While here, set LICENSE=mit.
1.7.4
-----
* Fix XSS bug (security issue) with not found handlers for
:class:`paste.urlparser.StaticURLParser` and
:class:`paste.urlmap.URLMap`. If you ask for a path with
``/--><script>...`` that will be inserted in the error page and can
execute Javascript. Reported by Tim Wintle.
* Replaced :func:`paste.util.mimeparse.desired_match`
1.7.3.1
-------
* Removed directory name from 404 errors in
:class:`paste.urlparser.StaticURLParser`.
* Fixed packaging to include Javascript and images for
:mod:`paste.evalexception`
1.7.3
-----
* I got a fever and the only prescription is more :mod:`paste.cowbell`!
* Fix :mod:`paste.httpserver` on Python 2.6.
* Fix :mod:`paste.auth.cookie`, which would insert newlines for long
cookies.
* :mod:`paste.util.mimeparse` parses a single ``*`` in Accept headers
(sent by IE 6).
* Fix some problems with the ``wdg_validate`` middleware.
* Improvements to :mod:`paste.auth.auth_tkt`: add httponly support,
don't always aggressively set cookies without the
``wildcard_cookie`` option. Also on logout, make cookies expire.
* In :class:`paste.proxy.Proxy` handle Content-Length of -1.
* In :mod:`paste.httpexceptions` avoid some unicode errors.
* In :mod:`paste.httpserver` handle ``.read()`` from 100 Continue
properly (because of a typo it was doing a readline).
* Update ``paste.util.mimeparse`` from `upstream
<http://code.google.com/p/mimeparse/>`_.
* Fix build on 64 bits system
Changes 0.9.2:
* The rope of grapple no longer gets stuck in ground.
* Network games between specific computers which didn't work properly before
should work now.
* A bug has been fixed which prevented the bugzilla team to have more then
three players.
* Poisoned characters die now when they have to less health.
circumstances make doesn't like the conditional I wrote.
(also, what the previous log message says about a bump is wrong; I bumped
only ncursesw. but there shouldn't be any need to bump ncurses for this.)
that explicitly forcing ncurses does not mean "use builtin curses anyway"
unless the builtin curses is *really* ncurses.
(Yes, the ncursesw builtin.mk responds to USE_NCURSES and not USE_NCURSESW;
whether that's a bug is for someone else to decide.)
completely; rectify that. Now setting USE_NCURSES=yes won't install
pkgsrc ncurses on e.g. Linux where it's really built in.
Not sure if a version bump is wanted, but since I just did one we'll
ride that.
paths in include directives in the headers it installs. (I'm not going
to ask who thought this was a good idea...) Since this package
bypasses the ncurses install goo, we need to replicate at least some
of the behavior with SUBST in order to get working header files out.
Should fix PR 43435 and may also fix some problems with ncursesw and
tin that I've had reported to me.
PKGREVISION -> 4.
Upstream changes:
0.07 Sat May 08 14:00:00 2010
- --port option is now omittable (so daemons _not_ binding to TCP ports (like FCGI servers binding to unix domain sockets) can be hot-deployied using Server::Starter)
Pkgsrc changes:
- adjust dependencies
Upstream changes:
1.30 Wed Jun 9 12:23:48 CDT 2010
------------------------------------
[ENHANCEMENTS]
autolint used to only work on get_ok() calls. Now it works with
post_ok(), submit_form_ok(), follow_link_ok() and click_ok().
Added $mech->text_contains(), $mech->text_like() and $mech->text_unlike()
methods. These check the text of an HTML page separate from the
HTML markup. Thanks to Ashley Pond V.
1.28 Tue Apr 13 00:44:27 CDT 2010
------------------------------------
[FIXED]
t/put_ok.t finally passes.
1.26 Mon Apr 5 00:54:46 CDT 2010
------------------------------------
[FIXED]
Description of error in $mech->content_unlike() was wrong.
Now requires Test::LongString 0.12.
t/put_ok.t now passes, but with a handful of warnings. Help in figuring
out why would be appreciated.
[INTERNALS]
Hoisted common code out of get_ok, post_ok, etc.
[DOCUMENTATION]
Updated copyright and licensing information.
Upstream changes:
==============================
2010-07-19 14:40:55 +0100 1.14
==============================
commit f5df5ac7dc5f5b6cbddaf127993870d26d9b2614
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date: Mon Jul 19 14:40:55 2010 +0100
Check for definedness of stuff given to send to clients.
This release fixes a bug in ACL plugin, which could be considered a security
bug: If Maildir is used with default settings (INBOX is same as Maildir root
dir) and user set some ACLs to INBOX, those ACLs were copied to all newly
created mailboxes. This should have been done only for "default ACLs", but with
Maildir the INBOX directory is the same as the default ACL directory, so this
mixup happened. This bug exists only in v1.2.x releases.
Other fixes:
- Fixed iconv() crash when it was processing several kilobytes of broken
continuous input. This mainly could have caused a problem with IMAP SEARCH.
Possibly also with some Sieve checks.
- If MIME encoded-words contained line feeds, Dovecot logged cache corruption
errors.
- mbox: Renaming mailbox under newly created dir didn't move index directory.
- mbox: When generating envelope to From_-line, don't append a second
@owndomain if username already has one.
* torrent: don't try to re-download invalid piece from the same peer.
* added a short lftp.conf(5) man page.
* fixed a problem with zeroed errno.
* fixed status of mget from file: schema.
* fixed a compilation problem on AIX.
Version 4.0.8 - 2010-05-24
* fixed get/mget -c when xfer:clobber is off.
* fixed file verification in pget.
* fixed ftp encoding for servers with LANG but without UTF8 feature.
Version 4.0.7 - 2010-04-29
* make xfer:clobber off by default.
* limit number of attempts to upload a file (net:max-retries).
* handle 426 ftp reply to STOR specially.
* retry FEAT after login even after non-standard 5xx reply.
Version 4.0.6 - 2010-03-25
* use O_EXCL flag when xfer:clobber is off.
* better validation of server-provided file name (CVE-2010-2251).
* new setting xfer:auto-rename (off by default).
* new setting ftp:ssl-copy-sid (for some broken servers).
* fixed CCC ftp command to shutdown SSL connection properly.
* fixed `pget -c' on complete files.
Version 4.0.5 - 2009-12-21
* added support for lighttpd listings.
* fixed sftp rename.
* fixed a core dump on `kill all' with pget.
* fixed interrupting of a torrent with unresponsive tracker.
* Czech translation updated
Upstream changes:
# [x3270] Fixed a problem with temporary keymaps being cleared when connecting
to or disconnecting from a host.
# x3270, c3270] Corrected some APL characters that were not displayed correctly
with Unicode fonts.
# [all] Corrected operation on EBCDIC-based hosts.
# [all] Corrected the behavior of hostname prefixes such as L:, which were
"sticky", i.e., once set they would be set for all future connections.
# [all] Corrected the reported CGCSGID for code page 1147 (french-euro).
# [all except x3270] Disabled the Query Reply report for background color
support, which confused some older versions of GDDM. This report can be
explicitly enabled by setting the qrBgColor resource to true.
# [all] In oversize mode, changed the terminal type to IBM-DYNAMIC.
Pkgsrc changes:
- Set LICENSE
- Fix configuration directory
- Claim maintainership.