pkgsrc changes:
- Adjusting dependencies (remove core module from extra dependencies)
- Adding license
Upstream changes:
1.07: 2009-08-05
- Skip the whole test when it can't bind to the specified private IP
(Tatsuhiko Miyagawa)
- Fix the way to get LWP error when it's set to X-Died instead of $@
(Zbigniew Lukasiak)
1.06: 2009-07-17
- explicitly load deprecated module LWP::Debug, now that it's not
loaded by default. (Tatsuhiko Miyagawa <miyagawa@gmail.com>)
1.05: 2009-06-21
- patch from Alessio Signorini <alessio.signorini@spryte.it> to
quiet a warning that could be triggered
1.04: 2008-10-30
- fix tests to no longer rely on my DNS servers, which had since migrated
to EasyDNS which doesn't allow the types of malicious records I was
testing for. instead, switch to a mock object resolver.
(Brad Fitzpatrick, brad@danga.com)
pkgsrc changes:
- Adding license (perl license)
Upstream changes:
0.40 Mon Aug 17 22:01:07 EDT 2009
* After a fork, we need to reset the random seed lest we have
duplicated random numbers in both forks.
0.39 Mon Aug 17 09:41:05 EDT 2009
* Added signature tests
0.38_04 Wed Aug 12 20:15:14 EDT 2009
Another pass at the Win32 fixes from KMX
0.38_03 Sat Apr 11 18:47:29 EDT 2009
* Subject: [rt.cpan.org #44961] [PATCH] xdg reports select() is problematic on win32
0.38_02 Fri Apr 10 20:57:19 EDT 2009
* Specify an HTTP version for our GETs should get escaping to wokr
0.38_01 Mon Mar 2 18:11:46 EST 2009
* http://rt.cpan.org/Ticket/Attachment/568795/286902/ from confound++ for
http://rt.cpan.org/Public/Bug/Display.html?id=28122
Upstream changes:
0.24 Tue Jul 21 21:28:02 CEST 2009
[ENHANCEMENTS]
- When a short-circuit response was send, the next response
would not be filtered at all. This has been fixed.
[FIXES]
- yet another fix for t/23connect, proposed by Marek Rouchal
(closed RT ticket #38995) [test skipped for now]
- HTTP::Headers::Util's split_header_words() returns lower case
tokens/keys since October 6, 2008. Fix by Maurice Aubrey.
(closed RT tickets #43249, #43622)
Upstream changes:
1.60 Mon Aug 17 00:41:39 CDT 2009
========================================
No new features. Exists only to skip tests that always fail on
Windows.
Fixed up some minor documentation problems.
pkgsrc changes:
- Adjusting license (now we have ${PERL5_LICENSE}
Upstream changes:
0.25 2009-0708
- Add the a change_session_id method which can be called after
authentication to change the user's session cookie whilst preserving
their session data. This can be used to provide protection from
Session Fixation attacks. (kmx)
pkgsrc changes:
- Require Catalyst 5.8 in general
Upstream changes:
0.27 Thu Aug 13 2009
- Require Catalyst 5.8 for tests that use ctx_request() (RT #48651)
0.26 Mon Aug 10 2009
- Fix test to not need "parent" (RT #48547)
- Do not localize %ENV, rather, remove potentially conflicting
k-v pairs (RT #48557)
0.25 Fri Aug 07 2009
- Fix get_config_local_suffix and get_config_path when finding values
from ENV vars (RT #47937)
pkgsrc changes:
- Updating MASTER_SITES
- Adding license (perl license)
- Adjusting dependencies
Upstream changes:
0.05 7 August 2009
- Fix a minor documentation problem. Reported by Eric Prestemon.
(Closes RT#48487)
- Switch from Class::C3 to MRO::Compat.
0.04 16 July 2009
- If no arguments are supplied, then construct new objects with {}
by default, rather than undef, as Moose classes fail if given undef.
pkgsrc changes:
- Adjust dependencies according to META.yml
Upstream changes:
0.08 2009-07-29 23:39:30
- Require Module::Pluggable 3.9 to avoid test failures.
- More verbose error when traits cannot be found, including full search path.
0.07 2009-07-26 15:11:55
- fix incompatibility with perl 5.8
0.06 2009-07-20 21:44:13
- configurable trait merging support
0.05 2009-07-17 23:46:43
- Correctly pass the application class into component constructors
0.04 2009-07-16 13:01:02
- updated algorithm to handle CatalystX:: namespaced things
Changes:
* implemented KrbServiceName Any to deal with multiple keytab entries for
various browsers
* implemented KrbLocalUserMapping i.e. to strip @REALM from username for
further use
* implemented already_succeeded function to avoid hammering the KDC with
same auth requests in single connection
* fixed threading issues
* improved configure and Makefile scripts (mainly for BSD users)
* fixed minor issues
Upstream changes:
2009-08-14 Release 1.40 - Gisle Aas <gisle@ActiveState.com>
Even stricter test for working DNS, 2nd try.
2009-08-13 Release 1.39 - Gisle Aas <gisle@ActiveState.com>
Even stricter test for working DNS, hopefully this gets rid of the rest of
the heuristics.t failures.
Upstream changes:
2009-08-13 Release 3.62
Ville Skytt"a (4):
HTTP::Header doc typo fix.
Do not bother tracking style or script, they're ignored.
Bring HTML 5 head elements up to date with WD-html5-20090423.
Improve HeadParser performance.
Gisle Aas (1):
Doc patch: Make it clearer what the return value from ->parse is
Upstream changes:
Version 3.45
[BUG FIXES]
1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables.
Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065)
2. Avoid death in some cases when running under Taint mode on Windows.
Patch by Peter Hancock (RT#43796)
3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37.
Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed
when the bug was introduced. A regression test for this was also added. (RT#37908)
4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard.
Thanks to Andy Armstrong, and alech for patches. (RT#30504)
5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455)
6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead.
Thanks to Marc Chantreux. (RT#45956)
7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341)
8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu().
Thanks to Stuart Johnston (RT#30097)
9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401)
10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak G"ursoy (RT#19902)
[DOCUMENTATION]
1. Several typos were fixed, Thanks to ambs. (RT#41105)
2. A typo related to the nosticky pragma was fixed, thanks to Britton Kerin. (RT#43220)
3. examples/nph-clock.cgi is now more portable, by calling localtime() rather than `/bin/date`,
thanks to Guenter Knauf. (RT#27456).
4. In CGI::Carp, the SEE ALSO section was cleaned up, thanks to Slaven Rezic. (RT#32769)
5. The docs for redirect() were updated to reflect that most headers are
ignored during redirection. Thanks to Mark Stosberg (RT#44911)
[INTERNALS]
1. New t/unescapeHTML.t test script has been added. It includes a TODO test for a pre-existing
bug which could use a patch. Thanks to Pete Gamache and Mark Stosberg (RT#39122)
2. New test scripts have been added for user_agent(), popup_menu() and query_string(), scrolling_list() and Dump()
Thanks to Mark Stosberg and Stuart Johnston. (RT#37908, RT#43006, RT#21341, RT#30097)
3. CGI::Carp and CGI::Util have been updated to have non-developer version numbers.
Thanks to Slaven Rezic. (RT#48425)
4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space.
Thanks to Alexey Tourbin (RT#11941,RT#11942)
for SVN::WEB (www/p5-SVN-WEB).
Template::Plugin::Subst acts as a filter and a virtual method to carry out
regular expression substitutions with back references on text and variables
in the Template Toolkit.
version 0.01 as dependency of SVN::WEB (www/p5-SVN-WEB).
Template::Plugin::Clickable::Email converts any e-mail addresses found in
the filtered text in to HTML mailto: links.
version 20090319 as dependency for scheduled import of
www/p5-Template-Plugin-Clickable.
URI::Find does one thing: Finds URIs and URLs in plain text. It finds
them quickly and it finds them all (or what URI::URL considers a URI to
be.) It only finds URIs which include a scheme (http:// or the like),
for something a bit less strict have a look at included
URI::Find::Schemeless.
=== 1.2.4 ===
Jan 22, 2009 (revision 603)
- Added a new AtomPubClient class (and supporting classes) which begins a
foundation on which support for version two of the Google Data protocol
will be built.
- OAuth methods can now specify the desired OAuth server with the default
being the Google Accounts end point (thanks Dag Brattli!).
- Improved support for unicode strings in XML element class attributes and
text nodes (thanks again to Dag).
- Fixed constructors for Service classes which inherit from GDataService
to ensure that all parameters are passed up to the superclass
constructor (thanks Guillaume Ryder!).
- Added a 'contact_list' property to ContactsService to simplify API usage
for shared contacts (thanks Guillaume once again).
- For Google Contacts, added a GetFeedUri method to help users generating
feed URIs (Guillaume for a hat-trick).
- New unit tests to ensure that the ordering of entry objects within a feed
is preserved when converting to and from XML.
=== 1.2.3 ===
Dec 3, 2008 (revision 585)
- Added support for OAuth (thanks to Kunal Shah!). Your client can now obtain
an authorization token using the OAuth protocol.
- Added support for Secure AuthSub (thanks Eric Bidelman!). Your client can
digitally sign requests using RSA allowing Google service to verify that
the request came from your application.
- Added a new module for parsing XML which will be used in future versions to
support version of the Google Data APIs protocol. This new library handles
versioning of XML schemas.
- The Google Contacts API sample now pages through results.
- Added phone number rel types using in the Google Contacts API.
- The YouTube service module will use cElementTree if it is available.
Improves XML parsing speed.
- Fixed typo in gdata.geo, changed longtitude to longitude but kept an alias
for backwards compatibility.
- Fixed Blogger's GetBlogId regular expressions to extract the ID from
multiple kinds of entries.
- Fixed type check in atom.http to allow unicode URL strings.
- Added webmastertools test to the packaged download which fixed failures
when running all data tests.
- Improved compatibility of unit tests with Python2.3.
- Added copies of tlslite and dependencies to support secure AuthSub and
OAuth.
- Changed the default host for Google Apps API requests to
apps-apis.google.com.
=== 1.2.2 ===
Oct 15, 2008 (revision 556)
- Added support for the following APIs:
Google Apps Email Migration API
Google Apps Email Settings API
Google Webmaster Tools Data API
Some modules for the above are not yet fully tested, so please file an
issue if you notice something is not working as expected.
- Restored support for gdata.http_request_handler when using App Engine to
preserve backwards compatibility.
- Simplified auth token management by adding a current_token member to
service classes. Also added settings to control when the token_store
is updated when using SetXToken() methods. The token_store will only be
queried if there is no current_token.
- Fixed issue with requests to HTTPS URLs in which an AuthSub token was seen
as invalid because the request contained the default port number (443).
The library no longer includes the port in the Host header if it is using
the default.
- Resolved issues with YouTube token scopes.
- Fixed issue which appeared when the Calendar API issues a redirect to a
PUT request. The library now correctly retries with a PUT (instead of
a POST).
- Added workaround for differences in how the App Engine SDK handles
redirects.
- Fixed typo in gdata.EntryLink declaration.
- Fixed invalid host errors seen when using some HTTP proxies.
Version 7.19.6 (12 August 2009)
Daniel Stenberg (12 Aug 2009)
- Carsten Lange reported a bug and provided a patch for TFTP upload and the
sending of the TSIZE option. I don't like fixing bugs just hours before
a release, but since it was broken and the patch fixes this for him I decided
to get it in anyway.
Daniel Stenberg (11 Aug 2009)
- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
verification of cert names etc. This made an error show up in the OpenSSL-
specific code where it would attempt to match the CN field even if a
subjectAltName exists that doesn't match. This is now fixed and verified
in test 311.
- Benbuck Nason posted the bug report #2835196
(http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler
warnings when mixing ints and bools.
Daniel Fandrich (10 Aug 2009)
- Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow.
Daniel Fandrich (9 Aug 2009)
- Fixed some memory leaks in the command-line tool that caused most of the
torture tests to fail.
Daniel Stenberg (2 Aug 2009)
- Curt Bogmine reported a problem with SNI enabled on a particular server. We
should introduce an option to disable SNI, but as we're in feature freeze
now I've addressed the obvious bug here (pointed out by Peter Sylvester): we
shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected.
Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular
option for SNI, or are we simply not using it?
Daniel Stenberg (1 Aug 2009)
- Scott Cantor posted the bug report #2829955
(http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert
verification flaw found and exploited by Moxie Marlinspike. The presentation
he did at Black Hat is available here:
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
Apparently at least one CA allowed a subjectAltName or CN that contain a
zero byte, and thus clients that assumed they would never have zero bytes
were exploited to OK a certificate that didn't actually match the site. Like
if the name in the cert was "example.com\0theatualsite.com", libcurl would
happily verify that cert for example.com.
libcurl now better uses the length of the extracted name, not using the zero
termination for getting the string length.
This fixing only made and needed in OpenSSL interfacing code.
- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
agreed that moving it to the global_init() function is a decent way to deal
with this situation.
- Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
could still end up using a proxy if a proxy environment variable was set.
Daniel Stenberg (27 Jul 2009)
- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and
CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to
send when using FTP, as a sign that libcurl shall simply ignore the response
from the server instead of treating it as an error. Not treating a 400+ FTP
response code as an error means that failed commands will not abort the
chain of commands, nor will they cause the connection to get disconnected.
Daniel Stenberg (26 Jul 2009)
- Johan van Selst posted bug report #2825989
(http://curl.haxx.se/bug/view.cgi?id=2825989) pointing out that
OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and
provided the solution too: to use OpenSSL_add_all_algorithms() in addition
to the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in
OpenSSL 0.9.5
Daniel Stenberg (23 Jul 2009)
- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA.
They introduce known_host support for SSH keys to libcurl. See docs for
details. Note that this feature depends on a new enough libssh2 version, to
be supported in libssh2 1.2 and later (or current git repo at this time).
Michal Marek (22 Jul 2009)
- David Binderman found a memory and fd leak in lib/gtls.c:load_file()
(https://bugzilla.novell.com/523919). When looking at the code, I found that
also the ptr pointer can leak.
Kamil Dudka (20 Jul 2009)
- Claes Jakobsson improved the support for client certificates handling in
NSS-powered libcurl. Now the client certificates can be selected
automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
slots is no more performed. It used to cause problems with HW tokens.
- Fixed reference counting for NSS client certificates. Now the PEM reader
module should be always properly unloaded on Curl_nss_cleanup(). If the
unload fails though, libcurl will try to reuse the already loaded instance.
Daniel Fandrich (15 Jul 2009)
- Added nonblock.c to the non-automake makefiles (note that the dependencies
in the Watcom makefiles aren't quite correct).
Michal Marek (15 Jul 2009)
- Changed the description of CURLINFO_OS_ERRNO to make it clear that the
errno is not reset on success.
Guenter Knauf (14 Jul 2009)
- renamed generated config.h to curl_config.h to avoid any future clashes
with config.h from other projects.
Daniel Stenberg (9 Jul 2009)
- Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for
setting a file descriptor non-blocking. Used by the functionality Eric
himself brough on June 15th.
Daniel Stenberg (8 Jul 2009)
- Constantine Sapuntzakis posted bug report #2813123
(http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the
problem:
Url A is accessed using auth. Url A redirects to Url B (on a different
server0. Url B reuses a persistent connection. Url B has auth, even though
it's on a different server.
Note: if Url B does not reuse a persistent connection, auth is not sent.
reason:
data->state.first_host is not initialized becuase Curl_http_connect is not
called when a connection is reused.
Solution:
move initialization of data->state.first_host to Curl_http. No code before
Curl_http uses data->state.first_host anyway.
Guenter Knauf (4 Jul 2009)
- Markus Koetter provided a patch to avoid getnameinfo() usage which broke a
couple of both IPv4 and IPv6 autobuilds.
Daniel Stenberg (29 Jun 2009)
- Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port
range if given colon-separated after the host name/address part. Like
"192.168.0.1:2000-10000"
- Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I
don't know how they got wrong in the first place, but using this output
format makes it possible to quite easily separate the string into an array
of multiple items.
Daniel Fandrich (16 June 2009)
- Added a few more compiler warning options for gcc.
Daniel Stenberg (16 Jun 2009)
- Reuven Wachtfogel made curl -o - properly produce a binary output on windows
(no newline translations). Use -B/--use-ascii if you rather get the ascii
approach.
Michal Marek (16 Jun 2009)
- When doing non-anonymous ftp via http proxies and the password is not
provided in the url, add it there (squid needs this).
Daniel Stenberg (15 Jun 2009)
- Eric Wong's patch:
This allows curl(1) to be used as a client-side tunnel for arbitrary stream
protocols by abusing chunked transfer encoding in both the HTTP request and
HTTP response. This requires server support for sending a response while a
request is still being read, of course.
If attempting to read from stdin returns EAGAIN, then we pause our sender.
This leaves curl to attempt to read from the socket while reading from stdin
(and thus sending) is paused.
This change was needed to allow successfully tunneling the git protocol over
HTTP (--no-buffer is needed, as well).
Patrick Monnerat (15 Jun 2009)
- Replaced use of standard C library rand()/srand() by our own pseudo-random
number generator.
Yang Tse (11 Jun 2009)
- I adapted testcurl script to allow building test harness programs when
cross-compiling for a *-*-mingw* host.
Daniel Stenberg (10 Jun 2009)
- Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.
Yang Tse (10 Jun 2009)
- I introduced configure script option --enable-curldebug which now allows
the decoupled enabling or disabling of the curl debug memory tracking
feature from the --enable-debug option which no longer controls this.
curl --version will list 'Debug' feature for debug enabled builds, and
will list 'TrackMemory' feature for curl debug memory tracking capable
builds. These features are independent and can be controlled when running
the configure script. When --enable-debug is given both features will be
enabled, unless some restriction prevents memory tracking from being used.
Internally, definition of preprocessor symbol DEBUGBUILD restricts code
which is only compiled for debug enabled builds. And symbol CURLDEBUG is
used to differentiate code which is _only_ used for memory tracking.
Yang Tse (9 Jun 2009)
- Daniel Steinberg pointed out that Curl_FormInit() in formdata.c was not
initializing the fread callback pointer and this triggered a compiler
warning, also provided a friendly suggestion on how to fix it.
Daniel Stenberg (8 Jun 2009)
- Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount
issue with client certs that caused issues like segfaults.
http://curl.haxx.se/mail/lib-2009-05/0316.html
- Triggered by bug report #2798852 and the patch in there, I fixed configure
to detect gnutls build options with pkg-config only and not libgnutls-config
anymore since GnuTLS has stopped distributing that tool. If an explicit path
is given to configure, we will instead guess on how to link and use that
lib. I did not use the patch from the bug report.
Yang Tse (8 Jun 2009)
- Igor Novoseltsev adjusted Makefile.vxworks to get sources and headers
included from Makefile.inc, and provided docs\INSTALL VxWorks section.
- I removed buildconf.bat from release and daily snapshot archives. This
file is only for CVS tree checkout builds.
Daniel Stenberg (8 Jun 2009)
- Eric Wong fixed --no-buffer to actually switch off output buffering. Been
broken since 7.19.0
Bill Hoffman (6 Jun 2009)
- Added some cmake docs and fixed socklen_t in the build.
Yang Tse (5 Jun 2009)
- John E. Malmberg provided VMS specific patch: "This fixes an existing bug
in urlglob.c where it was not converting the Curl Unix exit code to a VMS
DCL compatible exit code. This fix required the enhancement described next.
This also adds an enhancement to main.c so that when curl is run under a
Unix shell like Bash on VMS, it will return the standard Unix exit codes
and messages." And another patch for docs/examples.
I introduced os-specific.c and os-specific.h for use in curl tool code
and adjusted John E. Malmberg's patch placement to use these new files
as an effort to prevent main.c from growing ad infinitum. Code already
existing in main.c which is OS specific should be moved into these files.
Daniel Stenberg (4 June 2009)
- Setting the Content-Length: header from your app when you do a POST or PUT
is almost always a VERY BAD IDEA. Yet there are still apps out there doing
this, and now recently it triggered a bug/side-effect in libcurl as when
libcurl sends a POST or PUT with NTLM, it sends an empty post first when it
knows it will just get a 401/407 back. If the app then replaced the
Content-Length header, it caused the server to wait for input that libcurl
wouldn't send. Aaron Oneal reported this problem in bug report #2799008
(http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.
Yang Tse (4 Jun 2009)
- Igor Novoseltsev provided patches and information, that after some
adjustments to better fit curl's way of doing things, have resulted
in the posibility of building libcurl for VxWorks.
Daniel Fandrich (2 June 2009)
- Checked in a Google Android make file. To use it, you must first
create a config.h file by running configure in the Android environment,
which doesn't seem to be easy to do. If no easy way can be found, a
static config-android.h may need to be created and checked in to the
libcurl source tree.
Daniel Stenberg (1 June 2009)
- Claes Jakobsson fixed the configure script to better find and use NSS
without pkg-config.
Yang Tse (1 Jun 2009)
- John E. Malmberg provided a VMS specific clean-up for curl.h, and pointed
out that the configure script was failing to detect the timeval struct on
VMS when building with _XOPEN_SOURCE_EXTENDED undefined due to definition
taking place in socket.h instead of time.h. I have adjusted configure
script to also include this header when checking struct timeval.
Daniel Stenberg (27 May 2009)
- Frank McGeough provided a small OpenSSL #include fix to make libcurl compile
fine with Nokia 5th edition 1.0 SDK for Symbian.
- Andre Guibert de Bruet found a call to a OpenSSL function that didn't check
for a failure properly.
- Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear
the auth credentials back in 7.19.0 and earlier while now you have to set ""
to get the same effect. His patch brings back the ability to use NULL.
- Claes Jakobsson fixed libcurl-NSS to build fine even without the
PK11_CreateGenericObject() function.
Daniel Stenberg (25 May 2009)
- bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed
out that the cookie parser would leak memory when it parses cookies that are
received with domain, path etc set multiple times in the same header. While
such a cookie is questionable, they occur in the wild and libcurl no longer
leaks memory for them. I added such a header to test case 8.
Daniel Fandrich (22 May 2009)
- Removed some obsolete digest code that caused a valgrind error in test 551.
Daniel Fandrich (20 May 2009)
- Added "non-existing host" test keywords to make it easy to skip those
tests on machines that have broken DNS configurations (such as
those configured to use OpenDNS).
Daniel Stenberg (19 May 2009)
- Kamil Dudka brought the patch from the Redhat bug entry
https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing
a bad file descriptor when closing down the FTP data connection. Caolan
McNamara seems to be the original author of it.
* Add new hooks: canremove, canrename, rename. (intrigeri)
* rename: Refactor subpage rename handling code into rename hook.
(intrigeri)
* po: New plugin, suporting translation of wiki pages using po
files. (intrigeri)
* Add build machinery to build po files to translate the underlay wikis,
* Add further build machinery to generate translated underlays from
the po file, for use by wikis whose primary language is not English.
* Add Danish basewiki translation by Jonas Smedegaard.
* img: Fix adding of dependency from page to the image.
* pagestats: add among parameter, which only counts links from
specified pages (smcv)
* pagestats: when making a tag cloud, don't emit links where the
tag is unused (smcv)
* map: Avoid emitting an unclosed ul element if the map is empty.
(harishcm)
* inline: Add pagenames parameter that can be used to list a set
of pages to inline, in a specific order, without using a PageSpec.
(smcv)
* Add getsource plugin (Will, smcv)
Note that the new po plugin won't work until textproc/po4a is updated
to at least 0.34. Any takers?
* Fix for downloads of files with Internet Explorer with SSL enabled.
* Mark session as disabled as soon as logout starts, in case the IdP
doesn't respond.
* Bugfix for session lifetime. Take the session lifetime from the
SessionNotOnOrAfter attribute if it is present.
- mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas. Report
warnings compiling mod_ssl against OpenSSL to the httpd developers.
[Guenter Knauf]
- mod_cgid: Do not add an empty argument when calling the CGI script.
Bug 46380 [Ruediger Pluem]
- Fix potential segfaults with use of the legacy ap_rputs() etc
interfaces, in cases where an output filter fails. Bug 36780.
[Joe Orton]
support Catalyst Developers using pkgsrc a bit better.
It's easy to create memory leaks in Catalyst applications and often they're
hard to find. This module tries to help you finding them by automatically
checking for common causes of leaks.
Right now, only one cause for leaks is looked for: putting a closure, that
closes over the Catalyst context (often called $ctx or $c), onto the stash,
without weakening the reference first. More checks might be implemented in
the future.
This module is intended for debugging only. I suggest to not enable it in a
production environment.
pkgsrc changes:
- Adding license information
Upstream changes:
$Revision: 0.6 $ $Date: 2009/07/28 21:25:25 $
! lib/HTTP/Response/Encoding.pm t/01-file.t
Addressed RT#47033:
new libwww-perl-5.827 release from 15.06.2009 breaks all tests
(Tested both on lwp5.826 and lwp5.830)
http://rt.cpan.org/Ticket/Display.html?47033
pkgsrc changes:
- Adjusting license information according to module Pod
Upstream changes:
Version 3.44
1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown.
2. Patch from Pavel merdin to fix a problem for one of the FireFox addons.
3. Fixed issue in mod_perl & fastCGI environment of cookies returned from
CGI->cookie() leaking from one session to another.
New features (some are compile-time options):
* add session save/restore feature
o bind ^X to toggle view of page showing session information
o add binding for ^U to previous-document (outside of
line-editing).
o documented command-line options and configuration data
for this feature.
o document -child_relaxed option in Lynx users's guide.
* add -passive-ftp option.
* add -child_relaxed option.
* add "read_timeout" to lynx.cfg, and -read_timeout option to
command-line
* add -show_cfg option.
* add LYNX_HELPFILE environment variable to allow override of
location of the help-file
* add NO_PAUSE setting to lynx.cfg, .lynxrc and Options menu
* implement a LONG_LIST equivalent for ftp, configurable as
FTP_FORMAT
* add XWINDOWS / NON_XWINDOWS environment-variable field to
DOWNLOAD, etc., in lynx.cfg to specify whether a downloader
(printer, etc) is enabled when the X display variable is set
* configure script improvements
o add --with-mime-libdir option to set MIME_LIBDIR in
userdefs.h file
o add --with-destdir configure option to set a default
value for the DESTDIR variable in makefiles, and modified
makefiles to ensure that setting DESTDIR in the top-level
makefile propagates to lower levels
o add --enable-local-docs option to link doc-directory
from help-page
o add --enable-ascii-ctypes option to enable EXP_ASCII_CTYPES
Other enhancements:
* improve SSL support:
o improve X.509 certificate validation This is tested
for OpenSSL, ifdef'd to not break gnutls. Changes:
+ peer certificate is cached, no need to call
SSL_get_peer_certificate() twice
+ support foo.domain:port and [ip.add.re.ss] and
[ip.add.re.ss]:port and [i:p:v:6:ad:dr:es:s] and
[i:p:v:6:ad:dr:es:s]:port
+ add support for checking X.509v3 SubjectAltName
extensions (of type DNS - tested - and IP - untested)
when the X.509 commonName check fails.
+ when displaying a list of failed CNs, change
format from foo:bar:baz to
CN{foo}:CN{bar}:CN{baz}:SAN{DNS=foo}:SAN{IP=1.2.3.4}
so that we know where what comes from (in "Your
recent statusline messages")
+ if the peer certificate can *NOT* be verified,
output a message to the log as well
+ fix a possible use of an uninitialised value
ssl_all_cns
+ output certificate issuer to the logs as well
(so that you can, before entering your online
banking PIN, see if the certificate has been issued
not only _to_ your bank but also _from_ a place
you trust, in case /etc/ssl/certs/ contains a lot
of Root CA certs)
o add support for the X.509 extension subjectAltName
using GNUTLS.
o log SSL/TLS (HTTPS connection) X.509 certificate issuer
information into the "recent statusline messages"
(accessible via the backspace key)
o add TNS SNI support for the OpenSSL configuration
o modify CF_SSL configure macro to check for -ldl needed
for recent OpenSSL versions
o modify CF_SSL configure macro to build with MSYS for
MinGW configuration
o extend configure macros CF_SSL and CF_GNUTLS to check
for pkg-config, using that for the default if the
corresponding openssl or gnutls packages are installed.
o add configure --with-nss-compat option, for building
with NSS library's OpenSSL-compatible interface
o add SSL_CERT_FILE to lynx.cfg
o rewrite strcasecomp_asterisk() to support wildcards as
in RFC 2818
o add --enable-gnutls-compat configure option and associated
files to configure with GNU TLS without its gnutls-openssl
library, whose newer versions are available only under
a restrictive license.
o fix src/tidy_tls.c X509_get_issuer_name to actually
take the issuer DN of the present certificate and not
hope that it is the same as taking the subject DN of the
"next" certificate which may or may not exist.
* improve HTML interpretation:
o update Lynx's tables of HTML attributes to cover (except
for events) the keywords from HTML 4.01
o use RFC-822 encoding for filenames passed via file-upload
forms.
o provide navigation to script-buttons, to make them more
visible, showing their name
o add "Bad HTML messages" to Options menu, letting the
user disable the warning message, write the detailed
messages to the LYNXMESSAGES: status buffer.
o remove "Bad HTML" warning for buttons outside a form,
since those can be inline, according to the HTML 4 DTD
o correct check for default type of HTML BUTTON, which
is "submit". The code treated this as "button".
o implement "readonly" attribute for TEXTAREA and TEXT
fields
o accommodate (in)compatibility "feature" in HTML5 draft
which replaces ISO-8859-1 with Windows-1252, as indicated
here.
o add support for HTML5 rel=author in link.
o modify SGML_write() to check for UCS-2 BOMs, to provide
support for UCS-2 pages.
o modify SGML_write() to check for UTF-8 BOM, using that
as a hint to set the default document charset to UTF-8.
o parse xml processing-instruction to turn on UTF-8
decoding, as well as disable upper/lower case transforming
in source view.
o parse doctype for xhtml, to tell when empty tags such
as "<textarea />" can be discarded
o translate named entities, etc., for "content" field of
refresh-URL.
o add switch -xhtml-parsing and lynx.cfg XHTML_PARSING
setting to control whether the extensions for XHTML 1.0
are used.
o modify Lynx's DTD information to allow it to display
form-related tags that are inline, even without being in
a form as indicated in
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
for %inline.forms and %misc.inline.
* improvements to character sets and display:
o improve drawing of menus for multibyte characters by
changing the way the number of fill-characters is computed
in LYpaddstr
o fix some uses of gettext in options menu and info page
where a translated string might contain angle-brackets
or ampersand
o modify popup for externals added in 2.8.4dev.20 to
number the entries if keypad mode is set to one of the
numbered forms
o ie multibyte editing of text-fields.
* improvements to color-style:
o bug-fixes only
* improve interaction with user:
o remove check for -dump option from HTHandleAuthInfo(),
allowing Lynx to -dump or -source NNTP urls
o change the phase during which "-help" option is processed,
to allow it to reflect the configured values of the options
in the help-message
o check if there is piped-in data when starting without
"-" or "-stdin" options, warn about the ignored input
data in that case.
o add ncurses scroll-wheel support, which requires the
extended-mouse configure option of ncurses.
o modify initial active link in download-page to be the
first download action rather than the "help" link whided
in Novice mode.
o make the size of LYNXMESSAGES configurable in lynx.cfg
with STATUS_BUFFER_SIZE
* improve interaction with other programs:
o discard anchor's post_data field in HTLoadDocument()
if Lynx is about to reload a do. That would happen if
the result of the form includes a link back to the form.
Removing the data causes Lynx to prompt the user, e.g.,
Resubmit POST content to
http://localhost/cgi-bin/lynxtest.pl ? (y/n)
to offer the user the choice between revisiting form
or re-POST'ing the data that was on the form
o pass a newline after the start of PRE-section in
HTGopher.c to force the first newline between records to
be seen and cause the lines to split
o add POSITIONAL_EDITOR setting to configure editors
which accept a "+line" parameter
o modify external editing of TEXTAREA to not do
tab-conversion.
o modify behavior of "-nonumbers" option for -dump so it
can be combined with -listonly to obtain a list of the
URLs without reference numbers.
o implement "chunked" transfer-encoding to work with
servers that ignore the version number in HTTP get's
o add an Options menu checkbox to tell if Lynx should
send a user-agent string. Unless the useragent restriction
is set, the default for this checkbox is off, so that
Lynx will not send the string. The corresponding setting,
send_useragent, may be saved to ~/.lynxrc, but normally
is not.
o change default for configure --enable-ascii-ctypes to
true.
o modify exit code when doing a "-dump" to exit with
error if the server returned an error status for the
page.
* improve cookie support:
o modify cookie-writing to not write if no cookies were
read from the file and none are available.
o adapt/extend parsdate.y from tin to improve parsing of
cookie expiration times.
* improvements to debug/traces:
o change initialization of trace file, handing this during
the first part of argument parsing along with -help and
-version, to show steps done for initialization of
presentors, etc
* improvements to scripting/logging:
o bug-fixes only
* other improvements:
o build/install "en" po file so that GNU gettext LANGUAGE
environment variable can find the corresponding English
message file.
o if iconv_open() using transliteration fails, retry
without the transliteration feature.
o improve change for UCSetBoxChars() from 2.8.6dev.16
for EXP_CHARTRANS_AUTOSWITCH which assumed that the
line-drawing character set was always different from the
display character set. If both are US_ASCII for example,
ASCII lines would be drawn, which is not good
o modify scanning of floats from lynx.cfg to allow Lynx
to read POSIX values in non-POSIX locales
o replace BROKEN_PROFTPD and BROKEN_WU_FTPD logic with
configurable list of strings in lynx.cfg, i.e.,
BROKEN_FTP_RETR and BROKEN_FTP_EPSV, and add "spftp/" to
the predefined values for the former.
o modify to handle a special case where the content-type
is given as one of the compressed types, to check if the
address (after stripping the file suffix for that
compression) has a suffix that lynx could present For
example:
http://foo/bar.html.gz
would display the uncompressed "bar.html" rather than
offering to download the file. This also allows one to
add SUFFIX commands to lynx.cfg to display the
corresponding plain files. For example:
SUFFIX:CHANGES.*:text/plain:8bit
SUFFIX:CHANGES:text/plain:8bit
for
http://foo/CHANGES.tmp.gzhttp://foo/CHANGES.gz
o fix ipv6 literal command-line parsing.
o setup locale before writing version-message.
New/improved sample files:
* add sample scripts for configuring MinGW version using Cygwin.
New ports:
* none
(it seems to run everywhere, but there are a few possibilities)
Improvements to existing ports:
* UNIX:
o add definition for _FILE_OFFSET_BITS in CF_LARGEFILE,
needed for Solaris 64-bit compiles.
o modify UCdomap.c to work with Solaris iconv and handle
additional encodings:
+ if "TRANSLIT" feature (an extension of glibc)
does not succeed, retry the call to iconv_open
without "TRANSLIT"
+ add check for any MIME name beginning "iso8859",
mapping to "iso-8859"
+ recognize "eucjp" MIME name as alias for "euc-jp"
+ recognize "pck" MIME name as alias for "shift_jis"
+ recognize "ansi-1251" MIME name as alias for "windows-1251"
o modify parsdate.y to convert between EBCDIC/ASCII to work on z/OS
* Linux:
o bug-fixes only
Improvements for maintainability and testing:
* modify definitions in LYStructs.h for union to cast to a
void* rather than a long, to help with 64-bit ports
* fix some mismatched BOOL vs BOOLEAN from compiler warnings
due to dev.13 change to LYStructs.h
* change a few options such as --enable-locale-charset option
to non-experimental
* free leaks of LYLeaks.c, to make it simpler to check it with
a second tool such as valgrind.
* use off_t rather than long for representing file sizes, e.g.,
when used to print progress messages
* use dtd_util to replace most of HTMLDTD.h and HTMLDTD.c with
source generated from the existing tables in those files
* rename variable defined by CF_PATHSP to PATH_SEPARATOR, use
this consistently to ease use in later autoconf versions
As well as security-related changes:
* modify prompt in LYLoadCGI() from 2.8.6dev.15 to always prompt
user (from FEDORA-2008-9597), and modify compiled-in configuration
default for consistency with other lynx.cfg settings to require
that lynx.cfg be set to permit use of lynxcgi scripts.
* modify logic for reading PERSONAL_EXTENSION_MAP and
PERSONAL_MAILCAP to ensure that they are files that are controlled
only by the user. The default values for these allow lynx to
read configuration information from the user's current directory
at lynx's startup.
* ensure that PERSONAL_EXTENSION_MAP and PERSONAL_MAILCAP are
absolute pathnames, performing tilde expansion as needed.
Pathnames that are not given in absolute form will be sought
under the user's home directory as if they began with "~/".
* ensure that the configured values for GLOBAL_EXTENSION_MAP
and GLOBAL_MAILCAP are absolute pathnames.
And finally:
* A lot of bug fixes
* A lot of documentation changes.
* A lot of dead code removed
pkgsrc changes:
- Add dependency to textproc/p5-Pod-POM for Template::Plugin::Pod and
graphics/p5-Image-Info for Template::Plugin::Image
Upstream changes:
#-----------------------------------------------------------------------
# Version 2.22 - 21st July 2009
#------------------------------------------------------------------------
* Changed pod coverage and kwalitee tests to only run when release
testing.
#-----------------------------------------------------------------------
# Version 2.21_02 - 4th July 2009
#------------------------------------------------------------------------
* Added UTF8 support to the XS Stash.
https://rt.cpan.org/Ticket/Display.html?id=45842
* Fixed the truncate filter to handle lengths shorter than the '...'
string being appended on the end.
https://rt.cpan.org/Ticket/Display.html?id=45617
* Fixed a bug in the parser/grammar to make NEXT/LAST work correctly
inside nested loops.
https://rt.cpan.org/Ticket/Display.html?id=40887
* Fixed a bug in Template::Plugin::Filter that was causing the weakened
$self reference in a dynamic filter closure to be garbage collected
too soon. (NOTE: this has probably un-fixed a previous bug)
https://rt.cpan.org/Ticket/Display.html?id=46691
* Applied patch to allow list.sort to sort on multiple fields.
https://rt.cpan.org/Ticket/Display.html?id=40637
#-----------------------------------------------------------------------
# Version 2.21_01 - 4th July 2009
#------------------------------------------------------------------------
* Removed Template::Plugin::Autoformat and t/autoform.t. They're now
available as a separate distribution.
* Fixed some Win32 test failures and XS Stash compilation problems.
There's a SEGV in glib2 and the backtrace doesn't have any browser
engine references in it so I'm inclined to believe this package was
broken by a glib2/gtk2 update.
XXX: Some stock icons appear to not work, is there a missing GNOME
dependency here?
2.0.7 "Surprise!"
- Works with Firefox 2/3 and Xulrunner 1.8/1.9
- Restored support for http authentication by Mike Hommey <mh@glandium.org>
- Restored support for remembering passwords.
- Partially restored support for user stylesheets.
- Effect is global rather than per page but UI doesn't reflect this.
2.0.6 "Pining for the Fjords"
- Works with Firefox 2 and 3 and xulrunner 1.8 and 1.9
- Thanks to Alexander Sack <asac@ubuntu.com> and Loïc Minier <lool#dooz.org>
for the xulrunner 1.9 patches.
- With Firefox 3/xulrunner 1.9, functionality remains crippled as
documented in the 2.0.5 release notes.
- Support for older versions of Mozilla have been removed.
You can use 2.0.5 to build against them if you need to.
- GConf pref added to suppress close confirmation for web forms.
- SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects. Bug 39605.
[Joe Orton, Ruediger Pluem]
- SECURITY: CVE-2009-1195 (cve.mitre.org)
Prevent the "Includes" Option from being enabled in an .htaccess
file if the AllowOverride restrictions do not permit it.
[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
Ruediger Pluem, Jeff Trawick]
- SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
- SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. Bug 46949 [Ruediger Pluem]
- SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
The bundled copy of the APR-util library has been updated, fixing three
different security issues which may affect particular configurations
and third-party modules.
- mod_include: fix potential segfault when handling back references
on an empty SSI variable. [Ruediger Pluem, Lars Eilebrecht, Nick Kew]
- mod_alias: check sanity in Redirect arguments.
Bug 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
- mod_proxy_http: fix Host: header for literal IPv6 addresses.
Bug 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
- mod_rewrite: Remove locking for writing to the rewritelog.
Bug 46942
- mod_alias: Ensure Redirect emits HTTP-compliant URLs.
Bug 44020
- mod_proxy_http: fix case sensitivity checking transfer encoding
Bug 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
- mod_rewrite: Fix the error string returned by RewriteRule.
RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
argument of RewriteRule was not started with "[" or not ended with "]".
Bug 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
- mod_proxy: Complete ProxyPassReverse to handle balancer URL's. Given;
BalancerMember balancer://alias http://example.com/foo
ProxyPassReverse /bash balancer://alias/bar
backend url http://example.com/foo/bar/that is now translated /bash/that
[William Rowe]
- New piped log syntax: Use "||process args" to launch the given process
without invoking the shell/command interpreter. Use "|$command line"
(the default behavior of "|command line" in 2.2) to invoke using shell,
consuming an additional shell process for the lifetime of the logging
pipe program but granting additional process invocation flexibility.
[William Rowe]
- mod_ssl: Add server name indication support (RFC 4366) and better
support for name based virtual hosts with SSL. Bug 34607
[Peter Sylvester <peter.sylvester edelweb.fr>,
Kaspar Brand <asfbugz velox.ch>, Guenter Knauf, Joe Orton,
Ruediger Pluem]
- mod_negotiation: Escape pathes of filenames in 406 responses to avoid
HTML injections and HTTP response splitting. Bug 46837.
[Geoff Keating <geoffk apple.com>]
- mod_include: Prevent a case of SSI timefmt-smashing with filter chains
including multiple INCLUDES filters. Bug 39369 [Joe Orton]
- mod_rewrite: When evaluating a proxy rule in directory context, do
escape the filename by default. Bug 46428 [Joe Orton]
- mod_proxy_ajp: Check more strictly that the backend follows the AJP
protocol. [Mladen Turk]
- mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
to enable stricter checking of remote server certificates.
[Ruediger Pluem]
- mod_substitute: Fix a memory leak. Bug 44948
[Dan Poirier <poirier pobox.com>]
- mod_proxy_ajp: Forward remote port information by default.
[Rainer Jung]
- mod_disk_cache/mod_mem_cache: Fix handling of CacheIgnoreHeaders
directive to correctly remove headers before storing them.
[Lars Eilebrecht]
- mod_deflate: revert changes in 2.2.8 that caused an invalid
etag to be emitted for on-the-fly gzip content-encoding.
Bug 39727 will require larger fixes and this fix was far more
harmful than the original code. Bug 45023. [Roy T. Fielding]
- mod_disk_cache: The module now turns off sendfile support if
'EnableSendfile off' is defined globally. Bug 41218.
[Lars Eilebrecht, Issac Goldstand]
- prefork: Fix child process hang during graceful restart/stop in
configurations with multiple listening sockets. Bug 42829. [Joe Orton,
Jeff Trawick]
- mod_ssl: Add SSLRenegBufferSize directive to allow changing the
size of the buffer used for the request-body where necessary
during a per-dir renegotiation. Bug 39243. [Joe Orton]
- mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
way that per-directory rewrites append the previous notion of PATH_INFO
to each substitution before evaluating subsequent rules.
Bug 38642 [Eric Covener]
- mod_authnz_ldap: Reduce number of initialization debug messages and make
information more clear. Bug 46342 [Dan Poirier]
- mod_cache: Introduce 'no-cache' per-request environment variable
to prevent the saving of an otherwise cacheable response.
[Eric Covener]
- core: Translate the status line to ASCII on EBCDIC platforms in
ap_send_interim_response() and for locally generated "100 Continue"
responses. [Eric Covener]
- CGI: return 504 (Gateway timeout) rather than 500 when a script
times out before returning status line/headers.
Bug 42190 [Nick Kew]
- prefork: Log an error instead of segfaulting when child startup fails
due to pollset creation failures. Bug 46467. [Jeff Trawick]
- mod_ext_filter: fix error handling when the filter prog fails to start,
and introduce an onfail configuration option to abort
All the security problems mentioned above had already been fixed in
"pkgsrc" via patches. Thanks a lot to Adam Ciarcinski for letting me
know that new version had finally been released.
+ Preserve navigation history with new tabs
+ Implement clearing private data when quitting
+ Ellipsize and show close icons in the tab panel
+ Allow hiding panel operating controls
+ Integrate Tools with the compact menu
+ Fix User scripts, User styles and Plugins panel
+ Remove the bookmarkbar popup
+ Add New Tab to the tab context menu
+ Implement minimizing tabs
OpenGoo 1.5.1 has just been released. Several bugs from version 1.5
were fixed forq this release, including:
- Tags permissions. Now a user can only see tags applied to objects
that the user can view.
- Some milestones were showing in wrong workspaces.
- Custom properties defined in Administration are now searchable.
- Memory exhausted error when rendering repetitive tasks with an old
date in the calendar.
- Fatal error when copying a milestone.
- Fatal error "undefined function saveFileAttributes" when uploading a file.
- Fixed the permissions control when editing a workspace's permissions.
- Fixed a small rendering problem with invited users in event edition.
- Fixed error when sending emails to empty recipients.
- Fixed default user preferences' rendered value.
- Fixed a rendering problem in comments and descriptions that would skip
a character before an email address or link.
- Tags query was using a hardcoded 'og_' table prefix.
- Translate OpenGoo tool now includes subfolders of language folders.
Checklang also improved.
- Files of type audio/mp3 are now correctly identified as MP3.
- Updated langs.
Changes since version 3.1.0.12:
- Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
- Fix one more internal profiler error
- Language Updates: Italian, Russian
- Language Updates: Add many more aliases
- Add Copyright document for errors/ content
- ... all bug fixes from 3.0.STABLE18
- ... and several code polishing cleanups
Firefox 3.5 is based on the Gecko 1.9.1 rendering platform.
Firefox 3.5 offers many changes over the previous version, supporting new web
technologies, improving performance and ease of use.
Some of the notable features are:
* Support for the HTML5 <video> and <audio> elements
* Improved tools for controlling your private data
* Better web application performance using the new TraceMonkey JavaScript engine
* The ability to share your location with websites using Location Aware Browsing
* Support for native JSON, and web worker threads.
* Improvements to the Gecko layout engine, including speculative parsing for
faster content rendering.
* Support for new web technologies such as: downloadable fonts, CSS media
queries, new transformations and properties, JavaScript query selectors,
HTML5 local storage and offline application storage, <canvas> text,
ICC profiles, and SVG transforms.
It contains some critical problem of 3.0.17 and really fix security
problem according to updated SQUID-2009_2.txt.
Changes to squid-3.0.STABLE18 (04 Aug 2009):
- Bug 2728: regression: assertion failed: !eof
- Bug 2732: reply_body_max_size smaller than error page loops
infinitely until out of memory
- Bug 2725: pconn failure if domain or client_address are unset
- Bug 2648: reserved helpers not shut down after reconfigure/rotate
- Bug 2462: make check should tell when cppunit is missing
- Remove excess messages about headers < minimum size
- Support Libtool 2.2.6
(I opted for removing and re-importing instead of a plain update due to
extensive patch rototil)
We may encounter minor turbulence as dependent packages are sorted out.
Thank you for flying pkgsrc-current.
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended.
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on
invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
Highlights
* New drag-and-drop widgets admin interface and new widgets API
* Syntax highlighting and function lookup built into plugin and theme editors
* Browse the theme directory and install themes from the admin
* Allow the dashboard widgets to be arranged in up to four columns
* Allow configuring the number of items to show on management pages with an option in Screen Options
* Support timezones and automatic daylight savings time adjustment
* Support IIS 7.0 URL Rewrite Module
* Faster loading of admin pages via script compression and concatenation
For all the details see: http://codex.wordpress.org/Version_2.8
Trac-0.11.5.ja1 (Jul 20, 2009)
* Merge Trac-0.11.5
Trac 0.11.5 (July 17, 2009)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.5
Trac 0.11.5 is identical to 0.11.5rc2 except for fixing a minor
incompatibility issue when using IIS via AJP as frontend (#8475).
Trac 0.11.5rc2 (July 11, 2009)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.5rc2
Trac 0.11.5rc2 fixes two regressions found in rc1 and one minor enhancement:
* Fixed workaround for zipped Genshi eggs, [8354], #7823
* Fixed internal error when removing a wiki page version [8343].
* Fixed display of merge properties for scoped repositories #7715.
Trac 0.11.5rc1 (March 30, 2009)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.5rc1
Trac 0.11.5rc1 contains a number of bug fixes and minor enhancements.
The following list contains only a few highlights:
Bug fixes:
* Implemented pre-upgrade backup support for PostgreSQL and MySQL (#2304)
* Fixed PostgreSQL upgrade issue (#8378)
* More robust diff parsing (#2672)
* Avoid intermittent hangs by not calling apr_terminate explicitly (#7785)
Changes since version 3.1.0.11:
- Bug 2716: Chunked request Signed/Unsigned build error
- Bug 2674: Remove limit on HTTP headers read.
- Bug 2620: Invalid HTTP response codes causes segfault
- Fix FTP EPSV negotiation parser.
- Fix Via string when leak checking is enabled (valgrind etc)
- ... and several documentation and testing additions
This update also fixes the security vulnerabilites reported in
the SQUID-2009:2 advisory.
Security and bugfix release, patches the following advisories:
MFSA 2009-40 Multiple cross origin wrapper bypasses
MFSA 2009-39 setTimeout loses XPCNativeWrappers
MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__
on SVG element
MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries
MFSA 2009-35 Crash and remote code execution during Flash player unloading
MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12)
changes:
Performance of working with multiple windows was
improved. The download dialogue and the Transfer panel were enhanced.
An annoying bug was fixed that rendered Mouse Gestures virtually unusable.
Alt +n now does switch to the n-th tab as asked for by several users.
Another popular question in its own right was using Midori with no
menubar, for which now there is a menu button that appears upon hiding
the menubar and provides features missing from the context menu.
Through two new extensions finally keyboard shortcuts can be edited
comfortably and a toolbar editor makes customizing the toolbar layout
a walk in the park.
Changes in this version:
* Remove an unlock statement that shouldn't be there. This should
fix the problems reported in #232 and a lot of related bugs. Thanks
to Terry Duncan for the fix!
pkgsrc change: use the primary site rather than sourceforce, the newer
version was apparently not uploaded there
* Fixed downloading tar-gz-archives when using gz-extension
* Improved output when svn-command could not be executed correctly
* Added config option to use full alphabetic order (independent of
folder or file type)
* Fixed multiple links and minor issues
* Fixed issues: 212, 213, 214, 215, 216, 217, 219, 222, 223, 224,
225, 227, 228, 229, 230, 231, 232, 234, 237, 238
2.2.0:
* Fixed revision handling to use PEG revision instead of OPERATIVE revision
* This fixes many (but not all) cases when working with
moved/renamed/deleted files
* Removed dependencies to external command
* Added PEAR Archive_Tar
* Added PEAR Text_Diff
* Added usage of gz extension if available
* Added usage of PHP touch function
* Improved scalability of parent path handling
* Added support for upcoming PHP 5.3
* Added separate customizable extension mapping for GeSHi
* Added possiblity to ignore whitespace on compare and diff
* Added support for aliases in access file and handle continuation
lines correctly
* Added config option to set custom config path
* Added config option to exclude specific paths from the set of
repositories added by parentPath
* Added config option to add a subpath of a repository to the list
of repositories
* Added config option to switch between showing age and date in log
and listing view (the other is displayed in the title attribute)
* Added auto detection of Windows
* Added message when config file does not exist
* Added new logo and favicon
* Fixed some broken links when navigating through a repository
* Fixed created archive to be identical (for the same revision)
across multiple request
* This works under Linux with any PHP version and under Windows with PHP 5.3
* Fixed parsing of access file to support usernames containing equal characters
* Updated translations
* Dutch
* French
* Italian
2.1.0:
* Fixed: Several security fixed
* Added: Added GeSHi for code highlighting.
* Added: New languages.
* Changed: Separated modified files and directory listing.
* Changed: Updated used libraries.
FIX: XSS vulnarabilities (Issue 179)
FIX: Hide modified files in revision view based on authentication.
FIX: Numerous other security problems.
NEW: Added translations: hungarian, indonesian, slovak, uzbek.
CHANGED: Some code cleanup.
2.0:
* Changed: many cleanups and optimisations.
* Added: more documentation for *.php files.
* Removed: extraneous bits.
* Changed: line endings now use UNIX-style across the board.
NEW: New default template theme offered by Erik Pöhler
NEW: Template files may now be specified on a per repository basis
NEW: Add RSS 'alternate' <link> elements to the HTML headers in
directory listings. This lets you, for example, easily create a
'live bookmark' in Firefox to monitor commits to a particular SVN path.
NEW: Russian translation.
CHANGE: Bugtraq handling has been updated to account for the latest spec.
FIX: Syntax highlighting across lines has been fixed (Issue 85)
1.62:
NEW: RSS feed can now list changed files
NEW: Templates can now show an open folder icon
NEW: Polish translation
NEW: Dutch translation
CHANGE: Window is scrolled to appropriate location when opening a new directory
FIX: Allow repository names containing '/'
FIX: Fixed sloppy HTML in diff templates
FIX: Fix problems with the diff output
FIX: Repositories on Windows network shares can now be accessed.
FIX: Accented characters weren't shown correctly in the directory comparison
view.
FIX: Remove error when only one revision was available
pkgsrc changes:
* Use a more typical PKG_SYSCONFDIR.
* Don't depend on Apache PHP module; this runs anywhere PHP does.
add a local copy of SSL_SESSION_cmp which is missing in openssl 1.0.0 betas.
based on hack found at: http://trac.macports.org/ticket/19124
This fixes subversion-base build on NetBSD-current.
While here update to neon-0.28.5.
Changes in release neon 0.28.5, 3 July 2009 (PGP signature)
* Enable support for X.509v1 CA certificates in GnuTLS.
* Fix handling of EINTR in connect() calls.
* Fix use of builds with SOCK_CLOEXEC support on older Linux kernels.
Changes in release neon 0.28.4, 3 March 2009 (PGP signature)
* Fix ne_forget_auth (Kai Sommerfeld)
* GnuTLS support fixes:
o fix handling of PKCS#12 client certs with multiple certs or keys
o fix crash with OpenPGP certificate
o use pkg-config data in configure, in preference to libgnutls-config
* Add PKCS#11 support for OpenSSL builds (where pakchois is available)
* Fix small memory leak in PKCS#11 code.
* Fix build on Haiku (scott mc)
* svn: Fix rcs_rename to properly scope call to dirname.
* img: Pass the align parameter through to the generated img tag.
* Move OpenID pretty-printing from openid plugin to core (smcv)
pkgsrc changes:
* Add PKG_SYSCONFDIR support.
* Parameterize pkgsrc-configured paths in Makefile.PL so the patch
can go upstream.
* Retire legacy amazon_s3 option.
Shared directories can now be created independently by the pacakges
needing them and will be removed automatically by pkg_delete when empty.
Packages needing empty directories can use the @pkgdir command in PLIST.
Discussed and ok'd in thread starting at
http://mail-index.netbsd.org/tech-pkg/2009/06/30/msg003546.html
Trac 0.11.5 (July 17, 2009)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.5
Trac 0.11.5 is identical to 0.11.5rc2 except for fixing a minor
incompatibility issue when using IIS via AJP as frontend (#8475).
Trac 0.11.5rc2 (July 11, 2009)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.5rc2
Trac 0.11.5rc2 fixes two regressions found in rc1 and one minor enhancement:
* Fixed workaround for zipped Genshi eggs, [8354], #7823
* Fixed internal error when removing a wiki page version [8343].
* Fixed display of merge properties for scoped repositories #7715.
Trac 0.11.5rc1 (March 30, 2009)
http://svn.edgewall.org/repos/trac/tags/trac-0.11.5rc1
Trac 0.11.5rc1 contains a number of bug fixes and minor enhancements.
The following list contains only a few highlights:
Bug fixes:
* Implemented pre-upgrade backup support for PostgreSQL and MySQL (#2304)
* Fixed PostgreSQL upgrade issue (#8378)
* More robust diff parsing (#2672)
* Avoid intermittent hangs by not calling apr_terminate explicitly (#7785)
Changes since version 3.1.0.9:
- Bug 2087: Support adaptation sets and chains
- Bug 2459: dns error message broken when error handling delayed
- Support ICAP Retry
- Support ICAP retries based on the ICAP responses status code
- Support logging ICAP
- Support logging total DNS wait time
- Support logging response times of adaptation transactions
- General logging enhancements
- Dynamically form chains based on ICAP X-Next-Services header
- Support cross-transactional ICAP header exchange
- Bug 2680: Regression Crash after rotate with no helpers running
- Bug 2695: Regression in WCCPv2 L2 mask assignment
- Bug 2707: Regression in FTP anonymous auth
- Bug 422, 2706: RFC 2616 Date header requirements
- Bug 1087: ESI processor not quoting attributes correctly.
- Bug 1338: File prefetches aborted despite range_offset
- Bug 2080: wbinfo_group.pl - false positive under certain conditions
- Bug 2092: select loop 32-bit call counter overflows
- Bug 2127: delay pools class 4 crashes with ntlm auth
- Bug 2611: document fast/slow acl types
- Bug 2614: Potential loss of adapted body data from eCAP adapters
- Bug 2658: Missing TextException copy constructor
- Bug 2659: String length overflows on append, leading to segfaults
- Bug 2699: Build failure NTLM smb_lm helper
- Bug 2709: TRANSLATIONS not installed
- Bug 2710: squid_kerb_auth non-terminated string
- Delay pools 64-bit buckets and IPv6-polish
- Break forwarding loops for "transparent" or "intercept" http_ports.
- Add --disable-translation option to detatch .po from error negotiation
- Add squidclient man(1) page
- Add localhost to default permitted networks
- http_port allow-direct option to allow direct forwarding in accelerator mode
- ... and many testing infrastructure updates
- ... and much adaptation polish and improvements
- Updating package for p5 module App::Nopaste from 0.10 to 0.15
- Adding perl license
- Reordering dependencies between required and recommended
- Adjusting dependency versions
Upstream changes:
0.15 Wed Jul 15 05:01:36 2009
MANIFEST is really hard! :(
0.14 Wed Jul 15 04:48:15 2009
No code changes
0.13 Wed Jul 15 04:47:21 2009
Add support for paste.debian.net (Ryan Niebur)
0.12 Mon Jul 13 19:35:10 2009
Don't explicitly (optionally) depend on Git, but use it if
we have it (Sartak)
0.11 Thu Jun 18 17:20:51 2009
Service::Gist: use file_ext instead of file_name (nothingmuch)
Bump Moose dependencies to avoid deprecation warnings
Doc typo fix (rafl)
- Updating package for p5 module WWW:Curl from 4.07 to 4.09
- Adding license comment for or license experts
- Replacing duplicated dependency to www/curl with an API dependency
version
- Using Module::Install as module type
Upstream changes:
4.09 Thu Jul 09 2009: - Balint Szilakszi <szbalint at cpan.org>
- Fixing broken version check.
4.08 Tue Jul 07 2009: - Balint Szilakszi <szbalint at cpan.org>
- Fixed a memory leak in setopt.
- Added a check to Makefile.PL for the minimum libcurl version.
- Mentioned WWW::Curl hosting on github.
- Upgraded bundled Module::Install to 0.91.
- Updating package for p5 module WWW::Mechanize from 1.54 to 1.58
- Adjusting license and dependencies according to META.yml and Makefile.PL
Upstream changes:
1.58 Mon Jul 13 22:32:23 CDT 2009
========================================
No new features. If you have 1.56 installed OK, you do NOT need
to install 1.58.
[FIXES]
Removed prereq of HTTP::Response::Encoding, even though it was never
used. Thanks for the catch, Gisle.
1.56 Thu Jul 9 00:36:54 CDT 2009
========================================
[THINGS THAT MAY BREAK YOUR CODE]
For a while, Mech used HTTP::Response::Encoding to try to suss out
the proper encoding of the page it receives. Now, it lets
LWP::UserAgent do the work, and no longer requires
HTTP::Response::Encoding.
[ENHANCEMENTS]
Added a new dump_headers() method to dump the HTTP response headers.
Added --headers flag to mech-dump to dump the HTTP response headers.
[FIXES]
Now requires LWP version 5.829 because HTTP::Response has memory
cycle bugs.
[DOCUMENTATION]
Added a few notes to the FAQ, and fixed some incorrect docs.
1.55_01 Mon Jul 6 12:17:10 CDT 2009
========================================
This is mostly a bug fix release. There will be a number of other
bug fix releases in the next few days.
[FIXED]
New test server now randomizes the port it runs on.
t/cookies.t should not hang on Windows any more.
META.yml has been updated so the search.cpan.org links should be
correct.
Passing no_proxy would make LWP::UserAgent barf. Thanks to Mike
Schilli for the fix.
Cookies test would fail under Windows. Fixed, thanks to many people
reporting it.
[ENHANCEMENTS]
$mech->submit_form() now can specify the form by ID using the form_id
parameter.
[DOCUMENTATION]
The docs used to say that ->stack_depth(0) was an infinite stack
size. This is wrong. Zero will tell Mech not to keep any history.
Changelog:
Changes between 0.1 to 0.3:
0.3
Added the possibility to specify the path where SWILL creates temporary files. Added swill_interface() to bind to specific interface.
0.2
Added support for compiling under Win32 with MSVC.
Added support for HTTPS using OpenSSL.
* SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 6.12 release:
* - Patch #463450 by wulff: fixed documentation glitch.
* #193577 by Rob Loach, Damien Tournoud, andypost: JavaScript string split() function does not behave like PHP explode(); causes problems with multiple node body break tags
* #454992 by sun, bengtan: _drupal_flush_css_js() should not have 'q' as a possible CSS query character, since that is the Drupal path name character too
* #452704 by andypost, catch: Names of compressed CSS and JS files should have a prefix, so that names starting in ad* will not happen. Those are easily blocked by firewalls, Firefox's Adblock, etc.
* #468732 by andypost: cache_clear_all() mentioned cache_flush_delay incorrectly; it should say we use cache_lifetime
* #460420 by wulff, andypost: drupal_set_title() in forum_overview() is not needed; menu already sets the title and is localized
* #398902 by Nick Urban, alexanderpas, kscheirer: password equality checking was not using strict type checking; we should assume these are strings and compared character to character
* #479216 by jhedstrom: fix grammar in forum module messages
* #445748 by Dave Reid, dww: Fix module support for disabled module update status checking and do not track usage in that case.
* #465190 by Heine: The Anonymous name is a plain text setting, so it should be escaped properly for output.
* #246096 by Sutharsan, Pedro Lozano, mr.baileys, andypost: Actions set to run on cron were not actually triggered.
* #226479 by gpk, BrianV, catch: We should always show the node access rebuild button. The check on when to show it was fragile, so the button might not have been there when actually needed.
* #482646 by Dave Reid: For proper HTTP query simpletesting, we should pass on the instance identifier (database prefix).
* #197266 by ufku, lilou, Dave Reid, c960657, drewish: Save a query by only calling file_space_used() when a limit is provided.
* #408876 by Pasqualle, JamesAn: The 'serialize' Schema API property was used but not documented.
* #145733 by kepten, brianV: The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.
* #373225 by jpulles, Josh Waihi: When changing columns, PostgreSQL needs explicit type casting to ensure that values are kept properly.
* #236657 by hctom, swentel: In system_clear_cache_submit(), the function arguments were swapped (but it did not affect how it actually worked).
* #243253 by Benjamin Melançon, dww: Update status should not attempt to request update data until a limit is reached. Fixed Drupal instances when drupal.org is down and gets less load on Drupal.org if data is not found.
* #339466 by patryk, c960657, alexanderpas: Remove url() wrapping from remote links and link in a more user friendly OpenID provider list.
* #461938 by grendzy, JamesAn: Use filter_xss_admin() on site name and site slogan, just like footer message and mission
* #455172 by budda, RoboPhred, andypost: Fix drupal_mail() documentation, so that it encourages to set the body of the email as an array (like core does).
* #329797 by berenddeboer, redndahead, danielb: The tablesort code did not account for possibly nested tables; only match immediate descendats, so elements of nested tables are not matched.
* #352121 by valthebald, Damien Tournoud, mr.baileys: The safe string check on translations should only be applied to the default textgroup. Strings in other textgroups such as blocks and menu items are displayed via escaping and filtering, and might contain arbitrary HTML.
* SA-CORE-2009-007 Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 5.18 release:
* #212285 by wrwrwr: hr should be treated as a block level tag. Backport by alexanderpas.
* #145733 by kepten, brianV: The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.
- Updating package for p5 module LWP from 5.828 to 5.829
- Adjusting license to perl license
Upstream changes:
2009-07-07 Release 5.829
This release removes callback handlers that were left over on the returned
HTTP::Responses. This was problematic because it created reference loops
preventing the Perl garbage collector from releasing their memory. Another
problem was that Storable by default would not serialize these objects any
more.
This release also adds support for locating HTML::Form inputs by id or class
attribute; for instance $form->value("#foo", 42) will set the value on the
input with the ID of "foo".
Gisle Aas (5):
Make the example code 'use strict' clean by adding a my
Avoid cycle in response
Clean up handlers has from response after data processing is done
Support finding inputs by id or class in HTML::Form
Test HTML::Form selectors
Mark Stosberg (1):
Tidy and document the internals of mirror() better [RT#23450]
phrstbrn (1):
Avoid warnings from HTML::Form [RT#42654]
* img: Fix extra double quote with alt text. (smcv)
* Updated French debconf templates translation. Closes: #535103
* openid: Support Net::OpenID 2.x when pretty-printing openids. (smcv)
* highlight: Fix utf-8 encoding bug. Closes: #535028
* comment: Make comment directives no longer use the internal
"\_comment" form, and document the comment directive syntax.
* Avoid relying on translators preserving the case when translating
"discussion", which caused Discussion pages to get unwanted
Discussion links.
* Tighten up matching of bare words inside directives; do not allow
an unterminated triple string to be treated as a series of bare
words. Fixes runaway regexp recursion/backtracking in strange
situations.
* Setup automator: Check that each plugin added to the generated
setup file can be loaded and that its config is ok. If a plugin
fails for any reason, disable it in the generated file. Closes:
#532001
* pagecount: Fix broken optimisation for * pagespec.
* goto: Support being passed a page title that is not a valid page
name, to support several cases including mercurial's long user
names on the RecentChanges page, and urls with spaces being
handled by the 404 plugin.
* Optimise use of gettext, and avoid ugly warnings if Locale::gettext
is not available. Closes: #532285
* meta: Add openid delegate parameter to allow delegating only
openid or openid2.
* Disable the Preferences link if no plugin with an auth hook is enabled.
* Updated French translation. Closes: #532654
* aggregate: Fix storing of changed md5.
* aggregate: Avoid resetting ctime when an item md5 changes.
* highlight: New plugin supporting syntax highlighting of pretty
much anything.
* debian/control: Add suggests for libhighlight-perl, although that
package is not yet created by Debian's highlight source package.
(See #529869)
* format: Provide a htmlizefallback hook that other plugins can use
to handle formats that are not suitable for general-purpose
htmlize hooks. Used by highlight.
* Fix test suite to not rely on an installed copy of ikiwiki after
underlaydir change. Closes: #530502
* Danish translation update. Closes: #530877
Changes:
2.1.1:
Add additional size checks for images.
Added support for css colors of the form rgb(255, 255, 255).
Added the 'nop' keybinding (nop = NO_OPERATION; cancels a default hook).
Added 'stop' key action (not bound by default).
Reduced 'warning: ignoring return value of ...'
2.1:
Implemented basic CSS infrastructure!
Read user style from ~/.dillo/style.css.
Added configurable keybindings! (in ~/.dillo/keysrc)
Implemented "search previous" in string searches.
Ported the command line interface from dillo1
Set middle click to submit in a new TAB. (Helps to keep form data!)
Implemented Basic authentication!
Implemented a close-tab button for the GUI.
Implemented a tools menu.
Added dillo(1) man page.
Added "font_max_size", "font_min_size" dillorc options.
Added instant client-side redirects (aka. zero-delay META refresh).
Proxy support for HTTPS.
Updated the URL resolver to comply with RFC-3986.
Fixed Bookmarks modify's HTML so it wraps nicely on handhelds.
Made cookierc parsing more robust.
Fix: recover page focus when clicking outside of a widget.
Added support for the Q element. BUG#343
Added a right-click menu to form controls (show hiddens, submit, reset)
Added the "http_language" dillorc option for setting HTTP's Accept-Language.
Replace image loading button and page menu option with a tools menu option.
Implemented the "overline" text-decoration.
Enhanced and cleaned up text decorations for SUB and SUP.
Added "View Stylesheets" to the page menu.
System config files have moved to sysconfdir/dillo/
Allowed compilation with older machines by removing a few C99isms.
Switched SSL-enabled to configure.in (./configure --enable-ssl).
Removed redundant caller NULL checks already in the API.
Added use of inttypes.h when stdint.h isn't found.
Made the parser recognize "[^ ]/>"-terminated XML elements.
Brought in Sebastian's CSS parser from dillo-0.8.0-css-3.
Support CSS @import directive.
Improved CSS selector matching performance using hash tables.
Added support for descendant and child selectors.
Support selector specificity.
Replace bg_color dillorc option.
Remove text_color, link_color, and force_my_colors dillorc options.
Replace visited_color dillorc option.
Allow negative values for specific CSS properties only.
Disable negative margins for now as dw/* does not support them yet.
Disable form widgets while stylesheets are loading.
Implement --xid command line option (used by claws mail client).
Added the "middle_click_drags_page" dillorc option.
Set the File menu label to hide when the File menu-button is shown.
Made a big cleanup of cache.c WRT charset decoding (fixes bugs).
Made an extensive cleanup/fixup of the whole image handling process.
Fixed handling of META's content-type with no MIME type (e.g. only charset).
Added support for a quoted URL in META refresh.
Updated the GPL copyright note in the source files.
from 0.09 to 0.10
Adjusting dependencies
Upstream changes:
0.10 Tue Jul 7 13:00:27 CEST 2009
- Depend on a recent Store::Delegate for the NEXT -> MRO::Compat
switch.
Upstream changes:
1.19 2009-06-29 00:36:50
- Update Module::Install to a version that doesn't screw up
auto_install anymore (Closes: RT#45784).
- Generate Makefile.PLs with unix-paths, even on windows (Closes:
RT#46059).
to 0.24
Upstream changes:
0.24 Mon Jun 29 2009
- Add an __ENV(foo)__ macro + tests (Stuart Watt)
- Document CATALYST_CONFIG_LOCAL_SUFFIX and MYAPP_LOCAL_CONFIG_SUFFIX
much better (Louis Erickson)
- Fix so that having CATALYST_CONFIG_LOCAL_SUFFIX set in $ENV{} doesn't
cause the tests to break.
Adjusting dependencies
Upstream changes:
5.80007 2009-06-30 23:54:34
Bug fixes:
- Don't mangle query parameters passed to uri_for
- Tests for this (Byron Young + Amir Sadoughi)
- Inherited controller methods can now be specified in
config->{action(s)}
- Assigning an undef response body no longer produces warnings
- Fix C3 incompatibility bug caused if you use Moose in MyApp.pm and
add Catalyst to the right hand side of this in @ISA.
- Make Catalyst.pm implement the Component::ApplicationAttribute
interface so defining actions in MyApp.pm works again, if the
actions have attributes that cause $self->_application to be used
(like ActionClass).
New features:
- Add optional second argument to uri_with which appends to existing
params rather than replacing them. (foo=1 becomes foo=1&foo=2 when
uri_with({ foo => 2 }, { mode => 'append' }) is called on a foo=1
URI.
5.80006 2009-06-29 23:37:47
Bug fixes:
- Revert change to URL encode things passed into $c->uri_for
Args and CaptureArgs as this causes breakage to pre-existing
applications.
- Remove use of Test::MockObject as it doesn't install from CPAN
in some environments.
- Remove use of dclone to deep copy configs and replace with
Catalyst::Utils::merge_hashes which has the same effect, of
ensuring child classes don't inherit their parent's config,
except works correctly with closures.
- Add Class::C3::reinitialize into Catalyst::Test to avoid weird
bugs in ctx_request (bokutin in RT#46459)
- Fix issues with _parse_PathPrefix_attr method in Catalyst::Controller
(jasonk in RT#42816)
- Fix bugs with action sorting:
- Path actions sorted so that the most specific wins.
- Action methods named default and index fixed.
New features:
- Use ~ as prefix for plugins or action classes which are located in
MyApp::Plugin / MyApp::Action (mo)
- Controller methods without attributes are now considered actions if
they are specified in config->{action(s)} (mo)
- Add Catalyst::Component::ContextClosure as an easy way to create code
references, that close over the context, without creating leaks.
Refactoring / cleanups:
- Clean namespaces in Catalyst::Exception*.
- Turn Catalyst::Exception into an actual class and make the throw
method create instances of it. They can still be used as normal
strings, as before, as they are overloaded to stringify to their
error message.
- Add a rethrow method to Catalyst::Exception.
- Add Catalyst::Exception::Detach and ::Go, and refactor detach() and
go() to use them instead of magic, global strings.
Fixes RT#47366
- Clean up getting metaclass instance and making app class immutable
again in Catalyst::Test
to 0.11 and adjusting license according to META.yml
Upstream changes:
0.11 2009-06-28 19:29:16
- Update Module::Install to 0.87 to unbreak auto_install.
No functional changes.
0.10012 to 0.10013
Upstream changes:
0.10013 Fri Jun 19 16:08:00 BST 2009
- Add a username_field config item to ::Credential::Remote
(Nigel Metheringham)
- Die with a useful error message if we are about to try to restore
a user from a realm which does not exist. (t0m)
meta-data (dependencies, master site).
Upstream changes:
0.24 2009-06-23
- Be more paranoid about getting values of $c->req to avoid issues
with old Test::WWW::Mechanize::Catalyst.
- Check we have a modern version of TWMC before doing the tests which
need it.
0.23 2009-06-16
- Add the verify_user_agent config parameter (kmx)
- Add a test case to prove that logging in with a session cookie still
causes a new cookie to be issued for you, proving that the code is
not vulnerable to a session fixation attack. (t0m)
and set license to ${PERL5_LICENSE} as well as correcting dependencies.
Upstream changes:
- The only change since December was I removed a reference to File::Slurp
- Updated package for p5 module Template::Toolkit from 2.20 to 2.21
- Set license to perl license according to META.yml
- Adjusting dependencies according to META.yml
Upstream changes:
#-----------------------------------------------------------------------
# Version 2.21 - 30th June 2009
#------------------------------------------------------------------------
* Fixed a PRE_CHOMP bug that left \r characters lying around when
confronted with templates with DOS \r\n line endings.
https://rt.cpan.org/Ticket/Display.html?id=43345
* Applied patch from Bradley Baetz to fix defblock #line numbers
http://rt.cpan.org/Public/Bug/Display.html?id=47024
#-----------------------------------------------------------------------
# Version 2.20_4 (2.21 candidate) - 21st May 2009
#------------------------------------------------------------------------
* Added the even(), odd() and parity() methods to Template::Iterator to
assist in making zebra tables.
* Removed a post-5.6 perlism in Template::Context that broke on 5.6.2
https://rt.cpan.org/Ticket/Display.html?id=46250
* Replaced a whole bunch of UNIVERSAL::isa() calls with blessed/isa
* Applied a patch from Norbert Buchm"uller to prevent the #line markers
from being whitespaced away from the first column.
https://rt.cpan.org/Ticket/Display.html?id=46269
* Applied a patch from Denis F. Latypoff to fix uri/url filters with
utf8 text
https://rt.cpan.org/Ticket/Display.html?id=41173
#-----------------------------------------------------------------------
# Version 2.20_3 (2.21 candidate) - 20th May 2009
#------------------------------------------------------------------------
* Fixed the XS Stash to compile properly in threaded Perls.
https://rt.cpan.org/Public/Bug/Display.html?id=46240
* Applied a patch to the XS Stash from Alexey A. Kiritchun to make the
scalar.length vmethod work correctly with utf8 strings.
http://lists.tt2.org/pipermail/templates/2009-May/010803.html
#-----------------------------------------------------------------------
# Version 2.20_2 (2.21 candidate) - 17th May 2009
#------------------------------------------------------------------------
* Applied a patch to Template::Test from Andrew Ford to make it skip
properly.
http://lists.tt2.org/pipermail/templates/2009-March/010678.html
* Changed the ttree -v/--verbose option so be less verbose and only
report on things that have changed. To make it more verbose (like
previous versions), add a second -v/--verbose flag, e.g.
$ ttree -v -v
* Also added the --summary option to tree to print a summary of what it
did, and the --color/--colour option to make it print its verbose
messages in colour (on ANSI terminals).
* Applied a ttree patch from Lyle Brooks to allow ttree to accept a
directory name as a command line argument.
* Added the define_view() and define_views() method to Template::Context
and added the VIEWS option to pre-define views when the Template object
is created. Thanks to Timmy Chan for providing the groundwork on this.
http://lists.tt2.org/pipermail/templates/2009-April/010689.html
* Retrospectively fixed the Changes for 2.20 to mention the ttree
--encoding option.
* Applied a patch from Chisel Wright, changing uses of UNIVERSAL::can()
to use blessed() and ->can().
http://lists.tt2.org/pipermail/templates/2009-May/010790.html
* Fixed a memory leak in the XS Stash introduced in 2.20.
Thanks to Breno G. de Oliveira for reporting the problem and helping to
narrow it down.
https://rt.cpan.org/Public/Bug/Display.html?id=46058
#------------------------------------------------------------------------
# Version 2.20_1 (2.21 candidate) - 7th April 2009
#------------------------------------------------------------------------
* Deleted all the old HTML documentation (now available separately from
http://tt2.org/download/index.html#html_docs), examples, libraries and
other cruft that was way out of date and badly unloved.
* Tweaked Template::Parser to work better with the ANYCASE option. It
now knows that anything following a dotop cannot be a keyword so that
you can write data.last without the 'last' bit being interpreted as the
LAST keyword. Thanks to Sean McAfee for the post that inspired it.
http://lists.tt2.org/pipermail/templates/2008-September/010462.html
* Fixed a broken test for Apache::Util in the html_entity filter. Added
the use_html_entities() and use_apache_util() class methods to
Template::Filters to allow end-user selection of one or the other.
http://rt.cpan.org/Public/Bug/Display.html?id=40870http://template-toolkit.org/svnweb/Template2/revision/?rev=1177
* Tweaked Template::Context to recognise Badger::Exception objects and
convert them to Template::Exception objects. This is a temporary
measure to keep things working during the transition to Badger-based
modules.
* Added the STRICT option which will cause the stash to throw an
exception on encountering an undefined value. Thanks to Ben Tilly
for the prod.
* Applied a patch to Template::Iterator from Jonathon Padfield to make
get_all() do the right thing if get_first() hasn't been called.
* Applied a patch to Template::Stash::Context from Ben Tilly to make
it easier to subclass.
* Applied a patch from Robin Berjon to add the xml filter.
- Updating package for p5 module LWP from 5.826 to 5.828
Upstream changes:
2009-06-25 Release 5.828
A quick new release to restore compatiblity with perl-5.6.
Gisle Aas (4):
Less noisy behaviour when we can't download the documents
Restore perl-5.6 compatiblity [RT#47054]
Don't decode US-ASCII and ISO-8859-1 content
Some versions of Encode don't support UTF-16-BE [RT#47152]
Ville Skytt"a (1):
Spelling fixes.
2009-06-15 Release 5.827
The main news this time is better detection of what character set the document
in a response uses and the addition of the lwp-dump script that I found useful.
Gisle Aas (31):
Added lwp-dump script
Replace calls to $req->url with $req->uri
Also need to encode strings in the latin1 range
Ignore the value set for file inputs [RT#46911]
Add docs to lwp-dump
Don't let lwp-dump follow redirects
Support --method options
Implement the --agent option
Dictionary order for the option docs; document --method
Merge branch 'dump'
Files are passed as an array and we must not stringify it.
Add content_charset method to HTTP::Message
Start guessing the charset for a message
Let content_charset guess the charset to use for decoded_content
Specify what's missing for the XML and HTML case
Provide charset parameter for HTML::Form->parse()
Make content_charset sniff for <meta> elements specifying the charset.
Determine charset of XML documents
Get rid of the _trivial_http_get() implementation
Update the bundled media.types file
LWP::Simple::get() now returns decoded_content [RT#44435]
Implement content_type_charset method for HTTP::Headers
Implement content_is_text method for HTTP::Headers
Make use of content_is_text and content_type_charset in decoded_content
Don't let the parse_head callback append to the HTTP headers
Don't set Range header on request when max_size is used [RT#17208]
Still show client headers for internal responses
Document Client-Warning: Internal response
Don't use 'no' as example domain for no_proxy docs [RT#43728]
Drop exit from the Makefile.PL [RT#43060]
Merge branch 'content_charset'
Alex Kapranoff (1):
Support "accept-charset" attribute in HTML::Form
Mark Stosberg (1):
new tests for max_size and 206 responses [RT#46230]
murphy (1):
Reformulation of Client-Warning: Internal documentation
- Updating package for p5 module HTML::Parser from 3.60 to 3.61
- Setting LICENSE=${PERL5_LICENSE} according to META.yml
Upstream changes:
2009-06-20 Release 3.61
Gisle Aas (2):
Test that triggers the crash that Chip fixed
Complete documented list of literal tags
Chip Salzenberg (1):
Avoid crash (referenced pend_text instead of skipped_text)
Antonio Radici (1):
Reference HTML::LinkExttor [RT#43164]
as dependency of scheduled update of databases/p5-Catalyst-Model-DBIC-Schema.
Adds a "COMPONENT" in Catalyst::Component method to your Catalyst component
base class that reads the optional traits parameter from app and component
config and instantiates the component subclass with those traits using
"new_with_traits" in MooseX::Traits from MooseX::Traits::Pluggable.
- Bug 2682: Add ftp_epsv control to disable EPSV support.
- Bug 2665: Detach automake system from using -I.
- Bug 2395: FTP auth errors not displayed
- ... also several changes and bugs closed in 3.0.STABLE16
- Port from 2.7: Show local address on listening sockets
- Add "tag" type acl matching tags set by external acl helpers.
- Adds Language alias linker/installer/upgrade scripts
- Support for GCC 4.4
- Fix false NAT lookup errors on Linux
- Fix many Windows port issues
- Fix squid_kerb_auth helepr install location
- Better detection of IPv6 stack types
- Updates Licensing information for Squid 3.1
- ... and many packaging portability build and install issues
1.) Allow individual "squid*" packages to register an extra target that
is run before the common "post-install" target.
2.) Use a much simpler logic to figure out what files get installed into
"share/squid/errors" and "share/squid/icons".
Tested with the "squid27" and the "squid31" package.
From release announce.
-----------------------------------------------------------------------
Dear TYPO3 users,
we are announcing the release of the following TYPO3 updates:
- TYPO3 4.2.8
- TYPO3 4.1.12
- TYPO3 4.0.13
All versions are maintenance releases and contain only bugfixes
and minor security improvements (no critical fixes of vulnerabilities).
Notice: Due to a bug which was reported to us short after the release of
TYPO3 versions 4.1.11 and 4.2.7, we stopped the release of the
announcement and prepared new versions that fix this (minor) issue.
TYPO3 4.0.13 which was already released yesterday was not affected by
this bug.
For details about the release, visit the following websites:
http://wiki.typo3.org/TYPO3_4.2.8http://wiki.typo3.org/TYPO3_4.1.12http://wiki.typo3.org/TYPO3_4.0.13
(This is a leaf package.)
Changes to squid-3.0.STABLE16 (15 Jun 2009):
- Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
- Bug 2481: Don't set expires: now in generated error responses
- Bug 2387: The calculation of the number of hash buckets correctly
- Fix infinite loop in MSNT auth helper
- Fix FD_SETSIZE on FreeBSD
- Fix stripping NT domain in squid_ldap_group
- Fix RADIUS auth helper build
- Add Translate: and Unless-Modified-Since: headers to known list
- Make fakeauth handle NTLMv2 better
- Better Kerberos support detection
- Several Widows port fixes
Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
- Bug 1148: Ported from 3.1: Chunked Transfer Encoding
- Bug 2648: NTLM helpers not shutting down when deferred
It was accidently deleted by previous commit.
Also stop using PLIST.common_end here.
It should fix some bulk problem of squid27/squid30/squid31 packages.
Version 2.7.2 (2009-06-25)
--------------------------
- Improved navigation skip links (#815)
- Fixed a few PHP 5.3 compatibility issues (#783, #785, #786)
- Fixed issue with wrong duplicate newsletter recipient warning (#769)
- Fixed issue with files with special characters not being downloadable (#816)
- Fixed issue with date calculation in "edit multiple" mode (#809)
- Fixed issue with revision date not being set in "edit multiple" mode (#793)
- Fixed issue with news pagination menu not showing (#760)
- Fixed issue with news author notifications not working (#806)
- Fixed issue with "checkCredentials" hook (#811)
- Fixed a few minor issues
Security fixes in this version:
MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.17/
* Remove pkglint warnings.
* Add PRINT_PLIST_AWK.
Some additons to Changelog.
* Japanese translation files' directory name is corrected.
* Korean translation files are added.
Changelog
=========
Since 1.4.1
-----------
- bugfix: Error when adding contacts when DEBUG mode is off and All workspace is selected
- bugfix: Tasks showed due date instead of start date
- bugfix: When editing an event on the 31st of a month it appeared on the 1st of the month
- bugfix: An error when making backups.
- bugfix: 'Number of tasks to display' config option fixed.
- bugfix: When creating a user from a contact it wasn't being assigned to the contact
- usability: Language selection displayed in alphabetical order
- usability: Custom properties are no longer truncated.
- langs: Updated translations
- Updating package of p5 module Catalyst::Component::ACCEPT_CONTEXT
from 0.06 to 0.07
- Use Module::Install as module type
- Adjusting license according to META.yaml
Upstream changes:
0.07 11 June 2009
Fix tests with Catalyst 5.80005
- Updating package for p5 module Catalyst::Plugin::Authentication
from 0.10011 to 0.10012
- Adjusting license according to META.yaml
- Use Module::Install as module type
Upstream changes:
0.10012 Sat Jun 6 10:58:43 BST 2009
- Add Catalyst::Authentication::Credential::Remote which authenticates you
directly from environment variables passed by your web server. This
allows the use of SSL client certificates, NTLM, or just basic/digest
auth done at the web server level to be used to authenticate users
to your Catalyst application (kmx)
- Tests for this
- Change ->config invocations to be best practices (t0m)
- Note about session auto-vification even when use_session is set
to false (robert).
- Note about how a realms key used to be needed to unconfuse people
running an old version, but browsing the docs on search.cpan (ruoso)
- Updating package of p5 module Catalyst::Devel from 1.17 to 1.18
- Adjusting dependencies according to META.yaml
Upstream changes:
1.18 2009-06-10 17:43:12
- The forking restarter was not waiting for the child to exit,
which could lead to a race condition. If the old child did
not exit before the new child tried to bind to its socket,
it would find the old child blocking the port it wanted.
- More fixes for the Win32 restarter. It was effectively
ignoring all command-line options except those related to
the restarter itself.
- Updating package of p5 module Catalyst::Runtime from 5.80004 to 5.80005
- Adjusting license and dependencies according to META.yaml
Upstream changes:
5.80005 2009-06-06 14:40:00
Behaviour changes:
- Arguments ($c->req->args) in Chained dispatch are now automatically
URL decoded to be consistent with Local/Path dispatch (Caelum)
Documentation:
- Clarify correct techniques for Moose controllers (domm)
Bug fixes:
- Further change pushing 'env' attribute down into Catalyst::Engine
to make $c->engine->env work in all cases (kmx)
- Also fix $c->engine->env in Catalyst::Test tests (kmx)
- Tests for this (t0m)
- Fix Catalyst failing to start if any plugin changed $_ whilst
loading (t0m)
- Tests for this
- Be stricter about arguments to Args attributes for Chained actions,
so that they blow up on load instead of causing undefined behavior
later on (hdp)
- Tests for this
- Prefer Path actions with a smaller (or set) number of Args (caelum)
Bug reported here: http://stackoverflow.com/questions/931653/catalyst-action-that-matches-a-single-file-in-the-root-directory/933181#933181
- Tests for this
New features:
- Add $c->req->remote_user to disambiguate from $c->req->user (dwc)
- Require MooseX::MethodAttributes 0.12 so that action methods
(with attributes) can be used in / composed from Moose roles.
- Allow the generation of cookies with the HTTPOnly flag set
- Updating package of p5 module for Catalyst::Manual from 5.7021 to 5.8000
- Setting license to ${PERL5_LICENSE} according to META.yaml
Upstream changes:
5.8000 27 May 2009
- Tutorial:
- Update for Catalyst 5.80
- Update to "depluralize" the database names (big thanks to Kiffin Gish!)
- Switch back to including numbers in chapter names (for proper sorting)
- Add section to Ch 4: "Moving Complicated View Code to the Model"
- Add section to Ch 3: "RenderView's 'dump_info' Feature"
- Misc fixes and updates (thanks to Anne Wainwright)
- Other:
- Add some 5.8 and Moose-specific material to the new CatalystAndMoose.pod
(thanks to t0m and Sebastian Willert)
- Updating package of p5 module for HTTP::Proxy from 0.22nb1 to 0.23
- Adjusting module type to Module::Build
- Setting license to ${PERL5_LICENSE} accroding to Makefile
Upstream changes:
0.23 Thu Sep 4 02:29:47 CEST 2008
[ENHANCEMENTS]
- HTTP::Proxy::BodyFilter::save had an issue with cygwin because
of an incorrect use of File::Spec's catdir(). This is fixed.
- CONNECT requests are now forwarded to the upstream proxy, if there
is one. Errors from the upstream proxy are relayed to the client.
[TESTS]
- t/23connect.t does not use sysread() anymore. This time the test
should pass about everywhere.
- Updating package of p5 module HTTP::DAV from 0.35 to 0.38
- Setting license to explicit 'gnu-gpl-v2 # OR artistic' as specified
in module's documentation
Upstream changes:
v0.38 (released 2009/06/09):
* bug fixes
- Fixed RT #14506 (http://rt.cpan.org/Public/Bug/Display.html?id=14506),
about the missing get_lastresponse() method. It was a documentation bug.
- Fixed RT #29788 (http://rt.cpan.org/Public/Bug/Display.html?id=29788),
avoid file corruptions on Win32 when calling HTTP::DAV::get() method.
- Fixed RT #31014 (http://rt.cpan.org/Public/Bug/Display.html?id=31014),
probably already in v0.34, since it seems related to propfind() "depth" bug.
v0.37 (released 2009/03/24):
* bug fixes
- Fixed RT #44409 (http://rt.cpan.org/Public/Bug/Display.html?id=44409),
Small bug in HTTP::DAV::put(). Passing a reference as local content resulted
in the "SCALAR(0x12345678)" being logged instead of the real scalar.
v0.36 (released 2009/02/25):
* bug fixes
- Fixed RT #19616 (http://rt.cpan.org/Public/Bug/Display.html?id=19616),
LWP::UserAgent::redirect_ok() is not changed anymore. We're subclassing
it from HTTP::DAV::UserAgent and overriding redirect_ok() there.
- Fixed RT #42877 (http://rt.cpan.org/Public/Bug/Display.html?id=42877),
HTTP::DAV::UserAgent::credentials() has been modified to behave like
LWP::UserAgent::credentials(), otherwise basic authentication breakages
can occur.
- Fixed a problem with C<-depth> argument to C<HTTP::DAV::propfind()> that
could lead to massive performance degradation, especially when running
C<propfind()> against large folders.
C<-depth> was set to 1 even when passed as zero.
Changes since 0.4:
* Rack is now managed by the Rack Core Team.
* Rack::Lint is stricter and follows the HTTP RFCs more closely.
* Added ConditionalGet middleware.
* Added ContentLength middleware.
* Added Deflater middleware.
* Added Head middleware.
* Added MethodOverride middleware.
* Rack::Mime now provides popular MIME-types and their extension.
* Mongrel Header now streams.
* Added Thin handler.
* Official support for swiftiplied Mongrel.
* Secure cookies.
* Made HeaderHash case-preserving.
* Many bugfixes and small improvements.
* Fix directory traversal exploits in Rack::File and Rack::Directory.
* SPEC changes.
* New middleware Rack::Lock.
* New middleware Rack::ContentType.
* Rack::Reloader has been rewritten.
* Major update to Rack::Auth::OpenID.
* Support for nested parameter parsing in Rack::Response.
* Support for redirects in Rack::Response.
* HttpOnly cookie support in Rack::Response.
* The Rakefile has been rewritten.
* Many bugfixes and small improvements.
OpenGoo is an easy to use Open Source Web Office.
Manage tasks, documents, contacts, e-mail, calendar, and more...
Manage project progress, track time, and bill your customers.
Access all information from a single and elegant dashboard.
Communicate with co-workers, clients and vendors.
- Fixed several security issues:
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-31 XUL scripts bypass content-policy checks
MFSA 2009-30 Incorrect principal set for file: resources loaded via
location bar
MFSA 2009-29 Arbitrary code execution using event listeners attached
to an element whose owner document is null
MFSA 2009-28 Race condition while accessing the private data of a
NPObject JS wrapper class object
MFSA 2009-27 SSL tampering via non-200 responses to proxy
CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-25 URL spoofing with invalid unicode characters
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
- Fixed several stability issues.
- Several issues were reported with the internal database, SQLite, which
have now been fixed by upgrading to a newer version.
- Fixed an issue where, in some specific cases, the bookmarks database
would become corrupt. (bug 464486)
- Updating package of p5 module for CGI::Simple from 1.109 to 1.112
- Adjusting dependencies according to META:yaml
- Setting LICENSE=${PERL5_LICENSE} according to META.yaml
Upstream changes since 1.109:
1.110 2009-05-24
- Added missing test to manifest / distro.
- Added a test to ensure the manifest is consistent.
- Migrated to git.
1.111 2009-05-28
- Implemented Michael Nachbaur fixes for multipart form data
handling.
1.112 2009-05-31
- (thanks bingos) added missing IO::Scalar dependency.
- Updating package for p5 module Catalyst::Devel from 1.15 to 1.17
- using ${PERL_LICENSE} as license
- using Module::Install support to avoid cpan invoked for feature
installs
Upstream changes:
1.17 2009-05-24 18:18:17
- Catalyst::Restarter::Forking loaded the threads and
Thread::Cancel module, even though it doesn't need them.
1.16 2009-05-23 17:29:29
- Catalyst prereq changed to 5.80. Thanks, kold! (jhannah)
- Fixed the restarter to actually work on Win32. The fix means
that the restarter is as slow as ever on Win32, but it
works. Thanks to Rodrigo for the bug report and suggestion
on how to fix it. (Dave Rolsky)
- Actually fix -p option for port number, as I failed to do it
right last time as I'm an idiot (t0m)
Version 7.19.5 (18 May 2009)
Daniel Stenberg (17 May 2009)
- James Bursa posted a patch to the mailing list that fixed a problem with
no_proxy which made it not skip the proxy if the URL entered contained a
user name. I added test case 1101 to verify.
Daniel Stenberg (11 May 2009)
- Balint Szilakszi reported a memory leak when libcurl did gzip decompression
of streams that had some parts (legitimately) missing. We now provide and use
a proper cleanup function for the content encoding submodule.
http://curl.haxx.se/mail/lib-2009-05/0092.html
- Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth
at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12
If an incorrect password is given while loading a private key, libcurl ends
up in an infinite loop consuming memory. The bug is critical.
- I fixed the problem with doing NTLM, POST and then following a 302 redirect,
as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on
curl-library). The transfer was mistakenly marked to get more data to send
but since it didn't actually have that, it just hung there...
Daniel Stenberg (10 May 2009)
- Andre Guibert de Bruet correctly pointed out an over-alloc with one wasted
byte in the digest code.
Yang Tse (9 May 2009)
- Removed DOS and TPF package's subdirectory Makefile.am, it was only used
to include some files in the distribution tarball serving no other purpose.
Files from the DOS and TPF subdirectories are now included in the EXTRA_DIST
of the Makefile in the parent subdirectory.
Yang Tse (8 May 2009)
- Changed host name literal in several tests to one under the haxx.se domain.
- Renamed vc6 workspace and project files to avoid filename clash when used
for conversion to later VS versions.
Daniel Stenberg (8 May 2009)
- Constantine Sapuntzakis fixed bug report #2784055
(http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to
connect to SOCKS proxies when using the multi interface. It turned out to
almost not work at all previously. We need to wait for the TCP connect to
be properly verified before doing the SOCKS magic.
There's still a flaw in the FTP code for this.
Daniel Stenberg (7 May 2009)
- Made the SO_SNDBUF setting for the data connection socket for ftp uploads as
well. See change 28 Apr 2009.
Yang Tse (7 May 2009)
- Fixed an issue affecting FTP transfers, introduced with the transfer.c
patch committed May 4.
Daniel Stenberg (7 May 2009)
- Man page *roff problems fixed thanks to input from Colin Watson. Problems
reported in the Debian package.
- Vijay G filed bug report #2723236
(http://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with
libcurl's TFTP code and its lack of dealing with the OACK packet.
Yang Tse (5 May 2009)
- Fixed the --ftp-port address of test #251 to the CLIENTIP address, and
reverted the change affecting test suite harness committed 4 May.
Daniel Stenberg (5 May 2009)
- Inspired by Michael Smith's session id fix for OpenSSL, I did the
corresponding fix in the GnuTLS code: make sure to store the new session id
in case the previous re-used one is rejected.
Daniel Stenberg (4 May 2009)
- Michael Smith posted bug report #2786255
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
libcurl did not deal with SSL session ids properly if the server rejected a
re-use of one. Starting now, it will forget the rejected one and remember
the new. This change was for OpenSSL only, it is likely that other SSL lib
code needs similar fixes.
Yang Tse (4 May 2009)
- Applied David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and
non-ASCII platform HTTP requests" patch addressing two HTTP PUT problems:
1) On non-ASCII platforms not all of the protocol portions of the PUT are
being translated to ASCII. 2) On all platforms the line endings of part of
the protocol portions are mangled from CRLF to CRCRLF if data->set.crlf or
data->set.prefer_ascii are set (depending on CURL_DO_LINEEND_CONV).
- Applied David McCreedy's patch to fix test suite harness to allow test FTP
server and client on different machines, providing FTP client address when
running the FTP test server.
Daniel Fandrich (3 May 2009)
- Added and disabled test case 563 which shows KNOWN_BUGS #59. The bug
report failed to mention that a proxy must be used to reproduce it.
Yang Tse (2 May 2009)
- Use a build-time configured curl_socklen_t data type instead of socklen_t.
Yang Tse (1 May 2009)
- Applied David McCreedy's patches "TPF-platform specific changes to various
files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the
former with minor edits.
Daniel Stenberg (30 Apr 2009)
- I was going to fix issue #59 in KNOWN_BUGS
If the CURLOPT_PORT option is used on an FTP URL like
"ftp://example.com/file;type=A" the ";type=A" is stripped off.
I added test case 562 to verify, only to find out that I couldn't repeat
this bug so I hereby consider it not a bug anymore!
Daniel Stenberg (29 Apr 2009)
- Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219)
I've now made TFTP "connections" not being kept for re-use within libcurl.
TFTP is UDP-based so the benefit was really low (if even existing) to begin
with so instead of tracking down to fix this problem we instead removed the
re-use. I also enabled test case 1099 that I wrote a few days ago to verify
that this change fixes the reported problem.
Daniel Stenberg (28 Apr 2009)
- Constantine Sapuntzakis filed bug report #2783090
(http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows
we need to grow the SO_SNDBUF buffer somewhat to get really good upload
speeds. http://support.microsoft.com/kb/823764 has the details. Friends
confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough.
- Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim
Chen pointed out how curl couldn't upload with resume when reading from a
pipe.
This ended up with the introduction of a new return code for the
CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but
that libcurl may try to resolve the situation anyway. In our case this means
libcurl will attempt to instead read that much data from the stream instead
of seeking and that way curl can now upload with resume when data is read
from a stream!
Daniel Stenberg (26 Apr 2009)
- Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
interface and provided a patch that fixed the problem!
Daniel Stenberg (24 Apr 2009)
- Kamil Dudka fixed another NSS-related leak when client certs were used.
- Bug report #2779245 (http://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer
Koenig pointed out that the man page didn't tell that the *_proxy
environment variables can be specified lower case or UPPER CASE and the
lower case takes precedence,
Daniel Fandrich (21 Apr 2009)
- Added new libcurl source files to Amiga, RiscOS and VC6 build files.
Yang Tse (21 Apr 2009)
- Moved potential inclusion of system's malloc.h and memory.h header files to
setup_once.h. Inclusion of each header file is based on the definition of
NEED_MALLOC_H and NEED_MEMORY_H respectively.
Renamed libcurl's memory.h to curl_memory.h
Daniel Stenberg (20 Apr 2009)
- Leanic Lefever reported a crash and did some detailed research on why and
how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The
conclusion was that if an error is detected and Curl_done() is called for
the connection, ftp_done() could at times return another error code that
then would take precedence and that new code confused existing logic that
works for the first error code (CURLE_SEND_ERROR) only.
- Gisle Vanem noticed that --libtool would produce bogus strings at times for
OBJECTPOINT options. Now we've introduced a new function - my_setopt_str -
within the app for setting plain string options to avoid the risk of this
mistake happening.
Daniel Stenberg (17 Apr 2009)
- Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP
proxy. libcurl would then wrongly close the connection after each
request. In his case it had the weird side-effect that it killed NTLM auth
for the proxy causing an inifinite loop!
I added test case 1098 to verify this fix. The test case does however not
properly verify that the transfers are done persistently - as I couldn't
think of a clever way to achieve it right now - but you need to read the
stderr output after a test run to see that it truly did the right thing.
Daniel Stenberg (13 Apr 2009)
- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by Martin
Storsj
confusing as it set the method to either GET or HEAD. The example he showed
looked like:
curl_easy_setopt(curl, CURLOPT_PUT, 1);
curl_easy_setopt(curl, CURLOPT_NOBODY, 0);
The new way doesn't alter the method until the request is about to start. If
CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is
0 and the request happens to have been set to HEAD, it will then instead be
set to GET. I believe this will be less surprising to users, and hopefully
not hit any existing users badly.
- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
is found in Redhat's bug tracker:
https://bugzilla.redhat.com/show_bug.cgi?id=453612
There are still memory leaks present, but they seem to have other reasons.
Daniel Fandrich (11 Apr 2009)
- Added new libcurl source files to Symbian OS build files.
- Improved Symbian support for SSL.
Yang Tse (10 Apr 2009)
- Daniel Johnson improved the MacOSX-Framework shell script to now perform all
the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64
libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later.
Yang Tse (8 Apr 2009)
- Removed Sun compilers preprocessor block from curlbuild.h.dist, this also
removes it from the curlbuild.h file originally distributed by the cURL
project as this file is intended for systems not capable of running the
configure script. For those who have been building curl out of the source
code curl distribution tarball provided by curl.haxx.se the change implies
nothing. Previous change in this area committed 2 Apr becomes irrelevant.
Daniel Stenberg (6 Apr 2009)
- I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success
and 1 on fatal errors. Previously it only mentioned non-zero on fatal
errors. This is a slight change in meaning, but it follows what we've done
elsewhere before and it opens up for LOTS of more useful return codes
whenever we can think of them...
Yang Tse (2 Apr 2009)
- Fix curl_off_t definition for builds done using Sun compilers and a
non-configured libcurl. In this case curl_off_t data type was gated
to the off_t data type which depends on the _FILE_OFFSET_BITS. This
configuration is exactly the unwanted configuration for our curl_off_t
data type which must not depend on such setting. This breaks ABI for
libcurl libraries built with Sun compilers which were built without
having run the configure script with _FILE_OFFSET_BITS different than
64 and using the ILP32 data model.
Daniel Stenberg (1 Apr 2009)
- Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a
strdup() call failed.
Daniel Fandrich (31 Mar 2009)
- Properly return an error code in curl_easy_recv (reported by Jim Freeman).
Daniel Stenberg (18 Mar 2009)
- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
explicitly.
Daniel Stenberg (13 Mar 2009)
- Use libssh2_version() to present the libssh2 version in case the libssh2
library is found to support it.
Yang Tse (12 Mar 2009)
- Added missing Curl_read() return code checking in TELNET transfers.
- Pierre Brico found and fixed TELNET transfers not being aborted upon
a write callback failure.
Daniel Stenberg (11 Mar 2009)
- Kamil Dudka made the curl tool properly call curl_global_init() before any
other libcurl function.
Yang Tse (11 Mar 2009)
- Added missing TELNET timeout support for Windows builds. This issue was
reported by Pierre Brico.
Daniel Stenberg (9 Mar 2009)
- Frank Hempel found out a bug and provided the fix:
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
option. It only enabled the cookie engine in the destination handle if
data->cookies is not NULL (where data is the source handle). In case of a
newly initialized handle which just had the cookie support enabled by a
curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
still NULL because the setopt-call only appends the value to
data->change.cookielist, hence duplicating this handle would not have the
cookie engine switched on.
We also concluded that the slist-functionality would be suitable for being
put in its own module rather than simply hanging out in lib/sendf.c so I
created lib/slist.[ch] for them.
- Andreas Farber made the 'buildconf' script check for the presence of m4
scripts to make it detect a bad checkout earlier. People with older
checkouts who don't do cvs update with the -d option won't get the new dirs
and then will get funny outputs that can be a bit hard to understand and
fix.
Daniel Stenberg (8 Mar 2009)
- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.
- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
when the man pages state that GNUTLS_E_SUCCESS is returned on success and
other values indicate error conditions.
- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
problem. Nonetheless I modified the code to not rely on such particular
features and to not cause further raised eyebrowse with no good reason.
Daniel Fandrich (5 Mar 2009)
- Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using
applications.
Yang Tse (5 Mar 2009)
- Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This
issue was noticed by Chris Deidun.
Daniel Fandrich (4 Mar 2009)
- Fixed a problem with m4 quoting in the OpenSSL configure check reported
by Daniel Johnson.
Daniel Stenberg (3 Mar 2009)
- David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.
1. After cleaning up a dead connection, "continue" instead of
returning FALSE. This ensures that we clean up all dead connections,
rather than just cleaning up the first dead connection.
2. Move up the cleanup for dead connections so that it occurs for
all connections, rather than just the connections which have the same
preferences as our current new connection.
Changes:
- We found out that WebKitWebHistoryItems were being kept with a
reference count of 2 instead of 1 as they should; nobody should be
relying on that, but if you hit reference counting problems with
items you were creating yourself, this is for you.
- You can now copy images from the web page to the clipboard.
- Improvements were made to the Plugin handling code.
- Scroll events will now be correctly reported to web applications.
- You can now embed arbitrary widgets as if it was a plugin, with
the new "create-plugin-widget" signal.
- The atk_text_get_text_{at,after,before}_offset methods are now
implemented for all boundary types except LINE_AFTER and
LINE_BEFORE.
- The usual stream of minor fixes and improvements, as always.
4.07 Sun May 31 2009: - Balint Szilakszi <szbalint at cpan.org>
- Fixed >32bit integer option passing to libcurl on 32bit systems.
(Thanks to Peter Heuchert for the report and fix suggestion!)
- The CURL_CONFIG environment variable can now be used to specify
which curl-config to use (contributed by claes).
- Fixed segfault when a string option with setopt was set to undef
(contributed by claes).
- Fixed incomplete cleanup routine at destruction time
(contributed by claes).
- Readded Easy.pm and Share.pm stubs so that they are indexed by
CPAN, thus avoiding complications with outdated versions appearing.
+ Save the activation status of extensions
+ Catch and ignore mouse buttons meant for horizontal scrolling
+ Improve panel detaching and how panels handle it
+ Add a Feed Panel extension
+ Add a Fixed-width Font Family preference
+ Support spell checking
+ Implement (optional) Speed dial feature
+ Support nicer error pages with WebKitGTK+ 1.1.6
+ Implement middle click to open menu items in tabs
+ Implement -s, --snapshot command line switch
+ Use libnotify (runtime dependency) for finished transfers
+ Add a Go button to the address entry
+ Always append tabs opened via middle/ double click on the tab bar
+ Implement Open new pages in: New window preference
+ Implement inline find with direct '.' and '/' hotkeys
+ Add basic support for @-moz-document in user styles
This in turn makes the build of ap2-perl with apache22 fail.
The patches committed here make ap2-perl build again.
They may not be sufficient to actually use the package in earnest, though.
- Bug 2656: Pinger dies with general protection fault
- Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
- Bug 2648: Authentificator processes deferring and don't shutdown.
- Bug 2645: allow squid to ignore must-revalidate
- Bug 2644: auth scheme initialization is broken
- Bug 2632: Make number of reforwarding tries configurable
- Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
[This problem was reported for pkgsrc in PR pkg/41521.]
- Bug 2627: HTCP Logging
- Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
- Bug 2589: SNMP returning no data - wrong oid decoded
- Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
- Bug 2559: Problem parsing /0 and /0.0.0.0
- Bug 2404: WCCP in mask mode is broken
- ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
- Complete Interception multiple NAT support
- Add Content-Disposition to the known headers list.
- Make PEER_TCP_MAGIC_COUNT configurable
- Fix pinger install location
- Enable TPROXY v4 spoofing of CONNECT requests
- ... and much documentation and code polishing
Wed May 13 02:30:21 BST 2009 - surfraw 2.2.5
* Replaced scaleplus elvi with comlaw.
* rfc: use HTML for RFCs and BCPs.
* Support '--' to indicate end of options, so, for instance,
"sr google -g -- foo -bar" works.
* debpackages, debcontents: update ubuntu release names.
In brief:
46933: Update StringManager to use Java 5 features. Patch provided by Jens Kapitza. (markt)
46990: Fix synchronization issues reported by FindBugs. Patch provided by Sebb. (markt)
Allow huge request body packets for AJP13. (rjung)
Manager application prints FAIL if application was deployed but failed to start (fhanik)
When shutdown port is disabled, print user friendly message and not a stack trace. (fhanik)
The invoker servlet has been deprecated and will be removed in Tomcat 7 onwards. (markt)
45154 Implement SEND_FILE behavior for SSL connections using NIO (fhanik)
For full details see:
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
Firefox 2.0.0.20 includes an additional security fix over Firefox 2.0.0.19 for
users of the Windows platform.
So no significant changes for Linux edition, but 2.0.0.19 is not available.
* Make SAML authentication assertion and Lasso session available in the
environement.
* Autogeneration of SP metadata. (Requires Lasso 2.2.2 or newer.)
* Multiple IdP support, with discovery service.
* Built in discovery service which tests the availability of each IdP,
and uses the first available IdP.
* Fix a mutex leak.
* MellonSecureCookie option, which enables Secure + HttpOnly flags on
session cookies.
* Better handling of logout request when the user is already logged out.
NetBSD Packages Collection.
Apache2::AuthCASSimple is an authentication module for Apache2/mod_perl2.
It allows you to authenticate users through a Yale CAS server. Users
do not need to log in if they are already authenticated by the CAS
server, only tickets are exchanged between Web client, Apache2
server and CAS server. If they are not yet authenticated, they will
be redirected to the CAS server login form.
You may want to run ikiwiki-transition deduplinks my.setup after
upgrading to this version of ikiwiki. This command will optimise
your wiki's saved state, removing duplicate information that can
slow ikiwiki down.
* ikiwiki-transition: If passed a nonexistant srcdir, or one not
containing .ikiwiki, abort with an error rather than creating it.
* Allow underlaydir to be overridden without messing up inclusion
of other underlays via add_underlay.
* More friendly display of markdown, textile in edit form selector (jmtd)
* Allow curly braces to be used in pagespecs, and avoid a whole
class of potential security problems, by avoiding performing
any string interpolation on user-supplied data when translating
pagespecs.
* ikiwiki-transition: Allow setup files to be passed to all subcommands
that need a srcdir.
* ikiwiki-transition: deduplinks was broken and threw away all
metadata stored by plugins in the index. Fix this bug.
* listdirectives: Avoid listing _comment directives and generally
assume any directive starting with _ is likewise internal.
* Re-enable python-support and add python:Depends to control file.
* ikiwiki-makerepo: Avoid using abs_path, as it apparently fails
on nonexistant directories with some broken perl versions.
* inline: Minor optimisation.
* add_link: New function, which plugins should use rather than
modifying %links directly, to avoid it accumulating duplicates.
* ikiwiki-transition: Add a deduplinks action, that can be used to
remove duplicate links and optimise a wiki w/o rebuilding it.
* external: Fix pagespec_match and pagespec_match_list. Closes: #527281
- Updating package for p5 module URI from 1.37nb1 to 1.38
- Adjusting dependencies according to META.yml
Upstream changes:
2009-05-27 Gisle Aas <gisle@ActiveState.com>
Release 1.38
Ville Skytt"a (3):
Spelling fixes.
Tatsuhiko Miyagawa (1):
skip DNS test if wildcard domain catcher (e.g. OpenDNS) is there
Gisle Aas (1):
Avoid "Insecure $ENV{PATH} while running with -T switch" error with perl-5.6.
Inspirerd by PR#39887.
Pkgsrc changes:
* Allow NetBSD>=5 cuurses
* LICENS=gnu-gpl-v2
Changes:
i(not available for 1.5.11, but it seems small changes).
Version 1.5.10 released
2008-07-28, 09:40 GMT
- shift+t now force reloads a selected feed, ignoring the last modified value
- Added a lot of OpenBSD supplied patches (Martynas Venckus)
- net-support.c: HTTP header only needs to be ASCII in the token
- conversions.c: Determine output charset with nl_langinfo()
- xmlparse.c: Convert feed title to target charset, too. Should probaly be in interface.c
- main.c, interface.h, interface.c: Add a signal handler for resizing to work on many other ncurses implementations
* Added a more reliable HTTP request class
* Added the "name" attribute to the FormSubmit widget (#702)
* Added automatic capitalization to the glossary module (#697)
* Added option to disable the table wizard cell magnifier (#716)
* Moved template "mod_message" to the front end module (#703)
* Fixed issue with mandatory password fields not being shown (#693)
* Fixed issue with "checkCredentials" hook only being executed once (#728)
* Fixed issue with insert tag "iflng" being cached (#707)
* Fixed issue with error pages sending the wrong redirect header(#749)
* Fixed issue with special characters in news links not being encoded (#747)
* Fixed issue with news pagination menu being calculated wrongly (#704)
* Fixed issue with aliases not being case-sensitive (#752)
* Fixed broken "shortened view" of the event list module (#694, #153)
* Fixed a couple of misspellings in the german translation (#701)
* Fixed a few issues with the new 2-column layout
* Fixed a few minor issues
Rehsack. apr1 is no longer an option; that's just the way it is.
Version 1.6.2
(09 May 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.2
User-visible changes:
* vastly improve memory usage with 'svn merge' (issue #3393)
* make default depth for merge 'infinity' (r37156)
* make 'status --quiet' show tree conflicts (issue #3396)
* allow '--set-depth infinity' to expand shallow subtrees (r37169)
* return an error if attempting to reintegrate from/to the repo root (r37385)
* don't store bogus mergeinfo for '--ignore-ancestry', foreign merges (r37333)
* don't allow merge of difference between two repos (r37519)
* avoid potential segfault with subtree mergeinfo (r36613, -15, -31, -41)
* recommend sqlite 3.6.13 (r37245)
* avoid unnecessary server query for implicit mergeinfo (r36509)
* avoid unnecessary server query during reverse merges (r36527)
* set depth=infinity on 'svn add' items with restricted depth (r37607)
* fixed: commit log message template missing paths (issue #3399)
* fixed: segfault on merge with servers < 1.6 (r37363, -67, -68, -79)
* fixed: repeat merge failures with non-inheritable mergeinfo (issue #3392)
* fixed: another memory leak when performing mergeinfo-aware merges (r37398)
* fixed: incorrect mergeinfo on children of shallow merges (issue #3407)
* fixed: pool lifetime issues in the BDB backend (r37137)
Developer-visible changes:
* don't fail if an embedding app has already initialized SQLite (issue #3387)
* resolve naming collisions with static stat() function in svnserve (r37527)
* fix an expectation for a failing dirent windows test (r37121)
Version 1.6.1
(10 Apr 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.1
User-visible changes:
* recommend Neon 0.28.4. (r36388)
* improve performance of 'svn merge --ignore-ancestry' (r36256)
* improve 'svn merge' performance with subtree mergeinfo (r36444)
* correctly proxy LOCK and UNLOCK requests (r36159)
* prevent a crash when updating old working copies (r36751)
* don't let svnmerge.py delete a nonexistent property (r36086, -767, -769)
* don't fail when upgrading pre-1.2 repositories (r36851, -7)
* allow escaping of separator characters in autoprops (r36763, -84)
* improve tempfile creation robustness on Windows (r36442, -3)
* fix change-svn-wc-format.py for 1.6.x working copies (r36874, -5)
* improve configure's detection of Berkeley DB (r36741, -2)
* don't allow foreign merges to add foreign mergeinfo (issue #3383)
* improve performance of 'svn update' on large files (r36389, et. al.)
* fixed: error leak and potential crash (r36860)
* fixed: parent directory handling on Windows (r36049, -50, -51, -131)
* fixed: unintialized memory errors (r36252, -3)
* fixed: potential working copy corruption (r36714)
* fixed: working copy upgrade error (r36302)
* fixed: pointer dereference error (r36783)
* fixed: error diff'ing large data with ignored whitespace (r36816)
* fixed: potential hang in ra_serf (r36913)
* fixed: problem with merge and non-inheritable mergeinfo (r36879)
* fixed: repeated merging of conflicted properties fails (issue #3250)
* fixed: excluding an absent directory segfaults (issue #3391)
Developer-visible changes:
* ensure svn_subst_translate_cstring2() properly flushes data (r36747)
* make serf report a base checksum to apply_textdelta (r36890)
* syntax updates for strict C89 compilers (r36799)
* update RPM scripts for RHEL4 (r36834)
* allow tests to be run with Python 2.6.1 on Windows (r36149, -50, -51, -56)
* allow building JavaHL with Visual Studio 2008 (r36954)
* stop setting default translation domain in JavaHL (r36955)
* fixed: warning with Python 2.6 and ctypes bindings (r36559)
* fixed: undefined references to svn_fs_path_change2_create() (r36823)
Version 1.6.0
(20 Mar 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.0
User-visible changes:
- General:
* Now require Windows 2000 or newer on Windows (r33170)
- Major new features:
* identical files share storage space in repository (issue #2286)
* file-externals support for intra-repository files (issue #937)
* "tree" conflicts now handled more gracefully (issue #2282, #2908)
* repository root relative URL support on most commands (issue #3193)
- Minor new features and improvements:
* pre-lock hook can now specify lock tokens via stdout (r32778)
* svnmucc: support '--with-revprop' (r29492)
* merge: log include-descendants in operational log (r30426, r30428)
* improved operational logging for 'svn switch' (r30517)
* new 'Header' keyword, similar to 'Id' but with full URL (r35386)
* warn/disallow when storing plain-text passwords (r31046)
* support KWallet and GNOME keyring for password storage (r31241, -337)
* client now caches SSL client cert passphrases (issue #2489)
* add '--prefix-file' option to 'svndumpfilter' (issue #2697)
* add '--ignore-externals' option to 'svn cp' (issue #3365)
* add '--with-no-revprops' to 'svn log' (issue #3286)
* new 'svnadmin pack' command to compress FSFS filesystems
* new SVNAllowBulkUpdates mod_dav_svn directive (issue #3121)
* new public mod_dav_svn URI syntax: path?[p=PEG][&r=REV] (r34076)
* new 'svnsync info' command to show synchronization information (r35053)
* conflict resolver supports display-conflict, mine-conflict and theirs-conflict
- Client-side bugfixes:
* faulty reflexive merges (issue #2897)
* buffer overflow on a 0 byte string buffer (r35968, -74)
* conflict resolver needed more useful 'diff' option (issue #3048)
* disable username assumption (issue #2324)
* more accurate usage message for 'svn log' (r30449)
* do not repeat merge if target has explicit mergeinfo (issue #2821)
* corruption when filtering self-referential mergeinfo (r30467)
* filter empty mergeinfo with self-referential mergeinfo (r30510)
* pay attention to partial replay from the server in svnsync (r30440)
* improved property name handling in svnsync (r30480)
* properly recognize the file:/// in repository with svnsync (r30482)
* svn+ssh SIGKILLs ssh processes (issue #2580)
* 'svn up'/'svn co' early abort with svn:externals (issue #3148)
* improve tempfile names for conflict resolver (issue #3166)
* ra_serf: 'svn merge' aborts (issue #3212)
* 'svn cleanup' failed on non-ASCII characters (issue #3313)
* 'svn update' fails on moved, modified file with local mods (issue #3354)
* easier use of NTLM for proxy with ra_neon (r29874)
* 2-url merge from DAV-accessed foreign repo makes bad wcprops (issue #3118)
* can't add .svn (and children) to your wc via '--parents' (r35819)
* improved performance removing unversioned directories (r36111)
* 'svn cp --parents' had path URL encoding issues (issue #3374)
* support shell quoting rules in externals definitions (issue #2461)
* new SVN_LOCALE_DIR environment variable for localization (issue #2879)
* scheme and domain name in urls handled case insensitive (issue #2475)
* merge: pick default revisions with peg revision in single url (r30455)
* many other minor bugfixes, optimizations, plugs of memory leaks, etc
- Server-side bugfixes:
* mod_dav_svn runs pre-revprop-change twice (issue #3085)
* mod_dav_svn ignores pre-revprop-change failure on delete (issue #3086)
* mod_dav_svn prevented lock breaks from being propagated to client (r29914)
* non-UTF8 filenames could enter repository (issue #2748)
* 'svnlook proplist' xml output (issue #2809)
* don't let mod_dav_svn hide errors from client (issue #3102)
* ra_serf failure during update (issue #3113)
* ra_serf comply with RFC 2617 in handling authentication headers (r35981)
* use both SHA1 and MD5 in the FS backends (r34388)
* many other minor bugfixes too numerous to list here
- Contributed tools improvements and bugfixes:
* commit-email.pl: Deprecated; use mailer.py instead (r31755, -67)
* svnmerge.py migration tool munged svn:mergeinfo ordering (issue #3302)
* And other random sundry stuff
Developer-visible changes:
- General:
* serf 0.3.0 required, when building with serf (r35586)
* require SQLite 3.4.0 or newer (r33520)
* allow the use of an in-tree SQLite amalgamation (r35263)
* svn_log_changed_path_t now includes a 'kind' field (issue #1967)
* BDB `changes' table inconsistency when APIs are misused (issue #3349)
* configure should prefer apr-1 over apr-0 if both are present (issue #2671)
* make 'Not Found' errors consistent between RA layers (issue #3137)
* fix a potential buffer overrun (r34374)
* many bug fixes and improvements to the test suite
- API changes:
* notification system for properties and revision properties (issue #783)
* make ra_svn's merge commit-revprops public (r30462, r30453)
* mod_dav_svn operational logging compatible with svnserve logging (r30518)
* improve speed of svn_client__get_copy_source() (issue #3356)
* if fsfs commit fails return SVN_INVALID_REVNUM (r35950)
- Bindings:
* new: ctypes python bindings
* many improvements to all bindings (Java, Perl, Python, and Ruby)
* respect CFLAGS in SWIG bindings (r35879)
* fix building Ruby bindings with Ruby 1.9 (r35852, r35883)
pkgsrc changes: overhaul this package.
* Add LICENSE.
* Clean up bmake's macros, such as addition of PRINT_PLIST_AWK.
Geeklog changes: too many chagnes to write here.
* New user-friendly installation.
* New Configuration GUI.
* New Webservice GUI.
* And more.
Please refer http://www.geeklog.net/docs/english/changes.html
for more information.
Fixed some security problems about SQL injection vulnerability.
o close more leaking file descriptors for CGI and daemon mode
o add subdirs for build "debug" and "small" versions
o clean up a bad merge / duplicate code
o make mmap() usage portable, fixes linux & ranges: support
o document the -f option
o daemon mode now serves 6 files per child
