_close() to no longer wait for SSL closure alert:
o fixes possible hang with IIS servers when closing SSL connection
o this reverts the behaviour with OpenSSL to match 0.28.x,
and changes the behaviour with GnuTLS to match that with
OpenSSL
* Fix memory leak with GnuTLS
* API clarification in ne_sock_close():
o SSL closure handling now documented
o return value semantics fixed to describe the implementation
Changes in release neon 0.29.2, 30 December 2009 (PGP signature)
* Fix spurious 'certificate verify failed' errors with OpenSSL (Tom C)
* Fix unnecessary re-authentication with SSPI (Danil Shopyrin)
o Note that this change was previously listed in the 0.29.1 changes, however the patch had not been merged.
Changes in release neon 0.29.1, 15 December 2009 (PGP signature)
* Fixes for (Unix) NTLM implementation:
o fix handling of session timeout (Kai Sommerfeld)
o fix possible crash (basic@mozdev.org)
* Build fixes for Win32:
o fix use of socklen_t with recent SDKs (Stefan Kung)
o fix USE_GETADDRINFO on Win2K (Kai Sommerfeld)
* Fix build with versions of GnuTLS older than 2.8.0.
pkgsrc changes:
- Adjust dependencies
- Adjust license definition
- Add module type
Upstream changes:
0.023 20 Feb 2010
* support for Field->description. Patch from Adam Mackler.
0.022 17 Feb 2010
* no changes but version bump to accomodate CPAN. Apparently I was too aggressive in
cleaning up old files and deleted 0.021...
0.021 03 Feb 2010
* add missing META.yml
* change base URLs for ExtJS and Livegrid to point at non-MSI URLs and remove
warning about "get your own"
0.020 1 Dec 2009
* add missing dep on Template::Plugin::Autoformat to Makefile
* fix dbic test to make sort order explicit with table prefix
* allow for cxc-* params to be set in livegrid.js and default there.
Security fixes:
* Fixed a ticket validation issue that would allow unauthorized
users to modify the status and resolution of a ticket (#8884)
Performance improvements:
* Trac wiki had some trouble handling very long unicode words
(#9025)
* Full text search was very slow if lots of custom fields were
used (#8935)
Bug fixes:
* Fixed a race condition that could lead to the destruction of the
trac.ini file (#8623)
* Fixed creation of new milestone which could have been a rename
if performed after a name clash has been detected (#8816)
* Fixed display of value 0 in report cells (#7512)
pkgsrc changes:
- Adjust dependencies
- Add license definition
Upstream changes:
0.07 17 Feb 2010
* fix bug in get_template_filename with extra dot on .tt
* add debugging
* switch to MRO::Compat from Class::C3
pkgsrc changes:
- Adjust license definition
- Adjust dependencies
Upstream changes:
0.52 Mon Mar 8 01:25 GMT 2010
- Move actions out of the test applications to avoid deprecation warnings.
- POD corrections by jhannah
- Bump version dependency of Test::WWW::Mechanize to 1.54 to fix RT#44555
- Wrap checks for the appropriate plugins to skip tests inside a BEGIN
block so that they are run before the app tries to be loaded at compile
time, fixing RT#47037
0.1083.
Upstream changes:
0.1083 2010-03-03
Tweaking exception message to better explain what people did wrong when
they pass bad columns to authenticate.
Upstream changes:
Mon 8 Feb 2010 22:17:12 GMT - Release 0.83
Make it possible to deserialize a request with a DELETE method. This probably
breaks 'strict' REST guidelines, but is useful for being able to delete multiple
resources from a single call by providing a batch delete method.
Remove JSONP from the list of default serializers (RT#54336)
Fix MANIFEST (RT#54408)
Thu 4 Feb 2010 22:31:57 GMT - Release 0.82
Integrated Catalyst::Request::REST::ForBrowsers as
Catalyst::TraitFor::Request::ForBrowsers. (Dave Rolsky)
Clarified docs so that they encourage the use of the request traits, rather
than using Catalyst::Request::REST. (Dave Rolsky)
When Catalyst::Action::REST or Controller::REST automatically add the trait,
your request class will no longer end up getting set to
Catalyst::Request::REST. Instead, creates an anon class with the appropriate
role. (Dave Rolsky)
Shut up log output from the tests. (Dave Rolsky)
Added a $VERSION to every module, mostly to make sure that when people
install Catalyst::Request::REST::ForBrowsers, they get the version in this
distro. (Dave Rolsky)
Change Catalyst::Action::Serialize, Catalyst::Action::Deserialize and
Catalyst::Action::SerializeBase to be more Moose like.
Fix JSON and JSON::XS to encode_blessed. (fREW)
Fix Catalyst::Action::Serialize to use objects instead of classes. (fREW)
Fix doc nits. (RT#53780)
Upstream changes:
1.27 2010-02-23 10:44:20
- Add the catalyst_par_options option.
- Change the version of Catalyst required to 5.80015 as retarded
packaging systems consider 5.8001402 greater than 5.80015.
Upstream changes:
5.8004 17 Feb 2010
- Tutorial:
- Add foreign key support for SQLite
(huge thanks to Caelum for that and other good edits!)
- Add "Quick Start" to Intro (Chapter 1)
- Switch to use of "-r" to auto-restart the dev svr
- Update for latest available Debian package versions
- Switch to individual files for example code vs. tarballs
- Switch to 'done_testing' and shorter 'prove' args for testing chapter
- Misc typo fixes
- Other:
- Minor Cookbook edits
pkgsrc changes:
- Adjust dependencies
Upstream changes:
0.28 Wed Mar 10 11:19:35 JST 2010
- No code changes. Fixed packaging, added YAML dep for testing
0.27 Tue Feb 23 18:09:02 PST 2010
- Added repository info to META.yml to satisfy people
pkgsrc changes:
- Adjust module type
Upstream changes:
0.08 9 Febuary 2010
- Correctly built distribution. MANIFEST.SKIP fixed to avoid the issue
in future.
0.07 9 Febuary 2010
- Catalyst::Runtime is a runtime dependency. RT#48842
pkgsrc changes:
- Adjust dependencies (>=0 -> -[0-9]*)
Upstream changes:
5.80021 2010-03-03 23:02:01
Bug fixed:
- $c->uri_for will now escape unsafe characterss in captures
($c->request->captures) and correctly encode utf8 charracters.
5.80020 2010-02-04 06:51:18
New features:
- Allow components to specify additional components to be set up by
overriding the expand_modules method. (Oliver Charles)
Two security issues were discovered:
A CSS validation issue was discovered which allows editors to display
external images in wiki pages. This is a privacy concern on public
wikis, since a malicious user may link to an image on a server they
control, which would allow that attacker to gather IP addresses and
other information from users of the public wiki. All sites running
publicly-editable MediaWiki installations are advised to upgrade. All
versions of MediaWiki (prior to this one) are affected.
A data leakage vulnerability was discovered in thumb.php which affects
wikis which restrict access to private files using img_auth.php, or
some similar scheme. All versions of MediaWiki since 1.5 are affected.
Deleting thumb.php is a suitable workaround for private wikis which do
not use $wgThumbnailScriptPath or $wgLocalRepo['thumbScriptUrl'].
Alternatively, you can upgrade to MediaWiki 1.15.2 or backport the
patch below to whatever version of MediaWiki you are using.
For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.
Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).
Changes with Apache 2.2.15
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
by rejecting any client-initiated renegotiations. Forcibly disable
keepalive for the connection if there is any buffered data readable. Any
configuration which requires renegotiation for per-directory/location
access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
*) SECURITY: CVE-2010-0408 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
*) SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
- Support all ciphers and digests typically used in client certificates
- Fix caching of FastCGI reponses with large stderr output
- Support HTTPS referrers
- Fix $date_local variable with "%s" format
- Fix client certificate verification error with ssl_session_cache=none
- Fix matching error with geo ranges
- Fix SSI issue with stub parameter
- Fix $r->sleep
- fix a race condition in the worker spawning code
- minor fixes for the spooler code
- backport of UWSGI_SCHEME for better HTTPS support
- improvements for graceful reloading code
== 1.2.7 No Hup
* Support multiple Ruby version (fat binaries under windows)
* Do not trap unsupported HUP signal on Windows
== 1.2.6 Crazy Delicious
* Make work with Rails 3 out-of-the-box.
* Auto-detect and load config.ru files on start. Makes Rails 3 work.
* Fix signals being ignored under 1.9 when daemonized.
== 1.2.5 This Is Not A Web Server
* Add rolling restart support (--onebyone option) [sikachu]
* Force external_encoding of request's body to ASCII_8BIT [jeremyz]
* Ensure Rack base API is used in Rails adapter only if version >= 2.3.2
[#111 state:resolved]
== 1.2.4 Flaming Astroboy
* Fix a few issues in thin to make it a better "gem citizen" [josh]
* Fix test for rack based Rails in adapter under Ruby >= 1.8.7
[#109 state:resolved]
* Fix Remote address spoofing vulnerability in Connection#remote_address
[Alexey Borzenkov]
* Fix uninitialized constant ActionController::Dispatcher error with
Rails 1.2.3 [Chris Anderton] [#103 state:resolved]
== 1.2.2 I Find Your Lack of Sauce Disturbing release
* Fix force kill under 1.9 [Alexey Chebotar]
* Fix regression when --only option is used w/ --socket.
* Add process name 'tag' functionality. Easier to distinguish thin daemons
from eachother in process listing [ctcherry]
== 1.2.1 Asynctilicious Ultra Supreme release
* Require Rack 1.0.0
* Require EventMachine 0.12.6
* Use Rails Rack based dispatcher when available
* Allow String for response body
* Require openssl before eventmachine to prevent crash in 1.9
== 1.2.0 Asynctilicious Supreme release
* Add support for Windows mingw Ruby distro [Juan C. Rodriguez]
* Add async response support, see example/async_*.ru [raggi]
== 1.1.1 Super Disco Power Plus release
* Fix bug when running with only options [hasimo]
== 1.1.0 Super Disco Power release
* Require EventMachine 0.12.4
* Remove Thin handler, now part of Rack 0.9.1
* Fix Rack protocol version to 0.1 in environment hash.
* Fix error when passing no_epoll option to a cluster.
* Omit parsing #defined strings [Jeremy Zurcher]
* Defaults SERVER_NAME to localhost like webrick does [#87 state:resolved]
* Namespace parser to prevent error when mongrel is required [cliffmoon]
* Set RACK_ENV based on environment option when loading rackup file
[Curtis Summers] [#83 state:resolved]
* Fixes a warning RE relative_url_root when using a prefix with Rails
2.1.1 [seriph] [#85 state:resolved]
* --only can work as a sequence number (if < 80) or a port number
(if >= 80) [jmay] [#81 state:resolved]
== 1.0.0 That's What She Said release
* Fixed vlad.rake to allow TCP or socket [hellekin]
* Updated Mack adapter to handle both <0.8.0 and >0.8.0 [Mark Bates]
* rails rack adapter uses File.readable_real? so it recognizes ACL
permissions [Ricardo Chimal]
* Log a warning if Rack application returns nil body [Michael S. Klishin]
* Handle nil and Time header values correctly [#76 state:resolved] [tmm1]
* Add Content-Length header to response automatically when possible
[#74 state:resolved] [dkubb]
* Runner now remembers -r, -D and -V parameters so that clustered servers
inherit those and 'restart' keep your parameters.
* Make Set-Cookie header, in Rails adapter, compatible with current Rack
spec [Pedro Belo] [#73, state:resolved]
* Add --no-epoll option to disable epoll usage on Linux
[#61 state:resolved]
* Add --force (-f) option to force stopping of a daemonized server
[#72 state:resolved]
* Update halycon adapter loader [mtodd]
== 0.8.2 Double Margarita release
* Require EventMachine 0.12.0
* [bug] Fix timeout handling when running command
* [bug] Fix hanging when restarting and no process is running in single
server move, fixes#67
* Added Mack adapter [markbates]
* Allow rackup .rb files by getting a conventionally named constant as
the app [bmizerany]
2.0.6:
- Fix off-by-one error in ESI handling
- Bug fixes related to session lingering
- Backend probes should now work correctly with more servers
- Portability fixes
- Make it possible to specify the per-thread stack size, useful for 32 bit
systems
2.0.5:
- Performance improvements, particularly on Linux.
- Implement support for HTTP continuation lines
- Handle illegal responses from the backend better by serving a 503 page
rather than panic-ing
- Add backtrace to assertion errors. This requires Varnish to be installed
unstripped
- Consume less memory when processing ESI
- Better standards compliance with If-None-Match support and emitting more
headers on 304 responses
- Add a FetchError? log tag which makes it easier to understand why a
backend fetch failed.
pkgsrc changes:
- Proper EGDIR/SYSCONFDIR support.
- Default user, directory, ownership and permissions support.
- Rudimentary fix for gcc vs. sunpro on Solaris, as used by varnish
to compile config files.
because the git package doesn't need that. Depend on scmgit-base
instead of scmgit because I can't see how this requires the man pages
to be installed.
Drop dependency on apache because this ought to work with other
web servers.
Take maintainership, but only because it's not maintained.
Drupal 6.16, 2010-03-03
----------------------
- Fixed security issues (Installation cross site scripting, Open redirection,
Locale module cross site scripting, Blocked user session regeneration),
see SA-CORE-2010-001.
- Better support for updated jQuery versions.
- Reduced resource usage of update.module.
- Fixed several issues relating to support of install profiles and
distributions.
- Added a locking framework to avoid data corruption on long operations.
- Fixed a variety of other bugs.
* comments: Display number of comments in comment action link.
* Rebuild wikis on upgrade to this version to get the comment counts
added to existing pages.
* Loosen regexp, to allow empty quoted parameters in directives.
* Add force_overwrite setting to make setup automator overwrite existing
files/directories.
* Fix admin openid detection in setup automator, and avoid prompting
for a password.
* Add new --clean option; this makes ikiwiki remove all built
files in the destdir, as well as wrappers and the .ikiwiki directory.
pkgsrc chage: switch to user-destdir.
2.8.1 (2010-02-28)
* Added: different update modes for overriding multiple group memberships
* Fixed: the install tool does not handle equals sings in passwords (#1338)
* Fixed: articles drop-down menu in news/events is causing a fatal error (#1593)
* Fixed: several issues in the Comments class (BBCode parser)
* Fixed: image link elements do not support the new image resize options (#1585)
* Fixed: table sort script interchanges the classes even and odd (#1589)
* Fixed: inconsistent file tree behavior (#1582)
* Fixed: Date class not supporting negative Unix timestamps (#1591)
* Fixed: apply file permissions to image thumbnails when the Safe Mode
Hack is used (#1398)
* Fixed: several issues with the new calendar/event list navigation (#1584)
* Fixed: Widget class not validating the maximum input length (#1578)
* Fixed: relative URLs in RSS feeds are not converted to absolute URLs (#1596)
* Fixed: the toggleVisibilty() methods do not support save_callbacks
and versioning
* Fixed: access control for comments is missing in the new comments module
* Fixed: no active record available in onsubmit_callbacks in
"override multiple" mode
* Fixed: Swiff does not check whether the Flash plugins is available (#1601)
* Fixed: navigation module start/stop levels fail if there is a reference
page (#1607)
* Fixed: the style sheet module does not show an error if a file is not
writeable (#1598)
* Fixed: FancyUpload does not work in the popup file manager (#1608)
* Fixed: wrong thumbnail size if only height and maximum front end width
are given
* Fixed: file manager does not urlencode filenames (#1616)
* Fixed: not all elements and modules pass the data array to the view (#1604)
* Fixed some minor issues
Lua support for libcurl.
Connect and communicate to many different types of servers with many
different types of protocols.
This project is not a fork of LuaCURL, which is a direct mapping of
parts of the libcurl-easy interface.
The intent of Lua-cURL is to adapt the
* Easy Interface
* Multi Interface
* Shared Interface
of libcurl to the functionality of Lua (for example by using iterators
instead of callbacks when possible).
