Quanta Plus
* Insert literal character entities if possible.
* List the plugin in the Open With context menu.
* Fix crashes when using XDebug.
* Do not keep an empty, Untitled document opened when opening new files.
* Fix crash when closing a plugin and no other document is opened.
* Make HTML forms work in the internal preview.
* Fix deadlock in CSS editor when the propery contains ":".
Kommander
* Support executing of widget slots.
* Add execute method for PushButton.
* Add possibility to pass parameters for ScriptObject.
* Add "return" command to get back the result of a ScriptObject.
* Add "createWidget" function for on-the-fly widget creation.
* Add "widgetExists" function.
* Add "execBackground" function.
* Add "connect/disconnect" function for on-the-fly signal/slot connection.
* Add indexed array functions
* Make "a="Label1"; a.setText("foo")" work.
* Add "TreeWidget.selectedIndexes".
* Add "Table.setCellWidget/cellWidget".
* Add "Table.selection" to get back the selection coordinates.
* New widgets: "AboutDialog, DatePicker, PopupMenu, ToolBox"
* Use the new parser by default for new dialogs.
* Support shebang ("#!/path_to/kmdr-executor") in the beginning of the
.kmdr files. Running .kmdr files is possible directly if you make
them executable.
* Warn if a dialog file is not executable.
* Store Kommander version in the "VERSION/_VERSION" global variable.
* Add experimental Kommander KPart (Kommander dialogs can be embedded in
other KDE applications).
* Make "input_color" and "@Input.color" accept a default color argument.
* Make "TreeWidget.selection" work in multi selection mode.
* Make "TreeWidget.setSelection" show the selected item.
* Make "CheckBox.setChecked" accept as argument false, "false", true,
"true", 0 (meaning false), everything else meaning "true".
* Optionally quote the strings inserted via the function browser.
* Use combobox for booleans in the function browser.
* Use multiline insert box in function browser.
* Add highlighting for the new parser.
* Make possible to open more associated editors at once.
* Make it possible to run external script in a ScriptObject.
* "execute" DCOP call returns a string.
* The editor does not save the dialog on running.
* Create backup files every 5 minutes.
* Rework the plugin system.
* Set new functions only available to new parser such as createWidget
to not be shown in the function browser if the old parser is run.
* Show all available functions in the function browser.
* Insert the functions using the syntax of the new parser if #!kommander
is specified in the associated text.
* Return the result of a division in floating form if the result is not
an integer.
* Update the handbook.
* Install examples that are easily reachable from the editor.
* Fix "exit" command.
* Make "dcopid, pid, parentPid" work in the new parser.
* Fix problem with losing the parser type status in the editor when
working with multiple dialogs.
* "@Array.fromString" should append the new elements to the array, just
like it did before and how "array_fromString" does.
* Fix @eval for addition/substraction and handle division by zero.
* Process code written in external script using the old parser.
* Fix many cases when the code was executed altough it was in a codepath
that should not be executed.
* Fixed the bug in the input text dialog where entering a default value
returned the caption.
* Fix the for loop parsing if end < start.
Change log
* Various tests were enhanced to increase our test coverage
* Implement unlocking for content which does not use portal_factory
and for LinguaPlone translations.
* Add a method to cleanup persistent schemas from content objects
which were created by the 'update schema' feature from older
Archetypes releases. This is available through the ZMI.
* Correct removing of all roles from a group. This fixes This fixes 6994.
* Correct generation of session cookies for long userids. This fixes
problems with OpenID2 accounts.
* Correct handling of unicode arguments for
acl_users.enumerateUsers. This fixes zope-pas bug 189627.
* Kupu updates:
o Correct full screen mode. This fixes 7473.
o Correct intenal link insertion for IE. This fixes 7494.
o Correct stripping out of anchor to top of current page. This fixes 7680.
o The 'Home' link nows goes to the content root instead of the
Plone root. This fixes 7713.
o 'Link using UIDs' broke indexing of richt text fields with
non-ASCII characters. This fixes 7728.
o Update the flags and languages list. This fixes 7441.
o Revert internal change in language selector code in the
plone.app.i18n release from Plone 3.0.5 in the language
selector widget which broke LinguaPlone.
o Fix lock timeout which was set by default to 12 minutes, it is
now set to maxtimeout (71582788 minutes). This fixes 7358.
o Fix TypeError when an anonymous user locks content. This fixes 7246.
Updated packages
* archetypes.kss 1.2.6
* plone.app.i18n 1.0.3
* plone.app.controlpanel 1.0.4
* plone.app.linkintegrity 1.0.5
* plone.app.vocabularies 1.0.3
* plone.locking 1.0.5
* plone.session 1.2
* Archetypes 1.5.6
* CMF 2.1.1
* CMFPlone 3.0.6
* PloneLanguageTool 2.0.2
* PlonePAS 3.2
* PloneTranslations 3.0.11
* PluggableAuthService 1.5.3
* kupu 1.4.8
Based on PR 38029, remove redundant PLIST and markd as DESTDIR ready.
I18N::AcceptLanguage matches language preference to available languages
per rules defined in RFC 2616, section 14.4: HTTP/1.1 - Header Field
Definitions - Accept-Language.
No package using "contrib" sub directory now and it is redundant.
If such a package exists on a platform, should use MOZ_DIR individually instead.
This change also fixes fetch problem of www/firefox-bin when MASTER_SITE_MOZILLA
is not defined in /etc/mk.conf.
Active Resource (ARes) connects business objects and Representational
State Transfer (REST) web services. It implements object-relational
mapping for REST webservices to provide transparent proxying
capabilities between a client (ActiveResource) and a RESTful service.
Security fixes in this version:
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.8/
Security fixes in this version:
MFSA 2008-11 Web forgery overwrite with div overlay
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-08 File action dialog tampering
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-04 Stored password corruption
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.12/releasenotes/
HOMEPAGE for more information. While here, switch to using lang/ossp-js
package instead of lang/spidermonkey. Goodbye, nspr dependency!
Javascript support seems more stable.
Mark option 'spidermonkey' deprecated in favor of option 'javascript'.
This is a Perl implementation of the reCAPTCHA Mailhide API. It can
generate URLs or even directly usable HTML code for using the reCAPTCHA
Mailhide web service, which provides a way of asking people to solve a
reCAPTCHA before they can view your email address.
This is a Perl implementation of the reCAPTCHA API.
From the recaptcha.net web site:
reCAPTCHA improves the process of digitizing books by sending words that
cannot be read by computers to the Web in the form of CAPTCHAs for
humans to decipher. More specifically, each word that cannot be read
correctly by OCR is placed on an image and used as a CAPTCHA. This is
possible because most OCR programs alert you when a word cannot be read
correctly.
HTML::Tiny is a simple, dependency free Perl module for generating HTML
(and XML). It concentrates on generating syntactically correct XHTML using
a simple Perl notation.
Changes with Apache 2.0.63
*) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
to /Device/Nul as the server is starting up, mirroring unix MPM's.
PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe]
*) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
by recreating the bucket allocator each time the trans pool is cleared.
PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>]
Changes with Apache 2.0.62 (not released)
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox, Joe Orton]
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) Introduce the ProxyFtpDirCharset directive, allowing the administrator
to identify a default, or specific servers or paths which list their
contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
*) log.c: Ensure Win32 resurrects its lost robust logger processes.
[William Rowe]
*) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
shutdown of the server when the MaxClients is higher then 257,
in a more responsive manner [Mladen Turk, William Rowe]
*) Add explicit charset to the output of various modules to work around
possible cross-site scripting flaws affecting web browsers that do not
derive the response character set as required by RFC2616. One of these
reported by SecurityReason [Joe Orton]
*) http_protocol: Escape request method in 405 error reporting.
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings. [Jeff Trawick]
*) http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR 44014 [Victor Stinner <victor.stinner inl.fr>]
there, not in post-patch.
There's no need to use xargs -0: Solaris doesn't know that option, POSIX
doesn't require it, and all the filenames are sane anyway.
error and the behavior of NetBSD on 64-bit machines. All three bugs
(including the Linux documentation problem) have been reported upstream
and will be fixed there.
=== RELEASE 2.1pre32 ===
Thu Dec 13 04:44:01 MET 2007 mikulas:
Do not display links to alternate stylesheets
Tue Dec 11 06:37:56 MET 2007 mikulas:
Use Content-Disposition as a suggestion for downloaded file name
Sun Dec 9 04:52:37 MET 2007 mikulas:
Fixed write to freed memory resulting in misbehavior of radio buttons
and a possible crash
Wed Dec 5 23:26:55 MET 2007 mikulas:
Make it run without Cygwin environment (only with Cygwin DLLs)
Workaround for flaws in Cygwin Unix emulation:
SIGWINCH is sometimes lost
Signal handlers write to a pipe and it should wake select() up,
sometimes, it doesn't
exec("command.com") crashes Windows 98 when some sockets are
open
Wed Dec 5 18:05:00 MET 2007 mikulas:
Do not search for compressed-file extension (.gz, .bz2) in URLs
containing '?', '&' or ';' --- they are likely scripts and they should
provide information about compression in the header.
Tue Dec 4 04:09:51 MET 2007 mikulas:
When the document was truncated to zero size on reload and no data were
received, links didn't invalidate formatted document cache
Wed Nov 7 00:20:12 MET 2007 mikulas:
Accept capital 'X' as a hex number mark in html entities
Fri Nov 2 19:53:01 MET 2007 mikulas:
Do not print links to stylesheet to the document
Fri Nov 2 19:52:22 MET 2007 mikulas:
Slightly improve parsing of ftp --- when the line contains "<DIR>", we
can assume that it is a directory
Tue Oct 30 21:22:27 cet 2007 mikulas:
Previous release didn't compile on OS/2 due to missing SIGCONT
