| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.31
- www/drupal7/distinfo 1.24
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Mar 19 15:36:41 UTC 2015
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
Update drupal7 to 7.35 (Drupal 7.35), security fix release.
Drupal 7.35, 2015-03-18
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001.
|
|
www/drupal6: security update
Revisions pulled up:
- www/drupal6/Makefile 1.51
- www/drupal6/distinfo 1.34
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Mar 19 15:35:56 UTC 2015
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
Update drupal6 to 6.35 (Drupal 6.35), security fix release.
Drupal 6.35, 2015-03-18
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001.
|
|
www/typo3_45: security update
Revisions pulled up:
- www/typo3_45/Makefile 1.34-1.35
- www/typo3_45/distinfo 1.29
---
Module Name: pkgsrc
Committed By: tnn
Date: Sat Feb 7 22:06:52 UTC 2015
Modified Files:
pkgsrc/databases/p5-Search-QueryParser-SQL: Makefile
pkgsrc/databases/py-elixir: Makefile
pkgsrc/ham/gnuradio-companion: Makefile
pkgsrc/net/py-softlayer: Makefile
pkgsrc/www/typo3_45: Makefile
pkgsrc/www/typo3_47: Makefile
pkgsrc/www/typo3_60: Makefile
pkgsrc/www/typo3_61: Makefile
Log Message:
Drop trailing '/' from DEPENDS lines. Found by Bernhard Riedel.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 19 09:41:01 UTC 2015
Modified Files:
pkgsrc/www/typo3_45: Makefile distinfo
Log Message:
Update typo3_45 package to 4.5.20.
pkgsrc change: supports PHP < 5.6.
Fix security problem:
* TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor=
e-sa-2015-001/
2015-02-19 1b8a673 [RELEASE] Release of TYPO3 4.5.40 =
(TYPO3 Release Team)
2015-02-19 3fbd91c #65113 [SECURITY] Prevent login with semi=
-empty values (Nicole Cordes)
2015-01-29 6cf78f6 #64597 [TASK] Update TYPO3 copyright in a=
ll branches (Benjamin Mack)
2015-01-29 38e1cb1 #64573 [BUGFIX] Travis tests for PHP 5.5 =
(Stephan Gro=DFberndt)
2015-01-19 fc33980 [TASK] Post travis notification to=
#typo3-cms-coredev channel (Helmut Hummel)
2015-01-15 c7615b6 #63896 [BUGFIX] Fix regression in prefixL=
ocalAchors feature (Helmut Hummel)
2014-12-17 583d1bf #59186 [BUGFIX] Add case insensitive flag=
to trustedHostsPattern (Dietrich Heise)
|
|
www/squid3: security update
Revisions pulled up:
- www/squid3/Makefile patch
- www/squid3/distinfo patch
- www/squid3/patches/patch-compat_compat.h new file
- www/squid3/patches/patch-src_ip_Intercept.cc patch
---
Apply patch:
- Fix buidling when IPF is turned on
- Update to version 3.4.12
|
|
www/contao33: security patch
Revisions pulled up:
- www/contao33/Makefile patch
- www/contao33/distinfo patch
- www/contao33/patches/patch-system_modules_core_classes_Backend.php new file
- www/contao33/patches/patch-system_modules_core_dca_tl__templates.php new file
- www/contao33/patches/patch-system_modules_core_library_Contao_Validator.php new file
---
Apply patch to fix directory traversal security problem.
|
|
www/contao34: security update
Revisions pulled up:
- www/contao/Makefile.common patch
- www/contao34/Makefile 1.3-1.4
- www/contao34/distinfo 1.2-1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jan 23 16:16:23 UTC 2015
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao34: Makefile distinfo
Log Message:
Update to contao34 to 3.4.2.
Version 3.4.2 (2015-01-22)
--------------------------
### Fixed
Fix an infinite recursion problem in the `FilesModel` class (see #7588).
Version 3.4.1 (2015-01-22)
--------------------------
### Fixed
Fix the position of the input field hints (see #7561).
### Fixed
Do not apply the GDlib maximum dimensions to SVG images (see #7435).
### Fixed
Do not show the diff icon if a record has been deleted (see #7429).
### Fixed
Remove a left-over headline from the `ce_text.xhtml` template (see #7502).
### Fixed
Preserve comments when exporting CSS files (see #7482).
### Fixed
Fix the LESS import path in the Combiner (see #7533).
### Fixed
Hide the width and height attributes if there is a sizes attribute (see #7500).
### Fixed
Remove the hardcoded figcaption width (see #7549).
### Fixed
Only load the model in the file/page picker if the class exists (see #7490).
### Fixed
Romanize style sheet names (see #7526).
### Fixed
Add the username to the "account has been locked" log entry (see #7551).
### Fixed
Consider the suhosin.memory_limit when raising the PHP limits (see #7035).
### Fixed
Added two missing `exclude` flags in the `tl_page` data container (see #7522).
### Fixed
Send an UTF-8 charset header in the `die_nicely()` function (see #7519).
### Fixed
Correctly validate dates in the `Widget` class (see #7498).
### Fixed
Back port the fixes from #7475 and #7473.
### Fixed
Send the same cache headers for cached and uncached pages (see #7455).
### Fixed
Fix the `current() expects parameter 1 to be array` issue (see #6739).
### Fixed
Correctly replace the `*_teaser` insert tags (see #7488).
### Fixed
Adjust the last and previous login labels (see #7426).
### Fixed
Unset the `postUnsafeRaw` cache in `Input::setPost()` (see #7481).
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Feb 1 04:51:34 UTC 2015
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao34: Makefile distinfo
Log Message:
Update contao34 to 3.4.3 (Contao 3.4.3).
* pkgsrc change: change config directory's permission.
Version 3.4.3 (2015-01-30)
--------------------------
### Fixed
Consider the error reporting level in the install tool (see #7593).
### Fixed
Handle variables and functions when importing style sheets (see #7448).
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 13 03:03:57 UTC 2015
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao34: distinfo
Log Message:
Update contao34 package to 3.4.4 (Contao 3.4.4).
Version 3.4.4 (2015-02-12)
--------------------------
### Fixed
Fixed a directory traversal vulnerability discovered by Arnaud Buchoux. See
CVE-2015-0269 for more information.
|
|
www/contao32: security update
Revisions pulled up:
- www/contao/Makefile.common patch
- www/contao32/Makefile 1.8-1.9
- www/contao32/distinfo 1.18-1.20
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jan 23 16:14:35 UTC 2015
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: Makefile distinfo
Log Message:
Update contao32 pacakge to 3.2.17.
Version 3.2.17 (2015-01-22)
---------------------------
### Fixed
Romanize style sheet names (see #7526).
### Fixed
Add the username to the "account has been locked" log entry (see #7551).
### Fixed
Consider the suhosin.memory_limit when raising the PHP limits (see #7035).
### Fixed
Added two missing `exclude` flags in the `tl_page` data container (see #7522).
### Fixed
Send an UTF-8 charset header in the `die_nicely()` function (see #7519).
### Fixed
Correctly validate dates in the `Widget` class (see #7498).
### Fixed
Back port the fixes from #7475 and #7473.
### Fixed
Send the same cache headers for cached and uncached pages (see #7455).
### Fixed
Fix the `current() expects parameter 1 to be array` issue (see #6739).
### Fixed
Correctly replace the `*_teaser` insert tags (see #7488).
### Fixed
Adjust the last and previous login labels (see #7426).
### Fixed
Unset the `postUnsafeRaw` cache in `Input::setPost()` (see #7481).
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Feb 1 04:49:39 UTC 2015
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: Makefile distinfo
Log Message:
Update contao32 to 3.2.18 (Contao 3.2.18).
* pkgsrc change: change config directory's permission.
Version 3.2.18 (2015-01-30)
---------------------------
### Fixed
Handle variables and functions when importing style sheets (see #7448).
### Fixed
Fix an infinite recursion problem in the `FilesModel` class (see #7588).
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 13 03:02:53 UTC 2015
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: distinfo
Log Message:
Update contao32 package to 3.2.19 (Contao 3.2.19).
Version 3.2.19 (2015-02-12)
---------------------------
### Fixed
Fixed a directory traversal vulnerability discovered by Arnaud Buchoux. See
CVE-2015-0269 for more information.
|
|
www/contao34: bug fix patch
Revisions pulled up:
- www/contao34/Makefile 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 7 10:39:02 UTC 2015
Modified Files:
pkgsrc/www/contao34: Makefile
Log Message:
Add mimetypes.php as one of the configuration files.
Bump PKGREVISION.
|
|
www/apache24: security patch
Revisions pulled up:
- www/apache24/Makefile 1.33
- www/apache24/distinfo 1.17
- www/apache24/patches/patch-modules_lua_mod_lua.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu Jan 22 20:02:37 UTC 2015
Modified Files:
pkgsrc/www/apache24: Makefile distinfo
Added Files:
pkgsrc/www/apache24/patches: patch-modules_lua_mod_lua.c
Log Message:
Add fix for CVE-2014-8109 taken for Apache SVN repository.
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/apache24/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/apache24/patches/patch-modules_lua_mod_lua.c
|
|
www/curl: security patch
Add a fix for the security bypass vulnerability reported in CVE-2014-8150.
|
|
www/php-basercms: dependence fix
Revisions pulled up:
- www/php-basercms/Makefile 1.3
- www/php-basercms/options.mk 1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Jan 8 13:35:03 UTC 2015
Modified Files:
pkgsrc/www/php-basercms: Makefile options.mk
Log Message:
Bump PKGREVISION.
* Fix DEPENDS.
Recent version of baserCMS requires PDO database drivers.
* Remove obsolete commented-out lines.
|
|
Changelog:
Version 7.0.4 Dec 9th 2014
Added XMLWriter check
Better deleted outdated previews
Store storage credential in session only if needed
Don't disclose relative directory path for single shared files of user
Password reset fixes
Fix enable app only for a specific group
fixing port configuration in trusted domains
LDAP fixes
Make group search case sensitive
Allow admin to change users display name
ldap performance improvements
config.php can now be read only
Several smaller fixes
|
|
Changelog:
Tomcat 7.0.57 (violetagg)
Catalina
add 47919: Extend the information logged when Tomcat starts to optionally log the values of command line arguments (enabled by default) and environment variables (disabled by default). Note that the values added to CATALINA_OPTS and JAVA_OPTS environment variables will be logged, as they are used to build up the command line. (markt)
add 56401: Log version information when Tomcat starts. (markt/kkolinko)
fix 57022: Ensure SPNEGO authentication continues to work with the JNDI Realm using delegated credentials with recent Oracle JREs. (markt)
fix Correct a couple of NPEs in the JNDI Realm that could be triggered with when not specifying a roleBase and enabling roleSearchAsUser. (markt)
fix Remove the unnecessary registration of context.xml as a redeploy resource. The context.xml having an external docBase has already been registered as a redeploy resources at first. (kfujino)
fix Improve the previous fix for 56401. Avoid logging version information in the constructor since it then gets logged at undesirable times such as when using StoreConfig. (markt)
fix 57105: When parsing web.xml do not limit the buffer element of the jsp-property-group element to integer values as the allowed values are <number>kb or none. (markt)
update Update the minimum required version of the Tomcat Native library (if used) to 1.1.32. (markt)
update 57144: Improve ClientAbortException to provide non-null message. (kkolinko)
Coyote
add 53952: Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Šebek. This feature requires Tomcat Native library 1.1.32 or later. (schultz/jfclere)
add Disable SSLv3 by default for JSSE based HTTPS connectors (BIO and NIO). The change also ensures that SSLv2 is disabled for these connectors although SSLv2 should already be disabled by default by the JRE. (markt)
add Disable SSLv3 by default for the APR/native HTTPS connector. (markt)
fix Do not increase remaining counter at end of stream in IdentityInputFilter. (kkolinko)
Jasper
fix 57099: Ensure that semi-colons are not permitted in JSP import page directives. (markt)
Cluster
fix Avoid possible integer overflows reported by Coverity Scan. (fschumacher)
WebSocket
fix 57054: Correctly handle the case in the WebSocket client when the HTTP response to the upgrade request can not be read in a single pass; either because the buffer is too small or the server sent the response in multiple packets. (markt)
fix Fix client subprotocol handling. (remm)
fix Add null checks for arguments in remote endpoint. (remm/kkolinko)
fix 57091: Work around the behaviour of the Oracle JRE when creating new threads in an applet environment that breaks the WebSocket client implementation. Patch provided by Niklas Hallqvist. (markt)
fix 57118: Ensure that that an EncodeException is thrown by RemoteEndpoint.Basic.sendObject(Object) rather than an IOException when no suitable Encoder is configured for the given Object. (markt)
Web applications
fix Correct documentation for ServerCookie.ALLOW_NAME_ONLY system property. (kkolinko)
fix 57049: Clarified that jvmRoute can be set in <Engine>'s jvmRoute or in a system property. (schultz)
fix Correct version of Java WebSocket mentioned in documentation (s/1.0/1.1/). (markt/kkolinko)
update In examples web application move Async and Comet examples from JSP to Servlet examples page. (kkolinko)
update Suppress timestamp comments and enable charset header in Javadoc. (kkolinko)
jdbc-pool
fix 57079: Use Tomcat version number for jdbc-pool module when building and shipping the module as part of Tomcat. (markt/kkolinko)
fix Fix broken overview page in javadoc generated via "javadoc" task in jdbc-pool build.xml file. (kkolinko)
Other
update 56079: The Apache Tomcat Windows service and the Apache Tomcat Windows service monitor application are now digitally signed. (markt)
fix Fix timestamps in Tomcat build and jdbc-pool to use 24-hour format instead of 12-hour one and use UTC timezone. (markt/kkolinko)
update Improve Tomcat build script to ensure that only one ecj-nn.jar file is present in Tomcat lib directory when Eclipse JDT Compiler is updated to a new version. (kkolinko)
update 56596: Update to Tomcat Native Library version 1.1.32 to pick up the Windows binaries that are based on OpenSSL 1.0.1j and APR 1.5.1. (markt)
code In Tomcat tests: log name of the current test method at start time. (kkolinko)
|
|
Upstream changes:
MediaWiki 1.24.1
This is a security and maintenance release of the MediaWiki 1.24 branch.
Changes since 1.24.0
(bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.
(bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.
(bug T74222) The original patch for T74222 was reverted as unnecessary.
Fixed a couple of entries in RELEASE-NOTES-1.24.
(bug T76168) OutputPage: Add accessors for some protected properties.
(bug T74834) Make 1.24 branch directly installable under PostgreSQL.
|
|
|
|
only the latter is supported by cwrappers. Change them all to "opt" rules for
consistency and to gain compatibility with cwrappers.
|
|
2014-12-10 d72f00c [RELEASE] Release of TYPO3 4.5.39 (TYPO3 Release Team)
2014-12-10 63ae7dd #62723 [!!!][SECURITY] Fix link spoofing in prefixLocalAnchors (Helmut Hummel)
2014-12-08 5c267d2 #62967 [BUGFIX] Exclude CDATA from t3lib_parsehtml->XHTML_clean (Nicole Cordes)
2014-11-27 7d66912 [RELEASE] Release of TYPO3 4.5.38 (TYPO3 Release Team)
2014-11-19 61d8b25 #58053 [BUGFIX] Handle opacity for IE in prototype.js (Jigal van Hemert)
2014-11-15 42de3e0 #62984 [BUGFIX] PHP warning on saving TypoScript with t3editor (Oliver Hader)
2014-11-13 152b14b #62032 [BUGFIX] Fix PHP warning with date function in FormEngine (Oliver Hader)
2014-11-03 79ba882 #62391 [BUGFIX] Ensure PHP 5.2 compatibility in php-openid (Michael Stucki)
2014-10-31 f56c52f #62513 [BUGFIX] Too many tags by identifier in CacheBackends (Michael Stucki)
2014-10-23 528429b #57006 [BUGFIX] softrefproc typolink lacks support for separation by line feed (Marc Bastian Heinrichs)
2014-10-22 a62c19e #62391 [BUGFIX] Ensure PHP 5.2 compatibility in makeInstance (Helmut Hummel)
|
|
|
|
|
|
|
|
|
|
|
|
- replaced html entities in russian.html (read by utf8 test), as the
test should not fail due to problems with HTML::Entities.
- improvements for Kwalitee
- strip_spaces in utf8 test was using perl v5.14+ features
- reading of DATA in utf8 test should be native utf8 not use Encode,
which mangles it on some platforms
- fix to bug in t/300_utf8.t causing whitespace not to be stripped
- many cpan tester failures due to witespace in utf8 test,
main test done with whitespace stripped, todo test as before
- removed trailing libicu deps
- perl minimum version to 5.8 (needed for unicode support).
- cleaned up test suite
- version bump in META.YML (RT#100457)
- 'use feature' breaking perl 5.8, removed (RT#100453)
- added Test::Exception to build_requires
- removed dependency on libicu-dev, which isn't as universal as expected
and was causing a bunch of cpan tester failures
|
|
Add comment to firefox31 & firefox24 to also update their xulrunner
|
|
* Fix bootstrap.sh dependency on SPONSORS.list
* HTTP/2: Support 421 (Misdirected Request) status code
* Alternate-Protocol is a hop-by-hop header
* Bug 4148: external_acl_type header format does not accept the new libformat syntax
* Bug 4033: Rebuild corrupted ssl_db/size file
* Bug 3902: Docs: external_acl_type cache hash key
* Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
* Fix segmentation fault in ACLUrlPathStrategy::match
|
|
Update DEPENDS
Upstream changes:
0.25 2014-08-04
[MISC]
- Move tests from Test::TCP to Test::WWW::Mechanize::PSGI.
[STATISTICS]
- code churn: 5 files changed, 138 insertions(+), 174 deletions(-)
0.24 2014-07-29
[MISC]
- Release again, this time with real co-maint permissions.
[STATISTICS]
- code churn: 1 file changed, 57 insertions(+), 53 deletions(-)
0.23 2014-07-17
[CHANGED]
- Requires Session::Storage::Secure 0.010 to allow storing objects, which
is specially relevant for JSON::bool data.
|
|
Upstream changes:
0.010 2014-05-04 13:52:13-04:00 America/New_York
[ADDED]
- Added support for customizing options to Sereal encoder and decoder,
i.e. to allow object serialization for those willing to accept the
risks of doing so. (Thanks to Breno de Oliveira for inspiration to
do this.)
0.009 2014-04-17 17:15:25-04:00 America/New_York
[FIXED]
- Fixed bug that would cause custom encoding tests to fail
intermittently
0.008 2014-04-17 16:29:50-04:00 America/New_York
[ADDED]
- Added support for keeping an array of old keys for decryption
(Tom Hukins)
- Added support for replacing MIME::Base64 encoding with user-specified
transport encoding/decoding, possibly with a custom separator
[INTERNAL]
- Update repository support and meta files
|
|
Upstream changes:
0.156000 2014-12-07 18:04:14+01:00 Europe/Amsterdam
[ BUG FIXES ]
* Do not try to deserialize empty content.
(Lennart Hengstmengel, Sawyer X)
* Do not call serialization hooks when no serialization took place.
(Sawyer X)
* Be more cautious on undef output from serializer.
(Daniel B.hmer, Sawyer X)
[ ENHANCEMENTS ]
* Add cpanfile when scaffolding a new app.
(D.vid Kov.cs, Sawyer X)
* Response "content" attribute no longer stringifies. This should help
reduce warnings, odd debugging problems, etc. (Sawyer X)
* DSL "uri_for" no longer returns URI object. Instead just the URI.
(Sawyer X)
[ DOCUMENTATION ]
* GH #777: Fix doc for mentioning public dir.
(D.vid Kov.cs, Sawyer X)
* GH #787: Document all environment variables. (Sawyer X)
0.155004 2014-12-04 11:51:23+01:00 Europe/Amsterdam
[ BUG FIXES ]
* Guard against content length being empty strings. This is really
bizarre case but saw it once. (Sawyer X)
|
|
vairous fixes and some API addition.
|
|
ok ryoon@
|
|
Changelog:
WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)
WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:
Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
A cross-site request forgery that could be used to trick a user into changing their password.
An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.
Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.
We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.
Download WordPress 4.0.1 or venture over to Dashboard -> Updates and simply click “Update Now”.
|
|
|
|
www/py-google-api-python-client-py3.
The Google API Client for Python is a client library for accessing the Plus,
Moderator, and many other Google APIs. This is the python 3.x port of the
package.
|
|
PKGREVISION and change DIST_SUBDIR.
|
|
content. Bump PKGREVISION.
|
|
|
|
* Sync with firefox24-24.8.1.
|
|
Changelog:
Fixed in Firefox ESR 24.8.1
2014-73 RSA Signature Forgery in NSS
Fixed in Firefox ESR 24.8
2014-72 Use-after-free setting text directionality
2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
Fixed in Firefox ESR 24.7
2014-64 Crash in Skia library when scaling high quality images
2014-63 Use-after-free while when manipulating certificates in the trusted cache
2014-62 Exploitable WebGL crash with Cesium JavaScript library
2014-61 Use-after-free with FireOnStateChange event
2014-59 Use-after-free in DirectWrite font handling
2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
|
|
* Sync with firefox-31.3.0
|
|
Changelog:
Fixed Security fixes can be found here
Fixed @ JS::Handle::operator JSObject* const&() startup crash (see bug 1055766 )
Fixed Intermittent failures in add-ons manager mochitest-browser tests (see bug 1095128 )
Fixed Bad CPU type in executable running mochitests on yosemite (see bug 1054043 )
Fixed Error building nsChildView.mm on OS X 10.10 (see bug 1005458 )
Fixed Wrong CPU features detection on some x86 CPUs (see bug 1096651 )
Fixed Build error on Yosemite (see bug 1045231 )
Fixed XMLHttpRequest.send({}) should not throw (see bug 1096263 )
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-85 XMLHttpRequest crashes with some input streams
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
|
|
this version.
|
|
=======
This release is a small bugfix release, specifically to remove accidentally
added files in the Wheel release.
|
|
4.11 2014-12-02
[ SPEC / BUG FIXES ]
- more hash key ordering bugs fixed in HTML attribute output (GH #158,
thanks to Marcus Meissner for the patch and test case)
[ REFACTORING ]
- escapeHTML (and unescapeHTML) have been refactored to use the functions
exported by the HTML::Entities module (GH #157)
- change BUILD_REQUIRES to TEST_REQUIRES in Makefile.PL as these are test
dependencies not build dependencies (GH #159)
[ DOCUMENTATION ]
- replace any remaining uses of indirect object notation (new Object) with
the safer Object->new syntax (GH #156)
|
|
Upstream changes:
5.68 2014-12-02
- Improved Mojo::DOM::CSS performance significantly.
- Fixed deprecation warnings in get command.
- Fixed bug in Mojolicious::Controller where sending a WebSocket message
would cause multiple resume events.
5.67 2014-11-27
- Improved overall performance by deserializing sessions only on demand.
- Fixed bug where embedded applications would deserialize sessions twice.
5.66 2014-11-26
- Improved many WebSocket tests in Test::Mojo to be able to fail gracefully.
- Fixed bug in Mojo::DOM::CSS where the :empty pseudo class would not ignore
comments and processing instructions.
5.65 2014-11-24
- Improved installable scripts to use #!perl. (jberger)
- Improved Mojo::JSON security by escaping the "/" character.
- Improved Mojolicious::Commands to reset the global Getopt::Long
configuration more safely.
- Fixed bug in Mojo::DOM::CSS where selected results would also include the
current root element.
5.64 2014-11-22
- Fixed bug in Mojolicious::Commands where the global Getopt::Long
configuration would be changed after a command had already been loaded.
5.63 2014-11-21
- Improved portability of some tests.
- Fixed a few multipart form handling bugs.
5.62 2014-11-18
- Fixed bug in Mojolicious::Routes::Pattern where optional placeholders in
nested routes would sometimes not work correctly.
- Fixed bug where "handler" was not an allowed name for controller methods.
5.61 2014-11-14
- Moved entities.txt into the DATA section of Mojo::Util to avoid
gratuitously breaking module bundlers.
5.60 2014-11-11
- Added to_array method to Mojo::Collection.
- Added xss_escape function to Mojo::Util.
- Updated Net::DNS::Native requirement to 0.12 for some important bug fixes.
5.59 2014-11-07
- Added support for non-blocking name resolution with Net::DNS::Native.
5.58 2014-11-06
- Improved error handling in Mojo::IOLoop::Client.
|
|
Upstream changes:
0.08 2014-05-16
- Add a 'verbose' option to control if warnings are propagated
through to an existing WARN handler.
|
|
Upstream changes:
0.155002 2014-12-02 22:59:32+01:00 Europe/Amsterdam
[ BUG FIXES ]
* Fix test on Windows. (A. Sinan Unur)
0.155001 2014-11-28 17:42:24+01:00 Europe/Amsterdam
[ BUG FIXES ]
* Small typo in test. (D.vid Kov.cs)
0.155000 2014-11-28 01:18:39+01:00 Europe/Amsterdam
[ BUG FIXES ]
* GH #773, #775: AutoPage handler no longer renders layouts.
(D.vid Kov.cs, Sawyer X)
* GH #770: Prevent crazy race condition between the logger engine and
other engines. This means engines now call "log_cb" to log.
(Sawyer X)
* App now has default name to caller package. (Sawyer X)
* Serializers will not try to serialize empty content. (Sawyer X)
* Lots of cleanups in Core::Request in favor of Plack::Request.
(Sawyer X)
[ ENHANCEMENTS ]
* Layouts directory can be configured using 'layout_dir'.
(Sawyer X)
* GH #648, #760: Logger format now supports 'h', 'u', 'U', 'h', 'i'.
They are documented but weren't really available.
(Lennart Hengstmengel)
* Serializers having errors will not fail if there is no logger.
(Sawyer X)
* Create a request object with a single argument of $env, like
Plack::Request. (Sawyer X)
[ DOCUMENTATION ]
* Remove documented hack for static content because we use the middleware
now anyway. (Sawyer X)
* Document further the difference between splat and megasplat.
(D.vid Kov.cs)
|
|
|
|
Remove two more unwind directives.
|
|
v0.5.9
Remove dead code from browser and preferences
Build-fix: Make PanedAction's Child.widget public
fixes tab history undo
Set a placeholder text on the URL entry
Add "Add Bookmark" to menu
Show search menu upon left icon click in location bar
Fix crash when saving with associated resources
Fix webkit2 downloads based on older branch
don't hide window decorations for Midori-Granite
Connect bookmarks-db singleton correctly to fix menus
Fix some symbol names and transfer annotations in doc comments
Use correct signature for window-state-event handler
Do not overescape page titles in view completion
Make adblock skip non-standard last update metadata strings
Drop deprecated Granite LightWindow used for the Clear Private Data dialog
Keep storing the last web media tab played.
Allocate CookiePermissionManagerModalInfobar correctly
Make middle clicking reload button duplicate the current tab, similar to other browsers
Use network-changed of GNetworkMonitor to reload all tabs if network becomes available
Show different messages based on network connectivity.
Fix crash when activating the edit menu
Fix "open all in tabs" for bookmarks
Fix a few simple leaks
Don't focus the locationaction when leaving blank pages
Fix leaks of two references to the MidoriApp in Tabby
Compile with valac 0.16 again
Never display about:new in the urlbar
fix crash right-clicking forms on local pages
Share 'youtube, vimeo, dailymotion' that you are playing in Midori using org.midori.mediaHerald
Give the SoupURI a path when checking cookie relevance
Resolve ellipsis and title stripping in completion
Add www. and .com/.country_domain and proceed with Ctrl+Enter/Shift+Enter with (readable code)
Clean up browser tab/ uri/ title notify
Drop pseudo Granite distinction in completion layout
Fix visibility of SpeedDial, Toolbar, Bookmarkbar context menu items
Distinguish between desc file missing and other parsing issues
Use dependencies to clear test folders before execution
win32: Drop dropbox usage from win release script, rename resulting output files
v0.5.8
Use png icon instead of svg in set_status
We must not pass a Cancellable to FaviconDatabase.get_favicon_pixbuf
Retain spelling suggestion menu items from WebKit
Properly guard usage of gtk3 get_style_context
Mimic the look of Granite.DynamicNotebook when compiled with --enable-granite.
Fix X11 lib underlink in midori-core
Fix bookmarkbar bookmark click not opening links
Use sanitized app URI as wm_classname/ StartupWMClass
Make trunk build with WebKit2 again
Fix for incorrect tstamp for background tabs
Don't declare sorting doubles are nullable and print values when database tracing is enabled
Correctly apply saved entry state and treat urlbar as a regular editable item
Add missing conditional includes for granite flavoured build
Open URIs dragged on tab label or new tab button
Small adblock bugfixes
Work around GTK3's hard-coded minimum stackswitcher button width
Fix building with mingw packages from fedora 18
Set page title as basis for print filename
Rename notes inline
Use EXTRA_WARNINGS option when building for windows
Drop forgotten clutter init and obsolete header declarations
Rework history-step handling and make it work again
Port Tabby to DatabaseStatement API
Replace bookmark stracing with generic profiling in Midori.Database
Port autocompleter test to async job
Finishing touches for Adblock
Add filters and defaults
Implement and use ContextAction.escaped
printf URI in show_message_dialog for download error
Improve docs and GIR annotations for KatzeItem, KatzeArray, and MidoriWebSettings
Drop redundant TabNew from compact menu and put button in Tab Panel
Fix loading file:// pages
Implement Send Page Link by Email
Use GtkStackSwitcher with GTK+ >= 3.10
Implements context popup menu on menu entries of bookmark bar and bookmark menu.
Fix building with newer mingw versions
Display locationbar suggestions in the correct order
Don't bother adblocking internal pages and favicons
Don't use trailing comma on last list element in Adblock tests
Rewrite Adblock more modularly, add Whitelist support
Add support of DragonFlyBSD
Change tooltips of Reload and ReloadStop actions while shift modifier is pressed
Implement Midori.Database.attach method
Allow :memory: as folder to make schema detection work
More robust app/ profile creation
Add helper callbacks to modify bookmark's tree store with unneded access to bookmarks db
Implement more flexible fallback behavior for Cookie Permissions
v0.5.7:
Modify actions and internal items in browser without changing settings
Delay tab loading after Midori crashed
Uncomment failing assertions about view_source in tab test
Fallback to about:home if startup is anything but blank
Don't try to create formhistory database if config_dir is NULL
Handle url arguments for blank sessions
Execute commands given at start time
Introduce high-level prepare/ DatabaseStatement API
Drop unused GraniteClutter-based animation support
Drop uncommented contractor support
Drop deprecated StaticNotebook used in KatzePreferences
Introduce notebook class converging separate implementations
Work around symbol relocation issue old version of gcc present on Ubuntu LTS
NULL-check treeview in midori_search_action_get_editor
Adjust CMakeList .ico check to not skip nojs icons
Enable sidepanel in private mode
Move Preferences menu entry above About
Set minimum value of 0 on spin button for maximum cache size
Give NextForward its own label for toolbar editor
Correctly disable favicon database in app and private mode
Change preferences to refer to proxy address as a "URI" (not "hostname")
Add close tabs to right feature
Allow printing without confirmation dialog on kiosk setups
v0.5.6:
instead of creating devpet status icon on extension load, create it only to show new messages
Open speed dial or homepage according to preference
handle tab duplication
Add copyright note to appdata file
Tweak searching for resources when running from build folder
Swap NULL-check with main frame check
Use correct signal when clearing the trash
Hide WEbGL preference if it is unavailable
Remove stored popup sessions from the database
Check all browsers for opened sessions and whether they're popups
removed unused preference dialog and related code
Fix check for found valac and mention VALAC variable
Fix autoscrolling if page contains a frame with our custom error page
Don't use context-menu signal in WebKitGTK+ < 1.10.0
Fix building on Ubuntu 12.04
Reset item ids when re-importing bookmarks
Check path being NULL in export before trying to inspect it
restore the last closed sessions if no session is opened
Cast WebKitDOMHtmlElement for getting source content
Use font-set signal and font family for GTK+ 3.2 font chooser
add function to view dom source
remove unused variable
Resolve compiler warnings in current trunk
Update win32-release script for cmake, move unused docs/scripts to old folder
Try to handle previous runs of cmake in configure wrapper
Correct view source assertions in tab unit test
Build fix: found undeclared in midori_bookmarks_db_remove_item_recursive
Cache bookmark items to avoid their recreation on database reads
allow "view source" on about pages
Enable old target policy on cmake < 2.8.8
Re-arrange data file installing to be more explicit
option to modify the number of tabs which will be restored in each idle callback
Implement MidoriBookmarksDatabase class by inheritence from MidoriDatabase
Ensure tab spinners update as often as the menubar spinner to avoid desync
Use tabby sorting increment when importing session.xbel tabs
Only install config files to /etc if prefix equals /usr
handle urls as argument when starting midori
Make tabby compile with Webkit2
Drop waf build system and provide cmake-based "configure" script
midori_panel_action_activate_cb forgot to update the action group
Fixes bug where certificate Security overlay failed to close
handle tab movement
add tab sorting
Untangle implicit GTK+3 for Granite and WebKit2
Allow running test under debug tools with cmake
Install config files to /etc when install prefix is /usr
Add missing PO_FILES argument to GETTEXT_PROCESS_PO_FILES
Add USE_APIDOCS to build API docs with CMake
Rasterize SVG to PNG with rsvg-convert
fix bookmarks test regression after fix-1179200-4
Add CMakeLists.txt for config directory
Install mo files in locale dir
don't change uri/title if the tab isn't loaded
use a separate signal to store the tab title
Check if execinfo.h header exists on BSD
fix endless loop in Midori.Database.init
Use destructive-action style class in ClearPrivateData
Initialize priv->element to avoid crash when freeing
Introduces KatzeArray::update-item to handle metadata changes
Refactor excuting schema from file into a function
Use stock as string in liststore
Drop needless (and wrong) HAVE_LIBNOTIFY in preferences
Flip horizontal position of the overlay when hit by the mouse
Add Midori.URI.get_base_domain and use it in NoJS
Introduce Midori.Database and use for history and tabby
ctrl+shift+w should trigger a delete-event
Implement dialog windows opened via javascript
Make get_res_filename work with different hierarchies
fix check for new database
Speed up session import
Import tab title from old sessions
Separate CFLAGS for C and add missing HAVE_
Install top-level text files and FAQ html/ css to doc dir
Provide and install .appdata.xml file for app stores
Move bookmarks db handling to midori-bookmarks-db
Add XSS to OPTS_LIBRARIES
Update condition for UBUNTU_MENUPROXY to work on Saucy
Introduce tabby, the new session manager
Fix typo in katze_item_set_meta_integer call
Allow bookmark bar update on additions resulting from imports
Re-work midori_array_query_recursive to not include folder items twice
Fix syntax of icon sizes passed to foreach
Add bzr revision number to version if available
Unify nojs and cookie policy dialogs, make policy changeable within the list
Drop all G_ENABLE_DEBUG guards
Add -g to CFLAGS to enable debugging symbols
Adjust cmake build for Win32
Implement CMake build setup
Port MidoriApp from Unique/ sockets to GApplication
New signal about-content to provide content for about uris
Check if browser is NULL in midori_view_get_tab_menu to prevent a crash. Fixes bug #1215652.
Ensure proxy setting widgets callbacks don't outlive the widgets themselves
Fix webkit2 build error
Show the bookmarks import location combobox.
Rename internal completion URLs to avoid confusion
v0.5.5:
Fix name and text fields inversion in XBEL folder import
Correct packing of cookie and nojs permission dialog.
Don't set tab title/special when a non-main frame displays an error
Revise "cookies" debug output, merge expiry check and disallow revival of old cookies
Drop now unused cgit module.xml file
Use SoupProxyResolverGnome unconditionally and disable prefetching if proxy is active
win32: Hide gui for profiles in webapp manager, as they are currently broken on Windows
win32: support additional mouse buttons for going back/forward in history
Enrich app error messages with filenames
Fix segfault if url contains " %00"
Replace 'Run as app' in bookmark dialog with 'Create launcher'
Split config files and install from folders recursively
Implement GTK+ theme switching via Preferences (Win32)
Enable set_disk_cache_directory with WebKit2
Introduce Midori.ContextAction and refactor page menu from scratch
Define large dialog icon size relative to dialog icon size
Extension Devpet which shows error messages and backtraces in systray
WebKit2 cookie support
Check the hit test result for editable to see if , should search
Use SoupCookieJarSqlite and drop KatzeHttpCookies(Sqlite)
Show folder tree when editing bookmarks
Handle double value in _midori_browser_activate_action
Add privacy preferences in web app mode
Escape parentheses in adblock_fixup_regexp
Introduce object oriented API for access to History Database
Allow rss feeds with version 0.92
Rename History completion to Bookmarks and History
Don't show rss feed icon on twitter, underlying API was retired
Read apps/ profiles from folder, leave launchers separate
Fill in bookmark folder attributes in bookmarkbar populate
v0.5.4:
Refactor history step and allow multiple title updates
Call midori_browser_connect_tab with correct type
Don't add HistoryCompletion if there's no history
Restore reload button icon in error pages
Don't insert folders into the log
If an url is specified the fallback url should not be loaded
Fixed crashes when closing a loading tab + granite's tab moving
Test if plugins are redundant instead of skipping them all
Avoid selecting bookmark uris that begin by 'javascript:' for completion
Set FOREIGN_KEYS pragma on db initialization
Implement a default zoom level preference
Fix tautological use of G_MAXINT with enum
Take current selection into account for bookmark folders when adding/editing bookmark
Improve error page visuals, show suggestions on network errors
Bump vala to 0.16.0
Downgrade glib requirement to 2.32.3 to re-enable building under Ubuntu 12.04 (LTS)
Bump glib2 version to 2.32.4
Improve and unify thumbnail generation
Omit speed dial and blank pages from view completion
Makes the elements of the speed dial non-selectable
Use NULL-safe comparison in katze_item_icon_loaded_cb
Drop non-DOM style sheet injection code path
Clean small leftovers from GTK and WebKit version bumps
Bump GTK+ requirement to 2.24 and drop support for earlier versions
Check for app mode to set browser icon instead of readonly
Escape square brackets in adblock_fixup_regexp
Fix showing (sub)folders in bookmarkbar
Bump WebKit requirement to 1.8.3 and drop support for earlier versions
Set menu on dynamic notebook tab
Do not run toolbar editor's GtkDialog in its own main loop by prevent calling gtk_dialog_run(). Instead just set the GtkDialog modal and show it.
Remove unnecesary harmful code from tab_switched_cb
Fix segfault when deleteing tabs with history list
Specify int64 id item as a string in bookmark remove/update queries
Distinguish between box and event box in the tab label when colouring tabs
Show visual feedback when hovering over items in bookmark panel
Replace INSTALL/ HACKING with exported Contribute wiki page
Delete tabs from history list with Del
Check brightness of backgroung color when deciding foreground color of given tab
Clean launcher filenames, double-click to open and delete button
Avoid declaring browser twice within the same function
Add ./waf --update-pot
Fix memory leak introduced in r6184
Use old function name g_dbus_generate_guid for old valac
Move Import and Export into menu Bookmarks
Collect multiple download notifications within a minute
Fix segfault when right clicking on a web view.
Make libnotify mandatory except on Windows
Remove the rather unnecessary ./waf --run feature
Send a notification after creating a launcher
Ambiguous 'Open as App' context menu item was removed
Apply label color to label rather than event box
Store data of app mode based on URL in ~/.local/share/midori/apps
Split colorful tabs code into helper functions and add unit tests
Fix History List memory leak when closing Midori window.
Replace .gitignore with a .bzrignore
Always define GCR_VERSION in GTK+2 build
Fix bookmarks dialog rename regression introduced in r6167.
Drop check for gcr-3-gtk2 which isn't being maintained.
Scrap unneeded background variables in location renderer callbacks
Title case and proper packing in bookmark dialog
Delete PO files Launchpad spewed into root directory when it couldn't find po/*.pot file.
Issue a warning when trying to use MIDORI_DEBUG while running
Update dates to 2013 to fix bug #1167075.
v0.5.2:
Re-release with a proper version number and changelog
v0.5.1:
Fix mouse gesture regression breaking context menu
Fix --run command line switch by midori_paths_init
Fix bug in size calculation for the history list popup
Handle diagnostic dialog argument in running instance
Fix feed panel default value crash
Ensure existence of the applications directory
Fix download tooltip crash and extend test case
Integrate user interaction exploit demo in about:
Don't convey loading or progress on special pages
Address missing NULL checks and dead code found by clang
No security window for blank pages, but a search icon
Introduce UI for created apps/ launchers: Web App Manager
Add custom-title setting to override browser title
Add a Gtk.Entry to --plain mode for entering URLs
Deprecate middle_click_opens_selection in favour of gtk-enable-primary-paste
Webkit2:
Require 1.11.91 aka 2.0.0 for WebKit2
Delayed load, clear favicons, clear HTTP cache, tab favicons
Navigation policy, mouse buttons, security details
basic cookies, download dialog, res://, stock://, print
Zoom, default-charset, view-source, spell-check, prefetch
Back/ forward, enable-java, plugin listing, web inspector
v0.5.0:
Store --execute arguments in string array
Prevent overlay frame from being caught by show_all
Unconditionally show Toolbar Style preference
Duplicate current URI when reloading Midori.View
Update tabs being closable on setting change in Granite
Check default_search before setting SearchAction default
Populate application chooser button in idle
Bail out of completion resizing if cell height is 0
Pass proxy to bookmark dialog when editing via menu
Tweak bookmark dialog, button to buttons, toggles side by side
Move 'Flash windows' option into History List
Use light window for Clear Private Data with Granite
Use GtkFontButton with filter func with GTK+ 3.2
Implement 'Run in debugger' button in diagnostic dialog
Add Win32 work-around to History List for modifiers
Make toolbar drag/ drop work in GTK+3
Check if active form element is input before getting search text
Implement direction-based mouse gesture configuration
Implement mouse movement, load-failed, crashed, search in WebKit2
Add 'Show last crash log' button to diagnostic dialog
Make invalid actions fail; exit on error in new process only
Accept setting=value and extension=true/ false in --execute
Merged cookie permissions as of 2013-03-08
Gray out webGL preference if context is unavailable
Use browser API to Close Other in view menu item
Fix periods to ellipsis in Custom/ Customize Shortcuts
Support Colorful Tabs in History List
Add Midori.Tab.fg/ bg_color and Midori.View.set_colors
Fix word-wrap, #decription and #message in about.css
Set view scroll policy to Never to avoid flickering
Use XDG_RUNTIME_DIR for temporary files
Build Vala and C parts of core separately
Don't provide default value for enable-scripts
Respect Open new pages: window for Web Search and Open Image
enable-javascript in WebKit1/ 2, macro for (Web)Settings
Fix MIDORI_*_VERSION to be integers
Fix .desktop file validation unit test and fix errors
'New tab behavior' preference: about:dial/ new/ search/ home alias URLs
Use stripped down XBEL variant for session and trash
Allow any proxies supported by libproxy; list supported types in preferences
|
|
* Sync with firefox-35.0.5.
* Add and remove some locales.
|
