Version 0.73 -- 19 May 2011 <rafl@debian.org>
o Stop claiming we ship a file called -e in the MANIFEST.
Version 0.72 -- 19 May 2011 <rafl@debian.org>
o Clean up Makefile.PL and restore compatibility with recent
ExtUtils::MakeMaker versions.
- [FIXES]
- Tied all $VERSION to HTML::Element to ensure latest package is used
for all modules. RT #66110
- Moved perlcritic tests to xt/author
- [DOCUMENTATION]
- Added text and link to "Perl and LWP" book.
- Fix Authors is all PM files.
- Mark Stosberg (8):
- typo fix: s/do deal/to deal/
- best practice: s/foreach /for /
- Whitespace: fix inconsistent use of tabs vs spaces
- Code style: fix inconsistency with subroutine braces at the end of the
line vs below it.
- Modernize: s/use vars/our/ ... since we require 5.6 as a minimum
version now
- Whitespace: fix indentation so blocks are consistently indented
- Add formal terms "Percent-encode" and "Percent-decode" to the NAME
and description to match the RFC
- Drop support for Perl < 5.8.1 -
Perl 5.8 was released almost 10 years ago. It's time.
- Gisle Aas (6):
- Convert test to use Test::More
- Adjust tests for query_form
- Avoid "Use of uninitialized value"-noise from query_form
- State test dependencies [RT#61538]
- We also depend on ExtUtils::MakeMaker
- State 5.8 dependency in the META.yml file
- Ville Skyttä (2):
- Guess HTTPS and FTP from URI::Heuristic input with port but no scheme.
- Try harder to guess scheme from hostnames besides just "$scheme.*" ones.
- Tests reworked to not use subtests. Development versions
of Test::More do not support subtests, and the smokers
that are running with these dev versions then send me
confusing test failures. This is a pain.
- Reworking of HTML quote issue in FormatPS
- Now remap all double quotes to " in FormatPS (which is not
really right, but the best I can do with latin1 output)
- RT#69426 - issues with HTML quotes
- UTF8 handling requires perl 5.8, so minimum requirement bumped
- Release unchanged except for version number after a period
to see if test release threw up any issues...
- Code gardening - no functionality modifications - includes:-
- Moved old DEBUG framework to Smart::Comments
- Ensured variables are declared my as much as possible
- Ensure strict/warnings used as far as possible
- use base rather than playing games with @ISA
- Changes above enforce a requirement of perl 5.6.1
- Robo-reformatted by perltidy
- Stripped function prototypes where used
- Passes standard perl critic with one exclusion
- Tweaks for comprehensibility - splitting sections etc
- Smoke tests on windows showed needed make PS tests less strict
- Changed the github location to be all lowercase
- Releasing this as a stop gap - will do further work now
incompatibilities dealt with
- Added dependancies for font metrics files
- Documentation tidy up - but needs further work
- new TRIAL release - intend to push this as full release if OK
- Git conversion
- Dist::Zilla conversion
- RT#54636 - UNIVERSAL::Can deprecated
- RT#56278 - RTF formatting parameters ignored by new
- Start of a new test harness
- TRIAL release pushed out. Aiming to improve docs and maybe
hit rest of RT queue before a full release.
Tue Jul 12 00:46:02 BST 2011 - surfraw 2.2.8
* New elvi:
+ ads - search the SAO/NASA Astrophysics data system.
+ archwiki: search the arch wiki.
+ bugzilla - search various bugzillas, defaults to kernel.
+ cablesearch - search wikileaks cables
+ deli: search delicious.com.
+ duckduckgo - replace with better implementation
+ openports - search openbsd ports
+ pasearch - search Penny Arcade archives.
+ scirus, scitopia, worldwidescience - science searches
+ stack: search stackoverflow.com and friends.
+ yandex - russian web search.
* Changed elvi:
+ archpkg: now supports options.
+ arxiv: quote queries for exact string matches.
+ ctan: Option -doc replaced by -id. Options no longer mutually
exclusive.
+ codesearch, musicbrainz, rpmsearch: rewritten to match new
site. Options have changed to match site, see help message.
+ debbugs: add -s as an alias for -search=src.
+ google: new options:
* -v, -search=video: search video
* -m, -search=maps: search maps
* -n, -search=news: search news
* -i: new shortcut for -search=images
* -safe=default|off|moderate|strict: safe search
+ openbsd: support -misc and -tech.
+ opensearch: new option -r, uses remote redirector
which means it can run without heavy dependencies.
+ pgpkeys: add more options, support more keyservers,
default to sks-keyservers.net.
+ translate: added Google Translate support.
+ wayback: advanced search is broken, rip out all
options and use basic search.
+ wikipedia: new option -d, uses remote redirector
to search both wikipedia and deletionpedia.
use -fallback=wikipedia|deletionpedia to customise
behaviour.
* Fixed elvi: archpkg, arxiv, cia, codesearch, ctan, javasun,
lastfm, musicbrainz, netbsd, rpmsearch, w3link, yahoo.
* Removed elvi:
+ altavista: is now just a front-end to yahoo. RIP.
+ cddb: gracenote made the "hard decision" to remove the
website search. sigh.
+ fast: another yahoo front-end.
+ filesearching: refuses to work without 'Referer:' header.
+ port: site gone
* Support -local-help, --local-help or -lh to get elvi-specific
help without displaying the global options. This works for
all elvi and the main surfraw script.
* Support -h as a synonym for -help.
* Improved listing of elvi.
* Default to surfraw_graphical_remote=no,
as chromium doesn't support "-remote openURL".
* Bookmark names are now an exact match not a substring match.
* Support BSD/POSIX make.
* README: added INTEGRATION section on uzbl and pentadactyl.
--- snip ---
2011-03-27 Release 6.02
This is the release where we try to help the CPAN-toolchain be able to install
the modules required for https-support in LWP. We have done this by unbundling
the LWP::Protocol::https module from the libwww-perl distribution. In order to
have https support you now need to install (or depend on) 'LWP::Protocol::https'
and then this will make sure that all the prerequsite modules comes along.
See [RT#66838].
This release also removes the old http10 modules that has really been
deprecated since v5.60. These should have been removed at the v6.00 jump, but
I forgot.
Christopher J. Madsen (1):
Ignores env variables when ssl_opts provided [RT#66663]
Gisle Aas (4):
Fix typo; Authen::NTLM [RT#66884]
Yury Zavarin (1):
Support LWP::ConnCache->new(total_capacity => undef)
_______________________________________________________________________________
2011-03-09 Release 6.01
Add missing HTTP::Daemon dependency for the tests.
_______________________________________________________________________________
2011-03-08 Release 6.00
Unbundled all modules not in the LWP:: namespace from the libwww-perl
distribution. The new broken out CPAN distribtions are File-Listing,
HTML-Form, HTTP-Cookies, HTTP-Daemon, HTTP-Date, HTTP-Message, HTTP-Negotiate,
Net-HTTP, and WWW-RobotRules. libwww-perl-6 require these to be installed.
This release also drops the unmaintained lwp-rget script from the distribution.
Perl v5.8.8 or better is now required. For older versions of perl please stay
with libwww-perl-5.837.
For https://... default to verified connections with require IO::Socket::SSL
and Mozilla::CA modules to be installed. Old behaviour can be requested by
setting the PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to 0. The
LWP::UserAgent got new ssl_opts method to control this as well.
Support internationalized URLs from command line scripts and in the proxy
environment variables.
The lwp-dump script got new --request option.
The lwp-request script got new -E option, contributed by Tony Finch.
Protocol handlers and callbacks can raise HTTP::Response objects as exceptions.
--- snip ---
This will abort the current request and make LWP return the raised response.
Bug:
* [SSPCPP-357] - Library init routines should be idempotent
* [SSPCPP-358] - OpenSUSE 11.4 RPM build can't handle warnings during mod_shib build
* [SSPCPP-363] - Windows Installer loops infinitely if the SP is deinstalled from the Control Panel
* [SSPCPP-368] - Fails to build with g++ 4.6 (missing stddef.h)
* [SSPCPP-370] - SSL_CHECK_SERVERHELLO_TLSEXT
* [SSPCPP-371] - <SSO>SAML2</SSO> does not enable ECP support
* [SSPCPP-372] - Bug in query in ODBC storage service plugin
* [SSPCPP-374] - metagen.sh creates PAOS ACS elements twice
* [SSPCPP-379] - DiscoFeed should return empty feed with no metadata provider
* [SSPCPP-380] - When maxTimeSinceAuthn is used, valid time interval is miscalculated when IdP time is a few seconds ahead of SP time
Improvement:
* [SSPCPP-359] - metagen.sh includes xmlns for NAKEDHOSTS
* [SSPCPP-381] - Option to expire redirects on Apache
New Feature:
* [SSPCPP-364] - Add <mdui> examples into the example metadata shipped with the SP
Based on PR#45167 by Benjamin Newman.
Version 1.5.12 released
This version fixes the following things and probably even more things. It also
adds OpenSSL as a requirement.
* Corrected two crashes (oh the dreaded NULL-pointer) when using mark unread
and open URL on non-existent items.
* Use OpenSSL for MD5 calculations and remove all old MD5 code.
* Fix 64bit digest calc. Readstatus wasn't remembered on 64bit versions.
* Regression Bug 3261: Could not create a DNS socket and exit
Changes 3.1.13:
* Regression Bug 3239: problems with myip/myport upgrade
* Bug 3153: hung ICAP RESPMOD transactions
* Update ssl_crtd to use 'OK' status inline with other helpers
* rename: Fix logic error that broke renaming pages when the attachment
plugin was disabled.
* rename: Fix logic error that bypassed the usual pagespec checks.
Support is included for the following formats (RGB colorspace only;
conversion to/from HSL can be handled by the ``colorsys`` module in
the Python standard library):
* Specification-defined color names
* Six-digit hexadecimal
* Three-digit hexadecimal
* Integer rgb() triplet
* Percentage rgb() triplet
* solve name conflict of md5 functions with OpenSSL lib
* mod_proxy, mod_cgi and other mod_*cgi fixes
* ssl improvements
* Native solaris ports fdevent handler “solaris-eventports”
* attachment: Bugfix to create directory when moving attachment out of
holding area.
* Display attachment manipulation links always, since attachments can be
uploaded via javascript.
* Add build dep on python-support. Closes: #633536
* attachment: Bugfix to move upload attachments out of holding area
when saving.
* attachment: Bugfix for trying to attach files to a subpage of the index
page.
Highlights:
* Refreshed Administrative UI - Admin redesign
* New Default Theme "Twenty Eleven" - Uses the latest Theme Features
* Full Screen Editor - Distraction free writing experience
* Extended Admin Bar - More useful links to control the site
* Enhanced Browser Compatibility -
- Drop Internet Explorer 6 support
- Start End-of-life (EOL) cycle for Internet Explorer 7
- Browse Happy notify users of out-of-date browser
* WordPress is Faster and Lighter -
- Faster page loads -- We've gone through the most commonly loaded pages in WP and done improvements to their load time
- Faster Upgrades -- The update system now support incremental upgrades so after 3.2 you'll find upgrading faster than ever
- Optimizations to WP_Filesystem -- Updates over FTP are now much quicker and less error prone
- Stream downloads to the filesystem -- Improves update times and lowers the memory footprint
- Performance improvements for wptexturize()
- Remove PHP4 compatibility including timezone support
- More efficient term intersection queries
- Some optimizations in the HTML sanitizer (kses)
- Speed optimizations for is_serialized_string()
- Cache the Dashboard RSS Widgets HTML output to reduce unnecessary Ajax requests as well as the memory footprint
- And many other improvements and tweaks
Contains also security fixes from wordpress 3.1.4.
Based on the mozilla-5.0 branch.
SeaMonkey 2.2 contains the following major changes relative to SeaMonkey 2.1:
Windows: Bundled extensions/add-ons are no longer optional in SeaMonkey's
installer.
Archive options can now be changed from the Copies & Folders Account Settings pane.
Mozilla platform changes
CSS Animations are now supported.
Improved canvas, JavaScript, memory, and networking performance.
Improved standards support for HTML5, XHR, MathML, SMIL, and canvas.
Improved spell checking for some locales.
WebGL content can no longer load cross-domain textures.
Background tabs have setTimeout and setInterval clamped to 1000ms to improve
performance.
in "A Standard for Robot Exclusion", at
http://www.robotstxt.org/wc/norobots.htmls
Webmasters can use the /robots.txt file to forbid conforming robots
from accessing parts of their web site.
The parsed files are kept in a WWW::RobotRules object, and this object
provides methods to check if access to a given URL is prohibited.
The same WWW::RobotRules object can be used for one or more parsed
/robots.txt files on any number of hosts.
HTTP content negotiation algorithm specified in
draft-ietf-http-v11-spec-00.ps chapter 12.
Content negotiation allows for the selection of a preferred content
representation based upon attributes of the negotiable variants and
the value of the various Accept* header fields in the request.
a lot of bugfixes. (too many to list)
Browse the full list at
https://github.com/kraih/mojo/blob/master/Changes
1.17:
Deprecated Mojolicious process method in favor of the on_process
attribute
1.18:
Added support for "X-Forwarded-HTTPS" and "X-Forwarded-Host"
Added argument localization to the include helper.
1.19:
Improved tests.
1.20:
Improved size limit handling.
1.21:
Improved temporary file handling to avoid a very unlikely race
1.22:
Fixed small memory leak.
Deprecated Mojo::IOLoop on_tick method in favor of the recurring
method. (sbertrang)
Deprecated Mojo::IOLoop on_hup method in favor of the on_close
method.
Deprecated on_build_tx methods in favor of on_transaction methods.
Deprecated on_handler methods in favor of on_request methods.
Updated WebSocket implementation to ietf-07.
Renamed on_idle method in Mojo::IOLoop to idle.
Reduced memory requirements of cached templates by up to 50%.
1.3:
Deprecated Perl 5.8.x support.
Deprecated Mojolicious::Renderer get_inline_template method in
favor of the get_data_template method.
1.31:
Reverted deprecation of Perl 5.8.x support, by popular demand.
1.32:
Updated IO::Socket::SSL requirement to 1.43 due to bugs in older
versions
1.33:
Updated jQuery to version 1.6.1.
1.34:
Fixed small Mojo::DOM HTML5 bug.
1.4:
Deprecated Mojo::DOM add_after method in favor of the append
method.
Deprecated Mojo::DOM add_before method in favor of the prepend
method.
Deprecated all methods containing the word "inner" in favor of ones
containing the word "content".
1.41:
Fixed param list bug in Mojolicious::Controller.
1.42:
Updated WebSocket implementation to ietf-08
1.43:
Improved after_dispatch hook by allowing it to change session data.
1.44:
Added EXPERIMENTAL self-restarting Morbo development web server
1.45:
Fixed an exception with layout rendering bug.
1.46:
Improved overall performance by about 3%
1.47:
Added host support to Mojolicious::Plugin::Mount
1.48:
Added debug log message for missing action to router
1.49:
three EXPERIMENTAL features
1.50:
Updated jQuery to version 1.6.2.
1.51:
Renamed build_url method in Test::Mojo to test_server.
1.52:
Fixed small static file in DATA section bug.
1.53:
Added EXPERIMENTAL format method to Mojo::Log
1.54:
windows fixes
1.55:
Fixed some portability issues in tests
1.56:
Fixed small memory leaks in Hypnotoad and Mojo::IOLoop.
1.57:
hypnotoad improvements
1.58:
Fixed fork bug in Mojo::IOLoop.
1.59:
Added peer method to Mojo::Transactor
1.60:
Added xsl MIME type.
GNU libmicrohttpd is a small C library that is supposed to make it
easy to run an HTTP server as part of another application. GNU
libmicrohttpd is free software and part of the GNU project. Key
features that distinguish libmicrohttpd from other projects are:
* C library: fast and small
* API is simple, expressive and fully reentrant
* Implementation is HTTP 1.1 compliant
* HTTP server can listen on multiple ports
* Four different threading models (select, poll, pthread, thread pool)
* Supported platforms include GNU/Linux, FreeBSD, OpenBSD, NetBSD, OS X, W32,
Symbian and z/OS
* Support for IPv6
* Support for SHOUTcast
* Support for incremental processing of POST data (optional)
* Support for basic and digest authentication (optional)
* Support for SSL3 and TLS (requires libgcrypt and libgnutls, optional)
* Binary is only about 32k (without TLS/SSL support and other optional
features)
What's new in 1.5 rc3
=====================
Pertinent to users:
-------------------
1. PyBlosxom shows an error page if it crashes rather than forcing
you to go figure out what happened by finding the web server logs.
This should make configuring and debugging much easier.
2. Bunch of new plugins.
3. Bunch of fixes to the comments plugin, tags and pycalendar plugins.
Tags plugin gains tags cloud functionality.
Comments plugin gains comment_disable_after_x_days feature.
If you're using them, update to the latest versions.
4. Bunch of fixes to the documentation. If you see errors or things
that are unclear, let us know.
The documentation for the comments plugin still needs to be overhauled.
5. Bunch of other bug fixes.
6. Bunch of new plugins: magicword, pages, rst, check_nonhuman, and
check_blacklist.
Summary of selected changes in 1.17
Selected changes since MediaWiki 1.16 that may be of interest:
A new installer has been introduced. It has a wizard-style interface which is translated into many languages. Many shortcomings in the old installer were addressed with this rewrite. Note that it is no longer required for the config directory to be made writable by the webserver. Instead the generated LocalSettings.php file is offered as a download, which you must then upload to the wiki's base directory.
ResourceLoader, a new framework for delivering client-side resources such as JavaScript and CSS, has been introduced. These resources are now delivered through the new entry point script "load.php", instead of as static files served directly by the web server. This allows minification, compression and client-side caching to be used more effectively, which should provide a net performance improvement for most users.
Category sorting has been improved.
Sorting is now case insensitive.
Sub-categories, pages and files can now be paged separately.
When several pages are given the same sort key, they sort by their names instead of randomly.
The lowest supported version of PHP is now 5.2.3. If necessary, please upgrade PHP prior to upgrading MediaWiki.
Summary of selected changes in 1.16
Selected changes since MediaWiki 1.15 that may be of interest:
Watchlists now have RSS/Atom feeds. RSS feeds generally are now hidden, since Atom is a better protocol and is supported by virtually all clients.
It's now possible to block users from sending email via Special:Emailuser.
The maintenance script system was overhauled. Most maintenance scripts now have a useful help page when you run them with --help.
AdminSettings.php is no longer required in order to run maintenance scripts. You can just set $wgDBadminuser and $wgDBadminpassword in your LocalSettings.php instead.
The preferences system was overhauled. Preferences are stored in a more compact format. Changes to site default preferences will automatically affect all users who have not chosen a different preference.
Support for SQLite was improved. Some broken features were fixed, and it now has an efficient full-text search.
The user groups ACL system was improved by allowing rights to be revoked, instead of just granted.
A new localisation caching system was introduced, which will make MediaWiki faster for almost everyone, especially when lots of extensions are enabled.
By default, this new system makes a lot of database queries. If your database is particularly slow, or if your system administrator limits your query count, or if you want to squeeze as much performance as possible out of Mediawiki, set $wgCacheDirectory to a writable path on the local filesystem. Make sure you have the DBA extension for PHP installed, this will improve performance further.
* userlist: New plugin, lets admins see a list of users and their info.
* aggregate: Improve checking for too long aggregated filenames.
* Updated to jQuery 1.6.1.
* attachment: Speed up multiple file uploads by storing uploaded files
in a staging area until the page is saved/previewed, rather than
refreshing the site after each upload.
(Sponsored by The TOVA Company.)
* attachment: Files can be dragged into the edit page to upload them.
Multiple file batch upload support. Upload progress bars.
AJAX special effects. Impemented using the jQuery-File-Upload widget.
(If you don't have javascript don't worry, I kept that working too.)
(Sponsored by The TOVA Company.)
* Add libtext-multimarkdown-perl to Suggests. Closes: #630705
* headinganchors: Plugin by Paul Wise that adds ids to <hn> headings.
* html5 is not experimental anymore. But not the default either, quite yet.
* Support svg as a inlinable image type; svg images can be included on a
page by simply linking to them, or by using the img directive.
Note that sanitizing svg files is still not addressed.
* img: Generate png format thumbnails for svg images.
* Preserve mixed case in page creation links, and when creating a page
whose title is mixed case, allow selecting between the mixed case and
all lower-case names.
* Fix ikiwiki-update-wikilist -r to actually work.
* comments: collect metadata in a scan-phase preprocess hook, which
fixes sorting comments by date. (smcv)
* Run scan hooks for internal pages (preprocess hooks already run in scan
mode) (smcv)
* inline: Handle obfuscated urls, such as the mailto urls generated by
markdown when forcing urls absolute.
* Bugfix for wikilink containing an email address not showing up in
brokenlinks list.
* Bugfix for trying to attach files to a subpage of the index page.
Updating this leaf package during the freeze for bugfix purposes.
freeze; plus the prior version wasn't buildable anyhow.
pkgsrc changes:
- add comments to patches
- fix some pkglint
- add a LICENSE
- add a MESSAGE with url to the patches on cvsweb.n.o., which
the license may require
- enable the DAV and Redland RDF code
Vulnerabilities:
- Fixes Secunia 34531.
- Fixes CVE-2008-6005, which hasn't been in pkg-vulnerabilities for
some reason.
- No longer uses outdated builtin wxGTK, so CVE-2009-2369 no longer applies.
- It isn't clear if Secunia 32848 is fixed or not.
Upstream changes:
Amaya 11.3.1
9 December 2009
* Amaya merged paragraphs when several paragraphs are selected and
the user applies to it Strong, Emphasis or Code
* Sometimes after a <br> element is inserted the selection was misplaced
* The caret at the end of a line is sometimes not displayed
* The markup within <script> elements is now preserved
* Bold Italic fonts were not available on Windows platforms
* The $HOME variable is now ignored on Windows platforms
Amaya 11.3
2 December 2009
New Features
* The https protocol is now supported
* New version of the template editor: creation of XTiger
libraries, components, imports, etc.
* Automatic opening of the Structure view for template instances
* The vertical split opens the Structure view and the horizontal
split opens the Source view
* A double click on an item of the List of style sheets tool opens
the style sheet
* A new set of Amaya profiles: "Lite", "Lite+Web", "Lite+Web+CSS",
"Lite+Web+CSS+Math_Graphics", "Advanced"
* The Insert entity command now allows one to insert a unicode
character into a HTML document
* A new command Undo close Tab in the Tab contextual menu
* The Tab and Shift Tab commands allow one to move down/up list items
* The fonts configuration changes: old personal fonts.gl and
fonts.gl.win files have to be removed
Bug fixes
* The link dialogue didn't allow one to insert relative links into
a remote document
* Sometimes the focus in the link dialogue was lost
* Fix some rendering bugs and improve the CSS support
* Improve the edit of template instances: management of options
and attributes and fix bugs
* The refresh of tool panels was too slow
* PNG images were not displayed on 64-bit platforms
* On Mac OSX, the ^ dead key behaved like if "enter" was pressed
* On Mac OSX 10.5, sometimes cached files of the libwww were
stored into the "/" directory
* On Mac OS X platforms when scrolling, svg drawing moved up on the text
* The table of contents was not generated when the selection is not empty
* When the loaded file is ReadOnly, the Save As to another
location didn't work
Amaya 11.2
3 July 2009
New Features
* CSS: Support of z-index, opacity, SVG fill-rule, stop-opacity
and stop-color properties
* SVG: Implementation of linear gradients, copy/paste of markers
* Amaya proposes now to keep a local copy of edited pages when the
publishing fails
* Publishing: Resources can be saved with the document
* A new button allows one to lock/unlock WebDAV resources
Bug fixes
* Move the selection into the structure view when the created
<option> is not visible in the formated view
* The Attributes panel is updated as soon as it is opened
* When a column of a table is selected, Attributes and Style
panels apply to the <col> element
* Keep options of the table creation dialog
* Improve the management of template instances: options, repeats, etc.
* On Windows, local annotations were not correctly loaded
* On Mac OS X: Improve the management of libwww cached files
* The Code clean-up command now keeps style and lang attributes of
<div>, <table>, <span>, and <img> elements
* Improve the rendering of floated boxes and background images
* Fix some redisplay problems
* SVG: When there are several <group> elements, only the first
<group> could be selected
* SVG: When the <svg> element is centered, the position of new
components was miscalculated
* SVG: Improve the creation of arrows
* Fix a crash on Windows version when the Tab key was used in a
document that included a <form> element.
* The Type of the last created document was sometimes lost.
* Improve the WebDAV support
* Etag and preconditions were always checked when a document was
published
* Optimize the calculation of large tables and documents
* And other bug fixes...
Amaya 11.1
30 January 2009
New Features
* Text wrapping in the source view
* Partial support of SVG markers (arrow heads are now drawn with markers)
Bug fixes
* Fix possible security holes CVE-2008-6005
* Prevent a crash when the window, or a tab, or the application is
closed and a dialog is opened
* Display an empty window when the last tab of a window is closed
* Allow to create a link to the document itself
* Sometimes images were not loaded
* Keep options of the Search/Replace command
* Amaya ignored floated boxes within a table cell
* Mac OS X: Sometimes the horizontal scroll bar was not displayed
correctly
* Mac OS X and Windows: Next element and Previous element keys
were applied twice
Amaya 11.0
16 December 2008
New Features
* Support of XHTML+RDFa documents:
o RDFa attributes are parsed and can be edited
o Possibility to create XHTML+RDFa documents
o A command to add/remove namespace declarations of a document
o List of namespace declarations defined in the RDFa Preference.
* Shift+wheel scrolls the document horizontally
* Support direct resizing of images
* Integration of Japanese dialogs thanks to Martin D?rst
* XHTML, MathML, SVG, Template, and XML panels are now tabs of the
Elements tool
* Few new characters are proposed in the Special Characters tool
* A Span menu item is now available in the menu Insert > Character
Element
* SVG editing (a subset of the language)
* Template editing
* the Crtl-Click command opens a link in a new tab (Unix and Windows)
* The Reload command re-open the source or the structure view
* New management of Help documentation
* Improvement of template instances editing (Enter key,
transformations, contextual menus)
* A Tools > Code clean up command to clean up documents generated
by most word processors
Bug fixes
* Improvement of the rendering engine
* When the user selects in the structure view, the selection path
was not displayed in the status bar
* Sometimes images within a table were not displayed
* CSS style sheets attached to an object were not applied
* Close the help window when the user closes the last window document
* The Save all command was active only when a edited document is displayed
* Documents are now scrolled page by page
* On Mac OS X the focus could be lost when a dialog is closed
* On Mac OS X, Ctrl Enter didn't insert a <br>
* Improvement of MathML editing
* It was impossible to extend the selection outside a table
* <br> elements were not copied/pasted
* All attributes in MathML expressions were considered invalid
* Interpretation of attributes attached to <col> elements to fix
alignment, background-color, and width
* Display "Column" instead of "td" or "th" in the statusbar when
the whole column is selected
* A background image CSS property attached to any element (*) was
not applied immediately
* Improvement of XML document saving
* On Mac OS X, the default charset was set to us-ascii by error
* Amaya now uses the Content Location to save a remote document
without suffix (instead of redirecting to the Save As dialog)
* Amaya requested a confirmation each times the PUT is redirected
* Amaya keeps "\\windows-server\sharename\filename.html" URIs unchanged
* When text typed causes image contents to be pushed (to the
right) along with text, only part of the image was refreshed
* In source view, <shif-PageUP/DN>, <shift-DNarrow>, and
<shift-RTarrow> didn't work well.
This release includes the following changes:
o recognize the [protocol]:// prefix in proxy hosts where the protocol is one
of socks4, socks4a, socks5 or socks5h.
o Added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA
This release includes the following bugfixes:
o SECURITY ADVISORY: inappropriate GSSAPI delegation. Full details at
http://curl.haxx.se/docs/adv_20110623.html
o NTLM: work with unicode
o fix connect with SOCKS proxy when using the multi interface
o anyauthput.c: stdint.h must not be included unconditionally
o CMake: improved build
o SCP/SFTP enable non-blocking earlier
o GnuTLS handshake: fix timeout
o cyassl: build without filesystem
o HTTPS over HTTP proxy using the multi interface
o speedcheck: invalid timeout event on a reused handle
o Force connection close for HTTP 200 OK when time condition matched
o curl_formget: fix FILE * leak
o configure: improved OpenSSL detection
o Android build: support gingerbread
o CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
o windows build: use correct MS CRT
o pop3: remove extra space in LIST command
- Fix pollution of the slots table with unoccupied slots (r311376)
- Fix fcntl lock error from repository (r311339). It was reported
by PR pkg/45082 from Peter Avalos.
Bump PKGREVISION.
== 1.2.11 Bat-Shit Crazy
* Fix pure Ruby gem to not include binary.
== 1.2.10 I'm dumb (BAD RELEASE, DON'T USE)
* I really am (bad release fix)
== 1.2.9 Black Keys Extra Plus Wow (BAD RELEASE, DON'T USE)
* Improve fat binary loading.
== 1.2.8 Black Keys
* Allow the connection to remain open for 1xx statuses [timshadel]
Both the 100 and 101 status codes require that the connection to the
server remain open. The 100 status code is used to tell the client that
the server is still receiving its request, and will continue to read
request input on the connection. The 101 status code is used to upgrade
the existing connection to another protocol, and specifically is NOT
used to upgrade a separate connection. Therefore, the connection must
remain open after this response in order to facilitate that.
* Accept IE7 badly encoded URL (eg.: %uEEEE)
* Fix gemspec to work w/ Bundler [smparkes]
* Add SSL support [tmm1]
* Catch Errno::EPERM in Process.running? [Tony Kemp]
On some systems (e.g. OpenBSD) you receive an EPERM exception if
you try to Process.getpgid on a process you do not own (even if you
are root). But it does mean that the process exists, so return true.
* Fix Rails version check that select which Rack adapter to use. Was using CGI adapter in Rails 3.
* Ignore SIGHUP when no restart block is given
* Add SSL options to thin command line tool [goldmann]
--ssl Enables SSL
--ssl-key-file PATH Path to private key
--ssl-cert-file PATH Path to certificate
--ssl-verify Enables SSL certificate verification
* Expose peer SSL certificate in env (rack.peer_cert) [fd]
* Adjusting unix socket permissions to be more open [mbj]
Susy Changelog
==============
v0.9 [Apr 25 2011]
------------------
Everything here is about simplicity. Susy has scaled back to it's most basic
function: providing flexible grids. That is all.
Deprecated:
* The `susy/susy` import is deprecated in favor of simply importing `susy`.
* The `show-grid` import is deprecated in favor of CSS3 gradient-based
grid-images. You can now use the `susy-grid-background` mixin. See below.
Removed:
* Susy no longer imports all of compass.
* Susy no longer establishes your baseline and no longer provides a reset.
All of that is in the Compass core. You can (and should!) keep using them, but
you will need to import them from compass.
New:
* Use the `susy-grid-background` mixin on any `container` to display the grid.
This toggles on and off with the same controls that are used by the compass
grid-background module.
v0.9.beta.3 [Mar 16 2011]
-------------------------
Deprecated:
* The `susy/reset` import has been deprecated in favor of the Compass core `compass/reset` import.
* The `susy` mixin has been deprecated. If you plan to continue using vertical-rhythms, you should replace it with the `establish-baseline` mixin from the Compass Core.
Removed:
* The `vertical-rhythm` module has moved into compass core. The API remains the same, but if you were importing it directly, you will have to update that import.
* The `defaults` template has been removed as 'out-of-scope'. This will not effect upgrading in any way, but new projects will not get a template with default styles.
New Features:
* Susy now supports RTL grids and bi-directional sites using the `$from-direction` variable (default: left) and an optional additional from-direction argument on all affected mixins. Thanks to @bangpound for the initial implementation.
* Susy is now written in pure Sass! No extra Ruby functions included! Thanks to the Sass team for making it possible.
v0.8.1 [Sep 24 2010]
--------------------
* Fixed typos in tutorial and `_defaults.scss`
ruby-compass pacakge.
# Sass
**Sass makes CSS fun again**. Sass is an extension of CSS3,
adding nested rules, variables, mixins, selector inheritance, and more.
It's translated to well-formatted, standard CSS
using the command line tool or a web-framework plugin.
Sass has two syntaxes. The new main syntax (as of Sass 3)
is known as "SCSS" (for "Sassy CSS"),
and is a superset of CSS3's syntax.
This means that every valid CSS3 stylesheet is valid SCSS as well.
SCSS files use the extension `.scss`.
The second, older syntax is known as the indented syntax (or just "Sass").
Inspired by Haml's terseness, it's intended for people
who prefer conciseness over similarity to CSS.
Instead of brackets and semicolons,
it uses the indentation of lines to specify blocks.
Although no longer the primary syntax,
the indented syntax will continue to be supported.
Files in the indented syntax use the extension `.sass`.
[d05190a | 2011-04-19 02:37:16 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Version 2011.04
[bacc603 | 2011-04-19 02:37:03 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Remove rubyforge release task
[05ccf96 | 2011-04-19 02:31:28 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Node::find_method must accept anything that responds to #to_s as method name
[8d4bfd0 | 2011-02-13 23:07:12 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Don't mention :state, it's gone
[2b3a9ca | 2011-01-26 06:12:26 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Version 2011.01
[6039ffa | 2010-12-11 13:58:04 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Adjust spec for changes in Rack
[5e30254 | 2010-09-17 10:58:10 UTC] Antti Tuomi <antti.tuomi@tkk.fi>
* New method for Innate::Session, #resid!, that can be used to change the session key.
The intent of the method is to allow changing session keys when user logs in
to prevent certain session fixation attack vectors. #resid! moves all
session data under a new session key and thus invalidates the old key.
It is probably a good idea to explicitly reset the session data as well on
login, but the necessity of this depends on the application.
[85d45ea | 2010-09-07 01:14:44 UTC] Lee Jarvis <injekt.me@gmail.com>
* updated git url
[51eac73 | 2010-09-06 23:25:22 UTC] Lee Jarvis <injekt.me@gmail.com>
* added gitignore
[32c943c | 2010-09-06 06:02:25 UTC] Lee Jarvis <injekt.me@gmail.com>
* fixed pointless spec addition
[b180c1c | 2010-09-06 06:00:44 UTC] Lee Jarvis <injekt.me@gmail.com>
* added specs for helper suffix
[c7fccc6 | 2010-09-06 05:50:45 UTC] Lee Jarvis <injekt.me@gmail.com>
* removed send_file helper spec
[49c9963 | 2010-09-06 05:49:54 UTC] Lee Jarvis <injekt.me@gmail.com>
* removed send_file from default helpers
[4ca7b0c | 2010-09-06 05:22:23 UTC] Lee Jarvis <injekt.me@gmail.com>
* allow helper modules to be suffixed with 'helper'
this allows us to create helpers which may have identical names as
Models without having namespace conflicts
[7d8437e | 2010-08-26 15:12:26 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Support HttpOnly
[1183bca | 2010-08-20 14:15:58 UTC] Lee Jarvis <injekt.me@gmail.com>
* moved send_file helper to ramaze
[6412640 | 2010-07-21 04:32:15 UTC] injekt <ljjarvis@gmail.com>
* fixed readme formatting
[1ac3e6f | 2010-07-21 04:31:27 UTC] injekt <ljjarvis@gmail.com>
* updated installation docs
*Rails 3.0.9 (unreleased)*
* json_escape will now return a SafeBuffer string if it receives
SafeBuffer string [tenderlove]
* Make sure escape_js returns SafeBuffer string if it receives
SafeBuffer string [Prem Sichanugrist]
* Fix text helpers to work correctly with the new SafeBuffer
restriction [Paul Gallagher, Arun Agrawal, Prem Sichanugrist]
Quote from release announce:
With Geeklog 1.8.0 we have raised the minimum system requirement for PHP.
PHP version 5.2.0 or greater is now required.
There are a number of new features with this version of Geeklog. These
include:
- Improved Configuration, which was the Google Summer of Code project of
Akeda Bagus from 2010. Improvements include the ability to search for
configuration attributes, tabs, input validation as well as an updated
look.
- OAuth Support, allowing users to log into a Geeklog site with their
Facebook, Twitter, or LinkedIn account, developed by Hiroshi Sakuramoto of
Geeklog Japan.
- Includes jQuery 1.5.2 and jQuery UI 1.8.11
- Updated Professional theme with new icons and tooltips.
- Reworked Plugin Admin interface that now checks for dependencies when a
plugin is installed.
Changelog
=========
Since 1.7.5
-----------
bugfix: Problem when upload an image from CKEditor
bugfix: Missing validation for some filenames when upload an image.
bugfix: Restore password does not work properly.
bugfix: The system was creating a new user for receiving attachments
bugfix: Error with searchable_objects
bugfix: Solved issue with Spanish lang files
bugfix: Issue when unarchive a file
bugfix: Issue related with subscriptions
bugfix: Unworked pending tasks in report
usability: Changed layout when create a new system user.
usability: Enhancements related to workspace panel
usability: Was simplified the user creation from the new task form
usability: Improvements to getting started wizard
system: Resolved issues about SSL and APC implementation
system: Issue when update the system
Since 1.7.4.1
-------------
bugfix: Issue with mail queries
bugfix: Added config option for user of other companies
bugfix: Resolved issue arround reports
bugfix: Issues with wizard (v1.0)
bugfix: Issue with timezone on calendar.
usability: Implemented lang support for getting started wizard
ELinks 0.12pre5:
----------------
* Debian bug 534835: Check the return values of some SpiderMonkey
functions, to avoid crashes if out of memory.
* minor bug 1017: To work around HTTP server bugs, disable
protocol.http.compression by default, until ELinks can report
decompression errors or automatically retry the connection.
* enhancement: The French translation was updated.
Bugs that should be removed from NEWS before the 0.12.0 release:
* critical bug 1081: To fix crashes caused by different definitions of
regfree() in TRE and in the system libc, link with TRE before any
other libraries. ELinks 0.12pre4 was the first release that had
this bug.
* Searching for more than one fullwidth (e.g. Japanese) character now
works.
* bug 1080: Support ``--dump-color-mode'' with ``--dump-charset UTF-8''.
Neither of those worked before ELinks 0.12pre1.
ELinks 0.12pre4:
----------------
Released on 2009-05-31. This release also included the changes listed
under ``ELinks 0.11.6'' below.
Incompatibilities:
* Debian build bug 529821: Use ``pkg-config gnutls'' instead of
``libgnutls-config'', which is not included in GNUTLS 2.7.x.
You can no longer specify the location of GNUTLS using
``configure --with-gnutls=DIR''.
Other changes:
* critical bug 1077: Fix crash opening a ``javascript:'' link in a new
tab.
* Debian bug 528661: If using GNUTLS 2.1.7 or later, disable various
TLS extensions (including CERT and SERVERNAME) to help handshaking
with the SSLv3-only bugzilla.novell.com.
* Debian build bug 526349: Include asciidoc.py from AsciiDoc 7.1.2,
to remove all dependencies on the installed version.
* build enhancement: Recognize ``configure --without-tre''.
Bugs that should be removed from NEWS before the 0.12.0 release:
* critical bug 1071: Fix crash in get_dom_node_child. ELinks 0.12pre1
was the first release that had this bug.
* bug 765: Opening a new tab no longer asks about the document of the
previous tab. ELinks 0.12pre1 was the first release that had this
bug.
ELinks 0.12pre3:
----------------
Released on 2009-03-29. This release also included the changes listed
under ``ELinks 0.11.6'' below.
Incompatibilities:
* bug 1060: Regexp searching now requires the TRE library.
* lzma disabled by default. It's rarely used and doesn't build with new xz.
Other changes:
* critical: Fix assertion failure if IMG/@usemap refers to a different
file.
* Preserve newlines in hidden input fields, and submit them as CRLF.
Previously, they could turn into spaces or disappear entirely.
* Perl scripts can use modules that dynamically load C libraries, like
XML::LibXML::SAX does.
* bug 153: Preserve Unicode characters in XBEL bookmark files.
However, Unicode in URIs (really IRIs) does not work reliably yet;
this is being tracked as bug 1066.
* bug 885: Convert xterm titles to ISO-8859-1 by default, but add an
option to disable this. When removing control characters from a
title, note the charset. Don't truncate titles to the width of the
terminal.
* bug 1061: Correctly truncate UTF-8 titles in the tab bar.
* bug 1068: ELinks used to display a blank or truncated page if an
HTTP/1.1 server sent a compressed body with incorrect Content-Length.
That has now been fixed, and a new option (protocol.http.compression)
has been added.
* Don't crash when the search-toggle-regex action is used and no regular
expression support is compiled in.
* minor bug 761: When reading bookmarks from an XBEL file, distinguish
attribute names from attribute values.
* enhancement: Updated ISO 8859-7, ISO 8859-16, KOI8-R, and MacRoman.
Bugs that should be removed from NEWS before the 0.12.0 release:
* critical bug 1067: Fixed a crash in the RSS parser that ``configure
--enable-html-highlight'' enables. ELinks 0.12pre1 was the first
release that had this bug.
* bug 1069: ELinks didn't report ECMAScript errors, even if the
ecmascript.error_reporting option was turned on. ELinks 0.12pre2
was the first release that had this bug.
* remove PYTHON_VERSION restriction, just 25 is the latest version at
release of this package (from result of selftest with python26,
it it same as python25's one).
== Ruby-GNOME2 0.90.9: 2011-06-11
NOTE: 0.90.x releases are for 1.0.0 major release.
This is the last release of 0.90.x series. The next release
will be 1.0.0!
=== Changes
==== All
* Fixes
* Fix a bug in version numbers.
[Grant Schoep, Vincent Carmona]
* Support 'bundle install' .
==== Ruby/GLib2
* Improvements
* Support GLib::IOChannel.new(fd) and GLib::IOChannel#fd on Windows.
* GLib::IOChannel#write returns written byte not self.
[backward incompatible]
==== Ruby/GTK2
* Fixes
* fix misc/bindings.rb sample (ruby 1.9).
[Vincent Carmona]
* [#3305589] fix Gtk::Window#add_accel_group misses
a reference to accel group.
[Piotr Korzuszek, Kouhei Sutou]
* Support cairo related samples in Ruby 1.9.
[Jon, Kouhei Sutou]
==== Ruby/GStreamer
* Improvements
* add Gst::Registry.update method.
[Vincent Carmona]
==== Ruby/VTE
* Fixes
* [#3199587] fix pc install.
[OBATA Akio, Kouhei Sutou]
==== Ruby/Poppler
* Fixes
* [#3292118] don't run needless tests.
[Mamoru Tasaka, Kouhei Sutou]
==== Ruby/GtkSourceView2
* Improvements
* support Windows.
[S.Kitagawa]
* ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su.
(Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel.
(CVE-2011-1408)
* search: Update search page when page.tmpl or searchquery.tmpl are locally
modified.
* Danish translation update. Closes: #625721
* Danish underlay translation update. Closes: #625765
(Thanks, Jonas Smedegaard)
* Support YAML::XS by not passing decoded unicode to Load. Closes: #625713
* openid, aggregate, pinger: Use Net::INET6Glue if available to
support making ipv6 connections. (Note that if LWPx::ParanoidAgent
is installed, it defeats this for openid.)
* Add additional directive quoting styles, to better support nested
directives. Both triple-single-quote and heredoc quotes can be used.
(Thanks, Timo Paulssen)
* Changed license of madduck's python plugins from GPL-2 to BSD-2-clause.
* po: support language codes in the form of 'es_AR', and 'arn'. (intrigeri)
Closes: #627844
* po: Make po4a warn, not error on a malformed document. (intrigeri)
* Support the Hiawatha web server which sets HTTPS=off rather than not
setting it. (There does not seem to be a standard here.)
pkgsrc changes:
* Adjust local modifications to improve our upstream chances.
* Quell pkglint.
* Indent consistently.
Version 1.6.17
(01 Jun 2011, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.17
User-visible changes:
* improve checkout speed on Windows (issue #3719)
* make 'blame -g' more efficient on with large mergeinfo (r1094692)
* avoid some invalid handle exceptions on Windows (r1095654)
* preserve log message with a non-zero editor exit (r1072084)
* fix FSFS cache performance on 64-bit platforms (r1103665)
* make svn cleanup tolerate obstructed directories (r1091881)
* fix deadlock in multithreaded servers serving FSFS repositories (r1104093)
* detect very occasional corruption and abort commit (issue #3845)
* fixed: file externals cause non-inheritable mergeinfo (issue #3843)
* fixed: file externals cause mixed-revision working copies (issue #3816)
* fix crash in mod_dav_svn with GETs of baselined resources (r1104126)
See CVE-2011-1752, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
* fixed: write-through proxy could direcly commit to slave (r917523)
* detect a particular corruption condition in FSFS (r1100213)
* improve error message when clients refer to unkown revisions (r939000)
* bugfixes and optimizations to the DAV mirroring code (r878607)
* fixed: locked and deleted file causes tree conflict (issue #3525)
* fixed: update touches locked file with svn:keywords property (issue #3471)
* fix svnsync handling of directory copyfrom (issue #3641)
* fix 'log -g' excessive duplicate output (issue #3650)
* fix svnsync copyfrom handling bug with BDB (r1036429)
* server-side validation of svn:mergeinfo syntax during commit (issue #3895)
* fix remotely triggerable mod_dav_svn DoS
See CVE-2011-1783, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
* fix potential leak of authz-protected file contents
See CVE-2011-1921, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
Developer-visible changes:
* fix reporting FS-level post-commit processing errors (r1104098)
* fix JVM recognition on OS X Snow Leopard (10.6) (r1028084)
* allow building on Windows with recent Expat (r1074572)
== Changes
= Changes in 2.2.1 =
Jun 2, 2011 - version 2.2.1
* Bug fixes
* For Lighttpd + PUT/POST support, do not send a request using chunked
encoding when IO respond to :size, File for example.
- There is no need to send query with Transfer-Encoding: chuncked when
IO respond to :size.
- Lighttpd does not support PUT, POST with Transfer-Encoding: chuncked.
You will see that the lighty respond with 200 OK, but there is a file
whose size is zero.
LIMITATION:
timeout occurs certainly when you send very large file and
@send_timeout is default since HTTPClient::Session#query() assumes
that *all* write are finished in @send_timeout sec not each write.
WORKAROUND:
increment @send_timeout and @receive_timeout or set @send_timeout and
@receive_timeout to 0 not to be timeout.
This fix is by TANABE Ken-ichi <nabeken@tknetworks.org>. Thanks!
* Allow empty http_proxy ENV variable. Just treat it the same as if it's
nil/unset. This fix is by Ash Berlin <ash_github@firemirror.com>.
Thanks!
* Check EOF while reading chunked response and close the session. It
raised NoMethodError.
* Changes
* Updated trusted CA certificates file (cacert.p7s and cacert_sha1.p7s).
CA certs are imported from
'Java(TM) SE Runtime Environment (build 1.6.0_25-b06)'.
* Changed default chunk size from 4K to 16K. It's used for reading size
at a time.
Drupal 6.22, 2011-05-25
----------------------
- Made Drupal 6 work better with IIS and Internet Explorer.
- Fixed .po file imports to work better with custom textgroups.
- Improved code documentation at various places.
- Fixed a variety of other bugs.
mirrored by NetBSD.org, had completely hosed file permissions; plus,
it differed in size (but not version) from the distfile available from
the sourceforge project site.
Since the latter actually works, I updated the checksum to use it.
* Various security hardening by Alexander Concha.
* Taxonomy query hardening by John Lamansky.
* Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
* Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
* Improves file upload security on hosts with dangerous security settings.
* Cleans up old WordPress import files if the import does not finish.
* Introduce "clickjacking" protection in modern browsers on admin and login pages.
Jekyll is a simple, blog aware, static site generator. It takes a
template directory (representing the raw form of a website), runs it
through Textile or Markdown and Liquid converters, and spits out a
complete, static website suitable for serving with Apache or your
favorite web server. This is also the engine behind GitHub Pages,
which you can use to host your project's page or blog right here
from GitHub.
Upstream changes:
Version 3.54, Apr 28, 2011
No code changes
[INTERNALS]
- Address test failures in t/tmpdir.t, thanks to Niko Tyni.
Some tests here are failing on some platforms and have been marked as TODO.
Version 3.53, Apr 25, 2011
[NEW FEATURES]
- The DELETE HTTP verb is now supported.
(RT#52614, James Robson, Eduardo Ari#o de la Rubia)
[INTERNALS]
- Correct t/tmpdir.t MANIFEST entry. (RT#64949)
- Update minimum required Perl version to be Perl 5.8.1, which
has been out since 2003. This allows us to drop some hacks
and exceptions (Mark Stosberg)
Version 3.52, Jan 24, 2011
[DOCUMENTATION]
- The documentation for multi-line header handling was been updated to reflect
the changes in 3.51. (Mark Stosberg, ntyni@iki.fi)
[INTERNALS]
- Add missing t/tmpfile.t file. (RT#64949)
- Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg)
- Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni)
Version 3.51, Jan 5, 2011
[NEW FEATURES]
- A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly
exclude a particular scope from triggering printing to the browser when
fatatlsToBrowser is set. (RT#62783, Thanks to papowell)
- The <script> tag now supports the "charset" attribute.
(RT#62907, Thanks to Fabrice Metge)
- In CGI::Cookie, "Max-Age" is now supported for better spec compliance.
(Mark Stosberg)
[BUG FIXES]
- Setting charset() now works for all content types, not just "text/*".
(RT#57945, Thanks to Yanick and Gerv.)
- support for user temporary directories ($HOME/tmp) was commented out
in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni)
- setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been
working but undocumented since 3.12 (which listed it in Changes as
$CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni)
- unfortunately the previous change broke the runtime check for looking
for a new temporary directory if the current one suddenly became
unwritable (Peter Gervai, Niko Tyni)
- A bug was fixed in CGI::Carp triggered by certain death cases in
the BEGIN phase of parent classes.
(RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg)
- CGI::Cookie->new() now follows the documentation and returns undef
if the -name and -value args aren't provided. This new behavior is also
consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg)
- CGI::Cookie->parse() now trims leading and trailing whitespace from cookie
elements as intended. The change also makes this part of the parsing
identical to CGI::Simple::Cookie (Mark Stosberg)
- Temp file handling was improved (RT#62762)
[SECURITY]
- Further improvements have been made to guard against newline injections
in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg)
[PERFORMANCE]
- Make EBCDIC a compile-time constant so there's zero overhead (and less
compiled code) in subroutines that test for it. (Tim Bunce)
- If you just want to use CGI::Cookie, CGI.pm will no longer be loaded
unless you call the bake() method, which requires it. (Mark Stosberg)
[DOCUMENTATION]
- quit referring to the <link> tag as being "rarely used". (Victor Sanders)
- typo and whitespace fixes (RT#62785, thanks to scop@cpan.org)
- The -dtd argument to start_html() is now documented
(RT#60473, Thanks to giecrilj and steve@fisharerojo.org)
- CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0.
- when creating a temporary file in the directory fails, the error message
could indicate the root of the problem better (Peter Gervai, Niko Tyni)
[INTERNALS]
- Re-fixing https test in http.t. (RT#54768, thanks to SPROUT)
- param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg)
Version 3.50, Nov 8, 2010
[SECURITY]
1. The MIME boundary in multipart_init is now random.
Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and Mark Stosberg
2. Further improvements to handling of newlines embedded in header values.
An exception is thrown if header values contain invalid newlines.
Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux,
Lincoln Stein, Fr#d#ric Buclin and Mark Stosberg
[DOCUMENTATION]
1. Correcting/clarifying documentation for param_fetch(). Thanks to
Ren#e B#cker. (RT#59132)
[INTERNALS]
1. Fixing https test in http.t. (RT#54768)
2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple.
- Revert ABI breakage in 2.2.18 caused by the function signature change
of ap_unescape_url_keep2f(). This release restores the signature from
2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
[Eric Covener]
Version 2.9.5 (2011-05-18)
--------------------------
- Updated: updated TCPDF to version 5.9.061 (#2929)
- Added: IE9 compatibility
- Added: added the Swedish editArea translation (#3016)
- Fixed: the code editor did not show up in the file manager (#2922)
- Fixed: the RSS reader did not parse HTML code correctly (#2918)
- Fixed: not all option callbacks worked correctly in override multiple mode (#2976)
- Fixed: the textarea widget did not support the readonly attribute (#2997)
- Fixed: the personal data modules did not handle checkbox fields (#3063)
- Fixed some minor issues
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
HTTP::OAI is a stub module.
HTTP::OAI::Harvester is the harvesting front-end in the OAI-PERL library.
To harvest from an OAI-PMH compliant repository create an HTTP::OAI::Harvester
object using the baseURL option and then call OAI-PMH methods to request data
from the repository. To handle version 1.0/1.1 repositories automatically you
must request Identify() first.
It is recommended that you request an Identify from the Repository and use the
repository() method to update the Identify object used by the harvester.
When making OAI requests the underlying HTTP::OAI::UserAgent module will take
care of automatic redirection (http code 302) and retry-after (http code 503).
OAI-PMH flow control (i.e. resumption tokens) is handled transparently by
HTTP::OAI::Response.
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
Original HTML::Template is written by Sam Tregar, sam@tregar.com with
contributions of many people mentioned there. Their efforts caused
HTML::Template to be mature html tempate engine which separate perl code and
html design. Yet powerful, HTML::Template is slow, especially if mod_perl isn't
available or in case of disk usage and memory limitations.
HTML::Template::Pro is a fast lightweight C/Perl+XS reimplementation of
HTML::Template (as of 2.9) and HTML::Template::Expr (as of 0.0.7). It is not
intended to be a complete replacement, but to be a fast implementation of
HTML::Template if you don't need quering, the extended facility of
HTML::Template. Designed for heavy upload, resource limitations, abcence of
mod_perl.
HTML::Template::Pro has complete support of filters and HTML::Template::Expr's
tag EXPR="<expression>", including user-defined functions and construction
<TMPL_INCLUDE EXPR="...">.
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
This library can be used by CGI::Session to serialize session data.
It uses YAML, or the faster C implementation, YAML::Syck if it is available.
YAML serializers exist not just for Perl but also other dynamic languages,
such as PHP, Python, and Ruby, so storing session data in this format makes it
easy to share session data across different languages.
YAML is made to be friendly for humans to parse as well as other computer
languages. It creates a format that is easier to read than the default
serializer.
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
CGI::Session::Driver::memcached is CGI::Session driver for memcached.
3.1.9 (stable)
- Fix regression introduced in 3.1.8 (#22687)
3.1.8 (stable)
- Windows read-write locks support on Windows XP or later and Windows
Win7 or later (use php_apc-xp.dll or php_apc-win7.dll)
- Fix variable type check in user cache update
- Make warnings that user cannot do anything about debug messages
- Fixed bug #21400 (Minor memory leak in MINFO)
- Fixed bug #18890: Ensure that --enable-apc-debug=no disables debug mode.
- Fixed bug #19459: check for expiry while looping through the iterator slots
3.1.7 (beta)
- pthread read-write locks support
- apc.serializer hooks, export apc_serializer.h as an API
- Fix regression bug #20529: Look up files in CWD
- Pool allocator fixes for large allocations
- trunk compat fixes (Kalle)
- ZTS fixes (Pierre, Hirokawa)
- Readability and warning fixes (Pierre, Kalle)
Zope 2.11.8 (2011/02/04)
Bugs fixed
- Prevent publication of acquired attributes, where the acquired
object does not have a docstring.
https://bugs.launchpad.net/zope2/+bug/713253/
Zope 2.11.7 (2010/09/01)
Bugs Fixed
- Prevent uncaught exceptions from killing ZServer worker threads.
https://bugs.launchpad.net/zope2/+bug/627988
- Ensure that mailhosts which share a queue directory do not double-
deliver mails, by sharing the thread which processes emails for
that directory. https://bugs.launchpad.net/zope2/+bug/574286
- Process "evil" JSON cookies which contain double quotes in violation
of RFC 2965 / 2616. https://bugs.launchpad.net/zope2/+bug/563229
- Ensure that Acquistion wrapper classes always have a ``__getnewargs__``
method, even if it is not provided by the underlying ExtensionClass.
- Fix the ``tp_name`` of the ImplicitAcquisitionWrapper and
ExplicitAcquisitionWrapper to match their Python visible names and thus
have a correct ``__name__``.
- Expand the ``tp_name`` of Acquisition's extension types to hold the
fully qualified name. This ensures classes have their ``__module__``
set correctly.
- Updated 'pytz' external to point to '2010b' version.
- Protect ZCTextIndex's clear method against storing Acquisition wrappers.
- LP #195761: fixed ZMI XML export / import.
- MailHost should fall back to HELO when EHLO fails.
Zope 2.11.6 (2010/01/12)
Bugs Fixed
- LP #491224: proper escaping of rendered error message
- Also look for ZEXP imports within the clienthome directory. This
provides a place to put imports that won't be clobbered by buildout
in a buildout-based Zope instance.
- LP #143444: add labels to checkboxes / radio buttons on import
/ export form.
- Fixed improper handling of IF_MODIFIED_SINCE header
inside Five/browser/resource.py
Zope 2.11.5 (2009/12/22)
Bugs Fixed
- LP #490514: preserve tainting when calling into DTML from ZPT.
- LP #360761 (backported from Acquisition trunk): fix iteration proxy
to pass `self` acquisition-wrapped into `__iter__` and `__getitem__`.
- LP #414757 (backported from Zope trunk): don't emit a IEndRequestEvent
when clearing a cloned request.
- updated to ZODB 3.8.4
Zope 2.11.4 (2009/08/06)
Restructuring
- Moved exception MountedStorageError from ZODB.POSExceptions
to Products.TemporaryFolder.mount (now its only client).
- LP #253362: Moved Zope2-specific module, ZODB/Mount.py, to
Products/TemporaryFolder/mount.py (its only client is
Products/TemporaryFolder/TemporaryFolder.py).
- Removed spurious import-time dependencies from
Products/ZODBMountPoint/MountedObject.py.
Bugs Fixed
- Fixed vulnerabilities in the ZEO network protocol
affecting ZEO storage servers.
Zope 2.11.3 (2009/05/04)
Features added
- SiteErrorLog now includes the entry id in the information copied to
the event log. This allowes you to correlate a user error report with
the event log after a restart, or let's you find the REQUEST
information in the SiteErrorLog when looking at a traceback in the
event log.
Restructuring
- Updated to match all new versions from the yet-unreleased Zope 3.4.1
release (`http://svn.zope.org/zope.release/branches/3.4/
releases/controlled-packages.cfg?rev=99659`).
- Updated to include all new versions from the final Zope 3.4.0 release
(http://download.zope.org/zope3.4/3.4.0/).
- Added 'InitializeClass' alias in 'App.class_init' to ease migration.
In Zope 2.12 it will be recommended to import 'InitializeClass' from
'App.class_init' instead of 'Globals'.
- Moved 'ApplicationDefaultPermissions' from 'App.class_init' to
'AccessControl.Permissions', in order to break an import cycle
in third-party code which avoids imports from 'Globals.' Left
the class importable from its old location without deprecation.
- configure script: setting ZOPE_VERS to '2.11'
- Products.PluginIndexes.PathIndex: backported doc fixes /
optimizations from trunk (and ExtendedPathIndex).
- Updated 'pytz' from '2007f' to '2008i'.
- Moved svn:externals for 'mechanize', 'ClientPath', and 'pytz' to
versions managed outside the Zope3 trunk.
- Testing.ZopeTestCase: Remove quota argument from DemoStorage calls in
preparation for ZODB 3.9.
Bugs Fixed
- Launchpad #373299: Removed bogus string exception in OFS.CopySupport.
- ZPublisher response.setBody: don't append Accept-Encoding to Vary
header if it is already present - this can make cache configuration
difficult. (merged 99493)
- Launchpad #267834: proper separation of HTTP header fields
using CRLF as requested by RFC 2616. (merged 90980, 92625)
- Launchpad #348223: optimize catalog query by breaking out early from
loop over indexes if the result set is already empty.
- "Permission tab": correct wrong form parameter for
the user-permission report
- Launchpad #290254, DateTime/DateTime.py:
added '__setstate__' to cope with old pickles missing a '_micros'
attribute; Python's pickling support was creating a new instance,
*with* a '_micros' attribute, but not clearing that attribute before
updating the instance dict with the unpickled state.
- Launchpad #332168, Shared/DC/RDBMS/Connection.py:
do not expose DB connection strings through exceptions
- Launchpad #324876: tighened regex for detecting the charset
from a meta-equiv header
- Launchpad #174705: ensure that the error info object exposed to a
'tal:on_error' handler has attributes visible to restricted code.
- Acquisition wrappers now correctly proxy __iter__.
Zope 2.10.13 (2011/02/04)
Bugs fixed
- Prevent publication of acquired attributes, where the acquired
object does not have a docstring.
https://bugs.launchpad.net/zope2/+bug/713253/
Zope 2.10.12 (2010/09/01)
Bugs fixed
- Prevent uncaught exceptions from killing ZServer worker threads.
https://bugs.launchpad.net/zope2/+bug/627988
- Updated 'pytz' external to point to '2010b' version (not via Zope3).
- Protect ZCTextIndex's clear method against storing Acquisition wrappers.
- LP #195761: fixed ZMI XML export / import and restored it to the UI.
Zope 2.10.11 (2010/01/12)
Bugs fixed
- LP #491224: proper escaping of rendered error message
- Also look for ZEXP imports within the clienthome directory. This
provides a place to put imports that won't be clobbered by buildout
in a buildout-based Zope instance.
- LP #143444: add labels to checkboxes / radio buttons on
import / export form.
- fixed improper usage of the IF_MODIFIED_SINCE header inside
Five/browser/resource.py (updated to Five 1.5.9)
Zope 2.10.10 (2009/12/22)
Features added
- Testing/custom_zodb.py: added support use a different storage other
than DemoStorage. A dedicated FileStorage can be mount by setting the
$TEST_FILESTORAGE environment variable to a custom Data.fs file. A
ZEO server can be configured using the $TEST_ZEO_HOST and
$TEST_ZEO_PORT environment variables. This new functionality allows us
to use the standard Zope testrunner for writing and running tests
against existing Zope installations.
Bugs fixed
- LP #490514: preserve tainting when calling into DTML from ZPT.
- LP #360761 (backported from Acquisition trunk): fix iteration proxy
to pass `self` acquisition-wrapped into `__iter__` and `__getitem__`.
- LP #414757 (backported from Zope trunk): don't emit a IEndRequestEvent
when clearing a cloned request.
Zope 2.10.9 (2009/08/06)
Restructuring
- Moved exception MountedStorageError from ZODB.POSExceptions
to Products.TemporaryFolder.mount (now its only client).
- LP #253362: Moved Zope2-specific module, ZODB/Mount.py, to
Products/TemporaryFolder/mount.py (its only client is
Products/TemporaryFolder/TemporaryFolder.py).
- Removed spurious import-time dependencies from
Products/ZODBMountPoint/MountedObject.py.
Bugs fixed
- Fixed vulnerabilities in the ZEO network protocol
affecting ZEO storage servers.
Zope 2.10.8 (2009/05/04)
Features added
- SiteErrorLog now includes the entry id in the information copied to
the event log. This allowes you to correlate a user error report with
the event log after a restart, or let's you find the REQUEST
information in the SiteErrorLog when looking at a traceback in the
event log.
Restructuring
- Added 'InitializeClass' alias in 'App.class_init' to ease migration.
In Zope 2.12 it will be recommended to import 'InitializeClass' from
'App.class_init' instead of 'Globals'.
- Moved 'ApplicationDefaultPermissions' from 'App.class_init' to
'AccessControl.Permissions', in order to break an import cycle
in third-party code which avoids imports from 'Globals.' Left
the class importable from its old location without deprecation.
Bugs fixed
- Launchpad #373299: Removed bogus string exception in OFS.CopySupport.
- ZPublisher response.setBody: don't append Accept-Encoding to Vary
header if it is already present - this can make cache configuration
difficult. (merged 99493)
- Launchpad #267834: proper separation of HTTP header fields
using CRLF as requested by RFC 2616. (merged 90980, 92625)
- Launchpad #348223: optimize catalog query by breaking out early from
loop over indexes if the result set is already empty.
- Launchpad ##332168: Connection.py: do not expose DB connection strings
through exceptions
- LP/#143873: Fixed problems when no HTTP_ACCEPT_CHARSET is in the
request. This required an update of zope.publisher to 3.3.3.
- LP/#324876: tighened regex for detecting the charset
from a meta-equiv header
- Acquisition wrappers now correctly proxy __iter__.
- Products.PluginIndexes.PathIndex: backported doc fixes /
optimizations from trunk (and ExtendedPathIndex).
- Launchpad #174705: ensure that the error info object exposed to a
'tal:on_error' handler has attributes visible to restricted code.
- Log an error for failures to read a chunk-size, and return 408 instead
413 when this is due to a read timeout. This change also fixes some cases
of two error documents being sent in the response for the same scenario.
[Eric Covener] Bug 49167
- core: Only log a 408 if it is no keepalive timeout. Bug 39785
[Ruediger Pluem, Mark Montague <markmont umich.edu>]
- core: Treat timeout reading request as 408 error, not 400.
Log 408 errors in access log as was done in Apache 1.3.x.
Bug 39785 [Nobutaka Mantani <nobutaka nobutaka.org>, Stefan Fritsch,
Dan Poirier]
- Core HTTP: disable keepalive when the Client has sent
Expect: 100-continue
but we respond directly with a non-100 response. Keepalive here led
to data from clients continuing being treated as a new request.
Bug 47087. [Nick Kew]
- htpasswd: Change the default algorithm for htpasswd to MD5 on all
platforms. Crypt with its 8 character limit is not useful anymore;
improve out of disk space handling (Bug 30877); print a warning if
a password is truncated by crypt. [Stefan Fritsch]
- mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
Win32's cscript interpreter can only use a single quote as comment char.
[Guenter Knauf]
- configure: Fix htpasswd/htdbm libcrypt link errors with some newer
linkers. [Stefan Fritsch]
- MinGW build improvements. Bug 49535. [John Vandenberg
<jayvdb gmail.com>, Jeff Trawick]
- mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
[Stefan Fritsch]
- core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
in request URL path info but not decode them. Bug 35256,
Bug 46830. [Dan Poirier]
- mod_rewrite: Allow to unset environment variables. Bug 50746.
[Rainer Jung]
- suEXEC: Add Suexec directive to disable suEXEC without renaming the
binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On). [Jeff Trawick]
- mod_proxy: Put the worker in error state if the SSL handshake with the
backend fails. Bug 50332.
[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
- prefork: Update MPM state in children during a graceful restart.
Allow the HTTP connection handling loop to terminate early
during a graceful restart. Bug 41743.
[Andrew Punch <andrew.punch 247realmedia.com>]
- mod_ssl: Correctly read full lines in input filter when the line is
incomplete during first read. Bug 50481. [Ruediger Pluem]
- mod_autoindex: Merge IndexOptions from server to directory context when
the directory has no mod_autoindex directives. Bug 47766. [Eric Covener]
- mod_cache: Make sure that we never allow a 304 Not Modified response
that we asked for to leak to the client should the 304 response be
uncacheable. Bug 45341 [Graham Leggett]
- mod_dav: Send 400 error if malformed Content-Range header is received for
a put request (RFC 2616 14.16). Bug 49825. [Stefan Fritsch]
- mod_userdir: Add merging of enable, disable, and filename arguments
to UserDir directive, leaving enable/disable of userlists unmerged.
Bug 44076 [Eric Covener]
- core: Honor 'AcceptPathInfo OFF' during internal redirects,
such as per-directory mod_rewrite substitutions. Bug 50349.
[Eric Covener]
- mod_cache: Check the request to determine whether we are allowed
to return cached content at all, and respect a "Cache-Control:
no-cache" header from a client. Previously, "no-cache" would
behave like "max-age=0". [Graham Leggett]
- mod_mem_cache: Add a debug msg when a streaming response exceeds
MCacheMaxStreamingBuffer, since mod_cache will follow up with a scary
'memory allocation failed' debug message. Bug 49604. [Eric Covener]
- proxy_connect: Don't give up in the middle of a CONNECT tunnel
when the child process is starting to exit. Bug 50220. [Eric Covener]
anti-virus toolkit. Using it will help you securing your home or enterprise
network web traffic. SquidClamav is the most efficient Squid Redirector and
ICAP service antivirus tool for HTTP traffic available for free, it is written
in C and can handle thousand of connections. The way to add more securing on
your network for free is here.
SquidClamav is build for speed and security in mind, it is first used and
tested to secure a network with 2,500 and more users. It is also known to
working fast with 15000+ users.
that support the ICAP protocol to implement content adaptation and filtering
services.
Most of the commercial HTTP proxies must support the ICAP protocol. The open
source Squid 3.x proxy server supports it.
* Fix a vulnerability that allowed Contributor-level users to improperly
publish posts.
* Fix user queries ordered by post count.
* Fix multiple tag queries.
* Prevent over-escaping of post titles when using Quick Edit for pages.
config.new, check within $(DESTDIR) rather than the host system.
Resolves DESTDIR-mode build when privoxy is also installed, common in
make replace.
(No revbump because this change only affects a case where the package
failed to build.)
=== RELEASE 2.3pre2 ===
So dub 16 20:19:07 CEST 2011 mikulas:
Utf-8 text terminal support
Sat Mar 12 23:55:56 MET 2011 mikulas:
Fixed a bug with gpm, if gpm closed a handle on its own,
links would occasionaly close it again
Mon Aug 9 01:35:29 UTC 2010 mikulas:
Don't report terminal size in User-Agent
Thu Aug 5 23:31:59 MET 2010 mikulas:
Scan for header tags even in document body
Sat Jul 31 22:35:04 MET 2010 mikulas:
link rel=prefetch
Sat Jul 31 22:24:06 MET 2010 mikulas:
Interpret style="display:none"
Fri Jun 18 20:39:46 MET 2010 mikulas:
Fixed crash when unknown Content-Enconding is returned by the server
Sat Apr 24 04:11:58 CEST 2010 mikulas:
Fix an occasional lockup with Ctrl-Z, fg and framebuffer
Fixed in 7.21.6 - April 22 2011
Changes:
Added --tr-encoding and CURLOPT_TRANSFER_ENCODING
Bugfixes:
curl-config: fix --version
curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
use HTTPS properly after CONNECT
SFTP: close file before post quote operations
Fixed in 7.21.5 - April 17 2011
Changes:
SOCKOPTFUNCTION: callback can say already-connected
Added --netrc-file
Added (new) support for cyassl
TSL-SRP: enabled with OpenSSL
Added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION
Bugfixes:
nss: avoid memory leak on SSL connection failure
nss: do not ignore failure of SSL handshake
multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
runtests.pl: fix pid number concatenation that prevented it from killing the correct process at times
PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD
multi: close connection on timeout
IMAP in multi mode does SSL connections non-blocking
honours the --disable-ldaps configure option
Force setopt constants written by --libcurl to be long
ssh_connect: treat libssh2 return code better
SFTP upload could stall the state machine when the multi_socket API was used
SFTP and SCP could leak memory when used with the multi interface and the connection was closed
Added missing file to repair the MSVC makefiles
Fixed detection of recvfrom arguments on Android/bionic
GSS: handle reuse fix
transfer: avoid insane conversion of time_t
nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
SMTP-multi: non-blocking connect
SFTP-multi: set cselect for sftp and scp to fix "stall" risk
configure: removed wrongly claimed default paths
pop3: fixed torture tests to succeed
symbols-in-versions: many corrections
if a HTTP request gets retried because the connection was dead, rewind if any data was sent as part of it
only probe for working ipv6 once and then re-use that info for further requests
requests that are asked to bound to a local interface/port will no longer wrongly re-use connections that aren't
libcurl.m4: Add missing quotes in AC_LINK_IFELSE
progress output: don't print the last update on a separate line
POP3: the command to send is STLS, not STARTTLS
POP3: PASS command was not sent after upgrade to TLS
configure: fix libtool warning
nss: allow to use multiple client certificates for a single host
HTTP pipelining: Fix handling of zero-length responses
Don't list NTLM in curl-config when HTTP is disabled
curl_easy_setopt.3: CURLOPT_RESOLVE typo version
OpenSSL: build fine with no-sslv2 versions
checkconnection: don't call with NULL pointer with RTSP and multi interface
Borland makefile updates
configure: libssh2 link fix without pkg-config
certinfo crash
CCC crash
* meta: Allow adding javascript to pages. Only when htmlscrubber is
disabled, naturally. (Thanks, Giuseppe Bilotta) Closes: #623154
* comments: Add avatar picture of comment author, using Libravatar::URL
when available. The avatar is looked up based on the user's openid,
or email address. (Thanks, Francois Marier)
* Recommend libgravatar-url-perl, which contains Libravatar::URL.
* monotone: Implement rcs_getmtime, and work around a problem with monotone
0.48 that affects rcs_getctime. (Thanks, Richard Levitte)
* meta: Fix bug in loading of HTML::Entities that can break inline
archive=yes (mostly masked by other plugins that load the module).
* Be quiet about updating wrappers, except in verbose mode. (jmtd)
* meta: Add FOAF support. Closes: #623156
* Promote Crypt::SSLeay to Recommends; needed for https openid auth.
* tag: Avoid autocreating multiple tag pages that vary only in
capitalization. The first capitalization seen of a tag will be used
for the tag page.
* Fix yaml build dep. Closes: #624712
Based on PR#44869 by Christian Sturm.
additionaly fixes shebang for scriptse.
1.16 2011-04-15 00:00:00
- Emergency release for a critical security issue that can expose
files on your system, everybody should update!
- Fixes several provlems resulting in stalling the client until the
server timed out.
- Fixes ACL bug that made it impossible to build a blacklist.
- Improved logging.
- Extended default filter list.
Firefox 4 is based on the Gecko 2.0 Web platform. This release features
JavaScript execution speeds up to six times faster than the previous
version, new capabilities for Web Developers and Add-on Developers such as
hardware accelerated graphics and HTML5 technologies, and a completely
revised user interface.
Changelog, so far:
Version 1.1.3 (r94)
- Fixed bug with "OTPAuthPINAuthProvider" and <AuthnProviderAlias>
Version 1.1.2 (r87)
- Added "OTPAuthPINAuthProvider" to allow alternate verification of PINs
- Added "OTPAuthLogoutOnIPChange" flag to auto-logout on IP address change
- Build fixes for Solaris
Version 1.1.1 (r66)
- Build fixes
Version 1.1.0 (r44)
- Moved time interval and #digits configuration into users file
- Fixed bug in time based token synchronization at large offsets
- Added support for the Mobile-OTP algorithm: http://motp.sourceforge.net/
- Added otptool(1) one-time password utility program.
- Accept either decimal or hexadecimal values (basic auth only).
Version 1.0.0 (r10)
- Initial release
switch to use gem.
= Changes in 2.2.0 =
Apr 8, 2011 - version 2.2.0
* Features
* Add HTTPClient#cookies as an alias of #cookie_manager.cookies.
* Add res.cookies method. It returns parsed cookie in response header.
It's different from client.cookie_manager.cookies. Manager keeps
persistent cookies in it.
* Add res.headers method which returns a Hash of headers.
Hash key and value are both String. Each key has a single value so you
can't extract exact value when a message has multiple headers like
'Set-Cookie'. Use header['Set-Cookie'] for that purpose.
(It returns an Array always)
* Allow keyword style argument for HTTPClient#get, post, etc.
Introduced keywords are: :body, :query, and :header.
You can write
HTTPClient.get(uri, :header => {'X-custom' => '1'})
instead of;
HTTPClient.get(uri, nil, {'X-custom' => '1'})
* Add new keyword argument :follow_redirect to get/post. Now you can
follow redirection response with passing :follow_redirect => true.
* [INCOMPAT] Rename HTTPClient::HTTP::Message#body to #http_body, then
add #body as an alias of #content. It's incompatible change though
users rarely depends on this method. (I've never seen such a case)
Users who are using req.body and/or res.body should follow this
change. (req.http_body and res.http_body)
* Bug fixes
* Reenable keep-alive for chunked response.
This feature was disabled by c206b687952e1ad3e20c20e69bdbd1a9cb38609e at
2008-12-09. I should have written a test for keep-alive. Now I added it.
Thanks Takahiro Nishimura(@dr_taka_n) for finding this bug.
= Changes in 2.1.7 =
Mar 22, 2011 - version 2.1.7
* Features
* Add MD5-sess auth support. Thanks to wimm-dking. (#47)
* Add SNI support. (Server Name Indication of HTTPS connection) (#49)
* Add GSSAPI auth support using gssapi gem. Thanks to zenchild. (#50)
* NTLM logon to exchange Web Services. [experimental] Thanks to curzonj and mccraigmccraig (#52)
* Add HTTPOnly cookie support. Thanks to nbrosnahan. (#55)
* Add HTTPClient#socket_local for specifying local binding hostname and port of TCP socket. Thanks to icblenke.
* Regression fix: Use bigger buffer for server reads.
* Regression fix: Add reply_header_replace directive for ability lost since 2.7
* Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
* Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
* Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
* Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
* Bug 3164: Total memory info display 32-bit overflows
* Bug 3155: Werror is hard-coded in libTrie build
* Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library
linkage
* Bug 2976: invalid URL on intercepted requests during reconfigure
* Bug 2720: comment in same line as cache/mem_replacement_policy causes error
* Bug 2621: Provide request headers to RESPMOD when using cache_peer.
* Bug 2330: AuthUser objects are never unlocked
* Prevent CONNECT request relaying to origin servers
* squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
* squidclient: send Cache Manager password using -w
* eCAP: give full Request-URI to adapters
* ... and several debug and error display cleanups
which can lead to crashes and possibly code injection
(cve-2010-4205, cve-2011-0471, cve-2011-0473, cve-2011-0478,
cve-2011-0981, cve-2011-0982)
bump PKGREV
Upstream changes:
0.28 Tue Mar 22 2011
If LWP is producing errors, *report them* (Ricardo SIGNES)
0.27 Thu Mar 10 2011
Correct path to Pastie (Sebastian Paaske Tørholm )
Throw an error if you specify -p and files (Shawn M Moore)
Remove Mathbin; doy moved it to a separate dist (Shawn M Moore)
0.26 Wed Feb 23 2011
Add --open (-o) for opening the nopaste in your browser (Thomas Sibley)
0.25 Mon Jan 3 2011
Add support for $GITHUB_USER/$GITHUB_TOKEN to Gist service (Maximilian Gass)
0.24 Tue Dec 21 2010
Gist requires https (Ricardo SIGNES)
0.23 Fri Nov 26 2010
Preserve the source file's extension for ssh (Thomas Sibley)
Use Config::GitLike instead of Config::INI::Reader (Thomas Sibley)
Doc fixes (Thomas Sibley, Justin Hunter)
Code style fixes (Shawn M Moore)
Remove Rafb (Justin Hunter)
Remove Husk (Shawn M Moore)
From Peter Avalos in PR pkg/44762
pkgsrc changes:
- pkglint cleanups
- set LICENSE
- Add MESSAGE to mention the change in configuration file format.
Upstream changes:
suPHP 0.7.1 has been released.
This release fixes a bug causing problems with symbol links in the script path,
which was introduced with the 0.7.0 release.
suPHP 0.7.0 has been released.
With this release, several features that have been on the wish list for a long
time, have been realized:
* The module for Apache 1.3 only supported AddHandler for older releases.
This has been fixed: Now you can use AddType, too.
* PHP source highlighting: Files of MIME type application/x-httpd-php-source
will now be shown with source highlighting. Remember to set the suPHP_PHPPath
directive to enable this feature.
* suPHP_AddHandler and suPHP_RemoveHandler directives can now be used on per
vhost level, too.
* You can configure more than one docroot and use different variables (like
user name or home directory) within docroot and chroot settings.
Attention: The configuration syntax for suphp.conf has slightly changed with
this release. Be sure to read the documentation before upgrading, because
existing configuration files will not work without changing them.
This maintenance and security release fixes almost thirty issues in 3.1,
including:
* Some security hardening to media uploads
* Performance improvements
* Fixes for IIS6 support
* Fixes for taxonomy and PATHINFO (/index.php/) permalinks
* Fixes for various query and taxonomy edge cases that caused some plugin
compatibility issues
Version 3.1.1 also addresses three security issues discovered by
WordPress core developers Jon Cave and Peter Westwood, of wordpress's security
team. The first hardens CSRF prevention in the media uploader. The
second avoids a PHP crash in certain environments when handling
devilishly devised links in comments, and the third addresses an XSS
flaw.
* new option --touch-reload <file> to reload the stack on <file> modification
* --static-map <mountpoint=documentroot> allows to serve static files
* fixed --post-limit management
* disallow empty socket names
* implemented exception_info WSGI support
* new options --reload-on-as <n> and --reload-on-rss <n> allows
to recycle workers when their memory usage is higher than <n> MB
* fixed syslog support (use --log-syslog[=facility] to enable it)
* improved plugin loading system
* added support for RabbitMQ as event dispatcher for the Emperor
* fixed FreeBSD memory report
* PSGI plugin can be compiled without ithreads
* various Emperor fixes
* fixed a regression with setgroups()
* support for shared sockets (used in jails within network namespaces)
November 26, 2006 -0.77.3
Fixed bugs:
1) A=0.65 now converts properly to $A=0.65;
2) Raised the length of parameters on function calls
Also changed
1) Request.ServerVariables("URL") to convert to $_SERVER["PHP_SELF"]
Not really a bug, but an issue when moving servers.
May 16, 2006 - 0.77.1
Matt Brown made the following additions/changes:
1) fixes key bugs in dictionary object support
2) fixes bug in filesystemobject.GetBaseName
3) fixes a couple of semi-colon generation issues
4) adds some support for filesystemobject.Attributes
5) an equal sign in an expression now gets recognized as a comparison
operator
Michael Kohn made the following changes:
1) fixed FormatCurrency so it adds a dollar sign infront of the number
May 14, 2006 - 0.77.0
Matt Brown made the following additions/changes:
1) support for server.execute
2) support for querystring("a").count and form("a").count
3) changed semantics of -phpx options. These now specify the target version.
Added -php5. Added -chgext option to include php version in the extensions
of the output files.
4) support for class constructors with -php4 and -php5.
5) support for class destructors, public and private with -php5.
6) fixed a few more bugs with single line if/then
7) added #define's for all token types and database types -- just for
readability.
8) changed gettoken so that it only returns single quote tokens when
processing jscript.
9) fixed response.expires
10) support for response.cachecontrol
11) improved "<" detection in parse_for_script
12) rudimentary support for virtual includes: a new -v option can be used to
specify a base path for virtual includes.
13) support for ByVal and ByRef
14) support for "is" in conditionals
15) support for vbSunday, etc constants
16) when parsing "sub(x,y,z)", eval_element is no longer called to process
x, y, and z.
17) support for DateSerial and DatePart functions
18) improved support for Now, Date, and Time functions (can call time() or
strftime depending on context)
19) added a -d option, which specifies a file and works like #include (calls
preparse). Useful for converting include files that depend on other
20) support for dictionary objects!
* several more FileSystemObject methods/properties (files, subfolders, size,
name, DateLastModified, GetBaseName)
* "\" in strings (gets converted to \\)
* some support for the ERR object
* in some cases getobject was getting called multiple times per token --
changed things around so that it is only called once
* limited support when "for each" is called against a collection of objects
(target var gets tracked as an object, just like set). As currently coded,
it correctly detects:
Set colFiles=objFolder.Files
For each objFile in colFiles
But does not detect:
For each objFile in objFolder.Files
Michael Kohn made the following changes:
* Removed double dim array's sessionpool and aspextension.
* Changed the way session's are done by using $_SESSION
April 11, 2006 - 0.76.26
Matt Brown made the following changes:
1) mapped vbscript SPLIT function to php EXPLODE (evalelement.c)
2) added support for vbscript MOD operator (evalelement.c)
3) corrected bug in handling of single-line if/then/else statements
(main_parser.c)
August 17, 2005 - 0.76.25
- Fixed a problem with Now()
June 23, 2005 - 0.76.24
- I was using system() calls to mkdir -p to make directories for a couple
of reasons 1) cause it would automatically create all dirs that didn't exist
and 2) cause it set up file permissions the way the system would want it.
this fails miserably on DOS (aka, Microsoft Windows) so I switched it now
to mkdir(). I'd still rather use mkdir -p, but owell. Anyway, this should
fix problems with people using DOS (aka Microsoft Windows).
September 8, 2004 - 0.76.23
- Fixed a bug with &'s from version 0.76.22
September 6, 2004 - 0.76.22
- mysql.c was modified by Tursi to add a semicolon after mysql_query($arg)
- rnd() with a parameter added an extra ). This is now fixed.
- date function changes
- added new command line switch for changing .asp text in response.write to .php
- hex literals are fixed
August 10, 2004 - 0.76.21
- the postgres conversion code has been updated.
January 11, 2004
Added FRAME to list of tags to change links from .asp to .php
December 8, 2003 - 0.76.19
Along with little bug fixes here and there, fixed a problem in the way functions
were converted. Also added a -fulltags option for creating PHP with tags that
look like this: <?php instead of <?.
May 3, 2002
Fixed a problem parsing functions that didn't have parenthesis around them.
Added some Filesystem conversion code. Added an option to convert DOS path's
with backslashes to Unix forward slashes (-fixwinpaths). Fixed a problem with
preparsing include files.
*Rails 3.0.6 (April 5, 2011)
* Fixed XSS vulnerability in `auto_link`. `auto_link` no longer marks input as
html safe. Please make sure that calls to auto_link() are wrapped in a
sanitize(), or a raw() depending on the type of input passed to auto_link().
For example:
<%= sanitize(auto_link(some_user_input)) %>
Thanks to Torben Schulz for reporting this. The fix can be found here:
61ee3449674c591747db95f9b3472c5c3bd9e84d
* Fixes the output of `rake routes` to be correctly match to the
behavior of the application, as the regular expression used to match
the path is greedy and won't capture the format part by default
[Prem Sichanugrist]
* Fixes an issue with number_to_human when converting values which are
less than 1 but greater than -1 [Josh Kalderimis]
* Sensitive query string parameters (specified in
config.filter_parameters) will now be filtered out from the request
paths in the log file. [Prem Sichanugrist, fxn]
* URL parameters which return nil for to_param are now removed from
the query string [Andrew White]
* Don't allow i18n to change the minor version, version now set to ~>
0.5.0 [Santiago Pastorino]
* Make TranslationHelper#translate use the :rescue_format option in
I18n 0.5.0 [Sven Fuchs]
* Fix regression: javascript_include_tag shouldn't raise if you
register an expansion key with nil or [] value [Santiago Pastorino]
* Fix Action caching bug where an action that has a non-cacheable
response always renders a nil response body. It now correctly
renders the response body. [Cheah Chu Yeow]
would build any other object-oriented Python program. This results in smaller
source code developed in less time.
CherryPy is now more than six years old and it is has proven very fast and
stable. It is being used in production by many sites, from the simplest ones to
the most demanding ones.
* Rename fdevent_event_add to _set to reflect what the function does. Fix some
handlers.
* Fix buffer.h to include stdio.h as it is needer for SEGFAULT()
Changes 1.4.27:
* Fix handling return value of SSL_CTX_set_options
* Fix mod_proxy HUP handling (send final chunk, fix usage counter)
* mod_proxy: close connection on write error
* Check uri instead of physical path for directory redirect
* Fix detecting git repository
* [mod_compress] Fix segfault when etags are disabled
* Reset uri.authority before TLS servername handling, reset all "keep-alive"
data in connection_del
* Print double quotes properly when dumping config file
* Include IP addresses on error log on password failures
* Fix stalls while reading from ssl sockets
* Fix etag formatting on boxes with 32-bit longs
* Fix two compiler warnings
* mod_accesslog: fix %p for ipv6 sockets
* mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for
X-Sendfile
* mod_staticfile: add debug output if we ignore a file with
static-file.exclude-extensions
* mod_cgi: fix race condition leaving response not forwarded to client
* mod_accesslog: Fix var declarations mixed in source
* mod_status: Add version to status page
* mod_accesslog: optimize accesslog_append_escaped
* openssl: silence annoying error messages for errno==0
* array.c: improve array_get_unused_element to check data type; fix mem leak if
unused_element didn't find a matching entry
* add check to stop loading plugins twice
* cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
* only require FDEVENT_IN bit to be set for listening connections
* add libev fdevent handler: server.event-handler = "libev"
* mod_proxy: return response as soon as it is available
* don't overwrite global server.force-lowercase-filenames setting
* bind to IPV6-only if ipv6 address was specified
* Ignore require-hooks which exist in %INC
* Reloads by file, not module name
* Add a no Apache::Reload directive which skips reloading for modules that have
it included (useful for Moose compatibility).
* Prepare modperl for the upcoming perl 5.14
* Add lib/ModPerl/MethodLookup.pm to MANIFEST via lib/ModPerl/Manifest.pm
* PerlIOApache_write() now throws an APR::Error object, rather than just
a string error, if modperl_wbucket_write() fails.
* Authentication tests fail with LWP 5.815 and later
* Concise test won't perform unless StatusTerse is set to ON
* Look for a usable apxs in $ENV{PATH} if all other options fail, then prompt
the user for one.
* Work around bootstrap warnings when Apache2::BuildConfig has not been
created yet.
* Remove Apache::test compatibility (part of mod_perl 1.2.7), that code causes
build issues and is 4 versions out of date.
* Make sure perl is built either with multiplicity and ithreads or without both
* Support for "install_vendor" and "install_site" make targets
* Run tests on bundled pure perl Apache::* modules
* Implement a mini-preprocess language for map-files in xs/maps.
* Implement APR::Socket::fileno
* Export PROXYREQ_RESPONSE, a missing PROXYREQ_* constant
* Make sure standard file descriptors are preserved by the perl-script handler
* Fix the filter init handler attribute check in
modperl_filter_resolve_init_handler()
* Make sure buffer is a valid SV in modperl_filter_read()
* Move modperl_response_finish() out of modperl_response_handler_run in
mod_perl.c
Pulled from upcoming 0.3.1
---------------------------------------------------------------------------
* Allow MellonUser variable to be translated through MellonSetEnv
* A /mellon/probeDisco endpoint replaces the builtin:get-metadata
IdP dicovery URL scheme
* New MellonCond directive to enable attribute filtering beyond
MellonRequire functionalities.
* New MellonIdPMetadataGlob directive to load mulitple IdP metadata
using a glob(3) pattern.
Version 0.3.0
---------------------------------------------------------------------------
* New login-endpoint, which allows easier manual initiation of login
requests, and specifying parameters such as IsPassive.
* Validation of Conditions and SubjectConfirmation data in the assertion
we receive from the IdP.
* Various bugfixes.
