| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.34-1.35
- www/wordpress/PLIST 1.16-1.17
- www/wordpress/distinfo 1.26-1.27
---
Module Name: pkgsrc
Committed By: morr
Date: Thu Aug 8 07:50:58 UTC 2013
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
Update to newest version of Wordpress 3.6.
ChangeLog:
New Default Theme - Twenty Thirteen
* Focus on blogging
* Single column layout with Sidebar / Widgets in the footer
* Latest Theme Features support, particularly Post Formats and Semantic Markup
* Font-based icons (Genericons)
Admin Enhancements
* UI improvements on Navigation Menus Screen
* Revisions revised to be more dynamic and scalable
* Autosave and Post Locking
* Preview Audio and Video on Media Edit Screen
* In-line login following expired sessions
For Developers
* External Libraries have been updated.
* New audio/video APIs give developers access to powerful media metadata, like
ID3 tags.
* Filters for revisions, allowing you to set the number of revisions ad hoc
instead of only via a define.
* Semantic Markup allows themes to choose improved HTML5 markup for search
forms, comment forms, and comment lists.
* Search content for shortcodes with has_shortcode() and adjust shortcode
attributes with a new filter.
More info on http://codex.wordpress.org/Version_3.6
---
Module Name: pkgsrc
Committed By: morr
Date: Thu Sep 12 17:19:59 UTC 2013
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
This maintenance release addresses 13 bugs with version 3.6.
Additionally: Version 3.6.1 fixes three security issues:
* Remote Code Execution: Block unsafe PHP de-serialization that could occur in
limited situations and setups, which can lead to remote code execution.
Reported by Tom Van Goethem. CVE-2013-4338.
* Link Injection / Open Redirect: Fix insufficient input validation that could
result in redirecting or leading a user to another website.
Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
for Disease Control and Prevention. CVE-2013-4339.
* Privilege Escalation: Prevent a user with an Author role, using a specially
crafted request, from being able to create a post "written by" another user.
Reported by Anakorn Kyavatanakij. CVE-2013-4340.
Additional security hardening:
* Updated security restrictions around file uploads to mitigate the potential
for cross-site scripting. The extensions .swf and .exe are no longer allowed
by default, and .htm and .html are only allowed if the user has the ability
to use unfiltered HTML.
More on http://codex.wordpress.org/Version_3.6.1
|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.34
- www/mediawiki/PLIST 1.17
- www/mediawiki/distinfo 1.23
---
Module Name: pkgsrc
Committed By: wen
Date: Sat Sep 7 14:49:42 UTC 2013
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log Message:
Update to 1.21.2
Upstream changes:
Changes since 1.21.1
SECURITY: Fix extension detection with 2 .'s
SECURITY: Support for the 'gettoken' parameter to action=block and
action=unblock, deprecated since 1.20, has been removed.
SECURITY: Sanitize ResourceLoader exception messages
Purge upstream caches when deleting file assets.
Unit test suite now runs the AutoLoader tests. Also fixed the autoloading
entry for the PageORMTableForTesting class though it had no impact.
|
|
www/typo3_60: security update
Revisions pulled up:
- www/typo3_60/Makefile 1.4
- www/typo3_60/PLIST 1.4
- www/typo3_60/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Sep 6 14:16:46 UTC 2013
Modified Files:
pkgsrc/www/typo3_60: Makefile PLIST distinfo
Log Message:
Update typo3-60 package to 6.0.9.
This release contains a security fix, please refer TYPO3 Security Bulle=
tin
TYPO3-CORE-SA-2013-003: TYPO3-CORE-SA-2013-003: Incomplete Access Manag=
ement
and Remote Code Execution Vulnerability in TYPO3 Core.
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor=
e-sa-2013-003/
2013-09-04 8506ff6 [RELEASE] Release of TYPO3 6.0.9 (=
TYPO3 Release Team)
2013-09-04 952974b #50886 [SECURITY] Prohibit accessing stor=
age 0 from backend UI (Steffen Ritter)
2013-09-04 1e710fb #50883 [SECURITY] Identifiers may refer t=
o resources outside the storage (Steffen Ritter)
2013-09-04 6073618 #51495 [SECURITY] Deny arbitrary code exe=
cution possibility for editors (Helmut Hummel)
2013-09-04 b3e53a0 #51327 [SECURITY] Refactor and fix FAL us=
er permission handling (Helmut Hummel)
2013-09-04 31d5b88 #51326 [SECURITY] Add possibility to en-/=
disable file permission checks (Helmut Hummel)
2013-09-04 02aa25d #51079 [SECURITY] Check permissions in al=
l actions of ResourceStorage (Steffen Ritter)
2013-09-03 77701ad [TASK] CGL Cleanup of ResourceStor=
age (Helmut Hummel)
2013-09-03 ec0a99c #49842 [BUGFIX] Storage is offline but is=
still used (Frans Saris)
2013-09-03 1cf9d3c #51672 [BUGFIX] Fix fatal error in Extend=
edFileUtility (Helmut Hummel)
2013-09-01 55724fb #31998 [BUGFIX] Faulty check for missing =
SMTP port (Tomita Militaru)
2013-08-31 c73e4fe #50424 [BUGFIX] Backend Layout Grid Wizar=
d not fully visible in Mac Firefox 22 (Roland Schenke)
2013-08-30 0547211 #51585 [BUGIFX] Missing argument in EM Li=
st view VH (Francois Suter)
2013-08-29 2b86070 #51328 [BUGFIX] Only log file/directory a=
ctions which were done (Helmut Hummel)
2013-08-29 dc01b69 #51544 [BUGFIX] Sprite manager cache impr=
ovement (Christian Kuhn)
2013-08-29 01acc60 #50707 [BUGFIX] TCA 'group' selectedListS=
tyle with 'width' breaking layout (Ernesto Baschny)
2013-08-29 2727a6a #51460 [BUGFIX] Database integrity check =
fatal error (Stefan F=FCrst)
2013-08-29 1a04377 #51474 [BUGFIX] Cast autoload and classAl=
iasMap to Array (Michel Georgy)
2013-08-29 f1ab499 #51509 [BUGFIX] Add missing API method Fi=
leInterface::getNameWithoutExtension (Ernesto Baschny)
2013-08-28 2c8a999 #36244 [BUGFIX] Exclude empty passwords f=
rom password hashing check (Nicole Cordes)
2013-08-27 05fccd0 #50234 [TASK] Make the extension titles l=
ink to the configuration (Nicole Cordes)
2013-08-27 774a1e0 #51304 [BUGFIX] Hide translations in cate=
gories selector (Francois Suter)
2013-08-27 ed32255 #50870 [BUGFIX] Tests in Localization\Par=
ser\LocallangXmlParserTest fail (Nicole Cordes)
2013-08-27 f7e4a7e #50760 [BUGFIX] Escape title tag of image=
links (Alexander Stehlik)
2013-08-27 7bd1009 #25327,#37026 [BUGFIX] Page tree filtering broke=
n in IE7 & IE8 (Aske Ertmann)
2013-08-25 a735101 #51209 [BUGFIX] Ignore permission checks =
for processed files (Helmut Hummel)
2013-08-20 910d820 #37892 [BUGFIX] No version overlay should=
be done for sys_language (Lienhart Woitok)
2013-08-20 19a811d #46989 [BUGFIX] Files with unclean path i=
ndexed multiple times (Stefan Neufeind)
2013-08-18 fb7b686 #50614 [TASK] FilesContentObject::stdWrap=
Value(): only execute stdWrap once (Stefan Neufeind)
2013-08-18 d368497 #43428 [BUGFIX] Language-module icons nee=
d to display in correct size (Stefan Neufeind)
2013-08-17 fbbad86 #30636 [BUGFIX] TCA: subtypes_addlist not=
processed (Benjamin Mack)
2013-08-17 f39a79d #47844 [BUGFIX] Query parameters of exter=
nal link may get altered (Stanislas Rolland)
2013-08-16 a09dc5f #51115 [TASK] Disable scheduler-tests if =
EXT:scheduler not loaded (Anja Leichsenring)
2013-08-16 8dfaf9c #51004 [BUGFIX] Fix file permission metho=
ds in BackendUserAuthentication (Helmut Hummel)
2013-08-16 db51023 #51007 [BUGFIX] Fix inconsistencies in ge=
tTSConfig in BackenuserAuth (Helmut Hummel)
2013-08-16 221a435 Revert "[BUGFIX] Fix inconsistenci=
es in getTSConfig in BackenuserAuth" (Helmut Hummel)
2013-08-16 8b33a0d Revert "[BUGFIX] Fix file permissi=
on methods in BackendUserAuthentication" (Helmut Hummel)
2013-08-15 d3b7851 #51007 [BUGFIX] Fix inconsistencies in ge=
tTSConfig in BackenuserAuth (Helmut Hummel)
2013-08-15 329645c #51004 [BUGFIX] Fix file permission metho=
ds in BackendUserAuthentication (Helmut Hummel)
2013-08-14 61506bb #46094 [BUGFIX] Avoid usage of subheader =
in mailform (Francois Suter)
2013-08-12 d7ef5a9 #47806 [BUGFIX] Typing after abbr or acro=
nym tag is difficult (Stanislas Rolland)
2013-08-12 c8a83e7 #50193 [BUGFIX] FAL: Image Processing doe=
sn't respect GFX "thumbnails_png" (Benjamin Mack)
2013-08-12 7b16232 #51010 [BUGFIX] Allow reading files if st=
orage is not browsable (Helmut Hummel)
2013-08-11 f92dbbd #51005 [BUGFIX] Take into account all fil=
e and folder permissions (Helmut Hummel)
2013-08-11 4943a8f #50844 [BUGFIX] Failing tests in Resource=
\Driver\LocalDriverTest on Windows (Nicole Cordes)
2013-08-11 ac39140 #51012 [BUGFIX] Missing \TYPO3\CMS\Core\U=
tility\ in ResourceFactory (Wouter Wolters)
2013-08-11 55446c5 #51011 [TASK] Add signal in ResourceFacto=
ry for storage creation (Helmut Hummel)
2013-08-11 271e801 #44910 [BUGFIX] LocalDriver: Recursive fi=
le listing is broken (Andreas Wolf)
2013-08-11 4978ea7 #50502 [BUGFIX] rtehtmlarea acronym error=
with static_info_tables 6.0+ (Stanislas Rolland)
2013-08-08 150e458 #48523 [BUGFIX] Reports module tries to l=
oad not-installed extension (Wouter Wolters)
2013-08-08 8ed8066 #50868 [BUGFIX] number_format() expects p=
arameter 1 to be double (Wouter Wolters)
2013-08-07 98bc16b #50568 [BUGFIX] Ignore case in file exten=
sion filter (Alexander Stehlik)
2013-08-07 20df928 #50872 [BUGFIX] Correctly set user storag=
e permissions (Helmut Hummel)
2013-08-07 c941199 #50867 [TASK] Introduce AbstractHierarchi=
calFilesystemDriver (Steffen Ritter)
2013-08-07 f3f221d #50843 [BUGFIX] Failing Resource\FactoryT=
est on Windows systems (Nicole Cordes)
2013-08-07 c75eefb #47106 [BUGFIX] Indexing of external file=
s does not work in indexed_search (Wouter Wolters)
2013-08-07 80aeb3a #50562 [BUGFIX] Callback in CrawlerHook o=
f indexed_search sysext buggy (Marius B=FCscher)
2013-08-07 647d075 #50812 [BUGFIX] Backup singletons in unit=
tests prior to other setUp operations (Nicole Cordes)
2013-08-06 5250c54 #50628 [BUGFIX] Fix EmConfUtility::fixEmC=
onf conflicts generation (Sascha Egerer)
2013-08-06 e3d9d7b #50125 [BUGFIX] Incorrect check for empty=
folder (Philipp Gampe)
2013-08-06 0f2a29d #50615 [TASK] Use magic __CLASS__ in getI=
nstance()-methods (Stefan Neufeind)
2013-08-06 ad9328c #50751 [BUGFIX] Fix empty href parameter =
(Anja Leichsenring)
2013-08-06 9e407f0 #50809 [BUGFIX] Fix failing test in Stora=
geRepositoryTest (Anja Leichsenring)
2013-08-06 449dc72 #50803 [BUGFIX] Fatal error: "enableField=
s on non-object" in extension manager (Ernesto Baschny)
2013-08-04 3cd1045 #50466 [BUGFIX] MySQL: Use ENGINE (not TY=
PE) for storage-engine (Stefan Neufeind)
2013-08-01 db1c38b #43893 [BUGFIX] selected =3D 1 doesn't wo=
rk in FormContentObject (Wouter Wolters)
2013-08-01 f827fc9 #47123 [BUGFIX] Suppress double page entr=
y in temporary mounted pagetree (Frank Frewer)
2013-07-31 2feccc5 #36031 [TASK] Provide information about i=
mport action in TCEmain to hooks (Stefan Galinski)
2013-07-31 07f3578 #43631 [BUGFIX] RTE wizard can't "save do=
cument and view page" (Stanislas Rolland)
|
|
www/contao211: bug fix patch
www/contao30: bug fix patch
www/contao31: bug fix patch
Revisions pulled up:
- www/contao211/Makefile 1.9
- www/contao211/PLIST 1.6
- www/contao30/Makefile 1.10
- www/contao30/PLIST 1.5
- www/contao31/Makefile 1.4
- www/contao31/PLIST 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 15 17:50:04 UTC 2013
Modified Files:
pkgsrc/www/contao211: Makefile PLIST
Log Message:
Since system/config/config.php isn't configuration file, install it as
normal files. It caused trouble with old config.php.
Also, remove extra install process of system/config/.htaccess.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 15 17:52:11 UTC 2013
Modified Files:
pkgsrc/www/contao30: Makefile PLIST
Log Message:
Since system/config/default.php isn't configuration file, install it as
normal files. It might cause trouble with old default.php.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 15 17:53:23 UTC 2013
Modified Files:
pkgsrc/www/contao31: Makefile PLIST
Log Message:
Since system/config/default.php isn't configuration file, install it as
normal files. It might cause trouble with old default.php.
Bump PKGREVISION.
|
|
in pullup ticket #4218.
|
|
www/cvsweb: Perl compatibility patch
Revisions pulled up:
- www/cvsweb/Makefile 1.40
- www/cvsweb/distinfo 1.17
- www/cvsweb/patches/patch-cvsweb.cgi 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue Jul 30 13:01:11 UTC 2013
Modified Files:
pkgsrc/www/cvsweb: Makefile distinfo
Added Files:
pkgsrc/www/cvsweb/patches: patch-cvsweb.cgi
Log Message:
Fix warnings from newer perl versions
|
|
www/py-werkzeug-docs: packaging fix
Revisions pulled up:
- www/py-werkzeug-docs/Makefile 1.2
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 5 08:40:14 UTC 2013
Modified Files:
pkgsrc/www/py-werkzeug-docs: Makefile
Log Message:
Simplify PKGNAME for older make(1)s or other parsers.
|
|
www/typo3_60: security update
Revisions pulled up:
- www/typo3_60/Makefile 1.3
- www/typo3_60/PLIST 1.3
- www/typo3_60/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 4 16:26:06 UTC 2013
Modified Files:
pkgsrc/www/typo3_60: Makefile PLIST distinfo
Log Message:
Update typo3_60 to 4.6.8 (TYPO3 4.6.8).
4.6.7: maintenance release.
4.6.8: Fix typo3-core-sa-2013-002.
For full changes, please ChangeLog file.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/typo3_60/Makefile \
pkgsrc/www/typo3_60/PLIST pkgsrc/www/typo3_60/distinfo
|
|
www/typo3_47: security update
Revisions pulled up:
- www/typo3_47/Makefile 1.17
- www/typo3_47/PLIST 1.9
- www/typo3_47/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 4 16:24:59 UTC 2013
Modified Files:
pkgsrc/www/typo3_47: Makefile PLIST distinfo
Log Message:
Update typo3_47 to 4.7.14 (TYPO3 4.7.14).
4.7.13: maintenance release.
4.7.14: Fix typo3-core-sa-2013-002.
For full changes, please ChangeLog file.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/typo3_47/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/typo3_47/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/typo3_47/distinfo
|
|
www/typo3_45: security update
Revisions pulled up:
- www/typo3_45/Makefile 1.26
- www/typo3_45/PLIST 1.12
- www/typo3_45/distinfo 1.21
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 4 16:23:57 UTC 2013
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.5.29 (TYPO3 4.5.29).
4.5.28: maintenance release.
4.5.29: Fix typo3-core-sa-2013-002.
For full changes, please ChangeLog file.
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/www/typo3_45/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/typo3_45/PLIST
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/typo3_45/distinfo
|
|
www/apache24: security update
Revisions pulled up:
- www/apache24/Makefile 1.21 via patch
- www/apache24/PLIST 1.11
- www/apache24/distinfo 1.10
- www/apache24/patches/patch-support_htdbm.c deleted
- www/apache24/patches/patch-support_htdigest.c deleted
- www/apache24/patches/patch-support_htpasswd.c deleted
- www/apache24/patches/patch-support_passwd__common.c deleted
- www/apache24/patches/patch-support_passwd__common.h deleted
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Jul 30 12:51:29 UTC 2013
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/apache24/patches: patch-support_htdbm.c
patch-support_htdigest.c patch-support_htpasswd.c
patch-support_passwd__common.c patch-support_passwd__common.h
Log Message:
Update to 2.4.6
Changelog:
Security buxfixes.
SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.
SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed.
And feature enhancement and bugfixes.
|
|
misc/rubygems: build fix
textproc/ruby-xslt: build fix
Revisions pulled up:
- converters/ruby-unf_ext/Makefile 1.4
- converters/ruby-unf_ext/PLIST 1.3
- databases/ruby-ldap/Makefile 1.15
- databases/ruby-ldap/PLIST 1.6
- databases/ruby-odbc/Makefile 1.14
- databases/ruby-odbc/PLIST 1.8
- databases/ruby-pg/Makefile 1.16
- databases/ruby-pg/PLIST 1.10
- devel/ruby-rbtree/Makefile 1.10
- devel/ruby-rbtree/PLIST 1.6
- graphics/ruby-gd/Makefile 1.40
- graphics/ruby-gd/PLIST 1.9
- lang/ruby/gem.mk 1.21-1.22
- lang/ruby193-base/Makefile 1.31
- lang/ruby193-base/PLIST 1.9
- lang/ruby193-base/distinfo 1.23
- lang/ruby193-base/patches/patch-lib_rubygems_command.rb 1.1
- lang/ruby193-base/patches/patch-lib_rubygems_command__manager.rb 1.1
- lang/ruby193-base/patches/patch-lib_rubygems_dependency__installer.rb 1.4
- lang/ruby193-base/patches/patch-lib_rubygems_gem__runner.rb 1.1
- lang/ruby193-base/patches/patch-lib_rubygems_installer.rb 1.2
- lang/ruby193-base/patches/patch-lib_rubygems_specification.rb 1.4
- math/ruby-narray/Makefile 1.2
- math/ruby-narray/PLIST 1.2
- misc/rubygems/Makefile 1.53
- misc/rubygems/PLIST 1.23
- misc/rubygems/distinfo 1.42
- misc/rubygems/patches/patch-ad 1.12
- security/ruby-shadow/Makefile 1.2
- security/ruby-shadow/PLIST 1.2
- textproc/ruby-libxml/Makefile 1.19
- textproc/ruby-libxml/PLIST 1.12
- textproc/ruby-xslt/Makefile 1.11
- textproc/ruby-xslt/PLIST 1.7
- www/ruby-fcgi/Makefile 1.16
- www/ruby-fcgi/PLIST 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:01:01 UTC 2013
Modified Files:
pkgsrc/lang/ruby193-base: Makefile PLIST distinfo
pkgsrc/lang/ruby193-base/patches:
patch-lib_rubygems_dependency__installer.rb
patch-lib_rubygems_installer.rb patch-lib_rubygems_specification.rb
Added Files:
pkgsrc/lang/ruby193-base/patches: patch-lib_rubygems_command.rb
patch-lib_rubygems_command__manager.rb
patch-lib_rubygems_gem__runner.rb
Log Message:
Add partly support build_info to bundled rubygems to make compatibilty with
rubygems 2.0.3.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:02:57 UTC 2013
Modified Files:
pkgsrc/misc/rubygems: Makefile distinfo
pkgsrc/misc/rubygems/patches: patch-ad
Log Message:
Fix creating proper build_info directory.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:12:56 UTC 2013
Modified Files:
pkgsrc/misc/rubygems: PLIST
Log Message:
Remove Ruby's version denendent directory.
No PKGREVISION bump for short time updates.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:16:38 UTC 2013
Modified Files:
pkgsrc/lang/ruby: gem.mk
Log Message:
Fix gem handling.
o Don't assume _DISTDIR end with '/' (by DESTDIR).
o A small clean up to GEM_CLEANBUILD handling.
A few clean up.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:18:11 UTC 2013
Modified Files:
pkgsrc/converters/ruby-unf_ext: Makefile PLIST
Log Message:
No need to specify GEM_CLEANBUILD and fix PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:20:16 UTC 2013
Modified Files:
pkgsrc/databases/ruby-ldap: Makefile PLIST
Log Message:
o Clean up GEM_CLEANBUILD and fix PLIST.
o Use RUBY_DLEXT in PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:21:33 UTC 2013
Modified Files:
pkgsrc/databases/ruby-odbc: Makefile PLIST
Log Message:
Add build_info file to PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:22:55 UTC 2013
Modified Files:
pkgsrc/databases/ruby-pg: Makefile PLIST
Log Message:
Add build_info file to PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:26:00 UTC 2013
Modified Files:
pkgsrc/devel/ruby-rbtree: Makefile PLIST
Log Message:
Change GEM_CLEANBUILD not to include the same Ruby's extension file in
package.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:27:26 UTC 2013
Modified Files:
pkgsrc/graphics/ruby-gd: Makefile PLIST
Log Message:
o Add build_info file to PLIST.
o Utilize GEM_NAME in PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:29:47 UTC 2013
Modified Files:
pkgsrc/math/ruby-narray: Makefile PLIST
Log Message:
Change GEM_CLEANBUILD not to include working file to package.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:32:56 UTC 2013
Modified Files:
pkgsrc/security/ruby-shadow: Makefile PLIST
Log Message:
o Clean up GEM_CLEANBUILD not to include the same Ruby's extension file and
working files in package
o Use RUBY_DLEXT in PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:34:45 UTC 2013
Modified Files:
pkgsrc/textproc/ruby-libxml: Makefile PLIST
Log Message:
o Add build_info file to PLIST.
o Don't include extconf.h, a working file to package.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 15:36:37 UTC 2013
Modified Files:
pkgsrc/www/ruby-fcgi: Makefile PLIST
Log Message:
o Add build_info file to PLIST.
o Utilize GEM_NAME in PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 16:07:25 UTC 2013
Modified Files:
pkgsrc/textproc/ruby-xslt: Makefile PLIST
Log Message:
Add build_info file to PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sun Jul 14 21:08:17 UTC 2013
Modified Files:
pkgsrc/lang/ruby: gem.mk
Log Message:
Fix shell syntax error which has been breaking all gem builds on SunOS for
the past week as per the reports on pkgsrc-bulk. Not sure why it wasn't
showing up on other platforms, but I am assuming this is the correct fix.
|
|
www/apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.92
- www/apache22/distinfo 1.57
- www/apache22/patches/patch-modules_mappers_mod_rewrite.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Mon Jul 15 18:15:49 UTC 2013
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Removed Files:
pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c
Log Message:
Update "apache22" package to version 2.2.25. Changes since 2.2.24:
- SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
log file. [Eric Covener, Jeff Trawick, Joe Orton]
- core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
strings. The default limit for ap_pregsub() can be adjusted at compile
time by defining AP_PREGSUB_MAXLEN. [Stefan Fritsch, Jeff Trawick]
- core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
on Linux kernel versions 3.x and above. Bug#55121. [Bradley Heilbrun
<apache heilbrun.org>]
- mod_setenvif: Log error on substitution overflow.
[Stefan Fritsch]
- mod_ssl/proxy: enable the SNI extension for backend TLS connections
[Kaspar Brand]
- mod_proxy: Use the the same hostname for SNI as for the HTTP request when
forwarding to SSL backends. Bug#53134.
[Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
- mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level. [William Rowe]
- mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
with SSLProxyMachineCertificateFile/Path directives. Bug#52212, Bug#54698.
[Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
- mod_proxy_balancer: Added balancer parameter failontimeout to allow server
admin to configure an IO timeout as an error in the balancer.
[Daniel Ruggeri]
- mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
password. [Daniel Ruggeri]
- htdigest: Fix buffer overflow when reading digest password file
with very long lines. Bug#54893. [Rainer Jung]
- mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
- mod_dav: Ensure URI is correctly uriencoded on return. Bug#54611
[Timothy Wood <tjw omnigroup.com>]
- mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. Bug#53910 [Timothy Wood <tjw omnigroup.com>]
- mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
result in a 412 Precondition Failed for a COPY operation. PR54610
[Timothy Wood <tjw omnigroup.com>]
- mod_dav: When a PROPPATCH attempts to remove a non-existent dead
property on a resource for which there is no dead property in the same
namespace httpd segfaults. Bug#52559 [Diego Santa Cruz
<diego.santaCruz spinetix.com>]
- mod_dav: Do not fail PROPPATCH when prop namespace is not known.
Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
- mod_dav: Do not segfault on PROPFIND with a zero length DBM.
Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.56 -r1.57 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
|
|
www/squid3: security update
Revisions pulled up:
- www/squid3/Makefile 1.14-1.17
- www/squid3/distinfo 1.9-1.11
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 3 12:47:11 UTC 2013
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.3.6:
Bug 3762: remove bogus WARNING in cache.log
Fix Ip::Address::operator =(sockaddr_storage)
Make sure %<tt includes all [failed] connection attempts.
Bug 3854: pt1: compile errors on AIX
Fix request headers logging for icap_log
Support HTTP reply ACLs in icap_log and log_icap
Bug 3802: Fix wrong check inside Format::Format::assemble
Bug 3786: Fix configure with --disable-internal-dns compile error
Polished icap_service and ecap_service documentation.
SourceFormat Enforcement
Bug 3717: assertion failed with dstdom_regex with IP based URL
Fix incorrect external_acl_type codes
Avoid segfaults on seriously malformed requests when ICAP logging is enabled.
Ask for SSL key password when started with -N but without sslpassword_program.
basic_ncsa_auth: fix unused variable warnings (typo in rev.12762)
Fix buffer null termination
Bug 1991: kqueue causes SSL to hang
---
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Jul 12 10:45:05 UTC 2013
Modified Files:
pkgsrc/audio/icecast: Makefile
pkgsrc/audio/mt-daapd: Makefile
pkgsrc/audio/pulseaudio: Makefile
pkgsrc/audio/ubs: Makefile
pkgsrc/chat/anope: Makefile
pkgsrc/chat/atheme: Makefile
pkgsrc/chat/bitlbee: Makefile
pkgsrc/chat/gale: Makefile
pkgsrc/chat/inspircd: Makefile
pkgsrc/chat/inspircd12: Makefile
pkgsrc/chat/ircd-hybrid: Makefile
pkgsrc/chat/ircu: Makefile
pkgsrc/chat/jabberd: Makefile
pkgsrc/chat/jabberd2: Makefile
pkgsrc/chat/silc-server: Makefile
pkgsrc/chat/unrealircd: Makefile
pkgsrc/comms/asterisk: Makefile
pkgsrc/comms/asterisk10: Makefile
pkgsrc/comms/asterisk18: Makefile
pkgsrc/comms/fidogate: Makefile
pkgsrc/comms/mgetty+sendfax: Makefile
pkgsrc/comms/minicom: Makefile
pkgsrc/comms/snooper: Makefile
pkgsrc/databases/apache-cassandra: Makefile
pkgsrc/databases/gnats: Makefile
pkgsrc/databases/mysql5-server: Makefile
pkgsrc/databases/mysql51-server: Makefile
pkgsrc/databases/mysql55-server: Makefile
pkgsrc/databases/mysql56-server: Makefile
pkgsrc/databases/openldap-server: Makefile
pkgsrc/databases/pgbouncer: Makefile
pkgsrc/databases/phpmyadmin: Makefile
pkgsrc/databases/postgresql84-server: Makefile
pkgsrc/databases/postgresql90-server: Makefile
pkgsrc/databases/postgresql91-server: Makefile
pkgsrc/databases/postgresql92-server: Makefile
pkgsrc/databases/virtuoso: Makefile
pkgsrc/devel/cvsd: Makefile
pkgsrc/devel/distcc: Makefile
pkgsrc/devel/memcached: Makefile
pkgsrc/devel/monotone-server: Makefile
pkgsrc/filesystems/tahoe-lafs: Makefile
pkgsrc/inputmethod/canna-dict: Makefile
pkgsrc/inputmethod/canna-server: Makefile
pkgsrc/inputmethod/ja-freewnn-server: Makefile
pkgsrc/inputmethod/sj3-server: Makefile
pkgsrc/mail/amavisd-new: Makefile
pkgsrc/mail/courier-imap: Makefile
pkgsrc/mail/courier-maildir: Makefile
pkgsrc/mail/dcc: Makefile
pkgsrc/mail/dkim-milter: Makefile
pkgsrc/mail/dovecot: Makefile
pkgsrc/mail/dovecot2: Makefile
pkgsrc/mail/dspam: Makefile
pkgsrc/mail/enma: Makefile
pkgsrc/mail/exim: Makefile
pkgsrc/mail/exim3: Makefile
pkgsrc/mail/fml: Makefile
pkgsrc/mail/fml4: Makefile
pkgsrc/mail/freepops: Makefile
pkgsrc/mail/gld: Makefile
pkgsrc/mail/imapproxy: Makefile
pkgsrc/mail/maildrop: Makefile
pkgsrc/mail/mailman: Makefile
pkgsrc/mail/majordomo: Makefile
pkgsrc/mail/milter-greylist: Makefile
pkgsrc/mail/milter-manager: Makefile
pkgsrc/mail/milter-regex: Makefile
pkgsrc/mail/mimedefang: Makefile
pkgsrc/mail/nullmailer: Makefile
pkgsrc/mail/opendkim: Makefile
pkgsrc/mail/policyd-weight: Makefile
pkgsrc/mail/popa3d: Makefile
pkgsrc/mail/postgrey: Makefile
pkgsrc/mail/prayer: Makefile
pkgsrc/mail/qpopper: Makefile
pkgsrc/mail/quickml: Makefile
pkgsrc/mail/sendmail: Makefile
pkgsrc/mail/smtp-vilter: Makefile
pkgsrc/mail/spamd: Makefile
pkgsrc/mail/sqlgrey: Makefile
pkgsrc/mail/sqwebmail: Makefile
pkgsrc/mail/sympa: Makefile
pkgsrc/mail/tmda: Makefile
pkgsrc/multimedia/gmediaserver: Makefile
pkgsrc/multimedia/mediatomb: Makefile
pkgsrc/net/DarwinStreamingServer: Makefile
pkgsrc/net/avahi: Makefile
pkgsrc/net/bind96: Makefile
pkgsrc/net/bind98: Makefile
pkgsrc/net/bind99: Makefile
pkgsrc/net/cacti: Makefile
pkgsrc/net/cntlm: Makefile
pkgsrc/net/couriertcpd: Makefile
pkgsrc/net/freeradius: Makefile
pkgsrc/net/freeradius2: Makefile
pkgsrc/net/gofish: Makefile
pkgsrc/net/iodine: Makefile
pkgsrc/net/irrd: Makefile
pkgsrc/net/kismet: Makefile
pkgsrc/net/lambdamoo: Makefile
pkgsrc/net/lldpd: Makefile
pkgsrc/net/mldonkey: Makefile
pkgsrc/net/mydns-mysql: Makefile
pkgsrc/net/mydns-pgsql: Makefile
pkgsrc/net/netdisco: Makefile
pkgsrc/net/nsd: Makefile
pkgsrc/net/openntpd: Makefile
pkgsrc/net/openvpn: Makefile
pkgsrc/net/pygopherd: Makefile
pkgsrc/net/quagga: Makefile
pkgsrc/net/rancid: Makefile
pkgsrc/net/rbldnsd: Makefile
pkgsrc/net/ruby-stompserver: Makefile
pkgsrc/net/snort: Makefile
pkgsrc/net/spread: Makefile
pkgsrc/net/tacacs-shrubbery: Makefile
pkgsrc/net/teamspeak-server: Makefile
pkgsrc/net/tor: Makefile
pkgsrc/net/unbound: Makefile
pkgsrc/net/uucp: Makefile
pkgsrc/net/vsftpd: Makefile
pkgsrc/net/xymon: Makefile
pkgsrc/net/xymonclient: Makefile
pkgsrc/news/leafnode: Makefile
pkgsrc/news/nntpcache: Makefile
pkgsrc/parallel/gridscheduler: Makefile
pkgsrc/parallel/sge: Makefile
pkgsrc/parallel/slurm: Makefile
pkgsrc/print/cups: Makefile
pkgsrc/security/cyrus-sasl: Makefile
pkgsrc/security/dirmngr: Makefile
pkgsrc/security/f-prot-antivirus6-ms-bin: Makefile
pkgsrc/security/libprelude: Makefile
pkgsrc/security/libprelude-lua: Makefile
pkgsrc/security/libprelude-perl: Makefile
pkgsrc/security/libprelude-python: Makefile
pkgsrc/security/libprelude-ruby: Makefile
pkgsrc/security/opendnssec: Makefile
pkgsrc/security/openssh: Makefile
pkgsrc/security/pks: Makefile
pkgsrc/security/policykit: Makefile
pkgsrc/security/prelude-correlator: Makefile
pkgsrc/security/prelude-lml: Makefile
pkgsrc/security/prelude-manager: Makefile
pkgsrc/security/py-prewikka: Makefile
pkgsrc/security/sfs: Makefile
pkgsrc/security/stunnel: Makefile
pkgsrc/sysutils/amanda-common: Makefile
pkgsrc/sysutils/bacula: Makefile
pkgsrc/sysutils/dbus: Makefile
pkgsrc/sysutils/hal: Makefile
pkgsrc/sysutils/munin-node: Makefile
pkgsrc/sysutils/munin-server: Makefile
pkgsrc/sysutils/sysbuild-user: Makefile
pkgsrc/sysutils/ups-nut: Makefile
pkgsrc/textproc/dict-server: Makefile
pkgsrc/www/apache: Makefile
pkgsrc/www/apache-tomcat6: Makefile
pkgsrc/www/apache-tomcat7: Makefile
pkgsrc/www/apache2: Makefile
pkgsrc/www/apache22: Makefile
pkgsrc/www/apache24: Makefile
pkgsrc/www/dansguardian: Makefile
pkgsrc/www/jetty7: Makefile
pkgsrc/www/nginx: Makefile
pkgsrc/www/nginx-devel: Makefile
pkgsrc/www/ocsigen: Makefile
pkgsrc/www/php-concrete5: Makefile
pkgsrc/www/php-owncloud: Makefile
pkgsrc/www/php-piwigo: Makefile
pkgsrc/www/php-soycms: Makefile
pkgsrc/www/php-sugarcrm: Makefile
pkgsrc/www/php-tiki6: Makefile
pkgsrc/www/php-tt-rss: Makefile
pkgsrc/www/privoxy: Makefile
pkgsrc/www/screws: Makefile
pkgsrc/www/sencha-sns: Makefile
pkgsrc/www/squid3: Makefile
pkgsrc/www/squidGuard: Makefile
pkgsrc/www/tinyproxy: Makefile
Log Message:
Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 12 21:32:36 UTC 2013
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.3.7:
* Protect against buffer overrun in DNS query generation
* SourceFormat Enforcement
* Bug 3297: Fix openSSL related build failures
* Fix build on FreeBSD 9.x platform with clang
---
Module Name: pkgsrc
Committed By: adam
Date: Sun Jul 14 17:54:44 UTC 2013
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.3.8:
* Better handling of strange port values in Host:
* Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
|
|
www/firefox-l10n: installation fix
Revisions pulled up:
- www/firefox-l10n/Makefile 1.33-1.34
- www/firefox-l10n/PLIST 1.19
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Jul 6 15:12:58 UTC 2013
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST
Log Message:
Fix install location.
* Detected by firefox again.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Jul 6 15:15:21 UTC 2013
Modified Files:
pkgsrc/www/firefox-l10n: Makefile
Log Message:
Fix typo, PKGREVISION.
|
|
www/firefox: build fix
Revisions pulled up:
- www/firefox/distinfo 1.106
- www/firefox/patches/patch-mb 1.5
- www/firefox/patches/patch-xa deleted
---
Module Name: pkgsrc
Committed By: martin
Date: Tue Jul 2 07:18:18 UTC 2013
Modified Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-mb
Removed Files:
pkgsrc/www/firefox/patches: patch-xa
Log Message:
Another minor mishap from the sparc64 patches (now the package actually
builds on sparc64)
|
|
|
|
Changes:
--------
darwinssl: add TLS session resumption
darwinssl: add TLS crypto authentication
imap/pop3/smtp: Added support for ;auth= in the URL
imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD
usercertinmem.c: add example showing user cert in memory
url: Added smtp and pop3 hostnames to the protocol detection list
imap/pop3/smtp: Added support for enabling the SASL initial response
curl -E: allow to use ':' in certificate nicknames
Bugfixes:
---------
SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond
the end of the input buffer [26]
FTP: access files in root dir correctly
configure: try pthread_create without -lpthread
FTP: handle a 230 welcome response
curl-config: don't output static libs when they are disabled
CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
Various documentation updates
getinfo.c: reset timecond when clearing session-info variables
FILE: prevent an artificial timeout event due to stale speed-check data
ftp_state_pasv_resp: connect through proxy also when set by env
sshserver: disable StrictHostKeyChecking
ftpserver: Fixed imap logout confirmation data
curl_easy_init: use less mallocs
smtp: Fixed unknown percentage complete in progress bar
smtp: Fixed sending of double CRLF caused by first in EOB
bindlocal: move brace out of #ifdef
winssl: Fixed invalid memory access during SSL shutdown
OS X framework: fix invalid symbolic link
OpenSSL: allow empty server certificate subject
axtls: prevent memleaks on SSL handshake failures
cookies: only consider full path matches
Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()
Curl_cookie_add: handle IPv6 hosts
ossl_send: SSL_write() returning 0 is an error too
ossl_recv: SSL_read() returning 0 is an error too
Digest auth: escape user names with backslash or " in them
curl_formadd.3: fixed wrong "end-marker" syntax
libcurl-tutorial.3: fix incorrect backslash
curl_multi_wait: reduce timeout if the multi handle wants to
tests/Makefile: typo in the perlcheck target
axtls: honor disabled VERIFYHOST
OpenSSL: avoid double free in the PKCS12 certificate code
multi_socket: reduce timeout inaccuracy margin
digest: support auth-int for empty entity body
axtls: now done non-blocking
lib1900: use tutil_tvnow instead of gettimeofday
curl_easy_perform: avoid busy-looping
CURLOPT_COOKIELIST: take cookie share lock
multi_socket: react on socket close immediately
|
|
(CVE-2013-2174), bump PKGREV
|
|
distribution Apache-LogFormat-Compiler in www/p5-Apache-LogFormat-Compiler
from 0.12nb1 to 0.13.
pkgsrc changes:
- correct dependencies
- apply update to force rebuild the package
Upstream changes:
0.13 2013-05-24T00:19:31Z
- fixed pod issue (Thank you fschlich)
|
|
Albanian language files are added and Spanish language files are re-added.
Version 3.1.1 (2013-06-25)
--------------------------
### Fixed
Append the query string when forwarding (see #5867).
### Fixed
Decouple the file/page picker breadcrumb from the file/page manager (see #5899).
### Fixed
Also show the mandatory star in password confirmation fields (see #5926).
### Fixed
Only return one IP address in `Environment::get('ip')` (see #5830).
### Fixed
Explicitly check for `.php` files when scanning DCA files (see #5898).
### Fixed
Replaced all dummy `.htaccess` files with `.gitignore` files.
### Fixed
Quote wildcard characters in MySQL `LIKE` queries (see #5896).
### Fixed
Correctly align the version drop-down menu in Safari (see #5854).
### Fixed
Make sure `window.$` is mapped to MooTools (see #5892).
### Fixed
Do not add sort buttons to table row headers (see #5845).
### Fixed
Show the newsletter channels upon registration (see #5874).
### Updated
Updated ACE to version 1.1.01 (fixes #5852).
### Fixed
Correctly handle hidden pages in the custom navigation module (see #5832).
### Fixed
Support FAQs with images on the FAQ page (see #5810).
### Fixed
Support using commas in folder names in the file selector (see #5823).
### Fixed
Ignore the `auto_item` parameter when forwarding internally (see #5886).
### Fixed
Added support for old IE versions to swipe.js (see #5862).
### Fixed
Correctly bypass the cache if `bypassCache` is set (see #5872).
### Fixed
Preserve the CSS3PIE behavior file path when combining style sheets (see #5848).
### Fixed
Support all known template types in the autoload creator (see #5857).
### Fixed
Correctly adjust the accordion elements to the new DB structure (see #5820).
### Fixed
Added `E_USER_DEPRECATED` to the list of error constants (see #5839).
|
|
|
|
* Remove unused commented out lines.
|
|
access_compat_module, catch up example configuration file, too.
|
|
|
|
|
|
* A small clean up to common/Makefile.common.
No functional change.
|
|
|
|
|
|
* Sync with firefox-22.0.
|
|
* On NetBSD WebRTC support is disabled, because libxul.so has some errors
in link stage. WebRTC support should be tested on non-NetBSD platforms.
* It seems that OSS sound support is not working properly on NetBSD.
Changelog:
NEW
WebRTC is now enabled by default!
NEW
Windows: Firefox now follows display scaling options to render text larger on high-res displays
NEW
Mac OS X: Download progress in Dock application icon
NEW
HTML5 audio/video playback rate can now be changed
NEW
Social services management implemented in Add-ons Manager
NEW
asm.js optimizations (OdinMonkey) enabled for major performance improvements
CHANGED
Improved WebGL rendering performance through asynchronous canvas updates
CHANGED
Plain text files displayed within Firefox will now word-wrap
CHANGED
For user security, the |Components| object is no longer accessible from web content
CHANGED
Pointer Lock API can now be used outside of fullscreen
DEVELOPER
CSS3 Flexbox implemented and enabled by default
DEVELOPER
New Web Notifications API implemented
DEVELOPER
Added clipboardData API for JavaScript access to a user's clipboard
DEVELOPER
New built-in font inspector
HTML5
New HTML5 <data> and <time> elements
FIXED
Various security fixes
FIXED
Scrolling using some high-resolution-scroll aware touchpads feels slow (829952)
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
|
|
|
|
Version 0.11
~~~~~~~~~~~~
Released on 2013-06-13.
* Add Python 3.3 support (requires Flask >= 0.10 and Werkzeug >= 0.9)
* Drop Python 2.5 support
* Fix `#30 <https://github.com/SimonSapin/Frozen-Flask/issues/30>`_:
:func:`relative_url_for` with a query string or URL fragment.
|
|
No changelog provided; several bug fixes, including compatibility with
Werkzeug-0.9 and Flask-0.10.
|
|
|
|
Fixed issues:
* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.
* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
|
|
|
|
* Add NetBSD/sparc64 support from martin@.
Almost all functionalities work fine, but https handling.
* Enable system jpeg support. This is accidentally disabled.
|
|
|
|
specifying password from tty or standard input.
Reported as a bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=54735.
Use patch from http://people.apache.org/~rjung/patches/2.4-htpass.patch.
Bump PKGREVISION.
|
|
|
|
|
|
Changelog:
Add a Servlet Filter that implements CORS. Patch provided by Mohit Soni.
Ensure that when Tomcat's anti-resource locking features are used that the temporary copy of the web application and not the original is removed when the web application stops.
Add support for the version attribute to the deploy command of the Ant tasks for interfacing with the text based Manager application. Patch provided by Sergey Tcherednichenko.
|
|
The latter contains the unstable version 3 of mono, which breaks many mono
packages.
Bump dependencies and PKGREVISIONs.
Ok during freeze: gdt@
|
|
|
|
= CHANGES
== 0.11.2 (May 20th 2013)
* FIX #1232 Padrino::Server - call expand_path on PID file option (@sshaw)
* FIX #1234 Create table migration should be also timestamped if configured (@udzura)
* FIX #1228 Allow for block arg to StandardFormBuilder.label (@sshaw)
* FIX #1235 error of routing when using provides :any and Accept contains */* (@tyabe)
* FIX #1196 Remove Ohm monkey patch and include Padrino::Ohm::Validator (@lastcanal)
* FIX #1236 Pass our logger to rack-protection for csrf (@dariocravero)
* FIX #1246 missing translation for Russian (@silentvick)
* NEW #1062 add configurable #app method for rack-test closes (@achiu)
* FIX #1252 translations for japanese (@tyabe, @namusyaka)
* FIX Specify full class name for migrations to fix failing migrations (@Ortuna)
* FIX #1279 Datamapper rake task to pass arguments (@Ortuna)
* FIX #1281 Documentation fixes to various areas (@matthias-guenther)
* FIX #1269 issue with tilt version (@ujifgc)
* FIX #1283 issue with html_safe and form builder (@ujifgc)
* NEW #1285 Add :file option for delivering mail docs (@matthias-guenther)
* FIX #1287 Lock minitest version from going to 5 (@QOrtuna)
* FIX #1288 Http router fix unicode (@Ortuna)
* FIX #698 Sqlite adding an extra "/" to the connection string for windows (@dariocravero)
== 0.11.1 (April 7th 2013)
* NEW Ability to set migration file format to use incrementing numbers or timestamps (@jacob-s-son, @hooopo)
* FIX #1174 slim 2.0 Backward incompatible syntax change (@WaYdotNET)
* FIX #1086 Refactor reloader for cleaner structure (@Ortuna)
* FIX #1178 Indent controller actions properly (@skade)
* FIX #1180 Fix valid http verbs in http_router (@kenkeiter, @dariocravero)
* FIX #1182 Format ar migrate better (@chiastolite)
* FIX #1179 Accidental appended extensions for js urls (@nesquena)
* FIX #1183 Mark escaped text as html_safe (@nesquena)
* FIX #1184 Use count instead of size for errors (@nesquena)
* FIX #1185 Adds lib as a load_path for rake tasks (@nesquena)
* FIX #1177 Fix very strange bug with form_for and capture_html (@ujifgc, @nesquena)
* FIX have plugin generator respect root option (@achiu)
* FIX #1194 simple_format should be marked as html_safe (@nesquena)
* FIX Escape text before simple_format (@nesquena)
* FIX #1197 "bootstrap.min" path of production environment (@tyabe)
* FIX #1201 Only add database tasks to Rakefile if ORM is anything other than :none (@dariocravero)
* NEW #1209 Added layout option for controllers (@Ortuna)
* FIX #1212 fix generators for projects using shoulda and rr with Test::Unit (@sshaw)
* FIX #1213 fix flash_tag() with multiple attributes (@tmtm)
* FIX #1215 Update zh_cn.yml (@wayshall, hfl)
* FIX #1216 Improved german translations (@skade)
* FIX #1221 fixes an issue with a gemified apps name being capitalized (@21purple)
* FIX #1205 Allow Regexp routes to use :provides option (@shipstar)
* FIX #1224 mark html_safe content safe after being escaped (@nesquena)
* FIX #1211 load I18n tasks all the time (@nesquena)
== 0.11.0 (March 21st 2013)
* NEW #923 Total redesign of admin panel with bootstrap and jquery, custom error pages
Big thanks to the huge effort from (@WaYdotNET, @DAddYE, @dariocravero, @ujifgc, @tyabe)!
* FIX #1135 Fix namespaced generators for app (@tyabe)
* FIX #1139 Escape ampersands in mail_to helpers (@nybblr)
* FIX #821 Added a cache parser with a default now to Plain. (@daddye)
* FIX #1129 use Padrino.root for apps.rb
* FIX #1125 Eagerly load libs if needed for tasks
* FIX #1111 route arity (@daddye)
* FIX #1090 Don't calculate asset timestamp using uri_root_path (@nesquena)
* NEW Upgrades Sinatra support to 1.4.1 (@nesquena, @daddye)
* NEW Upgrade to latest http_router 0.11 (@daddye)
* NEW Load rake tasks manually but fallback to automatic for now (@skade)
* FIX cleanup and refactoring of documentation (@matthias-guenther, @fnordfish)
* FIX Run 'bundle' rather than 'bundle install' on generate (@matthias-guenther)
* FIX Cleanup admin documentation (@danieltahara)
* FIX padrino cache tests to not execute when cache server is not available (@bash0C7)
* SEC #1083 Bump mail version dependency to CVE-2012-2139 and CVE-2012-2140. (@nesquena)
* NEW Alias orm tasks to db namespace (@postmodern)
* FIX #1090 Patch asset_timestamp to respect public_folder setting (@AtoxIO)
* FIX #1045 Load the environment only when needed in rake-Tasks (@skade)
* NEW #1031 Render using SafeBuffer for XSS protection (@skade)
* NEW #1007 Apps can now be shipped as gems (@skade)
* FIX #966 Padrino:Reload.lock! tries to split java packages (@daddye)
* REM #1063 Remove core JSON rendering in favor of sinatra-contrib (@Ortuna)
* NEW #1027 Padrino Performance for memory profiling and benchmarking (@skade, @dariocravero)
* NEW #1011 Nest apps within the project module (@achiu, @tyabe)
* NEW #904 Adds padrino-flash as core library (@lenzcom)
* FIX #912 Use default layout when layout is set to true (@dcu)
* NEW #927 Add CLI runner for executing code (@tyabe)
* FIX #934 Rake routes when routes have regexes (@tyabe)
* FIX #949 404 handling in later sinatra versions (@dayflower)
* FIX #818 Filter and exceptions was running twice on error (@ujifgc)
* FIX #812 Patch exception handling within filters (@ujifgc)
* FIX #771 Padrino.configure_apps now supports multiple blocks (@ujifgc)
* NEW #843 Request route now has access to the associated action (@ujifgc)
* NEW #1097 Request route now has access to the parent (@dariocravero)
* FIX French translation typos (@Fiaxhs)
* FIX Optimize the reloader and objectspace traversal (@dcu)
* FIX Failing jruby compatibility issue with reloading (@udzura)
* NEW #881 Component support for Mongoid 3 (@WaYdotNET)
* NEW #967 Mongoid 3 compatible rake tasks (@dayflower)
* NEW #907 Puma server support (@dariocravero)
* FIX Loads dm-types when enabling datamapper component (@postmodern)
* FIX #911 Enable haml ugly syntax by default in production (@dcu)
* FIX Adds support for later versions of ActiveRecord (@DAddYE)
* FIX Less requires therubyracer gem (@dariocravero)
* FIX Lock mysql gem to 2.8.1 since 2.9 fails (@udzura, @dariocravero)
* FIX Lazy load mailer for 20% padrino bootup performance increase (@ujifgc)
* FIX #1071 Refactor mailer codebase to DRY up (@Ortuna)
* FIX Padrino.logger thread-safety issues (@sgonyea)
* NEW Add colorize_logging option for logger (@tyabe)
* FIX #918 Display seconds instead of ms in logger (@muxcmux)
* FIX #910 Write file data as binary in cache (@ejholmes)
* NEW #947 Support symbols as keys when expiring cache (@dariocravero)
* FIX #973 Refuse to cache integers, convert to a string (@ujifgc)
* NEW Adds breadcrumb view helpers (@WaYdotNET)
* NEW support for ohm persistence in admin (@ujifgc)
* FIX #873 Get the first key passed for expire for admin (@gugat)
* FIX #876 Model output in erb templates for admin (@sleepingstu)
* FIX #871 Halt on 404 when no record found for admin (kot-begemot)
* FIX #1013 Admin generator can now be destroyed with flag
* NEW #988 Support for HTML5 multiple file uploads (@hooktstudios)
* NEW #27 Adds check_box_group and radio_button_group (@ujifgc)
* FIX #1046 Broken js_escape_html helper to properly escape (@hooopo)
* FIX #1077 Refactor nested form code in helpers (@Ortuna)
* FIX #924 Generate project name to handle underscores (@achiu)
* FIX #1067 Execute the mysql command with separate args (@postmodern)
* SEC #1058 Switch to https for rubygems source in Gemfile (@tyabe)
* FIX #772 Controller path when maps is in controller options (@ujifgc)
* NEW #925 Add explicit Rakefile on project generation by default (@achiu)
* FIX #892 Show plugin list if no arguments passed to generator (@achiu)
* FIX #1107 Defaulted all ORMs that used the mysql gem (@dariocravero)
* FIX #1109 Move rake initialization into CLI to avoid double loading (@skade)
* NEW #1100 Add csrf token handling with csrf_token_field helpers (@skade, @dariocravero)
|
|
no summary changes.
|
|
for sinatra-1.4.x
|
|
= 1.4.3 / 2013-06-07
* Running a Sinatra file directly or via `run!` it will now ignore an
empty $PORT env variable. (noxqsgit)
* Improve documentation. (burningTyger, Patricio Mac Adden,
Konstantin Haase, Diogo Scudelletti, Dominic Imhof)
* Expose matched pattern as env["sinatra.route"]. (Aman Gupta)
* Fix warning on Ruby 2.0. (Craig Little)
* Improve running subset of tests in isolation. (Viliam Pucik)
* Reorder private/public methods. (Patricio Mac Adden)
* Loosen version dependency for rack, so it runs with Rails 3.2.
(Konstantin Haase)
* Request#accept? now returns true instead of a truthy value. (Alan Harris)
= 1.4.2 / 2013-03-21
* Fix parsing error for case where both the pattern and the captured part
contain a dot. (Florian Hanke, Konstantin Haase)
* Missing Accept header is treated like */*. (Greg Denton)
* Improve documentation. (Patricio Mac Adden, Joe Bottigliero)
= 1.4.1 / 2013-03-15
* Make delegated methods available in config.ru (Konstantin Haase)
= 1.4.0 / 2013-03-15
* Add support for LINK and UNLINK requests. (Konstantin Haase)
* Add support for Yajl templates. (Jamie Hodge)
* Add support for Rabl templates. (Jesse Cooke)
* Add support for Wlang templates. (Bernard Lambeau)
* Add support for Stylus templates. (Juan David Pastas, Konstantin Haase)
* You can now pass a block to ERb, Haml, Slim, Liquid and Wlang templates,
which will be used when calling `yield` in the template. (Alexey Muranov)
* When running in classic mode, no longer include Sinatra::Delegator in Object,
instead extend the main object only. (Konstantin Haase)
* Improved route parsing: "/:name.?:format?" with "/foo.png" now matches to
{name: "foo", format: "png"} instead of {name: "foo.png"}. (Florian Hanke)
* Add :status option support to send_file. (Konstantin Haase)
* The `provides` condition now respects an earlier set content type.
(Konstantin Haase)
* Exception#code is only used when :use_code is enabled. Moreover, it will
be ignored if the value is not between 400 and 599. You should use
Exception#http_status instead. (Konstantin Haase)
* Status, headers and body will be set correctly in an after filter when using
halt in a before filter or route. (Konstantin Haase)
* Sinatra::Base.new now returns a Sinatra::Wrapper instance, exposing
#settings and #helpers, yet going through the middleware stack on #call.
It also implements a nice #inspect, so it plays nice with Rails' `rake
routes`. (Konstantin Haase)
* In addition to WebRick, Thin and Mongrel, Sinatra will now automatically pick
up Puma, Trinidad, ControlTower or Net::HTTP::Server when installed. The
logic for picking the server has been improved and now depends on the Ruby
implementation used. (Mark Rada, Konstantin Haase, Patricio Mac Adden)
* "Sinatra doesn't know this ditty" pages now show the app class when running
a modular application. This helps detecting where the response came from when
combining multiple modular apps. (Konstantin Haase)
* When port is not set explicitly, use $PORT env variable if set and only
default to 4567 if not. Plays nice with foreman. (Konstantin Haase)
* Allow setting layout on a per engine basis. (Zachary Scott, Konstantin Haase)
* You can now use `register` directly in a classic app. (Konstantin Haase)
* `redirect` now accepts URI or Addressable::URI instances. (Nicolas
Sanguinetti)
* Have Content-Disposition header also include file name for `inline`, not
just for `attachment`. (Konstantin Haase)
* Better compatibility to Rack 1.5. (James Tucker, Konstantin Haase)
* Make route parsing regex more robust. (Zoltan Dezso, Konstantin Haase)
* Improve Accept header parsing, expose parameters. (Pieter van de Bruggen,
Konstantin Haase)
* Add `layout_options` render option. Allows you, amongst other things, to
render a layout from a different folder. (Konstantin Haase)
* Explicitly setting `layout` to `nil` is treated like setting it to `false`.
(richo)
* Properly escape attributes in Content-Type header. (Pieter van de Bruggen)
* Default to only serving localhost in development mode. (Postmodern)
* Setting status code to 404 in error handler no longer triggers not_found
handler. (Konstantin Haase)
* The `protection` option now takes a `session` key for force
disabling/enabling session based protections. (Konstantin Haase)
* Add `x_cascade` option to disable `X-Cascade` header on missing route.
(Konstantin Haase)
* Improve documentation. (Kashyap, Stanislav Chistenko, Zachary Scott,
Anthony Accomazzo, Peter Suschlik, Rachel Mehl, ymmtmsys, Anurag Priyam,
burningTyger, Tony Miller, akicho8, Vasily Polovnyov, Markus Prinz,
Alexey Muranov, Erik Johnson, Vipul A M, Konstantin Haase)
* Convert documentation to Markdown. (Kashyap, Robin Dupret, burningTyger,
Vasily Polovnyov, Iain Barnett, Giuseppe Capizzi, Neil West)
* Don't set not_found content type to HTML in development mode with custom
not_found handler. (Konstantin Haase)
* Fix mixed indentation for private methods. (Robin Dupret)
* Recalculate Content-Length even if hard coded if body is reset. Relevant
mostly for error handlers. (Nathan Esquenazi, Konstantin Haase)
* Plus sign is once again kept as such when used for URL matches. (Konstantin
Haase)
* Take views option into account for template caching. (Konstantin Haase)
* Consistent use of `headers` instead of `header` internally. (Patricio Mac Adden)
* Fix compatibility to RDoc 4. (Bohuslav Kabrda)
* Make chat example work with latest jQuery. (loveky, Tony Miller)
* Make tests run without warnings. (Patricio Mac Adden)
* Make sure value returned by `mime_type` is a String or nil, even when a
different object is passed in, like an AcceptEntry. (Konstantin Haase)
* Exceptions in `after` filter are now handled like any other exception.
(Nathan Esquenazi)
|
|
Changelog:
* Bugfixes
|
