| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Sync with firefox38-38.4.0
|
|
Changelog:
Fixed in Firefox ESR 38.4
2015-133 NSS and NSPR memory corruption issues
2015-132 Mixed content WebSocket policy bypass through workers
2015-131 Vulnerabilities found through code inspection
2015-130 JavaScript garbage collection crash with Java applet
2015-128 Memory corruption in libjar through zip files
2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
2015-123 Buffer overflow during image interactions in canvas
2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
|
|
|
|
|
|
* Sync with firefox-42.0
|
|
Changelog:
New Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
New Control Center that contains site security and privacy controls
New Indicator added to tabs that play audio with one-click muting
New WebRTC improvements:
IPV6 support
Preferences for controlling ICE candidate generation and IP exposure
Hooks for extensions to allow/deny createOffer/Answer
Improved ability for applications to monitor and control which devices are used in getUserMedia
New Login Manager improvements:
Improved heuristics to save usernames and passwords
Edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu
Migration imports your passwords to Firefox from Google Chrome for Windows and Internet Explorer; import anytime from the Login Manager
Changed Improved performance on interactive websites that trigger a lot of restyles
HTML5 Media Source Extension for HTML5 video available for all sites
HTML5 Support ImageBitmap and createImageBitmap()
HTML5 Implemented ES6 Reflect
Developer Ability to save filter presets inside CSS Filter Tooltip
Developer CSS filter presets in the Inspector
Developer Configurable Firefox OS Simulator in WebIDE, to simulate reference devices like phones, tablets, even TVs
Developer Asynchronous call stacks now allow web developers to follow the code flow through setTimeout, DOM event handlers, and Promise handlers.
Developer Remote website debugging over WiFi (no USB cable or ADB needed)
Developer View HTML source in a tab
|
|
Changelog:
Version 8.2.0 October 20th 2015
Major new ownCloud release, more info in announcement blog. Summary:
Updated design
New sidebar
Rewritten Gallery app
Updated text editor
Notifications
Policy for retaining deleted files and file versions
Encrypt/decrypt commands
Many additions to occ command tool for admins
Improved mime type handling
Security Hardening
ownCloud API work: Modular Authentication support, Capabilities Manager and Query Builder and more
Many small improvements
|
|
|
|
Upstream changes:
2.44 2015-03-11 NEILB
- Switched to Dist::Zilla
|
|
Upstream changes:
v0.48 (released 2015/03/26):
* bug fixes
"RT#103126", fixed faulty code to add trailing slash to URLs.
|
|
Upstream changes:
0.30 2015/05/30
* Allow max_redirect or max_redirects, to be consistent with LWP::UserAgent
Thanks Vincent Lequertier (SkySymbol)!
0.29 2015/05/30
* Make add_with_opts throw error on invalid options
Thanks Tom Grimwood-Taylor (tgt)!
0.28 2015/03/09
* Allow manual override of PeerAddr via peer_addr (rt #102634)
* Switch from print() to note() in TestServer for test suite
|
|
Upstream changes:
6.27 2015-10-29
- Updated HTML5 entities in Mojo::Util.
- Improved Mojo::Server::Prefork to log if the process id file could not be
created.
6.26 2015-10-28
- Renamed built-in templates with more descriptive names.
- Added warmup method to Mojolicious::Renderer and Mojolicious::Static.
|
|
Version 2.1
-----------
Released on October 23rd 2015, codename Caesium
- Table names are automatically generated in more cases, including
subclassing mixins and abstract models.
- Allow using a custom MetaData object.
- Add support for binds parameter to session.
|
|
|
|
In order to get rid of GCC_REQD disable IndexedDB support and
WebKitDatabaseProcess (that needs IndexedDB). Both were not present in
webkit-gtk<2.10.
Bump PKGREVISION.
|
|
|
|
v0.5.11
Add fake theme for built-in icons
* Don't truncate long speed dial titles if there's room to display them
Fix warnings for -Wformat-security
Ensure vala knows the prototypes of functions it calls, fixing pointer truncation in tests
Add unit test to check appmenu/menubar visibility
Fix last known GTK2 entry placeholder text bugs
Make sure that only one of appmenu and menubar are visible *initially* as well as when changed
Move adblock icons to hicolor
Limit bookmarks panel callbacks to the lifetime of the panel to fix a crash
Fix fallout (broken bookmarks and history panel search) from tweaks to GTK2 entry placeholder
fix property binding to ensure that exactly one of appmenu button and menubar is always visible
Skip open-with codepath with abp links, they are internal
Use find_file to locate execinfo.h
Fix middle/ctrl/normal clicking bookmarks (not folders) in the bookmarkbar.
Add copright header to sanitize_bar.sh
Adblock fixup: Escape . in filter with \
Don't shadow variable uri in midori_browser_save_uri
Switch Adblock icons to 24px color
Always include app menu in toolbar
Fix various mis[sing ]annotations and style issues in GIR
Compile typelib from gir
Fix assert when resetting webapp state after inactivity reset
clean up handling of double-valued db column in Tabby
Add a comment to explain MidoriBrowser popup callback
fix warnings printed when right-clicking resize grip between location and search entries
Win32: Use Dr. MinGW if present to preserve crash info
Fix menubar warning caused by direct cast instead of `as`
Helper script for setting up bzr with some usefull plugins and settings
Stop using Gtk.Entry.max_width_chars
avoid deprecated SoupServer API with libsoup 2.48
Use unowned in foreach loops in Midori.Window
Use unowned in foreach loops in Midori.Completion
Use unowned with Adblock.Subscription and Element in foreach loops
Use unowned strings in foreach loops
Enable openWith in app mode and make it work with view-new
Implement Midori.Window class with toolbar/ headerbar
Drop support for libsoup-gnome-2.4 < 2.37.1
Make search icons for engines work correctly
Move to WebKit2 4.0 which broke ABI
Port to zeitgeist-2.0
win32: Bump shipped GrayBird theme version to fix some rendering issues
avoid deprecated GtkDialog API with GTK+2 >= 2.22
Title case for "Export Certificate" button
fix incorrect type of MAX(sorting) in Tabby
v0.5.10
use exit instead of return in license script
Fix HAVE_GCR guards after GtkPopover port
Remove example app and .desktop before creating it in the unit test
Fix cache dir path in Adblock and always mkdir tmp
Port location action from Granite.PopOver to Gtk.Popover
Match https site when user-style is using domain syntax
Always disable developer tools on Win32
Reimplement Midori.URI.unescape and add various tests
Make the inspector resizable with GTK3 by packing into a GtkScrolledWindow
Don't build tabs2one in release builds
Don't assume GNotification works on Win32
update copyright date in About dialog
Don't entity-escape history and bookmark results in location completion
Only set tabs' error state if errors come from the main frame
Implement Paste and Proceed as an action
No Gcr on Win for the moment
Yet another Speed Dial CSS update:
Port bookmark popover from Granite to Gtk.Popover
Make application choosers resizable with a sane default size
Use GNotification >= 2.40 and use Midori.App API in webmedia
Rework mouse button handling in KatzeArrayAction
Don't bind :day in HistoryDatabase.query
Make GCR mandatory for all builds
Update coub support in mediaHerald
history-list: Fix gtk+3 build caused by dropping "using Gtk;"
Drop all remaining usages of "using *;"
Don't open search engines menu when clearing search action
Only remove apps in the sidepanel when left-clicking the delete icon
Improve robustness of GTK3-compatibility placeholder text fallback
Clean up vapi dependency
tls_flags from webkit_web_view_get_tls_info need to be 0
Don't add failed pages to history
Throw error for wrong paramter in Statement.bind
Replace NoJS "allow all pages" setting with "allow local pages"
Avoid bugs due to race condition in addons delete dialog
Calculate transfer progress at regular intervals to fix 0B/s bug and recalcitrant progess bars
Fix warnings occurring with EXTRA_WARNINGS
Escape parentheses in adblock_fixup_regexp()
Use File.query_exist() on win32 when checking for db to attach
Handle _NEW_WINDOW_ACTION explicitly to make _blank targets work
Fix undefined behavior uint in mouse gestures
fix JavaScript keyup event by calling inherited key-release-event handler in MidoriBrowser
Inline renaming of speed dials
Handle current_size and last_size of Download being equal
Add proper copyright headers to element_hider and autosuggestcontrol
Add X-GNOME-UsesNotifications to indicate the use of notifications
Fix typo in Bookmarks menu UI definition
|
|
|
|
Changes:
=================
WebKitGTK+ 2.10.2
=================
What's new in WebKitGTK+ 2.10.2?
- Fix a regression introduced in 2.10.1 that disabled accelerated
compositing.
- Fix build with cmake 3.4.
=================
WebKitGTK+ 2.10.1
=================
What's new in WebKitGTK+ 2.10.1?
- Fix rendering of accelerated content in HiDPI screens.
- Fix several media controls rendering issues.
- Fix rendering of progress element with recent versions of GTK+.
- Add and update some web inspector icons.
- Correctly handle websites sending an invalid auth header.
- Fix a crash when creating the UI process backing store in Wayland.
- Fix the build with spellchecker disabled.
- Fix the build with touch events disabled.
- Fix the build with OpenGL disabled.
- Several build fixes on Mac OSX.
- Fix several crashes and rendering issues.
|
|
pkgsrc changes:
- use private Linux npviewer.bin binaries built by me (tsutsui@) on
openSUSE 12.1 on 32 bit (i386) and 64 bit (x86_64) on VirtualBox
- enable EMUL_PLATFORMS=linux-x86_64 using the native 64 bit Linux
npviewer.bin binary, which allows using 64 bit native adobe-flash-plugin
on NetBSD/amd64 hosts
- also explicitly set EMUL_REQD= suse>=12.1 (NetBSD 6.x can use it anyway)
- tweak some pkgsrc ${PREFIX}
- update HOMEPAGE
- take maintainership
Note:
- major Linux distributions provided nspluginwrapper binaries to use
the 32 bit plugin binaries without sources on their 64 bit systems,
so there is no 64 bit wrapper binary (npviewer.bin) to use native 64 bit
plugin binaries on other systems (like NetBSD) via binary emulation
- nowadays adobe provides 64 bit native adobe-flash-plugin11 binaries
and NPAPI plugins are being deprecated by vendors, so I guess there is
very few motivation to update nspluginwrapper project for Linux people
http://nspluginwrapper.org/why.html
- Linux binaries in distfiles are built with following changes to
make npviewer.bin works on non-Linux hosts:
- configure with the following options, to enable "generic" RPC calls
(The default Linux native binaries use their specific "anonymous socket")
- for i386:
% ./configure --enable-generic
- for x86_64:
% ./configure --target-cpu=x86_64 --disable-biarch --enable-generic --enable-viewer --enable-player
- disable USE_NPIDENTIFIER_CACHE in npviewer (as patch-src_npw-viewer.c),
which doesn't seems tested with the "generic" RPC interfaces
OK from abs@, and no particular objection to PR pkg/49705 and pkgsrc-users@.
Also thanks to Onno van der Linden for his first analysis about
newer nspluginwrapper APIs in PR pkg/47208.
Upstream changes (in NEWS file):
Version 1.4.4 - 30.Jun.2011
* Fix crash in some cases when the number of watched file descriptors decreases
Version 1.4.2 - 04.Jun.2011
* Fix crash in WebKit/GTK when npwrapper.so is incorrectly treated as a plugin
* Fix symbol versioning issues with _Unwind_GetIPInfo on some systems
* Fix install process with parallel make
Version 1.4.0 - 15.May.2011
* Report capabilities over RPC to fix logic based on NULL plugin/browser hooks
* Fix initialization bug that causes Flash 10.3 to report a version of 0
* Implement ClearSiteData NPAPI extension for managing Flash LSOs
* Work around bug in Konqueror that prevents plug-ins from functioning properly
Version 1.3.2 (BETA) - 23.Apr.2011
* Work around lack of client-side windows in Flash
* Fix race condition when NPP_Destroy was called while viewer is busy
* Fix build on modern Linux platforms
* Support NPAPI 0.24, in particular, Flash can now query for private browsing
* Don't export any symbols but those necessary
* Support XEmbeding npplayer into another application
* Remove NPClass::HasMethod cache; it was incorrect
* Fix initializing two wrapped plugins with the same name in the same process
* Work around Qt bug that breaks npplayer when Kopete is installed
* Release implicit grabs before forwarding events to fix Flash context menu hang
* Work around Firefox quirk that broke windowless Flash in Firefox 4
* Bind wrapper and viewer event loops together to avoid many many race conditions
* Redesign NPRuntime bridge to avoid leaking proxy objects
* Incorportate release number into ident string so update works on distro patches
Version 1.3.0 (BETA) - 02.Jan.2009
* Don't poll for Xt events in Gtk (XEMBED) plug-ins
* Use 40 Hz timer for Xt events only when necessary (Xt input sources)
* Add NPIdentifier and NPClass::HasMethod caches, i.e. lower RPC traffic
* Add support for multiple viewer paths, see --viewer-paths=PATH-EXPR
* Add basic checks for malloc()'ed buffer underflow/overflow
* Add checks for single-threaded calls into the browser (NPN_*() functions)
|
|
Upstream changes:
* v3.00 - 21st May 2015
No changes from v2.99_04.
* v2.99_04 (pre-release for 3.0) - 18th May 2015
Uploaded files with duplicate field names are treated in the
same ways as other data with duplicate field names.
* v2.99_03 (pre-release for 3.0) - 5th April 2015
BUG FIX: Additional change to forms.t to prevent MS Windows systems
hanging. (issue 103315)
* v2.99_02 (pre-release for 3.0) - 4th April 2015
Added force_unique_cookies method and equivalent parsing code and tests.
Improved test suite: better coverage, skipped failling tests for
Microsoft systems which don't use/honour normal permissions, silenced
noisy tests on older perls.
* v2.99_01 (pre-release for 3.0) - 31st March 2015
Source amended to pass perlcritic. String evals removed or replaced.
Strictures added to module and examples. All filehandles are now
lexicals. Consistent source formatting applied to module (perltidy).
deny_uploads and set_size_limit added.
All active public subroutines are now methods.
print_cookie_data and print_form_data have been removed. They had been
deprecated for well over a decade.
escape_dangerous_chars has been removed. It has been considered a
security risk since version 2.0.
|
|
Bug:
* [SSPCPP-656] - NameID insert logic appears wrong for ODBC Session store
* [SSPCPP-657] - Update Windows libraries
* [SSPCPP-663] - BOOST autoconf macros break with gcc5
* [SSPCPP-665] - Use of systemd breaks on reboot due to disappearance of /run/shibboleth
Improvement:
* [SSPCPP-654] - Move fork wait timeout from init script to sysconfig
Task:
* [SSPCPP-661] - Preparation of 2.5.5 release
* [SSPCPP-662] - Set AllowSameVersionUpgrades to 'yes'
Version 2.5.4
Bug:
* [SSPCPP-612] - Old DiscoveryFeed cache files are not correctly removed
* [SSPCPP-616] - SP does not build with C++11
* [SSPCPP-621] - log4shib. RemoteSyslogAppender doesn't work in debian.
* [SSPCPP-623] - Attribute mapper interprets attribute name with leading/trailing whitespace
* [SSPCPP-624] - Trailing whitespace in authnContextClassRef attribute parsed incorrectly
* [SSPCPP-627] - SyslogAppender is not working on windows
* [SSPCPP-646] - When triggered by file size limit, native.log does not rotate correctly and logs are missing
Improvement:
* [SSPCPP-618] - Add support for Amazon Linux 2014.3 via attached patch
* [SSPCPP-629] - attribute-map.xml missing "uid" attribute (eduPerson)
* [SSPCPP-645] - Adjust ownership of /var/cache/shibboleth in the init script of RPM-based Linux distributions
* [SSPCPP-647] - consider not permitting RC4 on back channel queries
Task:
* [SSPCPP-644] - Release log4shib 1.0.9
* [SSPCPP-648] - Release process for 2.5.4
Version 2.5.3
Bug:
* [SSPCPP-578] - Example Apache config uses require valid-user
* [SSPCPP-580] - FastCGI programs use libxmltooling but don't link with it
* [SSPCPP-584] - Limit on preserved POST data size is not enforced
* [SSPCPP-585] - POST data replay in Firefox fails if data contains key "submit"
* [SSPCPP-589] - Relative paths in Shibboleth XML catalogs are resolved against /usr/share/xml/opensaml
* [SSPCPP-595] - postTemplat.html form submission bug
* [SSPCPP-596] - Red Hat init script produces spurious restorecon warning at startup
* [SSPCPP-603] - Directory Indexes don't work when using file-based basic auth (ShibCompatValidUser is On)
Documentation:
* [SSPCPP-591] - Errors partialLogout attribute not documented
Improvement:
* [SSPCPP-598] - Dynamic metadata provider in SP should avoid unmarshalling non-EntityDescriptor results
* [SSPCPP-605] - Rephrase error log lines for AuthnFailed responses
Task:
* [SSPCPP-609] - Release of 2.5.3
|
|
Upstream changes:
6.25 2015-10-21
- Deprecated Mojo::Message::Request::proxy with boolean and string arguments
in favor of Mojo::Message::Request::via_proxy.
- Replaced proxy method in Mojo::Message::Request with an attribute.
- Moved all bundled files into "resources" directories.
- Added via_proxy attribute to Mojo::Message::Request.
- Improved Mojo::DOM::CSS to support selectors with leading and trailing
whitespace.
- Improved rendering of built-in templates to show actual template names in
log messages.
- Fixed punycode bug in Mojo::URL.
- Fixed "0" value bug in Mojo::JSON::Pointer.
|
|
Drupal 7.41, 2015-10-21
-----------------------
- Fixed security issues (open redirect). See SA-CORE-2015-004.
|
|
Version 0.3.2
-------------
Released on October 8th, 2015
- Fixes Python 2.6 compatibility.
- Updates SESSION_KEYS to include "remember".
Version 0.3.1
-------------
Released on September 30th, 2015
- Fixes removal of non-Flask-Login keys from session object when using
'strong' protection.
|
|
This release adds a new report to show statistics about Denied URLs. It also allow to add a SquidGuard log to the list of log files and to report blocked URLs into the Denied reports. It ialso adds a pie chart on SquidGuard ACLs use.
There's also four new configuration directives:
- UserReport to be able to remove any user related reports but statistics
about URL and domains will remain.
- ExcludedCodes to be able to exclude some log entries following the TCP
code returned.
- UrlHitsOnly to be able to enable the generation of additional HTML tables
with top Url per byte and per duration in Top Urls and Domains report.
- MaxFormatError to not exit immediatly when a bad format error is encountered. SquidAnalyzer will
wait MaxFormatError before exiting.
|
|
4.22 2015-10-16
[ RELEASE NOTES ]
- Documentation fixes only - please see v4.21 Changes for any potentially
impacting changes
[ DOCUMENTATION ]
- fix typos in CONTRIBUTING file
- links to docs, stackoverflow and perlmonks
- clarify deprecation policy on HTML functions (GH #188)
- mention HTML::Tiny in CGI::HTML::Functions (thanks to osfameron for
the suggestion)
|
|
|
|
Upstream changes:
Drupal 7.40, 2015-10-14
-----------------------
- Made Drupal's code for parsing .info files run much faster and use much less
memory.
- Prevented drupal_http_request() from returning an error when it receives a
201 through 206 HTTP status code.
- Added support for autoloading traits via the registry on sites running PHP
5.4 or higher.
- Allowed the user-picture.tpl.php theme template to have HTML classes besides
the default "user-picture" class printed in it (markup change).
- Fixed the URL text filter to convert e-mail addresses with plus signs into
mailto: links.
- Added alternate text to file icons displayed by the File module, to improve
accessibility (string change, and minor API addition to theme_file_icon()).
- Changed one-time login link failure messages to be displayed as errors or
warnings as appropriate, rather than as regular status messages (minor UI
change and data structure change).
- Changed the default settings.php configuration to exclude private files from
the "404_fast_paths" behavior.
- Changed the page that displays filter tips for a particular text format, for
example filter/tips/full_html, to return "page not found" or "access denied"
if the format does not exist or the user does not have access to it. This
change adds a new menu item to the Filter module's hook_menu() entry (minor
data structure change).
- Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the
cache keys used for caching a particular block.
- Made drupal_set_message() display and return messages when "0" is passed in
as the message to set.
- Fixed non-functional "Files displayed by default" setting on file fields.
- The "worker callback" provided in hook_cron_queue_info() and the "finished"
callback specified during batch processing can now be any PHP callable
instead of just functions.
- Prevented drupal_set_time_limit() from decreasing the time limit in the case
where the PHP maximum execution time is already unlimited.
- Changed the default thousand marker for numeric fields from a space ("1 000")
to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
- Prevented malformed theme .info files (without a "name" key) from causing
exceptions during menu rebuilds. If an .info file without a "name" key is
found in a module or theme directory, Drupal will now use the module or
theme's machine name as the display name instead.
- Made the format column in the {date_format_locale} database table
case-sensitive, to match the equivalent column in the {date_formats} table.
- Fixed a bug in the Statistics module that caused JavaScript files attached to
a node while it is being viewed to be omitted from the page.
- Added an optional 'project:' prefix that can be added to dependencies in a
module's .info file to indicate which project the dependency resides in (API
addition: https://www.drupal.org/node/2299747).
- Fixed various bugs that occurred after hooks were invoked early in the Drupal
bootstrap and that caused module_implements() and drupal_alter() to cache an
incomplete set of hook implementations for later use.
- Set the X-Content-Type-Options header to "nosniff" when possible, to prevent
certain web browsers from picking an unsafe MIME type.
- Prevented the database API from executing multiple queries at once on MySQL,
if the site's PHP version is new enough to do so. This is a secondary defense
against SQL injection (API change: https://www.drupal.org/node/2463973).
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade
to fail when there were multiple file records pointing to the same file.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
|
|
Upstream changes:
== Security fixes ==
* Wikipedia user RobinHood70 reported two issues in the chunked upload API.
The API failed to correctly stop adding new chunks to the upload when the
reported size was exceeded (T91203), allowing a malicious users to upload add an
infinite number of chunks for a single file upload. Additionally, a
malicious user could upload chunks of 1 byte for very large files, potentially
creating a very large number of files on the server's filesystem (T91205).
<https://phabricator.wikimedia.org/T91203>
<https://phabricator.wikimedia.org/T91205>
* Internal review discovered that it is not possible to throttle file
uploads.
<https://phabricator.wikimedia.org/T91850>
* Internal review discovered a missing authorization check when removing
suppression from a revision. This allowed users with the 'viewsuppressed'
user right but not the appropriate 'suppressrevision' user right to unsuppress
revisions.
<https://phabricator.wikimedia.org/T95589>
* Richard Stanway from teamliquid.net reported that thumbnails of PNG files
generated with ImageMagick contained the local file path in the image
metadata.
<https://phabricator.wikimedia.org/T108616>
== Bug Fixes in 1.25.3 ==
* Fix having multiple callbacks for a single hook.
<https://phabricator.wikimedia.org/T98975>
* maintenance/refreshLinks.php did not always remove all links pointing to
nonexistent pages.
<https://phabricator.wikimedia.org/T107632>
* $wgEmergencyContact and $wgPasswordSender now use their default value if
set to an empty string.
<https://phabricator.wikimedia.org/T104142>
* Provide fallbacks for use of mb_convert_encoding() in HtmlFormatter. It
was causing an error when accessing the api help page if the mbstring PHP
extension was not installed.
<https://phabricator.wikimedia.org/T62174>
* Confirmation emails would sometimes contain invalid codes.
<https://phabricator.wikimedia.org/T105896>
* Fixed edit stash inclusion queries.
<https://phabricator.wikimedia.org/T105597>
|
|
|
|
New features:
- Add debian patch debian-patches-1019_allow_frame_resize.patch to add
option nboflastupdatelookuptosave on command line.
- 199 Added geoip6 plugin with support for IPv4 AND IPv6.
- Work with Amazon AWS log files (using %time5 tag).
Fixes:
- Fixes permission on some .pl scripts.
- 205 GetResolvedIP_ipv6 does not strip trailing dot.
- 496 tools scripts should print warnings and errors to STDERR.
- 919 Referrals not getting tracked due to improperly getting flagged as a search.
- Add debian patch 0007_russian_lang.patch.
- Add debian patch 2001_awstatsprog_path.patch.
- 921 Failure in the help text for geoip_generator.pl
- 909 awstats_buildstaticpages.pl noisy debug output.
- 680 Invalid data passed to Time::Local causes global destruction.
- 212 Fix CVE-2006-2237
|
|
*) mod_http2: added donated HTTP/2 implementation via core module. Similar
configuration options to mod_ssl.
*) mod_proxy: don't recyle backend announced "Connection: close" connections
to avoid reusing it should the close be effective after some new request
is ready to be sent.
*) mod_substitute: Allow to configure the patterns merge order with the new
SubstituteInheritBefore on|off directive.
*) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
*) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",
in accordance with RFC 7568.
*) mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings,
instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
and later). Enables support for configuring the SUITEB* cipher
strings introduced in OpenSSL 1.0.2.
*) mod_ssl: Add support for extracting the msUPN and dnsSRV forms
of subjectAltName entries of type "otherName" into
SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment
variables.
*) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
an SSL connection.
*) mod_cache: r->err_headers_out is not merged into
r->headers when mod_cache is enabled and the response
is cached for the first time.
*) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
can't create new (clear) slots while previous children gracefully stopping
still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to
restart whenever the number of configured balancers/members changed during
restart.
*) core/util_script: make REDIRECT_URL a full URL.
*) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
records for scalability.
*) mod_proxy: Fix a race condition that caused a failed worker to be retried
before the retry period is over.
*) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are
loaded.
*) mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting
';' as an alternate separator.
*) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
apxs -q.
*) mod_rewrite: Avoid a crash when lacking correct DB access permissions
when using RewriteMap with MapType dbd or fastdbd.
*) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
*) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
long to keep idle connections with the memcache server(s).
Change default value from 600 usec (!) to 15 sec.
*) mod_dir: Prevent the internal identifier "httpd/unix-directory" from
appearing as a Content-Type response header when requests for a directory
are rewritten by mod_rewrite.
|
|
* Make traditional init script fail if new config file is broken
* nghttpx-logrotate: Don't use killall since we have multiple processes
* nghttpx: Fix improper signal handling
|
|
|
|
allocated structure including padding. Thanks joerg@.
|
|
|
|
* Sync with www/firefox.
|
|
Changelog:
Security fix
Fixed in Firefox 41.0.2
2015-115 Cross-origin restriction bypass using Fetch
|
|
but uses d_reclen instead, so define an alias.
|
|
|
|
the gnome pkg option. bump pkg revision.
|
|
Upstream changes:
0.163000 2015-10-15 12:47:57+02:00 Europe/Amsterdam
[ DOCUMENTATION ]
* GH: #1030: Fix pod references pointing to Dancer package
(Mohammad S Anwar, Russell Jenkins)
0.162000_01 2015-10-13 17:05:09+02:00 Europe/Amsterdam (TRIAL RELEASE)
[ BUG FIXES ]
* GH #996: Fix warning with optional arguments. (Bas Bloemsaat)
* GH #1001: Do not trigger an internal error on 404. (Russell Jenkins)
* GH #1008,#976: Hack to quiet warning while plugins
architecture is being rewritten. (Russell Jenkins)
* Use Safe::Isa when calling their functions in the respected eval.
(Sawyer X)
[ ENHANCEMENTS ]
* GH #738, #740, #988: route_parameters, request_parameters, and
body_parameters keywords added, providing Hash::MultiValue objects!
(Sawyer X)
* #941, #999: delayed() keyword now has "on_error" option for controlling
errors.
(Sawyer X)
* dancer2 app now support -s switch to supply an app skeleton
(Nuno Carvalho)
* "perl_version" token in templates now uses $^V, not $]. (Sawyer X)
* GH #966: Remove Dist::Zilla::Plugin::AutoPrereqs. (Vernon)
* GH #992: Deprecate creating route named placeholders ":captures"
and ":splat". (Sawyer X)
* Bump Moo requirement to 2.000000. (Alberto Sim繭es)
* GH #1012: Add :nopragmas import flag. (Sawyer X)
[ DOCUMENTATION ]
* GH #974: Use correct classname. (Sawyer X)
* GH #958: Fix manual example with loading additional routes. (Sawyer X)
* GH #960: Fix a few links. (Sawyer X)
* Document you can install Scope::Upper for greater speed. (Sawyer X)
* GH #1000: Correct POD name for Dancer2::Manual::Deployment.
(Jason A. Crome)
* GH #1017: Fix instructions on running app.psgi. Highlight
beginner-friendly application running instructions. (Jason Crome)
* GH #920, #1020: Remove deprecated functionality from example plugin.
(Jason Crome)
* GH #1002: Correct execute_hook() call in plugins documentation.
(Jason Crome)
* Expand on auto-reloading options using Plack Shotgun loader.
(Jason Crome, @girlwithglasses)
* GH #1024: Document the need to define static_handler when changing
the public_dir option. (S矇bastien Deseille)
|
|
=== RELEASE 2.12 ===
Sat Sep 12 21:03:14 CEST 2015 mikulas:
Free cookies when changing the 'only proxies' checkbox - i.e. when
entering or leaving tor mode
Thu Sep 10 00:04:11 CEST 2015 mikulas:
Do not record compile time to allow reproducible builds
Tue Sep 8 20:57:26 CEST 2015 mikulas:
Support SSL client certificates
Mon Sep 7 20:55:44 CEST 2015 mikulas:
Security bug fixed: warn if the server uses old SSL2 or SSL3 protocol
to avoid the POODLE vulnerability
|
|
Fixed in 7.45.0 - October 7 2015
Changes:
added CURLOPT_DEFAULT_PROTOCOL
added new tool option --proto-default
getinfo: added CURLINFO_ACTIVESOCKET
turned CURLINFO_* option docs as stand-alone man pages
curl: point out unnecessary uses of -X in verbose mode
Bugfixes:
curl_global_init_mem.3: Stronger thread safety warning
buildconf.bat: Fixed issues when ran in directories with special chars
cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
generate.bat: Fixed issues when ran in directories with special chars
generate.bat: Only call buildconf.bat if it exists
generate.bat: Added support for generating only the prerequisite files
curl.1: Document weaknesses in SSLv2 and SSLv3
CURLOPT_HTTP_VERSION.3: connection re-use goes before version
docs: Update the redirect protocols disabled by default
inet_pton.c: Fix MSVC run-time check failure
CURLMOPT_PUSHFUNCTION.3: fix argument types
rtsp: support basic/digest authentication
rtsp: stop reading empty DESCRIBE responses
travis: Upgrading to container based build
travis.yml: Add OS X testbot
FTP: make state machine not get stuck in state
openssl: handle lack of server cert when strict checking disabled
configure: change functions to detect openssl (clones)
configure: detect latest boringssl
runtests: Allow for spaces in server-verify curl custom path
http2: on_frame_recv: get a proper 'conn' for the debug logging
ntlm: mark deliberate switch case fall-through
http2: remove dead code
curl_easy_{escape,unescape}.3: "char *" vs. "const char *"
curl: point out the conflicting HTTP methods if used
cmake: added Windows SSL support
curl_easy_{escape,setopt}.3: fix example
curl_easy_escape.3: escape '\n'
libcurl.m4: Put braces around empty if body
buildconf.bat: Fixed double blank line in 'curl manual' warning output
sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
inet_pton.c: Fix MSVC run-time check failure
CURLOPT_FOLLOWLOCATION.3: mention methods for redirects
http2: don't pass on Connection: headers
nss: do not directly access SSL_ImplementedCiphers
docs: numerous cleanups and spelling fixes
FTP: do_more: add check for wait_data_conn in upload case
parse_proxy: reject illegal port numbers
cmake: IPv6 : disable Unix header check on Windows platform
winbuild: run buildconf.bat if necessary
buildconf.bat: fix syntax error
curl_sspi: fix possibly undefined CRYPT_E_REVOKED
nss: prevent NSS from incorrectly re-using a session
libcurl-errors.3: add two missing error codes
openssl: fix build with < 0.9.8
openssl: refactor certificate parsing to use OpenSSL memory BIO
openldap: only part of LDAP query results received
ssl: add server cert's "sha256//" hash to verbose
NTLM: Reset auth-done when using a fresh connection
curl: generate easysrc only on --libcurl
tests: disable 1801 until fixed
CURLINFO_TLS_SESSION: always return backend info
gnutls: Support CURLOPT_KEYPASSWD
gnutls: Report actual GnuTLS error message for certificate errors
tests: disable 1510 due to CI-problems on github
cmake: Put "winsock2.h" before "windows.h" during configure checks
cmake: Ensure discovered include dirs are considered
configure: Add missing ')' for CURL_CHECK_OPTION_RT
build: fix failures with -Wcast-align and -Werror
FTP: fix uploading ASCII with unknown size
readwrite_data: set a max number of loops
http2: avoid superfluous Curl_expire() calls
http2: set TCP_NODELAY unconditionally
docs: fix unescaped '\n' in man pages
openssl: Fix algorithm init to make (gost) engines work
win32: make recent Borland compilers use long long
runtests: Fix pid check in checkdied
gopher: don't send NUL byte
tool_setopt: fix c_escape truncated octal
hiperfifo: fix the pointer passed to WRITEDATA
getinfo: Fix return code for unknown CURLINFO options
|
|
Upstream changes:
6.24 2015-10-13
- Improved session security by not storing secrets in the stash and making
CSRF tokens much harder to guess.
- Improved commands to show all options that can affect their behavior.
- Fixed bug in Mojo::JSON::Pointer that prevented JSON Pointers with trailing
slash from working correctly. (dolmen)
- Fixed support for domains with trailing dot in Mojo::URL.
6.23 2015-10-06
- Improved documentation browser CSS.
- Fixed bug in Mojo::Transaction::WebSocket where an unsupported protocol
could be selected automatically.
- Fixed input record separator bug in Mojo::Util. (Zoffix, sri)
- Fixed small redirect bug in Mojo::UserAgent::Transactor.
6.22 2015-09-26
- Improved Mojo::JSON by reusing JSON::PP boolean constants.
- Improved uniq method in Mojo::Collection to accept a callback. (CandyAngel)
- Improved first and grep methods in Mojo::Collection to be able to call
methods.
- Improved support for empty attributes in Mojo::DOM::HTML.
|
|
|
|
Changelog:
* [Security fix] Access restriction bypass for admin account
* [Security fix] Code injection to execute arbitrary PHP code
|
|
Version 3.5.4 (2015-10-09)
--------------------------
### Fixed
Do not add the back end language in the meta wizard (see #8056).
### Fixed
Do not add excluded files to the DBAFS if they are edited in the file manager.
### Fixed
Add the `|flatten` insert tag flag to handle arrays (see #8021).
### Fixed
Check for excluded folders in the back end file popup (see #8003).
### Fixed
Fixed a wrong option name when initializing sortables (see #8053).
### Fixed
Translate UUIDs to paths in the parent view header fields.
### Fixed
Trigger the options_callback for the parent view header fields (see #8031).
### Fixed
Correctly create the initial version of a member without username (see #8037).
### Fixed
Improve the performance of the debug bar (see #7839).
### Fixed
Correctly output the event details in the `event_list` template (see #8041).
### Fixed
Only modify empty `href` attributes in the `nav_` template (see #8006, #8038).
### Fixed
Correctly show the group headlines in the repository DB updater (see #8020).
### Fixed
Improve the e-mail regex to also match the new TLDs (see #7984).
### Fixed
Ensure that the database port is not empty (see #7950).
### Fixed
Remove the left-over usages of `$this->v2warning` (see #8027).
### Fixed
Support the `hasDetails` variable in the event reader (see #8011).
|
|
in first place, since any decent deployment will either use one of the
CDNs or a custom build. Being completely outdated doesn't help either.
|
