| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
revision.
|
|
|
|
|
|
### 4.1.2 (2016-03-22)
* Handle derived classes in the exception converter (see #462).
* Prevent the autofocus attribute from being added multiple times (see contao/core#8281).
* Respect the SSL settings of the root page when generating sitemaps (see contao/core#8270).
* Read from the temporary file if it has not been closed yet (see contao/core#8269).
* Always use HTTPS if the target server supports SSL connections (see contao/core#8183).
* Adjust the meta wizard field length to the column length (see contao/core#8277).
* Correctly handle custom mime icon paths (see contao/core#8275).
* Show the 404 error page if an unpublished article is requested (see contao/core#8264).
* Correctly count the URLs when rebuilding the search index (see contao/core#8262).
* Ensure that every image has a width and height attribute (see contao/core#8162).
* Set the correct mime type when embedding SVG images (see contao/core#8245).
* Handle the "float_left" and "float_right" classes in the back end (see contao/core#8239).
* Consider the fallback language if a page alias is ambiguous (see contao/core#8142).
* Fix the error 403/404 redirect (see contao/website#74).
|
|
affected by the same problem.
Should fix build issues on NetBSD/i386 (noticed via tnn@'s bulk builds).
|
|
Version 3.5.9 (2016-03-21)
--------------------------
### Fixed
Prevent the autofocus attribute from being added multiple times (see #8281).
### Fixed
Respect the SSL settings of the root page when generating sitemaps (see #8270).
### Fixed
Read from the temporary file if it has not been closed yet (see #8269).
### Fixed
Always use HTTPS if the target server supports SSL connections (see #8183).
### Fixed
Adjust the meta wizard field length to the column length (see #8277).
### Fixed
Correctly handle custom mime icon paths (see #8275).
### Fixed
Only log errors that have been configured to get logged (see #8267).
### Fixed
Show the 404 error page if an unpublished article is requested (see #8264).
### Fixed
Correctly count the URLs when rebuilding the search index (see #8262).
### Fixed
Ensure that every image has a width and height attribute (see #8162).
### Fixed
Set the correct mime type when embedding SVG images (see #8245).
### Fixed
Handle the "float_left" and "float_right" classes in the back end (see #8239).
### Fixed
Consider the fallback language if a page alias is ambiguous (see #8142).
### Fixed
Fix the error 403/404 redirect (see contao/website#74).
|
|
Changelog:
Version 9.0.0 March 8 2016
Major new ownCloud release, more info announcement and upgrading blogs. Summary:
New: Comments on files
New: Tags for files
New: Notifications (separate from Activity feed)
New: (Federation) Auto-complete of user names
New: (Federation) Trusted Servers
New: Code signing, checked when updating or installing core and apps
New: Stand-alone updater for more reliable upgrading
Improved sharing behavior and performance
New External Storage API's for improved scalability
Calendar and Contacts Apps were rewritten. The CalDAV and CardDAV backends are now part of core
Security hardening
ownCloud API work to improve scalability
Many small improvements
|
|
|
|
* Sync with firefox38-38.7.1
|
|
Changelog:
Fixed
Loading from history can show the wrong url in the location bar (Bug 1256194)
Changed
Disabled Graphite font shaping library
|
|
* Sync with firefox-45.0.1
|
|
Changelog:
Fixed
Fix a potential performance regression (Youtube for example) (1220502)
Fix a regression causing search engine settings to be lost in some context (1254694)
Bring back non-standard jar: URIs to fix a regression in IBM iNotes (1255139)
XSLTProcessor.importStylesheet was failing when <import> was used (1249572)
Fix an issue which could cause the list of search provider to be empty (1255605)
Fix a regression when using the location bar (1254503)
Fix some loading issues when Accept third-party cookies: was set to Never (1254856)
Changed
Disabled Graphite font shaping library
|
|
|
|
Upstream changes:
6.56 2016-03-16
- Added hidden option to list_files method in Mojo::Home. (batman, sri)
- Added hidden option to files function in Mojo::Util. (batman, sri)
- Fixed bug where Morbo would not ignore hidden files. (batman, sri)
- Fixed bug where Morbo would ignore the --verbose option.
- Fixed keep-alive bug in Mojo::UserAgent. (jberger)
|
|
Changes to GoAccess 0.9.8 - Monday, February 29, 2016
- Added a more complete list of static extensions to the config file.
- Added Android 6.0 Marshmallow to the list of OSs.
- Added the ability to scroll through panels on TAB with option to disable it
--no-tab-scroll.
- Added the first and last log dates to the overall statistics panel.
- Ensure GoAccess links correctly against libtinfo.
- Ensure static content is case-insensitive verified.
- Fixed bandwidth overflow issue (numbers > 2GB on non-x86_64 arch).
- Fixed broken HTML layout when html-method/protocol is missing in config file.
- Refactored parsing and display of available modules/panels.
|
|
Changes:
WebKitGTK+ 2.4.10 released!
This is a bug fix release in the stable 2.4 series.
What's new in the WebKitGTK+ 2.4.10 release?
* Fix rendering of form controls and scrollbars with GTK+ >= 3.19
* Fix crashes on PPC64.
* Fix the build on powerpc 32 bits.
* Add ARM64 build support.
* Translation updates: German, Spanish, French, Italian, Korean, Brazilian
Portuguese, Russian, Chinese.
* Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081,
CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809,
CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743,
CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741,
CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794,
CVE-2015-1127, CVE-2015-1153, CVE-2015-1083.
Thanks to all the contributors who made possible this release.
|
|
* Cast request body to string when uploading
* Add the ability to override the Response class
* Ensure the form data is freed in cleanup
* Don't fail with invalid charset names
|
|
=== raindrops 0.16.0 - minor fixes and workarounds / 2016-02-29 12:36 UTC
There's mainly a fix/workaround for Ruby 2.3 now returning
locale-aware strings for File.readlink and our test suite
using strange paths allowed by *nix.
https://bugs.ruby-lang.org/issues/12034
tcp_listener_stats won't return "true" object placeholders
if stats are configured for a non-existent listener.
There are also minor optimizations for Ruby 2.2+ (at the expense
of 2.1 and earlier).
And the usual round of minor tweaks and doc updates.
10 changes since v0.15.0:
gemspec: avoid circular dependency on unicorn
remove optimizations which made sense for older rubies
linux: workaround Ruby 2.3 change
linux: remove Pathname stdlib dependency
add .gitattributes for Ruby method detection
middleware: minor bytecode size reduction
doc: update URLs and references
README: remove indentation from URLs in RDoc
linux: tcp_listener_stats drops "true" placeholders
build: use '--local' domain for dev gem install
|
|
* Specify constraint to avoid including . in capture.
* Implement Mustermann::Grape.
|
|
=== 2.16.0 / 2016-01-27
* 7 minor features:
* Add 'set_remote_address' config option
* Allow to run puma in silent mode
* Expose cli options in DSL
* Support passing JRuby keystore info in ssl_bind DSL
* Allow umask for unix:/// style control urls
* Expose `old_worker_count` in stats url
* Support TLS client auth (verify_mode) in jruby
* 7 bug fixes:
* Don't persist before_fork hook in state file
* Reload bundler before pulling in rack. Fixes #859
* Remove NEWRELIC_DISPATCHER env variable
* Cleanup C code
* Use Timeout.timeout instead of Object.timeout
* Make phased restarts faster
* Ignore the case of certain headers, because HTTP
* 1 doc changes:
* Test against the latest Ruby 2.1, 2.2, 2.3, head and JRuby 9.0.4.0 on Travis
* 12 merged PRs
* Merge pull request #822 from kwugirl/remove_NEWRELIC_DISPATCHER
* Merge pull request #833 from joemiller/jruby-client-tls-auth
* Merge pull request #837 from YuriSolovyov/ssl-keystore-jruby
* Merge pull request #839 from mezuka/master
* Merge pull request #845 from deepj/timeout-deprecation
* Merge pull request #846 from sriedel/strip_before_fork
* Merge pull request #850 from deepj/travis
* Merge pull request #853 from Jeffrey6052/patch-1
* Merge pull request #857 from zendesk/faster_phased_restarts
* Merge pull request #858 from mlarraz/fix_some_warnings
* Merge pull request #860 from zendesk/expose_old_worker_count
* Merge pull request #861 from zendesk/allow_control_url_umask
|
|
Padrino 0.13.1 - Router and Reloader Updates, Ruby Compatibility, and Bug Fixes
Posted on January 17, 2016 by Nathan Esquenazi
Padrino 0.13.0 was shipped 3 months ago on October 2015 and laid important
groundwork towards our eventual 1.0 release but also introduced some new
issues. After a few months of effort, we are excited to announce the release
of Padrino 0.13.1! This version is filled with routing and reloader
optimizations, compatibility updates, and bug fixes. Full details for this
release are below.
Router and Reloader Updates
The biggest improvement in this release is a significant reduction in the
memory usage of Padrino apps by changing the configuration of the underlying
mustermann router. Full list of improvements to router and reloader include:
* FIX #1975 Improve routing memory usage and performance (@namusyaka)
* FIX #1982 Support nested query for expanding path (@namusyaka)
* FIX #1978 Enable reloading of custom dependencies (@markglenfletcher)
Ruby Compatibility
Padrino 0.13.1 has been fixed to be fully compatible with Ruby 2.3 thanks to
@tyabe:
* FIX #2000 Fix mutex handling for Ruby 2.3 (@tyabe)
Bug Fixes and Miscellaneous
There are also several bug fixes and other updates:
* FIX Remove use of ActiveSupport in tests (@ujifgc)
* FIX #1994 Missing new line in mocha generator (@peter50216)
* FIX #1995 Invalid german dates (@ujifgc)
* FIX #1998 Only output a warning message if the spec task is invoked
(@postmodern)
* FIX #1882 test for selected values for select tag (@ujifgc)
* FIX rendering exception for custom mime types (@nesquena)
* FIX relax mail gem dependency (@ujifgc)
* FIX minor doc typos (@lokyoung, @markglenfletcher)
|
|
= 1.4.7 / 2016-01-24
* Add Ashley Williams, Trevor Bramble, and Kashyap Kondamudi to team Sinatra.
* Correctly handle encoded colons in routes. (Jeremy Evans)
* Rename CHANGES to CHANGELOG.md and update Rakefile. #1043 (Eliza Sorensen)
* Improve documentation. #941, #1069, #1075, #1025, #1052 (Many great folks)
* Introduce `Sinatra::Ext` to workaround Rack 1.6 bug to fix Ruby 1.8.7
support. #1080 (Zachary Scott)
* Add CONTRIBUTING guide. #987 (Katrina Owen)
|
|
3.4.21 (11 January 2016)
This is a bug fix release.
* Consistent output formatting for numbers close to an integer.
Issue #1931
* Correctly round negative numbers that were almost but not quite a whole
number (slightly greater than the negative number).
Issue #1938
* Don't strip escaped semicolons from compressed output.
Issue #1932
* Only compress around dashes within nth selectors.
Issue #1933
* Selector compression of whitespace around commas was affecting attribute
values.
Issue #1947
* Make subtraction work when a unit is followed directly by a hyphen and then
a period. For example, 1em-.75em now returns 0.25em rather than
1em-0.75em. This is consistent with the behavior when the subtrahend begins
with a 0.
Issue #1954
|
|
## 1.6.1
* Revert 'No longer read responses from cache when we already have them'
## 1.6.0
* Noop backend
* No longer read responses from cache when we already have them
* renamed files from entitystore -> entity_store (metastore/cachecontrol/appengine) and added warns for old ones
|
|
pkgsrc change:
Drop dependency to ruby-rb-fsevent on Darwin since ruby-listen depends on
ruby-rb-fsevent now.
Changes are too many to write here, please refer <https://github.com/jekyll/jekyll/releases>.
|
|
* Test against Jekyll 2 and 3. (#30)
* watcher: set LISTEN_GEM_DEBUGGING if --verbose flag set (#31)
* Apply Rubocop auditing and fix up (#32)
|
|
Changes are not available.
|
|
#Version 2.6.2
Relase date: 2016-01-27
### Fixed
* support for more than just addressable 2.4.0 [Thomas Walpole]
# Version 2.6.1
Release date: 2016-01-27
### Fixed
* Add missing require for addressable [Jorge Bejar]
# Version 2.6.0
Relase date: 2016-01-17
### Fixed
* Fixed path escaping issue with current_path matchers [Tom Walpole, Luke Rollans] (Issue #1611)
* Fixed circular require [David RodrÃguez]
* Capybara::RackTest::Form no longer overrides Object#method [David Rodriguez]
* options and with_options filter for :select selector have more intuitive visibility behavior [Nathan]
* Test for nested modal API method support [Tom Walpole]
### Added
* Capybara.modify_selector [Tom Walpole]
* xfeature and ffeature aliases added when using RSpec [Filip Bartuzi]
* Selenium driver supports a :clear option to #set to handle different strategies for clearing a field [Tom Walpole]
* Support the use of rack 2.0 with the rack_test driver [Travis Grathwell, Tom Walpole]
* Disabled option for default selectors now supports true, false, or :all [Jillian Rosile, Tom Walpole]
* Modal API methods now default wait time to Capybara.max_default_wait_time [Tom Walpole]
|
|
These should never have made it in. Bump resp. PKGREVISIONs.
|
|
|
|
|
|
|
|
|
|
|
|
Fixes CVE-2016-2145 and CVE-2016-2146
Changes since 0.10.0 frome NEWS file and patches/patch-0274
patch-0274
---------------------------------------------------------------------------
* Return 500 Internal Server Error if probe discovery fails.
Version 0.12.0
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data.
In addition this release contains the following new features and fixes:
* Add MellonRedirecDomains option to limit the sites that
mod_auth_mellon can redirect to. This option is enabled by default.
* Add support for ECP service options in PAOS requests.
* Fix AssertionConsumerService lookup for PAOS requests.
Version 0.11.1
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data
Version 0.11.0
---------------------------------------------------------------------------
* Add SAML 2.0 ECP support.
* The MellonDecode option has been disabled. It was used to decode
attributes in a Feide-specific encoding that is no longer used.
* Set max-age=0 in Cache-Control header, to ensure that all browsers
verifies the data on each request.
* MellonMergeEnvVars On now accepts second optional parameter, the
separator to be used instead of the default ';'.
* Add option MellonEnvVarsSetCount to specify if the number of values
for any attribute should also be stored in environment variable
suffixed _N.
* Add option MellonEnvVarsIndexStart to specify if environment variables
for multi-valued attributes should start indexing with 0 (default) or
with 1.
* Bugfixes:
* Fix error about missing authentication with DirectoryIndex in
Apache 2.4.
|
|
Fix failed assertions not being set to stderr
Fix version not working when compiled with Visual Studio
Fix poor handling of UTF-8 characters in paths
|
|
|
|
|
|
This HTTP extension aims to provide a convenient and powerful
set of functionality for one of PHPs major applications.
It eases handling of HTTP urls, dates, redirects, headers and
messages, provides means for negotiation of clients preferred
language and charset, as well as a convenient way to send any
arbitrary data with caching and resuming capabilities.
|
|
Property proxy: A reusable split-off of pecl_http's property proxy API.
|
|
|
|
2.5.6
* Fix php-bug #71719: Buffer overflow in HTTP url parsing
functions
* Fix gh-issue #28: Possible null pointer dereference
in php_http_url_mod()
* Fix gh-issue #22: Fix PHP5 config.w32
* Fix gh-issue #20: setSslOptions notice with curl 7.43
2.5.5
* Fixed gh-issue #16: No Content-Length header with empty
POST requests
2.5.3
* Fixed gh-issue #12: crash on bad url passed
to http\Message::setRequestUrl()
* The URL parser now fails on empty labels
2.5.2
* Fixed regression with HEAD requests always warning about
a partial file transfer
+ Added "path_as_is" request option (libcurl >= 7.42)
|
|
* Internals documentation at http://m6w6.github.io/ext-propro/v1.0.x/
* Travis support
* Fix package.xml's maximum and minimum PHP version
|
|
* Sync with firefox38-38.7.0
|
|
Changelog:
Fixed in Firefox ESR 38.7
2016-37 Font vulnerabilities in the Graphite 2 library
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-31 Memory corruption with malicious NPAPI plugin
2016-28 Addressbar spoofing though history navigation and Location protocol property
2016-27 Use-after-free during XML transformations
2016-25 Use-after-free when using multiple WebRTC data channels
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-21 Displayed page address can be overridden
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
2015-136 Same-origin policy violation using performance.getEntries and history navigation
2015-81 Use-after-free in MediaStream playback
|
|
No PKGREVISION bump as does not affect any existing successful build
|
|
Upstream changes:
6.55 2016-03-08
- Deprecated Mojo::Server::Morbo::check in favor of
Mojo::Server::Morbo::modified_files. (leejo, nugged)
- Added modified_files method to Mojo::Server::Morbo. (leejo, nugged)
- Improved renderer performance slightly.
- Fixed a bug where Morbo would restart more than once if multiple files
changed at the same time. (leejo, nugged)
6.54 2016-03-06
- Deprecated Mojo::Template::build and Mojo::Template::compile.
- Deprecated Mojo::Template::interpret in favor of Mojo::Template::process.
- Added support for named variables to Mojo::Template.
- Added vars attribute to Mojo::Template.
- Added process method to Mojo::Template.
- Improved Mojo::Template performance slightly.
|
|
and is only useful for Gecko developers.
|
|
SYnc with firefox-45.0
* Add gn locale
|
|
Changelog:
New
Instant browser tab sharing through Hello
Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
Synced Tabs button in button bar
Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
Guarani [gn] locale added
Fixed
URLs containing a Unicode-format Internationalized Domain Name (IDN) are now properly redirected
Various security fixes
Fixed in Firefox 45
2016-37 Font vulnerabilities in the Graphite 2 library
2016-36 Use-after-free during processing of DER encoded keys in NSS
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-33 Use-after-free in GetStaticInstance in WebRTC
2016-32 WebRTC and LibVPX vulnerabilities found through code inspection
2016-31 Memory corruption with malicious NPAPI plugin
2016-30 Buffer overflow in Brotli decompression
2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore
2016-28 Addressbar spoofing though history navigation and Location protocol property
2016-27 Use-after-free during XML transformations
2016-26 Memory corruption when modifying a file being read by FileReader
2016-25 Use-after-free when using multiple WebRTC data channels
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager
2016-21 Displayed page address can be overridden
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-19 Linux video memory DOS with Intel drivers
2016-18 CSP reports fail to strip location information for embedded iframe pages
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
|
