ChangeLog from last version:
SECURITY
========
* Close several XSS vulnerabilities in topic administration page. This
resolves CVE-2012-2768.
DOC
===
* Clarify that the only version incompatibility is 3.8.0; 3.8.x for
values of x != 0 is fine.
* Note incompatibility with RT 4 and above, which already include RTFM
functionality as "Articles"
XXX: for now disable copying of PO files, they conflict with RT ones.
changes:
-pop3c: Added pop3c_master_user setting
-bugfix: Mailbox names were accidentally sent as UTF-8 instead of mUTF-7
-more bugfixes
approved by The Maintainer
changes:
-a "From:" header is now required for outgoing mail, custom component
files may need to be adjusted
-support for filters in mhl
-more fixes and new features, see the share/doc/nmh/NEWS file for details
-dragonfly support patches were integrated
that we prefer pkgsrc for OpenSSL. While the latter doesn't actually work
yet, it's better that we are deterministic about this and do not pick up
the system OpenSSL regardless.
Major changes:
- Introduce SIGHUP reloading.
- The symlink device can be enabled by '--enable-symlink-device' configure
option.
- Fix the unknown error under some mutex condition.
- Fix the wrong reservation key handling.
- Use Clang as first choice compiler.
- Use _GNU_SOURCE on linux platform.
Current Limitations of SIGHUP support:
- The parameters other than PG, IG, and LU are not reloaded by SIGHUP.
- PG and IG mapped to LU can't be deleted by SIGHUP.
- If you delete an active LU, all connections of the LU are closed by
SIGHUP.
- Can't modify LU by SIGHUP.
- Updating IG is not affected until the next login.
Approved by: obache@
Upstream changes:
Highlights
MDL-28557 Group event now appears to teachers, managers and administrators
MDL-33398 MDL-27368 Cron works when course completion is enabled
Functional changes
MDL-24401 Lesson string changes
MDL-33401 Managers can add blocks at the site level
Security issues
MSA-12-0042 File access issue in blocks
MSA-12-0043 Early information access issue in forum
MSA-12-0044 Capability check issue in forum subscriptions
MSA-12-0045 Injection potential in admin for repositories
MSA-12-0046 Insecure protocol redirection in LDAP authentication
MSA-12-0047 SQL injection potential in Feedback module
MSA-12-0048 Possible XSS in cohort administration
MSA-12-0049 Group restricted activity displayed to all users
MSA-12-0050 Potential DOS attack through database activity
Fixes and improvements
MDL-32866 Filemanager in private files now saves changes
MDL-33583 "Keep all" automated backups now works
MDL-33607 Add new wiki page no longer reports error writing to database
MDL-33603 Database activity entries are linked correctly
MDL-26892 Question images not lost during upgrade
MDL-29924 Glossary attachments appear in filter popups
to be necessary any more. Ordinarily it wouldn't hurt to leave it, but it
can cause cyclic dependencies if binutils is required by gcc, and this will
suffice in lieu of a proper fix for that problem.
Changes to dc-burn-netbsd
- If run as non root, call sudo where root is required
- Adjust -r to permit explicit list of tarfiles to extract
- Enumerate all possible tarfiles to avoid having to query NetBSD site
- Add -e option to tun emulator (gxemul) on result
- Fix rework of extracted files to create viable live image
- Implement -v '?' to list available versions (from main NetBSD site)
- Automatically check NetBSD-archive directory for older NetBSD versions
Now works with NetBSD 4, 5 & 6 which would have previously failed.
Comment out some unusual sector subtractions which handled values in the
multigigabyte range.
Now allows all tested NetBSD versions (3, 4, 5 & 6) to mount ISO images
ECL 12.7.1:
===========
* Bugs fixed:
- The implementation of locks and condition variables based on POSIX threads
was not safe under interrupts. It has all been reimplemented using atomic
userspace operations plus a new wait queue.
- :CDECL was not accepted as an FFI declaration due to a typo.
- REMOVE-METHOD and FIND-METHOD were not generic functions.
- MAKE-LOAD-FORM's methods for standard-object, structure-object and
condition did not signal an error).
* Visible changes:
- ECL builds with support for threads by default (where available).
- DIRECTORY no longer complains when it finds an inexistent directory
component: it simply returns NIL as the list of pathnames.
- CASE now complains when the OTHERWISE/T clause is not the last one.
- Instead of issuing an error, LOOP now only produces a STYLE-WARNING
when iteration forms appear at the wrong place, as in (LOOP WHILE ...)
followed by some assignment.
- EXT:MKDIR no longer accepts pathnames as inputs to avoid problems with
pathnames that contain name or type components.
- ENSURE-DIRECTORIES-EXIST accepts the keyword argument :MODE which is
passed to MKDIR.
- In EXT:RUN-PROGRAM the child process is delayed until the parent has created
the process structure and stored the process id in it. Formerly we had race
conditions due to the child exiting before the parent was able to call
sigwait().
- Where available, ECL now defines the constants EXT:+SIGRTMIN+ and
EXT:+SIGRTMAX+, as well as EXT:+SIGRT0+ through EXT:+RTMINn+ where n =
SIGRTMAX - SIGRTMIN Those signals can be then trapped.
- The interrupt handler for floating point exceptions does not care about
the value of EXT:*INTERRUPTS-ENABLED* or similar mechanisms because such
interrupt has to be treated as an error, not as something optional. The
same applies to other evil signals, such as SIGSEGV or SIGBUS.
- New functions (EXT:GET-INTERRUPT-HANDLER code) and
(EXT:SET-INTERRUPT-HANDLER code function-designator) allow the user to
customize how these interrupts are caught. SET-INTERRUPT-HANDLER runs an
implicit EXT:CATCH-SIGNAL.
- ECL now exports the symbols FFI:C-INT-MAX, FFI:C-INT-MIN, FFI:C-LONG-MAX,
etc, which correspond to the POSIX C constants INT_MAX, INT_MIN, LONG_MAX,
and similar ones.
- APROPOS-LIST no longer returns duplicate symbols.
- The ABORT restart is now bound on every new thread (except the main one,
where either the user or the toplevel must take care of that).
* Windows:
- ECL guesses whether the input / output / error streams are consoles. If
so, it sets up a special type of stream that copes with the deficiencies
of read()/write() and similar functions on consoles -- namely that they
may read or write a larger number of bytes than demanded because they
translate the input/output to and from the corresponding codepage.
(EXPERIMENTAL)
- ECL detects the codepage that the console is using and applies it as
the appropriate external format (with :CRLF convention).
- ECL's console stream signals EOF when Ctrl-Z is detected.
* Metaobject protocol:
- Implemented CLOS:COMPUTE-APPLICABLE-METHODS-USING-CLASSES.
- COMPUTE-APPLICABLE-METHODS and CLOS:COMPUTE-EFFECTIVE-METHOD are now
generic functions.
- Implemented and used in the core: VALIDATE-SUPERCLASSES
- UPDATE-DEPENDENT, MAP-DEPENDENTS and related functions have been fixed. They
are now invoked by REMOVE-METHOD and REINITIALIZE-INSTANCE, when acting on
generic functions, standard classes, etc.
- (SETF CLASS-NAME) is now implemented using REINITIALIZE-INSTANCE.
- ENSURE-CLASS-USING-CLASS now registers the class with
FIND-CLASS. ENSURE-CLASS relies on E-C-U-C doing that.
- EXTRACT-LAMBDA-LIST and EXTRACT-SPECIALIZER-NAMES implemented.
- CLOS:GENERIC-FUNCTION-DECLARATIONS and slot CLOS:DECLARATIONS are now
implemented (even if not used by ECL itself).
- Implemented the class CLOS:METAOBJECT
- Implemented SPECIALIZER and EQL-SPECIALIZER, together with
ADD-DIRECT-METHOD, REMOVE-DIRECT-METHOD, SPECIALIZER-DIRECT-METHODS,
SPECIALIZER-DIRECT-GENERIC-FUNCTIONS and EQL-SPECIALIZER-OBJECT. ECL now
uses these objects internally for method dispatch.
- DEFMETHOD now relies on MAKE-METHOD-LAMBDA to create the appropriate
function.
- Implemented COMPUTE-DISCRIMINATING-FUNCTION.
- ECL's discriminating functions use COMPUTE-APPLICABLE-METHODS-USING-CLASSES
on those classes in which the user may redefine or extend the
method. Elsewhere, ECL relies on the internal equivalent of
COMPUTE-APPLICABLE-METHODS, which _always_ memoizes results.
- When reinitializing a class instance, ECL would not remove the class from
its former superclasses.
- The method combination slot of a generic function is now precomputed by
using FIND-METHOD-COMBINATION in SHARED-INITIALIZE.
- METHOD-COMBINATION is now a class with slots and it is used by ECL for
computing effective methods.
- The MOP and CL classes and metaclasses do not contain any slot whose name
is exported by any of the CL or CL-USER packages.
the f2c frontend. It is not recognized as GCC even though there is a gcc
underneath. Thus, use "-Wl," to introduce linker options.
This unbreaks the build of shared libraries written in Fortran on MirBSD
(exotic combination, yes I know) such as blas.
Bump PKGREVISION.
It also fixes a little security problem of permission check about undo
processing.
Quote from release announce: http://www.contao.org/en/news/contao-2_11_5.html
The bugfix release fixes a couple of issues, including the SOAP
compression problem in PHP 5.4, the IDNA URL converting issue and
the TinyMCE relative URLs problem.
Upstream CHANGES:
1.3097 08.07.2012
[ ENHANCEMENTS ]
* New keywords 'register_hook' and 'execute_hooks' exported by Dancer::Plugin
for providing a consistent way with Dancer 2 on how to declare and run hooks
from within a plugin (Alexis Sukrieh, idea from David Precious).
1.3096 06.07.2012
** Codename: Chop Hooey // Neil Hooey **
[ ENHANCEMENTS ]
* Finally released, thanks to Neil Hooey bugging my sorry ass.
1.3095_02 03.07.2012
[ BUG FIXES ]
* fix exception tests in some cases (GH #734) (Damien Krotkine & katkad )
[ ENHANCEMENTS ]
* If YAML does not load, Dancer::Config now reports why (Ovid)
[ DOCUMENTATION ]
* Clarify serialization in introduction POD (Mark A. Stratman)
* Typo fix (Sam Kington)
1.3095_01 22.06.2012
[ BUG FIXES ]
* Don't assume returned references are blessed when considering
continuations (Neil Hooey, GH-778)
* Malformed/missing cookies caused warnings
(James Aitken/LoonyPandora, GH-782 and GH-783)
* Avoid potential crash in t/14_serializer/06_api.t if tmp dir is replaced
when %ENV gets cleared (Adam Kennedy)
* Properly initialize %callbacks to default empty hashref in _send_file if
not provided (Greg Mullen)
[ ENHANCEMENTS ]
* Add UTC timestamp options for logger_format (Alex C - perlpong).
* Tests can now run in parallel (Richard Sim.es).
* dancer_version keyword added (Damien "dams" Krotkine).
* New session_domain paramter allows you to set the domain of the default
session cookie (William Wolf)
[ DOCUMENTATION ]
* Update Ubic service example (Vyacheslav Matyukhin)
* Silly typo fixing (Paul Fenwick)
* Typo in Dancer::Test file upload example (Jonathan "Duke" Leto)
* UTF-8 fixes in POD (ambs)
1.3095 01.04.2012
[ BUG FIXES ]
* Small fix to skip tests when YAML is not available.
(Sawyer X)
[ ENHANCEMENTS ]
* Added 'info' log level for messages that should always go to the logs
but aren't really debug, warning or error messages (Ovid)
1.3094 31.03.2012
[ BUG FIXES ]
* GH #763: Fix exceptions in ajax routes clobbering layout (ilmari)
* GH #748 & GH 647: Don't force override environment from PLACK_ENV (jwittkoski)
* GH #762: fix param parsing lacking limit on split (leejo)
* GH #758: Fix Dancer::Test: make sure the request is properly converted to
a response. (Ovid)
* GH #729: Fix dancer exception composition, and message pattern application
(Damien Krotkine)
* GH #752: Exceptions raised in hooks were not propagated back to the route
code, but instead canceleld and replaced by a Dancer halt exception. That
was wrong. Now it is fixed, exceptions raised in hooks can be properly
caught in route code.
(Damien Krotkine)
* Be more flexible in single vs. mutliple values in key hiding.
(Sam Kington)
* Use isa() for checking relationships instead of ref() in Dancer::Test.
(Ovid)
[ ENHANCEMENTS ]
* Added 'strict_config' option to have the config return an object instead
of a hashref. (Ovid)
* GH #708: Added support for query strings in dancer_request (Jacob Rideout)
* It's possible for the user to set the environments directory using a new
environment variable (DANCER_ENVDIR) or using `set envdir => $path`
* Sort hash keys when serializing references in log messages (Ovid).
[ DOCUMENTATION ]
* Explain in POD that if there are multiple fields with the same name,
params('fieldname') returns an arrayref of them (alexrj).
* GH #750: Fix in Dancer::Deployment: appdir needs to be set before calling
load_app (Paul Johnson)
* Update 'before' hook document (David Cantrell).
1.3093 29.02.2012
[ BUG FIXES ]
* GH #738: Define exception type ::Core::Request, to avoid things blowing
up when Dancer::Request raises exceptions of that type
(David Precious, thanks to damog for reporting)
* GH #671: Fix Dancer::Plugin::Ajax with Plack::Builders.
(Activeg, Sawyer X)
* Auto-page feature cleanup and fixup. (David Precious)
* Remove uninitialized warnings. (Sawyer X, David Precious)
[ ENHANCEMENTS ]
* Winning release race to Catalyst (nice try rafl++!)
* Add exception type ::Core::Request. (David Precious)
* JSON decode from UTF8. (Sam Kington)
* Provide the method when a route crashes to help debug. (Sam Kington)
* More helpful log messages. (David Precious)
[ DOCUMENTATION ]
* Fix examples for multi-app deployment under Plack::Builder in deployment.
* Deployment docs. (c0bra)
* Update tutorial. (David Precious)
* Clean up EXPORTS. (David Precious)
* Keyword documentation fixups. (Kirk Kimmel)
* Clarify forward docs with better examples. (David Precious)
1.3092 27.01.2012
[ BUG FIXES ]
* Don't call isa() on unblessed refs in Dancer::Exception. (Sam Kington)
* Assume UTF-8 by default when serialising JSON. (Sam Kington)
* GH #725: If a cookie is set multiple times, last value wins.
(David Precious)
* More intuitive, backwards compatible appending of default template
extension. (GH #716, David Precious)
* Prevent recursion in censoring. (Yanick Champoux, Damien dams Krotkine)
* GH #734: More tests flexibility (Sawyer X, reported by @birdy-)
[ ENHANCEMENTS ]
* Return the current set prefix using prefix(). (Michal Wojciechowski)
* More intuitive appending of default template extension. Makes for cleaner
more DWIM code. (David Precious, reported by Nick Knutov)
* Allow any options to JSON serializer. (Lee Johnson)
* Support complex views with multiple document roots. (Pedro Melo)
[ DOCUMENTATION ]
* Document how to work with Dotcloud. (Oliver Gorwits)
* Clean ups and fix ups. (David Precious, Sawyer X, Michal Wojciechowski)
