Age | Commit message (Collapse) | Author | Files | Lines |
|
www/contao32: security update
Revisions pulled up:
- www/contao/Makefile.common 1.61
- www/contao32/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 13 14:12:20 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: distinfo
Log Message:
Update contao32 to 3.2.7.
Version 3.2.7 (2014-02-13)
--------------------------
### Fixed
Fix another weakness in the `Input` class and further harden the `deser=
ialize()`
function. Thanks to Martin Ausw=F6ger for his input.
|
|
www/contao211: security update
Revisions pulled up:
- www/contao/Makefile.common 1.60
- www/contao211/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 13 14:09:47 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao211: distinfo
Log Message:
Update contao211 to 2.11.16.
Version 2.11.16 (2014-02-13)
----------------------------
### Fixed
Fix another weakness in the `Input` class and further harden the `deser=
ialize()`
function. Thanks to Martin Ausw=F6ger for his input.
|
|
www/contao32: security update
Revisions pulled up:
- www/contao/Makefile.common 1.59
- www/contao32/distinfo 1.7
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 13 00:38:14 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: distinfo
Log Message:
Update contao32 to 3.2.6.
Version 3.2.6 (2014-02-12)
--------------------------
### Fixed
Further harden the `deserialize()` function and the `Input` class (see #6724).
|
|
www/contao211: security update
Revisions pulled up:
- www/contao/Makefile.common 1.58
- www/contao211/distinfo 1.20
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 13 00:36:38 UTC 2014
Modified Files:
pkgsrc/www/contao211: distinfo
Log Message:
Update contao211 to 2.11.15.
Version 2.11.15 (2014-02-12)
----------------------------
### Fixed
Further harden the `deserialize()` function and the `Input` class (see #6724).
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 13 00:37:27 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
Log Message:
Update contao211 to Contao 2.11.15.
Version 2.11.15 (2014-02-12)
----------------------------
### Fixed
Further harden the `deserialize()` function and the `Input` class (see #6724).
|
|
www/squid3: bug fix update
Revisions pulled up:
- www/squid3/Makefile 1.25-1.27
- www/squid3/PLIST 1.8
- www/squid3/distinfo 1.18-1.19
- www/squid3/patches/patch-compat_os_hpux.h deleted
- www/squid3/patches/patch-include_SquidNew.h deleted
- www/squid3/patches/patch-src_base_Vector.h deleted
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Dec 31 11:54:32 UTC 2013
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.4.2:
* Added missing header in client_side_reply.cc for clang
* Bug 3498: FTP PUT assertion Server.cc:246: 'r->body_pipe != NULL'
* Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
* Fix \-unescaping in quoted strings from helpers
* WCCPv2: fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
* Fix missing cast in rev.13162
* Bug 3980: FATAL ERROR due to max_user_ip -s option
* Fix linker errors "relocation R_X86_64_32 against .rodata"
* Regression in URL helper API
* Bug 3806: Caching responses with Vary header
* Set sslcrtvalidator_children concurrency option default value to 1
* Release notes: update HTML version
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Feb 4 14:23:01 UTC 2014
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Removed Files:
pkgsrc/www/squid3/patches: patch-compat_os_hpux.h
patch-include_SquidNew.h patch-src_base_Vector.h
Log Message:
Changes 3.4.3:
* Update CONTRIBUTORS
* Fix peerSelectDnsResults() IP address cycling
* Comm job callbacks need job's cbdata pointer, not a job pointer.
* Bug 3975: atomic detection cross-compilation failure
* Bug 3954: compile failure in CpuAffinity.cc
* Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
* Initialize asyncLoopDepth_ in constructor
* Fix external_acl_type async loop failures
* Bug 4008: HttpHeader warnOnError should be an int not a bool
* Fix memory leak in peer cache Digest exchange
* Bug 3927: tests/testRock fatal.cc required
* Bug 4002: clang 3.4 unable to compile
* Document and enforce invariant on Format::Token.divisor
* Bug 4002: clang 3.4 unable to compile
* Bug 3996: Malformed DNS reply leads to crash
* Disable error page translation by default in builds
* Bug 3995: compile error on CentOS 5 with GCC 4.1.2
* Centrally destroy all ACLs to avoid destruction segfaults
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Feb 7 05:28:19 UTC 2014
Modified Files:
pkgsrc/www/squid3: Makefile PLIST
Log Message:
Remove tons of unwanted dir in INSTALLATION_DIRS, and remove last backslash,
it will concat to next line "SPECIAL_PERMS", then it result in creating unwanted
directory and let "pinger" to install into wrong directry, and permission is not
set correctly.
Bump PKGREVISION.
|
|
www/contao211: security update
www/contao32: security update
Revisions pulled up:
- www/contao/Makefile.common 1.54-1.57
- www/contao211/distinfo 1.19
- www/contao32/PLIST 1.4
- www/contao32/distinfo 1.5-1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jan 21 16:20:09 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: PLIST distinfo
Log Message:
Update contao32 to 3.2.4.
Version 3.2.4 (2014-01-20)
--------------------------
### Fixed
Updated the Russian translation of the TinyMCE "typolinks" plugins (see #6224).
### Fixed
Do not create multiple stylect layers upon Ajax changes.
### Fixed
Some DCAs were missing the "rem" unit (see #6634).
### Fixed
Correctly trim the SQL statements in the `Database` class (see #6623).
### Fixed
Fix some broken back end icons (see #6214).
### Fixed
Show a hint in the news archive menu if there are no items (see #5888).
### Fixed
Prevent the back end tool tips from exceeding the screen width (see #6639).
### Fixed
Support the Google+ vanity name in addition to the numeric ID (see #6454).
### Fixed
Correctly detect Android tablets in the `Environment` class (see #5869).
### Fixed
Correctly resolve the module dependencies (see #6606).
### Fixed
Correctly unset the PHP session cookie depending on its parameters.
### Fixed
Fixed the XHTML variant of the comments form (see #5675).
### Fixed
Correctly assign articles to columns (see #6595).
### Fixed
Correctly merge the CSS classes in the `Hybrid` class (see #6601).
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 27 18:41:15 UTC 2014
Modified Files:
pkgsrc/audio/chromaprint: Makefile
pkgsrc/converters/py-simplejson: Makefile
pkgsrc/cross/nios2: Makefile.common
pkgsrc/databases/ocaml-sqlite3: Makefile
pkgsrc/devel/bzr: Makefile
pkgsrc/devel/delta: Makefile
pkgsrc/devel/gearmand: Makefile
pkgsrc/devel/gitolite: Makefile
pkgsrc/devel/javacc: Makefile
pkgsrc/devel/jq: Makefile
pkgsrc/devel/libdbusmenu-qt: Makefile
pkgsrc/devel/liblangtag: Makefile
pkgsrc/devel/lua-gi: Makefile
pkgsrc/devel/lua-lrexlib: Makefile.common
pkgsrc/devel/lua-posix: Makefile
pkgsrc/devel/magit: Makefile
pkgsrc/devel/opengrok: Makefile
pkgsrc/devel/py-greenlet: Makefile
pkgsrc/devel/py-pip: Makefile
pkgsrc/devel/py-virtualenv: Makefile
pkgsrc/devel/sparse: Makefile
pkgsrc/filesystems/cloudfuse: Makefile
pkgsrc/filesystems/fs-utils: Makefile
pkgsrc/filesystems/tahoe-lafs: Makefile
pkgsrc/fonts/kanjistrokeorders-ttf: Makefile
pkgsrc/fonts/liberation-ttf: Makefile
pkgsrc/fonts/ricty-ttf: Makefile
pkgsrc/games/wargames: Makefile
pkgsrc/graphics/camlimages: Makefile
pkgsrc/graphics/openimageio: Makefile
pkgsrc/graphics/py-matplotlib-tk: Makefile
pkgsrc/mail/imapfilter: Makefile
pkgsrc/mail/imapsync: Makefile
pkgsrc/math/cgal: Makefile
pkgsrc/math/eigen2: Makefile
pkgsrc/math/eigen3: Makefile
pkgsrc/math/fityk: Makefile
pkgsrc/misc/libcarddav: Makefile
pkgsrc/misc/libreoffice: Makefile
pkgsrc/multimedia/transcode: Makefile
pkgsrc/net/dnscheck: Makefile
pkgsrc/net/fpdns: Makefile
pkgsrc/net/get-flash-videos: Makefile
pkgsrc/net/knot: Makefile
pkgsrc/net/lua-socket: Makefile
pkgsrc/net/netcat-openbsd: Makefile
pkgsrc/net/py-amqp: Makefile
pkgsrc/net/rabbitmq-c: Makefile
pkgsrc/net/ruby-stompserver: Makefile
pkgsrc/net/tor: Makefile
pkgsrc/pkgtools/pkgin: Makefile
pkgsrc/print/qpdfview: Makefile
pkgsrc/security/libssh: Makefile
pkgsrc/security/lua-sec: Makefile
pkgsrc/security/pkcs11-helper: Makefile
pkgsrc/security/py-ecdsa: Makefile
pkgsrc/security/py-paramiko: Makefile
pkgsrc/sysutils/dc-tools: Makefile
pkgsrc/sysutils/fabric: Makefile
pkgsrc/sysutils/k4dirstat: Makefile
pkgsrc/sysutils/logrotate: Makefile
pkgsrc/sysutils/salt: Makefile
pkgsrc/textproc/xmlto: Makefile
pkgsrc/time/ical: Makefile
pkgsrc/wm/pekwm: Makefile
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao211-translations: Makefile
pkgsrc/www/php-tt-rss: Makefile
pkgsrc/www/py-flask-bootstrap: Makefile
pkgsrc/www/py-flask-wtf: Makefile
pkgsrc/www/py-http-parser: Makefile
pkgsrc/x11/appmenu-qt: Makefile
pkgsrc/x11/elementary-icon-theme: Makefile
pkgsrc/x11/razor-qt: Makefile
Log Message:
Do not set FETCH_USING, should not be set in a package Makefile.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 3 15:20:39 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao211: distinfo
Log Message:
Update contao211 package to 2.11.14, fix for CVE-2014-1860.
Version 2.11.14 (2014-02-03)
----------------------------
### Fixed
Do not pass POST data to the `deserialize()` function, so it is not vulnerable
to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 3 15:23:22 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: distinfo
Log Message:
Update contao32 to 3.2.5, including fix for CVE-2014-1860.
* pkgsrc change: remove obsolete lines for contao31.
Version 3.2.5 (2014-02-03)
--------------------------
### Fixed
Correctly load the parent pages in the navigation modules (see #6696).
### Fixed
Correctly encode URLs with GET parameters in the syndication links (see #6683).
### Fixed
Do not pass POST data to the `deserialize()` function, so it is not vulnerable
to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).
### Fixed
Allow any character in passwords, especially the less-than symbol (see #6447).
### Fixed
Purge the image cache if a file is being renamed (see #6641).
### Fixed
Preserve tags in custom CSS definitions (see #6667).
### Fixed
Make the swipe CSS selectors more specific (see #6666).
### Fixed
Correctly optimize floating-point numbers in style sheets (see #6674).
|
|
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.23-1.24
- www/drupal7/PLIST 1.8
- www/drupal7/distinfo 1.16-1.17
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 11 17:06:37 UTC 2014
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
Update drupal7 to 7.25.
Drupal 7.25, 2014-01-02
-----------------------
- Fixed a bug in node_save() which prevented the saved node from being updated
in hook_node_insert() and other similar hooks.
- Added a meta tag to install.php to prevent it from being indexed by search
engines even when Drupal is installed in a subfolder (minor markup change).
- Fixed a bug in the database API that caused frequent deadlock errors when
running merge queries on some servers.
- Performance improvement: Prevented block rehashing from writing blocks to the
database on every cache clear and cron run when the blocks have not changed.
This fix results in an extra 'saved' key which is added and set to TRUE for
each block returned by _block_rehash() that actually is saved to the database
(data structure change).
- Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow
queues to avoid being automatically processed on cron runs (API addition).
- Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be
invoked if the block delta had a hyphen in it. To implement the hook when the
block delta has a hyphen, modules should now replace hyphens with underscores
when constructing the function name for the hook implementation.
- Fixed a bug which caused cached pages to sometimes be sent to the browser
with incorrect compression. The fix adds a new 'page_compressed' key to the
$cache->data array returned by drupal_page_get_cache() (minor data structure
change).
- Fixed broken tests on PHP 5.5.
- Made the File and Image modules more robust when saving entities that have
deleted files attached. The code in file_field_presave() will now remove the
record of the deleted file from the entity before saving (minor data
structure change).
- Standardized menu callback functions throughout Drupal core to return
MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page
not found" or "access denied" pages (minor API change in the return value of
these functions under some circumstances).
- Fixed a bug in which caches were not properly cleared when a node was deleted
via the administrative interface.
- Changed the Bartik theme to render content contained in <pre>, <code> and
similar tags in a larger font size, so it is easier to read.
- Fixed a bug in the Search module that caused exceptions to be thrown during
searches if the server was not configured to represent decimal points as a
period.
- Fixed a regression in the Image module that made image_style_url() not work
when a relative path (rather than a complete file URI) was passed to it.
- Added an optional feature to the Statistics module to allow node views to be
tracked by Ajax requests rather than during the server-side generation of the
page. This allows the node counter to work on sites that use external page
caches (string change and new administrative option:
https://drupal.org/node/2164069).
- Added a link to the drupal.org documentation page for cron to the Cron
settings page (string change).
- Added a 'drupal_anonymous_user_object' variable to allow the anonymous user
object returned by drupal_anonymous_user() to be overridden with a classed
object (API addition).
- Changed the database API to allow inserts based on a SELECT * query to work
correctly.
- Changed the database schema of the {file_managed} table to allow Drupal to
manage files larger than 4 GB.
- Changed the File module's hook_field_load() implementation to prevent file
entity properties which have the same name as file or image field properties
from overwriting the field properties (minor API change).
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 16 15:55:14 UTC 2014
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
Update drupal7 to 7.26.
Drupal 7.26, 2014-01-15
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001.
Drupal 7.25, 2014-01-02
-----------------------
- Fixed a bug in node_save() which prevented the saved node from being updated
in hook_node_insert() and other similar hooks.
- Added a meta tag to install.php to prevent it from being indexed by search
engines even when Drupal is installed in a subfolder (minor markup change).
- Fixed a bug in the database API that caused frequent deadlock errors when
running merge queries on some servers.
- Performance improvement: Prevented block rehashing from writing blocks to the
database on every cache clear and cron run when the blocks have not changed.
This fix results in an extra 'saved' key which is added and set to TRUE for
each block returned by _block_rehash() that actually is saved to the database
(data structure change).
- Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow
queues to avoid being automatically processed on cron runs (API addition).
- Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be
invoked if the block delta had a hyphen in it. To implement the hook when the
block delta has a hyphen, modules should now replace hyphens with underscores
when constructing the function name for the hook implementation.
- Fixed a bug which caused cached pages to sometimes be sent to the browser
with incorrect compression. The fix adds a new 'page_compressed' key to the
$cache->data array returned by drupal_page_get_cache() (minor data structure
change).
- Fixed broken tests on PHP 5.5.
- Made the File and Image modules more robust when saving entities that have
deleted files attached. The code in file_field_presave() will now remove the
record of the deleted file from the entity before saving (minor data
structure change).
- Standardized menu callback functions throughout Drupal core to return
MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page
not found" or "access denied" pages (minor API change in the return value of
these functions under some circumstances).
- Fixed a bug in which caches were not properly cleared when a node was deleted
via the administrative interface.
- Changed the Bartik theme to render content contained in <pre>, <code> and
similar tags in a larger font size, so it is easier to read.
- Fixed a bug in the Search module that caused exceptions to be thrown during
searches if the server was not configured to represent decimal points as a
period.
- Fixed a regression in the Image module that made image_style_url() not work
when a relative path (rather than a complete file URI) was passed to it.
- Added an optional feature to the Statistics module to allow node views to be
tracked by Ajax requests rather than during the server-side generation of the
page. This allows the node counter to work on sites that use external page
caches (string change and new administrative option:
https://drupal.org/node/2164069).
- Added a link to the drupal.org documentation page for cron to the Cron
settings page (string change).
- Added a 'drupal_anonymous_user_object' variable to allow the anonymous user
object returned by drupal_anonymous_user() to be overridden with a classed
object (API addition).
- Changed the database API to allow inserts based on a SELECT * query to work
correctly.
- Changed the database schema of the {file_managed} table to allow Drupal to
manage files larger than 4 GB.
- Changed the File module's hook_field_load() implementation to prevent file
entity properties which have the same name as file or image field properties
from overwriting the field properties (minor API change).
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
|
|
www/drupal6: security update
Revisions pulled up:
- www/drupal6/Makefile 1.45
- www/drupal6/distinfo 1.29
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 16 15:54:32 UTC 2014
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
Update drupal6 to 6.30.
Drupal 6.30, 2014-01-15
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2014-001.
|
|
Changelog:
2.5.3:
Bugs Fixed
0002967: [display] Album list management display enhancement, faster load
0002964: [configuration] zero should be allowed for the recent period
0002980: [other] Fatal error when renaming a group
0002977: [albums] move a public album into a private album may create inconsistent permissions
0002975: [template] Internet Explorer 7, album creation form is broken
0002974: [configuration] avoid deprecated errors
0002973: [metadata] missing characters from IPTC when using encoding windows-1252
0002970: [other] Division by zero on batch manager
0002934: [authentication] [Smartpocket ] Can't register
2.5.2:
Bugs Fixed
0002921: [tags] Can't create tags with special chars like ( + [
0002915: [synchronization] synchronization not really disabled
0002894: [albums] set as album thumbnail on picture.php does not apply to all users
0002895: [display] dark administration theme, plugins menu flashes
0002907: [albums] wrong number of sub-albums
0002917: [web API] [pwg.images.delete] if the photo is album thumbnail, blocking error on gallery
0002909: [users & groups] give permission on an empty list of albums produces SQL error
0002901: [photos] [Batch Manager] french, set author action, default value should disappear
0002899: [metadata] ability to allow HTML in EXIF/IPTC
0002896: [technical] Apply trigger render_element_description for thumbnail title (for picture description)
Technical changes
0002922: [technical] Add caseSensitive option to TokenInput (web form for tag creation)
0002929: [photos] [multiple size] strip metadata on configurable threshold
0002925: [template] new function theme_delete
2.5.1:
Bugs Fixed
0002892: [web API] [pwg.images.setInfo] empty tag_ids input parameter produces errors
0002865: [database] [mysqli] support for mysql sockets and port number
0002891: [navigation] unexpected flat parameter in home link on picture page breadcrumb
0002864: [authentication] open_basedir restriction and new password generator
0002887: [user comments] Comments accessible anonymously if comments author is known
0002861: [installation & upgrade] invalid password on manual upgrade
0002867: [template] [LocalFiles Editor] can't create new template-extension
0002881: [web API] [pwg.images.addSimple] undefined constant tags-assumed "tags"
2.5.0
Many changes include
User features
User comments: Email and Website added
Tag duplication
Pagination on albums
Batch manager: filter on dimensions
Group manager
Better looking icons
Connect with Facebook, Google, OpenID...
Temporary image while loading
51 languages
Physical vs virtual albums
Protection of original photos
Tag exclusion in quick search
IP address and sessions
Tecnical features
New web API explorer
increased security on passwords
mysqli library for MySQL
JSmin replaced by JavaScriptPacker
Sprite for flags
Sessions can store infos, errors and warnings
Add triggers on all main pages
Add template method to sort action buttons
jquery 1.8.3, jquery.ui 1.10.1
Earlier detection of mobile device
Triggers for login system
2.4.7:
Bugs Fixed
0002819: [template] Link problem in menu with smartpocket
0002843: [security] [install.php on Windows] improved security on temporary config file download (reported by htbridge and fixed in collaboration with Gjoko Krstic)
0002844: [security] increase security on LocalFiles Editor (reported by htbridge)
0002793: [technical] Fatal error: Cannot redeclare PclZipUtilPathReduction
0002797: [template] local css for "clear" impacts admin theme "clear"
|
|
|
|
version number, as suggested in PR 47418 a year ago. Also make sure
the localization packages claim they belong to the right corresponding
firefox packages, as a number of them were wrong.
|
|
default.) Enabling CPU optimized instruction gains some performance, but
it lost portability of the binary package.
Bump PKGREVISION.
|
|
installed.
|
|
Changelog:
For WordPress 3.8 ja
* Update WP Multibyte Patch to 1.9
For WordPress 3.8
Highlights
Introduces a new, modern admin design
A fresh, uncluttered design
Clean typography with Open Sans
Superior contrast and large, comfortable type
Responsive interfaces throughout
Refined, theme management
Smoother, click-to-add widget management
New Default Theme - Twenty Fourteen
Easily create a responsive magazine website with a sleek, modern design.
Feature your favorite homepage content in either a grid or a slider.
Use the three widget areas to customize your website, and change your content's layout with a full-width page template and a contributor page to show off your authors.
For Developers
External Libraries have been updated.
Better RTL support
What's New
General
Replace PNG-based plugins ratings stars with Dashicons for performance gains
Improved help tab text in various screens
Clicking "Check Again" on the Updates screen now provides more immediate feedback
Dashboard
Consolidate several Dashboard widgets to improve readability
Replace the 'Right Now' widget with the new and improved 'At a Glance' widget
Appearance
Introduce 8 new admin color schemes
Improved readability throughout using Open Sans typeface (where supported)
Responsive Toolbar for smaller-screen devices
Leverage Dashicons instead of icon sprites for crisper experience on all resolutions
Big RTL improvements throughout
Make the dashboard more usable on any size device with responsive all the things
Improve the login screen experience for Internet Explorer 8 users
Improve Quick Edit experience for non-English users
Improve the Menus experience for mobile users
Themes
New Default Theme -- Twenty Fourteen
Make it possible to check for any post format assigned to a post with has_post_format()
Better custom background theme support defaults, can now specify 'default-repeat', 'default-position-x', and 'default-attachment' arguments for background images.
Tags for width changed to layout: responsive-layout, fluid-layout, and fixed-layout
New tag: accessibility-ready to denote a theme is aware of accessibility best practices such as color contrast, keyboard navigation, and form/link focus. See WP theme accessibility guidelines.
Theme screenshots' size have increased from 600x450 to 880x 660.
Widgets
New click-to-add interface for adding widgets to sidebars
Improved interface for devices of all resolutions
Better drag-and-drop experience
Accessibility
Make list table row actions keyboard accessible
Improve color contrast throughout the admin
Multisite
Improved performance when deleting users in Multisite
Under The Hood
General
Heartbeat performance and API improvements
A $taxonomy argument was added to each of the adjacent post functions.
Define $is_nginx in vars.php
Apply capital_P_dangit() to the wp_title filter
Make sure ajaxurl is defined in the Customizer
validate_active_plugins() now checks the manage_network_plugins capability instead of is_super_admin()
Allow passing false for the meta_box_cb argument in register_taxonomy() to turn off the meta box display entirely
Make it easier to target video shortcodes by adding a wp-video class to the parent container
Add CSSMin, SASS, CSSJanus, and jsHint to build tools for core development
Bug Fixes
Fix bug where top-level categories were only redirecting if they had no children
Fix bug in wp_get_object_terms() where returned were strings not integers
Fix a bug where passing a null value to meta_query resulted in wonkiness with the comparison operator
Fix "'wp_signups' already exists for query" error after updating a Multisite network
Fix bug in get_bookmarks() caused by missing parentheses
Fix comment_notification_recipients filter behavior so that it is still respected even on comments left by the post author
Fix a date comparison error in dashboard_relative_date()
Fix keyboard accessibility for row actions in list tables.
Fix no-js and accessibility modes in in the Widgets screen
Fix a bug where menus could still be assigned to a non-existent theme location
Silence jQuery Migrate errors in the General settings page
Multisite
Classes
Introduce WP_Screen::remove_option()
Introduce WP_Screen::remove_options()
Introduce WP_Screen::get_options()
Functions
Introduce wp_dashboard_quick_press()
Introduce wp_dashboard_site_activity()
Introduce wp_dashboard_recent_posts()
Introduce wp_dashboard_recent_comments()
Introduce wp_dashboard_primary_output()
Introduce wp_heartbeat_set_suspension()
Introduce wp_star_rating()
Introduce get_theme_update_available()
Introduce wp_prepare_themes_for_js()
Actions & Filters
Actions
Introduce automatic_updates_complete
Filters
Introduce automatic_updates_debug_email
Introduce wp_prepare_themes_for_js
External Libraries
Add a copyright notice to zxcvbn (password strength meter) script
Deprecated
screen_icon()
get_screen_icon()
wp_dashboard_incoming_links_output()
wp_dashboard_secondary_output()
wp_dashboard_incoming_links()
wp_dashboard_incoming_links_control()
wp_dashboard_plugins()
wp_dashboard_primary_control()
wp_dashboard_recent_comments_control()
wp_dashboard_secondary()
wp_dashboard_secondary_control()
no_update_actions()
Miscellaneous
Many unused images were removed from core. See the full list
|
|
|
|
* Switch to 6 branch
* Replace interpreters with REPLACE_*
Changelog:
Version 6.0.0a Dec 14th 2013
Remove wrong warnings from logfile
Fix LDAP authentication
Fix LDAP configuration
Fix Share dialog
Fix migration under certain conditions
Fix database encoding for old PHP versions
Fix select all checkbox
Fix migration with lucene search enabled
Fix migration for postgresql
Version 6.0.0 Dec 11th 2013
User Avatars
Previews in files app and other places
Updated design, less clutter and more whitespace
Public gallery sharing
Activities
Better file conflict handling dialog
Improved public App API
Sharing API
Example Files
Share Email Notifications
New Doctrine based database layer
Plural translations
Refactored OC.dialogs (both code and design wise)
Priorize often used languages in personal-settings language selection
Update jquery to 1.10.0 and add jquery-migrate 1.2.1
Show a summary as the last filelist entry
Improve app-management (more verbose error-messages)
Show ‘More apps’ link to app administration directly in app navigation
Templates for newly created files
Add MB indicator to size column
Google Drive external storage uses a new library
New icons for shared and external folders
File uploads conflicts dialog
Possibility to prepopulate a new users home with a skeleton
Public upload with encryption enabled
Users now can decrypt the files again if their encryption app was enabled
Many quota related fixes
Total used space (with quota) now only counts user’s own files
Many external storage fixes, improved performance
Improved file navigation performance by using Ajax calls (no full page reload for each folder)
The file owner can now also restore deleted shared files
New version drop-down with previews and the ability to downloading versions directly
|
|
These patches are stored in files/.
|
|
* Sync with seamonkey-2.23
|
|
Changelog:
SeaMonkey-specific changes
Download progress is now shown in the Mac OS X app dock icon.
EXIF orientation is now being used when displaying attached images in MailNews.
"This folder is being processed... to get messages." alerts on active MailNews folders now identify the account or folder.
MailNews notifications have a new look.
See the changes page for a more complete overview.
Mozilla platform changes
All plugins, with the exception of recent Flash plugins, now default to click-to-play.
The password manager now supports script-generated password fields.
Support for H.264 on Linux is now available if the appropriate GStreamer plugins are installed.
Support for MP3 decoding on Windows XP has been added, completing MP3 support across Windows OS versions.
The CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec.
There is no longer a prompt when websites use appcache.
Support for the CSS image orientation property has been added.
IndexedDB can now be used as an "optimistic" storage area so it does not require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage.
When displaying a standalone images, the EXIF orientation information contained within the JPEG image is now matched (bug 298619).
Page load times have been improved due to no longer decoding images that are not visible (bug 847223).
Support for the AudioToolbox MP3 backend has been added on Mac OS X (bug 914479).
Fixed several stability issues.
Fixed in SeaMonkey 2.23
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
|
|
|
|
|
|
"PHP support for iconv is required to handle multiple charsets."
Bump PKGREVISION.
|
|
fix a few trivial (but nasty) problems of this almost leaf package:
approved by gdt@.
Version 3.2.3 (2013-12-20)
--------------------------
### Fixed
Correctly resize the mediaboxAdvanced in IE11 (see #6504).
### Fixed
Set the correct status header for cached files (see #6585).
### Fixed
Correctly set the empty value depending on the DB field (fixes #6550, #6544).
### Fixed
Prevent saving of detached models (see #6506).
### Fixed
Correctly determine the ACE editor's height (see #6578).
### Fixed
Always fall back to English if a language does not exist (see #6581).
### Fixed
Correctly display repeated events in the event list (see #6555).
### Fixed
Correctly show the available layout columns in the article module (see #6548).
### Fixed
Correctly show the "read more" link in the news list modules (see #6439).
### Updated
Updated html5shiv to version 3.7.0 (see #6543).
### Fixed
Support browsers with both mouse and touch support in the back end (see #6520).
### Fixed
Correctly handle multiple `RadioTable` widgets on the same page (see #6389).
### Fixed
Fixed two issues with the SQL cache (see #6507).
### Fixed
Do not require a redirect page for newsletter channels (see #6521).
### Fixed
Use the related field instead of `id` in the model query builder (see #6540).
|
|
contains security fix.)
Since 2.4.0.5
- bugfix: Don't send notification when add mail.
Since 2.4.0.4
- bugfix: Deprecated functions usage.
- bugfix: Emtpy trash can was using a deprecated function with performance issues.
- bugfix: Missing parameters in function invocation.
Since 2.4.0.3
- bugfix: can't delete template task, permission denied.
Since 2.4.0.2
- bugfix: langs customer_folder and project_folder.
- bugfix: can't add contacts from mail.
- bugfix: on activity widget move action don't display.
- bugfix: when create user, notifications break mysql transaction.
Since 2.4.0.1
- bugfix: cron process to emtpy trash can does not delete members asociated to contacts.
Since 2.4.0
- bugfix: tab order fix in quick add task;
- bugfix: issue when create a subtask from task view;
Since 2.4-rc
- fetaure: error message improved when upload limit is reached.
- bugfix: on gantt, names of the tasks were not displayed completely.
- bugfix: on gantt, the time estimation for tasks was not displayed correctly.
- bugfix: date custom properties default value does not use user's timezone.
- bugfix: on people widget add user combo is not ordered by name.
- bugfix: on activity widget dates have gmt errors.
- bugfix: general search allways search for empty string.
- bugfix: url files are not saved correctly when url is not absolute.
- bugfix: imap fetch fixed when last email does not exists in server.
- bugfix: only invite automatically the "filtered user" when adding a new event, not when editing an existing one.
- bugfix: variable member_deleted uninitialized in a cycle, maintains the value of previous iterations and fills the log warnings.
- bugfix: don't display group-mailer button if user doesn't have an email account.
- bugfix: allow mail rules for all incoming messages, useful for autoreplies.
- bugfix: the invitations of the events created on google calendar will have the same special ID of the event.
Since 2.4-beta
- feature: alert users if they have mails in the outbox
- feature: contact custom reports - added columns for address, phones, webpages and im.
- feature: display time estimation in time reports when grouping by tasks
- feature: config option to add default permissions to users when creating a member.
- system: upgrade Swift Mailer from version 4.0.6 to 5.0.1, this improves and solves some issues when sending emails with exchange servers
- bugfix: on user login when save timezone don't change the update_on value
- bugfix: solved an issue when editing a repetitive task and changing its previous repetition value
- bugfix: solved when editing a template task can't remove a dimension member
- bugfix: solved using repeating tasks when applying a template
- bugfix: on tasks and timeslots reports, if grouped by task it diplay milestones
- bugfix: allow the creation of templates in the root (View all)
- bugfix: Users are now shown by default in the People tab.
- bugfix: when printing the task list view, tasks now display their progress and estimation
- bugfix: on general search prevent multiple form submit.
Since 2.3.2.1
- feature: templates have been greatly improved: they have changed completely for good!
- feature: remember selection on total task execution time report
- feature: when sending an email, if a word containing attach is found and no attachment if found, it triggers an alert.
- feature: new user config option to set how many members are shown in breadcrumbs
- feature: update plugins after running upgrade from console.
- feature: add root permission when creating executive or superior users.
- feature: contact edit form has been improved
- bugfix: when uploading avatars, if it is .png and its size is smaller than 128x128 the image is not resized
- bugfix: when sending an mail, the sender is now subscribed to it
- bugfix: when adding a file from an email attachment, its now set to be created by the account owner
- bugfix: reporting pagination fixed
- bugfix: custom reports, csv and pdf export only exports the active page..now it exports everything!
- bugfix: don't collapse task group after performing an action to the task when group is expanded.
- bugfix: email parsing removes enters and some emails were not shown correctly
- bugfix: people widget in french used to cause a syntax error
- bugfix: don't classify email in account's member if conversation is already classified.
- bugfix: task filtering by user has been improved: it loads faster and more accurate
- bugfix: the users selectbox for assignees has been improved: it loads faster and more accurate
- bugfix: check for "can manage contacts" in system permissions if column exists
- bugfix: email parsing does not fetch addresses when they are separated by semicolon
- bugfix: tasks assigned to filter doesn't filter correctly when logged user is an internal collaborator and users can add objects without classifying them.
- bugfix: search result pagination issue
- bugfix: search results ordered by date again
- bugfix: add to searchable objects failed for some emails
- bugfix: custom properties migration fix
- bugfix: feng 1 to feng 2 upgrade improved
- bugfix: style fixes in administration tabs
- bugfix: checkbox in contact tab now is working properly. initially it does not show the users
- bugfix: google calendar sync issue for events with over 100 chars has been solved
- bugfix: contact csv export fixed: when no contact is selected => export all contact csv export fixed
- bugfix: some undefined variables have been defined
- bugfix: some translations that were missing were added
- security: remove xss from request parameters
- performance: search engine has been greatly improved
- other: the search button is disabled until returns the search result
- other: when upgrading to 2.4 the completed tasks from feng 1 will change to 100% in completed percentage
|
|
friends.
No functional change.
|
|
* Sync with firefox24-24.2.0
|
|
* Sync with firefox-26.0.
|
|
|
|
|
|
|
|
|
|
|
|
* Convert to use xulrunner24
|
|
* Fix PR pkg/48420: fix build on NetBSD with drace support
Patches from richard@
Changelog:
Fixed in Firefox ESR 24.2
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
|
|
* Build outside WRKSRC, fix build
Changelog:
NEW
All Java plug-ins are defaulted to 'click to play'
NEW
Password manager now supports script-generated password fields
NEW
Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service)
NEW
Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed
CHANGED
Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions
CHANGED
CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec
DEVELOPER
Social API now supports Social Bookmarking for multiple providers through its SocialMarks functionality (see MDN docs)
DEVELOPER
Math.ToFloat32 takes a JS value and converts it to a Float32, whenever possible
DEVELOPER
There is no longer a prompt when websites use appcache
DEVELOPER
Support for the CSS image orientation property
DEVELOPER
New App Manager allows you to deploy and debug HTML5 webapps on Firefox OS phones and the Firefox OS Simulator
DEVELOPER
IndexedDB can now be used as a "optimistic" storage area so it doesn't require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage
FIXED
When displaying a standalone image, Firefox matches the EXIF orientation information contained within the JPEG image (298619)
FIXED
Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 (812695)
FIXED
Improved page load times due to no longer decoding images that aren't visible (847223)
FIXED
AudioToolbox MP3 backend for OSX (914479)
FIXED
Various security fixes
Fixed in Firefox 26
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
|
|
Upstream changes:
0.06
- Now just a simple consumer of POEx::Role::PSGIServer (thanks nperez!)
|
|
Version 0.6.6
-----------------
Released on December 6, 2013
- Fix global being passed after command by not expliciting checking
for the 'parents' argument.
|
|
on BSD but not on strict POSIX implementations, leading to failures when
building as an unprivileged user in the presence of symlinks.
Fixes recent breakage on SunOS when the '-h' flag was removed for MirBSD.
|
|
Changes since 3.0.4:
- A bad interaction between -b, -c and -m in the varnishlog tool
has been fixed.
- A malformed request could in some configurations lead to Varnish
crashing has been corrected. This is CVE-2013-4484.
- Duplicate Content-Length headers were in some cases sent to clients
when streaming is enabled, this has been fixed
- ESI parse errors are no longer printed to standard output.
- Stop segfaulting if the first part of a synthetic page is NULL.
|
|
Bump package revision because the binary got changed.
|
|
|
|
|
|
- Fix multiple vulnerabilities in TYPO3 CMS:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
2013-12-10 afbadea [RELEASE] Release of TYPO3 6.1.7 (TYPO3 Release Team)
2013-12-10 7481971 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring)
2013-12-10 cb8db28 #42772 [SECURITY] XSS in colorpicker wizard (Marcus Krause)
2013-12-10 2d29894 #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn)
2013-12-10 dca9c88 #48691 [SECURITY] XSS in backend user adminstration (Marc Bastian Heinrichs)
2013-12-10 450e5d3 #41714 [SECURITY] Information Disclosure in Wizards (Helmut Hummel)
2013-12-10 7e7f9e3 #54099 [SECURITY] Fix open redirection in openid extension (Helmut Hummel)
2013-12-10 ad11945 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring)
2013-12-10 18e0491 #47086 [SECURITY] XSS in beuser VH (Anja Leichsenring)
2013-12-10 cbbeefd #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring)
2013-12-10 163947a #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Steffen Ritter)
2013-12-02 d21a628 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind)
2013-12-02 e538020 #54117 [BUGFIX] Add missing namespacing for calling GeneralUtility (Stefan Neufeind)
2013-11-29 3a66a0e #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
|
|
- Fix multiple vulnerabilities in TYPO3 CMS:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
2013-12-10 55ea17b [RELEASE] Release of TYPO3 6.0.12 (TYPO3 Release Team)
2013-12-10 c703d1d #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring)
2013-12-10 0f1e28b #42772 [SECURITY] XSS in colorpicker wizard (Marcus Krause)
2013-12-10 1cbe889 #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn)
2013-12-10 79f6850 #48691 [SECURITY] XSS in backend user adminstration (Marc Bastian Heinrichs)
2013-12-10 b22cbce #41714 [SECURITY] Information Disclosure in Wizards (Helmut Hummel)
2013-12-10 e4134ae #54099 [SECURITY] Fix open redirection in openid extension (Helmut Hummel)
2013-12-10 2fb0277 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Anja Leichsenring)
2013-12-10 bd6095f #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring)
2013-12-10 872cf3d #47086 [SECURITY] XSS in beuser VH (Anja Leichsenring)
2013-12-10 cb55c53 #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring)
2013-12-10 578cc80 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Steffen Ritter)
2013-12-02 9757d0c #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind)
2013-12-02 5bf7430 #54117 [BUGFIX] Add missing namespacing for calling GeneralUtility (Stefan Neufeind)
2013-11-29 30e1f41 #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
|
|
- Fix multiple vulnerabilities in TYPO3 CMS:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
- Enable PHP_VERSIONS_ACCEPTED which was accidently commented out by previous
commit.
2013-12-10 9e378dd [RELEASE] Release of TYPO3 4.7.17 (TYPO3 Release Team)
2013-12-10 efa9e0b #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn)
2013-12-10 d207548 #42772 [SECURITY] XSS in colorpicker wizard (Anja Leichsenring)
2013-12-10 92712d6 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring)
2013-12-10 573f720 #20811 [SECURITY] XSS vulnerability in extension manager (Marcus Krause)
2013-12-10 b7eac59 #41714 [SECURITY] Information Disclosure in Wizards (Anja Leichsenring)
2013-12-10 319a06c #54099 [SECURITY] Fix open redirection in openid extension (Anja Leichsenring)
2013-12-10 834afa5 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Steffen Ritter)
2013-12-10 aa08f14 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring)
2013-12-10 f3b5a6a #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring)
2013-12-10 0bc4fc4 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Marcus Krause)
2013-12-02 c400e94 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind)
2013-12-02 124a913 #54120 Revert "[BUGFIX] Object passed to date()" (Markus Klein)
2013-12-01 3f2e971 Revert "[BUGFIX] Distinguish unassigend columns and colPos 0" (Steffen Ritter)
2013-11-29 a7dbbbf #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
2013-11-26 542bd7d #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Philipp Gampe)
|
|
- Fix multiple vulnerabilities in TYPO3 CMS:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
- Enable PHP_VERSIONS_ACCEPTED which was accidently commented out by previous
commit.
2013-12-10 1956962 [RELEASE] Release of TYPO3 4.5.32 (TYPO3 Release Team)
2013-12-10 60576d1 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring)
2013-12-10 77dc1c4 #42772 [SECURITY] XSS in colorpicker wizard (Anja Leichsenring)
2013-12-10 52d3bff #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn)
2013-12-10 cae8739 #20811 [SECURITY] XSS vulnerability in extension manager (Marcus Krause)
2013-12-10 ba92f0a #41714 [SECURITY] Information Disclosure in Wizards (Anja Leichsenring)
2013-12-10 63ff910 #54099 [SECURITY] Fix open redirection in openid extension (Anja Leichsenring)
2013-12-10 c4d1336 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Steffen Ritter)
2013-12-10 5342284 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring)
2013-12-10 b360a1a #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring)
2013-12-10 78ee538 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Marcus Krause)
2013-12-08 5aa4ab2 #54282 [BUGFIX] Fix failing test (Anja Leichsenring)
2013-12-08 6add221 #54280 [BUGFIX] Fix failing test (Anja Leichsenring)
2013-12-02 0c3fa95 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind)
2013-12-02 d353ab0 #54120 Revert "[BUGFIX] Object passed to date()" (Markus Klein)
2013-11-29 309e93a #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
2013-11-26 1d95cad #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Philipp Gampe)
|
|
|
|
|
|
* Bug 3589: intercepted and ICAP modified request using a cache_peer
* OpenBSD portability fix in DiskThreads
* Bug 3935: Invalid pointer dereference when peeking at origin server certificate
* Destroy ACLs in the reverse order of creation to avoid destruction segfaults
* Portability: sleep() is sometimes a macro
* Windows: fix compile errors in WinSvc.cc
* Portability: std::string:npos is not always appropriate for String::npos
* Portability: refresh_pattern requires regex
* librfcnb: portability fixes
|
|
|