Age | Commit message (Collapse) | Author | Files | Lines |
|
Add missing DEPENDS
Upstream changes:
0.204004 2017-01-26 18:29:34+01:00 Europe/Amsterdam
[ BUG FIXES ]
* GH #1307: Fix breakage of Template::Toolkit, caused by
previous release. (Peter SysPete Mottram)
0.204003 2017-01-25 15:21:40-06:00 America/Chicago
[ BUG FIXES ]
* GH #1299: Fix missing CPANTS prereqs (Mohammad S. Anwar)
[ ENHANCEMENTS ]
* GH #1249: Improve consistency with Template::Toolkit,
using correct case for 'include_path', 'stop_tag', 'end_tag',
and 'start_tag', removing ANYCASE option.
(Klaus Ita)
* Call route exception hook before logging an error, allowing devs to
raise their own errors bedore D2 logging takes over. (Andy Beverley)
[ DOCUMENTATION ]
* Add another example of the delayed asynchronous mechanism
(Ed @mohawk2 J., Sawyer X)
* GH #1291: Document 'change_session_id' in Dancer2::Core::App.
(Peter SysPete Mottram)
* Fix typo in Dancer2::Core::Response (Gregorr Herrmann)
* Document Dancer2::Plugin::RootURIFor (Mario Zieschang)
|
|
Changes:
Version 4.7.2
* Remote code execution (RCE) in PHPMailer – No specific issue appears to
affect WordPress or any of the major plugins we investigated but, out of an
abundance of caution, we updated PHPMailer in this release. This issue was
reported to PHPMailer by Dawid Golunski and Paul Buonopane.
* The REST API exposed user data for all users who had authored a post of a
public post type. WordPress 4.7.1 limits this to only post types which have
specified that they should be shown within the REST API. Reported by
Krogsgard and Chris Jean.
* Cross-site scripting (XSS) via the plugin name or version header on
update-core.php. Reported by Dominik Schilling of the WordPress Security
Team.
* Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported
by Abdullah Hussam.
* Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
* Post via email checks mail.example.com if default settings aren’t changed.
Reported by John Blackbourn of the WordPress Security Team.
* A cross-site request forgery (CSRF) was discovered in the accessibility mode
of widget editing. Reported by Ronnie Skansing.
* Weak cryptographic security for multisite activation key. Reported by Jack.
Version 4.7.1
* The user interface for assigning taxonomy terms in Press This is shown to
users who do not have permissions to use it. Reported by David Herrera of
Alley Interactive.
* WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
WordPress core is not directly vulnerable to this issue, but we’ve added
hardening to prevent plugins and themes from accidentally causing a
vulnerability. Reported by Mo Jangda (batmoo).
* A cross-site scripting (XSS) vulnerability was discovered in the posts list
table. Reported by Ian Dunn of the WordPress Security Team.
|
|
Requestd by Jesus Cea on pkgsrc-users@NetBSD.org maling list.
|
|
* Sync with firefox45-45.7.0
|
|
Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
|
|
* Sync with firefox-51.0.1
|
|
Changelog:
Fixed
Geolocation not working on Windows (Bug 1333516)
Multiprocess incompatibility did not correctly register with some add-ons (Bug 1333423)
|
|
|
|
restore oss build by linking ossaudio (follow same format as alsa).
|
|
[core] TCP latency optimization
[core] provide tag to include other YAML files from the configuration file
[core] accept sequence of mappings for path-level configuration
[core] fix broken support for TCP Fast Open in OS X
[access-log] provide directive to emit request-level errors
[access-log] emit values of all set-cookie headers concatenated
[fastcgi] fix connection failure when fastcgi.spawn is used with an uid
[file] more pre-defined MIME types
[http2][proxy] recognize link rel=preload headers in interim response as a trigger to push resources
[http1][http2] validate characters used in the headers
[http1][http2] notify error downstream when an error occurred while generating a response
[http1][http2] fix resource leak upon upgrade failure to HTTP/2
[http2] add http2-push-preload directive to turn off H2 push being initiated by link rel=preload header
[http2] add support for cache-digest header
[http2] drop host header in HTTP/2 layer
[http2] don't use etag for calculating casper cookie
[http2] add support for H2 debug state
[mruby] add dos_detector mruby handler
[mruby] add DSL for access control lists (acl)
[mruby] share mruby state and constants between handlers
[mruby] add library for address-block-based access control
[proxy] add an option to connect to upstream using PROXY protocol
[proxy] don't escape : in URI path
[proxy] preserve received URLs as much as possible
[proxy] add an option to prevent emiting x-forwarded-* headers
[proxy] cache TLS session used for upstream connections
[proxy] turn on/off on-the-fly compression based on the x-compress-hint header
[ssl] set add_lock callback to prevent unnecessary lock-add-unlock
[ssl] add support for OpenSSL 1.1.0
[status] collect and report HTTP statistics
[status] report additional stats when jemalloc is used
[throttle] add new handler for throttling the response bandwidth
[libh2o] provide h2o_rand that calls the appropriate random function depending on the OS
[libh2o] do not require use of picohttpparser.h when using the HTTP/1 client
[libh2o] install library files to the correct location
[misc] provide crash-handler directive to customize crash logging
[misc] guess the default location of h2o.conf
[misc] allow to disable libuv even when it is found
[misc] add font/woff2 to the default mime-type mapping
[misc] mark JavaScript and JSON files as compressible by default
|
|
We fixed memory leak bug which only occurs in server side session. Client side sessions are not affected. This bug was detected by LLVM libFuzzer with HTTP/2 corpus that h2o
project uses. Due to the bad code path which nullifies next pointers of linked list in a certain condition, nghttp2_stream object is not going to be freed. We highly encourage to upgrade the existing installation to this latest version.
|
|
* Renew test key pair
* Fix OpenSSL 1.1.0 deprecation warnings
* spdylay: compile against openssl-1.1.0
It fails to compile against openssl 1.1.0 due to things like
|shrpx_client_handler.cc:90:30: error: 'strerror' was not declared in this scope
|shrpx_listen_handler.cc:112:32: error: 'memset' was not declared in this scope
|shrpx_listen_handler.cc:114:43: error: 'memcpy' was not declared in this scope
This resolves it.
* spdycat: Fix leak in SpdySession.reqvec
* Compile with IRIX 6.5.22 using GCC-4.7.4
* Remove CREDENTIAL frame processing completely
We just left API as is, but related functions just do nothing now.
* Allocate stream ID when spdylay_submit_{syn_stream,request} is called
This commit allocates stream ID when spdylay_submit_syn_stream and
spdylay_submit_request is called. Also create stream when
spdylay_session_predicate_syn_stream_send is failed, to provide
stream to user callback (e.g., on_ctrl_not_send_callback).
Allocating stream ID early ensures that we can create stream because
we can catch stream ID exhaustion early and fail fast. Since stream
ID is allocated serially, we have to send SYN_STREAM in the order
they queued. So now all queued syn_stream have the same priority
(lowest). The DATA frame has given priority by application. This
does not work well with CREDENTIAL frame, since SYN_STREAM may wait
for CREDENTIAL, which results in out of order transmission. Since
CREDENTIAL frame was deprecated in SPDY/3.1, and no one use it, we
remove its functionality in the later commit.
* spdycat: --proxy-port, not --proxyport
* spdycat: Check :host header field for SNI, since Host header is not allowed
* spdycat: Update spdycat --help output for --header
* spdycat: Fix resource leak found by coverity scan
|
|
* Sync with firefox-51.0
* Add ka and kab locales
* Remove be locale
|
|
Changelog:
New
Users can view passwords in the save password prompt before saving them
Added a zoom button in the URL bar:
Displays percent above or below 100 percent when a user has changed the page zoom setting from the default
Lets users return to the default setting by clicking on the button
Improved video performance for users without GPU acceleration for less CPU usage and a better full screen experience
Firefox will save passwords even in forms that do not have “submit” events
Added support for FLAC (Free Lossless Audio Codec) playback
Added support for WebGL 2, with advanced graphics rendering features like transform feedback, improved texturing capabilities, and a new sophisticated shading language
A warning is displayed when a login page does not have a secure connection
Added Georgian (ka) and Kabyle (kab) locales
An even faster E10s! Tab Switching is better!
Improved reliability of browser data sync
Remove Belarusian (be) locale
Fixed
Various security fixes
Changed
Use 2D graphics library (Skia) for content rendering on Linux
Re-enabled E10s support for Russian (ru) locale
Updated to NSS 3.28.1
Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5379: Use-after-free in Web Animations
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
#CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
#CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
#CVE-2017-5391: Content about: pages can load privileged about: pages
#CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
#CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
#CVE-2017-5395: Android location bar spoofing during scrolling
#CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
#CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
#CVE-2017-5374: Memory safety bugs fixed in Firefox 51
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
|
|
|
|
Upstream changes:
0.27: # 2016-10-28T12:59:00+0100
- Unbreak with Elasticeasrch 5.0. See https://rt.cpan.org/Public/Bug/Display.html?id=118425
|
|
6.16 2017-01-12
- Moved LWP::Protocol::GHTTP into its own dist and removed from here (PR#81)
- Updated test suite to use strict/warnings and Test::More (PR#88)
- Additional tests for UserAgent coverage (PR#79)
- Cleaned up documentation formatting and fixed several typos (PR#87, PR#93)
- Stop promoting use of HTTP::Cookies and instead use HTTP::CookieJar::LWP (PR#102)
- Added some new documentation to UserAgent and tutorial (PR#68)
- Allow default header to carry over when using ->post() in UA (PR#100)
|
|
|
|
with an imagelib option.
|
|
Changelog:
Version 11.0.1 January 16 2017
Changes
Server
Safari CSPv3 support is sub-par (server/2699)
Fix legacy DAV endpoint (server/2685)
Use unmasked permissions in shared scanner (server/2696)
Do not connect to database before creating it (server/2703)
Fix todo list activity filter (server/2746)
Changed anchor in settings page (server/2805)
Also check in cron for old php version (server/2809)
Add DAV repair step to fix calendar data (server/2807)
Only log as info when we can not create a new DB user (server/2750)
Fix wording for apps mgmt buttons (server/2751)
Use a form so firefox doesn't try to save the space as a password (server/2804)
Fix overwriting parameter (server/2825)
Applied security hardening in SwiftMailer (core/2882)
Don't set Content-Disposition header if one already exists (server/2949)
Don't link to the oC forum (server/2988)
Set redirect_url on 2FA challenge page (server/2981)
Dont write a certificate bundle if the shipped ca bundle is empty (server/2994)
Remove group restrictions when those are not allowed anymore (server/2980)
Activity
Update docs and samples (activity/92)
Make sure the preview URLs are absolute (activity/91)
User_SAML
Update SAML library (user_saml/64))
Make the JS work with sudo mode (user_saml/71))
Enabled strict mode (user_saml/75))
files_retention
Delete job if tag not found (files_retention/18)
Also included is a precautionary update for a recent SwiftMailer security issue.
|
|
Version 0.11.15
---------------
Released on December 30th 2016.
- Bugfix for the bugfix in the previous release.
Version 0.11.14
---------------
Released on December 30th 2016.
- Check if platform can fork before importing ``ForkingMixIn``, raise exception
when creating ``ForkingWSGIServer`` on such a platform, see PR ``#999``.
Version 0.11.13
---------------
Released on December 26th 2016.
- Correct fix for the reloader issuer on certain Windows installations.
Version 0.11.12
---------------
Released on December 26th 2016.
- Fix more bugs in multidicts regarding empty lists. See ``#1000``.
- Add some docstrings to some `EnvironBuilder` properties that were previously
unintentionally missing.
- Added a workaround for the reloader on windows.
Version 0.11.11
---------------
Released on August 31st 2016.
- Fix JSONRequestMixin for Python3. See #731
- Fix broken string handling in test client when passing integers. See #852
- Fix a bug in ``parse_options_header`` where an invalid content type
starting with comma or semi-colon would result in an invalid return value,
see issue ``#995``.
- Fix a bug in multidicts when passing empty lists as values, see issue
``#979``.
- Fix a security issue that allows XSS on the Werkzeug debugger. See ``#1001``.
|
|
|
|
Flask-Webpack ties Webpack and Flask together. It exposes a few
global template tags so that you can work with assets in your jinja
templates and it works with any wsgi server.
|
|
|
|
Bump PKGREVISION
|
|
Since upstream still maintaines the 2-series it is kept in www/SOGo.
Version 3, introduced in early 2016, has a modern, fully responsive Web
frontend. Both versions share a common implementation of the communication
protocols supported in SOGo and SOPE: LDAP, IMAP, SQL, CardDAV, CalDAV, and
Microsoft Enterprise ActiveSync.
DESCR:
SOGo is fully supported and trusted groupware server with a focus
on scalability and open standards. SOGo is released under the GNU
GPL/LGPL v2 and above.
SOGo provides a rich AJAX-based Web interface and supports multiple
native clients through the use of standard protocols such as CalDAV,
CardDAV and GroupDAV.
SOGo is the missing component of your infrastructure; it sits in
the middle of your servers to offer your users an uniform and
complete interface to access their information. It has been deployed
in production environments where thousands of users are involved.
|
|
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
|
|
Version 3.5.24 (2017-01-19)
---------------------------
### Fixed
Correctly handle SVGZ files in the file manager (also fixes #8624).
### Fixed
Revert the download element changes (see #8620).
|
|
* Correctly handle nested public folders when symlinking a folder.
* Correctly handle SVGZ files in the file manager (see contao/core#8624).
* Prevent an endless redirect loop if the page alias is "/" (see contao/core#8560).
* Correctly parse German dates with two digit years in MooTools (see contao/core#8593).
* Correctly add new resources to the user/group permissions (see contao/core#8583).
* Trigger the auto-submit function in the date picker (see contao/core#8603).
* Call the load callback when loading page/file picker nodes (see contao/core#7702).
|
|
minor changes - last kde4 version
|
|
Upstream changes:
Moodle 3.2.1 release notes
Releases > Moodle 3.2.1 release notes
Release date: 9 January 2017
Here is the full list of fixed issues in 3.2.1.
Fixes and improvements
MDL-55906 - Assignment grading table reset button should clear persistent settings
MDL-57222 - Marking workflow and grading must still save for hidden Assignment
MDL-56810 - Fixed error converting submissions for annotation when student is unenrolled from course
MDL-55062 - Upload users admin tool incorrectly updates authentication method for existing users when not included in CSV
MDL-56912 - Feedback: Allow to submit empty not required multichoice questions
MDL-53044 - Completely prevent login with expired passwords
MDL-57213 - Boost - Fixed bug when my courses were not displayed at all with $CFG->navshowmycoursecategories on
Security issues
MSA-17-0001 System file inclusion when adding own preset file in Boost theme
MSA-17-0002 Incorrect sanitation of attributes in forums
MSA-17-0003 PHPMailer vulnerability in no-reply address
MSA-17-0004 XSS in assignment submission page
|
|
Upstream changes:
7.20 2017-01-18
- Fixed a bug in Mojo::File where the make_path method would die even if no
error occurred.
- Fixed warnings in Mojo::IOLoop::TLS.
7.19 2017-01-14
- Added module Mojo::IOLoop::TLS.
- Added can_nnr and can_socks methods to Mojo::IOLoop::Client.
7.18 2017-01-11
- Fixed support for relative %INC paths in Mojo::Home.
- Fixed a bug in Mojo::URL where invalid fragment strings could be generated.
7.17 2017-01-11
- Fixed Windows bugs in Mojo::File. (kmx)
7.16 2017-01-10
- Fixed Windows bugs in Mojo::File. (kmx)
7.15 2017-01-09
- Deprecated Mojo::ByteStream::slurp and Mojo::Util::slurp in favor of
Mojo::File::slurp.
- Deprecated Mojo::ByteStream::spurt and Mojo::Util::spurt in favor of
Mojo::File::spurt.
- Deprecated Mojo::Util::files in favor of Mojo::File::list_tree.
- Deprecated Mojo::Home::lib_dir, Mojo::Home::parse, Mojo::Home::parts in
favor of new features inherited from the Mojo::File base class.
- Added module Mojo::File.
- Improved Mojo::Home to be a subclass of Mojo::File.
- Improved mojo_lib_dir and rel_file methods in Mojo::Home to return
Mojo::Home objects.
- Improved rel_file methods in Mojolicious::Command to return Mojo::File
objects.
- Improved every_param and param methods in Mojolicious::Validator::Validation
to use the current topic.
|
|
Version 3.5.23 (2017-01-17)
---------------------------
### Fixed
Handle non-numeric values when calculating the image margin (see #8617).
### Fixed
Correctly generate the download elements in the back end (see #8620).
Version 3.5.22 (2017-01-16)
---------------------------
### Fixed
Prevent an endless redirect loop if the page alias is "/" (see #8560).
### Fixed
Correctly parse German dates with two digit years in MooTools (see #8593).
### Fixed
Correctly add new resources to the user/group permissions (see #8583).
### Fixed
Trigger the auto-submit function in the date picker (see #8603).
### Fixed
Call the load callback when loading page/file picker nodes (see #7702).
|
|
2.3.19 (2017-01-09)
-------------------
Enhancements
- [core] added handling of BYSETPOS for BYDAY in recurrence rules
- [core] improved IMIP handling from Exchange/Outlook clients
- [web] update jQuery to version 1.12.4 and jQuery UI to version 1.11.4
- [web] added SOGoMaximumMessageSizeLimit to limit webmail message size
- [web] added photo support for LDIF import (#1084)
- [web] updated CKEditor to version 4.6.1
Bug fixes
- [core] honor blocking wrong login attemps within time interval (#2850)
- [core] use source's domain when none defined and trying to match users (#3523)
- [core] properly honor the "include in freebusy" setting (#3354)
- [core] fix events in floating time during CalDAV's PUT operation (#2865)
- [core] handle rounds in sha512-crypt password hashes
- [web] return login page for unknown users (#2135)
- [web] append ics file extension when importing events (#2308)
- [web] set a max-height so we can scroll in the attendees list (#3666)
- [web] set a max-height so we can scroll in the attachments list (#3413)
- [web] handle URI in vCard photos (#2683)
- [web] handle semicolon in values during LDIF import (#1760)
- [eas] properly escape all GAL responses (#3923)
- [eas] properly skip folders we don't want to synchronize (#3943)
- [eas] fixed 30 mins freebusy offset with S Planner
- [eas] now correctly handles reminders on tasks (#3964)
- [eas] do not decode from hex the event's UID (#3965)
- [eas] add support for "other addresses" (#3966)
- [eas] provide correct response status when sending too big mails (#3956)
2.3.18 (2016-11-28)
-------------------
New features
- [eas] relaxed permission requirements for subscription synchronizations (#3118 and #3180)
Enhancements
- [core] added sha256-crypt and sha512-crypt password support
- [core] updated time zones to version 2016h
- [eas] initial support for recurring tasks EAS
- [eas] now support replied/forwarded flags using EAS (#3796)
- [eas] now also search on senders when using EAS Search ops
- [web] updated CKEditor to version 4.6.0
Bug fixes
- [core] fixed condition in weekly recurrence calculator
- [core] always send IMIP messages using UTF-8
- [web] fixed support for recurrent tasks
- [web] improved validation of mail account delegators
- [web] allow edition of a mailbox rights when user can administer mailbox
- [web] restore attributes when rewriting base64-encoded img tags (#3814)
2.3.17 (2016-10-20)
-------------------
Enhancements
- [web] allow custom email address to be one of the user's profile (#3551)
- [web] the left column of the attendees editor is resizable (not supported in IE) (#1479, #3667)
Bug fixes
- [eas] make sure we don't sleep for too long when EAS processes need interruption
- [eas] fixed recurring events with timezones for EAS (#3822)
- [eas] improve handling of email folders without a parent
- [eas] never send IMIP reply when the "initiator" is Outlook 2013/2016
- [core] only consider SMTP addresses for AD's proxyAddresses (#3842)
2.3.16 (2016-09-28)
-------------------
New features
- [eas] initial support for server-side mailbox search operations
Enhancements
- [eas] propagate message submission errors to EAS clients (#3774)
- [web] updated CKEditor to version 4.5.11
- [web] added Serbian (sr) translation - thanks to Bogdanović Bojan
Bug fixes
- [web] correctly set percent-complete for tasks from the list view (#3197)
- [core] fixed caching expiration of ACLs assigned to LDAP groups (#2867)
- [core] we now search in all domain sources for Apple Calendar
- [core] properly handle groups in Apple Calendar's delegation
- [core] make sure new cards always have a UID (#3819)
2.3.15 (2016-09-14)
------------------
Enhancements
- [web] don't allow a recurrence rule to end before the first occurrence
Bug fixes
- [eas] properly generate the BusyStatus for normal events
- [eas] properly escape all email and address fields
- [eas] properly generate yearly rrule
- [core] strip protocol value from proxyAddresses attribute (#3182)
- [web] handle binary content transfer encoding when displaying mails
|
|
0.12 (2016-08-18)
- Added registration of Flask CLI commands using `flask.commands`
entrypoint group. (Jiri Kuncar)
- Added an optional support for FlaskAzureStorage when
`FLASK_ASSETS_USE_AZURE` is set. (Alejo Arias)
- Updated Flask extension imports for compatibility with Flask 0.11.
(Andy Driver) (fixes #102)
- Fixed generation of absolute urls using //. (fixes #73)
- Fixed Flask-Script assets build command. (Frank Tackitt)
|
|
0.12.1 (2017-01-08)
- Fix compatibility with Jinja 2.9.
- When globbing, include files in alphabetical order (Sam Douglas).
- Remove duplicate files from bundles (Sam Douglas).
- Support for PyInstaller (Ilya Kreymer).
- Fix the sass filter (Dan Callaghan).
0.12 (2016-08-18)
- Babel filter (JDeuce).
- NodeSASS filter (Luke Benstead).
- Autoprefixer 6 filter (Eugeniy Kuznetsov).
- Many other small changes and improvements by various contributors.
|
|
|
|
*) SECURITY: CVE-2016-8743 (cve.mitre.org)
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies.
*) Validate HTTP response header grammar defined by RFC7230, resulting
in a 500 error in the event that invalid response header contents are
detected when serving the response, to avoid response splitting and cache
pollution by malicious clients, upstream servers or faulty modules.
*) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues.
*) core: Avoid a possible truncation of the faulty header included in the
HTML response when LimitRequestFieldSize is reached.
*) core: Enforce LimitRequestFieldSize after multiple headers with the same
name have been merged.
*) core: Drop Content-Length header and message-body from HTTP 204 responses.
*) core: Permit unencoded ';' characters to appear in proxy requests and
Location: response headers. Corresponds to modern browser behavior.
*) core: ap_rgetline_core now pulls from r->proto_input_filters.
*) core: Correctly parse an IPv6 literal host specification in an absolute
URL in the request line.
*) core: New directive RegisterHttpMethod for registering non-standard
HTTP methods.
*) core: Limit to ten the number of tolerated empty lines between request.
*) core: reject NULLs in request line or request headers.
*) mod_proxy: Use the correct server name for SNI in case the backend
SSL connection itself is established via a proxy server.
*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives.
*) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3.
*) mod_proxy: Correctly consider error response codes by the backend when
processing failonstatus.
*) mod_proxy: Play/restore the TLS-SNI on new backend connections which
had to be issued because the remote closed the previous/reusable one
during idle (keep-alive) time.
*) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.
*) mod_proxy: Fix a regression with 2.2.31 that caused inherited workers to
use a different scoreboard slot then the original one.
*) mod_proxy: Fix a race condition that caused a failed worker to be retried
before the retry period is over.
*) mod_proxy: don't recyle backend announced "Connection: close" connections
to avoid reusing it should the close be effective after some new request
is ready to be sent.
*) mod_mem_cache: Fix concurrent removal of stale entries which could lead
to a crash.
*) mime.types: add common extension "m4a" for MPEG 4 Audio.
*) mod_substitute: Allow to configure the patterns merge order with the new
SubstituteInheritBefore on|off directive.
*) mod_mem_cache: Don't cache incomplete responses when the client
connection is aborted before the body is fully read.
*) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
*) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
|
|
v1.6.1
Version 1.6.1
Bugfix release
- Fixed a bug where using google-auth with scoped credentials would fail. (#328)
v1.6.0
Version 1.6.0
Release to drop support for Python 2.6 and add support for google-auth.
- Support for Python 2.6 has been dropped. (#319)
- The credentials argument to discovery.build and discovery.build_from_document
can be either oauth2client credentials or google-auth credentials. (#319)
- discovery.build and discovery.build_from_document now unambiguously use the
http argument to make all requests, including the request for the discovery
document. (#319)
- The http and credentials arguments to discovery.build and
discovery.build_from_document are now mutually exclusive, eliminating a
buggy edge case. (#319)
- If neither http or credentials is specified to discovery.build and
discovery.build_from_document, then Application Default Credentials will
be used. The library prefers google-auth for this if it is available, but
can also use oauth2client's implementation. (#319)
- Fixed resumable upload failure when receiving a 308 response. (#312)
- Clarified the support versions of Python 3. (#316)
|
|
6.12 2017-01-04 23:32:54-05:00 America/Toronto
- Fix prereqs
6.11 2017-01-04 15:05:57-05:00 America/Toronto
- Updated the Changes file
- When using Net::SSL, pending data was potentially ignored GH PR#7 (Jean-Louis Martineau)
6.10-DEV 2016-12-30
- Added LICENSE
- Added 'use warnings' to everywhere that lacked it
- Drop all use of Test.pm
- Removed unneeded uses of 'use vars'
- Switch live tests to use Google.
- Fix RT#112313 - Hang in my_readline() when keep-alive => 1 and $reponse_size % 1024 == 0
|
|
* [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108)
* [mod_webdav] fix crash when plugin_ctx cleaned up (fixes #2780)
* [mod_fastcgi] detect child exit, restart proactively
* [mod_scgi] detect child exit, restart proactively
* [TLS] ssl.read-ahead = "disable" for low mem (fixes #2778)
pkgsrc changes:
- Rename non-standard "memcache" option to "memcached" (retaining
compatibility for the old option for a while)
|
|
and of the lookup function is of type 'size_t').
Bump PKGREVISION
|
|
2017-01-03 ec284cf [RELEASE] Release of TYPO3 6.2.30 (TYPO3 Release Team)
2017-01-03 0f79d43 #79114 [SECURITY] Protect Mailtransport (Wouter Wolters)
2016-12-31 7a99325 #70106 [BUGFIX] Do not use realpath for temporary file names (Stefan Froemken)
2016-12-30 5bb34d0 #76478 [TASK] Clean up DebuggerUtility (Nicole Cordes)
2016-12-24 98dd27a #70962 [BUGFIX] FAL relations duplicated when saving in workspaces (Andreas Wolf)
2016-12-16 5124e88 #78915,#78977 [BUGFIX] Optimize cache handling in ReflectionService (Helmut Hummel)
2016-12-15 18b19ea #78977 Revert "[BUGFIX] Reflection Cache does not save methodReflections" (Nicole Cordes)
2016-12-13 8095288 #78925 [BUGFIX] Fix exception in QuickEdit mode for empty pages (Manuel Selbach)
2016-12-12 8ef727a #78915 [BUGFIX] Reflection Cache does not save methodReflections (Tymoteusz Motylewski)
2016-12-08 01a927d #73241 [BUGFIX] Do not fetch pages with pid < 0 in prepareCacheFlush (Steffen Göde)
2016-12-08 bab723b #72654,#62660 [BUGFIX] Improve DataHandler handling for dbType fields (Nicole Cordes)
2016-12-07 1a32e92 #78551 [BUGFIX] Reset hidden field information in FormViewhelper (Nicole Cordes)
2016-12-03 b927c7b #77097 [BUGFIX] Reset FormViewHelper on execution (Helmut Hummel)
|
|
|
|
|
|
A safe home for all your data
Access, share and protect your files, calendars, contacts,
communication & more at home and in your enterprise.
|
|
|
|
|
|
py-cryptodome instead of py-crypto now. Update adds more localisations
among other files.
|
|
|