Pelican is a static site generator, written in Python.
- Write your weblog entries directly with your editor of choice (vim!)
in reStructuredText or Markdown
- Includes a simple CLI tool to (re)generate the weblog
- Easy to interface with DVCSes and web hooks
- Completely static output is easy to host anywhere
Feedgenerator-py3k is a standalone version of Django's feedgenerator.
It is based on the current Django Version 1.5.dev20120824122350.
The previous feedgenerator 1.2.1 is based on rather old code, and
during the port to Python 3 it became obvious that (at least) the
handling of unicode strings has to be refactored.
Django has evolved since, so I decided to create a new standalone
version which is based upon modern code.
See http://parenchym.com/pymblog/ for details.
Siege is an http regression testing and benchmarking utility. It was
designed to let web developers measure the performance of their code
under duress, to see how it will stand up to load on the internet.
Siege supports basic authentication, cookies, HTTP and HTTPS protocols.
It allows the user hit a web server with a configurable number of
concurrent simulated users. Those users place the webserver "under siege."
------------------
1.20 2015-10-29 15:28:27-05:00 America/Chicago
- Documentation fixes.
- Don't clobber some response headers if they are already set.
------------------------
5.9009 - 2014-12-13
- fixed a new error in the manual regarding "component" -> "components"
(RT#99131, RT#100597, RT#100767)
5.9008 - 2014-07-26
- misc small documentation tweaks (thanks Karen Etheridge, Matthew
Horsfall, Andreas Marienborg, Dagfinn Ilmari Manns
Cvs: ----------------------------------------------------------------------
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
new welcome page to help new users
touch-screen support for most editing interfaces, for sizes from small tablets to table-top devices
enhanced and polished user interface
much-needed improvements to the structure-board
enhancements to components such as the pop-up plugin editor, sideframe (now called the overlay) and the toolbar
significant speed improvements on loading, HTTP requests and file sizes
restarts are no longer required when changing apphook configurations
a new content wizard system, adaptable to arbitrary content types
- Add two BUILD_DEPENDS for make test
p5-Plack-[0-9]*:../../www/p5-Plack
p5-Switch-[0-9]*:../../lang/p5-Switch
(upstream)
- Update to 0.20
--------------
0.20 2015-10-16 13:55:13 PDT
- Compile Perl code via a tempfile to support source filters (rkitover) #17
- chain to original $SIG{__WARN__} when suppressing signal warnings on
Win32 (rkitover) #16
---------------
3.23 2015-09-10
- Improve CGI mode param() handling to avoi CGI.pm's "param() called in list context" warning.
- add support for Apache 2.4 via mod_perl 1.09.
***** IMPORTANT *****
Apache 2.4 has a *VERY* different API for authentication. You will need
to port your subclass and configuration over to the Apache 2.4 API in
order to use Apache 2.4! Please be sure to read README.apache-2.4.pod for
porting instructions!
Changes to GoAccess 0.9.6 - Tuesday, October 27, 2015
- Fixed segfault when appending data to a log (follow) without virtualhosts.
- Added command line option `--dcf` to view the default config file path.
- Added 'Darwin' to the list of OSs.
- Added the ability to ignore parsing status codes using `--ignore-status`.
Changes to GoAccess 0.9.5 - Thursday, October 22, 2015
- Added major performance improvements to the default storage when parsing and
storing data (~%44 less memory, ~37% faster).
- Added the ability to parse virtual hosts and a new panel to display metrics
per virtual host.
- Added the ability to parse HTTP/2 requests.
- Added the ability to use GNU getline() to parse full line requests.
- Added the ability to output debug info if a log file is specified, even
without `--enable-debug`.
- Added OS X 'El Capitan'.
- Added WebDav HTTP methods and HTTP status from RFC 2518 and RFC 3253.
- Fixed detection of some Googlebots.
- Fixed issue where time served metrics were not shown when loading persisted
data.
- Fixed linker error on OSX: ld: library not found for -lrt.
- Fixed percentage on the HTML output when excluding IPs.
- Removed GLib dependency and refactored storage functionality. By removing
this dependency, GoAccess is able to store data in a more efficient manner,
for instance, it avoids storing integer data as void* (generic typing), thus
greatly improving memory consumption for integers.
Changes to GoAccess 0.9.4 - Tuesday, September 08, 2015
- Fixed inability to parse color due to a missing POSIX extension. ERR: Invalid
bg/fg color pairs
- Added `%~` specifier to move forward through a log string until a non-space
char is found.
- Added the ability to parse static files containing a query string
`--all-static-files`.
- Added the ability to parse native Squid access.log format.
- Added the ability to log invalid requests to a file `--invalid-requests`.
- Added additional overall metric - total valid requests.
- Fixed a few issues in the configuration script.
Changes:
- Fixed dashed and dotted border painting.
- Properly cancel navigation policy checks.
- Several crashes fixed when running editor commands.
- Fix several crashes due to assertions in Debug builds.
- Fix the build on Mac OSX and bring back the Quartz target.
- Fix the build on glibc-based BSD systems.
Fri Nov 6 22:54:38 CET 2015
Fixing the buffer shrinkage issue, this time with test. -CG
Releasing libmicrohttpd 0.9.46. -CG
Tue Nov 3 23:24:52 CET 2015
Undoing change from Sun Oct 25 15:29:23 CET 2015
as the original code was counter-intuitive but
correct, and the new code does break pipelining.
Ignore empty lines at the beginning of an HTTP
request (more tolerant implementation). -CG
Sat Oct 31 15:52:52 CET 2015
Releasing libmicrohttpd 0.9.45. -CG
Tue Oct 27 12:08:02 CET 2015
Rework deprecation maros: fix errors with old GCC versions,
improved support for old clang and new GCC. -EG
Sun Oct 25 23:05:32 CET 2015
Return correct header kind in MHD_get_connection_values()
even if a bitmask is used for the "kind" argument. -FC/CG
Sun Oct 25 15:29:23 CET 2015
Fixing transient resource leak affecting long-lived
connections with many keep-alives and HTTP request
pipelining under certain circumstances (which reduced
the receive window).
Fixed assertion failure triggered by a race in
thread-per-connection mode on shutdown in rare
circumstances. -CG
Mon Oct 5 11:53:52 CEST 2015
Deduplicate code between digestauth and connection
parsing logic for URI arguments, shared code moved
to new MHD_parse_arguments_ function in internal.c. -CG
Thu Oct 1 21:22:05 CEST 2015
Releasing libmicrohttpd 0.9.44. -CG
Wed Sep 30 21:05:38 CEST 2015
Various fixes for W32 VS project files. - EG
Fri Sep 25 09:49:10 CEST 2015
Fix digest authentication with URL arguments where
value-less keys are given before the last argument.
Thanks to MA for reporting. -CG
Tue Sep 22 19:17:54 CEST 2015
Do not use shutdown() on listen socket if MHD_USE_PIPE_FOR_SHUTDOWN
is set. -CG
Wed Sep 16 11:06:02 CEST 2015
Releasing libmicrohttpd 0.9.43. -CG
Wed Sep 2 16:50:31 CEST 2015
Call resume_suspended_connections() when the user is running
its own mainloop and calls MHD_run_from_select() to support
resuming connections with external select. -FC
Sun Aug 30 14:53:51 CEST 2015
Correct documentation as to when MHD_USE_EPOLL_LINUX_ONLY
is allowed. -CG
Thu Aug 27 09:38:44 CEST 2015
Reimplement monotonic clock functions for better
support various platforms.
Print more information during configure. -EG
Fri Aug 14 14:13:55 CEST 2015
Export MHD_get_reason_phrase_for() symbol. -CG
Sat Aug 8 12:19:47 CEST 2015
Added checks for overflows and buffer overruns, fixed
possible buffer overrun.
Updated md5 implementation.
Fixed many compiler warning (mostly for VC compiler). -EG
Tue Aug 4 13:50:23 CEST 2015
Fix failure to properly clean up timed out connections
if running in external select mode without listen socket,
which caused busy waiting until new connections arrived.
(Fixes#3924, thanks to slimp for reporting and testcase). -CG
Sun Aug 2 19:08:20 CEST 2015
Ignore close() errors on sockets except for EBADF,
fixes#3926. -CG
Sat Jun 27 22:16:27 CEST 2015
Make sure to decrement connection counter before
calling connection notifier so that
MHD_DAEMON_INFO_CURRENT_CONNECTIONS does not
present stale information (relevant if this is
used for termination detection of a daemon
stopped via MHD_quiesce_daemon()). Thanks to
Markus Doppelbauer for reporting. -CG
Fri Jun 26 23:17:20 CEST 2015
Fix (automatic) handling of HEAD requests with
MHD_create_response_from_callback() and HTTP/1.1
connection keep-alives. Thanks to Cristian Klein
for reporting. -CG
Tue Jun 09 18:30:17 CEST 2015
Add new functions MHD_create_response_from_fd64() and
MHD_create_response_from_fd_at_offset64(). -EG
Thu Jun 4 13:37:05 CEST 2015
Fixing memory leak in digest authentication. -AW
Wed Jun 03 21:23:47 CEST 2015
Add deprecation compiler messages for deprecated functions
and macros. -EG
Fri May 29 12:23:01 CEST 2015
Fixing digest authentication when used in combination
with escaped characters in URLs. -CG/AW
Wed May 13 11:49:09 CEST 2015
Releasing libmicrohttpd 0.9.42. -CG
Wed May 13 11:33:59 CEST 2015
Fix off-by-one in MHD_start_daemon_va() error handling logic
when initialization of threads for thread pool fails for some
reason. -CG/JC
Thu May 7 17:05:46 CEST 2015
Add support for poll() in W32. -EG
Wed May 6 18:07:38 CEST 2015
Fix#3784: actually implement MHD_CONNECTION_INFO_SOCKET_CONTEXT. -asherkin
Thu Apr 30 00:03::49 CEST 2015
Releasing libmicrohttpd 0.9.41. -CG
Thu Apr 30 00:02:33 CEST 2015
Fix issue where resumed connections would not continue
unless other requests are active in certain
event-loop modes. Thanks to Mike Castillo for reporting. -CG
Wed Apr 15 03:16:18 CEST 2015
Fixing issue #3753 (testcase issue). -CG
Wed Apr 15 00:30:34 CEST 2015
Fix looping issue when using MHD_USE_POLL_INTERNALLY
and a client times out. -LB
Sun Apr 12 21:48:50 CEST 2015
Fix looping issue when combining MHD_USE_EPOLL_LINUX_ONLY
with HTTPS and slow clients. -CG
Fri Apr 10 22:02:27 CEST 2015
Fix logic to add "Connection: Close" that was broken in 0.9.38
when adding MHD_RF_HTTP_VERSION_1_0_ONLY. -CG
Fri Apr 10 00:38:40 CEST 2015
Ensure fast termination in MHD_USE_THREAD_PER_CONNECTION
mode on W32 by using signal pipe. -CG
Thu Apr 9 09:01:15 CEST 2015
Fixing issue with undrained signal pipe when using
MHD_USE_SELECT_INTERNALLY and MHD_USE_POLL in combination
with MHD_resume_connection(), causing 100% CPU usage. -DD
Tue Apr 7 00:12:36 CEST 2015
Releasing libmicrohttpd 0.9.40. -CG
Sat Apr 4 18:28:24 CEST 2015
Fix potential deadlock issue in MHD_USE_THREAD_PER_CONNECTION
mode if shutdown is initiated while connections are active. -CG
Sat Apr 4 17:48:13 CEST 2015
Fix issue in thread-pool mode where a MHD_stop_daemon()
might not reach threads that stopped listening because
we hit the maximum number of concurrent connections and
the option MHD_USE_PIPE_FOR_SHUTDOWN was also not used.
Testcase added as well. -CG
Fri Apr 3 12:55:31 CEST 2015
Update HTTPS testcases to avoid SSLv3, as SSLv3 is dead.
Fri Apr 3 12:25:28 CEST 2015
Do not enforce FD_SETSIZE-limit on worker control
pipe when using MHD_USE_EPOLL_LINUX_ONLY (#3751). -MH/CG
Tue Mar 31 10:28:26 CEST 2015
Adding MHD_OPTION_NOTIFY_CONNECTION,
MHD_CONNECTION_NOTIFY_STARTED,
MHD_CONNECTION_NOTIFY_CLOSED and
MHD_CONNECTION_INFO_SOCKET_CONTEXT to allow
applications to trigger operations when TCP
connections start or end, instead of just
exposing HTTP requests starting and ending. -RG/CG
Thu Feb 26 09:55:43 CET 2015
Fixing bug that prevented MHD_OPTION_HTTPS_MEM_DHPARAMS
from working within a MHD_OPTION_ARRAY. -DD
Sun Feb 8 01:24:38 CET 2015
Adding MHD_OPTION_HTTPS_KEY_PASSWORD as proposed by
Andrew Basile. -CG/AB
Wed Feb 4 20:34:22 CET 2015
Fix issue where for HTTP/1.0-clients that set
Connection: Keep-Alive header a response of
indefinite size was generated with chunked encoding. -CG
Sun Jan 18 20:09:06 CET 2015
Fix potential infinite loop on shutdown in multi-threaded mode
under certain conditions. -CG
Upstream changes:
Major features
Highlights
MDL-29801 - Allow users to delete personal messages
MDL-27177 - Allow students to see each other's contact details in full profile without global permission if they are able to see each other's course profile
MDL-46455 - Backup/restore functionality with new logging system
MDL-46878 - Reset Dashboard for all users after changing the default Dashboard
Quiz
MDL-47494 - New question types from the UK Open University - Select missing words, Drag and drop into text, Drag and drop onto image and Drag and drop markers
MDL-38214 - New Cloze subquestion types with shuffling of answers - MCS, MCVS, MCHS
MDL-50217 - Question types sorted with common ones at the top
MDL-29771 - Interactive behaviour should show number of tries left in the Try again state
Forum
MDL-49682 - Make forum email template editable
MDL-46321 - Uninformative error when moving forum without first selecting destination
MDL-50993 - Timed discussions are now displayed to students in a logical order
MDL-50430 - Number of subscribers specified in forum subscriber list
Assignment
MDL-49176 - Assignment marking guide 'flattens' instructions for markers and students
MDL-49515 - Upgrade FPDI library in assignfeedback_editpdf to 1.5.4 to fix problems with PDF annotator on some files
MDL-50283 - Improve Rubric interface to include the ability to duplicate rows
Other activity modules
MDL-49028 - Wiki: Option to delete pages during course reset
MDL-40836 - File resource: New file resource setting option to display upload/modified date
MDL-26501 - Glossary: Do not allow to browse by author if author is never displayed
MDL-50673 - Workshop: display all participants on "Submission phase" page in a table
MDL-50664 - Database activity: add setting to disallow managing of own entries after approval
MDL-50658 - LTI: Add support for LTI Memberships service
MDL-49581 - Lesson: Remove high scores list feature
MDL-49882 - Lesson: Essay questions are not imported into the lesson Module
MDL-50720 - Database activity: Highlight database entries that are not yet approved.
User interface and usability improvements
MDL-51051 - Rename 'Categories and items' to 'Gradebook setup' and add link
MDL-51250 - Show default section name when editing section details with default checkbox being checked
MDL-49984 - Add visual blocks outlines to My profile page to help separate information
MDL-48947 - Collect all course section editing buttons under one "Edit" dropdown
MDL-51087 - Use client-side validation in the signup form
MDL-50113 - Improve display of long user and course names in Messaging
MDL-50919 - Simplify the Manage tags page, allow to quickly change name, flag and official status of the tags
MDL-51013 - Navbar button should appear for smaller screens only when the custom menu or language menu is not empty
MDL-51260 - Use the new autocomplete form field for tags
MDL-51296 - Add title to page when adding blog post
MDL-38763 - Permission override UI should use JS confirmation
MDL-29763 - Add description to Portfolio settings page
Atto editor
MDL-45515 - New table editing features in Atto editor
MDL-49732 - Keyboard interaction for hyperlink in Atto (Ctrl+K)
MDL-50936 - More Atto editor Maths equation buttons (sum, sqrt, int, etc.)
MDL-50142 - Text editor preferences help pop-up
Enrolments
MDL-30674 - Set guest access key from enrolment methods page
MDL-30157 - Allow users to start manual enrolments right now
MDL-49746 - Allow to sort enrolled users page by last course access
MDL-48074 - Group filter in enrolments list should have option "not in any group"
Administration
MDL-49329 - Multiple improvements in the plugins installation/update system including ability to install several plugins at the same time
MDL-49280 - New configuration setting to allow duplicate email addresses
MDL-51330 - Show scheduled tasks component in the cron log
MDL-51261 - Upgrade key - mechanism to protect anonymous web access to upgrade screens
MDL-50602 - New settings in Automated backup setup for deleting older backups and keeping a minimum number of backups
MDL-48438 - Add real name to email about login failures
MDL-30960 - New option in email settings to specify SSL or TLS (SMTPSecure property of PHPMailer)
MDL-46623, MDL-51824 - CAS and LDAP: Replace CLI script to synchronise users with a scheduled tasks
MDL-39319 - Allow administrator to uninstall several languages in one single action
MDL-50155 - Move and rename "Common activities settings" link to be under "Manage activities" for consistency
MDL-50631 - Display Moodle ASCII logo in CLI installer
MDL-46167 - New option for CLI installation: skip database
MDL-50572 - Disable YouTube repository by default since it requires setting up
MDL-51739 - Lock theme selector UI when $CFG->theme is hardcoded in config.php
MDL-51478 - Enable Mobile services by default for sites with https
MDL-19748 - Do not allow to edit tags in the default authenticated user role
MDL-46398 - Make HTML5 video the default player for capable videos
Other improvements
MDL-51132 - Introduce course tagging as a replacement for user-course-tagging in the "Tags" block. See upgrade documentation
MDL-41042 - Course contacts shown in course listings no longer lag by an hour
MDL-44273 - Back-off strategy for RSS feeds
MDL-45981 - CAS Auth Config needs way to specify that curl should use SSLv3.
MDL-49891 - Add description meta to frontpage
MDL-25451 - Go straight to "Permissions" from block context menu instead of "Assign roles" if they are not available
MDL-50647 - Add 'not in group' section to group overview page
MDL-50956 - Allow main menu block to be displayed "throughout the entire site"
MDL-28954 - Allow images and embedded files in the cohort descriptions
MDL-50371 - Use $CFG->gradepointdefault for new manual gradeitems and grade categories
Security issues
There are no new security issues since the Moodle 2.9.3 release on 9 November 2015.
For developers
MDL-46455 - Events must define fields mappings in order to be correctly restored (documentation)
MDL-50125 - Allow all plugins to inject links in the preferences page (documentation)
MDL-51247 - Revive / refresh / rebuild the autocomplete mform element.
MDL-50839 - Allow themes to set User menu avatar size (documentation)
MDL-48494 - Make $plugin->component required for all plugins
MDL-43896 - Drop support for $module in version.php files for Moodle 3.0
MDL-50645 - Cache the list of available callbacks per plugin
MDL-33564 - rss_error() should return a proper HTTP response code
MDL-37864 - New method to add help icons to the sortable table headers (documentation)
MDL-51737 - Add ability to detect MS Edge in our browser sniffing code
MDL-51213 - external_format_text should be safe to call from web or webservice (documentation)
MDL-51413 - Add an additional return field in get_forums_by_courses in order to specify if the current user can create discussions
MDL-51217 - Using recaptcha is not possible outside auth_email plugin.
MDL-51107 - Add a callback to inject nodes in the category settings navigation (documentation)
MDL-50891 - is_web_crawler should be moved to useragent class
MDL-50453 - Replace reserved word usage from \core\progress\null (PHP7)
MDL-50009 - Prevent scheduled tasks from leaving unfinished db transactions
MDL-49821 - Some Web Services miss checks for guest and deleted users
MDL-50926 - Upgrade to phpunit 4.x
MDL-50491 - New format_text option to exclude particular filters
MDL-50783 - Allow some ajax external functions to be called without a session
MDL-50150 - Add "Blocks" feature to JS and PHP mustache engines (documentation)
Upstream changes:
6.32 2015-11-18
- Deprecated Mojolicious::Routes::Pattern::format_regex.
- Added support for new HTTP status code.
- Improved router performance.
- Improved Mojo::DOM::CSS performance slightly. (jamadam)
- Fixed a few case-sensitivity and An+B notation bugs in Mojo::DOM::CSS.
(jamadam)
6.31 2015-11-13
- Improved documentation browser CSS.
- Fixed handling of invalid URLs in Mojo::UserAgent::CookieJar.
- Fixed a few small selector bugs in Mojo::DOM::CSS.
- Fixed a few small formatting bugs in Mojolicious::Plugin::PODRenderer.
6.30 2015-11-11
- Fixed bug in Mojolicious::Renderer where layouts could not be used with
template inheritance. (nic, sri)
This release includes number of fixes for libnghttp2. We briefly explain notable bug fixes here. Previously, libnghttp2 ignored CONTINUATION frames if preceding HEADERS frame contained padding. The appearance of CONTINUATION is rare these days, but padding is used in some services already, and we may see CONTINUATION somewhere too. The second and third bugs are SETTINGS and HPACK dynamic table size related bugs. The second bug is that previously libnghttp2 did not shrink to minimum size of requested dynamic table size contained in SETTINGS frame sent from local endpoint if it contains several SETTINGS_HEADER_TABLE_SIZE. Now it is corrected, and libnghttp2 shrinks to the minimum size. The third bug is that due to the ambiguous text in RFC 7540 and 7541, we interpreted that if receiver received SETTINGS containing SETTINGS_HEADER_TABLE_SIZE, it always has to send dynamic table size update in the next compressed header block. But it turns out that it is not the intention of the specification author. The intended behaviour is the receiver is required to send dynamic table size update only when it really changed maximum dynamic table size. Depending on the SETTINGS_HEADER_TABLE_SIZE and the current maximum dynamic table size, the table size may not change.
Update DEPENDS
Upstream changes:
0.28
- always shutdown after SIGTERM, but only after notifying the client (via connection: close or equiv.) #23
0.26
- fix abrupt connection close when receiving SIGTERM #21 (by shogo82148)
0.25
- support listing to unix socket wo. using Server::Starter
- suppress warning when receiving broken requests
- fix test issue with Plack >= 1.0035
Update MASTER_SITES
Add BUILD_DEPENDS for test
Upstream changes:
Version 0.11.2
--------------
Released on November 12th 2015.
- Fix inheritable sockets on Windows on Python 3.
- Fixed an issue with the forking server not starting any longer.
- Fixed SSL wrapping on platforms that supported opening sockets
by file descriptor.
- No longer log from the watchdog reloader.
- Unicode errors in hosts are now better catched or converted into
bad request errors.
Version 0.11.1
--------------
Released on November 10th 2015.
- Fixed a regression on Python 3 in the debugger.
Version 0.11
------------
Released on November 8th 2015, codename Gleisbaumaschine.
- Added ``reloader_paths`` option to ``run_simple`` and other functions in
``werkzeug.serving``. This allows the user to completely override the Python
module watching of Werkzeug with custom paths.
- Many custom cached properties of Werkzeug's classes are now subclasses of
Python's ``property`` type (issue ``#616``).
- ``bind_to_environ`` now doesn't differentiate between implicit and explicit
default port numbers in ``HTTP_HOST`` (pull request ``#204``).
- ``BuildErrors`` are now more informative. They come with a complete sentence
as error message, and also provide suggestions (pull request ``#691``).
- Fix a bug in the user agent parser where Safari's build number instead of
version would be extracted (pull request ``#703``).
- Fixed issue where RedisCache set_many was broken for twemproxy, which doesn't
support the default MULTI command (pull request ``#702``).
- ``mimetype`` parameters on request and response classes are now always
converted to lowercase.
- Changed cache so that cache never expires if timeout is 0. This also fixes
an issue with redis setex (issue ``#550``)
- Werkzeug now assumes ``UTF-8`` as filesystem encoding on Unix if Python
detected it as ASCII.
- New optional `has` method on caches.
- Fixed various bugs in `parse_options_header` (pull request ``#643``).
- If the reloader is enabled the server will now open the socket in the parent
process if this is possible. This means that when the reloader kicks in
the connection from client will wait instead of tearing down. This does
not work on all Python versions.
- Implemented PIN based authentication for the debugger. This can optionally
be disabled but is discouraged. This change was necessary as it has been
discovered that too many people run the debugger in production.
- Devserver no longer requires SSL module to be installed.
Version 0.10.5
--------------
(bugfix release, release date yet to be decided)
- Reloader: Correctly detect file changes made by moving temporary files over
the original, which is e.g. the case with PyCharm (pull request ``#722``).
- Fix bool behavior of ``werkzeug.datastructures.ETags`` under Python 3 (issue
``#744``).
Updating MASTER_SITES
From the ChangeLog:
2013-03-25 Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
* In places where the CGI variable REMOTE_USER is read, support
alternatively REDIRECT_REMOTE_USER, which is used by the Apache
HTTPD Server instead, when a redirect was used.
* Removed debian/README.Debian which did not contain any useful
information.
2013-03-23 Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
* Handle the content of the CGI AUTH_TYPE variable case-insensitively as
defined by RFC 3875 Section 4.1.1.
2013-03-21 Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
* Changed the pathnames of the debug files to be a bit more FHS
compliant.
2013-03-20 Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
* Changed the end-of-line encodings of all non-Windows-related and
non-autogenerated text files to use UNIX LF (lots of them had mixed
LF/CRLF).
* HTML escape the remotely retrieved version string printed to the HTML
in order to prevent and attacks (if this would have been possible at
all in 12 characters).
* Updated all addresses of the canonical git upstream repository and the
issue tracker to the new ones.
2013-03-06 Andrew McMillan <andrew@morphoss.com>
* Fix capitalisation of 'plpgsql' & 'sql' for Postgres 9.2. (debbug #702403)
2013-02-16 Andrew McMillan <andrew@morphoss.com>
* Content-Type header should be 'charset' not 'encoding'.
2012-09-20 Andrew McMillan <andrew@morphoss.com>
* When we get here it is a Bad Request, not a Server Error.
* Quick workaround for iOS6 supported-calendar-component-set issue.
Adds a $c->default_calendar_components array of (VEVENT,VTODO,...)
* Workaround client software with imperfect add-member implementations.
2012-09-10 Andrew McMillan <andrew@morphoss.com>
* Fix unassigned variable.
* Avoid unassigned variable warning.
* Fix UID handling.
* Fix debugging to error log.
2012-08-09 Andrew McMillan <andrew@morphoss.com>
* Ensure test responses are displayed in their unprocessed form.
* Some debugging messages.
2012-07-31 Andrew McMillan <andrew@morphoss.com>
* Replace deprecated split() with explode()
2012-05-28 Andrew McMillan <andrew@morphoss.com>
* First cut at iMIP implementation. Still working on this.
2012-07-30 Andrew McMillan <andrew@morphoss.com>
* Fix SQL fieldname.
2012-07-29 Andrew McMillan <andrew@morphoss.com>
* Sometimes we want to retrieve the sync-token as a result of a change we just made.
This allows a (default true) flag to indicate whether it's OK to use
a previously cached value.
* On Apple devices these can sometimes appear in the Apple namespace. Odd.
* Let the VCalendar class handle how to get the UID from the calendar.
2012-07-25 Andrew McMillan <andrew@morphoss.com>
* Remove old redundant constructor.
2012-07-13 Andrew McMillan <andrew@morphoss.com>
* Add workaround for Apple's POST add-member trainwreck.
* We might not have a $request calling this so use the object's path instead.
* Testing for dead property XML which is a set of prop.
* supported-calendar-component-set uses dead properties too...
* Don't just return the first element in a dead property - there might be multiple!
Upstream changes:
Highlights
MDL-42639 - Web service core_user_get_users_by_field should return username or idnumber to all managers
MDL-48861 - Assignment: "Need grading" filter is not working properly within grading overview
MDL-51552 - "Single View" bulk insert for empty grades no longer overwrites non-empty grades
MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
MDL-36606 - AJAX Grader report now works correctly when uneditable cells are present
Functional changes
MDL-49545 - Teachers without capability to change course full or short name should not be able to do it during restore as well
MDL-50917 - Allow manager to access another user's preferences
MDL-50811 - Forum email replies update completion tracking information
MDL-51834 - Lock custom profile fields that are set to by synchronised with various auth plugins
MDL-44707 - Copy embedded files in HTML block when duplicating block (mostly affects adding HTML block with files to default Dashboard)
MDL-51467 - Changing course start date when resetting course now correctly adjusts Date Restrictions
MDL-43594 - Assignment: Resetting course start date now updates calendar events respectfully
UI changes
MDL-40710 - Better visualization of badges backpack icon
MDL-51290 - Make adding a photo to a profile more obvious
MDL-50207 - Fixed activity results block CSS not to overwrite table caption and work correctly with RTL
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-51514 - Performance improvement in one of regrading queries on MySQL
MDL-51498 - Improve performance for regrading gradebook
MDL-50805 - Performance improvement in cron Messaging Cleanup Task
MDL-50790 - Fixed problem with removing content of Reply to email feature in gmail
MDL-26429 - Added missing criteria icons to completion report
MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
MDL-46710 - LTI module correctly tracks completion when opened in a new window
MDL-46497 - Atto: clicking RTL button and then LTR button should not add additional HTML tags
MDL-49032 - RFC2445_WSP defined incorrectly for Bennu iCal.
MDL-50892 - Fixed errors appearing when resource or activity was named '0' (zero)
MDL-51390 - Badges: fixed connection to external backpack
MDL-50079 - Atto: Fixed bug when user was unable to select "open in new window" when linking to the file from repository
MDL-48881 - Fixed bug with lesson not always showing student attempts
Upstream changes:
1.3202 2015-11-07
- Re-releasing 1.3200 again now CPAN perms should be fully sorted.
1.3201 2015-11-07
- Re-releasing 1.3200 now I should have the required permissions. (Can't
re-upload as 1.3200 even though it wasn't indexed due to PAUSE
restrictions)
1.3200 2015-11-06
[BUG FIXES]
- Fix temporary directory handling in serialiser tests (PR 1133, nanis)
[ENHANCEMENTS]
- Promoting 1.3144 to stable. Only one odd, rare failure remains on
CPAN Testers, which I cannot reproduce.
- Bind to 127.0.0.1 in tests to avoid occasional spurious failures on busy
build hosts (PR 1136, thanks to @redbaron)
- More efficient handling of large requests - don't store the raw request
body, but fish it out of the HTTP::Body object's temp file if required
(PR 1134, David Precious (bigpresh))
[NEW FEATURES]
- Allow mixd named params and splats in route definitions (PR 1086,
veryrusty)
1.3144 2015-11-04
[ENHANCEMENTS]
- Bind to 127.0.0.1 in tests to avoid occasional spurious failures on busy
build hosts (PR 1136, thanks to @redbaron)
1.3143 2015-10-26
- Note: new release manager for Dancer1: David Precious (BIGPRESH)
[BUG FIXES]
- Fix temporary directory handling in serialiser tests (PR 1133, nanis)
[ENHANCEMENTS]
- More efficient handling of large requests - don't store the raw request
body, but fish it out of the HTTP::Body object's temp file if required
(PR 1134, David Precious (bigpresh))
[NEW FEATURES]
- Allow mixd named params and splats in route definitions (PR 1086,
veryrusty)
Fixed a regression causing ModelChoiceField to ignore prefetch_related() on its queryset.
Allowed “mode=memory” in SQLite test database name if supported.
Fixed system check crash on ForeignKey to abstract model.
Fixed incorrect queries when you have multiple ManyToManyFields on different models that have the same field name, point to the same model, and have their reverse relations disabled.
Allowed filtering over a RawSQL annotation.
Made the Concat database function idempotent on SQLite.
Avoided a confusing stack trace when starting runserver with an invalid INSTALLED_APPS setting.
Made deferred models use their proxied model’s _meta.apps for caching and retrieval. This prevents any models generated in data migrations using QuerySet.defer() from leaking to test and application code.
Fixed a typo in the name of the strictly_above PostGIS lookup.
Fixed crash with contrib.postgres.forms.SplitArrayField and IntegerField on invalid value.
Added a helpful error message when Django and South migrations exist in the same directory.
Fixed a regression in URLValidator that allowed URLs with consecutive dots in the domain section (like http://example..com/) to pass.
Fixed a crash with GenericRelation and BaseModelAdmin.to_field_allowed.
Upstream changes:
6.29 2015-11-03
- Fixed a few bugs in built-in templates. (Zoffix, sri)
6.28 2015-11-02
- Improved build_app method in Mojo::Server to work more like the load_app
method.
- Fixed multi-line attribute bug in Mojo::DOM::HTML. (jamadam)
* Add Locker friend class to SBuf for protection against memory issues
* Connection stats, including %<lp, missing for persistent connections
* Fix incorrect authentication headers on cache digest requests
* Bug 4281: copy-paste typos in src/tools.cc
* Bug 4188: Bumping intercepted SSL connections does not work on Solaris
* Avoid errors when parsing manager ACL in old squid.conf
* Bug 4279: No response from proxy for FTP-download of non-existing file
* Bug 3574: crashes on reconfigure and startup
* Bug 4347: compile errors with LibreSSL 2.3
Changes:
What's new in WebKitGTK+ 2.10.3?
- Fix graphics artifacts when entering/leaving Accelerated Compositing mode.
- Honour 'forwards' fill-mode in Multiple-keyframe and delayed instantaneous
animations.
- Fix runtime warning when the inspector is closed.
- Fix the build with GTK+2 plugin process disabled.
- Gracefully handle errors when sending/receiving IPC messages data on connection
close.
- Fix several crashes and rendering issues.
Changelog:
Fixed in Firefox ESR 38.4
2015-133 NSS and NSPR memory corruption issues
2015-132 Mixed content WebSocket policy bypass through workers
2015-131 Vulnerabilities found through code inspection
2015-130 JavaScript garbage collection crash with Java applet
2015-128 Memory corruption in libjar through zip files
2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
2015-123 Buffer overflow during image interactions in canvas
2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
Changelog:
New Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
New Control Center that contains site security and privacy controls
New Indicator added to tabs that play audio with one-click muting
New WebRTC improvements:
IPV6 support
Preferences for controlling ICE candidate generation and IP exposure
Hooks for extensions to allow/deny createOffer/Answer
Improved ability for applications to monitor and control which devices are used in getUserMedia
New Login Manager improvements:
Improved heuristics to save usernames and passwords
Edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu
Migration imports your passwords to Firefox from Google Chrome for Windows and Internet Explorer; import anytime from the Login Manager
Changed Improved performance on interactive websites that trigger a lot of restyles
HTML5 Media Source Extension for HTML5 video available for all sites
HTML5 Support ImageBitmap and createImageBitmap()
HTML5 Implemented ES6 Reflect
Developer Ability to save filter presets inside CSS Filter Tooltip
Developer CSS filter presets in the Inspector
Developer Configurable Firefox OS Simulator in WebIDE, to simulate reference devices like phones, tablets, even TVs
Developer Asynchronous call stacks now allow web developers to follow the code flow through setTimeout, DOM event handlers, and Promise handlers.
Developer Remote website debugging over WiFi (no USB cable or ADB needed)
Developer View HTML source in a tab
Changelog:
Version 8.2.0 October 20th 2015
Major new ownCloud release, more info in announcement blog. Summary:
Updated design
New sidebar
Rewritten Gallery app
Updated text editor
Notifications
Policy for retaining deleted files and file versions
Encrypt/decrypt commands
Many additions to occ command tool for admins
Improved mime type handling
Security Hardening
ownCloud API work: Modular Authentication support, Capabilities Manager and Query Builder and more
Many small improvements
Upstream changes:
0.30 2015/05/30
* Allow max_redirect or max_redirects, to be consistent with LWP::UserAgent
Thanks Vincent Lequertier (SkySymbol)!
0.29 2015/05/30
* Make add_with_opts throw error on invalid options
Thanks Tom Grimwood-Taylor (tgt)!
0.28 2015/03/09
* Allow manual override of PeerAddr via peer_addr (rt #102634)
* Switch from print() to note() in TestServer for test suite
Upstream changes:
6.27 2015-10-29
- Updated HTML5 entities in Mojo::Util.
- Improved Mojo::Server::Prefork to log if the process id file could not be
created.
6.26 2015-10-28
- Renamed built-in templates with more descriptive names.
- Added warmup method to Mojolicious::Renderer and Mojolicious::Static.
Version 2.1
-----------
Released on October 23rd 2015, codename Caesium
- Table names are automatically generated in more cases, including
subclassing mixins and abstract models.
- Allow using a custom MetaData object.
- Add support for binds parameter to session.
In order to get rid of GCC_REQD disable IndexedDB support and
WebKitDatabaseProcess (that needs IndexedDB). Both were not present in
webkit-gtk<2.10.
Bump PKGREVISION.
v0.5.11
Add fake theme for built-in icons
* Don't truncate long speed dial titles if there's room to display them
Fix warnings for -Wformat-security
Ensure vala knows the prototypes of functions it calls, fixing pointer truncation in tests
Add unit test to check appmenu/menubar visibility
Fix last known GTK2 entry placeholder text bugs
Make sure that only one of appmenu and menubar are visible *initially* as well as when changed
Move adblock icons to hicolor
Limit bookmarks panel callbacks to the lifetime of the panel to fix a crash
Fix fallout (broken bookmarks and history panel search) from tweaks to GTK2 entry placeholder
fix property binding to ensure that exactly one of appmenu button and menubar is always visible
Skip open-with codepath with abp links, they are internal
Use find_file to locate execinfo.h
Fix middle/ctrl/normal clicking bookmarks (not folders) in the bookmarkbar.
Add copright header to sanitize_bar.sh
Adblock fixup: Escape . in filter with \
Don't shadow variable uri in midori_browser_save_uri
Switch Adblock icons to 24px color
Always include app menu in toolbar
Fix various mis[sing ]annotations and style issues in GIR
Compile typelib from gir
Fix assert when resetting webapp state after inactivity reset
clean up handling of double-valued db column in Tabby
Add a comment to explain MidoriBrowser popup callback
fix warnings printed when right-clicking resize grip between location and search entries
Win32: Use Dr. MinGW if present to preserve crash info
Fix menubar warning caused by direct cast instead of `as`
Helper script for setting up bzr with some usefull plugins and settings
Stop using Gtk.Entry.max_width_chars
avoid deprecated SoupServer API with libsoup 2.48
Use unowned in foreach loops in Midori.Window
Use unowned in foreach loops in Midori.Completion
Use unowned with Adblock.Subscription and Element in foreach loops
Use unowned strings in foreach loops
Enable openWith in app mode and make it work with view-new
Implement Midori.Window class with toolbar/ headerbar
Drop support for libsoup-gnome-2.4 < 2.37.1
Make search icons for engines work correctly
Move to WebKit2 4.0 which broke ABI
Port to zeitgeist-2.0
win32: Bump shipped GrayBird theme version to fix some rendering issues
avoid deprecated GtkDialog API with GTK+2 >= 2.22
Title case for "Export Certificate" button
fix incorrect type of MAX(sorting) in Tabby
v0.5.10
use exit instead of return in license script
Fix HAVE_GCR guards after GtkPopover port
Remove example app and .desktop before creating it in the unit test
Fix cache dir path in Adblock and always mkdir tmp
Port location action from Granite.PopOver to Gtk.Popover
Match https site when user-style is using domain syntax
Always disable developer tools on Win32
Reimplement Midori.URI.unescape and add various tests
Make the inspector resizable with GTK3 by packing into a GtkScrolledWindow
Don't build tabs2one in release builds
Don't assume GNotification works on Win32
update copyright date in About dialog
Don't entity-escape history and bookmark results in location completion
Only set tabs' error state if errors come from the main frame
Implement Paste and Proceed as an action
No Gcr on Win for the moment
Yet another Speed Dial CSS update:
Port bookmark popover from Granite to Gtk.Popover
Make application choosers resizable with a sane default size
Use GNotification >= 2.40 and use Midori.App API in webmedia
Rework mouse button handling in KatzeArrayAction
Don't bind :day in HistoryDatabase.query
Make GCR mandatory for all builds
Update coub support in mediaHerald
history-list: Fix gtk+3 build caused by dropping "using Gtk;"
Drop all remaining usages of "using *;"
Don't open search engines menu when clearing search action
Only remove apps in the sidepanel when left-clicking the delete icon
Improve robustness of GTK3-compatibility placeholder text fallback
Clean up vapi dependency
tls_flags from webkit_web_view_get_tls_info need to be 0
Don't add failed pages to history
Throw error for wrong paramter in Statement.bind
Replace NoJS "allow all pages" setting with "allow local pages"
Avoid bugs due to race condition in addons delete dialog
Calculate transfer progress at regular intervals to fix 0B/s bug and recalcitrant progess bars
Fix warnings occurring with EXTRA_WARNINGS
Escape parentheses in adblock_fixup_regexp()
Use File.query_exist() on win32 when checking for db to attach
Handle _NEW_WINDOW_ACTION explicitly to make _blank targets work
Fix undefined behavior uint in mouse gestures
fix JavaScript keyup event by calling inherited key-release-event handler in MidoriBrowser
Inline renaming of speed dials
Handle current_size and last_size of Download being equal
Add proper copyright headers to element_hider and autosuggestcontrol
Add X-GNOME-UsesNotifications to indicate the use of notifications
Fix typo in Bookmarks menu UI definition
Changes:
=================
WebKitGTK+ 2.10.2
=================
What's new in WebKitGTK+ 2.10.2?
- Fix a regression introduced in 2.10.1 that disabled accelerated
compositing.
- Fix build with cmake 3.4.
=================
WebKitGTK+ 2.10.1
=================
What's new in WebKitGTK+ 2.10.1?
- Fix rendering of accelerated content in HiDPI screens.
- Fix several media controls rendering issues.
- Fix rendering of progress element with recent versions of GTK+.
- Add and update some web inspector icons.
- Correctly handle websites sending an invalid auth header.
- Fix a crash when creating the UI process backing store in Wayland.
- Fix the build with spellchecker disabled.
- Fix the build with touch events disabled.
- Fix the build with OpenGL disabled.
- Several build fixes on Mac OSX.
- Fix several crashes and rendering issues.
pkgsrc changes:
- use private Linux npviewer.bin binaries built by me (tsutsui@) on
openSUSE 12.1 on 32 bit (i386) and 64 bit (x86_64) on VirtualBox
- enable EMUL_PLATFORMS=linux-x86_64 using the native 64 bit Linux
npviewer.bin binary, which allows using 64 bit native adobe-flash-plugin
on NetBSD/amd64 hosts
- also explicitly set EMUL_REQD= suse>=12.1 (NetBSD 6.x can use it anyway)
- tweak some pkgsrc ${PREFIX}
- update HOMEPAGE
- take maintainership
Note:
- major Linux distributions provided nspluginwrapper binaries to use
the 32 bit plugin binaries without sources on their 64 bit systems,
so there is no 64 bit wrapper binary (npviewer.bin) to use native 64 bit
plugin binaries on other systems (like NetBSD) via binary emulation
- nowadays adobe provides 64 bit native adobe-flash-plugin11 binaries
and NPAPI plugins are being deprecated by vendors, so I guess there is
very few motivation to update nspluginwrapper project for Linux people
http://nspluginwrapper.org/why.html
- Linux binaries in distfiles are built with following changes to
make npviewer.bin works on non-Linux hosts:
- configure with the following options, to enable "generic" RPC calls
(The default Linux native binaries use their specific "anonymous socket")
- for i386:
% ./configure --enable-generic
- for x86_64:
% ./configure --target-cpu=x86_64 --disable-biarch --enable-generic --enable-viewer --enable-player
- disable USE_NPIDENTIFIER_CACHE in npviewer (as patch-src_npw-viewer.c),
which doesn't seems tested with the "generic" RPC interfaces
OK from abs@, and no particular objection to PR pkg/49705 and pkgsrc-users@.
Also thanks to Onno van der Linden for his first analysis about
newer nspluginwrapper APIs in PR pkg/47208.
Upstream changes (in NEWS file):
Version 1.4.4 - 30.Jun.2011
* Fix crash in some cases when the number of watched file descriptors decreases
Version 1.4.2 - 04.Jun.2011
* Fix crash in WebKit/GTK when npwrapper.so is incorrectly treated as a plugin
* Fix symbol versioning issues with _Unwind_GetIPInfo on some systems
* Fix install process with parallel make
Version 1.4.0 - 15.May.2011
* Report capabilities over RPC to fix logic based on NULL plugin/browser hooks
* Fix initialization bug that causes Flash 10.3 to report a version of 0
* Implement ClearSiteData NPAPI extension for managing Flash LSOs
* Work around bug in Konqueror that prevents plug-ins from functioning properly
Version 1.3.2 (BETA) - 23.Apr.2011
* Work around lack of client-side windows in Flash
* Fix race condition when NPP_Destroy was called while viewer is busy
* Fix build on modern Linux platforms
* Support NPAPI 0.24, in particular, Flash can now query for private browsing
* Don't export any symbols but those necessary
* Support XEmbeding npplayer into another application
* Remove NPClass::HasMethod cache; it was incorrect
* Fix initializing two wrapped plugins with the same name in the same process
* Work around Qt bug that breaks npplayer when Kopete is installed
* Release implicit grabs before forwarding events to fix Flash context menu hang
* Work around Firefox quirk that broke windowless Flash in Firefox 4
* Bind wrapper and viewer event loops together to avoid many many race conditions
* Redesign NPRuntime bridge to avoid leaking proxy objects
* Incorportate release number into ident string so update works on distro patches
Version 1.3.0 (BETA) - 02.Jan.2009
* Don't poll for Xt events in Gtk (XEMBED) plug-ins
* Use 40 Hz timer for Xt events only when necessary (Xt input sources)
* Add NPIdentifier and NPClass::HasMethod caches, i.e. lower RPC traffic
* Add support for multiple viewer paths, see --viewer-paths=PATH-EXPR
* Add basic checks for malloc()'ed buffer underflow/overflow
* Add checks for single-threaded calls into the browser (NPN_*() functions)
Upstream changes:
* v3.00 - 21st May 2015
No changes from v2.99_04.
* v2.99_04 (pre-release for 3.0) - 18th May 2015
Uploaded files with duplicate field names are treated in the
same ways as other data with duplicate field names.
* v2.99_03 (pre-release for 3.0) - 5th April 2015
BUG FIX: Additional change to forms.t to prevent MS Windows systems
hanging. (issue 103315)
* v2.99_02 (pre-release for 3.0) - 4th April 2015
Added force_unique_cookies method and equivalent parsing code and tests.
Improved test suite: better coverage, skipped failling tests for
Microsoft systems which don't use/honour normal permissions, silenced
noisy tests on older perls.
* v2.99_01 (pre-release for 3.0) - 31st March 2015
Source amended to pass perlcritic. String evals removed or replaced.
Strictures added to module and examples. All filehandles are now
lexicals. Consistent source formatting applied to module (perltidy).
deny_uploads and set_size_limit added.
All active public subroutines are now methods.
print_cookie_data and print_form_data have been removed. They had been
deprecated for well over a decade.
escape_dangerous_chars has been removed. It has been considered a
security risk since version 2.0.
Bug:
* [SSPCPP-656] - NameID insert logic appears wrong for ODBC Session store
* [SSPCPP-657] - Update Windows libraries
* [SSPCPP-663] - BOOST autoconf macros break with gcc5
* [SSPCPP-665] - Use of systemd breaks on reboot due to disappearance of /run/shibboleth
Improvement:
* [SSPCPP-654] - Move fork wait timeout from init script to sysconfig
Task:
* [SSPCPP-661] - Preparation of 2.5.5 release
* [SSPCPP-662] - Set AllowSameVersionUpgrades to 'yes'
Version 2.5.4
Bug:
* [SSPCPP-612] - Old DiscoveryFeed cache files are not correctly removed
* [SSPCPP-616] - SP does not build with C++11
* [SSPCPP-621] - log4shib. RemoteSyslogAppender doesn't work in debian.
* [SSPCPP-623] - Attribute mapper interprets attribute name with leading/trailing whitespace
* [SSPCPP-624] - Trailing whitespace in authnContextClassRef attribute parsed incorrectly
* [SSPCPP-627] - SyslogAppender is not working on windows
* [SSPCPP-646] - When triggered by file size limit, native.log does not rotate correctly and logs are missing
Improvement:
* [SSPCPP-618] - Add support for Amazon Linux 2014.3 via attached patch
* [SSPCPP-629] - attribute-map.xml missing "uid" attribute (eduPerson)
* [SSPCPP-645] - Adjust ownership of /var/cache/shibboleth in the init script of RPM-based Linux distributions
* [SSPCPP-647] - consider not permitting RC4 on back channel queries
Task:
* [SSPCPP-644] - Release log4shib 1.0.9
* [SSPCPP-648] - Release process for 2.5.4
Version 2.5.3
Bug:
* [SSPCPP-578] - Example Apache config uses require valid-user
* [SSPCPP-580] - FastCGI programs use libxmltooling but don't link with it
* [SSPCPP-584] - Limit on preserved POST data size is not enforced
* [SSPCPP-585] - POST data replay in Firefox fails if data contains key "submit"
* [SSPCPP-589] - Relative paths in Shibboleth XML catalogs are resolved against /usr/share/xml/opensaml
* [SSPCPP-595] - postTemplat.html form submission bug
* [SSPCPP-596] - Red Hat init script produces spurious restorecon warning at startup
* [SSPCPP-603] - Directory Indexes don't work when using file-based basic auth (ShibCompatValidUser is On)
Documentation:
* [SSPCPP-591] - Errors partialLogout attribute not documented
Improvement:
* [SSPCPP-598] - Dynamic metadata provider in SP should avoid unmarshalling non-EntityDescriptor results
* [SSPCPP-605] - Rephrase error log lines for AuthnFailed responses
Task:
* [SSPCPP-609] - Release of 2.5.3
Upstream changes:
6.25 2015-10-21
- Deprecated Mojo::Message::Request::proxy with boolean and string arguments
in favor of Mojo::Message::Request::via_proxy.
- Replaced proxy method in Mojo::Message::Request with an attribute.
- Moved all bundled files into "resources" directories.
- Added via_proxy attribute to Mojo::Message::Request.
- Improved Mojo::DOM::CSS to support selectors with leading and trailing
whitespace.
- Improved rendering of built-in templates to show actual template names in
log messages.
- Fixed punycode bug in Mojo::URL.
- Fixed "0" value bug in Mojo::JSON::Pointer.
Version 0.3.2
-------------
Released on October 8th, 2015
- Fixes Python 2.6 compatibility.
- Updates SESSION_KEYS to include "remember".
Version 0.3.1
-------------
Released on September 30th, 2015
- Fixes removal of non-Flask-Login keys from session object when using
'strong' protection.
This release adds a new report to show statistics about Denied URLs. It also allow to add a SquidGuard log to the list of log files and to report blocked URLs into the Denied reports. It ialso adds a pie chart on SquidGuard ACLs use.
There's also four new configuration directives:
- UserReport to be able to remove any user related reports but statistics
about URL and domains will remain.
- ExcludedCodes to be able to exclude some log entries following the TCP
code returned.
- UrlHitsOnly to be able to enable the generation of additional HTML tables
with top Url per byte and per duration in Top Urls and Domains report.
- MaxFormatError to not exit immediatly when a bad format error is encountered. SquidAnalyzer will
wait MaxFormatError before exiting.
4.22 2015-10-16
[ RELEASE NOTES ]
- Documentation fixes only - please see v4.21 Changes for any potentially
impacting changes
[ DOCUMENTATION ]
- fix typos in CONTRIBUTING file
- links to docs, stackoverflow and perlmonks
- clarify deprecation policy on HTML functions (GH #188)
- mention HTML::Tiny in CGI::HTML::Functions (thanks to osfameron for
the suggestion)
Upstream changes:
Drupal 7.40, 2015-10-14
-----------------------
- Made Drupal's code for parsing .info files run much faster and use much less
memory.
- Prevented drupal_http_request() from returning an error when it receives a
201 through 206 HTTP status code.
- Added support for autoloading traits via the registry on sites running PHP
5.4 or higher.
- Allowed the user-picture.tpl.php theme template to have HTML classes besides
the default "user-picture" class printed in it (markup change).
- Fixed the URL text filter to convert e-mail addresses with plus signs into
mailto: links.
- Added alternate text to file icons displayed by the File module, to improve
accessibility (string change, and minor API addition to theme_file_icon()).
- Changed one-time login link failure messages to be displayed as errors or
warnings as appropriate, rather than as regular status messages (minor UI
change and data structure change).
- Changed the default settings.php configuration to exclude private files from
the "404_fast_paths" behavior.
- Changed the page that displays filter tips for a particular text format, for
example filter/tips/full_html, to return "page not found" or "access denied"
if the format does not exist or the user does not have access to it. This
change adds a new menu item to the Filter module's hook_menu() entry (minor
data structure change).
- Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the
cache keys used for caching a particular block.
- Made drupal_set_message() display and return messages when "0" is passed in
as the message to set.
- Fixed non-functional "Files displayed by default" setting on file fields.
- The "worker callback" provided in hook_cron_queue_info() and the "finished"
callback specified during batch processing can now be any PHP callable
instead of just functions.
- Prevented drupal_set_time_limit() from decreasing the time limit in the case
where the PHP maximum execution time is already unlimited.
- Changed the default thousand marker for numeric fields from a space ("1 000")
to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
- Prevented malformed theme .info files (without a "name" key) from causing
exceptions during menu rebuilds. If an .info file without a "name" key is
found in a module or theme directory, Drupal will now use the module or
theme's machine name as the display name instead.
- Made the format column in the {date_format_locale} database table
case-sensitive, to match the equivalent column in the {date_formats} table.
- Fixed a bug in the Statistics module that caused JavaScript files attached to
a node while it is being viewed to be omitted from the page.
- Added an optional 'project:' prefix that can be added to dependencies in a
module's .info file to indicate which project the dependency resides in (API
addition: https://www.drupal.org/node/2299747).
- Fixed various bugs that occurred after hooks were invoked early in the Drupal
bootstrap and that caused module_implements() and drupal_alter() to cache an
incomplete set of hook implementations for later use.
- Set the X-Content-Type-Options header to "nosniff" when possible, to prevent
certain web browsers from picking an unsafe MIME type.
- Prevented the database API from executing multiple queries at once on MySQL,
if the site's PHP version is new enough to do so. This is a secondary defense
against SQL injection (API change: https://www.drupal.org/node/2463973).
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade
to fail when there were multiple file records pointing to the same file.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Upstream changes:
== Security fixes ==
* Wikipedia user RobinHood70 reported two issues in the chunked upload API.
The API failed to correctly stop adding new chunks to the upload when the
reported size was exceeded (T91203), allowing a malicious users to upload add an
infinite number of chunks for a single file upload. Additionally, a
malicious user could upload chunks of 1 byte for very large files, potentially
creating a very large number of files on the server's filesystem (T91205).
<https://phabricator.wikimedia.org/T91203>
<https://phabricator.wikimedia.org/T91205>
* Internal review discovered that it is not possible to throttle file
uploads.
<https://phabricator.wikimedia.org/T91850>
* Internal review discovered a missing authorization check when removing
suppression from a revision. This allowed users with the 'viewsuppressed'
user right but not the appropriate 'suppressrevision' user right to unsuppress
revisions.
<https://phabricator.wikimedia.org/T95589>
* Richard Stanway from teamliquid.net reported that thumbnails of PNG files
generated with ImageMagick contained the local file path in the image
metadata.
<https://phabricator.wikimedia.org/T108616>
== Bug Fixes in 1.25.3 ==
* Fix having multiple callbacks for a single hook.
<https://phabricator.wikimedia.org/T98975>
* maintenance/refreshLinks.php did not always remove all links pointing to
nonexistent pages.
<https://phabricator.wikimedia.org/T107632>
* $wgEmergencyContact and $wgPasswordSender now use their default value if
set to an empty string.
<https://phabricator.wikimedia.org/T104142>
* Provide fallbacks for use of mb_convert_encoding() in HtmlFormatter. It
was causing an error when accessing the api help page if the mbstring PHP
extension was not installed.
<https://phabricator.wikimedia.org/T62174>
* Confirmation emails would sometimes contain invalid codes.
<https://phabricator.wikimedia.org/T105896>
* Fixed edit stash inclusion queries.
<https://phabricator.wikimedia.org/T105597>
New features:
- Add debian patch debian-patches-1019_allow_frame_resize.patch to add
option nboflastupdatelookuptosave on command line.
- 199 Added geoip6 plugin with support for IPv4 AND IPv6.
- Work with Amazon AWS log files (using %time5 tag).
Fixes:
- Fixes permission on some .pl scripts.
- 205 GetResolvedIP_ipv6 does not strip trailing dot.
- 496 tools scripts should print warnings and errors to STDERR.
- 919 Referrals not getting tracked due to improperly getting flagged as a search.
- Add debian patch 0007_russian_lang.patch.
- Add debian patch 2001_awstatsprog_path.patch.
- 921 Failure in the help text for geoip_generator.pl
- 909 awstats_buildstaticpages.pl noisy debug output.
- 680 Invalid data passed to Time::Local causes global destruction.
- 212 Fix CVE-2006-2237
*) mod_http2: added donated HTTP/2 implementation via core module. Similar
configuration options to mod_ssl.
*) mod_proxy: don't recyle backend announced "Connection: close" connections
to avoid reusing it should the close be effective after some new request
is ready to be sent.
*) mod_substitute: Allow to configure the patterns merge order with the new
SubstituteInheritBefore on|off directive.
*) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
*) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",
in accordance with RFC 7568.
*) mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings,
instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
and later). Enables support for configuring the SUITEB* cipher
strings introduced in OpenSSL 1.0.2.
*) mod_ssl: Add support for extracting the msUPN and dnsSRV forms
of subjectAltName entries of type "otherName" into
SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment
variables.
*) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
an SSL connection.
*) mod_cache: r->err_headers_out is not merged into
r->headers when mod_cache is enabled and the response
is cached for the first time.
*) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
can't create new (clear) slots while previous children gracefully stopping
still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to
restart whenever the number of configured balancers/members changed during
restart.
*) core/util_script: make REDIRECT_URL a full URL.
*) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
records for scalability.
*) mod_proxy: Fix a race condition that caused a failed worker to be retried
before the retry period is over.
*) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are
loaded.
*) mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting
';' as an alternate separator.
*) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
apxs -q.
*) mod_rewrite: Avoid a crash when lacking correct DB access permissions
when using RewriteMap with MapType dbd or fastdbd.
*) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
*) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
long to keep idle connections with the memcache server(s).
Change default value from 600 usec (!) to 15 sec.
*) mod_dir: Prevent the internal identifier "httpd/unix-directory" from
appearing as a Content-Type response header when requests for a directory
are rewritten by mod_rewrite.
* Make traditional init script fail if new config file is broken
* nghttpx-logrotate: Don't use killall since we have multiple processes
* nghttpx: Fix improper signal handling
=== RELEASE 2.12 ===
Sat Sep 12 21:03:14 CEST 2015 mikulas:
Free cookies when changing the 'only proxies' checkbox - i.e. when
entering or leaving tor mode
Thu Sep 10 00:04:11 CEST 2015 mikulas:
Do not record compile time to allow reproducible builds
Tue Sep 8 20:57:26 CEST 2015 mikulas:
Support SSL client certificates
Mon Sep 7 20:55:44 CEST 2015 mikulas:
Security bug fixed: warn if the server uses old SSL2 or SSL3 protocol
to avoid the POODLE vulnerability
Fixed in 7.45.0 - October 7 2015
Changes:
added CURLOPT_DEFAULT_PROTOCOL
added new tool option --proto-default
getinfo: added CURLINFO_ACTIVESOCKET
turned CURLINFO_* option docs as stand-alone man pages
curl: point out unnecessary uses of -X in verbose mode
Bugfixes:
curl_global_init_mem.3: Stronger thread safety warning
buildconf.bat: Fixed issues when ran in directories with special chars
cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
generate.bat: Fixed issues when ran in directories with special chars
generate.bat: Only call buildconf.bat if it exists
generate.bat: Added support for generating only the prerequisite files
curl.1: Document weaknesses in SSLv2 and SSLv3
CURLOPT_HTTP_VERSION.3: connection re-use goes before version
docs: Update the redirect protocols disabled by default
inet_pton.c: Fix MSVC run-time check failure
CURLMOPT_PUSHFUNCTION.3: fix argument types
rtsp: support basic/digest authentication
rtsp: stop reading empty DESCRIBE responses
travis: Upgrading to container based build
travis.yml: Add OS X testbot
FTP: make state machine not get stuck in state
openssl: handle lack of server cert when strict checking disabled
configure: change functions to detect openssl (clones)
configure: detect latest boringssl
runtests: Allow for spaces in server-verify curl custom path
http2: on_frame_recv: get a proper 'conn' for the debug logging
ntlm: mark deliberate switch case fall-through
http2: remove dead code
curl_easy_{escape,unescape}.3: "char *" vs. "const char *"
curl: point out the conflicting HTTP methods if used
cmake: added Windows SSL support
curl_easy_{escape,setopt}.3: fix example
curl_easy_escape.3: escape '\n'
libcurl.m4: Put braces around empty if body
buildconf.bat: Fixed double blank line in 'curl manual' warning output
sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
inet_pton.c: Fix MSVC run-time check failure
CURLOPT_FOLLOWLOCATION.3: mention methods for redirects
http2: don't pass on Connection: headers
nss: do not directly access SSL_ImplementedCiphers
docs: numerous cleanups and spelling fixes
FTP: do_more: add check for wait_data_conn in upload case
parse_proxy: reject illegal port numbers
cmake: IPv6 : disable Unix header check on Windows platform
winbuild: run buildconf.bat if necessary
buildconf.bat: fix syntax error
curl_sspi: fix possibly undefined CRYPT_E_REVOKED
nss: prevent NSS from incorrectly re-using a session
libcurl-errors.3: add two missing error codes
openssl: fix build with < 0.9.8
openssl: refactor certificate parsing to use OpenSSL memory BIO
openldap: only part of LDAP query results received
ssl: add server cert's "sha256//" hash to verbose
NTLM: Reset auth-done when using a fresh connection
curl: generate easysrc only on --libcurl
tests: disable 1801 until fixed
CURLINFO_TLS_SESSION: always return backend info
gnutls: Support CURLOPT_KEYPASSWD
gnutls: Report actual GnuTLS error message for certificate errors
tests: disable 1510 due to CI-problems on github
cmake: Put "winsock2.h" before "windows.h" during configure checks
cmake: Ensure discovered include dirs are considered
configure: Add missing ')' for CURL_CHECK_OPTION_RT
build: fix failures with -Wcast-align and -Werror
FTP: fix uploading ASCII with unknown size
readwrite_data: set a max number of loops
http2: avoid superfluous Curl_expire() calls
http2: set TCP_NODELAY unconditionally
docs: fix unescaped '\n' in man pages
openssl: Fix algorithm init to make (gost) engines work
win32: make recent Borland compilers use long long
runtests: Fix pid check in checkdied
gopher: don't send NUL byte
tool_setopt: fix c_escape truncated octal
hiperfifo: fix the pointer passed to WRITEDATA
getinfo: Fix return code for unknown CURLINFO options
