be the same version as mercurial itself, which is, however, not a versioned
package. So disallow 26 for now, since the pkgsrc default is 27 and that
is the version mercurial will be built against.
Approved by: wiz@
Upstream changes:
2.5.5
Highlights
MDL-43733 - Auto-saved responses are used when a quiz attempt is submitted automatically
MDL-27414 - Random short answer matching question type now works again (with thanks to Jean-Michel Védrine)
Functional changes
MDL-40821 - Language menu in Clean shows language used
API changes
MDL-43882 - "Time spent waiting for the database" value added to performance info
UI changes
MDL-44425 - Skydrive, Box.net and Google Docs are renamed OneDrive, Box and Google Drive respectively to reflect these remote service name changes.
Security issues
MSA-14-0004 Incorrect filtering in Quiz
MSA-14-0005 Access issue in Feedback activity
MSA-14-0006 Capability issue in Chat
MSA-14-0007 Access issue in Wiki
MSA-14-0008 Cross site scripting potential in Flowplayer
MSA-14-0009 Identity information leak in Forum and Quiz
MSA-14-0010 Identity information leak in Alfresco Repository
MSA-14-0011 Cross site request forgery potential in IMS enrolments
MSA-14-0012 Access issue in Badges
Fixes and improvements
MDL-40705 - Long course names are truncated in navigation menu
MDL-40205 - Long block titles are truncated in Clean
MDL-42882 - Performance improvement to missing root directory upgrade step
MDL-40849 - Assignment marking guide screen fixed in Clean
MDL-44217 - The link colour in Bootstrapbase (and Clean) is now WCAG compliant
MDL-44029 - Quiz user overrides no longer deleted by group event handler
MDL-44018 - Variant field of question_attempts is backed up by Moodle backup
MDL-43941 - Activity show/hide toggle fixed in hidden and orphaned sections
MDL-43306 - Backup no longer introduces duplicate gradeitem sortorders when restoring
2.5.4
Highlights
MDL-41819 - Able to edit a larger number of grades in the grader report
Functional changes
MDL-42504 - Quiz auto-save detects that the connection to the server has been lost and warns students
API changes
MDL-40741 - Behat tests adapted to Clean theme
MDL-42942 - Environmental information shown at the beginning of every Behat run
Security issues
MSA-14-0001 Config passwords visibility issue
MSA-14-0002 Group constraints lacking in "login as"
MSA-14-0003 Cross-site request forgery vulnerability in profile fields
Fixes and improvements
MDL-34182 - Invalid JSON no longer output on filepicker when repository plugins output invalid content
MDL-43367 - get_child_contexts() returns correct contexts when context path missing
MDL-42913 - Group cache works as expected
MDL-40003 - Assignment submission comments are restored
MDL-42085 - Default enrolment duration is now applied when manually enrolling a user
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the "proxy_protocol" parameters of the "listen" and
"real_ip_header" directives, the $proxy_protocol_addr variable.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
Fuse support being on breaks the build on mac, where our wrappers for
OSXFUSE seem not quite right, and fuse support doesn't work on NetBSD.
ok wiz@ (as MAINTAINER).
On OS X 10.9, the find command to repair directory modes fails,
apparently because the directory is 600, without even the owner x bit.
Add an extra chmod to fix that before the find. (No PKGREVISION++,
because the binary package will be unchanged if it built before.)
*) mod_ssl: Work around a bug in some older versions of OpenSSL that
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent.
*) mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the map
handler code executes
Changes 2.4.8:
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
*) core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
non-ancient PCRE library)
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts.
*) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
execution when a handler is already set.
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request.
*) mod_ssl: Remove the hardcoded algorithm-type dependency for the
SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile).
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
*) prefork: Fix long delays when doing a graceful restart.
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5.
*) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
IDs 02445, 02446, and 02448 to TRACE1 from DEBUG.
*) mod_remoteip: Correct the trusted proxy match test.
*) mod_proxy_fcgi: Fix error message when an unexpected protocol version
number is received from the application.
*) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header.
*) mod_lua: Allow for database results to be returned as a hash with
row-name/value pairs instead of just row-number/value.
*) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
%{REMOTE_ADDR}.
*) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
save the socket for reuse by the next worker as if it were an
APR_SO_DISCONNECTED socket. Restores 2.2 behavior.
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
that was just rewritten by mod_rewrite.
*) mod_session: When we have a session we were unable to decode,
behave as if there was no session at all.
*) mod_session: Fix problems interpreting the SessionInclude and
SessionExclude configuration.
*) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
stanzas under virtual hosts.
*) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
30 seconds timeout.
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint
*) build: only search for modules (config*.m4) in known subdirectories, see
build/config-stubs.
*) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
*) mod_ssl: Add support for OpenSSL configuration commands by introducing
the SSLOpenSSLConfCmd directive.
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>.
*) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
require directives.
*) mod_proxy_http: Core dumped under high load.
*) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
previously limited to 64MB.
*) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
to prevent truncating files.
This commit restores the ABI_DEPENDS line that was there until
yesterday, 0.10.4nb1. It's unclear what the right answer is for
fribidi and ABI_DEPENDS, and if revbumping is needed - so for now
avoid the issue.
In particular, it comes with a curl library, which needs libidn.
libidn is not provided though.
Since libidn is in suse121_base but a separate package in suse131
(suse131_libidn), depend on curl so that it is pulled in correctly.
Bump PKGREVISION.
