Changes to squid-3.0.STABLE12 (21 Jan 2009):
- Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
- Bug 2542: ICAP filters break download resume
- Bug 2556: HTCP fails without icp_port
- Bug 2564: logformat '%tl' field not working as advertised
- Port from 3.1: TestBed basic build consistency checks
- Policy: Change half_closed_clients default to off
- Policy: Removed -V command line option, deprecated by 2.6
- ... and several other minor code cleanups
This update contains security fixes and please refer ChangeLog file
for full changes.
1. System extension Install tool (install)
Insecure Randomness
2. Authentication library
Broken Authentication and Session Management
3. System extension Indexed Search Engine (indexed_search)
Cross-Site Scripting, Remote Command Execution
4. System extension ADOdb (adodb)
Cross-Site Scripting
5. Workspace module
Cross-Site Scripting
After update, you will need to create a new encryption key.
(1) Upgrade to the new TYPO3 version.
(2) Clear the configuration cache
(3) Open the install tool and choose menu 1 ("Basic Configuration").
(4) Scroll to the bottom of the page and click on the button
"Generate random key".
(5) Submit the form by clicking on "Update localconf.php".
(6) Clear the configuration and page cache again.
correctly set up before any other include has a chaance to make use of
compiler.mk.
Fixes build (if compiler.mk gets used) by avoiding the C++ compiler being
replaced by the fail wrapper.
Upstream changes:
1.24 Sat Jan 17 13:26:47 CST 2009
------------------------------------
Tests run on port 13432 instead of 8080. It should really be a
random open port, but for now, something other than 8080 will do.
1.23_01 Mon Dec 22 17:43:46 CST 2008
------------------------------------
[FIXED]
Tests would fail because we weren't unsetting http_proxy.
Fixed many failed tests. Overhauled the test server setup.
[ENHANCEMENTS]
Added autolinting capability, so you can do this:
my $mech = Test::WWW::Mechanize->new( autolint => 1 );
$mech->get_ok( $url );
and the get_ok() will fail if the page is fetched, but the resultant HTML
(if it is indeed text/html) does not pass HTML::Lint.
Added $mech->click_ok().
The user agent is now "Test-WWW-Mechanize/version" by default.
Spring cleaning.
Updated Thai translation.
Fix bookmark import of ff3 files
ff3 now has some extra stuff in their .html files, so the importer is not
always working, the regexp has been improved to fix this.
Patch by Wouter Bolsterlee. Fixes bug #552997.
Set the weasel version to 3.1 when using gecko 1.9.1.
More gecko 1.9.1 fixes.
Check for nsIDOMNSLocation.h, which was removed in gecko 1.9.1, and
adapt API use accordingly. Bug #565669.
Minor fix to Catalan translation thanks to Sílvia Miranda
ClientForm is a Python module for handling HTML forms on the client
side, useful for parsing HTML forms, filling them in and returning
the completed forms to the server. It developed from a port of
Gisle Aas' Perl module HTML::Form, from the libwww-perl library,
but the interface is not the same.
Stateful programmatic web browsing, after Andy Lester's Perl module
WWW::Mechanize.
The library is layered: mechanize.Browser (stateful web browser),
mechanize.UserAgent (configurable URL opener), plus urllib2 handlers.
Features include: ftp:, http: and file: URL schemes, browser history,
high-level hyperlink and HTML form support, HTTP cookies, HTTP-EQUIV
and Refresh, Referer [sic] header, robots.txt, redirections, proxies,
and Basic and Digest HTTP authentication. mechanize's response
objects are (lazily-) .seek()able and still work after .close().
Collection.
Pastebins (also known as nopaste sites) let you post text, usually
code, for public viewing. They're used a lot in IRC channels to
show code that would normally be too long to give directly in the
channel (hence the name nopaste).
Each pastebin is slightly different. When one pastebin goes down
then you have to find a new one. And if you usually use a script
to publish text, then it's too much hassle.
The Perl 5 module App::Nopaste aims to smooth out the differences
between pastebins, and provides redundancy: if one site doesn't
work, it just tries a different one. A commande line script is
provided.
in the NetBSD Packages Collection.
The Perl 5 module WWW::Pastebin::PastebinCom::Create provides means
of pasting large texts into http://pastebin.com pastebin site.
* Rolling back #280934. PHP 4 incompatibility.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-001- Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 6.8 release:
* - Patch #331708 by chx: poll_choice_js uses FAPI2.
* - Patch #350708 by dww: t() documentation clean-up.
* #245990 by Dave Reid, chx, dww: Look for the www.example.com page when a HTTP request seems to fail. Looking for the local page caused problems for people with interactive authentication, redirects, hosting added JavaScript code, and so on.
* - Patch #262920 by ainigma32: language selection for domain should look at HTTP_HOST not SERVER_NAME.
* - Patch #353886 by killes: too many arguments to SQL query in locale import.
* - Rollback of #325908.
* #347228 by kajetan: user was redirected to admin/build/translate instead of admin/build/translate/import
* #332123 by webchick, lilou, andypost: backport of removal of t() around schema desciptions
* #257009 by bjaspan, Freso, Darren Oh: check to not create global constraints twice in PostgreSQL (for example, when the testing framework is running)
* #169937 by Heine, drumm, alexanderpas, Darren Oh: only regenerate session if the user is the current global user
* #308526 by chx: Also reset actions_list() cache on actions_synchronize()
* #323474 by gpk, Dave Reid, catch: hook_boot() was not called on non-cached pages when agreesive caching was on
* #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text
* #328977 by Dave Reid, hgmichna: comment_controls() form function lacks first form_state parameter, so passed values are incorrectly used
* #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas
* #347485 by cdale: only add upload submit handler if the upload form is added
* #344052 by salvis: remove unused $update_node variable from node module
* #356782 by quicksketch: remove unused unset($edit) from _form_builder_handle_input_element()
* #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url()
* #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted
* #245990 follow up by Damien Tournoud, David_Rothstein, pwolanin: Move back to an internal URL check for HTTP request checking and make the request checking less intrusive on what requests can be accomplished
* Rolling back #280934. PHP 4 incompatibility.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-001 Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 5.14 release:
* #348269 by Darren Oh. Add missing * in the expand_password_confirm() comment.
* #202688. Backport from 6.x.
* #103528 by gpk, hass & salvis. Provide a useful message when the color picker is disabled due to the download method.
* #350708 by dww. Backport t() documentation improvements from D6.
* #157353 by Freso and tangent. Remove a needless dash from RSS feed title.
* #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas
* #252921 by k4ml. Use correct placeholder.
* #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text
* - Patch #335385 by Dave Reid: fixed maxlength of path alias fields to be consistent with the database.
* #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted
* With postfix that support DSN (Delivery Status Notifications) we exclude
some lines to avoid counting mails twice in maillogconvert.pl script.
* Logresolvemerge.pl support FreeRADIUS logs or anything else using
(the fixed length!) ctime format timestamp.
* Add option stoponfirsteof in logresolvemerge tool.
* Add patch to support host_proxy tag in LogFormat (for Apache LogFormat
containing %{X-Forwarded-For}i)
* Renamed Add to favourites on "Hit on favicon".
* Increase robots, search engines database (Added Google Chrome browser,
better Vista, WII, detection, ...)
* Update languages files.
* Added a lot of patch from sourceforge.
* Bug fixes.
GtkHTML-3.24.3 2009-01-12
-------------------------
Bug Fixes:
#553995: evolution crashed with SIGSEGV in gtkhtml_editor_set_changed() (Paul Bolle)
#555388: Undo table create locked up client (Milan Crha)
#562323: Evolution inserts a link incorrectly (Matthew Barnes)
#565491: Don't strip leading whitespace when inserting text (Matthew Barnes)
#565493: Formatting destroyed when marking text with keyboard (Matthew Barnes)
#566014: Evolution does not use selected background color inside table in mail message (Matthew Barnes)
#567130: glade GUI is not localized with evolution (Takao Fujiwara)
Pkgsrc changes:
o Add a BUILD_DEPENDS for the tests
Upstream changes:
0.601 (01.09.2009) - John Siracusa <siracusa@gmail.com>
* Fixed an uninitialized value warning in Rose::HTML::Text.
Version 1.4.23 (Stable)
* Fixes unsubstituted variable in start script.
(reported by Peter van der Does)
* Fixes Debian #494741: Crashes on exit after closing
update monitor dialog with ESC. (reported by ygrek)
Version 1.4.22 (Stable)
* Fixes a typo in XulRunner initialization #ifdef
(suggested by Peter van der Does)
* Fixes a typo in configure.ac
(suggested by Peter van der Does)
* Fixes SF #2266119: configure error if gecko disabled.
(reported by Vincent Lefevre)
* Fixes a XulRunner build issue with new gecko.m4 macro.
(suggested by Peter van der Does)
* Fixes a DB migration issue that might occur when
upgrading from schema version < 5 to 7.
(patch by Thomas B)
* New M4 macro for Gecko detection derived from Yelp.
This should improve compilation against XulRunner 1.9
on Debian.
* Removes gray colouring of updated item titles.
This often confused users to believe the item
state was unread.
* Fixes for French translation (Vincent Lefevre)
Version 1.4.20 (Stable)
* Fixes SF #2042420: "Toggle Read Status" item list
popup menu option (reported by Jeff Fortin)
* Fixes SF #2027445: Incorrect invalid encoding errors.
(reported by Roman Beslik)
* Fixes "lost" views. View in the cache database that
are not used anymore will be dropped on startup.
(reported by Maik Zumstrull)
* Added new Slovakian translation (Pavol Klacansky)
Pkgsrc changes:
o Add dependency on p5-HTML-Tree for HTML::TreeBuilder
Upstream changes:
There appears to be no updated upstream change log.
Judging from the diff, the module was re-implemented,
and it now has at least a few self-tests.
Upstream changes:
0.14 30 Dec 2008
* allow for null value in generated menu fields
* double check for controller in make autocomplete field
* catch condition where the same field is used as both a
FK and one side of a o2m relationship. prefer the FK.
Pkgsrc changes:
o Adjust dependencies according to updated requirements
Upstream changes:
0.22 Mon Jan 05 2009
- add a cookbook entry re: UTF-8 and Config::General (Octavian Rasnita)
- switch from NEXT to MRO::Compat
Upstream changes:
4.40 - Friday, January 2, 2009
No code changes.
* DOCUMENTATION: Clarify that users should use the mailing list
for support, instead of e-mailing the maintainers directly.
4.39 - Monday, December 15, 2008
No code changes.
* INTERNAL: Expand the discussion of auto-flushing in the POD.
(Ron Savage, Mark Stosberg)
* INTERNAL: Re-organize the documentation a bit.
Upstream changes:
1.11
- added Seb in author list
- repeat: ix starts at 0, count starts at 1
fix bug in removing "repeat" attrs
both add() and remove() methods
- many updates in doc
Upstream changes:
2.06 Thu Dec 18 00:07:54 CST 2008
[FIXES]
Added attributes to <frameset>.
<strong> tag didn't allow any attributes. Now it does.
Removed the <listing> tag.
Pkgsrc changes:
* Change HOMEPAGE to redirected one.
* Add DESTDIR support (should be since 2.20.1)
* Change to use --sysconfdir (should be since 2.20.1)
* Add bzip2 support.
* GeoIP support was added since 2.20.1, no need extra pach files anymore.
Fixes PR 40344.
* Changed to use db4 APIs since 2.20.1, dns support back again.
* gettext and freetype2 are not used directly, remove dependency.
* zlib is used directly, add dependency.
* Honor PKGMANDIR.
* Change complex PLIST handlings for docs to simply.
* Change not to use prefix '_' in package specific variables.
Upstream changes:
This fixes a missing memory dealocation call in the DNS lookup code, a kludge
to handle largefile support in the current zlib compression code on some
platforms, and some minor configure script corrections.
7.19.2
Three added regressions in 7.19.1 have been fixed: a build failure
when using the MSVC 6 makefile, a crash when using --interface name
on Linux, and multi interface downloading HTTPS pages with libcurl
built powered by OpenSSL.
7.19.1
CURLOPT_CERTINFO, CURLINFO_CERTINFO, CURLOPT_POSTREDIR, CURLOPT_USERNAME,
CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME, and CURLOPT_PROXYPASSWORD
were added. 24 bugs were fixed.
7.19.0
Some new libcurl options, new Boolean options handling in the curl
tool, and around 40 bugfixes.
7.18.2
This release adds CURLFORM_STREAM, CURLINFO_REDIRECT_URL, and the
two new functions curl_easy_send() and curl_easy_recv(). libcurl
now supports CURLOPT_NOBODY over SFTP, and curl now runs on Symbian
OS. At least 21 described bugfixes were made.
7.18.1
This release adds support for HttpOnly cookies. It no longer
distributes or installs a CA cert bundle. SSLv2 is now disabled by
default. Resumed transfers work with SFTP. At least 23 described
bugfixes were made.
