This release contains one major and a number of minor security fixes. It fixes a possible vulnerability to a denial-of-service attack by use of a carefully-crafted set of hash keys, a segmentation fault when reading or writing strings greater than 2^31 bytes in size, and a memory leak in Encode.xs's UTF-8 encoding implementation.
Upstream changes:
0.97 - 2013-03-30, H.Merijn Brand
* Regain the speed from 0.91 (buffer back to 1k)
* Minor cleanup in XS code
* Add diag_verbose attribute
0.96 - 2013-03-26, H.Merijn Brand
* No need to require Test::Harness if unused (RT#82693)
* parse ("") should return one empty field, not undef
* Now that we know the record number, show it in auto_diag
0.95 - 2013-01-13, H.Merijn Brand
* Introduce allow_unquoted_escape as workaround for RT#81295
* Update copyright to 2013
* Introduce print_hr () for RT#76143
* Dropped plans to support EBCDIC
* Better error handling on the Client::LocalSocketClient
* New DataStream class which shares code between the server and client
* New boolean option "emptyGraphs" in the Virtuoso backend, which can
enable/disable checks for empty graphs
* New boolean option "fakeBooleans" in the virtuoso backend, which can
enable/disable fake boolean support
* Client and Server code optimizations
1.9.1 02-March-2013
---------------------------------------------
- Disable query cache for Sqlite.
- Handle missing mysqld better.
- Ignore my.cnf settings when using the internal MySQL server.
1.9.0 23-December-2012
---------------------------------------------
- Respect collection cache policy refresh interval for collection tree sync.
- Fix initialization of PostgreSQL database.
- Correctly count items flags in virtual collections.
- Notify parent virtual collections about item changes.
- Require CMake >= 2.8.8.
- Remove dependency to Automoc4.
- Support Qt 5.
1.8.80 12-November-2012
---------------------------------------------
- Recover from lost external payload files.
- Improve the virtual collections handling.
- Notify clients about database schema updates.
- Reduce item access time updates.
- Make use of referential integrity if supported by the database backend.
- Add prepared query cache.
- Many code and queries optimizations.
1.8.1 14-October-2012
---------------------------------------------
- Fix payload loss on some move/copy scenarios.
- Improve error reporting for failed item retrievals.
1.8.0 25-July-2012
---------------------------------------------
- Fix deadlock in ad-hoc Nepomuk searches.
1.7.95 11-July-2012
---------------------------------------------
- Fix Nepomuk queries getting stuck if Nepomuk service crashes.
- Fix unecessary remote retrieval of already cached item parts.
- Reset RID/RREV during cross-resource collection moves.
- Increase timeout for remote item retrieval.
1.7.90 08-June-2012
---------------------------------------------
- Fix handling of large SPARQL queries.
- Support cleanup of orphaned resources in the consistency checker.
- Support compilation with Clang.
0.10.0
02/11/2012 - trueg
Added nmm:TVSeason and friends to make TV seasons fully
qualified resources.
02/28/2012 - Evgeny Egorochkin
Fixed nmo:messageHeader cardinality restriction.
0.9.0
01/05/2012 - trueg
Added properties nfo:depicts and nfo:depiction
Made nmm:artwork a subproperty of nfo:depiction
12/13/2011 - trueg
Added nrl:DefiningProperty and nrl:NonDefiningProperty
12/12/2011 - trueg
Set nao:userVisible on the following classes and properties:
nao:score
nao:hasSubResource
nao:hasSuperResource
nrl:Graph
rdf:Property
rdfs:Class
rdfs:Resource
nie:hasPart
nie:isPartOf
nfo:hasHash
nuao:Event
08/23/2011 - trueg
Added class nfo:LocalFileDataObject
0.8.1
11/25/2011 - trueg
Fixed domain of nmm:setSize to nmm:MusicAlbum
0.8.0
08/18/2011 - trueg
Made nfo:FileName a sub-property of nao:prefLabel
08/14/2011 - trueg
Added nfo:WebDataObject
08/05/2011 - trueg
Fixed range of nexif:orientation
Added nmm:setNumber and nmm:setSize
07/24/2011 - trueg
Added nmm:albumTrackCount
07/15/2011 - trueg
nmm:MusicPiece is a subclass of nfo:Audio instead of nfo:Media
Added focus event handling:
nuao:FocusEvent
nuao:totalFocusDuration
nuao:initiatingAgent
nuao:targettedResource
pimo:person is a sub-class of nao:Party
Added nfo:colorCount and nfo:paletteSize
06/27/2011 - trueg
Made ncal:comment a subproperty of nie:comment
06/14/2011 - grundleborg
Added new more specific way of specifying the IM
availability status:
nco:imStatusType
nco:IMStatusType
nco:IMStatusTypeOffline
nco:IMStatusTypeAvailable
nco:IMStatusTypeAway
nco:IMStatusTypeExtendedAway
nco:IMStatusTypeHidden
nco:IMStatusTypeBusy
nco:IMStatusTypeUnknown
06/05/2011 - trueg
Added nie:modified and nie:contentModified
05/24/2011 - trueg
Fixed ranges of
nmm:albumPeakGain
nmm:trackGain
nmm:trackPeakGain
nmm:albumGain
0.7.1
06/14/2011 - trueg
Fixed domain of nao:maintainedBy
Upstream changes:
1.54 2013-04-02
- Require DateTime.pm 1.00 because without it tests will break.
1.53 2013-04-02
- A fix in DateTime.pm 1.00 broke a test in this distro. Reported by Anthony J
Lucas. RT #84371.
Upstream changes:
1.01 2013-04-01
- Fixed test failures on older Perls.
1.00 2013-03-31
- Bumped the version to 1.00. This is mostly because my prior use of both X.YY
and X.YYYY versions causes trouble for some packaging systems. Plus after 10
years it's probably ready to be called 1.00. Requested by Adam. RT #82800.
- The %j specifier for strftime was not zero-padding 1 and 2 digit
numbers. Fixed by Christian Hansen. RT #84310.
- The truncate method was sloppy about validating its "to" parameter, so you
could pass things like "years" or "month whatever anything goes". The method
would accept the parameter but then not actually truncate the object. RT
#84229.
- Previously, if a call to $dt->set_time_zone() failed it would still change
the time zone of the object, leaving it in a broken state. Reported by Bill
Moseley. RT #83940.
- DateTime::Infinite objects should no longer die when methods that require a
locale are called. Instead, these methods return undef for names and
Inf/-Inf for numbers. This affects methods such as day_name() as well as
CLDR and strftime formats. When a locale-specific format is used (like the
"full" datetime format) it uses the en_US format. Reported by Paul
Boldra. RT #67550.
Upstream changes:
2.0801 Thu, Mar 28, 2013
[BUG FIXES]
* properly apply traits at compile time (error introduced in 2.0800,
RT#77974). (doy)
2.0800 Wed, Mar 27, 2013
[ENHANCEMENTS]
* The super() subroutine now carps if you pass it arguments. These arguments
are always ignored, but we used to ignore them silently. RT #77383.
* Roles can now override methods from other roles they consume directly,
without needing to manually exclude them (just like classes can). (mst)
[BUG FIXES]
* Fix false positive when checking for circular references for modules that
use the "also" parameter with Moose::Exporter. Reported by Jon
Swartz. Fixed by Matthew Wickline. RT #63818.
* Fix memory leak in type unions. (Karen Etheridge) RT#83929.
* Fix application of traits at compile time. (doy) RT#77974.
Upstream changes:
1.0022 2013-04-02 12:37:42 PDT
[BUG FIXES]
- Fixed a major bug in 1.0020-1.0021 where posix_default prevents arbitrary arguments
for plackup-compat (e.g. starman) to handle them (Thanks to justnoxx) Starman#66
[IMPROVEMENTS]
- Fixed test warnings (Keedi Kim)
1.0021 2013-04-02 11:20:00 PDT
- Repackage with Milla v0.9.6 #392
1.0020 2013-04-01 19:34:54 PDT
[INCOMPATIBLE CHANGES]
- Enable posix_default and gnu_compat in plackup Getopt, so that ambiguous
option names do not match with long options accidentally
[IMPROVEMENTS]
- Document fix for the AccessLog (ether)
- Special-case Content-Length and Content-Type for %{}i in AccessLog format #387
1.0019 2013-04-01 17:58:25 PDT
- Trial release with Milla
1.0018 Fri Mar 8 10:43:45 PST 2013
[IMPROVEMENTS]
- Performance boost in Plack::Request#query_parameters (lestrrat)
- Added custom log formats for %m, %U, %q and %H (Hiroshi Sakai)
- Fixed warnings in SimpleContentFilter (earino)
[DOCUMENTATION]
- Added docs about plackup --path
- Added docs about using manager object in Plack::Handler::FCGI
1.0017-TRIAL Thu Feb 7 19:21:24 PST 2013
[INCOMPATIBLE CHANGES]
- Gives you warnings when you use one of Plack::App objects in `plackup -e` or
in .psgi files but forgot to call ->to_app to make it a PSGI application (#369)
Still automatically converts them for backward compatibility, but in the
loading time inside Plack::Builder.
[BUG FIXES]
- chdir to the CGI path when executing CGIBin (#338, #368)
* There was a mistake in patches/patch-lib_functions.php, droping "ssha"
password type.
2012-10-01 Release 1.2.3 master RELEASE-1.2.3
2012-10-01 Update template to show multiselect values
2012-09-06 Language update from launchpad for 1.2.3 (also see #30)
2012-09-05 SF Bug #3531956 - Search / Show Attributes must be lowercase
2012-09-05 SF Bug #3518548 - Missing attributes on some custom forms
2012-09-05 SF Bug #3513210 - Export to VCARD only exports the last entry in the list
2012-09-05 SF Bug #3510648 - Cannot copy between servers
2012-09-05 SF Bug #3510114 - Unable to check passwords when samba hashes are in lowercase
2012-09-05 SF Bug #3452416 - templates <order> non-functional
2012-09-05 SF Bug #3427748 - value id is ignored in select attribute
2012-09-04 SF Bug #3448530 - Treat krbExtraData and krbPrincipalKe as binary
2012-09-02 SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables
2012-09-02 SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY']
2012-09-01 SF Feature #3555472 - User-friendly items in entry chooser window.
2012-09-01 SF Feature #3509651 - Add support for SHA512 with OpenLDAP
2012-08-29 SF Patch #3469148 - Display mass edit actions as buttons
2012-01-24 SF Bug #3477910 - XSS vulnerability in query
Here is summary from release announce. Full changes are available in
docs/history file. (XSS problem was already fixed by geeklog-1.8.2sr1.)
* Improved strength of password hashing
* Allow Topics to have child Topics
* Allow Articles, Blocks and other Plugin objects to be associated with more
than one Topic
* Topic Breadcrumb support
* Emergency Rescue Tool is included with the Geeklog Install
* Added support for MySQLi
* Add Stop Forum Spam and Spam Number of Links Modules to Spam-X
* A new theme called Denim which is based on Responsive Web Design
* A new theme called Modern Curve
* Comments Form on same page as Articles and plugin other Plugin objects
* Comments RSS Feed Plugin now integrated into Geeklog
* Includes updated versions of jQuery to 1.9.1 and jQuery UI to 1.10.1
* Updated FCKeditor version to 2.6.9
* XSS fixes for the Install, Configuration, Topic Editor, Polls Plugin and
Calendar Plugin
* Twitter OAuth API updated
* HTML 5 DOCTYPE
pkgsrc change: stop using DIST_SUBDIR.
Version 3.0.6 (2013-03-21)
--------------------------
### Fixed
Do not add links to news, events, FAQs or newsletters to the sitemap if the
target page has not been published (see #5520).
### Fixed
Include the local configuration file twice, once before and once after the
module configuration files are parsed (see #5490). This will make settings like
the debug or safe mode work properly.
### Fixed
Correctly set the RSS feed self-reference (see #5478).
### Fixed
Remove `­` and ` ` from RSS and Atom feeds (see #5473).
### Fixed
Do not remove the grid column margin on mobile devices (see #5475).
### Fixed
Store the relative path to the installation in the `pathconfig.php` (see #5339).
### Fixed
Correctly send the comment moderation mails (see #5443).
### Fixed
Correctly create the user home directory upon registration (see #5437).
### Improved
Made the `.htaccess` files Apache 2.4 ready (see #5032).
### Fixed
Also truncate opened files in `File::truncate()` (see #5459).
### Fixed
Added the "allowTransparency" attribute to the mediabox script (see #5077).
### Fixed
The submit button label was not shown in the `FormSubmit` widget (see #5434).
### Fixed
Show invisible elements in the back end preview (see #5449).
### Fixed
Allow to create forward pages without a specific target (see #5453).
### Fixed
Updated the TinyMCE typolinks plugin (see #5329).
### Fixed
Correctly initialize the user's pagemounts (see #5454).
### Fixed
Support loading static JavaScripts in the `config.php` files (see #4890).
### Fixed
Show all articles if the article list module is in the same column (see #5373).
### Fixed
Do not show `mail_` templates from theme folders (see #5379).
### Fixed
Consider only published events when finding the calendar boundaries and only
render the previous and next links if there are events (see #5426).
### Fixed
Do not override the header and footer height in the layout builder (see #5368).
### Fixed
Correctly reset fallback, default and "do not copy" fields (see #5252).
Version 2.11.10 (2013-03-21)
----------------------------
### Fixed
Cast varchar date fields to int when selecting from the database (see #5503).
### Fixed
Only unset POST variables if `Widget::submitInput()` returns `true` (see #5474).
### Fixed
Strictly compare values when determining whether to save or not (see #5471).
### Updated
Updated TinyMCE to version 3.5.8 (see #5329).
### Fixed
Correctly show the "invalid date and time" error message (see #5480).
### Fixed
Correctly split the words when adding to the search index (see #5363).
### Fixed
Correctly load TinyMCE in IE7 and IE8 (see #5346).
### Fixed
Send the correct cache headers in "client cache only" mode (see #5358).
### Fixed
Remove the session of deleted or disabled users (see #5353).
### Fixed
Correctly set the cookie paths (see #5339).
Incompatible Changes
====================
* layout redo/undo has been removed.
Normal Changes
==============
* Add halfpage up/down bindings to copy mode.
* Session choosing fixed to work with unattached sessions.
* New window options window-status-last-{attr,bg,fg} to denote the last
window which was active.
* Scrolling in copy-mode now scrolls the region without moving the mouse
cursor.
* run-shell learnt '-t' to specify the pane to use when displaying output.
* Support for middle-click pasting.
* choose-tree learns '-u' to start uncollapsed.
* select-window learnt '-T; to toggle to the last window if it's already
current.
* New session option 'assume-paste-time' for pasting text versus key-binding
actions.
* choose-* commands now work outside of an attached client.
* Aliases are now shown for list-commands command.
* Status learns about formats.
* Free-form options can be set with set-option if prepended with an '@'
sign.
* capture-pane learnt '-p' to send to stdout, and '-e' for capturing escape
sequences, and '-a' to capture the alternate screen, and '-P' to dump
pending output.
* Many new formats added (client_session, client_last_session, etc.)
* Control mode, which is a way for a client to send tmux commands.
Currently more useful to users of iterm2.
* resize-pane learnt '-x' and '-y' for absolute pane sizing.
* Config file loading now reports errors from all files which are loaded via
the 'source-file' command.
* 'copy-pipe' mode command to copy selection and pipe the selection to a
command.
* Changes panes can now emit focus notifications for certain applications
which use those.
* run-shell and if-shell now accept format placeholders.
* resize-pane learnt '-Z' for zooming a pane temporarily.
* new-session learnt '-A' to make it behave like attach-session.
* set-option learnt '-o' to prevent setting an option which is already set.
* capture-pane and show-options learns '-q' to silence errors.
* New command 'wait-for' which blocks a client until woken up again.
* Resizing panes will now reflow the text inside them.
* Lots and lots of bug fixes, fixing memory-leaks, etc.
* Various manpage improvements.
