| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
These releases address a security issue in the Django admin.
* Issue: XSS attack via properties in ModelAdmin.readonly_fields
* Advisory: HTML escaping when calling template filters from Python code
|
|
0.9.2 (2015-02-24)
Fixed compatibility with Requests 2.5.1
Changed the default JSON Content-Type to application/json as UTF-8 is the default JSON encoding
|
|
Changes
1.10.1 (2015-02-10)
Pools can be used as context managers. (Issue #545)
Don’t re-use connections which experienced an SSLError. (Issue #529)
Don’t fail when gzip decoding an empty stream. (Issue #535)
Add sha256 support for fingerprint verification. (Issue #540)
Fixed handling of header values containing commas. (Issue #533)
1.10 (2014-12-14)
Disabled SSLv3. (Issue #473)
Add Url.url property to return the composed url string. (Issue #394)
Fixed PyOpenSSL + gevent WantWriteError. (Issue #412)
MaxRetryError.reason will always be an exception, not string. (Issue #481)
Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
Py3: Use ssl.create_default_context() when available. (Issue #473)
Emit InsecureRequestWarning for every insecure HTTPS request. (Issue #496)
Emit SecurityWarning when certificate has no subjectAltName. (Issue #499)
Close and discard sockets which experienced SSL-related errors. (Issue #501)
Handle body param in .request(...). (Issue #513)
Respect timeout with HTTPS proxy. (Issue #505)
PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
1.9.1 (2014-09-13)
Apply socket arguments before binding. (Issue #427)
More careful checks if fp-like object is closed. (Issue #435)
Fixed packaging issues of some development-related files not getting included. (Issue #440)
Allow performing only fingerprint verification. (Issue #444)
Emit SecurityWarning if system clock is waaay off. (Issue #445)
Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
Fixed BrokenPipeError and ConnectionError handling in Py3. (Issue #443)
1.9 (2014-07-04)
Shuffled around development-related files. If you’re maintaining a distro package of urllib3, you may need to tweak things. (Issue #415)
Unverified HTTPS requests will trigger a warning on the first request. See our new security documentation for details. (Issue #426)
New retry logic and urllib3.util.retry.Retry configuration object. (Issue #326)
All raised exceptions should now wrapped in a urllib3.exceptions.HTTPException-extending exception. (Issue #326)
All errors during a retry-enabled request should be wrapped in urllib3.exceptions.MaxRetryError, including timeout-related exceptions which were previously exempt. Underlying error is accessible from the .reason propery. (Issue #326)
urllib3.exceptions.ConnectionError renamed to urllib3.exceptions.ProtocolError. (Issue #326)
Errors during response read (such as IncompleteRead) are now wrapped in urllib3.exceptions.ProtocolError. (Issue #418)
Requesting an empty host will raise urllib3.exceptions.LocationValueError. (Issue #417)
Catch read timeouts over SSL connections as urllib3.exceptions.ReadTimeoutError. (Issue #419)
Apply socket arguments before connecting. (Issue #427)
1.8.3 (2014-06-23)
Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
Add disable_cache option to urllib3.util.make_headers. (Issue #393)
Wrap socket.timeout exception with urllib3.exceptions.ReadTimeoutError. (Issue #399)
Fixed proxy-related bug where connections were being reused incorrectly. (Issues #366, #369)
Added socket_options keyword parameter which allows to define setsockopt configuration of new sockets. (Issue #397)
Removed HTTPConnection.tcp_nodelay in favor of HTTPConnection.default_socket_options. (Issue #397)
Fixed TypeError bug in Python 2.6.4. (Issue #411)
|
|
|
|
|
|
Collection.
This extention was previously known as ZendOptimizerPlus and has been renamed by
upstream.
Changes:
7.0.4
Added function opcache_is_script_cached()
- Fix bug #67111 (Loop variables need to be freed for both "break" and
"continue")
- Fix opcache.revalidate_freq per-request behavior
- Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen)
- Fixed issue #183 (TMP_VAR is not only used once)
7.0.3
- Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style
^M as lineend)
- Added suggestion about opcache.revalidate_freq setting in development
environmento
- Fixed Issue #140: "opcache.enable_file_override" doesn't respect
"opcache.revalidate_freq"
- Fixed reavlidate_path=1 behavior to avoid caching of symlinks values.
- Fixed opcahce_reset() crash when opcache.protect_memory is set
- Fixed bug #66176 (Invalid constant substitution)
- Fixed bug #65559 (Opcache: cache not cleared if changes occur while running)
- Fixed compatibility with old PHP versions
- Fixed bug #65915 (Inconsistent results with require return value)
- Fixed issue #115 (path issue when using phar)
- Fixed issue #149 (Phar mount points not working with OPcache enabled)
- Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
- Added function opcache_compile_file() to load PHP scripts into cache without
execution.
- Fixed issue #135 (segfault in interned strings if initial memory is too low)
- Fixed bug #65665 (Exception not properly caught when opcache enabled)
- Fixed issue #128 (opcache_invalidate segmentation fault)
- Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var)
- Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4)
- Replce ZEND_FETCH_* instructions with IS_CV if possible
- Added opcache.restrict_api configuration directive that may limit usage of
OPcahce API functions only to patricular script(s)
- Added support for glob symbols in blacklist entries (?, *, **)
- Improved implementation of NOP removal pass from O(n^2) to O(n)
- Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on shutdown).
- Fixed bug #64827 Segfault in zval_mark_grey (zend_gc.c)
7.0.2
- Fixed issue #26 (added opcache_invalidate(string $filename [, bool
$force = false]) function)
- Fixed issue #74 (Allowed per request OPcache disabling)
- Fixed issue #76 (actually we don't need zend_shared_meory_block_header at all)
- Fixed issue #78 (incorrect file path validation)
- Fixed issue #79 (Optimization Problem/Bug)
- Fixed issue #82 (allow comments in blacklist file, lines started with ";")
- Fixed issue #91 (fix x64 fixed addresses)
- Fxied issue #92 (Compilation warnings)
- Fixed issue #97 (Use size_t instead of int to support a cache larger than 2G)
- Fixed bug (Avoid possible conditional jump depended on uninitialised value)
7.0.1
- Fixed Bug #64490 (add __FreeBSD_kernel__ to allowed FreeBSD defs)
- Fixed Bug #64482 (Opcodes for dynamic includes should not be cached)
- Fixed Bug #64353 (Built-in classes can be unavailable with dynamic includes
and Optimizer+)
- Fixed compatibility with ext/phar
- Fixed Issue #58 (PHP-5.2 compatibility)
- Fixed Issue #57 (segfaults in drupal7)
- Fixed Issue #54 (PECL install adds extension= instead of zend_extension= to
php.ini)-iii
- Allows exclusion of large files from being cached
- Save a stat() call by calling sapi_module.get_stat()
- Add optional flag to opcache_get_status()
- Separate "start_time" from "last_restart_time"
|
|
Bump PKGREVISION.
|
|
fixed pkg/49735 noted by kjw at doglet.ca
Minor changes to documentation.
[varnishadm] Add termcap workaround for libedit. Bug 1531.
Document storage.<name>.* VCL variables. Bug 1514.
Fix memory alignment panic when http_max_hdr is not a multiple of 4. Bug 1327.
Avoid negative ReqEnd timestamps with ESI. Bug 1297.
%D format for varnishncsa is now an integer (as documented)
Fix compile errors with clang.
Clear objectcore flags earlier in ban lurker to avoid spinning thread. Bug 1470.
Patch embedded jemalloc to avoid segfault. Bug 1448.
Allow backend names to start with if, include or else. Bug 1439.
Stop handling gzip after gzip body end. Bug 1086.
Document %D and %T for varnishncsa.
|
|
AddHandler which cause potential security problem.
|
|
problem.
Noted by joerg@ via private e-mail.
|
|
pkgsrc change:
* Add ${GEM_EXTSDIR}/gem.build_complete for new rubygems and updated ruby.
=== unicorn 4.8.3 - the end of an era / 2014-05-07 07:50 UTC
This release updates documentation to reflect the migration of the
mailing list to a new public-inbox[1] instance. This is necessary
due to the impending RubyForge shutdown on May 15, 2014.
The public-inbox address is: unicorn-public@bogomips.org
(no subscription required, plain text only)
ssoma[2] git archives: git://bogomips.org/unicorn-public
browser-friendly archives: http://bogomips.org/unicorn-public/
Using, getting help for, and contributing to unicorn will never
require any of the following:
1) non-Free software (including SaaS)
2) registration or sign-in of any kind
3) a real identity (we accept mail from Mixmaster)
4) a graphical user interface
Nowadays, plain-text email is the only ubiquitous platform which
meets all our requirements for communication.
There is also one small bugfix to handle premature grandparent death
upon initial startup. Most users are unaffected.
[1] policy: http://public-inbox.org/ - git://80x24.org/public-inbox
an "archives first" approach to mailing lists
[2] mechanism: http://ssoma.public-inbox.org/ - git://80x24.org/ssoma
some sort of mail archiver (using git)
=== unicorn 4.8.2 - avoid race condition during worker startup / 2014-02-05 18:24 UTC
We close SELF_PIPE in the worker immediately, but signal handlers
do not get setup immediately. So prevent workers from erroring out
due to invalid SELF_PIPE.
=== unicorn 4.8.1 / 2014-01-29 08:48 UTC
fix races/error handling in worker SIGQUIT handler
This protects us from two problems:
1) we (or our app) somehow called IO#close on one of the sockets
we listen on without removing it from the readers array.
We'll ignore IOErrors from IO#close and assume we wanted to
close it.
2) our SIGQUIT handler is interrupted by itself. This can happen as
a fake signal from the master could be handled and a real signal
from an outside user is sent to us (e.g. from unicorn-worker-killer)
or if a user uses the killall(1) command.
=== unicorn 4.8.0 - big internal changes, but compatible / 2014-01-11 07:34 UTC
This release contains fairly major internal workings of master-to-worker
notifications. The master process no longer sends signals to workers
for most tasks. This works around some compatibility issues with some
versions of the "pg" gem (and potentially any other code which may not
handle EINTR properly). One extra benefit is it also helps stray
workers notice a rare, unexpected master death more easily. Workers
continue to (and will always) accept existing signals for compatibility
with tools/scripts which may signal workers.
PID file are always written early (even on upgrade) again to avoid
breaking strange monitoring setups which use PID files. Keep in mind we
have always discouraged monitoring based on PID files as they are
fragile.
We now avoid bubbling IOError to the Rack app on premature client
disconnects when streaming the input body. This is usually not a
problem with nginx, but may be on some LAN setups without nginx).
Thanks to Sam Saffron, Jimmy Soho, Rodrigo Rosenfeld Rosas,
Michael Fischer, and Andrew Hobson for their help with this release.
Note: the unicorn mailing list will be moved/changed soon due to the
RubyForge shutdown. unicorn will always rely only on Free Software.
There will never be any sign-up requirements nor terms-of-service to
agree to when communicating with us.
=== unicorn 4.8.0pre1 / 2013-12-09 09:51 UTC
Eric Wong (6):
tests: fix SO_REUSEPORT tests for old Linux and non-Linux
stream_input: avoid IO#close on client disconnect
t0300: kill off stray processes in test
always write PID file early for compatibility
doc: clarify SIGNALS and reference init example
rework master-to-worker signaling to use a pipe
=== unicorn 4.7.0 - minor updates, license tweak / 2013-11-04 06:59 UTC
* support SO_REUSEPORT on new listeners (:reuseport)
This allows users to start an independent instance of unicorn on
a the same port as a running unicorn (as long as both instances
use :reuseport).
ref: https://lwn.net/Articles/542629/
* unicorn is now GPLv2-or-later and Ruby 1.8-licensed
(instead of GPLv2-only, GPLv3-only, and Ruby 1.8-licensed)
This changes nothing at the moment. Once the FSF publishes the next
version of the GPL, users may choose the newer GPL version without the
unicorn BDFL approving it. Two years ago when I got permission to add
GPLv3 to the license options, I also got permission from all past
contributors to approve future versions of the GPL. So now I'm
approving all future versions of the GPL for use with unicorn.
Reasoning below:
In case the GPLv4 arrives and I am not alive to approve/review it,
the lesser of evils is have give blanket approval of all future GPL
versions (as published by the FSF). The worse evil is to be stuck
with a license which cannot guarantee the Free-ness of this project
in the future.
This unfortunately means the FSF can theoretically come out with
license terms I do not agree with, but the GPLv2 and GPLv3 will
always be an option to all users.
Note: we currently prefer GPLv3
Two improvements thanks to Ernest W. Durbin III:
* USR2 redirects fixed for Ruby 1.8.6 (broken since 4.1.0)
* unicorn(1) and unicorn_rails(1) enforces valid integer for -p/--port
A few more odd, minor tweaks and fixes:
* attempt to rename PID file when possible (on USR2)
* workaround reopen atomicity issues for stdio vs non-stdio
* improve handling of client-triggerable socket errors
|
|
pkgsrc changes:
* Add pkg_alternatives support.
* Add ${GEM_EXTSDIR}/gem.build_complete for new rubygems and updated ruby.
=== 2.11.1 / 2015-02-11
* 2 bug fixes:
* Avoid crash in strange restart conditions
* Inject the GEM_HOME that bundler into puma-wild's env. Fixes #653
* 2 PRs merged:
* Merge pull request #644 from bpaquet/master
* Merge pull request #646 from mkonecny/master
|
|
|
|
Core support for multiple instances of the same apphook'ed application
The template tag `render_model_add` can now accept a model class as well as a model instance
Fixes an issue with reverting to Live mode when moving plugins
Fixes a missing migration issue
Fixes an issue when using the PageField widget
Fixes an issue where duplicate page slugs is not prevented in some cases
Fixes an issue where copying a page didn't copy its extensions
Fixes an issue where translations where broken when operating on a page
Fixes an edge-case SQLite issue under Django 1.7
Fixes an issue where a confirmation dialog shows only some of the plugins to be deleted when usingthe "Empty All" context-menu item
Fixes an issue where deprecated 'mimetype' was used instead of 'contenttype'
Fixes an issue where `cms check` erroneous displays warnings when a plugin uses class inheritance
Documentation updates
|
|
Thank you, tron@.
|
|
Changelog:
Fixed in Firefox/Thunderbird ESR 31.5
2015-24 Reading of local files through manipulation of form autocomplete
2015-19 Out-of-bounds read and write while rendering SVG content
2015-16 Use-after-free in IndexedDB
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
|
|
* Fix segfault under NetBSD/i386 6.
From tsutsui@. Thank you.
|
|
rather in the PHP package proper, and there's three of them.
Copy and adapt as necessary.
No revision bump here: only build fix for NetBSD with TCP_INFO.
|
|
No pkg revision bump, only fixes build for NetBSD w/TCP_INFO.
|
|
Changes with nginx 1.7.10 10 Feb 2015
*) Feature: the "use_temp_path" parameter of the "proxy_cache_path",
"fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
directives.
*) Feature: the $upstream_header_time variable.
*) Workaround: now on disk overflow nginx tries to write error logs once
a second only.
*) Bugfix: the "try_files" directive did not ignore normal files while
testing directories.
Thanks to Damien Tournoud.
*) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was
used on OS X; the bug had appeared in 1.7.8.
*) Bugfix: alerts "sem_post() failed" might appear in logs.
*) Bugfix: nginx could not be built with musl libc.
Thanks to James Taylor.
*) Bugfix: nginx could not be built on Tru64 UNIX.
Thanks to Goetz T. Fischer.
Changes with nginx 1.7.9 23 Dec 2014
*) Feature: variables support in the "proxy_cache", "fastcgi_cache",
"scgi_cache", and "uwsgi_cache" directives.
*) Feature: variables support in the "expires" directive.
*) Feature: loading of secret keys from hardware tokens with OpenSSL
engines.
Thanks to Dmitrii Pichulin.
*) Feature: the "autoindex_format" directive.
*) Bugfix: cache revalidation is now only used for responses with 200
and 206 status codes.
Thanks to Piotr Sikora.
*) Bugfix: the "TE" client request header line was passed to backends
while proxying.
*) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives might not work correctly inside the "if" and
"limit_except" blocks.
*) Bugfix: the "proxy_store" directive with the "on" parameter was
ignored if the "proxy_store" directive with an explicitly specified
file path was used on a previous level.
*) Bugfix: nginx could not be built with BoringSSL.
Thanks to Lukas Tribus.
Changes with nginx 1.7.8 02 Dec 2014
*) Change: now the "If-Modified-Since", "If-Range", etc. client request
header lines are passed to a backend while caching if nginx knows in
advance that the response will not be cached (e.g., when using
proxy_cache_min_uses).
*) Change: now after proxy_cache_lock_timeout nginx sends a request to a
backend with caching disabled; the new directives
"proxy_cache_lock_age", "fastcgi_cache_lock_age",
"scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
after which the lock will be released and another attempt to cache a
response will be made.
*) Change: the "log_format" directive can now be used only at http
level.
*) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key",
"proxy_ssl_password_file", "uwsgi_ssl_certificate",
"uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
directives.
Thanks to Piotr Sikora.
*) Feature: it is now possible to switch to a named location using
"X-Accel-Redirect".
Thanks to Toshikuni Fukaya.
*) Feature: now the "tcp_nodelay" directive works with SPDY connections.
*) Feature: new directives in vim syntax highliting scripts.
Thanks to Peter Wu.
*) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control"
backend response header line.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Piotr Sikora.
*) Bugfix: in the "ssl_password_file" directive when using OpenSSL
0.9.8zc, 1.0.0o, 1.0.1j.
*) Bugfix: alerts "header already sent" appeared in logs if the
"post_action" directive was used; the bug had appeared in 1.5.4.
*) Bugfix: alerts "the http output chain is empty" might appear in logs
if the "postpone_output 0" directive was used with SSI includes.
*) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.
Thanks to Yichun Zhang.
Changes with nginx 1.7.7 28 Oct 2014
*) Change: now nginx takes into account the "Vary" header line in a
backend response while caching.
*) Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
"scgi_force_ranges", and "uwsgi_force_ranges" directives.
*) Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
"scgi_limit_rate", and "uwsgi_limit_rate" directives.
*) Feature: the "Vary" parameter of the "proxy_ignore_headers",
"fastcgi_ignore_headers", "scgi_ignore_headers", and
"uwsgi_ignore_headers" directives.
*) Bugfix: the last part of a response received from a backend with
unbufferred proxy might not be sent to a client if "gzip" or "gunzip"
directives were used.
*) Bugfix: in the "proxy_cache_revalidate" directive.
Thanks to Piotr Sikora.
*) Bugfix: in error handling.
Thanks to Yichun Zhang and Daniil Bondarev.
*) Bugfix: in the "proxy_next_upstream_tries" and
"proxy_next_upstream_timeout" directives.
Thanks to Feng Gu.
*) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc.
Thanks to Kouhei Sutou.
Changes with nginx 1.7.6 30 Sep 2014
*) Change: the deprecated "limit_zone" directive is not supported
anymore.
*) Feature: the "limit_conn_zone" and "limit_req_zone" directives now
can be used with combinations of multiple variables.
*) Bugfix: request body might be transmitted incorrectly when retrying a
FastCGI request to the next upstream server.
*) Bugfix: in logging to syslog.
Changes with nginx 1.7.5 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Change: now the "stub_status" directive does not require a parameter.
*) Feature: the "always" parameter of the "add_header" directive.
*) Feature: the "proxy_next_upstream_tries",
"proxy_next_upstream_timeout", "fastcgi_next_upstream_tries",
"fastcgi_next_upstream_timeout", "memcached_next_upstream_tries",
"memcached_next_upstream_timeout", "scgi_next_upstream_tries",
"scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and
"uwsgi_next_upstream_timeout" directives.
*) Bugfix: in the "if" parameter of the "access_log" directive.
*) Bugfix: in the ngx_http_perl_module.
Thanks to Piotr Sikora.
*) Bugfix: the "listen" directive of the mail proxy module did not allow
to specify more than two parameters.
*) Bugfix: the "sub_filter" directive did not work with a string to
replace consisting of a single character.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
*) Bugfix: in the ngx_http_spdy_module when using with AIO.
*) Bugfix: a segmentation fault might occur in a worker process if the
"set" directive was used to change the "$http_...", "$sent_http_...",
or "$upstream_http_..." variables.
*) Bugfix: in memory allocation error handling.
Thanks to Markus Linnala and Feng Gu.
|
|
## 0.7.2 (2015-03-02)
* Swap from `form_data` to `http-form_data` (changed gem name).
|
|
|
|
|
|
|
|
Utility-belt to build form data request bodies. Provides support for
application/x-www-form-urlencoded and multipart/form-data types.
This is newer version of ruby-form-data.
## 1.0.0 (2015-01-04)
* Gem renamed to `http-form_data` as `FormData` is not top-level citizen
anymore: `FormData -> HTTP::FormData`.
|
|
- Add dependency to devel/p5-CPAN-Changes (but only necessary for make test)
(upstream)
- Update 2.05 to 2.07
-------------------
2.07 2015-02-23
[FIX]
- test added in 2.06 should use File::Temp
2.06 2015-02-23
[FEATURE]
- Add support for changing socket permissions. Thanks to powerman
for the patch and tests
|
|
--------------
Version 4.13, 2015/03/02
------------------------
+ Fixed some options and usage for galbum
+ Many UI improvements to galbum
+ New plugin: captions/exif/strftime.alp (Thanks Steven Schubiger)
|
|
|
|
Version 0.6
~~~~~~~~~~~
Released on 2015-02-09
* Python 3 support.
* Allow multiple file extensions for FlatPages.
* The renderer function now optionally takes a third argument, namely
the :class:`Page` instance.
* It is now possible to instantiate multiple instances of :class:`FlatPages`
with different configurations. This is done by specifying an additional
parameter ``name`` to the initializer and adding the same name in uppercase
to the respective Flask configuration settings.
|
|
|
|
## 1.2.1
- fix error for draft 76 when leftovers are empty
## 1.2.0
- Remove support for Ruby 1.8
- Add support for sending custom headers for Client
- Better detection and handling of draft 76
- Multiple small fixes and optimizations
|
|
pkgsrc change: Add pkg_alternatives support.
== 1.6.3 Protein Powder
* Add HTTP 422 status code [rajcybage]
* Add warning about EM reactor still running when stopping.
* Remove version number from "Server" HTTP header. [benbasson]
* Adding `--ssl-disable-verify` to allow disabling of client cert requests when SSL enabled [brucek]
* Ensure Tempfiles created by a large request are closed and deleted. [Tonkpils]
|
|
|
|
* Comment out HOMEPAGE which has gone. (It's time to remove this pacahge?)
Bump PKGREVISION.
|
|
The TYPO3 Community announces the version 6.2.10 LTS of the TYPO3 Enterprise
Content Management System.
We announce the release of TYPO3 CMS 6.2.10 LTS, which is a regular
maintenance release that contains over 200 bug fixes and improvements.
For details about the release, please visit the following wiki page:
http://wiki.typo3.org/TYPO3_CMS_6.2.10
Performance Improvements
Additionally, a new extraordinary change in regard of performance was
included. The existing functionality for loading PHP classes was improved by
also including the autoloader functionality from the Composer project. This
is a backport from TYPO3 CMS 7.1 and will speed up requests for both
frontend pages and the TYPO3 Backend up to 20%, especially on sites with
non-cached frontend pages.
The backport to TYPO3 6.2.10 loads all PHP classes from the required system
extensions via a static class map based on the PSR-4 standard. All other PHP
classes are still loaded via the existing TYPO3-internal class loader.
For details about the integration and the functionality, see the
corresponding wiki page on http://wiki.typo3.org/ComposerClassLoader.
|
|
Version 7.41.0 (25 Feb 2015)
Daniel Stenberg (25 Feb 2015)
- THANKS: added contributors from the 7.41.0 RELEASE-NOTES
- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!)
Marc Hoersken (25 Feb 2015)
- Revert "telnet.c: fix handling of 0 being returned from custom read function"
This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe.
- telnet.c: fix invalid use of custom read function if not being set
obj_count can be 1 if the custom read function is set or the stdin
handle is a reference to a pipe. Since the pipe should be handled
using the PeekNamedPipe-check below, the custom read function should
only be used if it is actually enabled.
- telnet.c: fix handling of 0 being returned from custom read function
According to [1]: "Returning 0 will signal end-of-file to the library
and cause it to stop the current transfer."
This change makes the Windows telnet code handle this case accordingly.
[1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html
Daniel Stenberg (24 Feb 2015)
- sws: stop logging about TPC_NODELAY nonsense
- lib530: make it less timing sensible
... by making sure the first request is completed before doing the
remainder.
Kamil Dudka (23 Feb 2015)
- connect: wait for IPv4 connection attempts
... even if the last IPv6 connection attempt has failed.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4
- connect: avoid skipping an IPv4 address
... in case the protocol versions are mixed in a DNS response
(IPv6 -> IPv4 -> IPv6).
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3
Daniel Stenberg (23 Feb 2015)
- RELEASE-NOTES: synced with 5e4395eab839d
- ROADMAP: curl_easy_setopt.3 has already been split up
Remove cmake as marked for removal. It is in much better state now.
- ROADMAP: extend the HTTP/2 stuff, remove SPDY
- [Julian Ospald brought this change]
configure: allow both --with-ca-bundle and --with-ca-path
SSL_CTX_load_verify_locations by default (and if given non-Null
parameters) searches the CAfile first and falls back to CApath. This
allows for CAfile to be a basis (e.g. installed by the package manager)
and CApath to be a user configured directory.
This wasn't reflected by the previous configure constraint which this
patch fixes.
Bug: https://github.com/bagder/curl/pull/139
- [Ben Boeckel brought this change]
cmake: install the dll file to the correct directory
- [Alessandro Ghedini brought this change]
nss: fix NPN/ALPN protocol negotiation
Correctly check for memcmp() return value (it returns 0 if the strings match).
This is not really important, since curl is going to use http/1.1 anyway, but
it's still a bug I guess.
- [Alessandro Ghedini brought this change]
polarssl: fix ALPN protocol negotiation
Correctly check for strncmp() return value (it returns 0 if the strings
match).
- [Sergei Nikulov brought this change]
CMake: Fix generation of tool_hugehelp.c on windows
Use "cmake -E echo" instead of "echo".
Reviewed-by: Brad King <brad.king@kitware.com>
- [Sergei Nikulov brought this change]
CMake: fix winsock2 detection on windows
Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get
the winsock2 API from windows.h. Simplify the order of checks to
avoid extra conditions.
Use check_include_file instead of check_include_file_concat to look
for OpenSSL headers. They do not need to participate in a sequence
of dependent system headers. Also they may cause winsock.h to be
included before ws2tcpip.h, causing the latter to not be detected
in the sequence.
Reviewed-by: Brad King <brad.king@kitware.com>
- [Alessandro Ghedini brought this change]
gtls: fix build with HTTP2
Steve Holme (16 Feb 2015)
- Makefile.vc6: Corrected typos in rename of darwinssl.obj
Nick Zitzmann (15 Feb 2015)
- By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]"
Steve Holme (14 Feb 2015)
- RELEASE-NOTES: Synced with 6f89f86c3d
- tests/README: Updated to reflect email test ranges
- [Alessandro Ghedini brought this change]
curl.1: --cert-status is also supported by OpenSSL now
- build: Removed Visual Studio SuppressStartupBanner directive for VC8+
Visual Studio 2005 and above defaults to disabling the startup banner
for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there
is no need to explicitly set the SuppressStartupBanner directive, as
this is a leftover from the VC7 and VC7.1 projects being upgraded to
VC8 and above.
Kamil Dudka (12 Feb 2015)
- openssl: fix a compile-time warning
lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive
Steve Holme (11 Feb 2015)
- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection
For consistency with other conditionally compiled code in openssl.c,
use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
not included.
Patrick Monnerat (11 Feb 2015)
- ftp: accept all 2xx responses to the PORT command
Steve Holme (9 Feb 2015)
- openssl: Disable OCSP in old versions of OpenSSL
Versions of OpenSSL prior to v0.9.8h do not support the necessary
functions for OCSP stapling.
Daniel Stenberg (9 Feb 2015)
- [Tatsuhiro Tsujikawa brought this change]
http2: Fix bug that associated stream canceled on PUSH_PROMISE
Previously we don't ignore PUSH_PROMISE header fields in on_header
callback. It makes header values mixed with following HEADERS,
resulting protocol error.
- [Jay Satiro brought this change]
polarssl: Fix exclusive SSL protocol version options
Prior to this change the options for exclusive SSL protocol versions did
not actually set the protocol exclusive.
http://curl.haxx.se/mail/lib-2015-01/0002.html
Reported-by: Dan Fandrich
- [Jay Satiro brought this change]
gskit: Fix exclusive SSLv3 option
- curl.1: clarify that -X is used for all requests
Reported-by: Jon Seymour
- curl.1: add warning when using -H and redirects
Steve Holme (7 Feb 2015)
- schannel: Removed curl_ prefix from source files
Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.
Daniel Stenberg (6 Feb 2015)
- md5: use axTLS's own MD5 functions when available
- MD(4|5): make the MD4_* and MD5_* functions static
- axtls: fix conversion from size_t to int warning
Steve Holme (5 Feb 2015)
- ftp: Use 'CURLcode result' for curl result codes
Daniel Stenberg (5 Feb 2015)
- openssl: SSL_SESSION->ssl_version no longer exist
The struct went private in 1.0.2 so we cannot read the version number
from there anymore. Use SSL_version() instead!
Reported-by: Gisle Vanem
Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html
Dan Fandrich (4 Feb 2015)
- unit1600: Fix compilation when NTLM is disabled
Daniel Stenberg (4 Feb 2015)
- MD5: fix compiler warnings and code style nits
- MD5: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md5.c and md5.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
Code-by: Alexander Peslyak
- MD4: fix compiler warnings and code style nits
- MD4: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md4.c and md4.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
Code-by: Alexander Peslyak
Steve Holme (4 Feb 2015)
- telnet: Prefer 'CURLcode result' for curl result codes
- hostasyn: Prefer 'CURLcode result' for curl result codes
- schannel: Prefer 'CURLcode result' for curl result codes
Daniel Stenberg (3 Feb 2015)
- unit1601: MD5 unit tests
- unit1600: unit test for Curl_ntlm_core_mk_nt_hash
- unit1600: NTLM unit test
- tests/README: add a new range, clean up some language
- [Jay Satiro brought this change]
opts: CURLOPT_CAINFO availability depends on SSL engine
- getpass: protect include with proper #ifdef
Reported-by: Tamir
- getpass_r: read from stdin, not stdout!
The file number used was wrong. This bug was introduced over 10 years
ago, proving this function isn't used much...
Bug: http://curl.haxx.se/bug/view.cgi?id=1476
Reported-by: Tamir
- test1135: verify the CURL_EXTERN order in header files
- Makefile.am: fix 'make distcheck'
... by removing generated files from the *_DIST variable [*] and instead
generate them with a .dist suffix, since that is then handled and put
into the release archive by our generic dist-hook.
[*] = 'make distcheck' fails with non-existing files listed there
Steve Holme (2 Feb 2015)
- curl_sasl.c: More code policing
Better use of 80 character line limit, comment corrections and line
spacing preferences.
Daniel Stenberg (2 Feb 2015)
- libcurl-symbols: first basic shot for autogenerated docs
- FAQ: minor edit of 3.22
Steve Holme (2 Feb 2015)
- build: Added removal of Visual Studio project files
Added the removal of the locally generated project files so one
may revert to a clean repository.
- build: Renamed top level Visual Studio solution files
In preparation for adding the test suite and examples projects renamed
the top level "all" solution files to better describe what they are.
This will also enable us to use "curl" rather than "curlsrc" for the
command line tool solution and project files, which will simplify some
of the configuration.
- build: Enabled DEBUGBUILD in Visual Studio debug builds
Defined the DEBUGBUILD pre-processor variable to allow extra logging,
which is particularly useful in debug builds, as we use this and Visual
Studio typically uses _DEBUG.
We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is
defined but that would also affect the makefile based builds which we
probably don't want to do.
- build: Removed unused Visual Studio bscmake settings
Daniel Stenberg (2 Feb 2015)
- CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
And modify the text to refer to HTTP 2 as it isn't called "2.0".
Reported-By: Michael Wallner
Marc Hoersken (31 Jan 2015)
- TODO: moved WinSSL/SChannel todo items into docs
Daniel Stenberg (29 Jan 2015)
- [Michael Kaufmann brought this change]
CURLOPT_SEEKFUNCTION.3: also when server closes a connection
Steve Holme (29 Jan 2015)
- curl_sasl.c: Fixed compilation warning when cryptography is disabled
curl_sasl.c:1506: warning: unused variable 'chlg'
- curl_sasl.c: Fixed compilation warning when verbose debug output disabled
curl_sasl.c:1317: warning: unused parameter 'conn'
- ntlm_core: Use own odd parity function when crypto engine doesn't have one
- ntlm_core: Prefer sizeof(key) rather than hard coded sizes
- ntlm_core: Added consistent comments to DES functions
- des: Added Curl_des_set_odd_parity()
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests
- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests
- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests
- sasl: Minor code policing and grammar corrections
Daniel Stenberg (28 Jan 2015)
- [Gisle Vanem brought this change]
ldap: build with BoringSSL
- security: avoid compiler warning
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.
Reported-by: Rich Burridge
- runtests: identify BoringSSL and libressl
Patrick Monnerat (27 Jan 2015)
- docs: cite SASL external authentication.
- sasl: remove XOAUTH2 from default enabled authentication mechanism.
- test: add test cases for sasl external authentication (imap/pop3/smtp).
- imap: remove automatic password setting: it breaks external sasl authentication
- sasl: implement EXTERNAL authentication mechanism.
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
Steve Holme (27 Jan 2015)
- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.
Reported-by: John E. Malmberg
- [Brad Spencer brought this change]
curl_setup: Disable SMB/CIFS support when HTTP only
- RELEASE-NOTES: Synced with 37824498a3
Daniel Stenberg (22 Jan 2015)
- configure: remove detection of the old yassl emulation API
... as that is ancient history and not used.
- OCSP stapling: disabled when build with BoringSSL
- [Alessandro Ghedini brought this change]
openssl: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.
Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
- BoringSSL: fix build for non-configure builds
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
- configure: fix BoringSSL detection and detect libresssl
Steve Holme (22 Jan 2015)
- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
Commit 7a8b2885e2 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
- curl_sasl: Minor code policing following recent commits
Daniel Stenberg (22 Jan 2015)
- [John Malmberg brought this change]
openvms: Handle openssl/0.8.9zb version parsing
packages/vms/gnv_link_curl.com was assuming only a single letter suffix
in the openssl version. That assumption has been fixed for 7.40.
- BoringSSL: detected by configure, switches off NTLM
- BoringSSL: no PKCS12 support nor ERR_remove_state
- [Leith Bade brought this change]
BoringSSL: fix build
Steve Holme (20 Jan 2015)
- curl_sasl.c: chlglen is not used when cryptography is disabled
- curl_sasl.c: Fixed compilation warning when cyptography is disabled
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
variable
- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
Patrick Monnerat (20 Jan 2015)
- SASL: make some procedures local-scoped
- SASL: common state engine for imap/pop3/smtp
- SASL: common URL option and auth capabilities decoders for all protocols
- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.
Daniel Stenberg (20 Jan 2015)
- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
Reported-by: Chris Young
- [Chris Young brought this change]
timeval: typecast for better type (on Amiga)
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when. It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements. If the OS one ends up
getting defined, this causes a timing calculation error in curl.
It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
- openssl: do public key pinning check independently
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.
Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
Patrick Monnerat (19 Jan 2015)
- OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too.
Steve Holme (18 Jan 2015)
- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
- http_negotiate: Use dynamic buffer for SPN generation
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public
- sasl_gssapi: Fixed memory leak with local SPN variable
Daniel Stenberg (17 Jan 2015)
- http_negotiate.c: unused variable 'ret'
Steve Holme (17 Jan 2015)
- gskit.h: Code policing of function pointer arguments
- vtls: Removed unimplemented overrides of curlssl_close_all()
Carrying on from commit 037cd0d991, removed the following unimplemented
instances of curlssl_close_all():
Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
- vtls: Separate the SSL backend definition from the API setup
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
- vtls: Fixed compilation errors when SSL not used
Fixed the following warning and error from commit 3af90a6e19 when SSL
is not being used:
url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
assuming extern returning int
error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
referenced in function Curl_setopt
- http_negotiate: Added empty decoded challenge message info text
- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
- http_negotiate_sspi: Prefer use of 'attrs' for context attributes
Use the same variable name as other areas of SSPI code.
- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
- http_negotiate_sspi: Use 'CURLcode result' for CURL result code
- curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
Missed Curl_read64_be() in commit bb12d44471 :(
Daniel Stenberg (16 Jan 2015)
- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0
- curlver.h: next release is 7.41.0 due to the changes
- RELEASE-NOTES: mention the new OCSP stapling options, bump version
- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile
- help: add --cert-status to --help output
- copyright years: after OCSP stapling changes
- [Alessandro Ghedini brought this change]
curl: add --cert-status option
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
- [Alessandro Ghedini brought this change]
nss: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires NSS 3.15 or higher.
- [Alessandro Ghedini brought this change]
gtls: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
- [Alessandro Ghedini brought this change]
url: add CURLOPT_SSL_VERIFYSTATUS option
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.
This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
- TheArtOfHttpScripting: skip the date at the top, we have git
- TheArtOfHttpScripting: phrase it TLS lib agnostic
Steve Holme (16 Jan 2015)
- TODO: Added some SMB ideas
- RELEASE-NOTES: Synced with 5f09947d28
- build-openssl.bat: Added check for Perl installation
- checksrc.bat: Better detection of Perl installation
- curl_endian: Fixed build when 64-bit integers are not supported
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg
Daniel Stenberg (15 Jan 2015)
- [Yun SangHo brought this change]
curl.h: remove extra space
- Curl_pretransfer: reset expected transfer sizes
Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
Marc Hoersken (12 Jan 2015)
- curl_schannel.c: mark session as removed from cache if not freed
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.
Reported-by: Jean-Francois Durand
Steve Holme (9 Jan 2015)
- RELEASE-NOTES: Synced with d21b66835f
Guenter Knauf (9 Jan 2015)
- Merge pull request #134 from vszakats/mingw-m64
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
- Merge pull request #136 from vszakats/mingw-allow-custom-cflags
mingw build: allow to pass custom CFLAGS
Daniel Stenberg (9 Jan 2015)
- NSS: fix compiler error when built http2-enabled
Steve Holme (9 Jan 2015)
- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
Better code reuse and consistency in calls to gss_import_name().
Viktor Szakats (9 Jan 2015)
- mingw build: allow to pass custom CFLAGS
Daniel Stenberg (8 Jan 2015)
- FTP: if EPSV fails on IPV6 connections, bail out
... instead of trying PASV, since PASV can't work with IPv6.
Reported-by: Vojtěch Král
- FTP: fix IPv6 host using link-local address
... and make sure we can connect the data connection to a host name that
is longer than 48 bytes.
Also simplifies the code somewhat by re-using the original host name
more, as it is likely still in the DNS cache.
Original-Patch-by: Vojtěch Král
Bug: http://curl.haxx.se/bug/view.cgi?id=1468
Steve Holme (8 Jan 2015)
- [Sam Schanken brought this change]
winbuild: Added option to build with c-ares
Added support for a WITH_CARES option to be used when invoking nmake
via Makefile.vc. This option enables linking against both the DLL and
static versions of the c-ares libraries, as well as the debug and
release varients, depending on the value of DEBUG. The USE_ARES
preprocessor symbol is also defined.
Guenter Knauf (8 Jan 2015)
- NetWare build: added TLS-SRP enabled build.
Steve Holme (8 Jan 2015)
- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
Reported-by: Thomas Klausner
Viktor Szakats (8 Jan 2015)
- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS
Daniel Stenberg (8 Jan 2015)
- bump: start working towards 7.40.1
- THANKS: 14 new contributors from the 7.40.0 release notes
|
|
Changes from 2.2.5 are too many to write here, please refer CHangeLog.
https://github.com/inverse-inc/sogo/blob/master/ChangeLog
|
|
|
|
Thank you, wiz@.
|
|
It seems that near Japan Mozilla CDN mirror has much bigger tarball...
|
|
From rjs@. Thank you.
|
|
* Sync with firefox-36.0
|
|
Changelog:
New Pinned tiles on the new tab page can be synced
New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
New Locale added: Uzbek (uz)
Changed -remote option removed
Changed No longer accept insecure RC4 ciphers whenever possible
Changed Phasing out Certificates with 1024-bit RSA Keys
Changed Shut down hangs will now show the crash reporter before exiting the program
Changed Add-on Compatibility
HTML5 Support for the ECMAScript 6 Symbol data type added
HTML5 unicode-range CSS descriptor implemented
HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries
HTML5 object-fit and object-position implemented.
Defines how and where the content of a replaced element is displayed
HTML5 isolation CSS property implemented.
Create a new stacking context to isolate groups of boxes to control which blend together
HTML5 CSS3 will-change property implemented.
Hints the browser of elements that will be modified. The browser will perform some performance optimization for these
HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification.
The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore.
HTML5 Improved ES6 generators for better performance
Developer Eval sources now appear in the Debugger
Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor
Developer DOM Promises inspection
Developer Inspector: More paste options in markup view
Fixed CSS gradients work on premultiplied colors
Fixed Fix some unexpected logout from Facebook or Google after restart
Fixed Various security fixes
Fixed in Firefox 36
2015-27 Caja Compiler JavaScript sandbox bypass
2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
2015-25 Local files or privileged URLs in pages can be opened into new tabs
2015-24 Reading of local files through manipulation of form autocomplete
2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
2015-22 Crash using DrawTarget in Cairo graphics library
2015-21 Buffer underflow during MP3 playback
2015-20 Buffer overflow during CSS restyling
2015-19 Out-of-bounds read and write while rendering SVG content
2015-18 Double-free when using non-default memory allocators with a zero-length XHR
2015-17 Buffer overflow in libstagefright during MP4 video playback
2015-16 Use-after-free in IndexedDB
2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
2015-14 Malicious WebGL content crash when writing strings
2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
|
|
Update DEPENDS
Upstream changes:
0.159001 2015-02-25 15:31:35+01:00 Europe/Amsterdam
[ BUG FIXES ]
* GH #855: Ensure Dancer2::Test is compatible with Pod::Simple 3.30
(Russell Jenkins)
[ DOCUMENTATION ]
* Add an example for delayed (async) streaming response. (Sawyer X)
* Small link fix. (Sawyer X)
0.159000 2015-02-24 04:51:20+01:00 Europe/Amsterdam
[ BUG FIXES ]
* GH #762: Delay app cleanup until errors are rendered. (Russell Jenkins)
* GH #835: Correct Logic error in Logger if no request exists.
(Lennart Hengstmengel)
* GH #839: Correct "no_server_tokens" definition in production.yml.
(Nikita K)
* GH #853, #852: Handle malformed (contentless) cookies. (pants)
* GH #840, #842: Ensure session data available to template engines.
(Russell Jenkins)
* GH #565, #847, #849: Fix HTTP Status template logic and documentation.
(Daniel Muey, Russell Jenkins, Dvid Kov谩cs)
* GH #843: Add missing attributes to Moo class used in tests. (Graham Knop)
[ ENHANCEMENT ]
* GH #836: Support delayed (asynchronous) responses!
("Delayed responses" in Dancer2::Manual for more information.)
(Sawyer X)
* GH #824: Use Plack::MIME by default, MIME::Types as failback if available.
(Alberto Simes)
* GH #792, #848: Keywords can now use prototypes.
(Russell Jenkins, Sawyer X)
[ DOCUMENTATION ]
* GH #837, #838, #841: Major documentation restructure. (Snigdha Dagar)
(Check eb9416e9 and a78e27d7 for more details.)
* GH #823: Cleanup Manual and Cookbook docs. (Omar M. Othman)
* GH #828: Provide README.mkdn. (Nuno Carvalho)
* GH #830: Fix typo in Session::YAML pod. (Vince W)
* GH #831,#832: Fix broken link in Session::YAML pod. (Vince W)
|
|
2015-02-24 Karen Etheridge <ether@cpan.org>
Release 1.67
Karen Etheridge:
- properly skip author test for normal user installs
2015-02-24 Karen Etheridge <ether@cpan.org>
Release 1.66
Adam Herzog:
- reorganize .pm files under lib/ (github #20)
|
|
Upstream changes:
6.0 2015-02-26
- Code name "Clinking Beer Mugs", this is a major release.
- Removed name listing support from param method in Mojolicious::Controller.
- Removed name listing support from param method in Mojo::Parameters.
- Removed name listing support from error and param methods in
Mojolicious::Validator::Validation.
- Removed multi-name support from cookie, param and signed_cookie methods in
Mojolicious::Controller.
- Removed multi-name support from param method in
Mojolicious::Validator::Validation.
- Removed multi-name support from param method in Mojo::Parameters.
- Removed multi-name support from cookie and upload methods in Mojo::Message.
- Removed custom socket support from Mojo::UserAgent.
- Removed is_fatal, is_level and log methods from Mojo::Log.
- Removed auto_render method from Mojolicious::Routes.
- Removed deprecated object-oriented Mojo::Loader API.
- Removed deprecated accept_interval, lock and unlock attributes from
Mojo::IOLoop.
- Removed deprecated accept_interval, lock_file and lock_timeout attributes
from Mojo::Server::Prefork.
- Removed deprecated bridge method from Mojolicious::Routes::Route.
- Removed deprecated is_readable method from Mojo::Reactor.
- Removed deprecated siblings method from Mojo::DOM.
- Removed deprecated render_exception and render_not_found methods from
Mojolicious::Controller.
- Removed deprecated keep_alive_requests setting from Hypnotoad.
- Changed return values of all and find methods in
Mojo::UserAgent::CookieJar.
- Renamed template attribute in Mojo::Template to unparsed.
- Renamed extracting attribute in Mojo::UserAgent::CookieJar to collecting.
- Renamed types attribute in Mojolicious::Types to mapping.
- Renamed current attribute in Mojolicious::Routes::Match to position.
- Renamed pattern attribute in Mojolicious::Routes::Route to unparsed.
- Renamed all_contents, contents, following_siblings, match, next_sibling,
node, preceding_siblings, previous_sibling and type methods in Mojo::DOM to
descendant_nodes, child_nodes, following_nodes, matches, next_node, type,
preceding_nodes, previous_node and tag.
- Renamed match method in Mojo::DOM::CSS to matches.
- Renamed extract and inject methods in Mojo::UserAgent::CookieJar to collect
and prepare.
- Renamed inject method in Mojo::UserAgent::Proxy to prepare.
- Renamed params method in Mojo::Parameters to pairs.
- Renamed match method in Mojolicious::Routes::Match to find.
- Renamed -A option of prefork command to -a.
- Added names method to Mojo::Parameters.
- Added failed and passed methods to Mojolicious::Validator::Validation.
- Added -I and -M options to prefork command.
- Fixed Mojo::Template support for parentheses in expressions. (jberger, sri)
5.82 2015-02-22
- Deprecated Mojo::Reactor::is_readable.
- Deprecated keep_alive_requests setting in Hypnotoad in favor of requests.
- Improved Morbo to restart slightly faster.
- Fixed bug in daemon and prefork commands where --inactivity-timeout option
was called --inactivity.
5.81 2015-02-20
- Deprecated object-oriented Mojo::Loader API.
- Added data_section, file_is_binary, load_class and find_modules functions
to Mojo::Loader.
- Improved design of built-in templates.
- Fixed test command to not let Test::Harness enable global warnings by
default. (OlegG)
|
|
|
|
|
|
Bugfixes:
* Reverted a fix that prevented a migration crash when unapplying contrib.contenttypes’s or contrib.auth’s first migration (24075) due to severe impact on the test performance (24251) and problems in multi-database setups (24298).
* Fixed a regression that prevented custom fields inheriting from ManyToManyField from being recognized in migrations (24236).
* Fixed crash in contrib.sites migrations when a default database isn’t used (24332).
* Added the ability to set the isolation level on PostgreSQL with psycopg2 ≥ 2.4.2 (24318). It was advertised as a new feature in Django 1.6 but it didn’t work in practice.
* Formats for the Azerbaijani locale (az) have been added.
|
|
This release adds support to common or combined squid log format and a new
Italian translation file. There's also a new configuration directive UserReport
to be able to remove any user related reports, statistics about URL and domains
will remain. The second new directive is ExcludedCodes to be able to exclude
some log entries following the TCP code returned.
|
