Age | Commit message (Collapse) | Author | Files | Lines |
|
From Nils Ratusznik per PR pkg/45743.
|
|
|
|
Such dependencies should be pulled in by p5-Template-Plugin-Latex.
|
|
- Improved documentation.
- Improved tests.
- Fixed Hypnotoad HTTPS bug.
- Fixed small URL escaping bug in Mojo::UserAgent::Transactor.
- Fixed small MIME::Base64 and MIME::QuotedPrint related bugs in
Mojo::Util. (sestegra, sri)
2.47 2012-02-06 00:00:00
- Deprecated Hypnotoad configuration files in favor of more powerful
application configuration files.
- Deprecated Mojo::Server::Daemon->prepare_ioloop in favor of
Mojo::Server::Daemon->start.
- Deprecated Mojo::Headers->x_forwarded_for.
- Added EXPERIMENTAL config method to Mojo.
- Added EXPERIMENTAL ca attribute to Mojo::UserAgent.
- Added EXPERIMENTAL drain event to Mojo::Content.
- Added EXPERIMENTAL drain event to Mojo::Transaction::WebSocket.
- Added EXPERIMENTAL support for RSV1-3 flags to
Mojo::Transaction::WebSocket.
- Added EXPERIMENTAL tls_ca option to Mojo::IOLoop::Client->connect.
- Added lock_timeout parameter to Hypnotoad.
- Removed experimental status from JSON Pointer support.
- Removed Cygwin exception from Hypnotoad.
- Replaced drop_handle and drop_timer methods in Mojo::IOWatcher with
drop method.
- Renamed change and watch methods in Mojo::IOWatcher to watch and
io.
- Renamed resume and pause methods in Mojo::IOLoop::Server to start
and stop.
- Renamed resume and pause methods in Mojo::IOLoop::Stream to start
and stop.
- Added pdf MIME type. (bfaist)
- Improved documentation.
- Improved tests.
- Improved CSS of some built-in templates.
- Fixed bug that prevented newer dual-life modules to be loaded.
- Fixed small bug in Mojo::IOLoop::Stream that caused close events to
fail sometimes.
- Fixed small relative URL detection bug in get command.
2.46 2012-01-25 00:00:00
- Added EXPERIMENTAL request_timeout attribute to Mojo::UserAgent.
- Added EXPERIMENTAL text_after and text_before methods to Mojo::DOM.
- Improved all uses of syswrite to be more defensive. (bduggan, sri)
- Improved documentation.
- Improved tests.
- Fixed small parser bug in Mojo::Message::Response.
- Fixed small partial rendering bug.
- Fixed small HTML5 parser bug in Mojo::DOM::HTML. (dougwilson)
2.45 2012-01-18 00:00:00
- Removed T-Shirt link.
- Fixed small caching bug in Mojolicious::Plugin::EPRenderer.
- Fixed typo in exception template.
2.44 2012-01-18 00:00:00
- Added new not_found page for development mode.
- Added EXPERIMENTAL url_with helper to
Mojolicious::Plugin::DefaultHelpers. (diegok, marcus, judofyr, sri)
- Added EXPERIMENTAL support for removing query parameters while
merging to query method of Mojo::URL. (marcus, judofyr, sri)
- Removed experimental status from Mojo::IOLoop::Delay.
- Removed defer method from Mojo::IOLoop.
- Improved exception page for development mode.
- Improved syntax highlighting in perldoc browser slightly.
- Improved Mojo::Base tests.
- Improved documentation.
- Fixed Mojo::Command->app to be an attribute and not a method.
- Fixed Mojo::ByteStream, Mojo::Collection and Mojo::DOM to not be
subclasses of Mojo::Base.
|
|
Update Dutch and Japanese language files.
|
|
* Regression Bug 3441: part 2: Prevent further cache size corruption of
swap.state
* Bug 3473: erase last uses of obsolete auth_user_hash_pointer
* Bug 3470: GCC 4.7
* Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
* Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
* Bug 3440: compile error in Adaptation
* Bug 3420: Request body consumption races and !theConsumer exception
* Bug 3370: external ACL sometimes skipping
* Bug 3085: Crash when parsing esi:include
* HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
* Fix SSL library dependency fixes
|
|
- Bug fixes:
- Prevent a segmentation fault when de-chunking buffered content.
It could be triggered by malicious web servers if Privoxy was
configured to filter the content and running on a platform
where SIZE_T_MAX isn't larger than UINT_MAX, which probably
includes most 32-bit systems.
- Do not expect a response from the SOCKS4/4A server until it
got something to respond to. This regression was introduced
in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
- General improvements:
- Fix an off-by-one in an error message about connect failures.
- Use a GNUMakefile variable for the webserver root directory and
update the path. Sourceforge changed it which broke various
web-related targets.
- Update the CODE_STATUS description.
|
|
(this pkg is somewhat outdated, but it might be a low-footprint
alternative to newer versions which require webkit)
|
|
(it would build with 0.14 as well, but for pkgsrc we should be strict)
|
|
|
|
compatibility with Subversion 1.7 (#10414)
easier troubleshooting of common startup errors (#10024)
jQuery upgraded to 1.4.4 (#10001)
improve fine-grained permission handling in the source browser (#9976, #10208, #10110)
... and dozens more fixes!
|
|
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)
Enjoy.
|
|
Unicorn is an HTTP server for Rack applications designed to only serve
fast clients on low-latency, high-bandwidth connections and take
advantage of features in Unix/Unix-like kernels. Slow clients should
only be served by placing a reverse proxy capable of fully buffering
both the the request and response in between Unicorn and slow clients.
|
|
Raindrops is a real-time stats toolkit to show statistics for Rack HTTP
servers. It is designed for preforking servers such as Rainbows! and
Unicorn, but should support any Rack HTTP server under Ruby 1.9, 1.8
and Rubinius on platforms supporting POSIX shared memory. It may also
be used as a generic scoreboard for sharing atomic counters across
multiple processes.
|
|
Patch from awstat's CVS repo.
|
|
* Bugfixes
* Some improvements.
* Add Report function.
See: http://code.google.com/p/aipo/wiki/ReleaseNote6030 (written in Japanese)
|
|
Changelog:
* Improvements.
* Bugfixes
|
|
|
|
changes: bugfixes
|
|
* mdwn: Added nodiscount setting, which can be used to avoid using the
markdown discount engine, when maximum compatability is needed.
* Switch to YAML::XS to work around insanity in YAML::Mo. Closes: #657533
* cvs: Ensure text files are added in non-binary mode. (Amitai Schlair)
* cvs: Various cleanups and testing. (Amitai Schlair)
* calendar: Fix strftime encoding bug.
* shortcuts: Fixed a broken shortcut to wikipedia (accidentially
made into a shortcut to wikiMedia).
* Various portability improvements. (Amitai Schlair)
|
|
|
|
|
|
|
|
Drupal 7.11, 2012-02-01
----------------------
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-001.
|
|
Drupal 6.23, 2012-02-01
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2012-001.
|
|
- SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]
- SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
- SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations.
[Joe Orton]
- SECURITY: CVE-2012-0021 (cve.mitre.org)
mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
string is in use and a client sends a nameless, valueless cookie, causing
a denial of service. The issue existed since version 2.2.17. Bug#52256.
[Rainer Canavan <rainer-apache 7val com>]
- SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
- SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose "httpOnly" cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
- mod_proxy_ajp: Try to prevent a single long request from marking a worker
in error. [Jean-Frederic Clere]
- config: Update the default mod_ssl configuration: Disable SSLv2, only
allow >= 128bit ciphers, add commented example for speed optimized cipher
list, limit MSIE workaround to MSIE <= 5. [Kaspar Brand]
- core: Fix segfault in ap_send_interim_response(). Bug#52315.
[Stefan Fritsch]
- mod_log_config: Prevent segfault. Bug#50861. [Torsten Foertsch
<torsten.foertsch gmx.net>]
- mod_win32: Invert logic for env var UTF-8 fixing.
Now we exclude a list of vars which we know for sure they dont hold UTF-8
chars; all other vars will be fixed. This has the benefit that now also
all vars from 3rd-party modules will be fixed. Bug#13029 / 34985.
[Guenter Knauf]
- core: Fix hook sorting for Perl modules, a regression introduced in
2.2.21. Bug#45076. [Torsten Foertsch <torsten foertsch gmx net>]
- Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
A range of '0-' will now return 206 instead of 200. Bug#51878.
[Jim Jagielski]
- Example configuration: Fix entry for MaxRanges (use "unlimited" instead
of "0"). [Rainer Jung]
- mod_substitute: Fix buffer overrun. [Ruediger Pluem, Rainer Jung]
Please note that all the security fixes had been integrated into
"pkgsrc" as patches previously.
|
|
|
|
Changes:
0.16 24 Jan 2012
- Remove superfluous call to ->setup in test app
0.15 18 Jan 2012
- Moose-ified to fix https://rt.cpan.org/Ticket/Display.html?id=74132 (karpet)
0.14 18 Nov 2010
- Added "page_size" config option per RT #62335 (karpet)
|
|
Changelog:
0.32 2011-06-08
- Fix handling with enables verify_address and add related test
0.31 2010-10-08
- Fix session being loaded by call to dump_these in debug mode
(RT#58856)
|
|
Changelog:
1.36 2011-10-24 17:58:00
- New apps send an X-Catalyst header by default (this can be
disabled by changing the config in the generated app)
- Fix leaking temporary files in tests. RT#59166
- Fix generated Makefile.PL to always contain unix style paths,
even on Win32. RT#65456
- Fix tests generated for controllers generated with --mechanize
to work with newer versions of Test::WWW::Mechanize::Catalyst
- bump Module::Install dep to 1.02
- Removed stderr hiding from 'make catalyst_par' to display errors
from PAR::Packer
1.35 2011-09-05 13:05:00
- Stop requiring Starman and MooseX::Daemonize on Win32 as they're
optional components in Catalyst::Runtime and won't install
on Windows.
- Fix test to work on Windows.
|
|
This is bug fix only release, no security fix.
2012-01-24 4b9667e [RELEASE] Release of TYPO3 4.6.4 (TYPO3 v4 Release Team)
2012-01-24 6f1ed57 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-01-24 ccd2ebe #31771 [BUGFIX] typolink prepends wrong domain when using url scheme (Dmitry Dulepov)
2012-01-22 a0da123 #33227 [BUGFIX] Regression in language handling (Nils Seinschedt)
2012-01-21 f4b46a1 #32301 [BUGFIX] htmlArea RTE: magic image maxWidth is not working as expected (Stanislas Rolland)
2012-01-20 73acbc1 #31763 [BUGFIX] htmlArea RTE : Adding link problem with IE (Stanislas Rolland)
2012-01-19 b3963b5 #32109 [BUGFIX] PHP warning if open_basedir is enabled (Dmitry Dulepov)
2012-01-18 416dd48 #28007 [BUGFIX] TCEmain::clear_cacheCmd relies on active BE_USER (Steffen Gebert)
2012-01-18 12f76a2 #32374 [BUGFIX] MENU special = updated does not work anymore (Xavier Perseguers)
2012-01-17 4d817e2 #32986 [BUGFIX] Usage of custom caching backends (Michael Klapper)
2012-01-17 6aefbba #32263 [BUGFIX] HTML entity is inserted before and after inline element (Stanislas Rolland)
2012-01-17 74b7a95 #32448 [BUGFIX] Module menu link wrap (Felix Kopp)
2012-01-17 a87dfe2 #21740 [BUGFIX] ENABLE_INSTALL_TOOL does not respect fileCreateMask (Dmitry Dulepov)
2012-01-15 b6a812c #31964 [BUGFIX] Fix permissions of downloaded translations into l10n folder (Michael Klapper)
2012-01-13 6f56274 #18545 [BUGFIX] Vague error message in t3lib_div (Dmitry Dulepov)
2012-01-12 28472e7 #32938 [BUGFIX] Link to mounted shortcut page lacks &MP parameter (Xavier Perseguers)
2012-01-08 be13748 #32970 [BUGFIX] Typo in Install Tool (Georg Ringer)
2011-12-24 52a4fa7 #32753 [TASK] Scheduler: Add "Add Task" button to header (Markus Klein)
2011-12-24 8e4d51b #32768 [BUGFIX] Reports are called twice (Philipp Gampe)
2011-12-21 1c480e2 #32573 [BUGFIX] locallangXMLOverride is broken since the switch to XLIFF (Lars Patrick Heß)
2011-12-20 91f4be6 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2011-12-20 c66f549 [TASK] Set TYPO3 version to 4.6.4-dev (TYPO3 v4 Release Team)
|
|
This is bug fix only release, no security fix.
2012-01-24 a9a1736 [RELEASE] Release of TYPO3 4.5.11 (TYPO3 v4 Release Team)
2012-01-24 75b26cf [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-01-24 80c03a0 #31771 [BUGFIX] typolink prepends wrong domain when using url scheme (Dmitry Dulepov)
2012-01-21 2edfa73 #32301 [BUGFIX] htmlArea RTE: magic image maxWidth is not working as expected (Stanislas Rolland)
2012-01-20 8f1bc21 #31763 [BUGFIX] htmlArea RTE : Adding link problem with IE (Stanislas Rolland)
2012-01-18 78ffa6a #28007 [BUGFIX] TCEmain::clear_cacheCmd relies on active BE_USER (Steffen Gebert)
2012-01-18 5d9ef81 #22328 [BUGFIX] md5.js fails with non-ascii-characters (Stefan Neufeind)
2012-01-17 8ea93c5 #32263 [BUGFIX] HTML entity is inserted before and after inline element (Stanislas Rolland)
2012-01-17 b1b7526 #32448 [BUGFIX] Module menu link wrap (Felix Kopp)
2012-01-14 b64c169 #31379 [BUGFIX] alt_doc.php uses deleted alternative page languages for translations (Marcus Krause)
2012-01-13 d6dbf87 #18545 [BUGFIX] Vague error message in t3lib_div (Dmitry Dulepov)
2012-01-08 2912a6c #32970 [BUGFIX] Typo in Install Tool (Georg Ringer)
2011-12-24 3896040 #32753 [TASK] Scheduler: Add "Add Task" button to header (Markus Klein)
2011-12-24 19fa973 #32768 [BUGFIX] Reports are called twice (Philipp Gampe)
2011-12-20 ae06430 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2011-12-20 e4e9928 [TASK] Set TYPO3 version to 4.5.11-dev (TYPO3 v4 Release Team)
|
|
Update Japanese and Slovenian language files.
|
|
Bump PKGREVISION of www/drupal and www/drupal6 to reflect this change.
|
|
and CVE-2012-0053 taken from Apache SVN repository.
|
|
1.0.2:
Bug Fixes
Fix bug in scheduling on POST request.
Fix permissions on user create via external auth.
Add a default min_age for external binds.
Other Changes
Prevent external binds from being created/updated if curl is missing.
Add check to setup page to test whether curl is installed.
Allow for silly programs that send content-type XML with a GET request.
Support use of HTTP_AUTHORIZATION in addition to AUTHORIZATION cgi.
Handle VCARD adr/tel/email which have multiple types.
Set the default URL to the default calendar name rather than /home/
Enable the file upload for addressbook collections.
Handle addressbook import along with calendar import.
Write UID and REV property n VCARD if they are missing.
Update translations to current transifex translations.
1.0.1:
Bug Fixes
Fix missing braces the /tools.php script.
Other Changes
Update translations to current transifex translations.
1.0.0:
Functionality Enhancements
Handle DELETE scheduling actions.
Bug Fixes
Handle bound resources correctly in sync-collection report.
When creating an external bind don't consider local host as external
Fix logic error in hide_TODO setting.
Make hide_alarm work on bound resources.
Correct bug in sync-collection report response.
Fix BIT24 casting for the LDAP driver.
Fix for MOVE into a bound location.
Correctly calculate the next alarm time.
Make sync-collection handle new format for sync token.
Don't allow a / in the UID to infect the path on import.
Fix propfind depth:1 on bind to external url
Correct handling of empty CardDAV:address-data element in request.
Fix handling of active flag for general external authentication mechanisms.
Fix LDAP user creation where memcached support is off.
Fix handling of numeric usernames.
Other Changes
Catch missing-xml in request separately from invalid-xml.
Add the "CardDAV" word into DAViCal's description.
Improve expand performance by only doing expansion if we know we need it.
Use supplied content_type even on zero-length requests.
Strip URL-unfriendly characters from UID before using it as URL segment.
Slightly more helpful 403 response.
Remove password from LDAP log messages.
Tooltips for schedule-deliver and schedule-send.
Current localisations from Transifex.
Update e-mail address to current one, mention wiki.
Force output buffers to be flushed, if they're turned on.
Update refresh-alarms script to newer style initialisation.
Update website to reflect new default calendar name.
Rationalise confidential event rewriting.
Add the $c->hide_alarms functionality into DAVResource class.
Allow LDAP sync to work if the date is reasonable and no 'format_updated' is set.
We don't need to test for the PostgreSQL non-PDO drivers now.
Switch out deprecated LDAP mappings before we use them anywhere.
Add test for PHP filter module and wiki links for each test.
External bind changes, added a clean up button, urls now show for external collections and added a few strings for translation
|
|
Fixed in 7.24.0 - January 24 2012
Release contains security-related bug fix
Changes:
* CURLOPT_QUOTE: SFTP supports the '*'-prefix now
* CURLOPT_DNS_SERVERS: set name servers if possible
* Add support for using nettle instead of gcrypt as gnutls backend
* CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes
* Added CURLOPT_ACCEPTTIMEOUT_MS
* configure: add symbols versioning option --enable-versioned-symbols
Bugfixes:
* curl was vulnerable to a data injection attack for certain protocols CVE-2012-0036
* curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
* SSL session share: move the age counter to the share object
* -J -O: use -O name if no Content-Disposition header comes!
* protocol_connect: show verbose connect and set connect time
* query-part: ignore the URI part for given protocols
* gnutls: only translate winsock errors for old versions
* POP3: fix end of body detection
* POP3: detect when LIST returns no mails
* TELNET: improved treatment of options
* configure: add support for pkg-config detection of libidn
* CyaSSL 2.0+ library initialization adjustment
* multi interface: only use non-NULL socker function pointer
* call opensocket callback properly for active FTP
* don't call close socket callback for sockets created with accept()
* differentiate better between host/proxy errors
* SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
* multi: handle timeouts on DNS servers by checking for new sockets
* CURLOPT_DNS_SERVERS: fix return code
* POP3: fixed escaped dot not being stripped out
* OpenSSL: check for the SSLv2 function in configure
* MakefileBuild: fix the static build
* create_conn: don't switch to HTTP protocol if tunneling is enabled
* multi interface: fix block when CONNECT_ONLY option is used
* Fix connection reuse for TLS upgraded connections
* multiple file upload with -F and custom type
* multi interface: active FTP connections are no longer blocking
* Android build fix
* timer: restore PRETRANSFER timing
* libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM
* appconnect time fixed for non-blocking connect ssl backends
* do not include SSL handshake into time spent waiting for 100-continue
* handle dns cache case insensitive
* use new host name casing for subsequent HTTP requests
* CURLOPT_RESOLVE: avoid adding already present host names
* SFTP mkdir: use correct permission
* resolve: don't leak pre-populated dns entries
* --retry: Retry transfers on timeout and DNS errors
* negotiate with SSPI backend: use the correct buffer for input
* SFTP dir: increase buffer size counter to avoid cut off file names
* TFTP: fix resending (again)
* c-ares: don't include getaddrinfo-using code
* FTP: CURLE_PARTIAL_FILE will not close the control channel
* win32-threaded-resolver: stop using a dummy socket
* OpenSSL: remove reference to openssl internal struct
* OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
* OpenSSL: fix PKCS#12 certificate parsing related memory leak
* OpenLDAP: fix LDAP connection phase memory leak
* Telnet: Use correct file descriptor for telnet upload
* Telnet: Remove bogus optimisation of telnet upload
* URL parse: user name with ipv6 numerical address
* polarssl: show cipher suite name correctly with 1.1.0
* polarssl: havege_rand is not present in version 1.1.0 WARNING, we still use the old API which is said to be
insecure
* gnutls: enforced use of SSLv3
|
|
Fixes build failure on NetBSD/amd64, reported by Dieter Roelants via private mail.
|
|
|
|
clisp.h requires libintl.h
|
|
Mon Jan 23 14:02:26 CET 2012
Fixed double-free if specified cipher was not valid (during
MHD_daemon_start). Releasing 0.9.18. -CG
Thu Jan 19 22:11:12 CET 2012
Switch to non-blocking sockets for all systems but Cygwin
(we already used non-blocking sockets for GNU/Linux); also
use non-blocking sockets on Cygwin for HTTPS as this is
required to avoid DoS-by-partial-record via gnutls. On
Cygwin, #1824 implies that we need to use blocking sockets
for HTTP on Cygwin for now. -CG
Thu Jan 19 17:46:05 CET 2012
Fixing use of uninitialized 'earliest_deadline' variable in
MHD_get_timeout which can lead to returning an incorrect
(too early) timeout (#2085). -tclaveirole
Thu Jan 19 13:31:27 CET 2012
Fixing digest authentication for GET requests with URI arguments
(#2059). -CG
Sat Jan 7 17:30:48 CET 2012
Digest authentication expects nonce count in base 16, not base 10
(#2061). -tclaveirole
Thu Jan 5 22:01:37 CET 2012
Partial fix for #2059, digest authentication with GET arguments. -CG
Thu Dec 1 15:22:57 CET 2011
Updated authorization_example.c to actually demonstrate the current
MHD API. -SG
Mon Nov 21 18:51:30 CET 2011
Added option to suppress generation of the 'Date:' header to be
used on embedded systems without RTC. Documented the new option
and the configure options. -CG
|
|
Bump PKGREVISIONs
|
|
* distutils pkg, register egg-info.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
* distutils pkg, register egg-info.
* while here, sort PLIST.
Bump PKGREVISION.
|
|
|
|
* distutils pkg, register egg-info.
Bump PKGREVISION.
|
|
|