| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
o Add some pkgsrc patches to improve Content-Type header output.
Geeklog 1.6.0sr2
This release addresses the following security issue:
* Unauthorized file uploads were possible through FCKeditor.
Uploaded files still had to go through FCKeditor's filter, so it was not
possible to upload scripts (and the integrity of the Geeklog site as such
was not in danger). There were, however, reports that this was used to host
malware.
This update prevents use of the upload feature when FCKeditor is disabled
and disables it for anonymous users. It also doesn't allow uploading of
archive files any more. Furthermore, you need some sort of "edit"
permission now to be able to upload files through FCKeditor (this is meant
as an interim measure - we will probably introduce a separate "upload"
permission in future Geeklog versions).
Other fixes:
* Fixed installation using InnoDB tables.
* Fixed a (non-exploitable) SQL error when auto-updating a story's
commentcode field.
* Fixed a wrong function name in the Links plugin.
Geeklog 1.6.0sr1
This release addresses the following security issues:
1. Gerendi Sandor Attila reported an XSS in the forms to email a user and to
email a story to a friend.
2. The "Mail Story to a Friend" function didn't check story permissions, so
that it was possible to email a story even if you didn't have the
permissions to view it on the site.
Other fixes:
* Fixed an SQL error when submitting a story and the story submission queue
was off.
* Fixed calls to a nonexistent function COM_outputMessageAndAbort.
Geeklog 1.6.0
Results from the Summer of Code
This release incorporates the following projects implemented during the the
2008 Google Summer of Code:
* Site migration support and easier plugin installation, by Matt West
* Improved search, by Sami Barakat
* Comment moderation and editable comments, by Jared Wenerd
Other changes
* The minimum PHP version required by Geeklog is now PHP 4.3.0. Given that
the PHP team ended support for PHP 4 in August 2008, you should be looking
into upgrading to PHP 5 anyway.
* Includes FCKeditor 2.6.4.1
* Includes a new plugin, XMLSitemap, that automatically generates a XML
sitemap file, as supported by all major search engines. Plugin written and
provided by mystral-kk.
* Several new plugin API functions have been added and existing functions
have been extended.
* The included documentation has been moved to docs/english to allow for
translations. Links to the documentation from within Geeklog will link to
existing translations for the current language automatically (or fall back
to the English documentation if no suitable translation can be found).
* There were a variety of theme changes to support new functionality and fix
inconsistencies in the layout.
This release also includes a number of patches and improvements made by
students applying for participation in the Google Summer of Code 2009. Thank
you!
|
|
Security fixes in this version:
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.18/
|
|
|
|
* Interface changes:
o none, API and ABI backwards-compatible with 0.28.x and 0.27.x
* New interfaces and features:
o added NTLM auth support for Unix builds (Kai Sommerfeld,
Daniel Stenberg)
o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
and ne_session.h:ne_session_socks_proxy()
o added support for system-default proxies: ne_session_system_proxy(),
implemented using libproxy where available
o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag,
SSL verification failure bits extended by NE_SSL_BADCHAIN and
NE_SSL_REVOKED, better handling of failures within the cert chain
(thanks to Ludwig Nussel)
o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
ne_iaddr_raw(), ne_iaddr_parse()
o ne_string.h: ne_buffer_qappend(), ne_strnqdup()
* Deprecated interfaces:
o ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
o obsolete feature "NE_FEATURE_SOCKS" now never marked present
* Other changes:
o fix handling of "stale" flag in RFC2069-style Digest auth challenge
o ne_free() implemented as a function on Win32 (thanks to Helge Hess)
o symbol versioning used for new symbols, where supported
o ensure SSL connections are closed cleanly with OpenSSL
o fix build with OpenSSL 1.0 beta
o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a
certificate subject name; could allow an undetected MITM attack against
an SSL server if a trusted CA issues such a cert.
Tested by Daniel Horecki with SVN client.
|
|
|
|
pkgsrc changes:
- Adjusting dependencies
Upstream changes:
0.04 Sat, 12 Sep 2009 06:13:20 +0900
* Depend on PadWalker (Closes RT#49551).
0.03 Sat, 05 Sep 2009 09:42:43 +0200
* Port to Devel::Cycle. We're now able to report a broader range of leaks.
|
|
pkgsrc changes:
- Adjusting dependencies
Upstream changes:
0.10 2009-08-27 10:47:08
- bump dep on MooseX::Traits::Pluggable
0.09 2009-08-26 12:50:44
- fix trait merge bug (when not merging)
|
|
pkgsrc changes:
- Module::Pluggable is in version 3.6 include in Perl 5.10.0
--> using this one as dependency
Upstream changes:
Thu 27 Aug 02:21:09 BST 2009 - Release 0.77
Allow dispatching to Catalyst Actions, for use with ActionClasses
etc - fREW
Fix test if CATALYST_DEBUG environment variable is set
|
|
pkgsrc changes:
- Updating dependencies
- use bundled Module::Install (AuthorTests)
Upstream changes:
0.10015 Tue Sep 1 01:40:36 BST 2009
- Remove (undeclared) dependency on Class::Data::Inhertiable (RT#49086)
- Remove dependency on Test::MockObject
- Fix repository metadata in META.yml / Makefile.PL
- Make POD tests author side only.
0.10014 Tue Aug 25 15:42:57 BST 2009
- Don't always supply an "id" column in the authinfo passed to the store
class in ::Credential::Remote. This means that it works better with
the DBIC store. (t0m)
- Make auth_realms method ensure authentication is initialized
before calling methods which get created during auth initialization.
Fixes back compat cases where auth store is in the plugin list
before the authentication plugin. (t0m)
|
|
pkgsrc changes:
- Correcting license definition
- Adjusting dependencies
Upstream changes:
0.22 2009-08-21 18:14:59
- Add tests for delivering empty files.
- Fix those tests by depending on Catalyst-Runtime 5.80008.
- Throw away compatibility code for older catalyst versions.
- Fix docs to not include plugins in call to ->setup() (t0m)
|
|
Upstream changes:
0.14 2009-08-22
- Allow turning off the httponly option (Closes RT#48930).
|
|
pkgsrc changes:
- Adjusting dependencies
Upstream changes:
5.80012 2009-09-09 19:09:09
Bug fixes:
- Fix t/optional_http-server.t test.
- Fix t/optional_http-server-restart.t test.
- Fix duplicate components being loaded at setup time, each component is
now loaded at most once + tests.
- Fix backward compatibility - hash key configured actions are stored in
is returned to 'actions'.
- Fix get_action_methods returning duplicate methods when a method is both
decorated with method attributes and set as an action in config.
Refactoring / cleanups:
- Reduce minimum supported perl version from 5.8.6 to 5.8.4 as there are
many people still running/testing this version with no known issues.
Tests:
- Make the optional_http_server.t test an author only test which must be
run by authors to stop it being broken again.
- Fix recursion warnings in the test suites.
5.80011 2009-08-23 13:48:15
Bug fixes:
- Remove leftovers of the restarter engine. The removed code caused test
failures, which weren't apparent for anyone still having an old version
installed in @INC.
5.80010 2009-08-21 23:32:15
Bug fixes:
- Fix and add tests for a regression introduced by 5.80008.
Catalyst::Engine is now able to send out data from filehandles larger
than the default chunksize of 64k again.
5.80009 2009-08-21 22:21:08
Bug fixes:
- Fix and add tests for generating inner packages inside the COMPONENT
method, and those packages being correctly registered as components.
This fixes Catalyst::Model::DBIC among others.
5.80008 2009-08-21 17:47:30
Bug fixes:
- Fix replace_constructor warning to actually work if you make your
application class immutable without that option.
- Depend on Module::Pluggable 3.9 to prevent a bug wherein components
in inner packages might not be registered. This especially affected
tests.
- Catalyst::Engine::FastCGI - relax the check for versions of Microsoft
IIS. Provides compatibility with Windows 2008 R2 as well as
(hopefully) future versions.
- In tests which depend on the values of environment variables,
localise the environment, then delete only relevant environment
variables (RT#48555)
- Fix issue with Engine::HTTP not sending headers properly in some cases
(RT#48623)
- Make Catalyst::Engine write at least once when finalizing the response
body from a filehandle, even if the write is empty. This avoids fail
when trying to send out an empty response body from a filehandle.
- Catalyst::Engine::HTTP - Accept a fully qualified absolute URI in the
Request-URI of the Request-Line
Refactoring / cleanups:
- Deleted the Restarter engine and its Watcher code. Use the
new Catalyst::Restarter in a recent Catalyst::Devel instead.
- New unit test for Catalyst::Action 'unit_core_action.t'
- Bump minimum supported perl version from 5.8.1 to 5.8.6 as there are
known issues with 5.8.3.
- Debug output uses dynamic column sizing to create more readable output
when using a larger $ENV{COLUMNS} setting. (groditi)
New features:
- Added private_path method for Catalyst::Action
- Allow uri_for($controller_instance) which will produce a URI
for the controller namespace
- Break setup_components into two more parts: locate_components and
expand_component_module (rjbs)
- Allow Components to return anon classed from their COMPONENT method
correctly, and have action registration work on Controllers returned
as such by adding a catalyst_component_name accessor for all components
which returns the component instance's name to be used when building
actions etc.
- Adding X-Forwarded-Port to allow the frontend proxy to dictate the
frontend port (jshirley)
- Added Catalyst::Stats->created accessor for the time at the start of
the request.
Documentation:
- Fix POD to refer to ->config(key => $val), rather than
->config->{key} = $val, as the latter form is deprecated.
- Clearer docs for the 'uri_for' method.
- Fix POD refering to CGI::Cookie. We're using CGI::Simple::Cookie.
(Forrest Cahoon)
|
|
pkgsrc changes:
- Correcting license definition
Upstream changes:
0.26 Mon Aug 24 16:11:37 PDT 2009
- Work around not to expose Catalyst specific stash variables
(Chris Prather)
|
|
pkgsrc changes:
- Correcting license definition
- prevent Module::Install::AutoInstall from installing
Upstream changes:
0.30 2009-09-12 23:47:00
- Doc fixes:
+ Expand ::V:: to ::View:: (RT #45792)
+ Expand ::C:: to ::Controller:: and use $c->view('TT')
where appropriate (bricas)
+ Add note about use CGI in a template making Catalyst hang
(Gunnar Strand)
- "use warnings" in Catalyst::View::TT and output from the TT helper
- Expand TTSite documentation (RT #33838)
- Added a test for direct rendering of a template from a view object,
without a request.
- Added support for running render with a undef context.
|
|
pkgsrc changes:
- Adjusting license definition
Upstream changes:
0.18 Sat, 22 Aug 2009 21:17:52 +0200
- Make it work with Catalyst::Runtime 5.80010.
- Fix warnings in the test suite.
|
|
Lost of updates and fixes.
|
|
in CVE-2009-3094.
|
|
* Update Japanese translation files for typoight 2.7.3.
|
|
as full release.
And add updated fckeditor for Geeklog.
These updates should fix known security problems, Secunia SA36372.
Jul 30, 2009 (1.5.2sr5)
------------
This release addresses the following security issues:
- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
email a story to a friend.
- The "Mail Story to a Friend" function didn't check story permissions, so that
it was possible to email a story even if you didn't have the permissions to
view it on the site.
|
|
Bump PKGREVISION.
|
|
|
|
Changes since 2.3.2:
* I18n support for plugins.
|
|
Upstream changes:
2009-08-26 Kingpin <Martin@BLUEMAX>
* lib/WWW/Amazon/Wishlist.pm (_extract): strip extra spaces from titles
* Programs/amazonwish: fixed a warning
* lib/WWW/Amazon/Wishlist.pm (_extract): fixed the next-url parser
2009-08-15 Kingpin <Martin@BLUEMAX>
* lib/WWW/Amazon/Wishlist.pm (get_list): fixed the author parser
(get_list): sleep to avoid overwhelming the server
2009-08-14 Kingpin <Martin@BLUEMAX>
* lib/WWW/Amazon/Wishlist.pm (_extract): fixed the parser
2009-07-18 Kingpin <Martin@BLUEMAX>
* lib/WWW/Amazon/Wishlist.pm (_extract): fixed the priority parser
2009-01-17 Kingpin <Martin@BLUEMAX>
* lib/WWW/Amazon/Wishlist.pm: removed dependency on File::Slurp
|
|
pkgsrc changes:
- adding license definition
Upstream changes:
4.42 - Wednesday, August 26, 2009
No code changes.
* DOCUMENTATION: Fix broken links in documentation and tests. (RT##49020)
|
|
Upstream changes:
Version 3.47
Re-release of 3.46, which did not contain a proper MANIFEST
Version 3.46
[BUG FIXES]
1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and
and Mark Stosberg. (RT#42114).
2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg
and Bob Kuo. (RT#39122)
3. checkbox_group() now correctly includes a space before the "checked" attribute.
Thanks to Andrew Speer and Bob Kuo. (RT#36583)
4. Fix case-sensitivity in http() and https() according to docs. Make https()
return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909)
5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to
Dan Harkless and Yanick Champoux. (RT#27907)
6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530)
7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and
Rhesa Rozendaal (RT#13158)
8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and
Shawn Corey. (RT#22046)
9. url_param() has been updated to be more consistent with the documentation and param().
Thanks to Britton Kerin and Yanick Campoux. (RT#43587)
10.hidden() now correctly supports multiple default values.
Thanks to david@dierauer.net and Russell Jenkins. (RT#20436)
11.Calling CGI->new() no longer clobbers the value of $_ in the current scope.
Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131)
12.UTF-8 params should not get double-decoded now.
Thanks to Yves, Bodo, Burak G"ursoy, and Michael Schout. (RT#19913)
13.We now give objects passed to CGI::Carp::die a chance to be stringified.
Thanks to teek and Yanick Champoux (RT#41530)
14.Turning off autoEscape() now only affects the behavior of built-in HTML
generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless
of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748)
15.In CGI::Fast, preferences set via pragmas are now preserved.
Thanks to heinst and Mark Stosberg (RT#32119)
[DOCUMENTATION]
1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884)
2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114)
3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223)
4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg.
5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg.
6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935).
7. Docs and examples were updated to highlight start_form instead of startform.
Thanks to Slaven Rezic.
8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles.
Thanks to rhubbell and Mark Stosberg.
9. The documentation for the -newstyle_urls is now less confusing.
Thanks to Ryan Tate and Mark Stosberg (RT#49454)
[INTERNALS]
1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More
is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811)
2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436)
3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo.
|
|
|
|
and friends. Include <stdint.h> instead. Might fix PR pkg/42033.
|
|
-ldb4 fixes it's unlikely this there's any need or value in pulling in
extension.mk any more.
|
|
MFSA 2009-51 Chrome privilege escalation with FeedWriter
MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters
MFSA 2009-49 TreeColumns dangling pointer vulnerability
MFSA 2009-48 Insufficient warning for PKCS11 module installation and removal
MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)
|
|
MFSA 2009-51 Chrome privilege escalation with FeedWriter
MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters
MFSA 2009-49 TreeColumns dangling pointer vulnerability
MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)
|
|
syndrome too
require the new Python versions and bump PKGREVISION
|
|
|
|
=============================
1.17 [20Aug2009]
---------------
- Add bug links in revision informations (Alexandre Garnier, #314052)
- Make sure that binary files aren't annotated. (Martin Albisetti,
#258848)
- Loggerhead now serves bzr branches over HTTP and exposes the URL
to branch them. Addresses bug #240577. (Jonathan Lange)
- Leading blank lines in commit messages no longer result in an
empty summary. (Colin Watson)
- Added optional syntax highlighting to annotate view using
python-pygments. Partially addresses bug #306631. (Peter Bui)
- Convert newlines in commit messages to HTML line breaks for
annotate and changelog views. Addresses bug #273688. (Peter
Bui)
- serve-branches now errors if run behind a proxy without
paste.deploy installed. (Michael Hudson)
- Loggerhead should now handle file and directory names that need
URL escaping without crashing.
- The start-loggerhead script properly sets the wsgi.url_scheme
from the server.webpath option. (neror, #260547)
- The revision page defaults to unified style again, and can
convert to a side-by-side view using JavaScript. (Michael Hudson)
- Clean up and improve performance of the annotate view. (Michael
Hudson)
- Finish converting JavaScript from MooTools to YUI 3. (Michael
Hudson)
- Improve compatibility with IE 6. (Michael Hudson)
- Leading blank lines in commit messages no longer result in an
empty summary. (Colin Watson)
- Clip long lines in side-by-side diff view. (Michael Hudson,
#334837)
- The user-confusing "next" and "previous" links now read "older"
and "newer" respectively. (Michael Hudson, #297930)
- The annotate view now contains line number anchors. (Michael
Hudson)
- Fix inventory pages using "//" in links. (Michael Hudson, #329668)
- Fix problems viewing files and directories containing spaces and
other funny characters. (Peter Bui)
- Changelog messages are now displayed with newlines preserved.
(Peter Bui, #273688)
- Offer a link to see the full file diffs for a file path. (Michael
Hudson, #333797)
- Fix annotate error caused by Pygments stripping trailing
whitespace. (Michael Hudson, #338762)
- Loggerhead can be installed as a Bazaar plugin and run by
'bzr serve --http'. (Martin Pool)
- Load parts of the changelog and revision pages via XMLHttpRequest
to improve performance. This adds a dependency on simplejson or
json. Partially addresses bug #253950. (Michael Hudson)
- Various improvements to the animation JavaScript. (Michael Hudson)
- Fix HTML content of source files being displayed unescaped when
Pygments was unavailable. (Michael Hudson, #344970)
- Fix serve-branches's path argument. (Michael Hudson, #353230)
- serve-branches now has an option, --use-cdn, to load YUI from
Yahoo!'s CDN. (Matt Nordhoff)
- Fix certain race conditions for loading bzr-search. (Robert
Collins, #334250)
- Fix errors when using serve-branches --log-folder or --user-dirs.
(It was calling config.get_option() incorrectly.) (Matt Nordhoff,
bug #361238)
- Move some caching from RAM to the disk, and other caching and
memory usage improvements. (Michael Hudson)
- Add a --cache-dir option to serve-branches to choose where to
place the SQL cache, and only create one temporary SQL dir per
process. (Matt Nordhoff, #358322)
- Replace homebrew memory profiling code with Dozer. (Paul Hummer)
- Use the branch's public_branch as the default suggested URL to
branch from (Matt Nordhoff, #369767)
- Fix a file descriptor leak (Matt Nordhoff, #370845)
- Use transport API internally, so it is possible to specify a remote
URL to serve-branches. (Jelmer Vernooij, #371787)
- Fix internal server errors when using start-loggerhead. (Matt
Nordhoff, #375948)
- Fix annotating non-UTF-8 files when Pygments is disabled. (Matt
Nordhoff, #376957)
- Fix 'bzr serve --http' errors. (Matt Nordhoff, #377551)
- Added the option to hide branches by setting http_serve = False
in locations.conf (Martin Albisetti)
- Fix serving branches over HTTP. (Matt Nordhoff, Jelmer Vernooij,
#380026)
- Install loggerhead as a bzr plugin by default (Jelmer Vernooij)
- Fix logging 404 Not Found responses (Matt Nordhoff, #381029)
- Bumped minimunm bzrlib version to 1.13 (Martin Albisetti)
- Make sure the Atom feeds (nearly) validate. (Matt Nordhoff, #247162)
- Support serving branches over HTTP using the smart server protocol.
(Jelmer Vernooij, #306853)
- Serving branch data was broken when --allow-writes was *not*
passed. (Michael Hudson, #388730)
- http_serve config values are interpreted more forgivingly.
(Michael Hudson)
- When specifying a remote url to serve-branches, do not share
connections between threads. (Michael Hudson, #390972)
- http_serve values from locations.conf are now applied to
non-branch .bzr data (e.g shared repositories). (Michael Hudson)
- tags are now displayed. (Cris Boylan, Alexandre Garnier, Michael
Hudson, #246739)
- Display Loggerhead's version number at the bottom of the page, and
add a <meta> generator tag also including the version numbers of
its dependencies. (Matt Nordhoff, #370155)
|
|
were not installed (at least on NetBSD), bump PKGREVISION
|
|
|
|
Changes to squid-3.0.STABLE19 (06 Sep 2009):
- Bug 2745: Invalid Response error on small reads
- Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
- Bug 2734: some compile errors on Solaris
- Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
- Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
- Bug 2362: Remove support for deferred state in stateful helpers
- Add 0.0.0.0 as a to_localhost address
- Docs: Improve chroot directive documentation slightly
- Fixup libxml2 include magics, was failing when a configure cache was used
- ... and some minor testing improvements.
|
|
Version 2.7.3 (2009-09-06)
--------------------------
- Added dynamic spellchecker languages to TinyMCE
- Added pseudo entities [{] and [}] to output insert tags
- Fixed issue with breadcrumb menu not handling redirect pages
- Fixed issue with incorrect row count in forms with hidden fields
- Fixed issue with empty rows in memberlists without username (#929)
- Fixed issue with event feeds containing foreign entries (#866)
- Fixed issue with certain multi-day events not being calculated correctly (#855)
- Fixed issue with empty keywords being added to the meta keywords tag (#540)
- Fixed issue with navigation icons not being disabled in the template editor (#761)
- Fixed issue with insert tag "user" not formatting its output (#957)
- Fixed issue with backlinks not being exempt from the search index (#896)
- Fixed issue with special characters in file names not being decoded properly (#877)
- Fixed issue with default user and group not being applied (#888)
- Fixed issue with missing "readonly" attribute of text field widgets (#901)
- Fixed issue with group login page overriding option "last page visited" (#916)
- Fixed issue with thumbnails of large images exceeding the memory limit (#922)
- Fixed issue with subscriptions being activated upon registration (#881)
- Fixed a few issues with the style sheet importer (#838)
- Fixed various spelling issues (#942)
- Fixed a few minor issues
|
|
It seems that one typo was fixed in
application/controllers/ToolController.class.php.
Introduce DIST_SUBDIR and bump PKGREVISION. Should be fix PR pkg/41999.
|
|
Changelog
=========
Since 1.5.2
-----------
- bugfix: Cannot create companies with normal user without the
"Can manage contacts" permission
- bugfix: Auto-upgrade feedback fixed.
- bugfix: Fixed a problem when classifying email (attachments were added
as new versions of existing files).
- bugfix: Allow email addresses with single quote
- bugfix: Changed several "substr" for "utf8_substr" to avoid errors like
"null" on dashboard.
- bugfix: Added a default address when sending email reminders.
Fixes problems when sending reminders.
- bugfix: Fixed some display issues with the "Close" button in objects' view.
- bugfix: Fixed a problem that would cause the Overview to be loaded
on every tab when clicking the "All" workspace.
- bugfix: Custom properties were not being kept when editing an object.
- bugfix: If a user is subscribed to an object and loses permissions to it
it will not receive notifications any more.
- bugfix: Error 500 when deleting a user.
- bugfix: Email body was not shown for html emails when ROOT_URL was relative.
- bugfix: Create user from contact was not allowed if user was linked
to a trashed contact, fix: contact is restored.
- bugfix: Task drag & drop does not allow drag from a workspace to another.
- bugfix: Saving workspace while rendering permissions was allowed, and
no permissions were saved.
- bugfix: When creating new workspace, user checkboxes did not
check/uncheck all permissions.
- bugfix: Internal server error when deleting user with its personal workspace.
- bugfix: Instantianting template without parameters was going back
instead of reloading.
- bugfix: Calendar views was not showing milestones assigned to everybody
when filtering by "my calendar".
- bugfix: In IE when expanding subtask list, the tasks below them did non
move aside.
- bugfix: Some mail contents were not included in reply or forward body.
- bugfix: Instantiating repeating tasks with subtasks did not put
correct status to some subtasks.
- bugfix: isToday function was not returning the correct value sometimes.
- bugfix: Csv export: when a field contains "," export is wrong, field
must be enclosed with quotes.
- bugfix: Importing more than one contact with no email address overwrites
the previous one.
- bugfix: Contacts are not linked to companies when importing from csv.
- bugfix: Subscribers and invitation lists were not showing users who have
group permissions but no individual permissions.
- bugfix: If an error occurs when sending a queued email the email is now
not deleted.
- bugfix: Mindmap viewer overlaps object linker.
- bugfix: The "include subworkspaces" checkbox for the iCal feed was
being ignored.
- usability: The user is warned when searching for short strings.
|
|
|
|
|
|
|
|
only affects platforms that would not previously complete building, so no
PKGREVISION++ required.
|
|
Bug Fixes
1. Change to workaround problem where correct version of Python
framework isn't being found at run time and instead uses the standard
system one, which may be the wrong version. Change is for those Python
versions on MacOS X which include a .a in Python config directory,
which should be symlinked to framework, link against the .a
instead. For some reason, doing this results in framework then being
picked up from the correct location.
This problem may well have only started cropping up at some point due
to a MacOS X Leopard patch update as has been noticed that Python
frameworks installed previously stopped being found properly when
mod_wsgi was subsequently recompiled against them. Something may
therefore have changed in compiler tools suite.
For more details see:
http://code.google.com/p/modwsgi/issues/detail?id=28
2. Remove isatty from Log object used for stdout/stderr. It should
have been a function and not an attribute. Even so, isatty() is not
meant to be supplied by a file like object if it is associated with a
file descriptor. Thus, packages which want to use isatty() are
supposed to check for its existance before calling it. Thus wasn't
ever mod_wsgi that was wrong in not supply this, but the packages
which were trying to use it.
For more details see:
http://code.google.com/p/modwsgi/issues/detail?id=146
|
|
* Included last fixes for 1.4 final.
* Some cleanup and fine work: added information about "-b" parameter to the
help output. Added "!" to the list of allowed characters in urls.
* Added a switch to turn on the progress bar.
* Bug fixes.
* Added MySQL support for authentication.
|
|
* [ Joey Hess ]
* po: Detect if nowrapi18n can't be passed to po4a, and warn about
the old version, but continue. Closes: #541205
* inline: Avoid use of my $_ as it fails with older perls.
Closes: #541215
* Add discussionpage configuration setting.
* Several optimisations, including speedups to orphans and brokenlinks
calculation.
* meta, img: Fix bugs in dependency code. (smcv)
* Allow building ikiwiki on systems w/o po4a --
building of the translated underlays will be skipped in this case.
* Add basic styling of po plugin's languages list.
* inline: Display an error if feedpages is specified and fails to match
due to a problem such as created_before being told to check against
a page that does not exist.
* Remove deprecated ikiwiki/blog and ikiwiki/preprocessordirective
pages from the basewiki.
* Updated French program translation from Philippe Batailler.
Closes: #542036
* po: Fixed to run rcs_add ralative to srcdir.
* Italian program translation from Luca Bruno.
* Fix example blog's tags/life to not have a broken PageSpec.
Closes: #543510
* Optimize the dependencies list. This also fixes a bug
that could cause repeated refreshes of the wiki to grow
increasingly larger dependency lists, and get increasingly
slower. (smcv)
* Rebuild wikis on upgrade to this version to fix bloat caused
by the dependency bug.
* Further optimisation of dependency handling by adding a special
case for simple page dependencies. (smcv)
* htmltidy: Return an error message if tidy fails. Closes: #543722
* po: Fix name of translated toplevel index page. (intrigeri)
* po: Fix display of links from a translated page to itself (ntrigeri)
* Add Czech basewiki translation from Miroslav Kure.
* po: fix interdiction to create pages of type po (intrigeri)
* po: po: favor the type of linking page's masterpage on page creation
(intrigeri)
* img: Don't generate new verison of image if it is scaled to be
larger in either dimension.
* [ Josh Triplett ]
* teximg: Replace the insufficient blacklist with the built-in security
mechanisms of TeX. (CVE-2009-2944)
In order to fix a performance bug, all wikis need to be rebuilt on
upgrade to this version. If you listed your wiki in /etc/ikiwiki/wikilist,
use ikiwiki-mass-rebuild to force a rebuild.
|
|
While here,
* add user-destdir support
* convert dynamic PLIST to static one
* share/doc/html was deprecated, install in share/doc directly
* Remove restriction to python23, and change PKGNAME to allow creating
python valiant packages.
This release addresses a vulnerability in mod_python's publisher handler
whereby a carefully crafted URL would expose objects that should not be
visible, leading to an information leak. The Common Vulnerabilities and
Exposures project (http://cve.mitre.org/) has assigned the name CAN-2005-0088
to this issue.
Users of the publisher handler are urged to upgrade as soon as possible.
|
|
|
|
left disabled by default. Correct me if I'm wrong but it feels like
most pkgsrc users don't use gnome. If someone can comment on the
benefits of these dependencies in the GNOME environment, speak up.
|
|
|
