Age | Commit message (Collapse) | Author | Files | Lines |
|
Tue Dec 25 16:16:30 CET 2012
Releasing libmicrohttpd 0.9.24. -CG
Tue Dec 18 21:18:11 CET 2012
Given both 'chunked' encoding and 'content-length',
ignore the 'content-length' header as per RFC. -ES
Thu Dec 6 10:14:44 CET 2012
Force adding "Connection: close" header to response if
client asked for connection to be closed (so far, we
did close the connection, but did not send the
"Connection: close" header explicitly, which some clients
seem to dislike. (See discussion on mailinglist).
Also, if there is already a transfer-encoding other
than 'chunked' set by the application, we also now close
the connection if the response is of unknown size. -CG
Wed Dec 5 19:22:26 CET 2012
Fixing parameter loss of POST parameters with IE8 and Chrome
in the PostProcessor as the code failed to properly handle
partial data. -MM
|
|
|
|
Only version has updated.
|
|
Only version has updated.
|
|
Only version has updated.
|
|
Only version has updated.
|
|
Only version has updated.
|
|
Only version has updated.
|
|
Only version has updated.
|
|
Only version has updated.
|
|
Only version has updated.
|
|
= Changes in 2.3.2 =
January 5, 2013 - version 2.3.2
* Changes
* #138 Revert Timeout change unintentionally included in v2.3.1. It's
reported that the change causes background processes not terminated
properly.
= Changes in 2.3.1 =
January 1, 2013 - version 2.3.1
* Changes
* #137 Signing key is expiring for cacert_sha1.p7s.
Deleted p7s signature check for default cacerts. Sorry for many troubles
in the past. This feature is not useful without having online/real-time
CA certs update but I don't think I can implement it in near future.
Users depend on this signature check (who puts cacert.p7s in R/W
filesystem and ssl_config.rb in R/O filesystem) should take care the
tampering by themself.
* Bug fixes
* #122 Support IPv6 address in URI
= Changes in 2.3.0 =
October 10, 2012 - version 2.3.0
* Features
* Added debug mode CLI. bin/httpclient is installed as CLI.
Usage: 1) % httpclient get https://www.google.co.jp/ q=ruby
Usage: 2) %httpclient
For 1) it issues a GET request to the given URI and shows the wiredump
and the parsed result. For 2) it invokes irb shell with the binding
that has a HTTPClient as 'self'. You can call HTTPClient instance
methods like;
> get "https://www.google.co.jp/", :q => :ruby
* #119 Addressable gem support (only if it exists); should handle IRI
properly.
* Bug fixes
* #115 Cookies couldn't work properly if the path in an URI is ommited.
* #112, #117 Proper handling of sized IO (the IO object that responds to
:size) for chunked POST. HTTPClient did read till EOF even if the
given IO has :size method.
* Handle '303 See Other' properly. RFC2616 says it should be redirected
with GET.
* #116 Fix "100-continue" support. It was just ignored.
* #118 Support for boolean values when making POST/PUT requests with
multiipart/form Content-Type.
* #110 Allows leading dots in no_proxy hostname suffixes.
|
|
---------------
- /usr/bin/env police
Upstream Changes:
-----------------
Version 1.9.6:
SECURITY HINT: make sure you have allow_xslt = False (or just do not use
allow_xslt at all in your wiki configs, False is the internal default).
Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
Fixes:
* fix remote code execution vulnerability in twikidraw/anywikidraw action
* fix path traversal vulnerability in AttachFile action
* fix XSS issue, escape page name in rss link
* escape user- or admin-defined css url
* make taintfilename more secure
* use a constant time str comparison function to prevent timing attacks
* Attachment handler: catch all Zip-related errors
Version 1.9.5:
Fixes:
* Security fix: fix virtual group bug in ACL evaluation.
* Avoid crash if #refresh processing instruction is used without arguments.
* Fix issue with non-ASCII textchas.
* Xapian indexing: remove copy.copy() that crashed on Windows/IIS/isapi-wsgi
after page save.
* Fix dictionary file reading crash under Windows.
* Work around crash of AdvancedSearch macro rendering caused by non-ascii
mimetypes.types_map entries.
* Added migration script for moin 1.8.9.
* rss_rc: Fix diffs added in RSS with diffs=1 (now they correspond to item
listed in feed and not just last page diffs). Links generated with ddiffs=1
also fixed.
* rss_rc: fix double escaping issue.
* rss_rc: respect show_names configuration option.
* rss_rc: proper support of rename, revert, page creation.
* modern/modernized theme: fix padding/width for editor preview
* group/pagelinks formatters: avoid to create unnecessary output, redirect
output of send_page call with the groups formatter, it must not be written
to the output stream
* rst parser: fix include and macro directives
* wikisync: fix unicode pagename sending for python 2.7 httplib
New features:
* add a comment_required config option (default: False) to require a
non-empty comment when saving a page
* when a save error happens, show the editor again and highlight the error
* rss_rc: several new options added: lines parameter gives ability to set
maximum size of diffs showed in RSS. show_att parameter gives ability
to show information aboout attachment-related items in RSS. page parameter
gives ability to specify set of pages for which changes RSS feed should be
generated. Configuration of defaults and limits can now be done via wiki
configuration mechanism.
* As soon as it is now possible to provide RSS for page change history,
appropriate alternate link is now added for every page (controlled by
rss_show_page_history_link configuration parameter).
* Search: "no_highlight:" search query option provided for suppressing
highlighting search results.
* Search macros: new options for FullSearch, FullSearchCached and PageList
available:
* highlight_titles option controls highlighting of matches in search
results provided by these macros. Default value is set in
search_macro_highlight_titles configuration option)
* highlight_pages option controls adding of highlight URL parameter to
page links (so search term is highlighted when user goes to one of
these pages via provided link) in search results. Default value is set
in search_macro_highlight_pages configuration option.
Usage of these options is disabled (via search_macro_parse_args
configuration option) by default due to behavioural changes introduced
in macro parameter parsing mechanism to support them. Related to
http://moinmo.in/FeatureRequests/FullSearchResultsWithoutHighlight .
Other changes:
* Remove 4suite dependency for docbook formatter, use minidom (included in
Python).
* Upgraded FCKeditor to 2.6.8.
|
|
|
|
A helper class for handling configuration defaults of packaged
Django apps gracefully.
|
|
* Add missing dependency
|
|
|
|
Mezzanine is a powerful, consistent, and flexible content management
platform. Built using the Django framework.
|
|
|
|
www/py-django-mezzanine-filebrowser.
grappelli_safe was created to provide a snapshot of the Grappelli
admin skin for Django, to be referenced as a dependency for the
Mezzanine CMS for Django.
|
|
|
|
www/py-django-mezzanine-grappelli.
Snapshot of the Grappelli admin skin for Django.
|
|
|
|
Bleach is an HTML sanitizing library that escapes or strips markup
and attributes based on a white list. Bleach can also linkify text
safely, applying filters that Django's ``urlize`` filter cannot,
and optionally setting ``rel`` attributes, even on links already
in the text.
|
|
|
|
Tiny Tiny RSS is an open source web-based news feed (RSS/Atom)
reader and aggregator, designed to allow you to read news from any
location, while feeling as close to a real desktop application as
possible.
|
|
* Many bugfixes
* Many improvements
|
|
|
|
Piwigo is photo gallery software for the web, built by an active
community of users and developers.
|
|
Bug fixes.
|
|
Geeklog History/Changes:
Dec 30, 2012 (1.8.2)
------------
- A remote service user now bypasses current password check when account is
deleted (bug #0001417) [Tom]
- Fixed Twitter OAuth login error after Twitter deactived some old URLs (bug
#0001497) [Tom]
- $dbconfig_path was not escaped in the install script (bug #0001457, patch
provided by mystral-kk)
- COM_stripslashes will now handle arrays; this was a problem during
re-authentication after a security token expired (bug #0001413) [suprsidr]
- The comment count for a story could be wrong if there was a different object
with the same id and a comment (bug #0001414) [Tom]
- Feeds with the full story text still had a '...' at the end (bug #0001431)
[Jeff Rivett, Tom]
- Allow MIME type application/x-gzip-compressed when uploading a plugin for
installation (bug #0001405) [Dirk]
- Fixed compatibility with MySQL 5.5 (bugs #0001410, #0001456). This also
raises the minimum supported MySQL version to 4.1.2 [Dirk, Tom]
|
|
|
|
|
|
Clears TODO item.
Version 1.1.17 (released 25-Oct-2012)
* fix exception caused by uninitialized variable usage (issue #516)
Version 1.1.16 (released 24-Oct-2012)
* security fix: escape "extra" diff info to avoid XSS attack (issue #515)
* add 'binary_mime_types' configuration option and handling (issue #510)
* fix 'select for diffs' persistence across log pages (issue #512)
* remove lock status and filesize check on directories in remote SVN views
* fix bogus 'Annotation of' page title for non-annotated view (issue #514)
Version 1.1.15 (released 22-Jun-2012)
* security fix: complete authz support for remote SVN views (issue #353)
* security fix: log msg leak in SVN revision view with unreadable copy source
* fix several instances of incorrect information in remote SVN views
* increase performance of some revision metadata lookups in remote SVN views
* fix RSS feed regression introduced in 1.1.14
Version 1.1.14 (released 12-Jun-2012)
* fix annotation of svn files with non-URI-safe paths (issue #504)
* handle file:/// Subversion rootpaths as local roots (issue #446)
* fix bug caused by trying to case-normalize anon usernames (issue #505)
* speed up log handling by reusing tokenization results (issue #506)
* add support for custom review log markup rules (issue #429)
Version 1.1.13 (released 23-Jan-2012)
* fix svndbadmin failure on deleted paths under Subversion 1.7 (issue #499)
* fix annotation of files in svn roots with non-URI-safe paths
* fix stray annotation warning in markup display of images
* more gracefully handle attempts to display binary content (issue #501)
Version 1.1.12 (released 03-Nov-2011)
* fix path display in patch and certain diff views (issue #485)
* fix broken cvsdb glob searching (issue 486)
* allow svn revision specifiers to have leading r's (issue #441, #448)
* allow environmental override of configuration location (issue #494)
* fix exception HTML-escaping non-string data under WSGI (issue #454)
* add links to root logs from roots view (issue #470)
* use Pygments lexer-guessing functionality (issue #495)
|
|
|
|
|
|
* Patches are regen
|
|
Thank you, dholland@.
|
|
|
|
|
|
Fix XSS.
Thank you, taca@.
|
|
|
|
* Create user/group
Changelog:
* [bp/r43638][SEC] unserialize: More complete check for objects in serialized data when it's not the first item
* And more bugfixes
|
|
|
|
|
|
|
|
|
|
from upstream for a bug that lets the devel/rt3 mailgate fail rather
dismally when present. Reviewed by tron.
|
|
Changelog:
Version 4.5.5 Dec 20th 2012
Show drag and drop shadow for Firefox
Fix Knowledgebase under certain conditions
Fix setting of sharing password
Fix setting of sharing password
Several sharing fixes
Fixversioning during sharing
Fix mounting of external filesystems especially CIFS
Fix several PHP warnings
Show /Shared as standard directory
Fix session management for running several ownClouds on the same host
Fix WebDAV quota enforement
Fix CalDAV with LDAP users
Better warning about missing dependencies
Add warning about conflicting WebDAV auth and LDAP backend
Restore send sharing link my email
Fix encoding problem with mounting of CIFS filesystems
Fix mimetype icons for new files
Fix the folder size calculation
Fix for deleting multiple files
Fix for controling the data dir with LDAP
Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006)
Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
|
|
Bump PKGREVISION.
|