| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
v1.6.3
Version 1.6.3
Bugfix release
- Add notification of maintenance mode to README. (#410)
- Fix generation of methods with abnormal page token conventions. (#338)
- Raise ValueError is credentials and developerKey are both specified. (#358)
- Re-generate documentation. (#364, #373, #401)
- Fix method signature documentation for multiline required parameters. (#374)
- Fix ZeroDivisionError in MediaDownloadProgress.progress. (#377)
- Fix dead link to WebTest in README. (#378)
- Fix details missing in googleapiclient.errors.HttpError. (#412)
- Don't treat httplib2.Credentials as oauth credentials. (#425)
- Various fixes to the Django sample. (#413)
|
|
Changelog:
Tomcat 7.0.81 (violetagg)
Catalina
fix Correct regression in 7.0.80 that broke WebDAV. (markt)
|
|
Changelog:
Tomcat 8.0.46 (violetagg)
Catalina
Fix: Additional permission for deleting files is granted to JULI as it is required by FileHandler when running under a Security Manager. The thread that cleans the log files is marked as daemon thread. (violetagg)
Fix: 61229: Correct a regression in 8.0.44 that broke WebDAV handling for resources with names that included a & character. (markt)
Fix: 61232: When log rotation is disabled only one separator will be used when generating the log file name. For example if the prefix is catalina. and the suffix is .log then the log file name will be catalina.log instead of catalina..log. Patch provided by Katya Stoycheva. (violetagg)
Fix: Performance improvements for service loader look-ups (and look-ups of other class loader resources) when the web application is deployed in a packed WAR file. (markt)
Fix: 61253: Add warn message when Digester.updateAttributes throws an exception instead of ignoring it. (csutherl)
Fix: 61313: Make the read timeout configurable in the JNDIRealm and ensure that a read timeout will result in an attempt to fail over to the alternateURL. Based on patches by Peter Maloney and Felix Schumacher. (markt)
Add: 61366: Add a new attribute, localDataSource, to the JDBCStore that allows the Store to be configured to use a DataSource defined by the web application rather than the default of using a globally defined DataSource. Patch provided by Jonathan Horowitz. (markt)
Coyote
Fix: 61086: Ensure to explicitly signal an empty request body for HTTP 205 responses. Additional fix to r1795278. Based on a patch provided by Alexandr Saperov. (violetagg)
Fix: 61322: Correct two regressions caused by the fix for 60319 when using BIO with an external Executor. Firstly, use the maxThreads setting from the Executor as the default for maxConnections if none is specified. Secondly, use maxThreads from the Executor when calculating the point at which to disable keep-alive. (markt)
Fix: Prevent exceptions being thrown during normal shutdown of NIO connections. This enables TLS connections to close cleanly. (markt)
Jasper
Add: 53031: Add support for the fork option when compiling JSPs with the Jasper Ant task and javac. (markt)
WebSocket
Add: 57767: Add support to the WebSocket client for following redirects when attempting to establish a WebSocket connection. Patch provided by J Fernandez. (markt)
Web applications
Fix: Remove references to the Loader attribute searchExternalFirst from the documentation since the attribute is no longer supported. (markt)
Fix: Correct the documentation for how StandardRoot is configured. (markt)
Other
Add: 52791: Add the ability to set the defaults used by the Windows installer from a configuration file. Patch provided by Sandra Madden. (markt)
|
|
6.17 2017-09-01 15:30:20Z
- Fix test which relied on cpan.org speaking plain HTTP GH#54 (Chase
Whitener)
|
|
5.07 2017-08-31
Release by Kent Fredric
[FIXES]
* Workaround more @INC issues with Module::Build and sudo RT#122199
|
|
|
|
|
|
|
|
|
|
2.3.22 (2017-07-20)
-------------------
New features
- [eas] initial EAS v16 and email drafts support
Enhancements
- [web] updated CKEditor to version 4.7.1
Bug fixes
- [web] use the organizer's alarm by default when accepting IMIP messages (#3934)
- [web] fixed forwarding mails with attachments containing slashes in file names
- [eas] don't include task folders if we hide them in SOGo (#4164)
- [core] not using cleaned data when sending mails (#4199)
- [core] don't update subscriptions when owner is not the active user (#3988)
- [core] enable S/MIME even when using GNU TLS (#4201)
- [core] silence verbose output for sogo-ealarms-notify (#4170)
|
|
* Sync with www/firefox-55.0.3
|
|
Changelog:
Fixed
Fix an issue with addons when using a path containing non-ascii characters (bug 1389160)
Fix file uploads to some websites, including YouTube (bug 1383518)
|
|
When using --url-alias with mod_wsgi-express and the target of the URL doesn’t exist, it will now be assumed that it will be a directory rather than a file, when finally created. This is to accomodate where may have used --setup-only option or setup-server command to pre-generate config files before the directory is created.
|
|
Bug fixes
|
|
Upstream changes:
0.02 2017-04-10
- Avoid relying on current working directory being in @INC
- Removed early release warning from documentation
- Changed Content-Disposition parser in eg/example.pl
|
|
Upstream changes:
0.21 2017-02-10T03:10:11Z
- rename flatten to psgi_flatten for fixing compatibility issue plack/plack#541
(kazeburo)
- Copy "content_is_text" method from HTTP::Headers
(nfg)
|
|
Fixes PR 52513 by David H. Gutteridge.
|
|
Add URL.normalize() method, which applies five normalizations from RFC 3986 (sections 2.3, 2.1, 3.2.2, 6.2.2.3, 6.2.3). See the docs for more details.
Enable URL.click() to accept a URL object as a target.
|
|
Bug fixes.
|
|
|
|
|
|
* moz.build: CONFIG['OS_TEST'] is apparently PCU, not MACHINE, so use
'powerpc' instead of the longish list of powerpc ports.
* xptcinvoke_asm_ppc_netbsd.s: adapt to use of NS_InvokeByIndex()
* xptcinvoke_ppc_netbsd.cpp: adapt to use of NS_InvokeByIndex()
* xptcstubs_ppc_netbsd.cpp: adapt in the direction of xptcstubs_ppc_linux.cpp;
this has apparently not been build-tested in a while.
The current stumbling block is the lack of 64-bit atomic operations.
No PKGREVISION bump as this is a partial build fix only for NetBSD/powerpc.
|
|
|
|
|
|
desired.
|
|
|
|
|
|
Bugfixes
- Athena will now time requests out client-side rather than waiting forever (up
to the browser timeout, at least) for a server response that may never come.
|
|
Ignore any invalidly formed query parameters for OrderingFilter.
Improve memory footprint when reading large JSON requests.
Fix schema generation for pagination.
Fix exception when HTML_CUTOFF is set to None.
Fix browsable API not supporting multipart/form-data correctly.
Fixed test_hyperlinked_related_lookup_url_encoded_exists.
Make sure max_length is in FileField kwargs.
Fix list_route & detail_route with kwargs contains curly bracket in url_path
Add Django manage command to create a DRF user Token.
Ensure API documentation templates do not check for user authentication
Fix special case where OneToOneField is also primary key.
Added aria-label and a new region for accessibility purposes in base.html
Quote nested API parameters in api.js.
Set ViewSet args/kwargs/request before dispatch.
Added unicode support to SlugField.
Fix HiddenField appears in Raw Data form initial content.
Raise validation error on invalid timezone parsing.
Fix SearchFilter to-many behavior/performance.
Simplified chained comparisons and minor code fixes.
RemoteUserAuthentication, docs, and tests.
Revert "Cached the field's root and context property"
Fix introspection of list field in schema.
Fix interactive docs for multiple nested and extra methods.
Fix/remove undefined template var "schema"
|
|
|
|
|
|
Upstream changes:
MediaWiki 1.29.1
Changes since 1.29.0
(T171197) Fix bundled extensions; SimpleAntiSpam and Vector (the extension) shouldn't have been included but were, and PdfHandler and SpamBlacklist should but weren't.
(T164999) mw.Upload.Dialog: Define .static.name
(T172061) refreshLinks.php: Fix fatal when using --category parameter
|
|
The following packages fail to build due to "." not being in @INC:
devel/p5-PPI-PowerToys
sysutils/p5-Monitoring-Plugin
textproc/p5-Text-Xslate
www/SpeedyCGI
Pass PERL_USE_UNSAFE_INC=1 through MAKE_ENV to allow the configure
and build to proceed.
This needs to be revisited when perl-5.30.0 is released and that
environment variable is removed from Perl.
|
|
|
|
|
|
new: prefix= kwarg now available on ApplicationSession.register for runtime method names
new: @wamp.register(None) will use the function-name as the URI
new: correlation and uri attributes for WAMP message tracing
|
|
Renamed :func:`~websockets.server.serve()` and :func:`~websockets.client.connect()`'s klass argument to create_protocol to reflect that it can also be a callable. For backwards compatibility, klass is still supported.
:func:`~websockets.server.serve` can be used as an asynchronous context manager on Python ≥ 3.5.
Added support for customizing handling of incoming connections with :meth:`~websockets.server.WebSocketServerProtocol.process_request()`.
Made read and write buffer sizes configurable.
Rewrote HTTP handling for simplicity and performance.
Added an optional C extension to speed up low level operations.
An invalid response status code during :func:`~websockets.client.connect` now raises :class:`~websockets.exceptions.InvalidStatusCode` with a code attribute.
|
|
- Improve HTTP request line validation:
* Improve HTTP version parsing
- Fix HTTP CONNECT method processing:
* Respond with ``405 Method Not Allowed`` if ``proxy_mode is False``
* Validate that request-target is in authority-form
- Improve tests in ``test.test_core``
- Fix EPROTOTYPE @ Mac OS
v5.8.2
- Fix 39 regression. Add HTTP request line check:
absolute URI path must start with a
forward slash ("/").
|
|
confusion-free.
Quickly write and share SQL queries for any Django app in a simple, usable SQL
editor, preview the results in the browser, share links to download CSV files,
and keep the information flowing!
Explorer values simplicity, intuitive use, unobtrusiveness, stability, and the
principle of least surprise.
Django SQL Explorer is inspired by any number of great query and reporting
tools out there.
|
|
|
|
|
|
supports unicode strings without a hassle.
|
|
- Bugfix: Handling case of `None` user in request (@pawelad).
- Documentation corrections (@danielquinn).
- Bugfix: "invalid literal for int() with base 10: 'None'" for unversioned admin inline relations.
If, after updating, you still experience this issue, run the following in a Django shell:
.. code::
from reversion.models import Version
Version.objects.filter(object_id="None").delete()
**Important:** Ensure that none of your versioned models contain a string primary key where `"None"` is a valid value
before running this snippet!
|
|
Fix build on FreeBSD after rev.14180
Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions.
Fix mgr query handoff from the original recipient to Coordinator.
Fix message packing error handling in mgr and snmp SMP Forwarders.
basic_ncsa_auth: fix hash listing wrap in man(8) page
Bug 4687: Wrong names of components in man page, section SEE ALSO
Bug 4112: ssl_engine does not accept cryptodev
Bug 4671 pt3: various GCC 7 compile errors
Replace new/delete operators using modern C++ rules.
Bug 4671 pt2: GCC 7: raise FTP Gateway CTRL channel buffer to 16KB
SourceFormat Enforcement
Bug 2833 pt3: Do not respond with HTTP/304 to unconditional requests
Bug 2833 pt2: Collapse internal revalidation requests (SMP-unaware caches), again.
|
|
lib: add nghttp2_rcbuf_is_static()
nghttpx: Fix bug that forwarded for is not affected by proxy protocol
nghttpx: Update mruby to 1.3.0
|
|
Upstream changes:
2017-04-07 Mattias Holmlund
Version 1.4
Fix tests when run without internet connectivity. Patch by Mike Parker.
Fixes https://rt.cpan.org/Ticket/Display.html?id=120584
2017-03-11 Mattias Holmlund
Version 1.3
Added missing Changes entry for version 1.2. No other changes.
2017-03-07 Mattias Holmlund
Version 1.2
Add X-No-Server-Contact header when the content returned has been
delivered without any contact with the external server
|
|
Upstream changes:
0.17 2017-06-27 14:03:47+01:00 Europe/London
0.16 2017-06-25 20:30:15+01:00 Europe/London (TRIAL RELEASE)
- Add missing testing prereqs (github pr#9 paultcochrane)
- Extend list of Perls in Travis config (github pr#10 paultcochrane)
- Avoid pod-spell test failure from ABSTRACT text (github pr#11 paultcochrane)
- Minor documentation fixes (github pr#12 paultcochrane)
- Purge trailing whitespace in Travis config (github pr#13 paultcochrane)
- Fix perlcritic issues (github pr#14 paultcochrane)
- Fix stale URLs (github pr#15 paultcochrane)
- Remove invalid end tags for empty elements (RT120384)
(github pr#16 paultcochrane)
- Rework Dist::Zilla config to be more portable
|
|
|
|
* Sync with www/firefox-52.3.0
|
|
Changelog:
#CVE-2017-7798: XUL injection in the style editor in devtools
Reporter
Frederik Braun
Impact
critical
Description
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool.
References
Bug 1371586, 1372112
#CVE-2017-7800: Use-after-free in WebSockets during disconnection
Reporter
Looben Yang
Impact
critical
Description
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
References
Bug 1374047
#CVE-2017-7801: Use-after-free with marquee during window resizing
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
References
Bug 1371259
#CVE-2017-7809: Use-after-free while deleting attached editor DOM node
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
References
Bug 1380284
#CVE-2017-7784: Use-after-free with image observers
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
References
Bug 1376087
#CVE-2017-7802: Use-after-free resizing image elements
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
References
Bug 1378147
#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.
References
Bug 1356985
#CVE-2017-7786: Buffer overflow while painting non-displayable SVG
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
References
Bug 1365189
#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
Reporter
SkyLined
Impact
high
Description
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.
References
Bug 1353312
#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
Reporter
Oliver Wagner
Impact
high
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
References
Bug 1322896
#CVE-2017-7807: Domain hijacking through AppCache fallback
Reporter
Mathias Karlsson
Impact
high
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
References
Bug 1376459
#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
Reporter
Fraser Tweedale
Impact
high
Description
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.
References
Bug 1368652
#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
Reporter
Stephen Fewer
Impact
high
Description
The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1372849
#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
Reporter
Jose MarÃa Acuña
Impact
moderate
Description
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
References
Bug 1365875
#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
Reporter
Arthur Edelstein
Impact
moderate
Description
An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP his attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1344034
#CVE-2017-7803: CSP containing 'sandbox' improperly applied
Reporter
Rhys Enniks
Impact
moderate
Description
When a pageâer directives are ignored. This results in the incorrect enforcement of CSP.
References
Bug 1377426
#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Reporter
Mozilla developers and community
Impact
critical
Descrlla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
|
