#911194 Unable to automatically insert auto_increment values
#911297 Incorrect displaying of HTML text in in-line edition mode
#918163 Fieldnames don´t appear on csv export with selected rows
#918363 The Server Information box does not include Chive Version
#911136 Security vulnerability fix
(fix committed in http://bazaar.launchpad.net/~fusonic/chive/1.0/revision/417,
bug report is hidden - missing html escaping in table names etc)
- 3.0.4 was generating bogus 'delete' commands in some cases;
I noticed this when trying to use memcache as a session storage
backend with Roundcube webmail - this update fixes this.
SlowHTTPTest is a highly configurable tool that simulates some
Application Layer Denial of Service attacks.
It implements most common low-bandwidth Application Layer DoS attacks,
such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist
timer exploit) by draining concurrent connections pool, as well as Apache
Range Header attack by causing very significant memory and CPU usage on the
server.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP
protocol, by design, requires requests to be completely received by the
server before they are processed. If an HTTP request is not complete, or if
the transfer rate is very low, the server keeps its resources busy waiting
for the rest of the data. If the server keeps too many resources busy, this
creates a denial of service. This tool is sending partial HTTP requests,
trying to get denial of service from target HTTP server.
Slow Read DoS attack aims the same resources as slowloris and slow POST,
but instead of prolonging the request, it sends legitimate HTTP request and
reads the response slowly.
- Buffer overflow when pasting too long text from clipboard to dialog
boxes (not remotely exploitable)
- A write out of allocated memory in the graphics renderer
(potentially exploitable)
- An infinite loop when parsing invalid usemap specification in text and
graphics mode (can cause browser lockup, but not otherwise exploitable)
- Accesses out of memory in the xbm decoder (potentially exploitable)
Also drop dip.c patch to resolve crashes with libpng 1.5, upstream
appears to have fixed this separately in the update to 2.5.
Thanks jasper@ for additional testing.
Using Catalyst::Plugin::FormValidator is not recommended as the module
takes over the global $c->form method, rather than being applicable in
only part of your Catalyst application. Furthermore,
Data::FormValidator itself is not recommended for use.
from Andreas Voegele
Catalyst::Plugin::Cache::Store::FastMmap is deprecated because
Cache::FastMmap no longer needs to be wrapped to store plain values.
from Andreas Voegele
Fixes Catalyst with Moose 1.24+, this has been broken in the tree for a
while.
This and the many related updates to follow are all from Andreas Voegele's
repo at https://github.com/voegelas/openbsd-mystuff, thanks Andreas, this must
have been a huge bunch of work. I have forked this at github/sthen/p5-ports-wip
and am removing things from there once committed, there are various additional
new perl ports there and it would be nice if people could help work through
what's left.
Plack::Test::ExternalServer allows your to run your Plack::Test tests
against an external server instead of just against a local application
through either mocked HTTP or a locally spawned server.
Plack::Middleware::ReverseProxy resets some HTTP headers, which were
changed by reverse-proxy. You can specify the reverse proxy address and
stop fake requests using the 'enable_if' directive in your app.psgi.
Adds a "COMPONENT" method to your Catalyst component base class that
reads the optional traits parameter from app and component config and
instantiates the component subclass with those traits using
"new_with_traits" in MooseX::Traits from MooseX::Traits::Pluggable.
Catalyst::Plugin::Cache::Store::FastMmap is deprecated because
Cache::FastMmap no longer needs to be wrapped to store plain values.
from Andreas Voegele's repo
Catalyst::Plugin::Cache::FileCache has been deprecated in favor of
Catalyst::Plugin::Cache, which can be configured to use a FileCache
backend.
from Andreas Voegele's repo
- disable static libs, shrinks package size by a factor 3
- now depends on geoclue for geolocation purposes (of course its up to
the browsers to enable the feature or not..)
- simplify Makefile/FLAVORS/SHARED_LIBS
- fold most of the PFRAGs to PLIST by using variables
- remove patch-Source_JavaScriptCore_runtime_JSValue_h, seems it was
added for sparc64 but now it breaks the build there, and noone has been
able to justify the addition of that patch. Without it, GtkLauncher
shows simple html websites on sparc64 and crashes as soon as some js is
involved, but thats not much different from before
- remove patch-Source_JavaScriptCore_wtf_text_StringHash_h &
patch-Source_JavaScriptCore_wtf_text_StringImpl_cpp, replaced by
patch-Source_JavaScriptCore_runtime_UString_h for mips64/sparc64
- add patch-Source_JavaScriptCore_wtf_NumberOfCores_cpp for #82585
tested on i386/amd64 by several, amd64 bulk build, ppc & sparc64 testing
by myself. mips64el in the works..
ok ajacoutot@
