| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.41
- www/mediawiki/distinfo 1.29
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wen
Date: Sun Jun 1 08:24:32 UTC 2014
Modified Files:
pkgsrc/www/mediawiki: Makefile distinfo
Log Message:
Update to 1.22.7
Upstream changes:
1.22.7
== Security ==
* (bug 65501) SECURITY: Don't parse usernames as wikitext on
Special:PasswordReset.
== Bugfixes in 1.22.7 ==
* (bug 36356) Add space between two feed links.
* (bug 63269) Email notifications were not correctly handling the
[[MediaWiki:Helppage]] message being set to a full URL. This is a regression
from the 1.22.5 point release, which made the default value for it a URL.
If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
you'll need to edit it locally to include the URL via the new variable
$HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
you don't have to do anything.
* Add missing uploadstash.us_props for PostgreSQL.
* (bug 56047) Fixed stream wrapper in PhpHttpRequest.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 pkgsrc/www/mediawiki/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/www/mediawiki/distinfo
|
|
www/p5-LWP-Protocol-https: security patch
Apply patch to fix CVE-2014-3230.
|
|
www/typo3_61: security update
Revisions pulled up:
- www/typo3_61/Makefile 1.5
- www/typo3_61/PLIST 1.3
- www/typo3_61/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 27 13:52:14 UTC 2014
Modified Files:
pkgsrc/www/typo3_61: Makefile PLIST distinfo
Log Message:
Update typo3_61 to 6.1.9 (TYPO3 6.1.9), contains several security fixes=
.=
2014-05-22 2bb8360 [RELEASE] Release of TYPO3 6.1.9 (=
TYPO3 Release Team)
2014-05-22 6fafbf7 #30377 [SECURITY] Add trusted HTTP_HOST c=
onfiguration (Helmut Hummel)
2014-05-22 2994a1c #54111,#54113 [SECURITY] XSS in (old) extension =
manager information function (Nicole Cordes)
2014-05-22 12741ad #48695 [SECURITY] XSS in new content elem=
ent wizard (Marcus Krause)
2014-05-22 7595ad4 #54109 [SECURITY] XSS in template tools o=
n root page (Marc Bastian Heinrichs)
2014-05-22 6965806 #57576 [SECURITY] XSS in Backend Layout W=
izard (Helmut Hummel)
2014-05-22 54e4691 #48693 [SECURITY] Encode URL for use in J=
avaScript (Jigal van Hemert)
2014-05-22 b6826ff #56458 [SECURITY] Fix insecure unserializ=
e in colorpicker (Helmut Hummel)
2014-05-22 32efb1b #54526 [SECURITY] Remove charts.swf to ge=
t rid of XSS vulnerability (Helmut Hummel)
2014-05-21 6a91a90 #54917 [BUGFIX] Indexer tries to insert N=
ULL into DB (Markus Klein)
2014-05-15 3ee99e9 #58842 [BUGFIX] Wrong system requirements=
link (Markus Klein)
2014-05-14 f86e016 #58529 [BUGFIX] DependencyUtility does co=
unt() on an integer (Markus Klein)
2014-05-08 fb8370d #58187 [BUGFIX] Solve stackoverflow in pr=
ototype in IE8 (Jigal van Hemert)
2014-05-08 3abc703 #58373 [BUGFIX] Default image title in RT=
E contains the file name (Stanislas Rolland)
2014-05-05 db90a26 #45183 [BUGFIX] Wrong result on empty str=
ing globalString condition (Marc Bastian Heinrichs)
2014-05-04 d422bf6 #58504 [BUGFIX] saltedpasswords: Check rs=
aauth loading (Nicole Cordes)
2014-05-04 05ef8fe #58484 [BUGFIX] SoftReferenceIndex suppor=
t for more values in class attribute (Marc Bastian Heinrichs)
2014-05-02 a49ddfd #58418 [BUGFIX] Retrieving extension fail=
s with some PHP versions (Sascha Wilking)
2014-04-29 0150f9c #58166 [BUGFIX] Wrong comment in ActionMe=
nuViewHelper (Markus Klein)
2014-04-25 8cf4f78 #58180 [BUGFIX] Database query error for =
non-workspaces tables (Oliver Hader)
2014-04-16 a4f013a [TASK] Set TYPO3 version to 6.1.9-=
dev (TYPO3 Release Team)
2014-04-16 d94f80d [RELEASE] Release of TYPO3 6.1.8 (=
TYPO3 Release Team)
2014-04-16 68763fa #57957 [BUGFIX] DBAL sql_fetch_* must ret=
urn boolean or array (Jigal van Hemert)
2014-04-16 65896ee #24925,#24871 [BUGFIX] Followup: Mandatory for S=
electbox with TCA not possible (Stefan Neufeind)
2014-04-15 8e8b020 #24925,#24871 [BUGFIX] Mandatory for Selectbox w=
ith TCA not possible (Benjamin Mack)
2014-04-15 d124103 #56580 [BUGFIX] SoftReferenceIndex typoli=
nk lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-15 6139c97 #56991 [BUGFIX] Fix refindex for FlexForm=
fields type group file_reference (Marc Bastian Heinrichs)
2014-04-15 1dbfe75 #56353,#56352 [BUGFIX] Fields of type group file=
are not properly indexed (Marc Bastian Heinrichs)
2014-04-15 b22b39d #57010 [BUGFIX] Add SoftIndex parser typo=
link to link in sys_file_reference (Marc Bastian Heinrichs)
2014-04-15 5dd53b1 #51768 [TASK] Updates prototype and scrip=
taculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-12 a60b6dc #47694 [BUGFIX] Follow up foreign_match_f=
ields not fully supported (Marc Bastian Heinrichs)
2014-04-12 b93d9b4 #50378 [BUGFIX] sql_free_result does not =
work with all allowed types (Wouter Wolters)
2014-04-07 a896350 #57690 [BUGFIX] User settings do not obey=
setup.override (Markus Klein)
2014-04-05 21f0d12 #55683 [BUGFIX] ClickMenu: Visibility-opt=
ions only if fields allowed (Stefan Neufeind)
2014-04-04 2b3dd27 #57656 [TASK] Integrate default README.tx=
t (Oliver Hader)
2014-04-04 1329a96 #57603 [SECURITY] Prevent XSS in schedule=
r form (Nicole Cordes)
2014-04-01 6ae6b40 #57518 [BUGFIX] Make Extbase EnvironmentS=
ervice a Singleton (Marc Bastian Heinrichs)
2014-03-31 03ec17a #57296 [BUGFIX] Test typeof TBE_EDITOR fo=
r object not function (Alexander Opitz)
2014-03-26 2b5c50e #54394 [BUGFIX] Exception if thumbnail do=
es not exist (Markus Klein)
2014-03-24 cbdd065 #57238 [BUGFIX] Typo in Extbase localizat=
ion file (Xavier Perseguers)
2014-03-23 fc5b7b2 #57179 [BUGFIX] Module Menu throws PHP wa=
rning for top level menu items (Benjamin Mack)
2014-03-23 9b36936 #57202 [BUGFIX] Parsetime: config.debug s=
hould override LocalConfiguration (Stefan Neufeind)
2014-03-19 819218a #55340 [BUGFIX] Several typos in Page Bro=
wsing ViewHelper (Benjamin Rau)
2014-03-19 f8233c1 #56205 [BUGFIX] Cannot use contain with m=
ultivalued static enumeration column (Xavier Perseguers)
2014-03-14 d5160a9 #56150 [BUGFIX] RootlineUtility does not =
consider disablefield (Christian Reiter)
2014-03-13 2a80fcd #56855 [BUGFIX] Extbase tries to overlay =
pages_language_overlay records (Stanislas Rolland)
2014-03-13 2ee3509 #56720 [BUGFIX] Alignment of button "add =
a new element at this place" (Patrick Broens)
2014-03-13 bed1054 #56830 [BUGFIX] Show thumbnails in list m=
odule (Markus Klein)
2014-03-13 3800d8b #56084 [BUGFIX] Followup: Ajax handler TY=
PO3_tcefile::process is broken (Frans Saris)
2014-03-12 d405041 #23864 [BUGFIX] Correctly validate New Co=
ntent Element entries (Ludwig Rafelsberger)
2014-03-10 06e5ad9 #52386 [BUGFIX] Allow record insert on ro=
otlevel (Benjamin Serfhos)
2014-03-08 2df9cb9 #43885 [BUGFIX] Temporary DB tree mount n=
otice missing in ElementBrowser (Lorenz Ulrich)
2014-03-07 472a2f2 #55457 [BUGFIX] RTE on first new IRRE rec=
ord keeps loading in IE (Stanislas Rolland)
2014-03-07 e61b2cf #23552 [BUGFIX] Default size for group-ty=
pe fields (Christian Plattner)
2014-03-05 f8c9a77 #46185 [BUGFIX] IdentityProperties were n=
ot set (Stefan Froemken)
2014-03-05 e7cf550 #11771 [BUGFIX] Catch all errors while st=
arting installer (Alexander Opitz)
2014-03-03 28d25c9 #56262 [BUGFIX] Double escape of title in=
indexed search (Markus Klein)
2014-02-28 ded338b #56378 [BUGFIX] Do not log with severity =
1320177676 (Christian Weiske)
2014-02-28 8f0ce1c #56421 [BUGFIX] @return for TYPO3\CMS\Sv\=
AuthenticationService::authUser (Christian Weiske)
2014-02-28 342686b #41413 [BUGFIX] URL-encoded title in link=
wizard (Helmut Hummel)
2014-02-27 5ce3128 #55966 [BUGFIX] Revert "[TASK] Use a 401 =
header if login is not successful" (Markus Klein)
2014-02-25 a5d8893 #56184 [BUGFIX] Paginator in TER list not=
using ajax (Jigal van Hemert)
2014-02-25 b4a8235 #23984 [BUGFIX] felogin reset password li=
nks not clickable (Jigal van Hemert)
2014-02-24 5da89e2 #56242 [BUGFIX] Fix JS concat if first fi=
le is forced on top (Benjamin Kott)
2014-02-21 c47d8c5 #54724 [BUGFIX] Use count on storage afte=
r initialization of LazyObjectStorage (Marc Bastian Heinrichs)
2014-02-21 6512f65 #49499 [BUGFIX] Fix possible language han=
dling issue (Markus Klein)
2014-02-20 b09e7f9 #39048 [BUGFIX] Rendering inline TCEforms=
without AJAX is broken (Alexander Jahn)
2014-02-20 c9ae284 #53116,#56019 [BUGFIX] concatenateJs/Css does no=
t consider forceOnTop (Markus Klein)
2014-02-20 b8eeb55 #56135 [BUGFIX] DatabaseConnection::listQ=
uery wrong usage of strpos() (Markus Klein)
2014-02-19 bd607e2 #55286 [BUGFIX] Suppress EXIF warnings in=
dexing images (Felix Althaus)
2014-02-19 45f944c #56067 [BUGFIX] Various static calls to n=
on-static functions (Markus Klein)
2014-02-19 d2ef187 #56057 [BUGFIX] Add missing htmlspecialch=
ars for thumbnail URL (Wouter Wolters)
2014-02-18 b7169bb #52955 [BUGFIX] Show labels of additional=
doktypes in new page drag area (Caspar Stuebs)
2014-02-18 7af5ad6 #54304 [BUGFIX] Missing encoding in flexf=
orms IRRE javascript (Alexey Gafiulov)
2014-02-17 48eab76 #52527 [BUGFIX] addToAllTCAtypes() doesn'=
t add new field (Tomita Militaru)
2014-02-17 6344793 #56037 [BUGFIX] Fix clipboard thumbnail r=
endering (Frans Saris)
2014-02-17 dc0ec8a #55998 [BUGFIX] Usage of undefined variab=
les in ShortcutToolbarItem (Tim Lochmueller)
2014-02-17 52c294b #55362 [BUGFIX] CommandController is not =
executed at same time (Tom Ruether)
2014-02-11 c9ffade #49440 [BUGFIX] Missing label felogin_for=
gotHash (Karol Lamparski)
2014-02-11 edbef68 #53028 [BUGFIX] cache_clearAtMidnight con=
flicts with content start/endtime (Dmitry Dulepov)
2014-02-10 474380f [TASK] Execute lint in parallel (H=
elmut Hummel)
2014-02-09 e36633a #53768,#28745 [BUGFIX] Allow to render the same =
TS object twice (Markus Klein)
2014-02-09 9971136 #55821 [BUGFIX] Tests: Remove unstable Ge=
neralUtilityTest::getUrl* (Christian Kuhn)
2014-02-09 101be25 #18797 [BUGFIX] "New page" wizard disclos=
es existence of pages outside DB mount (Nicole Cordes)
2014-02-09 5f6d783 #53564 [TASK] Add possibility creating ac=
cessible mock for abstract classes (Marc Bastian Heinrichs)
2014-02-08 cead255 #16491 [BUGFIX] CSV-Download not working =
in IE and HTTPS backend (Wouter Wolters)
2014-02-08 98c8e0a #55698 [BUGFIX] Fix "action" labels in BE=
log (Thorsten Kahler)
2014-02-07 9e79487 #55611 [TASK] Move cursor::pointer to com=
plete header area in IRRE (Georg Ringer)
2014-02-06 79d2bac #54131 [BUGFIX] Followup to #54131 (Frans=
Saris)
2014-02-06 ad267f8 #55713 [BUGFIX] Missing namespace in Cont=
entObjectRenderer (Markus Klein)
2014-02-05 27c1f61 #54112 [BUGFIX] Set missing markers to em=
pty string (Bernhard Kraft)
2014-02-04 4d7947a #55434 [BUGFIX] Various PHP Warnings with=
invalid credentials (Xavier Perseguers)
2014-02-03 1263413 #54467 [BUGFIX] TSFE->altPageTitle can no=
t be set in extensions (Markus Klein)
2014-02-03 a070a5c #54371 [BUGFIX] Add stdWrap on value prop=
erty of TEXT (Markus Klein)
2014-02-03 85b3fed #52048 [BUGFIX] Locker throws exception i=
f semaphore can not be acquired (Markus Klein)
2014-02-02 af8f6eb #54289 [BUGFIX] PropertyMapper does not w=
ork with class aliasses (Frans Saris)
2014-01-31 9596d4d #54131 [BUGFIX] getLabelsFromItemsList() =
retuns no value when no item found (Frans Saris)
2014-01-30 3dcc61d #55475 [BUGFIX] Regression in DataHandler=
(Wouter Wolters)
2014-01-30 a5e884f #55458 [BUGFIX] DocumentTemplate class in=
serts inDocStyles twice (Stefan Neufeind)
2014-01-30 084b5a9 #41450 [BUGFIX] Handle empty tags in lang=
uage pack index files (Alexander Stehlik)
2014-01-29 b81c5d5 #55407 [BUGFIX] ClickMenu does not show d=
estination-foldername (Stefan Neufeind)
2014-01-28 d6803b7 #55350 [BUGFIX] Invalid constant in the d=
omain redirect function (Tim Lochmueller)
2014-01-27 91b1db0 #55377 [TASK] Change repository url for i=
ntroduction package (Philipp Gampe)
2014-01-27 1af64b0 #55366 [TASK] Change phpunit repository u=
rl for travis (Philipp Gampe)
2014-01-24 3cefa40 #53964 [BUGFIX] Better description of [BE=
][unzip_path]/[BE][diff_path] (Markus Klein)
2014-01-24 041780f #55093 [BUGFIX] Simulate time in TYPO3 ad=
min panel broken (Peter Niederlag)
2014-01-23 8f55af7 #53201 [BUGFIX] sys_category table not li=
sted in allowed excludefields (Tomita Militaru)
2014-01-23 eec8579 #53665 [BUGFIX] Removing single category =
item not possible (Francois Suter)
2014-01-23 57b70f7 #54849 [BUGFIX] CLI context cannot write =
to backend log (Oliver Hader)
2014-01-22 b865ad9 #55246 [BUGFIX] Class 'TYPO3\CMS\Recordli=
st\Browser\GeneralUtility' not found (Oliver Hader)
2014-01-21 c96321d #37539 [BUGFIX] Static method cannot be a=
bstract (Xavier Perseguers)
2014-01-21 ae54769 #54884 [BUGFIX] RootlineUtility does not =
consider foreign_sorting (Markus Klein)
2014-01-16 0965b22 #53712 [BUGFIX] Create valid file referen=
ce index data (Alexander Stehlik)
2014-01-16 b7ce3ef #50266 [BUGFIX] File browser fails on ine=
xistent expandFolder (Mario Rimann)
2014-01-15 429e13d #34631 [BUGFIX] Show correct record title=
for be_groups and be_users (Markus Klein)
2014-01-15 5b23142 #54995 [BUGFIX] PHP warnings in ElementBr=
owser (Markus Klein)
2014-01-14 0ac8948 #54959 [TASK] Speedup typolink root-line =
handling (Steffen Ritter)
2014-01-14 714fca7 #53826 [BUGFIX] Folder tree in popup thro=
ws JS error (Aske Ertmann)
2014-01-14 f68832a #53352 [BUGFIX] Add defaultTypoScript to =
hierachyInfo (Peter Niederlag)
2014-01-13 22d3be1 #51805 [BUGFIX] Template dropdown doesn't=
refresh template title after save (Torben Hansen)
2014-01-11 72f5d5a #54909 [BUGFIX] Add missing logger names =
(Steffen M=FCller)
2014-01-09 2620cb5 #53975 [BUGFIX] Allow empty values in sta=
rt/stop filter of belog (Steffen M=FCller)
2014-01-09 c99a07a #53862 [BUGFIX] isValidUrl() idna convert=
s whole URI (Michiel Roos)
2014-01-09 4e3e3dc #52554 [TASK] Change list view delete ico=
n if record is deleted in WS (Sascha Egerer)
2014-01-09 f378b40 #31797 [BUGFIX] Properly escape the Image=
Magick frame selector (Georg Ringer)
2014-01-09 7d3eb35 #24877,#6708 [BUGFIX] Only create one keypair i=
n rsaauth (Tom Ruether)
2014-01-09 a31b325 #38767 [BUGFIX] use search word(s) for or=
dering search results (again) (Ralf Hettinger)
2014-01-08 03d6320 #47694 [BUGFIX] foreign_match_fields not =
fully supported (Stefan Froemken)
2014-01-08 e959451 #53727 [BUGFIX] Form Wizard saving destro=
ys Radio Buttons (Markus Klein)
2014-01-08 42a3eb3 #52133 [BUGFIX] Display relations' titles=
when TCA label field is type inline (Claus Due)
2014-01-07 272f80c #54807 [BUGFIX] PageBrowsing ViewHelper d=
efines unused method argument (Benjamin Rau)
2014-01-07 e09b381 #54808 [BUGFIX] Repository uses wrong pro=
perty to calc current result page (Benjamin Rau)
2014-01-04 81a30e8 #53662 [BUGFIX] Allow NULL values in INSE=
RT queries (Alexander Stehlik)
2014-01-04 67ac84c #53682 [TASK] Optimize speed for instanti=
ating class with arguments (Helmut Hummel)
2013-12-23 9283d4b #54115 [BUGFIX] ClassAliasMap, Tx_ VH nam=
espace and closing tag throws Exception (Claus Due)
2013-12-21 8379b1a #54531 [BUGFIX] Fix message for install t=
ool warning (Cynthia Mattingly)
2013-12-18 a95ab93 #54369 [TASK] Fix travis builds (Markus K=
lein)
2013-12-18 2a4d603 #51752 [BUGFIX] ArrayIterator::seek() war=
ning in ElementBrowser (Markus Klein)
2013-12-18 e4590fe #52059 [BUGFIX] felogin: Unknown modifier=
in regular expression (Wouter Wolters)
2013-12-18 e8978f9 #47648 [BUGFIX] Remove ElementBrowser::is=
ReadOnlyFolder (Markus Klein)
2013-12-13 be7505a #54027 [BUGFIX] No double htmlspecialchar=
s for filemount select (Alexander Stehlik)
2013-12-12 41fe22d #53818 [BUGFIX] Cleanly unset cookies on =
login in cookie-check (Stefan Neufeind)
|
|
www/typo3_60: security update
Revisions pulled up:
- www/typo3_60/Makefile 1.8
- www/typo3_60/PLIST 1.7
- www/typo3_60/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 27 13:50:48 UTC 2014
Modified Files:
pkgsrc/www/typo3_60: Makefile PLIST distinfo
Log Message:
Update typo3_60 to 6.0.14 (TYPO3 6.0.14), contains several security fixes.
2014-05-22 d1d252f [RELEASE] Release of TYPO3 6.0.14 (TYPO3 Release Team)
2014-05-22 37273fb #30377 [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22 edd27ad #54111,#54113 [SECURITY] XSS in (old) extension manager information function (Nicole Cordes)
2014-05-22 00f00b1 #48695 [SECURITY] XSS in new content element wizard (Marcus Krause)
2014-05-22 6b7f3a8 #54109 [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22 5935348 #57576 [SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)
2014-05-22 dda1739 #48693 [SECURITY] Encode URL for use in JavaScript (Jigal van Hemert)
2014-05-22 5e00a13 #56458 [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22 0f29e1f #54526 [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-05-21 e50f6a6 #54917 [BUGFIX] Indexer tries to insert NULL into DB (Markus Klein)
2014-05-15 53c830f #53079 [BUGFIX] FlashMessageService not available in TYPO3 6.0 (Oliver Hader)
2014-05-14 459c34d #58529 [BUGFIX] DependencyUtility does count() on an integer (Markus Klein)
2014-04-25 bd704d5 #58180 [BUGFIX] Database query error for non-workspaces tables (Oliver Hader)
2014-04-16 d1fc88d [TASK] Set TYPO3 version to 6.0.14-dev (TYPO3 Release Team)
2014-04-16 be80735 [RELEASE] Release of TYPO3 6.0.13 (TYPO3 Release Team)
2014-04-15 d9e6546 #51768 [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15 48f974e #56580 [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-15 9d1c880 #56991 [BUGFIX] Fix refindex for FlexForm fields type group file_reference (Marc Bastian Heinrichs)
2014-04-15 75f6b1b #56353,#56352 [BUGFIX] Fields of type group file are not properly indexed (Marc Bastian Heinrichs)
2014-04-15 4e64a39 #57010 [BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference (Marc Bastian Heinrichs)
2014-04-04 72be9f3 #57656 [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04 de4e047 #57603 [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-03-31 03646f1 #57296 [BUGFIX] Test typeof TBE_EDITOR for object not function (Alexander Opitz)
2014-03-24 87d3d40 #57238 [BUGFIX] Typo in Extbase localization file (Xavier Perseguers)
2014-03-13 be10ede #56855 [BUGFIX] Extbase tries to overlay pages_language_overlay records (Stanislas Rolland)
2014-03-08 15b15c0 #43885 [BUGFIX] Temporary DB tree mount notice missing in ElementBrowser (Lorenz Ulrich)
2014-03-05 99025c1 #46185 [BUGFIX] IdentityProperties were not set (Stefan Froemken)
2014-03-03 69c103b #56262 [BUGFIX] Double escape of title in indexed search (Markus Klein)
2014-02-28 cf83948 #56378 [BUGFIX] Do not log with severity 1320177676 (Christian Weiske)
2014-02-28 432a7bd #56421 [BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser (Christian Weiske)
2014-02-28 1474e2c #41413 [BUGFIX] URL-encoded title in link wizard (Helmut Hummel)
2014-02-27 ab4ef14 #55966 [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
2014-02-25 95cb16e #56184 [BUGFIX] Paginator in TER list not using ajax (Jigal van Hemert)
2014-02-25 8c2179f #23984 [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-21 9ebf4bb #54724 [BUGFIX] Use count on storage after initialization of LazyObjectStorage (Marc Bastian Heinrichs)
2014-02-21 4b44141 #49499 [BUGFIX] Fix possible language handling issue (Markus Klein)
2014-02-20 568b9bf #56135 [BUGFIX] DatabaseConnection::listQuery wrong usage of strpos() (Markus Klein)
2014-02-19 40d97d5 #56067 [BUGFIX] Various static calls to non-static functions (Markus Klein)
2014-02-18 e428692 #54304 [BUGFIX] Missing encoding in flexforms IRRE javascript (Alexey Gafiulov)
2014-02-17 a335bcf #52527 [BUGFIX] addToAllTCAtypes() doesn't add new field (Tomita Militaru)
2014-02-17 88fd2df #55998 [BUGFIX] Usage of undefined variables in ShortcutToolbarItem (Tim Lochmueller)
2014-02-11 e2ebdfd #53028 [BUGFIX] cache_clearAtMidnight conflicts with content start/endtime (Dmitry Dulepov)
2014-02-10 e73b549 [TASK] Execute lint in parallel (Helmut Hummel)
2014-02-09 d2881f5 #53768,#28745 [BUGFIX] Allow to render the same TS object twice (Markus Klein)
2014-02-09 228fbc5 #55821 [BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl* (Christian Kuhn)
2014-02-09 d9bf811 #18797 [BUGFIX] "New page" wizard discloses existence of pages outside DB mount (Nicole Cordes)
2014-02-09 2a233ef #53564 [TASK] Add possibility creating accessible mock for abstract classes (Marc Bastian Heinrichs)
2014-02-08 33a058b #16491 [BUGFIX] CSV-Download not working in IE and HTTPS backend (Wouter Wolters)
2014-02-06 0fe2509 #55713 [BUGFIX] Missing namespace in ContentObjectRenderer (Markus Klein)
2014-02-05 0004322 #54112 [BUGFIX] Set missing markers to empty string (Bernhard Kraft)
2014-02-03 8623b17 #54371 [BUGFIX] Add stdWrap on value property of TEXT (Markus Klein)
2014-02-03 e5a844d #52048 [BUGFIX] Locker throws exception if semaphore can not be acquired (Markus Klein)
2014-01-30 dc271e4 #55475 [BUGFIX] Regression in DataHandler (Wouter Wolters)
2014-01-30 460da13 #41450 [BUGFIX] Handle empty tags in language pack index files (Alexander Stehlik)
2014-01-29 3a84755 #55407 [BUGFIX] ClickMenu does not show destination-foldername (Stefan Neufeind)
2014-01-28 e5df843 #55350 [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
2014-01-27 3b2cb07 #55366,#55377 [TASK] Change phpunit repository url for travis (Philipp Gampe)
2014-01-24 72db639 #55093 [BUGFIX] Simulate time in TYPO3 admin panel broken (Peter Niederlag)
2014-01-23 68057cf #54849 [BUGFIX] CLI context cannot write to backend log (Oliver Hader)
2014-01-16 c4703db #53712 [BUGFIX] Create valid file reference index data (Alexander Stehlik)
2014-01-16 42cd027 #50266 [BUGFIX] File browser fails on inexistent expandFolder (Mario Rimann)
2014-01-15 f76c7ea #34631 [BUGFIX] Show correct record title for be_groups and be_users (Markus Klein)
2014-01-14 f3d324d #53826 [BUGFIX] Folder tree in popup throws JS error (Aske Ertmann)
2014-01-14 df52d4a #53352 [BUGFIX] Add defaultTypoScript to hierachyInfo (Peter Niederlag)
2014-01-09 d0c4276 #53862 [BUGFIX] isValidUrl() idna converts whole URI (Michiel Roos)
2014-01-09 9f330b7 #52554 [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
2014-01-09 ffc3f2b #24877,#6708 [BUGFIX] Only create one keypair in rsaauth (Tom Ruether)
2014-01-09 583a51b #38767 [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
2014-01-08 74be2df #38766 [BUGFIX] l10n_mode for "pages" table and group fields. (Johannes Feustel)
2014-01-08 d1e2110 #53727 [BUGFIX] Form Wizard saving destroys Radio Buttons (Markus Klein)
2014-01-08 96ff927 #52133 [BUGFIX] Display relations' titles when TCA label field is type inline (Claus Due)
2014-01-04 2c40d1b #53662 [BUGFIX] Allow NULL values in INSERT queries (Alexander Stehlik)
2014-01-04 dd187dd #53682 [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2013-12-23 c2211f5 #54115 [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception (Claus Due)
2013-12-18 6be4de6 #54369 [TASK] Fix travis builds (Markus Klein)
2013-12-18 e6bfc6e #51752 [BUGFIX] ArrayIterator::seek() warning in ElementBrowser (Markus Klein)
2013-12-18 1294fe7 #52059 [BUGFIX] felogin: Unknown modifier in regular expression (Wouter Wolters)
2013-12-18 4f8c872 #47648 [BUGFIX] Remove ElementBrowser::isReadOnlyFolder (Markus Klein)
2013-12-13 78b00f3 #54027 [BUGFIX] No double htmlspecialchars for filemount select (Alexander Stehlik)
2013-12-12 28ca149 #53818 [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
|
|
www/typo3_47: security update
Revisions pulled up:
- www/typo3_47/Makefile 1.21
- www/typo3_47/PLIST 1.11
- www/typo3_47/distinfo 1.16
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 27 13:49:11 UTC 2014
Modified Files:
pkgsrc/www/typo3_47: Makefile PLIST distinfo
Log Message:
Update to typo3_47 to 4.7.19 (TYPO3 4.7.19), contains several securify fixes.
2014-05-22 4ebc6ca [RELEASE] Release of TYPO3 4.7.19 (TYPO3 Release Team)
2014-05-22 07eba3e #30377 [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22 ec33beb #54111,#54113 [SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
2014-05-22 fb096e3 #48695 [SECURITY] XSS in new content element wizard (Markus Klein)
2014-05-22 1389da5 #54109 [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22 65fc32f #57576 [SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
2014-05-22 7bec5c8 #48693 [SECURITY] Encode URL for use in JavaScript (Markus Klein)
2014-05-22 b907b64 #56458 [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22 c39bca9 #54526 [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-04-16 53b74d7 [TASK] Set TYPO3 version to 4.7.19-dev (TYPO3 Release Team)
2014-04-16 26f503d [RELEASE] Release of TYPO3 4.7.18 (TYPO3 Release Team)
2014-04-15 f329f76 #51768 [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15 9a2f402 #56580 [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-04 d470aa5 #57656 [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04 be342b4 #57603 [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-02-25 4dfb4d3 #23984 [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-10 0345de6 [TASK] Execute lint in parallel (Helmut Hummel)
2014-02-09 df8e21b #55811 [BUGFIX] Namespace usage in test (Christian Kuhn)
2014-02-08 84d2050 #16491 [BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
2014-01-27 a42059c #55366,#55377 [TASK] Change phpunit repository url for travis (Philipp Gampe)
2014-01-17 3d40e0a #53682 [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2014-01-16 394e421 #54748 [BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
2014-01-09 66bb350 #38767 [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
2014-01-08 f3b8711 #52133 [BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
2013-12-18 53a6a36 #54369 [TASK] Fix travis builds (Markus Klein)
2013-12-12 019d6b7 #53818 [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
|
|
www/typo3_45: security update
Revisions pulled up:
- www/typo3_45/Makefile 1.30
- www/typo3_45/PLIST 1.14
- www/typo3_45/distinfo 1.25
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 27 13:47:25 UTC 2014
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.5.34 (TYPO4 4.5.34), contains several security fixes.
2014-05-22 2ee368c [RELEASE] Release of TYPO3 4.5.34 (TYPO3 Release Team)
2014-05-22 55d5f38 #30377 [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22 efb098b #54111,#54113 [SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
2014-05-22 94011a3 #48695 [SECURITY] XSS in new content element wizard (Markus Klein)
2014-05-22 b62651b #54109 [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22 a98ae3c #57576 [SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
2014-05-22 4f7258c #48693 [SECURITY] Encode URL for use in JavaScript (Markus Klein)
2014-05-22 742ad49 #56458 [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22 9bd7776 #54526 [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-05-08 6ffdcee #58187 [BUGFIX] Solve stackoverflow in prototype in IE8 (Jigal van Hemert)
2014-04-16 5d6a16e [TASK] Set TYPO3 version to 4.5.34-dev (TYPO3 Release Team)
2014-04-16 5bd6b52 [RELEASE] Release of TYPO3 4.5.33 (TYPO3 Release Team)
2014-04-15 aebc244 #51768 [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15 51a3897 #57934 [BUGFIX] Use validEmail() instead of deprecated checkEmail() (Stefan Neufeind)
2014-04-15 fcdaec0 #56580 [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-04 4316e98 #57656 [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04 9d36515 #57603 [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-02-27 e34a90b #55966 [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
2014-02-25 5c4554b #23984 [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-09 7d6a8cc #55811 [BUGFIX] Namespace usage in test (Christian Kuhn)
2014-02-08 44d7cfc #16491 [BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
2014-01-30 138b13a #55458 [BUGFIX] DocumentTemplate class inserts inDocStyles twice (Stefan Neufeind)
2014-01-28 b867b04 #55350 [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
2014-01-17 ab6256f Revert "[TASK] Optimize speed for instantiating class with arguments" (Ernesto Baschny)
2014-01-17 2526bdd #53682 [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2014-01-16 102307f #54748 [BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
2014-01-09 e6643e1 #52554 [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
2014-01-08 765882e #52133 [BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
2013-12-12 d3e9494 #53818 [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
|
|
www/moodle: security update
Revisions pulled up:
- www/moodle/Makefile 1.27
- www/moodle/distinfo 1.19
---
Module Name: pkgsrc
Committed By: wen
Date: Thu May 22 00:58:07 UTC 2014
Modified Files:
pkgsrc/www/moodle: Makefile distinfo
Log Message:
Update to 2.5.6
Upstream changes:
Moodle 2.5.6 release notes
Release date: 12 May, 2014
Here is the full list of fixed issues in 2.5.6.
Functional changes
MDL-43985 - Checkbox added to control sending of feedback when grading
Assignment (backport of MDL-33600)
Security issues
MSA-14-0014 Cross-site request forgery possible in Assignment
MSA-14-0015 Web service token expiry issue for MoodleMobile
MSA-14-0016 Anonymous student identity revealed in Assignment
MSA-14-0017 File access issue in HTML block
MSA-14-0019 Reflected XSS in URL downloader repository
Fixes and improvements
MDL-45119 - When student opens assignment feedback PDF no error
messages are shown
MDL-41551 - Block drag-drop fixed for Clean theme on My Home page
MDL-44936 - CSS chunking is now more reliable on IE
MDL-45154 - Warnings and errors in user profile page fixed
MDL-43721 - Poor performance on Assignment grading page fixed
|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.39
- www/mediawiki/distinfo 1.28
---
Module Name: pkgsrc
Committed By: wen
Date: Thu May 1 16:10:05 UTC 2014
Modified Files:
pkgsrc/www/mediawiki: Makefile distinfo
Log Message:
Update to 1.22.6
Upstream changes:
MediaWiki 1.22.6[edit | edit source]
This is a security release of the MediaWiki 1.22 branch.
Changes since 1.22.5[edit | edit source]
(bug 63251) SECURITY: Escape sortKey in pageInfo.
MediaWiki 1.22.5[edit | edit source]
This is a security and maintenance release of the MediaWiki 1.22 branch.
Changes since 1.22.4[edit | edit source]
(bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
(bug 62467) Set a title for the context during import on the cli.
Fix custom local MediaWiki:Helppage values.
mediawiki.js: Fix documentation breakage.
(bug 58153) Make MySQLi work with non standard port.
(bug 53887) Reintroduced a link to help pages in the default sidebar,
that any sysop can customize by editing MediaWiki:Sidebar locally. The
link now points to a mediawiki.org page which is guaranteed to exist.
Nothing needs to be done on your end, but remember to adjust
MediaWiki:Sidebar for the needs of your wikis. Everyone can help with
the shared documentation by translating:
https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
(bug 53888) Corrected a regression in 1.22 which introduced red links
on the login page. If you previously installed 1.22.x and have created
a local page to make the red link blue, write its title as in
MediaWiki:helplogin-url if you didn't already. Otherwise, you don't
need to do anything, but you can translate the help page at
https://www.mediawiki.org/wiki/Help:Logging_in
|
|
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.25
- www/drupal7/distinfo 1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 26 09:29:35 UTC 2014
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
Update drupal7 to 7.27.
Drupal 7.27, 2014-04-16
----------------------
- Fixed security issues (information disclosure). See SA-CORE-2014-002.
|
|
www/drupal6: security update
Revisions pulled up:
- www/drupal6/Makefile 1.46
- www/drupal6/distinfo 1.30
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 26 09:29:03 UTC 2014
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
Update drupal6 to 6.31.
Drupal 6.31, 2014-04-16
----------------------
- Fixed security issues (information disclosure). See SA-CORE-2014-002.
|
|
mail/thunderbird: build fix
www/firefox24: build fix
Revisions pulled up:
- www/firefox24/mozilla-common.mk 1.7
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Apr 19 23:21:42 UTC 2014
Modified Files:
pkgsrc/www/firefox24: mozilla-common.mk
Log Message:
Fix PR pkg/48726 for NetBSD 6.*
* Update sqlite3 requimenent version
|
|
www/firefox: bug fix
Revisions pulled up:
- www/firefox/Makefile 1.160 via patch
- www/firefox/distinfo 1.137 via patch
- www/firefox/patches/patch-browser_app_nsBrowserApp.cpp deleted
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Apr 19 23:16:39 UTC 2014
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Removed Files:
pkgsrc/www/firefox/patches: patch-browser_app_nsBrowserApp.cpp
Log Message:
Bump PKGREVISION
* Do not set plugin environmental variable
|
|
www/curl: build fix
Revisions pulled up:
- www/curl/distinfo 1.94
- www/curl/patches/patch-lib_hostcheck.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Mar 31 08:45:21 UTC 2014
Modified Files:
pkgsrc/www/curl: distinfo
Added Files:
pkgsrc/www/curl/patches: patch-lib_hostcheck.c
Log Message:
Add missing header for DragonflyBSD.
PR 48691 by David Shao.
|
|
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.39
- www/wordpress/distinfo 1.31
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Apr 13 14:10:59 UTC 2014
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Update to newest version of Wordpress, containing security fixes.
It contains 9 bugfixes and 5 security fixes:
* Potential authentication cookie forgery. CVE-2014-0166.
* Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
* (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
* (Hardening) Fix a low-impact SQL injection by trusted users.
* (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.
|
|
www/dillo: security update
Revisions pulled up:
- www/dillo/Makefile 1.65
- www/dillo/PLIST 1.19
- www/dillo/distinfo 1.36
- www/dillo/patches/patch-aa deleted
- www/dillo/patches/patch-ab deleted
- www/dillo/patches/patch-ac deleted
- www/dillo/patches/patch-ad deleted
- www/dillo/patches/patch-dillorc deleted
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Apr 12 02:24:19 UTC 2014
Modified Files:
pkgsrc/www/dillo: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/dillo/patches: patch-aa patch-ab patch-ac patch-ad
patch-dillorc
Log Message:
Update dillo to 3.0.4.
While here,
* move dependency on wget to TOOLS,
* simplify configuration file handling
dillo-3.0.4 [April 09, 2014]
+- OPTGROUP and INS elements.
- Some HTML5 elements, etc.
- Added show_ui_tooltip preference (BUG#1140).
Patches: corvid
+- Make embedding into other applications more reliable (BUG#1127).
- Add search from address bar.
- Share CSS user agent stylesheet between pages.
Patches: Johannes Hofmann
+- Better scaling (down) of images, even with consideration of gamma
correction.
- Fixed (possibly security) problem of FltkImgBuf caused by integer
overflow (BUG#1129).
- Some linebreaking fixes, and optimization for non-justified text,
including new preference stretchability_factor.
- Added white_bg_replacement preference.
- Implemented background images (except 'background-attachment'), added
load_background_images preference, as well as a new entry in the tools
menu. Patches: Sebastian Geerken
+- Fix a set of bugs reported by Oulu Univ. Secure Programming Group
(HTML parsing, URL resolution, GIF processing, etc.)
- Improved/fixed handling of HEAD, TITLE, TEXTAREA and form inputs.
- Made show_url dillorc option work again (BUG#1128)
Patches: Jorge Arellano Cid
+- Fix compiling on Hurd.
Patch: Pino Toscano
+- Avoid Dpid children becoming zombies.
Patch: Jorge Arellano, J. Gaffney
+- HTML5 WBR element.
- Fix compiling on IRIX with MIPSpro compiler.
Patches: corvid, Sebastian Geerken
|
|
www/apache-tomcat7: security update
Revisions pulled up:
- www/apache-tomcat7/Makefile 1.18
- www/apache-tomcat7/PLIST 1.10
- www/apache-tomcat7/distinfo 1.12
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Apr 8 20:14:55 UTC 2014
Modified Files:
pkgsrc/www/apache-tomcat7: Makefile PLIST distinfo
Log Message:
Update to 7.0.53
* Fix CVE-2014-0050 and CVE-2013-4590,
Changelog:
Tomcat 7.0.53 (violetagg)
Catalina
add Make it easier for applications embedding and/or extending =
Tomcat to modify the javaseClassLoader attribute of the WebappClassLoad=
er. (markt)
fix Improve the robustness of web application undeployment base=
d on some code analysis triggered by the report for 54315. (markt)
fix 56219: Improve merging process for web.xml files to take ac=
count of the elements and attributes supported by the Servlet version o=
f the merged file. (markt)
fix 56190: The response should be closed (i.e. no further outpu=
t is permitted) when a call to AsyncContext.complete() takes effect. (m=
arkt)
fix 56236: Enable Tomcat to work with alternative Servlet and J=
SP API JARs that package the XML schemas in such as way as to require a=
dependency on the JSP API before enabling validation for web.xml. Tomc=
at has no such dependency. (markt)
fix 56246: Fix NullPointerException in MemoryRealm when authent=
icating an unknown user. (markt)
fix 56248: Allow the deployer to update an existing WAR file wi=
thout undeploying the existing application if the update flag is set. T=
his allows any existing custom context.xml for the application to be re=
tained. To update an application and remove any existing context.xml si=
mply undeploy the old version of the application before deploying the n=
ew version. (markt)
fix Redefine the globalXsltFile initialisation parameter of the=
DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf=
. Prevent user supplied XSLTs used by the DefaultServlet from defining =
external entities. (markt)
add Add a work around for validating XML documents (often TLDs)=
that use just the file name to refer to refer to the JavaEE schema on =
which they are based. (markt)
fix 56293: Cache resources loaded by the class loader from /MET=
A-INF/services/ for better performance for repeated look ups. (markt)
Coyote
fix 53119: Make sure the NIO AJP output buffer is cleared on an=
y error to prevent any possible overflow if it is written to again befo=
re the connection is closed. This extends the original fix for the APR/=
native output buffer to the NIO connector. (kkolinko)
fix 56172: Avoid possible request corruption when using the AJP=
NIO connector and a request is sent using more than one AJP message. P=
atch provided by Amund Elstad. (markt)
fix 56213: Reduce garbage collection when the NIO connector is =
under heavy load. (markt)
fix Improve processing of chuck size from chunked headers. Avoi=
d overflow and use a bit shift instead of a multiplication as it is mar=
ginally faster. (markt/kkolinko)
fix Fix possible overflow when parsing long values from a byte =
array. (markt)
Jasper
fix 54475: Add Java 8 support to SMAP generation for JSPs. Patc=
h by Robbie Gibson. (markt)
fix 55483: Improve handing of overloaded methods and constructo=
rs in expression language implementation. (markt)
fix 56208: Restore the validateXml option to Jasper that was pr=
eviously renamed validateTld. Both options are now supported. validateX=
ml controls the validation of web.xml files when Jasper parses them and=
validateTld controls the validation of *.tld files when Jasper parses =
them. (markt)
fix 56223: Throw an IllegalStateException if a call is made to =
ServletContext.setInitParameter() after the ServletContext has been ini=
tialized. (markt)
fix 56265: Do not escape values of dynamic tag attributes conta=
ining EL expressions. (kkolinko)
fix Make the default compiler source and target versions for JS=
Ps Java 6 since Tomcat 7 requires Java 6 as a minimum. (markt)
update 56283: Update to the Eclipse JDT Compiler P20140317-1600=
which adds support for Java 8 syntax to JSPs. Add support for value "1=
.8" for the compilerSourceVM and compilerTargetVM options. (markt)
WebSocket
fix Avoid a possible deadlock when one thread is shutting down =
a connection while another thread is trying to write to it. (markt)
fix Call onError if an exception is thrown calling onClose when=
closing a session. (remm)
Web applications
code In the documentation: add support for several documentatio=
n tags from Tomcat 8. Such as <version-major/>. (kkolinko)
add 56093: Add the SSL Valve to the documentation web applicati=
on. (markt)
fix 56217: Improve readability by using left alignment for the =
table cell containing the request information on the Manager applicatio=
n status page. (markt)
fix Fixed java.lang.NegativeArraySizeException when using "Expi=
re sessions" command in the manager web application on a context where =
the session timeout is disabled. (kfujino)
fix Add support for LAST_ACCESS_AT_START system property to Man=
ager web application. (kfujino)
fix Add definition of org.apache.catalina.ant.FindLeaksTask. (k=
fujino)
fix 56273: If the Manager web application does not perform an o=
peration because the web application is already being serviced, report =
an error rather than reporting success. (markt)
fix 56304: Add a note to the documentation about not using WebS=
ocket with BIO HTTP in production. (markt)
Other
fix 56143: Improve service.bat so that it can be launched from =
a non-UAC console. This includes using a single call to tomcat7.exe to =
install the Windows service rather than three calls, and using command =
line arguments instead of environment variables to pass the settings. (=
markt/kkolinko)
fix Fix regression in 7.0.52: when using service.bat install to=
install the service the values for --StdOutput, --StdError options wer=
e passed as blank instead of "auto". (kkolinko)
fix Align options between service.bat and exe Windows installer=
. For service.bat the changes are in --Classpath, --DisplayName, --Star=
tPath, --StopPath. For exe installer the changes are in --JvmMs, --JvmM=
x options, which are now 128 Mb and 256 Mb respectively instead of bein=
g empty. Explicitly specify --LogPath path when uninstalling Windows se=
rvice, avoiding default value for that option. (kkolinko)
code Simplify Windows *.bat files: remove %OS% checks, as java =
6 does not run on ancient non-NT operating systems. (kkolinko)
fix 56137: Explicitly use the BIO connector in the SSL example =
in server.xml so it doesn't break if APR is enabled. (markt)
fix 56139: Avoid a web application class loader leak in some un=
it tests when running on Windows. (markt)
fix Correct build script to avoid building JARs with empty pack=
ages. (markt)
add Allow to limit JUnit test run to a number of selected test =
case methods. (kkolinko)
fix 56189: Remove used file cpappend.bat from the distribution.=
(markt)
Tomcat 7.0.52 (violetagg) released 2014-02-17
Catalina
fix Generate a valid root element for the effective web.xml for=
a web application for all supported versions of web.xml. (markt)
Coyote
code Pull up SocketWrapper to AbstractProcessor. (markt)
fix In some circumstances asynchronous requests could time out =
too soon. (markt)
Tomcat 7.0.51 (violetagg) not released
Catalina
fix 55287: ServletContainerInitializer defined in the container=
may not be found. (markt/jboynes)
fix 55855: Provide a per Context option (containerSciFilter) to=
exclude container SCIs. (markt)
fix 55937: When deploying applications, treat a context path of=
/ROOT as equivalent to /. (markt)
fix 55943: Improve the implementation of the class loader check=
that prevents web applications from trying to override J2SE implementa=
tion classes. As part of this fix, refactor the way a null parent class=
loader is handled which enables a number of null checks and object cre=
ation calls to be removed. (markt)
fix 55958: Differentiate between foo.war the WAR file and foo.w=
ar the directory. (markt)
fix 55960: Improve the single sign on (SSO) unit tests. Patch p=
rovided by Brian Burch. (markt)
fix 55974: Retain order when reporting errors and warnings whil=
e parsing XML configuration files. (markt)
fix 56013: Fix issue with SPNEGO authentication when using IBM =
JREs. IBM JREs only understand the option of infinite lifetime for Kerb=
eros credentials. Based on a patch provided by Arunav Sanyal. (markt)
fix 56016: When loading resources for XML schema validation, ta=
ke account of the possibility that servlet-api.jar and jsp-api.jar may =
not be loaded by the same class loader. Patch by Juan Carlos Estibariz.=
(markt)
fix 56025: When creating a WebSocket connection, always call Se=
rverEndpointConfig.Configurator.getNegotiatedSubprotocol() and always c=
reate the EndPoint instance after calling ServerEndpointConfig.Configur=
ator.modifyHandshake(). (markt)
fix 56032: Ensure that the WebSocket connection is closed after=
an IO error or an interrupt while sending a WebSocket message. (markt)=
fix 56042: If a request in async mode has an error but has alre=
ady been dispatched don't generate an error page in the ErrorReportValv=
e so the dispatch target can handle it. (markt)
fix Add missing javax.annotation.sql.* classes to annotations-a=
pi.jar. (markt)
fix The type of logger attribute of Context MBean should be not=
org.apache.commons.logging.Log but org.apache.juli.logging.Log. (kfuji=
no)
fix 56082: Fix a concurrency bug in JULI's LogManager implement=
ation. (markt)
fix 56096: When the attribute rmiBindAddress of the JMX Remote =
Lifecycle Listener is specified it's value will be used when constructi=
ng the address of a JMX API connector server. Patch is provided by Jim =
Talbut. (violetagg)
fix When environment entry with one and the same name is define=
d in the web deployment descriptor and with annotation then the one spe=
cified in the web deployment descriptor is with priority. (violetagg)
fix Change default value of xmlBlockExternal attribute of Conte=
xt. It is true now. (kkolinko)
Coyote
fix Avoid possible NPE if a content type is specified without a=
character set. (markt)
fix 55956: Make the forwarded remote IP address available to th=
e Connectors via a request attribute. (markt)
fix 55976: Fix sendfile support for the HTTP NIO connector. (ma=
rkt)
fix 55996: Ensure Async requests timeout correctly when using t=
he NIO HTTP connector. (markt)
add 56021: Make it possible to use the Windows-MY key store wit=
h the BIO and NIO connectors for SSL configuration. It requires a keyst=
oreFile=3D"" keystoreType=3D"Windows-My" to be set on the connector. Ba=
sed on a patch provided by Asanka. (markt)
Jasper
fix Correct a regression in the XML refactoring that meant that=
errors in TLD files were swallowed. (markt)
fix 55671: Correct typo in the log message for a wrong value of=
genStringAsCharArray init-param of JspServlet. This parameter had a di=
fferent name in Tomcat 6. (kkolinko)
fix 55973: Fix processing of XML schemas when validation is ena=
bled in Jasper. (kkolinko)
fix 56010: Don't throw an IllegalArgumentException when JspFact=
ory.getPageContext is used with JspWriter.DEFAULT_BUFFER. Based on a pa=
tch by Eugene Chung. (markt)
fix 56012: When using the extends attribute of the page directi=
ve do not import the super class if it is in an unnamed package as impo=
rts from unnamed packages are now explicitly illegal. (markt)
fix 56029: A regression in the fix for 55198 meant that when EL=
containing a ternary expression was used in an attribute a compilation=
error would occur for some expressions. (markt)
fix Correct several errors in jspxml Schema and DTD. (kkolinko)=
fix Change default value of the blockExternal attribute of JspC=
task. The default value is true. Add support for -no-blockExternal swi=
tch when JspC is run as a standalone application. (kkolinko)
Cluster
code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster.createM=
anager(String). Remove unnecessary class cast. (kfujino)
WebSocket
fix Do not return an empty string for the Sec-WebSocket-Protoco=
l HTTP header when no sub-protocol has been requested or no sub-protoco=
l could be agreed as RFC6455 requires that no Sec-WebSocket-Protocol he=
ader is returned in this case. (markt)
Web applications
fix Add index.xhtml to the welcome files list for the examples =
web application. (kkolinko)
fix Clarify that the connectionTimeout may also be used as the =
read timeout when reading a request body (if any) in the documentation =
web application. (markt)
fix Clarify the behaviour of the maxConnections attribute for a=
connector in the documentation web application. (markt)
fix 55888: Update the documentation web application to make it =
clearer that a Container may define no more than one Realm. (markt)
fix 55956: Where available, displayed the forwarded remote IP a=
ddress available on the status page of the Manager web application. (ma=
rkt)
fix Correct links to the Tomcat mailing lists in the ROOT web a=
pplication. (kkolinko)
fix In Manager web application improve handling of file upload =
errors. Display a message instead of error 500 page. Simplify parts han=
dling code, as it is known that Tomcat takes care of them when recyclin=
g a request. (kkolinko)
Extras
fix 55166, 56045: Copy the XML schemas used for validation that=
are packaged in jsp-api.jar to servlet-api.jar so that an embedded Tom=
cat instance can start without Jasper being available. This also enable=
s validation to work without Jasper being available. (markt/kkolinko)
fix 56039: Enable the JmxRemoteLifecycleListener to work over S=
SL. Patch by esengstrom. (markt)
Other
fix 55743: Enable the stop script to work when the shutdown por=
t is disabled and a PID file is defined. This is only available on plat=
forms that use catalina.sh. (markt)
fix 55986: When forcing Tomcat to stop via kill -9 $CATALINA_PI=
D, the catalina.sh script could incorrectly report that Tomcat had not =
yet completely stopped when it had. Based on a patch by jess. (markt)
fix Package correct license and notice files with embedded JARs=
. (markt)
code Remove svn keywords (such as $Id) from source files and do=
cumentation. (kkolinko)
fix Fix CVE-2014-0050, a denial of service with a malicious, ma=
lformed Content-Type header and multipart request processing. Fixed by =
merging latest code (r1565163) from Commons FileUpload. (markt)
fix 56115: Expose the httpusecaches property of Ant's get task =
as some users may need to change the default. Based on a suggestion by =
Anthony. (markt)
Tomcat 7.0.50 (violetagg) released 2014-01-08
Catalina
fix Handle the case where a context.xml file is added to a web =
application deployed from a directory. Previously the file was ignored =
until Tomcat was restarted. Now (assuming automatic deployment is enabl=
ed) it will trigger a redeploy of the web application. (markt)
fix Fix string comparison in HostConfig.setContextClass(). (kko=
linko)
code Streamline handling of WebSocket messages when no handler =
is configured for the message currently being received. (markt)
fix Handle the case where a WebSocket annotation configures a m=
essage size limit larger than the default permitted by Tomcat. (markt)
fix 55855: This is a partial fix that bypasses the relatively e=
xpensive check for a WebSocket upgrade request if no WebSocket endpoint=
s have been registered. (markt)
fix 55905: Prevent a NPE when web.xml references a taglib file =
that does not exist. Provide better error message. (violetagg)
Coyote
fix When using the BIO connector with an internal executor, do =
not display a warning that the executor has not shutdown as the default=
configuration for BIO connectors is not to wait. This is because threa=
ds in keep-alive connections cannot be interrupted and therefore the wa=
rning was nearly always displayed. (markt)
Jasper
fix JspC uses servlet context initialization parameters to pass=
configuration so ensure that the servlet context used supports initial=
ization parameters. (markt)
Cluster
fix In AbstractReplicatedMap#finalize, remove rpcChannel from c=
hannel Listener of group channel before sending MapMessage.MSG_STOP mes=
sage. This prevents that the node that sent the MapMessage.MSG_STOP by =
normal shutdown is added to member map again by ping at heartbeat threa=
d in the node that received the MapMessage.MSG_STOP. (kfujino)
fix Add time stamp to GET_ALL_SESSIONS message. (kfujino)
Web applications
fix Fix the sample configuration of StaticMembershipInterceptor=
in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)
Extras
update Update dependencies that are used to build tomcat-juli e=
xtras component. Apache Avalon Framework is updated to version 4.1.5, A=
pache Log4J to version 1.2.17. (rjung)
Tomcat 7.0.49 (violetagg) not released
Catalina
fix Correct a regression in the new XML local resolver that tri=
ggered false failures when XML validation was configured. (markt)
fix Prevent a NPE when destroying HTTP upgrade handler for WebS=
ocket connections. (violetagg)
Tomcat 7.0.48 (violetagg) not released
Catalina
add 51294: Add support for unpacking WARs located outside of th=
e Host's appBase in to the appBase. (markt)
fix 55656: Configure the Digester to use the server class loade=
r when parsing server.xml rather than the class loader that loaded Stan=
dardServer. Patch provided by Roberto Benedetti. (markt)
fix 55664: Correctly handle JSR 356 WebSocket Encoder, Decoder =
and MessageHandler implementations that use a generic type such as Enco=
der.Text<List<String>>. Includes a test case by Niki Dokovski. (markt)
fix Correctly handle WebSocket Encoders, Decoders and MessageHa=
ndlers that use arrays of generic types. (markt)
fix 55681: Ensure that the WebSocket session is made available =
to MessageHandler method calls. (markt)
fix Updated servlet spec version and documentation section-numb=
er reported when JAR files are rejected for containing a trigger class =
(e.g. javax.servlet.Servlet). (schultz)
add Modify the WebSocket handshake process so that the user pro=
perties Map exposed by the ServerEndpointConfig during the call to Conf=
igurator.modifyHandshake() is unique to the connection rather than shar=
ed by all connections associated with the Endpoint. This allows for eas=
ier configuration of per connection properties from within modifyHandsh=
ake(). (markt)
fix 55684: Log a warning but continue if the memory leak detect=
ion code is unable to access all threads to check for possible memory l=
eaks when a web application is stopped. (markt)
fix Define the web-fragment.xml in tomcat7-websocket.jar as a S=
ervlet 3.0 web fragment rather than as a Servlet 3.1 web fragment. (mar=
kt)
fix 55715: Add a per web application executor to the WebSocket =
implementation and use it for calling SendHandler.onResult() when there=
is a chance that the current thread also initiated the write. (markt)
fix Prevent file descriptors leak and ensure that files are clo=
sed when configuring the web application. (violetagg)
fix Fixed the name of the provider-configuration file located i=
n tomcat7-websocket.jar!/META-INF/services that exposes information for=
javax.websocket.server.ServerEndpointConfig$Configurator implementatio=
n. (violetagg)
fix 55760: Remove the unnecessary setting of the javax.security=
.auth.useSubjectCredsOnly system property in the SpnegoAuthenticator as=
in addition to it being unnecessary, it causes problems with using SPN=
EGO with IBM JDKs. Patch provided by Arunav Sanyal. (markt)
fix 55772: Ensure that the request and response are recycled af=
ter an error during asynchronous processing. Includes a test case based=
on code contributed by Todd West. (markt)
fix 55778: Add an option to the JNDI Realm to control the QOP u=
sed for the connection to the LDAP server after authentication when usi=
ng SPNEGO with delegated credentials. This value is used to set the jav=
ax.security.sasl.qop environment property for the LDAP connection. (mar=
kt)
fix 55798: Log an error if the MemoryUserDatabase is unable to =
find the specified user database file. (markt)
fix 55799: Correctly enforce the restriction in JSR356 that no =
more than one data message may be sent to a remote WebSocket endpoint a=
t a time. (markt)
fix When Catalina parses TLD files, always use a namespace awar=
e parser to be consistent with how Jasper parses TLD files. The tldName=
spaceAware attribute of the Context is now ignored. (markt)
fix Deprecate the tldNamespaceAware Context attribute as TLDs a=
re always parsed with a namespace aware parser. (markt)
fix Correct a logic error that meant that unpackWARs was ignore=
d and the WAR was always expanded if a WAR failed to deploy. (markt)
add Add support for defining copyXML on a per Context basis. (m=
arkt)
fix Define the expected behaviour of the automatic deployment a=
nd align the implementation to that definition. (markt)
add When running under a security manager, change the default v=
alue of the Host's deployXML attribute to false. (markt)
add If a Host is configured with a value of false for deployXML=
, a web application has an embedded descriptor at META-INF/context.xml =
and no explicit descriptor has been defined for this application, do no=
t allow the application to start. The reason for this is that the embed=
ded descriptor may contain configuration necessary for secure operation=
such as a RemoteAddrValve. (markt)
fix Prevent an NPE in the WebSocket ServerContainer when proces=
sing an HTTP session end event. (markt)
add 55801: Add the ability to set a custom SSLContext to use fo=
r client wss connections. Patch provided by Maciej Lypik. (markt)
fix 55804: If the GSSCredential for the cached Principal expire=
s when using SPNEGO authentication, force a re-authentication. (markt)
add 55811: If the main web.xml contains an empty absolute-order=
ing element and validation of web.xml is not enabled, skip parsing any =
web-fragment.xml files as the result is never used. (markt)
fix 55839: Extend support for digest prefixes {MD5}, {SHA} and =
{SSHA} to all Realms rather than just the JNDIRealm. (markt)
fix 55842: Ensure that if a larger than default response buffer=
is configured that the full buffer is used when a Servlet outputs via =
a Writer. (markt)
fix 55851: Further fixes to enable SPNEGO authentication to wor=
k with IBM JDKs. Based on a patch by Arunav Sanyal. (markt)
add Fix CVE-2013-4590: Add an option to the Context to control =
the blocking of XML external entities when parsing XML configuration fi=
les and enable this blocking by default when a security manager is used=
. The block is implemented via a custom resolver to enable the logging =
of any blocked entities. (markt)
Coyote
code Implement a number of small refactorings to the APR/native=
handler for upgraded HTTP connections. (markt)
fix Fix an issue with upgraded HTTP connections over HTTPS (e.g=
. secure WebSocket) when using the APR/native connector that resulted i=
n the unexpected closure of the connection. (markt)
fix Ensure that the application class loader is used when calli=
ng the ReadListener and WriteListener methods when using non-blocking I=
O. A side effect of not doing this was that JNDI was not available when=
processing WebSocket events. (markt)
add Make the time that the internal executor (if used) waits fo=
r request processing threads to terminate before continuing with the co=
nnector stop process configurable. (markt)
fix 55749: Improve the error message when SSLEngine is disabled=
in the AprLifecycleListener and SSL is configured for an APR/native co=
nnector. (markt)
add If a request that includes an Expect: 100-continue header r=
eceives anything other than a 2xx response, close the connection This p=
rotects against misbehaving clients that may not sent the request body =
in that case and send the next request instead. (markt)
fix Improve the parsing of trailing headers in HTTP requests. (=
markt)
Jasper
fix 55735: Fix a regression caused by the fix to 55198. When pr=
ocessing JSP documents, attributes in XML elements that are template co=
ntent should have their text xml-escaped, but output of EL expressions =
in them should not be escaped. (markt)
fix 55807: The JSP compiler used a last modified time of -1 for=
TLDs in JARs expanded in to WEB-INF/classes (IDEs often do this expans=
ion) when creating the dependency list for JSPs that used that TLD. Thi=
s meant JSPs using that TLD were recompiled on every access. (markt)
Cluster
add Add log message that initialization of AbstractReplicatedMa=
p has been completed. (kfujino)
fix The logger of AbstractReplicatedMap should be non-static in=
order to enable logging of each application. Side-effects of this chan=
ge is to throw RuntimeException in MapMessage#getKey() and getValue() i=
nstead of Null return and error log. (kfujino)
code Simplify the code of DeltaManager#startInternal(). Reduce =
unnecessary nesting for acquisition of cluster instance. (kfujino)
fix Remove unnecessary attributes of stateTransferCreateSendTim=
e and receiverQueue from cluster manager template. These attributes sho=
uld not be defined as a template. (kfujino)
fix Fix MBean attribute definition of stateTransfered. The meth=
od name is not isStateTransfered() but getStateTransfered(). (kfujino)
fix Correct stop failure log of cluster. Failure cause is not o=
nly Valve. (kfujino)
fix Remove unnecessary sleep when sending session blocks on ses=
sion sync phase. (kfujino)
fix Expose stateTimestampDrop of org.apache.catalina.ha.session=
.DeltaManager via JMX. (kfujino)
fix When the ping timeouted, make sure that memberDisappeared m=
ethod is not called by specifying the members that has already been rem=
oved. (kfujino)
add Add log message of session relocation when member disappear=
ed. (kfujino)
fix If ping message fails, prevent wrong timeout detection of n=
ormal member that is no failure members. (kfujino)
Web applications
add Add some documentation on the SSL configuration options for=
WebSocket clients. (markt)
add Add to cluster document a description of notifyLifecycleLis=
tenerOnFailure and heartbeatBackgroundEnabled. (kfujino)
fix Update the documentation with information for WebSocket 1.0=
specification and javadoc. (violetagg)
fix 55703: Clarify the role of the singleton attribute for JNDI=
resource factories. (markt)
fix 55746: Add documentation on the allRolesMode to the Combine=
dRealm and LockOutRealm. Patch by C=E9dric Couralet. (markt)
add Expand the information on web applications that ship as par=
t of Tomcat in the security how-to section of the documentation web app=
lication. (markt)
fix Expand the description of the WebSocket buffers in the docu=
mentation web application to clarify their purpose. (markt)
add Correct the documentation for Cluster manager. (kfujino)
add Add information on how to configure integrated Windows auth=
entication when Tomcat is running on a non-Windows host. (markt)
Extras
update Update commons-logging to version 1.1.3. (rjung)
Other
add 52323: Add support for the Cobertura code coverage tool whe=
n running the unit tests. Based on a patch by mhasko. (markt/kkolinko)
update Update sample Eclipse IDE project. Explicitly use a Java=
6 SE JDK. Exclude JSR356 WebSocket classes from build path, as they ca=
nnot be compiled with Java 6. (kkolinko)
update Update the Eclipse compiler to 4.3.1. (kkolinko/markt)
|
|
www/contao32: security update
Revisions pulled up:
- www/contao/Makefile.common 1.64
- www/contao32/distinfo 1.10
- www/contao32/patches/patch-system_bin_sqldump 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 7 13:30:06 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: distinfo
pkgsrc/www/contao32/patches: patch-system_bin_sqldump
Log Message:
Update contao32 to 3.2.9.
Version 3.2.9 (2014-04-07)
--------------------------
### Fixed
Fixed a critical vulnerability of the install tool (see #6855).
### Fixed
Filter disabled groups in the registration module in the front end (see #6757).
### Fixed
Work around a bug in SimplePie with the "skip items" option (see #6107).
### Fixed
Fix the Swipe "continuous" option if there are exactly two slides (see #6812).
### Fixed
Apply `addslashes()` to strings in the `Config` class (see #6808).
### Fixed
Do not empty all fallback fields in sorting mode 4 (see #6498).
### Fixed
Do not allow template names to be longer than the DB fields (see #6819).
### Fixed
Correctly set the start time of a multi-day event (see #6802).
### Fixed
Correctly handle OR queries in the listing module (see #6344).
### Fixed
Use a monospaced font for the plain text newsletter preview (see #6790).
### Fixed
Adjust the `vScrollTo()` offset if the paste hint is visible (see #6478).
|
|
www/contao211: security update
Revisions pulled up:
- www/contao/Makefile.common 1.63
- www/contao211/Makefile 1.15
- www/contao211/distinfo 1.22
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 7 13:27:56 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao211: Makefile distinfo
Log Message:
Update contao211 to 2.11.17.
Version 2.11.17 (2014-04-07)
----------------------------
### Fixed
Fixed a critical vulnerability of the install tool (see #6855).
|
|
Fixed in 7.36.0 - March 26 2014
Release contains security-related bug fixes
Changes:
ntlm: Added support for NTLMv2
tool: Added support for URL specific options
openssl: add ALPN support
gtls: add ALPN support
nss: add ALPN and NPN support
added CURLOPT_EXPECT_100_TIMEOUT_MS
tool: add --no-alpn and --no-npn
added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
winssl: enable TLSv1.1 and TLSv1.2 by default
winssl: TLSv1.2 disables certificate signatures using MD5 hash
winssl: enable hostname verification of IP address using SAN or CN
darwinssl: Don't omit CN verification when an IP address is used
http2: build with current nghttp2 version
polarssl: dropped support for PolarSSL < 1.3.0
openssl: info message with SSL version used
Bugfixes:
SECURITY ADVISORY: wrong re-use of connections
SECURITY ADVISORY: IP address wildcard certificate validation
SECURITY ADVISORY: not verifying certs for TLS to IP address / Darwinssl
SECURITY ADVISORY: not verifying certs for TLS to IP address / Winssl
nss: allow to use ECC ciphers if NSS implements them
netrc: Fixed a memory leak in an OOM condition
ftp: fixed a memory leak on wildcard error path
pipeline: Fixed a NULL pointer dereference on OOM
nss: prefer highest available TLS version
100-continue: fix timeout condition
ssh: Fixed a NULL pointer dereference on OOM condition
formpost: use semicolon in multipart/mixaed
--help: add missing --tlsv1.x options
formdata: Fixed memory leak on OOM condition
ConnectionExists: reusing possible HTTP+NTLM connections better
mingw32: fix compilation
chunked decoder: track overflows correctly
curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
dict: fix memory leak in OOM exit path
valgrind: added suppression on optimized code
curl: output protocol headers using binary mode
tool: Added URL index to password prompt for multiple operations
ConnectionExists: re-use non-NTLM connections better
axtls: call ssl_read repeatedly
multi: make MAXCONNECTS default 4 x number of easy handles function
configure: Fix the --disable-crypto-auth option
multi: ignore SIGPIPE internally
curl.1: update the description of --tlsv1
SFTP: skip reading the dir when NOBODY=1
easy: Fixed a memory leak on OOM condition
tool: Fixed incorrect return code when setting HTTP request fails
configure: Tiny fix to honor POSIX
tool: Do not output libcurl source for the information only parameters
Rework Open Watcom make files to use standard Wmake features
x509asn: moved out Curl_verifyhost from NSS builds
configure: call it GSS-API
hostcheck: Curl_cert_hostcheck is not used by NSS builds
multi_runsingle: move timestamp into INIT
remote_port: allow connect to port 0
parse_remote_port: error out on illegal port numbers better
ssh: Pass errors from libssh2_sftp_read up the stack
docs: remove documentation on setting up krb4 support
polarssl: build fixes to work with PolarSSL 1.3.x
polarssl: fix possible handshake timeout issue in multi
nss: allow to enable/disable cipher-suites better
ssh: prevent a logic error that could result in an infinite loop
http2: free resources on disconnect
polarssl: avoid extra newlines in debug messages
rtsp: parse "Session:" header properly
trynextip: don't store 'ai' on failed connects
Curl_cert_hostcheck: strip trailing dots in host name and wildcard
|
|
Changelog:
* Sync with seamonkey-2.25
|
|
* Change enigmail build mechanism
Changelog:
2.25:
SeaMonkey-specific changes
Newsgroup names can now be entered using autocompletion.
See the changes page for a more complete overview.
Mozilla platform changes
The Gamepad API has been finalized and enabled (learn more).
VP9 video decoding has been implemented.
Support for Opus in WebM was added.
Volume control for HTML5 audio/video has been added.
Mac OS X Notification Center support has been added for web notifications.
Support for spdy/2 has been removed.
Support for multi-line flexbox in layout has been added.
Support for the MathML 2.0 mathvariant attribute has been added.
Background thread hang reporting has been added.
<input type=color> has been implemented and enabled.
Fixed several stability issues.
Fixed in SeaMonkey 2.25
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
2.24:
SeaMonkey-specific changes
The DoNotTrack and Prompt on Sanitize preferences are now kept in sync.
A pref (mailnews.p7m_external) has been added to allow users to choose an alternate application/pkcs7-mime handling.
Support for Atom Threading Extensions (RFC 4685) has been added.
Migrating profiles from Thunderbird supports the new signons file format now (support for the old format has been dropped).
Autocomplete drop-downs (e.g. used on the Location Bar and Open Location dialog) now show favicons for their entries.
The account name is now displayed in the status bar for all messages when checking mail.
IMAP alert messages now show the server of the corresponding mail account.
Newsgroup names are now searched for all search strings combined (AND-search) on the subscribe dialog.
See the changes page for a more complete overview.
Mozilla platform changes
Removed support for importing logins from the legacy signons.txt format, including the Base64 conversion (bug 717490).
Enabled support for TLS 1.2 (RFC 5246) by default (bug 861266).
Added support for the SPDY 3.1 protocol.
Added ability to reset style sheets using all:unset.
Added support for scrolled fieldsets (overflow property support, bug 261037).
Implemented allow-popups directive for iframe sandbox, enabling increased security (bug 766282).
Unprefixed CSS cursor keywords -moz-grab and -moz-grabbing (bug 880672).
Added support for ES6 generators in SpiderMonkey (blog post).
Implemented support for mathematical function Math.hypot() in ES6 (bug 896264).
Added dashed line support on Canvas (bug 768067).
Fixed Azure/Skia content rendering on Linux (bug 740200).
Fixed several stability issues.
Fixed in SeaMonkey 2.24
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
|
|
|
|
Changelog
=========
Since 2.5.1-rc
----------------
bugfix: can't view object link in notification when an email does not have a subject.
Since 2.5.1-beta
----------------
bugfix: cannot add milestones in templates
bugfix: when adding template, after adding milestone cannot select it when adding a task
Since 2.5.0.6
----------------
bugfix: Template view broken by single quote in property name.
bugfix: when edit a template if have milestones you can't see tasks.
bugfix: don't show members that cannot be used in member selector.
Since 2.5.0.5
----------------
bugfix: Tasks grouping by dimension fixed.
Since 2.5.0.4
----------------
performance: Issue when loading persons dim.
bugfix: Imap folders are not saved when editing an email account.
bugfix: Cannot unclassify mails from classify form.
bugfix: Emessage not shown when inputing dates with incorrect format.
bugfix: Add start date to task view.
bugfix: Get tasks by range query does not include logged user's timezone.
bugfix: In task complete edition form, assigned to are not displayed correctly.
bugfix: Issue in include myself in document notifications.
bugfix: Set db charset when reconnecting in abstract db adapter.
Since 2.5.0.3
----------------
bugfix: Add attachments column in queued_emails in upgrade scripts.
bugfix: Set db charset when reconnecting in abstract db adapter.
Since 2.5.0.2
----------------
bugfix: Render member selectors with preloaded member info.
bugfix: Order by name doesn't work on object list.
bugfix: People widget only display users.
Since 2.5.0.1
----------------
bugfix: on mysql 5.6 have_innodb variable is deprecated
Since 2.5
----------------
feature: Allow to configure dashboard widget position and order for each user.
feature: Allow to configure default dashboard widget position and order for all users.
feature: Comments dashboard widget.
feature: Email dashboard widget.
feature: choose to filter calendar widget or not.
feature: choose the user to filter the tasks widget.
bugfix: when add a timeslot by clock on tasks update the percent complete.
bugfix: if a file doesn't have revision when classify create one.
bugfix: several minor fixes of undefined variables, missing langs, etc.
bugfix: when disabling or reactivating users from company view, users list is not reloaded.
bugfix: member selector displayed wrong data
bugfix: on task add/edit view, assignee combo displayed wrong data
bugfix: subscribers and invited people were not shown correctly
bugfix: encoding when receiving emails
bugfix: when editing a classified timeslot, its context was not shown
bugfix: in file upload, the name is not changed if a new name is entered
bugfix: missing langs and sql changes for email user config options
Since 2.5-rc
----------------
bugfix: general search form submitted by enter key doesn't work in Google Chrome
bugfix: links are now saved as such when using WYSIWYG
bugfix: primary-breadcrumb show exact context
bugfix: mysql transaction problem when sending emails without using a cronjob
bugfix: when making a new installation, users were not shown by default
Since 2.5-beta
----------------
bugfix: if a file doesn't have a revision, when classifying an email create one.
bugfix: when adding a timeslot by clock on tasks, task progress bar was not updated correctly.
bugfix: fixed custom reports using boolean conditions in false.
bugfix: problems with paging on the overview list.
bugfix: on activity widget, when clicking on a member, change dimension.
|
|
* Applied patch #9 (Crash when more than one authplugin are selected)
by Frederic Bourgeois
* Added feature to allow Facebook mock ajax (request #6) by Jason Spiro
* Added contrib dir
* Added a new html & css validated html template in contrib (request #3).
By Chris Peschke
* Converted iso-8859 message files to utf-8 (bug #86). Suggested
by Fred Ulisses Maranhao
* Fixed Error reading Content-Length (bug #84). By Carlos Soto
* Fixed compilation error BSD due lack of string.h when using
memcpy() (bug #75). By Alexander Hornung
* Fixed exceptioniplist case sensitivity (bug #11). By Mark J Hewitt
* Fixed accept-encoding support for new tokens (bug #13). By userquin
* Applied patch 3438750 (GCC 4.4 and 4.6 compatibility) by Mathieu PARENT
* Applied patch 3438749 (French translation update) by Mathieu PARENT
* Applied patch 3418297 (Set proxy timeout in dansguardian.conf)
by Frederic Bourgeois
* Applied patch 3419088 (login/password in URL is dropped) by Mathieu PARENT
* Applied patch 3419089 ("Expect" header should be dropped) by Mathieu PARENT
* Applied patch 3438751 (Fix queue handling in OptionContainer)
by Mathieu PARENT
* Applied patch 3515167 (Fix digest identication) by Frederic Bourgeois
* Fixed GCC warnings
* LFS review in String.cpp (requires different arch review yet)
Previous release notes seem to be lost - the build structure changed, and:
Both the main configuration file and the filter group configuration
file(s) have changed since the last stable release. If you try
to re-use the configuration from an existing copy of 2.8.0.6 or
earlier, the daemon will not start. On the other hand, list
files (phrase lists, domain lists, etc.) have not changed format,
and should largely "just work". There have been improvements to
the default list files, though, so again it is recommended that
you start from the new version and re-do any customisations.
|
|
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts.
*) mod_proxy_http: Core dumped under high load. PR 50335.
*) proxy_util: NULL terminate the right buffer in 'send_http_connect'.
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>.
*) mod_ldap: Fix a potential memory leak or corruption.
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request.
*) mod_rewrite: Add mod_rewrite.h to the headers installed on Windows.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Update MESSAGE to use nginx and php-fpm.
I cannot enable with apache24 (yet).
Changelog:
Version 6.0.2 March 3rd 2014
Several security fixes
Improved trash bin performance for deleting lots of files
Mobile interface improvements
Fix key problems in encryption mode in rare situations
Smaller LDAP improvements
Fix the keep-alive ping for non standard php session lifetimes
Cleanup storage table when deleting an entry
Fix compatibility with xsendfile mode
Fix file size calculation in encryption mode
Fix image previews in trash bin
Fix public upload with enabled enryption
Added APC enabled check
Correctly localise date in notification emails
Improve compatibility with some CIFS servers
Fix shared files and Gallery
Several Contacts compatibility improvements
Several Documents improvements
A lot of smaller bug fixes
|
|
encrypted-session https://github.com/agentzh/encrypted-session-nginx-module
|
|
encrypted-session https://github.com/agentzh/encrypted-session-nginx-module
|
|
Changelog:
Fixed in Firefox ESR 24.4
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
http://wiki.nginx.org/HttpSetMiscModule and ngx_headers_more
http://wiki.nginx.org/HttpHeadersMoreModule
|
|
http://wiki.nginx.org/HttpHeadersMoreModule
|
|
* Sync with firefox-28.0
|
|
Changelog:
NEW
VP9 video decoding implemented
NEW
Mac OS X: Notification Center support for web notifications
NEW
Horizontal HTML5 audio/video volume control
NEW
Support for Opus in WebM
CHANGED
Now that spdy/3 is implemented support for spdy/2 has been removed and servers without spdy/3 will negotiate to http/1 without any penalty
DEVELOPER
Support for MathML 2.0 'mathvariant' attribute
DEVELOPER
Background thread hang reporting
DEVELOPER
Support for multi-line flexbox in layout
FIXED
Various security fixes
Fixed in Firefox 28
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
|
|
|
|
Approved by: wiz@
Upstream changes:
2.5.5
Highlights
MDL-43733 - Auto-saved responses are used when a quiz attempt is submitted automatically
MDL-27414 - Random short answer matching question type now works again (with thanks to Jean-Michel Védrine)
Functional changes
MDL-40821 - Language menu in Clean shows language used
API changes
MDL-43882 - "Time spent waiting for the database" value added to performance info
UI changes
MDL-44425 - Skydrive, Box.net and Google Docs are renamed OneDrive, Box and Google Drive respectively to reflect these remote service name changes.
Security issues
MSA-14-0004 Incorrect filtering in Quiz
MSA-14-0005 Access issue in Feedback activity
MSA-14-0006 Capability issue in Chat
MSA-14-0007 Access issue in Wiki
MSA-14-0008 Cross site scripting potential in Flowplayer
MSA-14-0009 Identity information leak in Forum and Quiz
MSA-14-0010 Identity information leak in Alfresco Repository
MSA-14-0011 Cross site request forgery potential in IMS enrolments
MSA-14-0012 Access issue in Badges
Fixes and improvements
MDL-40705 - Long course names are truncated in navigation menu
MDL-40205 - Long block titles are truncated in Clean
MDL-42882 - Performance improvement to missing root directory upgrade step
MDL-40849 - Assignment marking guide screen fixed in Clean
MDL-44217 - The link colour in Bootstrapbase (and Clean) is now WCAG compliant
MDL-44029 - Quiz user overrides no longer deleted by group event handler
MDL-44018 - Variant field of question_attempts is backed up by Moodle backup
MDL-43941 - Activity show/hide toggle fixed in hidden and orphaned sections
MDL-43306 - Backup no longer introduces duplicate gradeitem sortorders when restoring
2.5.4
Highlights
MDL-41819 - Able to edit a larger number of grades in the grader report
Functional changes
MDL-42504 - Quiz auto-save detects that the connection to the server has been lost and warns students
API changes
MDL-40741 - Behat tests adapted to Clean theme
MDL-42942 - Environmental information shown at the beginning of every Behat run
Security issues
MSA-14-0001 Config passwords visibility issue
MSA-14-0002 Group constraints lacking in "login as"
MSA-14-0003 Cross-site request forgery vulnerability in profile fields
Fixes and improvements
MDL-34182 - Invalid JSON no longer output on filepicker when repository plugins output invalid content
MDL-43367 - get_child_contexts() returns correct contexts when context path missing
MDL-42913 - Group cache works as expected
MDL-40003 - Assignment submission comments are restored
MDL-42085 - Default enrolment duration is now applied when manually enrolling a user
|
|
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the "proxy_protocol" parameters of the "listen" and
"real_ip_header" directives, the $proxy_protocol_addr variable.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
|
|
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
|
|
*) mod_ssl: Work around a bug in some older versions of OpenSSL that
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent.
*) mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the map
handler code executes
Changes 2.4.8:
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
*) core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
non-ancient PCRE library)
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts.
*) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
execution when a handler is already set.
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request.
*) mod_ssl: Remove the hardcoded algorithm-type dependency for the
SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile).
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
*) prefork: Fix long delays when doing a graceful restart.
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5.
*) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
IDs 02445, 02446, and 02448 to TRACE1 from DEBUG.
*) mod_remoteip: Correct the trusted proxy match test.
*) mod_proxy_fcgi: Fix error message when an unexpected protocol version
number is received from the application.
*) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header.
*) mod_lua: Allow for database results to be returned as a hash with
row-name/value pairs instead of just row-number/value.
*) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
%{REMOTE_ADDR}.
*) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
save the socket for reuse by the next worker as if it were an
APR_SO_DISCONNECTED socket. Restores 2.2 behavior.
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
that was just rewritten by mod_rewrite.
*) mod_session: When we have a session we were unable to decode,
behave as if there was no session at all.
*) mod_session: Fix problems interpreting the SessionInclude and
SessionExclude configuration.
*) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
stanzas under virtual hosts.
*) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
30 seconds timeout.
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint
*) build: only search for modules (config*.m4) in known subdirectories, see
build/config-stubs.
*) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
*) mod_ssl: Add support for OpenSSL configuration commands by introducing
the SSLOpenSSLConfCmd directive.
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>.
*) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
require directives.
*) mod_proxy_http: Core dumped under high load.
*) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
previously limited to 64MB.
*) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
to prevent truncating files.
|
|
|
|
pkglint cleanups.
|
