---------------------------
4.33 2016-09-16
[ DOCUMENTATION ]
- clarify that ->param will return the first value if there are
multiple values (when not called in list context)
* [ Joey Hess ]
* Fix installation when prefix includes a string metacharacter.
Thanks, Sam Hathaway.
* [ Simon McVittie ]
* Use git log --no-renames to generate recentchanges, fixing the git
test-case with git 2.9 (Closes: #835612)
- [file] don't use `readdir_r` on Linux, Solaris #1046#1052
(Frederik Deweerdt, Kazuho Oku)
- [http2] fix negative error code sent when cancelling a pushed
stream #1039 (Frederik Deweerdt)
- [http2] fix a bug that may cause a stream to stall #1040 (Frederik
Deweerdt)
- [http2] fix a bug that reset the stream when receiving HEADERS
after PRIORITY #1043 (Frederik Deweerdt)
- [mruby] fix mruby handler becoming unusable after failed connection
in http_request on FreeBSD #1062 (Kazuho Oku)
Curl and libcurl 7.50.3
This release includes the following bugfixes:
o CVE-2016-7167: escape and unescape integer overflows [8]
o mk-ca-bundle.pl: use SHA256 instead of SHA1
o checksrc: detect strtok() use
o errors: new alias CURLE_WEIRD_SERVER_REPLY [1]
o http2: support > 64bit sized uploads [2]
o openssl: fix bad memory free (regression) [3]
o CMake: hide private library symbols [4]
o http: refuse to pass on response body with NO_NODY was set [5]
o cmake: fix curl-config --static-libs [6]
o mbedtls: switch off NTLM in build if md4 isn't available [7]
o curl: --create-dirs on windows groks both forward and backward slashes [9]
* 1473: ``HTTPError`` now also works as a context manager.
* 1487: The sessions tool now accepts a ``storage_class``
parameter, which supersedes the new deprecated
``storage_type`` parameter. The ``storage_class`` should
be the actual Session subclass to be used.
* Releases now use ``setuptools_scm`` to track the release
versions. Therefore, releases can be cut by simply tagging
a commit in the repo. Versions numbers are now stored in
exactly one place.
In this release, we fixed the bug which causes GOAWAY race with new incoming stream on server side. The bug has been reported in GH-681. This is a regression introduced in 16c4611. We were happy with that commit since nghttp2 server passed all strict mode h2spec tests. However, it turned out that it could not handle some cases well, and one of them is GOAWAY race on server side. We reverted part of that commit to fix this issue. This bug only affects nghttp2 server side session. The client side nghttp2 session is not affected by this bug.
2.3.14 (2016-08-17)
-------------------
New features
- [eas] added folder merging capabilities
Enhancements
- [web] expunge drafts mailbox when a draft is sent and deleted
- [web] style cancelled events in Calendar module (#2800)
- [web] updated CKEditor to version 4.5.10
Bug fixes
- [eas] fixed long GUID issue preventing sometimes synchronisation (#3460)
- [web] improved extraction of HTML signature in Preferences module
- [web] really delete mailboxes being deleted from the Trash folder (#595, #1189, #641)
- [core] fixing sogo-tool backup with multi-domain configuration but domain-less logins
- [core] during event scheduling, use 409 instead of 403 so Lightning doesn't fail silently
- [core] correctly calculate recurrence exceptions when not overlapping the recurrence id
- [core] prevent invalid SENT-BY handling during event invitations (#3759)
2.3.13 (2016-07-06)
-------------------
New features
- [core] now possible to set default Sieve script (#2949)
- [core] new sogo-tool truncate-calendar feature (#1513, #3141)
- [eas] initial Out-of-Office support in EAS
Enhancements
- [core] avoid showing bundle loading info when not needed (#3726)
- [core] when restoring data using sogo-tool, regenerate Sieve script (#3029)
- [eas] use the preferred email identity in EAS if valid (#3698)
- [eas] handle inline attachments during EAS content generation
- [web] update jQuery File Upload library to 9.12.5
Bug fixes
- [web] fixed crash when an attachment filename has no extension
- [web] dragging a toolbar button was blocking the mail editor in Firefox
- [eas] handle base64 EAS protocol version
Added css regression tests framework
Fixed an issue with datetime fields being displayed incorrectly
Fixed a bug with related-widget add/change buttons inside changelist
Fixed an issue with login screen on Django 1.9
Fixed an issue with calendar display in Django 1.9
Fixed inline grouped field with
Synced translations with Transifex
Upstream changes:
3.1.2
Highlights
MDL-37250 - Lessons: save students attempts if they timeout
MDL-54977 - Fixed bug with navigation tree not working in some cases
MDL-50586 - Warn teachers about removing level 0 in rubrics as it leads to unexpected grades.
MDL-41174 - Update the calendar event when inline changing activity name or duplicating activity
MDL-33741 - Allow teacher to access course files in hidden categories using Server files repository in filepicker
MDL-55333 - Fixed error when trying to view/export feedback responses with over 60 questions using mariadb/mysql
Security issues
MSA-16-0022 Web service tokens should be invalidated when the user password is changed or forced to be changed
Fixes and improvements
MDL-55312 - Bugfix: Load timeout for modules: core/first occurs after purge caches
MDL-55229 - Bugfix: Meta Enrolment - Search for course produces error
MDL-55707 - Bugfix: Possible to get in "recalculating grades" infinite loop
MDL-55292 - Include tideways profiler along with xhprof for PHP7 profiling
MDL-54892 - Uninstall scheduled tasks when plugin is uninstalled
MDL-22183 - Prevent stats from running later and later - use scheduled task time only
MDL-47371 - Bugfix: The character & is displayed as " & amp ; " in book module
MDL-52544 - Resolved problems of Oracle driver in PHP7 environment
MDL-55246 - Bugfix: Unoconv fails on files with spaces in the name.
MDL-51078 - Add "All changes" option to the Action selector in report_log (was present in 2.6 and removed in 2.7+)
MDL-52105 - Remove CAP_PROHIBIT in manager role for capability 'enrol/self:holdkey'
MDL-54847 - Allow students to insert HTML audio and video tags
MDL-55273 - Default setting for cookiesecure should be on
MDL-55520 - Assignment module no longer resets max grade to 100 during module editing
MDL-55245 - Attempting to select text in PDF annotation comments drags the comment box
Changes to squid-3.5.21 (08 Sep 2016):
- Bug 4563: duplicate code in httpMakeVaryMark
- Bug 4542: authentication credentials IP TTL updated incorrectly
- Bug 4534: assertion failure in xcalloc when using many cache_dir
- Bug 4428: mal-formed Cache-Control:stale-if-error header
- Bug 3025: Proxy-Authenticate problem using ICAP server
- Fix segfault via Ftp::Client::readControlReply()
- Fix SSL-Bump failure results in SEGFAULT
- HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses
- HTTP/1.1: do not allow Proxy-Connection to override Connection header
- SSL: CN wildcard must only match a single domain component [fragment]
There were muliple variables set from before the egg/distutils files
were improved years ago, which are now redundant. Separate
pyversion.mk, application.mk and egg.mk settings.
(This commit has no functional change.)
MESSAGE is from 2008 and warns the user about adjusting for a lot of
"recent changes". Once those comments are removed, what remains is a
reminder to read and follow the upstream documentation, which is not
pkgsrc-specific or worthy of MESSAGE.
Skip PKGREVISION due to upgrade within the last hour.
This commit has no functional changes.
Drop comments about wip/trac, www/ja-trac and eventual merging,
because that's happened. Adjust explanation of why there is no svn or
git dependency.
Move option declaration near option use, in preparation for
options.mk.
### 4.2.3 (2016-09-06)
* Do not double URL encode the content syndication links.
* Use CSS3 transforms instead of transitions to animate the off-canvas navigation.
* Improve the exception handling when using the resource locator (see #557).
* Correctly reset the filter menu in parent view.
* Support all characters but =!<> and whitespace in simple tokens (see contao/core#8436).
* Check the user's permission when generating links in the picker (see contao/core#8407).
* Handle forward pages without target in the navigation modules (see contao/core#8377).
* Provide the same template variables for downloads and enclosures (see contao/core#8392).
* Handle %n when parsing date formats (see contao/core#8411).
* Fix the module wizard's accessibility (see contao/core#8391).
* Correctly initialize TinyMCE in sub-palettes in Firefox (see contao/core#3673).
* Validate form field names more accurately (see contao/core#8403).
* Correctly show the ctime, mtime and atime of a folder (see contao/core#8408).
* Correctly index changed pages (see contao/core#8439).
Version 3.5.16 (2016-09-05)
---------------------------
### Fixed
Check if a reader page is protected when generating a sitemap (see #8416).
### Fixed
Support all characters but =!<> and whitespace in simple tokens (see #8436).
### Fixed
Check the user's permission when generating links in the picker (see #8407).
### Fixed
Handle forward pages without target in the navigation modules (see #8377).
### Fixed
Stop the event recurrence if the upper boundary is reached (see #8445).
### Fixed
Show upcoming events if the first occurrence is in the past (see #8447).
### Updated
Update MooTools to version 1.5.2.
### Fixed
Provide the same template variables for downloads and enclosures (see #8392).
### Fixed
Handle %n when parsing date formats (see #8411).
### Fixed
Fix the module wizard's accessibility (see #8391).
### Fixed
Correctly initialize TinyMCE in sub-palettes in Firefox (see #3673).
### Fixed
Validate form field names more accurately (see #8403).
### Fixed
Correctly show the ctime, mtime and atime of a folder (see #8408).
### Fixed
Correctly index changed pages (see #8439).
### Fixed
Always store the UUID of an uploaded file (see #8421).
Bugfixes:
---------
mbedtls: Added support for NTLM
SSH: fixed SFTP/SCP transfer problems
multi: make Curl_expire() work with 0 ms timeouts
mk-ca-bundle.pl: -m keeps ca cert meta data in output
TFTP: Fix upload problem with piped input
CURLOPT_TCP_NODELAY: now enabled by default
mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
http2: always wait for readable socket
cmake: Enable win32 large file support by default
cmake: Enable win32 threaded resolver by default
winbuild: Avoid setting redundant CFLAGS to compile commands
curl.h: make CURL_NO_OLDIES define CURL_STRICTER
docs: make more markdown files use .md extension
docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
winbuild: Allow changing C compiler via environment variable CC
rtsp: accept any RTSP session id
HTTP: retry failed HEAD requests on reused connections too
configure: add zlib search with pkg-config
openssl: accept subjectAltName iPAddress if no dNSName match
MANUAL: Remove invalid link to LDAP documentation
socks: improved connection procedure
proxy: reject attempts to use unsupported proxy schemes
proxy: bring back use of "Proxy-Connection:"
curl: allow "pkcs11:" prefix for client certificates
spnego_sspi: fix memory leak in case *outlen is zero
SOCKS: improve verbose output of SOCKS5 connection sequence
SOCKS: display the hostname returned by the SOCKS5 proxy server
http/sasl: Query authentication mechanism supported by SSPI before using
sasl: Don't use GSSAPI authentication when domain name not specified
win: Basic support for Universal Windows Platform apps
nss: fix incorrect use of a previously loaded certificate from file
nss: work around race condition in PK11_FindSlotByName()
ftp: fix wrong poll on the secondary socket
openssl: build warning-free with 1.1.0 (again)
HTTP: stop parsing headers when switching to unknown protocols
test219: Add http as a required feature
TLS: random file/egd doesn't have to match for conn reuse
schannel: Disable ALPN for Wine since it is causing problems
http2: make sure stream errors don't needlessly close the connection
http2: return CURLE_HTTP2_STREAM for unexpected stream close
darwinssl: --cainfo is intended for backward compatibility only
speed caps: not based on average speeds anymore
configure: make the cpp -P detection not clobber CPPFLAGS
http2: use named define instead of magic constant in read callback
http2: skip the content-length parsing, detect unknown size
http2: return EOF when done uploading without known size
darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
openssl: fix CURLINFO_SSL_VERIFYRESULT
Changes:
WebKitGTK+ 2.12.4
==================
- Fix performance in accelerated compositing mode with the modesetting intel
driver and DRI3 enabled.
- Reduce the amount of file descriptors that the Web Process keeps open.
- Fix Web Process deadlocks when loading HLS videos.
- Make CSS and SVG animations run at 60fps.
- Make meter elements accessible.
- Improve accessibility name and description of elements to make it more
compatible with W3C specs and fix several bugs in which the accessible
name of objects was missing or broken.
- Fix a crash when running windowed plugins under Wayland.
- Fix a crash at process exit under Wayland.
- Fix several crashes and rendering issues.
- Translation updates: German.
- Security fixes: CVE-2016-4622, CVE-2016-4624, CVE-2016-4591, CVE-2016-4590.
Upstream changes:
7.05 2016-08-29
- Fixed bug in Mojo::IOLoop::Subprocess where EV would steal the subprocess
exit status.
7.04 2016-08-28
- Added EXPERIMENTAL support for performing computationally expensive
operations in subprocesses, without blocking the event loop. (jberger, sri)
- Added EXPERIMENTAL module Mojo::IOLoop::Subprocess. (jberger, sri)
- Added EXPERIMENTAL subprocess method to Mojo::IOLoop. (jberger, sri)
- Improved many methods in Mojolicious::Controller to die more gracefully if
the connection has already been closed.
- Fixed bug where Mojo::UserAgent would try to follow redirects for CONNECT
requests.
This module improves non-ascii filename interoperability of apache
(and mod_dav), by supporting various client encoding.
Current license is troublesome because of its clause 4:
> 4. Products derived from this software may not be called "mod_encoding"
> nor may "mod_encoding" appear in their names without prior written
> permission of Internet Initiative Japan Inc. For written permission,
> please contact tai%iij.ad.jp@localhost (Taisuke Yamada).
LICENSE is however left intionnaly blank, as Internet Initiative Japan, Inc.
may revise it in the near future. This is approved by wiz@ and soda@.
Upstream changes:
0.31 2016/08/17
* Add minimum Perl version to Makefile.PL
* Match HTTP::Async::Polite version to HTTP::Async (CPANTS)
Thanks to Mohammad S Anwar (Manwar) for both changes!
* Replace yahoo.com with metacpan.org in t/real_servers.t
Update LICENSE
Upstream changes:
1.46
------------------------------------
[ENHANCEMENTS]
Added header_exists_ok(), lacks_header(), header_is() and header_like()
methods. Thanks to Eric A. Zarko for the original patches.
The scraped_id_is() method used to assign a description for the test if
one was not passed. Now it does not.
scraped_id_is() now gives proper diagnostics if an ID is not found in
the HTML.
Added a delete_ok() method. Thanks, moznion.
content_contains() now fails if it's called with a regex. content_like()
now fails if it's not called with a regex.
[FIXES]
The test server run during the test suite allowed URLs outside of the
document tree, which could potentially be a security problem. This has
been fixed. Thanks, Tynovsky.
https://github.com/petdance/test-www-mechanize/issues/33
Fixed an overly-restrictive optimization in scrape_text_by_id(), plus
scraped_id_is() and scraped_id_like() which wrap it.
The method checks to make sure that it doesn't bother looking for an ID
on the page if the ID doesn't exist. It did this by looking for the text
id="foo"
where foo is the ID being searched for. However, that would mean that
tags like
<p id='foo'>
<p id=foo>
<p id = "foo">
<p id=
"foo">
<p id
=
"foo"
>
would be seen as not existing. This has been fixed by making
scrape_text_by_id() search for the string "foo" anywhere on the page.
Add p5-ExtUtils-MakeMaker as BUILD_DEPENDS
Upstream changes:
0.203000 2016-08-24 22:09:56-05:00 America/Chicago
[ BUG FIXES ]
* GH #1232: Force deserialization of body data even when an existing
Plack::Request object has already parsed request body. Don't double
decode deserialized data. (Russell Jenkins - @veryrusty)
[ ENHANCEMENTS ]
* GH #1195: Add change_session_id() method - both as a good security
practice and to comply with other established security standards.
(Peter Mottram)
* GH #1234: Add convenience functions to access Dancer's HTTP_CODES
table. (Yanick Champoux)
[ DOCUMENTATION ]
* Fix Typo (Stefan Hornburg - Racke)
* Document $session->data (Stefan Hornburg - Racke)
