Age | Commit message (Collapse) | Author | Files | Lines |
|
Unicorn is an HTTP server for Rack applications designed to only serve
fast clients on low-latency, high-bandwidth connections and take
advantage of features in Unix/Unix-like kernels. Slow clients should
only be served by placing a reverse proxy capable of fully buffering
both the the request and response in between Unicorn and slow clients.
|
|
Raindrops is a real-time stats toolkit to show statistics for Rack HTTP
servers. It is designed for preforking servers such as Rainbows! and
Unicorn, but should support any Rack HTTP server under Ruby 1.9, 1.8
and Rubinius on platforms supporting POSIX shared memory. It may also
be used as a generic scoreboard for sharing atomic counters across
multiple processes.
|
|
Patch from awstat's CVS repo.
|
|
* Bugfixes
* Some improvements.
* Add Report function.
See: http://code.google.com/p/aipo/wiki/ReleaseNote6030 (written in Japanese)
|
|
Changelog:
* Improvements.
* Bugfixes
|
|
|
|
changes: bugfixes
|
|
* mdwn: Added nodiscount setting, which can be used to avoid using the
markdown discount engine, when maximum compatability is needed.
* Switch to YAML::XS to work around insanity in YAML::Mo. Closes: #657533
* cvs: Ensure text files are added in non-binary mode. (Amitai Schlair)
* cvs: Various cleanups and testing. (Amitai Schlair)
* calendar: Fix strftime encoding bug.
* shortcuts: Fixed a broken shortcut to wikipedia (accidentially
made into a shortcut to wikiMedia).
* Various portability improvements. (Amitai Schlair)
|
|
|
|
|
|
|
|
Drupal 7.11, 2012-02-01
----------------------
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-001.
|
|
Drupal 6.23, 2012-02-01
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2012-001.
|
|
- SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]
- SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
- SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations.
[Joe Orton]
- SECURITY: CVE-2012-0021 (cve.mitre.org)
mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
string is in use and a client sends a nameless, valueless cookie, causing
a denial of service. The issue existed since version 2.2.17. Bug#52256.
[Rainer Canavan <rainer-apache 7val com>]
- SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
- SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose "httpOnly" cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
- mod_proxy_ajp: Try to prevent a single long request from marking a worker
in error. [Jean-Frederic Clere]
- config: Update the default mod_ssl configuration: Disable SSLv2, only
allow >= 128bit ciphers, add commented example for speed optimized cipher
list, limit MSIE workaround to MSIE <= 5. [Kaspar Brand]
- core: Fix segfault in ap_send_interim_response(). Bug#52315.
[Stefan Fritsch]
- mod_log_config: Prevent segfault. Bug#50861. [Torsten Foertsch
<torsten.foertsch gmx.net>]
- mod_win32: Invert logic for env var UTF-8 fixing.
Now we exclude a list of vars which we know for sure they dont hold UTF-8
chars; all other vars will be fixed. This has the benefit that now also
all vars from 3rd-party modules will be fixed. Bug#13029 / 34985.
[Guenter Knauf]
- core: Fix hook sorting for Perl modules, a regression introduced in
2.2.21. Bug#45076. [Torsten Foertsch <torsten foertsch gmx net>]
- Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
A range of '0-' will now return 206 instead of 200. Bug#51878.
[Jim Jagielski]
- Example configuration: Fix entry for MaxRanges (use "unlimited" instead
of "0"). [Rainer Jung]
- mod_substitute: Fix buffer overrun. [Ruediger Pluem, Rainer Jung]
Please note that all the security fixes had been integrated into
"pkgsrc" as patches previously.
|
|
|
|
Changes:
0.16 24 Jan 2012
- Remove superfluous call to ->setup in test app
0.15 18 Jan 2012
- Moose-ified to fix https://rt.cpan.org/Ticket/Display.html?id=74132 (karpet)
0.14 18 Nov 2010
- Added "page_size" config option per RT #62335 (karpet)
|
|
Changelog:
0.32 2011-06-08
- Fix handling with enables verify_address and add related test
0.31 2010-10-08
- Fix session being loaded by call to dump_these in debug mode
(RT#58856)
|
|
Changelog:
1.36 2011-10-24 17:58:00
- New apps send an X-Catalyst header by default (this can be
disabled by changing the config in the generated app)
- Fix leaking temporary files in tests. RT#59166
- Fix generated Makefile.PL to always contain unix style paths,
even on Win32. RT#65456
- Fix tests generated for controllers generated with --mechanize
to work with newer versions of Test::WWW::Mechanize::Catalyst
- bump Module::Install dep to 1.02
- Removed stderr hiding from 'make catalyst_par' to display errors
from PAR::Packer
1.35 2011-09-05 13:05:00
- Stop requiring Starman and MooseX::Daemonize on Win32 as they're
optional components in Catalyst::Runtime and won't install
on Windows.
- Fix test to work on Windows.
|
|
This is bug fix only release, no security fix.
2012-01-24 4b9667e [RELEASE] Release of TYPO3 4.6.4 (TYPO3 v4 Release Team)
2012-01-24 6f1ed57 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-01-24 ccd2ebe #31771 [BUGFIX] typolink prepends wrong domain when using url scheme (Dmitry Dulepov)
2012-01-22 a0da123 #33227 [BUGFIX] Regression in language handling (Nils Seinschedt)
2012-01-21 f4b46a1 #32301 [BUGFIX] htmlArea RTE: magic image maxWidth is not working as expected (Stanislas Rolland)
2012-01-20 73acbc1 #31763 [BUGFIX] htmlArea RTE : Adding link problem with IE (Stanislas Rolland)
2012-01-19 b3963b5 #32109 [BUGFIX] PHP warning if open_basedir is enabled (Dmitry Dulepov)
2012-01-18 416dd48 #28007 [BUGFIX] TCEmain::clear_cacheCmd relies on active BE_USER (Steffen Gebert)
2012-01-18 12f76a2 #32374 [BUGFIX] MENU special = updated does not work anymore (Xavier Perseguers)
2012-01-17 4d817e2 #32986 [BUGFIX] Usage of custom caching backends (Michael Klapper)
2012-01-17 6aefbba #32263 [BUGFIX] HTML entity is inserted before and after inline element (Stanislas Rolland)
2012-01-17 74b7a95 #32448 [BUGFIX] Module menu link wrap (Felix Kopp)
2012-01-17 a87dfe2 #21740 [BUGFIX] ENABLE_INSTALL_TOOL does not respect fileCreateMask (Dmitry Dulepov)
2012-01-15 b6a812c #31964 [BUGFIX] Fix permissions of downloaded translations into l10n folder (Michael Klapper)
2012-01-13 6f56274 #18545 [BUGFIX] Vague error message in t3lib_div (Dmitry Dulepov)
2012-01-12 28472e7 #32938 [BUGFIX] Link to mounted shortcut page lacks &MP parameter (Xavier Perseguers)
2012-01-08 be13748 #32970 [BUGFIX] Typo in Install Tool (Georg Ringer)
2011-12-24 52a4fa7 #32753 [TASK] Scheduler: Add "Add Task" button to header (Markus Klein)
2011-12-24 8e4d51b #32768 [BUGFIX] Reports are called twice (Philipp Gampe)
2011-12-21 1c480e2 #32573 [BUGFIX] locallangXMLOverride is broken since the switch to XLIFF (Lars Patrick Heß)
2011-12-20 91f4be6 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2011-12-20 c66f549 [TASK] Set TYPO3 version to 4.6.4-dev (TYPO3 v4 Release Team)
|
|
This is bug fix only release, no security fix.
2012-01-24 a9a1736 [RELEASE] Release of TYPO3 4.5.11 (TYPO3 v4 Release Team)
2012-01-24 75b26cf [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-01-24 80c03a0 #31771 [BUGFIX] typolink prepends wrong domain when using url scheme (Dmitry Dulepov)
2012-01-21 2edfa73 #32301 [BUGFIX] htmlArea RTE: magic image maxWidth is not working as expected (Stanislas Rolland)
2012-01-20 8f1bc21 #31763 [BUGFIX] htmlArea RTE : Adding link problem with IE (Stanislas Rolland)
2012-01-18 78ffa6a #28007 [BUGFIX] TCEmain::clear_cacheCmd relies on active BE_USER (Steffen Gebert)
2012-01-18 5d9ef81 #22328 [BUGFIX] md5.js fails with non-ascii-characters (Stefan Neufeind)
2012-01-17 8ea93c5 #32263 [BUGFIX] HTML entity is inserted before and after inline element (Stanislas Rolland)
2012-01-17 b1b7526 #32448 [BUGFIX] Module menu link wrap (Felix Kopp)
2012-01-14 b64c169 #31379 [BUGFIX] alt_doc.php uses deleted alternative page languages for translations (Marcus Krause)
2012-01-13 d6dbf87 #18545 [BUGFIX] Vague error message in t3lib_div (Dmitry Dulepov)
2012-01-08 2912a6c #32970 [BUGFIX] Typo in Install Tool (Georg Ringer)
2011-12-24 3896040 #32753 [TASK] Scheduler: Add "Add Task" button to header (Markus Klein)
2011-12-24 19fa973 #32768 [BUGFIX] Reports are called twice (Philipp Gampe)
2011-12-20 ae06430 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2011-12-20 e4e9928 [TASK] Set TYPO3 version to 4.5.11-dev (TYPO3 v4 Release Team)
|
|
Update Japanese and Slovenian language files.
|
|
Bump PKGREVISION of www/drupal and www/drupal6 to reflect this change.
|
|
and CVE-2012-0053 taken from Apache SVN repository.
|
|
1.0.2:
Bug Fixes
Fix bug in scheduling on POST request.
Fix permissions on user create via external auth.
Add a default min_age for external binds.
Other Changes
Prevent external binds from being created/updated if curl is missing.
Add check to setup page to test whether curl is installed.
Allow for silly programs that send content-type XML with a GET request.
Support use of HTTP_AUTHORIZATION in addition to AUTHORIZATION cgi.
Handle VCARD adr/tel/email which have multiple types.
Set the default URL to the default calendar name rather than /home/
Enable the file upload for addressbook collections.
Handle addressbook import along with calendar import.
Write UID and REV property n VCARD if they are missing.
Update translations to current transifex translations.
1.0.1:
Bug Fixes
Fix missing braces the /tools.php script.
Other Changes
Update translations to current transifex translations.
1.0.0:
Functionality Enhancements
Handle DELETE scheduling actions.
Bug Fixes
Handle bound resources correctly in sync-collection report.
When creating an external bind don't consider local host as external
Fix logic error in hide_TODO setting.
Make hide_alarm work on bound resources.
Correct bug in sync-collection report response.
Fix BIT24 casting for the LDAP driver.
Fix for MOVE into a bound location.
Correctly calculate the next alarm time.
Make sync-collection handle new format for sync token.
Don't allow a / in the UID to infect the path on import.
Fix propfind depth:1 on bind to external url
Correct handling of empty CardDAV:address-data element in request.
Fix handling of active flag for general external authentication mechanisms.
Fix LDAP user creation where memcached support is off.
Fix handling of numeric usernames.
Other Changes
Catch missing-xml in request separately from invalid-xml.
Add the "CardDAV" word into DAViCal's description.
Improve expand performance by only doing expansion if we know we need it.
Use supplied content_type even on zero-length requests.
Strip URL-unfriendly characters from UID before using it as URL segment.
Slightly more helpful 403 response.
Remove password from LDAP log messages.
Tooltips for schedule-deliver and schedule-send.
Current localisations from Transifex.
Update e-mail address to current one, mention wiki.
Force output buffers to be flushed, if they're turned on.
Update refresh-alarms script to newer style initialisation.
Update website to reflect new default calendar name.
Rationalise confidential event rewriting.
Add the $c->hide_alarms functionality into DAVResource class.
Allow LDAP sync to work if the date is reasonable and no 'format_updated' is set.
We don't need to test for the PostgreSQL non-PDO drivers now.
Switch out deprecated LDAP mappings before we use them anywhere.
Add test for PHP filter module and wiki links for each test.
External bind changes, added a clean up button, urls now show for external collections and added a few strings for translation
|
|
Fixed in 7.24.0 - January 24 2012
Release contains security-related bug fix
Changes:
* CURLOPT_QUOTE: SFTP supports the '*'-prefix now
* CURLOPT_DNS_SERVERS: set name servers if possible
* Add support for using nettle instead of gcrypt as gnutls backend
* CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes
* Added CURLOPT_ACCEPTTIMEOUT_MS
* configure: add symbols versioning option --enable-versioned-symbols
Bugfixes:
* curl was vulnerable to a data injection attack for certain protocols CVE-2012-0036
* curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
* SSL session share: move the age counter to the share object
* -J -O: use -O name if no Content-Disposition header comes!
* protocol_connect: show verbose connect and set connect time
* query-part: ignore the URI part for given protocols
* gnutls: only translate winsock errors for old versions
* POP3: fix end of body detection
* POP3: detect when LIST returns no mails
* TELNET: improved treatment of options
* configure: add support for pkg-config detection of libidn
* CyaSSL 2.0+ library initialization adjustment
* multi interface: only use non-NULL socker function pointer
* call opensocket callback properly for active FTP
* don't call close socket callback for sockets created with accept()
* differentiate better between host/proxy errors
* SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
* multi: handle timeouts on DNS servers by checking for new sockets
* CURLOPT_DNS_SERVERS: fix return code
* POP3: fixed escaped dot not being stripped out
* OpenSSL: check for the SSLv2 function in configure
* MakefileBuild: fix the static build
* create_conn: don't switch to HTTP protocol if tunneling is enabled
* multi interface: fix block when CONNECT_ONLY option is used
* Fix connection reuse for TLS upgraded connections
* multiple file upload with -F and custom type
* multi interface: active FTP connections are no longer blocking
* Android build fix
* timer: restore PRETRANSFER timing
* libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM
* appconnect time fixed for non-blocking connect ssl backends
* do not include SSL handshake into time spent waiting for 100-continue
* handle dns cache case insensitive
* use new host name casing for subsequent HTTP requests
* CURLOPT_RESOLVE: avoid adding already present host names
* SFTP mkdir: use correct permission
* resolve: don't leak pre-populated dns entries
* --retry: Retry transfers on timeout and DNS errors
* negotiate with SSPI backend: use the correct buffer for input
* SFTP dir: increase buffer size counter to avoid cut off file names
* TFTP: fix resending (again)
* c-ares: don't include getaddrinfo-using code
* FTP: CURLE_PARTIAL_FILE will not close the control channel
* win32-threaded-resolver: stop using a dummy socket
* OpenSSL: remove reference to openssl internal struct
* OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
* OpenSSL: fix PKCS#12 certificate parsing related memory leak
* OpenLDAP: fix LDAP connection phase memory leak
* Telnet: Use correct file descriptor for telnet upload
* Telnet: Remove bogus optimisation of telnet upload
* URL parse: user name with ipv6 numerical address
* polarssl: show cipher suite name correctly with 1.1.0
* polarssl: havege_rand is not present in version 1.1.0 WARNING, we still use the old API which is said to be
insecure
* gnutls: enforced use of SSLv3
|
|
Fixes build failure on NetBSD/amd64, reported by Dieter Roelants via private mail.
|
|
|
|
clisp.h requires libintl.h
|
|
Mon Jan 23 14:02:26 CET 2012
Fixed double-free if specified cipher was not valid (during
MHD_daemon_start). Releasing 0.9.18. -CG
Thu Jan 19 22:11:12 CET 2012
Switch to non-blocking sockets for all systems but Cygwin
(we already used non-blocking sockets for GNU/Linux); also
use non-blocking sockets on Cygwin for HTTPS as this is
required to avoid DoS-by-partial-record via gnutls. On
Cygwin, #1824 implies that we need to use blocking sockets
for HTTP on Cygwin for now. -CG
Thu Jan 19 17:46:05 CET 2012
Fixing use of uninitialized 'earliest_deadline' variable in
MHD_get_timeout which can lead to returning an incorrect
(too early) timeout (#2085). -tclaveirole
Thu Jan 19 13:31:27 CET 2012
Fixing digest authentication for GET requests with URI arguments
(#2059). -CG
Sat Jan 7 17:30:48 CET 2012
Digest authentication expects nonce count in base 16, not base 10
(#2061). -tclaveirole
Thu Jan 5 22:01:37 CET 2012
Partial fix for #2059, digest authentication with GET arguments. -CG
Thu Dec 1 15:22:57 CET 2011
Updated authorization_example.c to actually demonstrate the current
MHD API. -SG
Mon Nov 21 18:51:30 CET 2011
Added option to suppress generation of the 'Date:' header to be
used on embedded systems without RTC. Documented the new option
and the configure options. -CG
|
|
Bump PKGREVISIONs
|
|
* distutils pkg, register egg-info.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
* distutils pkg, register egg-info.
* while here, sort PLIST.
Bump PKGREVISION.
|
|
|
|
* distutils pkg, register egg-info.
Bump PKGREVISION.
|
|
|
|
|
|
Bump PKGREVISION.
|
|
|
|
* no compiler languages is required to build.
* `/usr/bin/env python' shebang are also be handled with REPLACE_PYTHON.
* distutils pkg, register egg-info.
* add an patch for python27, from upstream repo.
Bump PKGREVISION.
|
|
|
|
in the literal copy. The original is just too bogus. Bump revision.
|
|
ChangeLog:
0.44 Mon Apr 4 16:59:59 EST 2011
* Fix tests to run in a FreeBSD Jail - Tom Hukins [rt.cpan.org #49807]
|
|
ChangeLog:
v0.46 (released 2012/01/11):
* improvements
HTTP::DAV should now be working with more WebDAV servers.
We are more flexible in what content types we consider to be XML.
Thanks Ron1 and Adam for the feedback and patches.
v0.45 (released 2011/09/18):
* bug fixes
- Fixed RT #69439 (http://rt.cpan.org/Public/Bug/Display.html?id=69439),
insecure /tmp files handling in dave client.
* improvements
- Added -tmpdir option to dave client.
- Reorganized distribution layout to match usual CPAN practice
- Removed remains of svn-era ($Id and such...)
v0.44 (released 2011/06/19):
* bug fixes
- Fixed RT #68936 (http://rt.cpan.org/Public/Bug/Display.html?id=68936),
Fixed errors() method that would bomb out when the "_errors" attribute
wasn't initialized. Thanks to Michael Lackoff for reporting.
v0.43 (released 2011/04/12):
* bug fixes
- Fixed RT #38677 (http://rt.cpan.org/Public/Bug/Display.html?id=38677),
Intercept correctly 405 (Method now allowed) errors and report them
to the clients.
v0.42 (released 2010/11/07):
* bug fixes
- Fixed RT #60457 (http://rt.cpan.org/Public/Bug/Display.html?id=60457),
Added and documented possibility to pass your own custom HTTP headers.
- Fixed errors in the code examples in the synopsis.
|
|
|
|
ChangeLog:
0.15
* Add additional methods to better match
HTML::TreeBuilder::XPath::Node API:
- exists($xpath)
- find($elem_name)
- findvalues($xpath)
- findnodes_as_string($xpath)
- findnodes_as_strings($xpath)
(genehack)
0.14
* added workaround for Web::Scraper 0.36
(tokuhirom)
|
|
updated to 0.14
ChangeLog:
0.14 Mon Jan 16 22:00:00 GMT 2012
- Also allow single quotes in attribute expressions,
as seems to be allowed
per http://www.w3.org/TR/CSS2/syndata.html
0.13 Sun Jan 15 18:52:00 GMT 2012
- Added C<prefix> option to add a prefix like C<xhtml>,
contributed by Toby Inkster
This closes RT #73719
0.12 Thu Nov 24 22:13:00 GMT 2011
- Add tests and fix negated selectors as reported
by Nilson Santos Figueiredo Junior
|
|
ChangeLog:
0.09 2011-04-01 16:35:50 Europe/London
- Basic conversion to Dist::Zilla/git
- Tidies to keep Perl::Critic happier
- Removed use of naked filehandles
- Reworked tests to not use predicable temp file name
- Collapsed duplicate code to a single version
- Various documentation tweaks
- Change of maintainer as PODMASTER cannot be contacted
|