| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* Update nss requirement.
|
|
Upstream changes is too long, please visit:
https://docs.moodle.org/dev/Moodle_2.9_release_notes
|
|
* Sync with firefox-38.0.1.
|
|
Changelog:
Fixed Systems with first generation NVidia Optimus graphics cards may crash on start-up
Fixed Users who import cookies from Google Chrome can end up with broken websites
Fixed WebRTC H264 video streams from CiscoSpark native clients are not decoded correctly. (Fixed in Firefox ESR 38.0.1; was already fixed in Firefox 38.0)
Fixed Large animated images may fail to play and may stop other images from loading
|
|
|
|
|
|
supported version on NetBSD. PKGREVISION++
|
|
- Nothing changed, but just a note. 'make test' fails at t/12-html_fragment_ok.t.
It is because the randomness of error output, saying either <head><title><html>
is missing (if neither of them exists). (To see, try 'make test' several times).
(upstream)
- update 2.20 to 2.22
-------------------
2.22 Mon Apr 6 15:47:11 CDT 2015
[CHANGES THAT COULD BREAK YOUR CODE]
Previously, html_ok() would not check the entire structure of a web
page to check for <html>, <head>, <title> and <body> tags. Now it
will. If you want to check fragments of HTML for validity but know
that they are not valid HTML documents on their own, use the new
html_fragment_ok().
[ENHANCEMENTS]
Added new error, elem-input-alt-missing, that warns of <input
type="image"> tags that are missing an alt="" attribute. This helps
for accessability to make sure that any images have alternate text
for screen readers.
Added ability to modify HTML::Lint's table of known tags and
attributes, so you could do this:
# Add an attribute that your company uses.
HTML::Lint::HTML4::add_attribute( 'body', 'proprietary-attribute' );
# Add the HTML 5 <canvas> tag.
HTML::Lint::HTML4::add_tag( 'canvas' );
HTML::Lint::HTML4::add_attribute( 'canvas', $_ ) for qw( height width );
[FIXES]
Test::HTML::Lint::html_ok() would not call the HTML::Lint eof()
method, which meant it wouldn't do document-wide tests.
|
|
Changelog:
Change the format of the Tomcat specific URLs for resources inside JARs that are in turn packed in a WAR. The ^/ sequence has been replaced by */ so that the resulting URLs are compliant with RFC 2396 and do not trigger exceptions when converted to URIs. The old format will continue to be accepted.
Allow logging of the remote port in the access log using the format pattern %{remote}p.
When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified.
Align redeploy resource modification checking with reload modification checking so that now, in both cases, a change in modification time rather than an increase in modification time is used to determine if the resource has changed.
Note: There is a known issue with NIO2 and SSL/TLS in this and previous releases that can result in dropped connections. It is not recommended that NIO2 is used in production with SSL/TLS until this issue is resolved (the fix is expected in 8.0.23).
|
|
* Sync with firefox-38.0.
|
|
Changelog:
New New tab-based preferences
New Ruby annotation support
New Base for the next ESR release.
Changed autocomplete=off is no longer supported for username/password fields
Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec
Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions
Changed Improved page load times via speculative connection warmup
HTML5 WebSocket now available in Web Workers
HTML5 BroadcastChannel API implemented
HTML5 Implemented srcset attribute and <picture> element for responsive images
HTML5 Implemented DOM3 Events KeyboardEvent.code
HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube
HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only)
HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only)
Developer Optimized-out variables are now visible in Debugger UI
Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests
Developer WebRTC now has multistream and renegotiation support
Developer copy command added to console
Fixed Various security fixes
Fixed in Firefox 38
2015-58 Mozilla Windows updater can be run outside of application directory
2015-57 Privilege escalation through IPC channel messages
2015-56 Untrusted site hosting trusted page can intercept webchannel responses
2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
2015-54 Buffer overflow when parsing compressed XML
2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
2015-52 Sensitive URL encoded information written to Android logcat
2015-51 Use-after-free during text processing with vertical text enabled
2015-50 Out-of-bounds read and write in asm.js validation
2015-49 Referrer policy ignored when links opened by middle-click and context menu
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
|
|
WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML
file shipped with recent Genericons packages included in the Twenty Fifteen
theme as well as a number of popular plugins by removing the file.
Version 4.2.2 also improves on a fix for a critical cross-site scripting
vulnerability introduced in 4.2.1.
The release also includes hardening for a potential cross-site scripting
vulnerability when using the Visual editor.
In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs
from 4.2.1, including:
o Fixes an emoji loading error in IE9 and IE10
o Fixes a keyboard shortcut for saving from the Visual editor on Mac
o Fixes oEmbed for YouTube URLs to always expect https
o Fixes how WordPress checks for encoding when sending strings to MySQL
o Fixes a bug with allowing queries to reference tables in the dbname.tablename
format
o Lowers memory usage for a regex checking for UTF-8 encoding
o Fixes an issue with trying to change the wrong index in the wp_signups table
on utf8mb4 conversion
o Improves performance of loop detection in _get_term_children()
o Fixes a bug where attachment URLs were incorrectly being forced to use https
in some contexts
o Fixes a bug where creating a temporary file could end up in an endless loop.
|
|
---------------------
VERSION 3.06
Maintenance release with a couple new features: support for "charset:
utf8" in "Source::File", add_before_option/add_after_option c/o Victor
Porton, and support for HTML5 type names c/o Wolfgang Radke.
|
|
- Adjust following depends for 'make test'
Convert DEPENDS to BUILD_DEPENDS, p5-CPAN-Changes
Add BUILD_DEPENDS p5-Test-Deep-[0-9]*
(upstream)
- Update 2.07 to 2.09
-------------------
2.09 2015-03-08
[DOCUMENTATION]
- Clarify order of use statements when using both CGI and CGI::Fast
- Replace indirect object notation with ->new
[TESTING]
- Tests for CGI imports and load order
|
|
|
|
- Add BUILD_DEPENDS+= p5-CGI-Emulate-PSGI for 'make test'
(upstream)
- Update to 0.19
--------------
0.19 2015-03-06 11:33:32 PST
- fix signal related test fails on Win32 (rkitover) #16
|
|
- Add three BUILD_DEPENDS for 'make test'.
p5-JSON-MaybeXS, p5-Module-Pluggable, p5-Test-Deep
(upstream)
- Update to 1.004
---------------
1.004 2015-03-05 05:18:44Z
- fix the Gist plugin to work with github's stricter validation
(PR #11, Tatsuhiko Miyagawa)
- removed +x permissions on files (RT#102361)
- mark the Codepeek service as deprecated (RT#101823)
|
|
TEST_TARGET?= # to skip make test (but can be enabled by 'env TEST_TARGET=test make test')
for following packages:
devel/p5-File-ShareDir-Install
time/p5-DateTime-Format-Strptime
www/p5-LWP-Protocol-https
- Add BUILD_DEPENDS for make test
|
|
|
|
Depend on p5-CGI since it'll be removed from perl core soon.
Set LICENSE.
Bump PKGREVISION.
|
|
|
|
Upstream changes:
1.22 2015-01-29 04:51:51+01:00 Europe/Berlin
- Fix for the fix..... don't ask
1.21 2015-01-29 04:48:58+01:00 Europe/Berlin
- Fix for failing test if Plack is not installed
1.20 2015-01-28 16:20:59+01:00 Europe/Berlin
-new method 'part_data' which preserves multipart meta information just in cause
you have a form upload with unexpected charsets, etc.
|
|
|
|
Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.
Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.
Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.
This package tracks 8.x release branch.
|
|
* Remove PKG_DESTDIR_SUPPORT=destdir.
It seems that this package works fine with user-destdir.
Changelog:
Add support for Java 8 JSSE server-preferred TLS cipher suite ordering. This feature requires Java 8.
Update to Tomcat Native Library version 1.1.33 to pick up the Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1.
Implement a new feature for AJP connectors - Tomcat Authorization. If enabled Tomcat, will take an authenticated user name from the AJP protocol and use the appropriate Realm for the request to authorize (i.e. add roles) to that user.
Update the Eclipse JDT compiler to version 4.4.2.
|
|
Changes:
Wordpress 4.2:
o Press This has been completely revamped. Clip it, edit it, publish it. Get
familiar with the new and improved Press This. From the Tools menu, add Press
This to your browser bookmark bar or your mobile device home screen. Once
installed you can share your content with lightning speed. Sharing your
favorite videos, images, and content has never been this fast or this easy.
o Now you can browse and switch installed themes in the Customizer. Browse and
preview your installed themes from the Customizer. Make sure the theme looks
great with your content, before it debuts on your site.
o More intuitive plugin update and install from the Plugins Screen. Goodbye
boring loading screen, hello smooth and simple plugin updates. Click Update Now
and watch the magic happen.
o Writing in WordPress, whatever your language, just got better. WordPress 4.2
supports a host of new characters out-of-the-box, including native Chinese,
Japanese, and Korean characters, musical and mathematical symbols, and
hieroglyphs. Donโt use any of those characters? You can still have fun โ emoji
are now available in WordPress! Get creative and decorate your content with ๐,
๐ธ, ๐, ๐, and all the many other emoji.
Wordpress 4.2.1:
o fix for a critical cross-site scripting (XSS) vulnerability, which could
enable commenters to compromise a site.
|
|
* Fix X509 server certificate domain matching
* Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
* Cleanup: Display correct error code in debugging output for IoCallback::finish
* Cleanup: Fix spelling error in debug message in parseHttpRequest()
* Cleanup: Add whitespace to make debug message in writeComplete() more readable
* Add Kerberos support for MAC OS X 10.x
* Bug 4234: comm_connect_addr uses errno incorrectly
* Fix 'access_log none' to prevent following logs being used
* Unexpected SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
* Docs: Update CONTRIBUTORS
* Ensure class Lock counter remains within bounds
* Portability: Add hacks to define C++11 explicit N-bit type limits
* Fix SSL_get_peer_certificate memory leak
* Bug 4231 pt2: comm_open_uds does not provide description for newly opened FD
* Bug 4231 pt1: fd_open() not correctly handling empty descriptions
* Negotiate Kerberos authentication request size exceeds output buffer size.
* Do not increment an iterator invalidated by std::map::erase().
* Fix require-proxy-header preventing HTTPS proxying and ssl-bump
* Fix atomics check broken by C++11 #include added in v3.5 branch r13783
* Support for resuming TLS sessions
* Bug 4212: ssl_crtd crashes with corrupt database
* Fix rev.13795 ServerName class
* Add server_name ACL matching server name(s) obtained from various sources
* Bug 4226: digest_edirectory_auth: found but cannot be built
* Invalid request->clientConnectionManager object used by Ssl::PeerConnector::handleNegotiateError
* Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
* Fix cross-compile issues with SSL_get_certificate()
* Docs: RFC 7238 obsoleted by RFC 7538
* Boilerplate: reference Translator copyrights in CREDITS
* Cleanup: Place explicit size on ref-count lock counter
* Cleanup: extend SBuf debugging information
* digest_edirectory_auth: Fix -lnettle dependency error
|
|
Version 7.42.1 (28 Apr 2015)
Daniel Stenberg (28 Apr 2015)
- RELEASE-NOTES: 7.42.1 ready
- CURLOPT_HEADEROPT: default to separate
Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.
Bug: http://curl.haxx.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon
- RELEASE-NOTES: synced with a6e0270e
- sws: init http2 state properly
It would otherwise cause problems when running tests after 1801 etc.
- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
... as it was previouly undocumented what the pointer was.
- openssl: fix serial number output
The code extracting the cert serial number was broken and didn't display
it properly.
Bug: https://github.com/bagder/curl/issues/235
Reported-by: dkjjr89
- [Alessandro Ghedini brought this change]
curl.1: fix typo
- RELEASE-NOTES: toward 7.42.1, synced with 097460a
- [Kamil Dudka brought this change]
curl -z: do not write empty file on unmet condition
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
It also introduces a regression test 1424 based on tests 78 and 1423.
Reported-by: Viktor Szakats
Bug: https://github.com/bagder/curl/issues/237
- [Kamil Dudka brought this change]
docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too
- connectionexists: follow-up to fd9d3a1ef1f
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
enabled.
Mistake-caught-by: Kamil Dudka
- connectionexists: fix build without NTLM
Do not access NTLM-specific struct fields when built without NTLM
enabled!
bug: http://curl.haxx.se/?i=231
Reported-by: Patrick Rapin
- dist: include {src,lib}/checksrc.whitelist
|
|
Upstream changes:
0.303 Wed Apr 29 2015
[FIXES]
- closed RT #90414 (Vincenzo Buttazzo), fixing HTTPS data transfer
- closed RT #62950 (Slaven Rezic), adding the port to the Via: header
[DOCUMENTATION]
- added many more contributors in the META file
[TEST]
- fixed t/23connect.t
0.302 Sat Jan 31 2015
[DOCUMENTATION]
- fix RT #85632 (Ashley Pond V)
- multiple documentation fixes (Ashley Pond V)
- list git contributors in the META file
[PACKAGING]
- switch to Dist::Zilla for maintaining the distribution
|
|
+devel/p5-MetaCPAN-Client version 1.013000
+devel/p5-Search-Elasticsearch version 1.19
+net/p5-Test-RequiresInternet version 0.04
+www/p5-Any-URI-Escape version 0.01
+www/p5-Hijk version 0.20
+www/p5-WWW-Mechanize-Cached version 1.48
|
|
Uses the Cache::Cache hierarchy by default to implement a caching
Mech. This lets one perform repeated requests without hammering a
server impolitely.
Please note that Cache::Cache has been superceded by CHI, but the
default has not been changed here for reasons of backwards
compatibility. For this reason, you are encouraged to provide your own
CHI caching object to override the default.
|
|
URI::Escape is great, but URI::Escape::XS is faster. This module loads
URI::Escape::XS and imports the two most common methods if XS is
installed.
|
|
Hijk is a fast & minimal low-level HTTP client intended to be used
where you control both the client and the server, e.g. for talking to
some internal service from a frontend user-facing web application.
It is NOT a general HTTP user agent, it doesn't support redirects,
proxies, SSL and any number of other advanced HTTP features like (in
roughly descending order of feature completeness) LWP::UserAgent,
WWW::Curl, HTTP::Tiny, HTTP::Lite or Furl. This library is basically
one step above manually talking HTTP over sockets.
Having said that it's lightning fast and extensively used in
production at Booking.com where it's used as the go-to transport layer
for talking to internal services. It uses non-blocking sockets and
correctly handles all combinations of connect/read timeouts and other
issues you might encounter from various combinations of parts of your
system going down or becoming otherwise unavailable.
|
|
Upstream changes:
0.160000 2015-04-27 00:12:55+02:00 Europe/Amsterdam
[ BUG FIXES ]
* GH #868: Fix incorrect access name in $error->throw. (cdmalon)
* GH #879, #883: Fix version numbering in packaging and tests.
(Russell Jenkins)
* File serving (send_file) won't call serializer. (Russell Jenkins)
* GH #892, #510: Workaround for multiple plugins with hooks.
(Russell Jenkins, Alberto Sim็ซes)
* GH #558: Remove "prefix" inconsistency with possibly missing postfixed
forward slash. (Sawyer X)
[ DOCUMENTATION ]
* GH #816, #874 Document session engine changes in migration documentation.
(Chenchen Zhao)
* GH #866, #870: Clarify that you cannot forward to a static file, why,
and two different ways of accomplishing it without forward.
(Sakshee Vijayvargia)
* GH #878: Rework example for optional named matching due to operator
precedence. (Andrew Solomon)
* GH #844: Document Simple session backend is the default. (Sawyer X)
[ ENHANCEMENT ]
* GH #869: Streaming file serving (send_file). (Russell Jenkins)
* GH #793: "prefix" now supports the path definition spec. (Sawyer X)
* GH #817, #845: Route spec under a prefix doesn't need to start with
a slash (but must without a prefix).
(Sawyer X, Russell Jenkins)
* GH #871: Use Safe.pm instead of eval with Dancer2::Serializer::Dumper.
(David Zurborg)
* GH #880: Reduce and cleanup different logging calls in order to handle
the stack frames traceback for logging classes. (Russell Jenkins)
* GH #857, #875: When failing to render in Template::Toolkit, make the
error reflect it's a TT error, not an internal one.
(valerycodes)
|
|
|
|
libraries, and ensure the socket libraries are added for both the main
library and test programs which use the static library.
While here use OPSYSVARS instead of bsd.fast.prefs.mk
|
|
includes Test::use:ok since 1.001010.
PKGREVISION++.
(For BUILD_DEPENDS, assuming Test::use:ok will be removed sometime.)
|
|
|
|
|
|
Upstream changes:
1.3135 2015-04-22
[DOCUMENTATION]
- Document how to work with Dist::Zilla and the 'devel' branch.
[ENHANCEMENTS]
- Deprecate 'auto_reload' and document alternatives. (GH#1106, isync)
- Change YAML tests to be in line with new specs. (GH#1108, Slaven Rezi)
[STATISTICS]
- code churn: 12 files changed, 150 insertions(+), 50 deletions(-)
|
|
|
|
|
|
for the Django Web Framework 1.4+. It includes 3 different tree
implementations: Adjacency List, Materialized Path and Nested Sets.
|
|
|
|
This release includes the following changes:
o openssl: show the cipher selection to use in verbose text
o gtls: implement CURLOPT_CERTINFO
o add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
o curl: add --false-start option
o add CURLOPT_PATH_AS_IS
o curl: add --path-as-is option
o curl: create output file on successful download of an empty file
This release includes the following bugfixes:
o ConnectionExists: for NTLM re-use, require credentials to match
o cookie: cookie parser out of boundary memory access
o fix_hostname: zero length host name caused -1 index offset
o http_done: close Negotiate connections when done
o sws: timeout idle CONNECT connections
o nss: improve error handling in Curl_nss_random()
o nss: do not skip Curl_nss_seed() if data is NULL
o curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
o http2: move lots of verbose output to be debug-only
o dist: add extern-scan.pl to the tarball
o http2: return recv error on unexpected EOF
o build: Use default RandomizedBaseAddress directive in VC9+ project files
o build: Removed DataExecutionPrevention directive from VC9+ project files
o tool: Updated the warnf() function to use the GlobalConfig structure
o http2: Return error if stream was closed with other than NO_ERROR
o mprintf.h: remove #ifdef CURLDEBUG
o libtest: fixed linker errors on msvc
o tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
o curl.1: fix "The the" typo
o cmake: handle build definitions CURLDEBUG/DEBUGBUILD
o openssl: remove all uses of USE_SSLEAY
o multi: fix memory-leak on timeout (regression)
o curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
o metalink: add some error checks
o TLS: make it possible to enable ALPN/NPN without HTTP/2
o http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
o conncontrol: only log changes to the connection bit
o multi: fix *getsock() with CONNECT
o symbols.pl: handle '-' in the deprecated field
o MacOSX-Framework: use @rpath instead of @executable_path
o GnuTLS: add support for CURLOPT_CAPATH
o GnuTLS: print negotiated TLS version and full cipher suite name
o GnuTLS: don't print double newline after certificate dates
o memanalyze.pl: handle free(NULL)
o proxy: re-use proxy connections (regression)
o mk-ca-bundle: Don't report SHA1 numbers with "-q"
o http: always send Host: header as first header
o openssl: sort ciphers to use based on strength
o openssl: use colons properly in the ciphers list
o http2: detect premature close without data transfered
o hostip: Fix signal race in Curl_resolv_timeout
o closesocket: call multi socket cb on close even with custom close
o mksymbolsmanpage.pl: use std header and generate better nroff header
o connect: Fix happy eyeballs logic for IPv4-only builds
o curl_easy_perform.3: remove superfluous close brace from example
o HTTP: don't use Expect: headers when on HTTP/2
o Curl_sh_entry: remove unused 'timestamp'
o docs/libcurl: makefile portability fix
o mkhelp: Remove trailing carriage return from every line of input
o nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
o curl_easy_setopt.3: added a few missing options
o metalink: fix resource leak in OOM
o axtls: version 1.5.2 now requires that config.h be manually included
o HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
o cyassl: detect the library as renamed wolfssl
o CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section
o CURLOPT_URL.3: Added "SECURITY CONCERNS
o openssl: try to avoid accessing OCSP structs when possible
o test938: added missing closing tags
o testcurl: Allow '=' in values given on command line
o tests/certs: added make target to rebuild certificates
o tests/certs: rebuild certificates with modified key usage bits
o gtls: avoid uninitialized variable
o gtls: dereferencing NULL pointer
o gtls: add check of return code
o test1513: eliminated race condition in test run
o dict: rename byte to avoid compiler shadowed declaration warning
o curl_easy_recv/send: make them work with the multi interface
o vtls: fix compile with --disable-crypto-auth but with SSL
o openssl: adapt to ASN1/X509 things gone opaque in 1.1
o openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
o curl_memory: make curl_memory.h the second-last header file loaded
o testcurl.pl: add the --notes option to supply more info about a build
o cyassl: If wolfSSL then identify as such in version string
o cyassl: Check for invalid length parameter in Curl_cyassl_random
o cyassl: default to highest possible TLS version
o Curl_ssl_md5sum: return CURLcode (fixes OOM)
o polarssl: remove dead code
o polarssl: called mbedTLS in 1.3.10 and later
o globbing: fix step parsing for character globbing ranges
o globbing: fix url number calculation when using range with step
o multi: on a request completion, check all CONNECT_PEND transfers
o build: link curl to openssl libraries when openssl support is enabled
o url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
o vtls: Don't accept unknown CURLOPT_SSLVERSION values
o build: Fix libcurl.sln erroneous mixed configurations
o cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
o cyassl: add SSL context callback support for CyaSSL
o tool: only set SSL options if SSL is enabled
o multi: remove_handle: move pending connections
o configure: Use KRB5CONFIG for krb5-config
o axtls: add timeout within Curl_axtls_connect
o CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
o cyassl: Fix library initialization return value
o cookie: handle spaces after the name in Set-Cookie
o http2: Fix missing nghttp2_session_send call in Curl_http2_switched
o cyassl: Fix certificate load check
o build-openssl.bat: Fix mixed line endings
o checksrc.bat: Check lib\vtls source
o DNS: fix refreshing of obsolete dns cache entries
o CURLOPT_RESOLVE: actually implement removals
o checksrc.bat: quotes to support an SRC_DIR with spaces
o cyassl: Remove 'Connecting to' message from cyassl_connect_step2
o cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
o lib/transfer.c: Remove factor of 8 from sleep time calculation
o lib/makefile.m32: add missing libs to build libcurl.dll
o build: Generate source prerequisites for Visual Studio in generate.bat
o cyassl: Include the CyaSSL build config
o firefox-db2pem: fix wildcard to find Firefox default profile
o BUGS: refer to the github issue tracker now as primary
o vtls_openssl: improve several certificate error messages
o cyassl: Add support for TLS extension SNI
o parsecfg: do not continue past a zero termination
o configure --with-nss=PATH: query pkg-config if available
o configure --with-nss: drop redundant if statement
o cyassl: Fix include order
o HTTP: fix PUT regression with Negotiate
o curl_version_info.3: fixed the 'protocols' variable type
|
|
Changes:
4.1.1:
Maintenance release, fixed 21 bugs.
4.1.2:
- A serious critical cross-site scripting vulnerability, which could enable
anonymous users to compromise a site.
- Files with invalid or unsafe names could be uploaded.
- Some plugins are vulnerable to an SQL injection attack.
- A very limited cross-site scripting vulnerability could be used as part of a
social engineering attack.
- Four hardening changes, including better validation of post titles within the
Dashboard.
|
|
4.15 2015-04-20
[ RELEASE NOTES ]
- This release removes the AUTOLOAD and compile optimisations from CGI.pm
that were introduced into CGI.pm twenty (20) years ago as a response to
its large size, which meant there was a significant compile time penalty.
- This optimisation is no longer relevant and makes the code difficult to
deal with as well as making test coverage metrics incorrect. Benchmarks
show that advantages of AUTOLOAD / lazy loading / deferred compile are
less than 0.05s, which will be dwarfed by just about any meaningful code
in a cgi script. If this is an issue for you then you should look at
running CGI.pm in a persistent environment (FCGI, etc)
- To offset some of the time added by removing the AUTOLOAD functionality
the dependencies have been made runtime rather than compile time. The
POD has also been split into its own file. CGI.pm now contains around
4000 lines of code, which compared to some modules on CPAN isn't really
that much
- This essentially deprecates the -compile pragma and ->compile method. The
-compile pragma will no longer do anything, whereas the ->compile method
will raise a deprecation warning. More importantly this also REMOVES the
-any pragma because as per the documentation this pragma needed to be
"used with care or not at all" and allowing arbitrary HTML tags is almost
certainly a bad idea. If you are using the -any pragma and using arbitrary
tags (or have typo's in your code) your code will *BREAK*
- Although this release should be back compatible (with the exception of any
code using the -any pragma) you are encouraged to test it throughly as if
you are doing anything out of the ordinary with CGI.pm (i.e. have bugs
that may have been masked by the AUTOLOAD feature) you may see some issues.
- References: GH #162, GH #137, GH #164
[ SPEC / BUG FIXES ]
- make the list context warning in param show the filename rather than
the package so we have more information on exactly where the warning
has been raised from (GH #171)
- correct self_url when PATH_INFO and SCRIPT_NAME are the same but we
are not running under IIS (GH #176)
- Add the multi_param method to :cgi export (thanks to xblitz for the patch
and tests. GH #167)
- Fix warning for lack of HTTP_USER_AGENT in CGI::Carp (GH #168)
- Fix imports when called from CGI::Fast, restores the import of CGI functions
into the callers namespace for users of CGI::Fast (GH leejo/cgi-fast#11 and
GH leejo/cgi-fast#12)
[ FEATURES ]
- CGI::Carp now has $CGI::Carp::FULL_PATH for displaying the full path to the
offending script in error messages
- CGI now has env_query_string() for getting the value of QUERY_STRING from the
environment and not that fiddled with by CGI.pm (which is what query_string()
does) (GH #161)
- CGI::ENCODE_ENTITIES var added to control which chracters are encoded by the
call to the HTML::Entities module - defaults to &<>"\x8b\x9b' (GH #157)
[ DOCUMENTATION ]
- Fix some typos (GH #173, GH #174)
- All *documentation* for HTML functionality in CGI has been moved into
its own namespace: CGI::HTML::Functions - although the functionality
continues to exist within CGI.pm so there are no code changes required
(GH #142)
- Add missing documentation for env variable fetching routines (GH #163)
[ TESTING ]
- Increase test coverage (GH #3)
[ INTERNALS ]
- Cwd made a TEST_REQUIRES rather than a BUILD_REQUIRES in Makefile.PL
(GH #170)
- AutoloadClass variables have been removed as AUTOLOAD was removed in
v4.14 so these are no longer necessary (GH #172 thanks to alexmv)
- Remove dependency on constant - internal DEBUG, XHTML_DTD and EBCDIC
constants changes to $_DEBUG, $_XHTML_DTD, and $_EBCDIC
|
|
* Sync with firefox-37.0.2.
|
|
Changelog:
Fixed Request Desktop Site feature does not work as expected
|
