------
v3.1.4
------
[jan] SECURITY: Correctly quote file names in cleanup script for temporary
files.
[jan] Fix RPC authentication on CGI SAPIs.
[jan] Detect unencrypted PGP messages.
----------
v3.1.4-RC1
----------
[jan] SECURITY: Fix an XSS vulnerability in the language selection.
[jan] Complete Cyrus virtual domain support in cyrsql driver (Vilius Sumskas
<vilius@lnk.lt>, Request #4967).
[jan] Add option whether to strip domains from usernames in the account block
(Request #4955).
[jan] Fix email lists not being validated under certain conditions (Bug #4834).
[cjh] Add a REST-ful preferences interface.
[cjh] Faster DataTree-to-SQL History migration script
(josh@endries.org, Request #4732).
[cjh] Improved automatic webroot detection (Ben Klang, Request #4126).
[cjh] Rewrite and fix the OCI8 SessionHandler (Bug #3452).
[cjh] Allow signup hooks to override the user_name and password fields
(thomas@gelf.net, Request #2904).
[cjh] Fix creation of mailbox quotas by the Auth_cyrus driver
(pascal@vmfacility.fr, Bug #4678).
[cjh] Add "Save and Finish" to the share edit window (webmgr@muskingum.edu,
Request #4307).
[cjh] Let mailto: and anchor (#) links through Horde::externalUrl (Bug #3079).
[cjh] Add smbclient version of the SMB Auth class (larry@wimble.biz,
Request #4338).
[cjh] Remove problematic "data descriptor" segment from generated ZIP files
(reitsma@denison.edu, Bug #4670).
[cjh] Strip accesskeys from menu tooltips when only showing icons (Bug #4667).
[jan] Fix saving files in the root directory of an SQL VFS backend (Bug #4652,
Ben Klang <ben@alkaloid.net>).
[jan] Fix displaying all maintenance tasks to be confirmed at once (Bug #4377).
[cjh] Fix return format of DataTree_null::getByAttributes()
(thomas.jarosch@intra2net.com, Bug #4651).
[jan] Support departments in vCard's ORG properties (martin@matuska.org,
Request #4285).
[cjh] Rename Auth_sasl backend to Auth_peclsasl to avoid conflicts with PEAR's
Auth_SASL (Bug #4547).
[cjh] Implement handling of vTimezones in iCalendar data
(Carl Thompson <lists-horde@carlthompson.net>, Bug #4399).
[cjh] keybindings.js now works with Safari/KHTML.
[jan] Avoid recursive folder creation when sharing Kolab folders
(michael.sheldon@credativ.de, Bug #4325).
[jan] Add Kolab specific account block driver to support special Kolab users
(mzizka@hotmail.com, Request: #4119).
[mms] Only dim below the last signature line of input text in the dimsignature
Text_Filter driver.
Changes to squid-2.6.STABLE11 (Mar 17 2007)
- Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
!conn->body.request"
- Handle garbage helper responses better in concurrent protocol format
- Fix kqueue when overflowing the changes queue
- Make sure the child worker process commits suicide if it could
not start up
- Don't log short responses at debug level 1
- Fix bswap16 & bwsap32 error on NetBSD
- Fix collapsed_forwarding for non-GET requests
Changes:
* Apply [5709] to stable.
* session_enabled? works with session :off.
* Performance: patch cgi/session to require digest/md5 once rather than per
#cre ate_new_id.
4.20 - Monday, December 4, 2006
* INTERNAL: No Changes since 4.20_1. Declaring stable.
4.20_1 - Friday, November 24, 2006
* FIX: -ip_match now works even when it's not the last import item. (RT#21779)
* FIX: In the PostgreSQL driver, a race condition is when storing is now worked around. (Mark Stosberg)
* FIX: Added important clarification and example to MySQL driver docs that the session column
needs to be defined as a primary key to avoid duplicate sessions. (Justin Simoni, Mark Stosberg)
* FIX: The default serializer now works correctly with certain data structures. (RT#?) (Matt LeBlanc)
* FIX: A documentation bug in find() was fixed (Matt LeBlanc)
* FIX: Documented how to declare a database handle to be used on demand, which was introduced
in 4.04. (Mark Stosberg)
* FIX: Connections made with SQLite now disconnect only when appropriate, instead of always.
This addresses a symptom seen as "attempt to prepare on inactive database handle"
(Jaldhar Vyas, Sherzod, Mark Stosberg)
* FIX: Args to the constructor for CGI::Session and the drivers are now always shallow
copied rather than used directly, to prevent modification.
(RT#21952, Franck Porcher, Sherzod, Mark Stosberg)
* FIX: The documentation for expire($param, $time) was made more explicit
(pjf, Mark Stosberg)
* NEW: Added recommended use of flush() to the Synopsis (Michael Renner, RT#22333)
* NEW: Added links to Japanese translations of the documentation (Makio Tsukamoto)
http://digit.que.ne.jp/work/index.cgi?Perldoc/ja
* INTERNAL: Update test to workaround YAML versions less than 0.58. (Matt LeBlanc)
* INTERNAL: param() code was refactored for clarity (Mark Stosberg, Ali ISIK, RT#21782)
* INTERNAL: new() and load() were refactored (Ali Isik)
* INTERNAL: renamed some environment variables used for testing (Ron Savage)
* INTERNAL: Multi key-value syntax of param() now always returns number of keys
successfully processed, 0 if no key/values were processed.
4.14 - Sunday, June 11, 2006
* NEW: The find() command now has better documentation. (Ron Savage, Matt LeBlanc)
* FIX: find() no longer changes the access or modified times (RT#18442) (Matt LeBlanc)
* FIX: param() called with two parameters now returns the value set, if any (RT#18912) (Matt LeBlanc)
* FIX: driver, serializer, and id generator names are now untainted (RT#18873) (Matt LeBlanc)
* INTERNAL: automatic flushing has been documented to be unreliable, although
it was recommended in the past. Automatic flushing can be affected adversely
in persistent environments and in some cases by third party software. There are
also some cases in which flushing happened automatically in 3.x, but quit working
with 4.x. See these tickets for details.
http://rt.cpan.org/Ticket/Display.html?id=17541http://rt.cpan.org/Ticket/Display.html?id=17299
4.13 - Wednesday, April 12, 2006
* FIX: Applied patch to fix cookie method (RT#18493,Nobuaki ITO)
* FIX: Berkeley DB 1.x exhibits a bug when used in conjunction with O_NOFOLLOW. Because of this,
we've removed it from the db_file driver. It will still attempt to stop symlinks but the
open itself has dropped the flag. (Matt LeBlanc)
* FIX: json and yaml db_file tests now check for the presence of DB_File. (Matt LeBlanc)
4.12 - Friday, April 7, 2006
* SECURITY: Fix possible SQL injection attack. (RT#18578, DMUEY)
4.11 - Friday, March 31, 2006
* FIX: Since 4.10, using name() as a class method was broken. This has
been fixed, and regression tests for both uses have been added. (Matt LeBlanc)
4.10 - Tuesday, March 28, 2006
* SECURITY: Hopefully this settles all of the problems with symlinks. Both the file
and db_file drivers now use O_NOFOLLOW with open when the file should exist and
O_EXCL|O_CREAT when creating the file. Tests added for symlinks. (Matt LeBlanc)
* SECURITY: sqlite driver no longer attempts to use /tmp/sessions.sqlt when no
Handle or DataSource is specified. This was a mistake from a security standpoint
as anyone on the machine would then be able to create and therefore insert data
into your sessions. (Matt LeBlanc)
* NEW: name is now an instance method (RT#17979) (Matt LeBlanc)
4.09 - Friday, March 16th, 2006
* SECURITY: Applying security patch from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555 (Julien Danjou)
4.08 - Thursday, March 15th, 2006
* FIX: DESTROY was sometimes wiping out exception handling. RT#18183, Matt LeBlanc.
* SECURITY: Resolve some issues in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555
- db_file and file now check for symlinks either explicitly or by using O_EXCL on sysopen
- file creation umask defaults to 660
* NEW: db_file and file drivers now accepts a UMask option. (Matt LeBlanc)
* INTERNAL: test suite clean up (Tyler MacDonald)
VERSION 3.0301
This is a bugfix release to repair these main items:
- optgroups bugfix for complex arrays
- removal of HTML::Entities support due to utf8 issues
- new es_ES Messages module with better translations
- a patch from Mark Hedges to enable plugin modules for mailresults()
The rest of the features remain the same as below.
VERSION 3.03
Subclassable Fields
Each field is now rendered by its own class, named for the field type.
For example, text fields are rendered by
"CGI::FormBuilder::Field::text". This allows you to create custom field
types and plugging them in by creating your own
"CGI::FormBuilder::Field::whatever_you_want" module. Thanks to Peter
Eichman for his contributions to this scheme.
Messages Localization
All messages are now handled in a similar way to field types: They are
delegated to "CGI::FormBuilder::Messages::locale" where "locale" is the
appropriate string such as "en_US" or "da_DK". A number of localizations
are included as part of the standard distribution.
There are two ways to use these messages: Either the 'auto' messages
mode or by specifying a specific locale:
my $form = CGI::FormBuilder->new(messages => 'auto'); # check client
my $form = CGI::FormBuilder->new(messages => ':da_DK'); # specified
You can create your own messages by copying "_example.pm" and modifying
it for your language. When using messages in this way, the HTTP Charset
is changed to "utf-8".
Select optgroup support
By using the "field()" option "optgroups", you can now cause select
fields to automatically generate optgroup tags:
$form->field(name => 'browser', options => \@opt, optgroups => 1);
See the documentation on "optgroups" for more details.
Data::FormValidator Support
Thanks to another great patch from Peter Eichman, "Data::FormValidator"
is supported as a validation option to "new()", just by passing it in as
an object. See the documentation on "validate" for more information.
Option sorting by LABELNAME or LABELNUM
You can now sort options by "LABELNAME" or "LABELNUM", similar to the
value-based sorting of "NAME" and "NUM". See the documentation for more
details.
XHTML Compliance
Generated code now validates against <http://validator.w3.org>. This
includes stuff like lowercase "get" and "post" methods, lowercase
"onchange" and "onsubmit" actions, and so on.
Version 3.27
1. Applied patch from Steve Taylor that allows checkbox_groups to be
disabled with a new -disabled=> option.
Version 3.26
1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
3. Added "~" as an unreserved character in escape().
4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
Version 3.25
1. Fixed the link to the Netscape frames page.
2. Added ability to specify an alternate stylesheet.
3. Add support for XForms POST submssion both as application/xml or as multipart/related
Version 3.24
1. In startform(), if request_uri() returns undef, then falls back
to self_url(). This should rarely happen except when run outside of
the CGI environment.
2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
Version 3.23
1. Typo in upload() persisted, now fixed for real. Thanks to
Emanuele Zeppieri for correct patch and regression test.
Version 3.22
1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
Version 3.21
1. Don't try to read data at all when POST > $POST_MAX.
2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019).
Changes since 1.0.6:
Bluefish 1.0.7 (05 November 2006)
---------------------------------
- Updated translations: French, Japanese.
- Adds datarootdir to all Makefile.in to avoid warnings with autoconf 2.60
- Fixes application/bluefish-project MIME type icon name
- Fixes Tcl highlighting
- Fixes a bug when trying to save a file with a new install and a file has
never been opened or a project is not open. Closes bug #360401.
- Fix a bug where Bluefish would crash when deleting multiple bookmarks.
- Fix a bookmark memory leak
- Fix a bug where the editor tab was incorrectly displayed when moving a
document to another window.
- README: more complete README
Trac-0.10.3.1-ja-1 (Mar 12, 2007)
* Merge trac-0.10.3.1
* Translate Messages into Japanese.
* trac/attachment.py
* trac/versioncontrol/web_ui/browser.py
* Fixes unified diff download error.
* trac/versioncontrol/web_ui/changeset.py
* Update to current statement.
* README.trac-ja
Trac 0.10.3.1 (March 8, 2007)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.3.1
Trac 0.10.3.1 is a security release:
* Always send "Content-Disposition: attachment" headers where potentially
unsafe (user provided) content is available for download. This behaviour
can be altered using the "render_unsafe_content" option in the
"attachment" and "browser" sections of trac.ini.
* Fixed XSS vulnerability in "download wiki page as text" in combination with
Microsoft IE. Reported by Yoshinori Oota, Business Architects Inc.
* Fix buffer under-read in URI parser (Laszlo Boszormenyi, CVE-2007-0157)
* Fix regression in handling of "attempt" argument passed to auth callbacks;
ensure the value only increments for each invocation of the callback
* Fix handling of "nextnonce" parameter in Digest authentication
Changes 0.26.2:
* Fix error reported for LOCK responses lacking a Lock-Token header.
* Use Libs.private in neon.pc for newer versions of pkg-config.
* Build fix for platforms without libintl.h.
* Build fixes for MinGW.
* Build fix for h_errno detection on HP-UX 10.
* Win32: enable debugging; build fixes with some SDKs.
Changes 0.26.1:
* Build fixes for Win32 (D.J. Heap) and OS X.
* Add Simplified Chinese translation
Changes in release 0.26.0:
* Added internationalization support:
* Added support for GnuTLS
* Changes and additions to URI support:
* Changed results callbacks for ne_lock_discover, PROPFIND interfaces:
* Added functions which give control over authentication protocol use:
* Added ne_unhook_* functions to remove hooks
* Added ne_set_session_flags()/ne_get_session_flags() functions:
* Added ne_set_request_flags()/ne_get_request_flags() functions:
* Change ne_md5.h interface to make struct ne_md5_ctx opaque:
* Fixed ne_get_range(), added ne_get_range64()
* Removed NE_FREE() macro from ne_alloc.h
* Added ne_strcasecmp(), ne_strncasecmp(), ne_tolower() functions
* Changed ne_sock_init()/ne_sock_exit() such that ne_sock_exit()
* Added "--enable-threadsafe-ssl=posix" configure flag, to enable
* The manual is now licensed under the GPL rather than the GFDL
Packaged by David Rankin and provided in PR 33248.
Kwiki plugin to archive pages using CVS.
(This package includes the http://www.kwiki.org/?PatchKwikiArchiveCvs patches
to make Kwiki::Archives::Cvs work with Kwiki::Revision.)
Trac 0.10.3.1 (March 8, 2007)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.3.1
Trac 0.10.3.1 is a security release:
* Always send "Content-Disposition: attachment" headers where potentially
unsafe (user provided) content is available for download. This behaviour
can be altered using the "render_unsafe_content" option in the
"attachment" and "browser" sections of trac.ini.
* Fixed XSS vulnerability in "download wiki page as text" in combination with
Microsoft IE. Reported by Yoshinori Oota, Business Architects Inc.
1.22 Fri Mar 2 00:05:57 CST 2007
[INTERNALS]
Added new tests.
Added Perl::Critic changes and a perlcriticrc file.
1.21_04 Sat Oct 7 21:35:42 CDT 2006
[FIXES]
* $mech->content( type => 'text' ) was not freeing memory. Thanks to
Cat Okita for finding it.
[INTERNALS]
* Made the order of parms to $mech->content() not relevant.
1.21_03 Sat Oct 7 01:21:46 CDT 2006
[THINGS THAT MAY BREAK YOUR CODE]
* The methods $mech->form() and $mech->follow() have been removed.
They've been deprecated since 1.10, which was released in Feb 2005.
[ENHANCEMENTS]
* I'm trying to nail down what seems to be a memory leak on long-running
Mech programs. I'm stringifying URI::URL objects wherever I can.
[INTERNALS]
* No longer uses UNIVERSAL.
1.21_02 Wed Oct 4 13:14:30 CDT 2006
[ENHANCEMENTS THAT MAY BREAK YOUR CODE]
* The $mech->stack_depth() setting had no way to say "don't cache any
pages at all". How silly!
Now, if you set $mech->stack_depth(0), no history of pages will be kept.
In the past, it would mean "Keep all pages." This means that if you want
to set it to keep all pages, set it to some ridiculously large number.
[DOCUMENTATION]
* The docs previously refered to Compress::Gzip instead of Compress::Zlib.
1.21_01 Mon Sep 18 17:18:43 CDT 2006
[ENHANCEMENTS]
* If Compress::Zlib is installed, gzipped content is now
accepted and transparently decoded. No additional syntax needed!
This should save time and bandwidth in a number of cases.
(Mark Stosberg)
* Added a put() method. It also calls a subfunction called
_SUPER_put that will be removed once LWP::UserAgent supports put().
New features (some are compile-time options):
* INFO and Options pages are laid out properly for multibyte locales,
accounting for character widths.
* change configure option default for --enable-justify-elts to true.
Change default for JUSTIFY to "false".
* add PREFERRED_ENCODING to lynx.cfg, along with an options-menu
selection for this, to set "Accept-Encoding:" string
* add PREFERRED_MEDIA_TYPES to lynx.cfg, corresponding to the option for
HTFilterPresentations(). A minimal set of media types is used by
default, though the old behavior can be selected
* add -nonumbers option, which modifies the output of -dump to suppress
the link-numbering
* add -listonly option, which modifies the output of -dump to show only
the list of links
* add -syslog-urls option and lynx.cfg settings (SYSLOG_TEXT,
SYSLOG_REQUESTED_URLS) to allow syslog'ing of URLs to be optional.
This cannot be set from the options menu
* the -version option shows the version of ncurses, curses, etc., from
runtime data when available.
* add -notitle option to suppress title line and following blank line to
maximize screen use for small displays
* add -nomargins option to suppress left/right margins to maximize
screen use for small displays
* add NO_MARGINS and NO_TITLE to lynx.cfg
* add NESTED_TABLES setting to lynx.cfg to allow site override of the
built-in default
* add DEFAULT_COLORS item to lynx.cfg to allow disabling the default
colors feature at runtime, allowing better matching of old color
scheme via a script
* add -stderr option to write error messages when doing a -dump -or
-source. Normally these are written to the status line but that does
not exist when dumping to standard output
* add configure --enable-largefile / --disable-largefile options.
* add --enable-widec configure option to allow building lynx without
wide character support using ncursesw, to accommodate users with older
releases of ncurses
Other enhancements:
* improve SSL support:
* updated README.sslcerts
* update CF_GNUTLS macro to look for -lgnutls-openssl as well as
the older -lgnutls-extra library
* modify HTLoadHTTP() to interpret leading asterisks in common name
fields as wildcards
* suppress OpenSSL URL from version message if it happens to be
built using GNU TLS (or other libraries which happen to define
symbols to pretend they are OpenSSL).
* improve HTML interpretation:
* fix function, which was checking for the absence only of some
nonstandard encodings (8bit, 7bit, binary) rather than for the
presence of the encodings as specified in RFC 2068 (gzip,
compress, etc). This makes lynx able to view a site which puts
the charset as the Content-Type
* add "deflate" to the encoding types which lynx implements. This
consists of several parts
* adapted logic from w3m's inflate.c to construct an internal
"deflate" decompressor. Tested this with
http://carsten.codimi.de/gzip.yaws/
* add "deflate" to the options menu.
* modify logic that builds "Accept-Encoding" value to omit
encodings which have no external decompressor associated.
The effect of this change is to allow lynx to behave as it
did before adding the (possibly incomplete) "inflate"
support.
* add INFLATE_PATH to lynx.cfg, to optionally specify an
external program which can be used to decompress deflated
files. For testing, a shell script using w3m's utility,
e.g., /usr/lib/w3m/inflate, sufficed. NOTE: As currently
implemented, lynx requires the external decompression
programs to be specified even if it can decompress using
library calls.
* use ".zz" for suffix of downloaded (but not inflated)
deflated files, mapped to application/deflate and
application/x-deflate.
* modify source-view toggle to keep the current anchor visible.
Toggling source view may change the line number on which the
anchor is found, requiring some adjustment. This feature is
implemented only for source cached pages
* fixes to source-view of ftp:// and file:// URLs, i.e., eliminate
redundant PRE's, add DOCTYPE and meta tags
* correct parsing of embedded URLs which have parameters but no
path, e.g., base
http://wj55.org/Minutes.php
and embedded
?date_meeting=2004-08-31
* add presentation type for application/xml and text/xml mime types
as per
http://www.w3.org/TR/xhtml-media-types/http://www.w3.org/TR/2002/NOTE-xhtml-media-types-20020801
which states that they may be used, though application/xhtml+xml
is the preferred media type
* add presentation type for application/xhtml+xml mime type as per
RFC 3236
* add presentation for text/css, to allow browsing ".css" files
* force a newline in HTML_end_element() after a </pre>, which
causes lines containing only whitespace before the </pre> to
display a new line, rather than putting that whitespace before
text that follows the </pre>
* following a link consisting of a "#" fragment will move the
cursor to the link containing the target rather than simply
ensuring that it is visible
* improvements to character sets and display:
* new message files for localization: rw.po, vi.po
* updated message files for localization: cs.po, da.po, de.po,
et.po, fr.po, hu.po, nl.po, pt_BR.po, sv.po, tr.po
* use puts() rather than printf() in some messages to avoid chance
of "%" in the translation
* modify HTConfirmCookie() to ensure the translator's note is
copied into the lynx.pot file, by adding a gettext("Y/N/A/V")
call after the comment
* improve layout of options-menu and info-page for multibyte
character sets by computing the extent of the labels. This works
only for wide-character curses.
* add ISO-8859-13 and ISO-8859-14 chrtrans tables, revise
ISO-8859-10 based on
http://czyborra.com/charsets/iso8859.html
Change display name for ISO-8859-10 to indicate the region
* improve checking if the current character set does not match the
character set inferred from the locale. This reduces the number
of cases where line-drawing in the options menu does not work
* improve recovery when a charset is found that cannot be
translated. Before this change, the charset was not stripped from
the format string, e.g.,
text/html; charset=big5
and since there would be no match for the format, lynx would
offer to simply download the page (if interactive), or refuse to
format (for dumps). Although the content of the page is unusable,
the user can still navigate the page using the links which may be
there
* modify logic for locale_charset configuration variable so it is
not modified simply by saving the .lynxrc while in running in a
non-locale configuration. That does not alter the display charset
used by lynx
* improve workaround for line-drawing characters with
font-switching by checking if the loaded font has line-drawing
characters in the same positions as the terminal description,
rather than simply ignoring line-drawing when the codeset differs
* workaround for codepage support on OS/2 by changing the effect of
unctrl(). Add/use new preferred function use_legacy_coding() to
ncurses which provides the same effect with the wide-character
ncursesw
* improve def7_uni.tbl substitutions for the symbols beginning at
U+2600
* add experimental option --enable-japanese-utf8 for using libiconv
for Japanese and UTF-8
* improvements to color-style:
* change configure script --enable-color-style so it is enabled by
default
* add COLOR_STYLE setting to lynx.cfg
* change default initialization of color-style code when no lss
file is given to simulate the non-color-style code. There are
some visual differences, e.g., links that contain a mixture of
styles will display with mixed colors, but overall the visual
effect matches the non-color-style code well enough to change the
default configuration. If an empty string is given for the lss
filename, this is treated as an empty style file, and lynx will
not use its built-in default color style. To make the behavior
easier to diagnose, lynx will now exit with an error if it cannot
find the lss file.
* improve interaction with user:
* highlight the target and pause for 20 milliseconds when selecting
a link with the mouse
* modify behavior when user attempts to toggle a radiobutton off,
to make the message that one radio button must be selected only
in novice mode
* modify column limits, allowing text to be written to the last
column on the screen. This allows users to view text which is
formatted for 80 columns without the last character of each line
wrapping to the next line
* prompt user, displaying the command that would be executed, to
confirm that it should be. This makes it easier to notice when a
local program would be run by activating a lynxcgi link. This is
not done in advanced mode, since the URL is already visible in
the status line
* modify HTSaveAndExecute() to check first for result from
HTFileSuffix() before choosing between BIN_SUFFIX and
HTML_SUFFIX. This allows the PDF viewer on OS X to get the proper
suffix (.pdf) rather than .bin
* add check for failure to write to disk, e.g., on disk full, and
report error condition via HTAlert()
* modify suggested_filename() to strip bzip2's ".bz2" suffixes as
well as ".zz" suffixes
* modify INFO-page to list the rendered size in bytes if the
Content-Length is not available
* print the contents of image maps, if any, at the end of a dump
* command-line options that toggle or set a boolean now accept
"true" and "false" strings.
* improve interaction with other programs:
* strip special characters such as '%' from parameters passed to
external programs for EXTERNAL mechanism on Windows platform.
This is ifdef'd with WIN_EX
* improve cookie support:
* modify HTConfirmCookie() and statusline() to allow cookie prompt
message in Japanese to not be truncated when using wide-curses
* make the maximum number of cookies configurable in lynx.cfg,
added MAX_COOKIES_DOMAIN, MAX_COOKIES_GLOBAL and
MAX_COOKIES_BUFFER
* improvements to debug/traces:
* use symbol USE_VERTRACE in HTUtils.h to allow makefiles that do
not use the configure script to turn on the equivalent --enable
vertrace feature
* improvements to scripting/logging:
* make "lynx -version" work in the absence of ".cfg" or ".lss"
files
* modify print_wwwfile_to_fd() and print_crawl_to_fd() to ensure
that no trailing blanks are written in a -dump, etc.
* correct parsing of "key 0xNN" lines in command-scripts, had
omitted a "!" to invert a check
* modify initialization so that
cat options.txt | lynx -
will allow interactive use
* other improvements:
* modify logic for -dump so it can dump all pages listed on the
command line
* lynx accepts multiple URLs on the command line; all are added to
G)oto history. Documented this in manpage
* add (ifdef'd with EXP_HTTP_HEADERS) code to display the full text
of the HTTP headers in the INFO page.
* modify treatment of symbolic links for ftp-URLs to show the link
target, as with the local directory editor
* correct sort-order of local directory listing, using the target
of a symbolic link to determine whether it is grouped with files
or directories
* modified mailcap command and testcommand substitutions to provide
for running the testcommand's after program initialization
* read user's ".newsauth" file for news-server authentication
information
* escape "From " when it appears in a page which is mailed, to
avoid confusing mail clients
* add "Anonymous FTP Password" to Options menu, to allow user to
override use of personal email address as the anonymous ftp
password
New/improved sample files:
* add script samples/oldlynx, which gives the non-color-style scheme
using an executable built for color-style
* add scripts/tbl2html.pl, which can be used to generate test pages for
the charsets from src/chrtrans/*.tbl
* add test/special_urls.html
* modify ".lss" files to work equally well on terminals setup with white
text on black background, or the reverse. This also required fixing a
few places in LYsubwindow() and curses_w_style() to make window
backgrounds use the colors given in the ".lss" default- and
normal-colors lines
* make ".lss" example files somewhat readable by modifying parser to
remove blanks from the color description lines and modifying the
example files to use this feature
New ports:
* none
(it seems to run everywhere, but there are a few possibilities)
Improvements to existing ports:
* UNIX:
* improve configure script macro CF_XOPEN_SOURCE, ensuring that
_POSIX_C_SOURCE is defined with a value.
* revise configure script check whether _POSIX_C_SOURCE should be
defined, taking into account the _POSIX_SOURCE definition
* Linux:
* add codepage 857 (DOSTurkish), since console-tools package
provides a suitable font
* update Linux console font support to use console-tools package.
The configure script checks for consolechars and setfont programs
(must find at least one). The corresponding SETFONT_PATH can be
set in lynx.cfg to provide a choice between the two
* modify configure script to check for Intel compiler 8.0 (and
9.0).
* some others [stripped]
Improvements for maintainability and testing:
* remove macros such as ARGS1, NOPARM which supported K&R compilers
* make ANSI C required, drop support for K&R C.
* add scripts/indent.sh, use this to reindent C source files
* add tags rules to makefile.in's
* modify makefile.in to ensure that scripts are prefixed with $(SHELL),
in case packager has stripped executable permissions from scripts,
e.g., by using CVS
* modify configure script and makefiles to allow cross-compiling
* add --with-system-type option to configure script to simplify testing
the case-statements involving $host_os
* change configure script to put the ".cfg" and ".lss" files by default
in the --sysconfdir, e.g., $prefix/etc, and the help-files in lynx_doc
and lynx_help directories under --datadir, e.g.,
$prefix/share/lynx_doc, $prefix/share/lynx_doc. To obtain the old
behavior, use configure --sysconfdir=/usr/local/lib
--datadir=/usr/local/lib
* add configure options --with-cfg-file and --with-lss-file to allow one
to specify the names and paths of the default configuration and
color-style files
* filter out obsolete URLs from the customizations saved during install
of lynx.cfg
* rename test/iso8859-1.html and test/iso88592.html to
test/iso-8859-1.html and test/isoi-8859-2.html, corresponding to the
proper MIME names to simplify test-scripts
* update test/iso8859-1.html (minor fixes) from
http://www.ramsch.org/martin/uni/fmi-hp/iso8859-1.html
* applied lynx's changes to updated files from ftp.unicode.org to take
advantage of less restrictive copyright
As well as security-related changes:
* eliminate fixed-size buffers in HTrjis() and related functions to
avoid potential buffer overflow in nntp pages
* eliminate fixed-size buffers in LYExpandHostForURL() to guard against
buffer overflow resulting from too-long domain prefix/suffix data from
lynx.cfg
* reduce TRST_MAXROWSPAN and TRST_MAXCOLSPAN to 200, which is more
plausible than 10000 by 1000.
* limit TEXTAREA columns to the screen width, and rows to 3 times the
screen height.
And finally:
* A lot of bug fixes
* A lot of documentation changes.
* A lot of dead code removed
the exact names of the freebl libraries depends on the platform and they
have a habit of changing even on minor releases. This causes these mozilla
packages to be broken quite a lot on platforms other than NetBSD/i386.
Hopefully this fix will last longer than previous ones. pkgrevision bumps
all around.
Changes to squid-2.6.STABLE10 (Mar 4 2007)
- Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
- various diskd bugfixes
- In the access.log hierarchy field log the unique peer name
instead of the host name
- unlinkdClose() should be called after (not before) storeDirSync()
- CLEAN_BUF_SZ was defined, but never used anywhere
- logging HTTP-request size
- Fix icmp pinger communication on FreeBSD and other not supporing
large dgram AF_UNIX sockets
- Release objects on swapin failure
- Bug #1787: Objects stuck in cache if origin server clock in future
- Bug #1420: 302 responses with an Expires header is always cached
- Primitive support for HTTP/1.1 chunked encoding, working around
broken servers
- Clean up relations between TCP probing and DNS checks of peers with
no known addresses.
- Fix a minor HTML coding error in ftp directory listings with // in
the path
- Bug #1875, #1420. Cleanup of refresh logics when dealing with
non-refreshable content
- Negotiate authentication fixed again. Broken since STABLE7 by the
patch for Bug #1792.
- Bug #1892: COSS tries to shut down the same directory twice on exit
- Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
entries
- Added support for Subversion HTTP request methods MKACTIVITY,
CHECKOUT and MERGE.
* Updated PCRE to version 7.0.
* Fixed segfault in ext/session when register_globals=On.
* Fixed (segfault in cURL extension).
* Fixed (possible cURL memory error).
* Fixed (imagettftext() multithreading issue).
* Fixed (ext/interbase compile failure).
* Fixed (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed).
4.4.5
# Upgraded PEAR to 1.5.0.
# Updated PCRE to version 6.7.
# Moved extensions to PECL: ext/ovrimos
# Added a meta tag to phpinfo() output to prevent search engines from indexing the page.
# Backported a fix in the configure tests to detect the "rounding fuzz".
# Backported fix for ext/imap compilation failure with recent c-client versions.
# Fixed missing open_basedir check inside chdir() function.
# Fixed (Compile fails when using GCC 4.1.1/binutils 2.17).
# Fixed (pg_insert/pg_update do not allow now() to be used for timestamp fields).
# Fixed (using autoconf 2.6x and --with-layout=GNU breaks PEAR install path).
# Fixed (Using $this not in object context can cause segfaults).
# Fixed (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled).
# Fixed (ftp_put() does not change transfer mode to ASCII).
# Fixed (ftp_nlist() returns false on empty dirs).
# Fixed (Allow building of curl extension against libcurl 7.16.0).
# Fixed (curl_exec() with return transfer returns TRUE on empty files).
# Fixed (Fixed a possible open_basedir bypass in tempnam()).
# Fixed (ldap_connect causes segfault with newer versions of OpenLDAP).
# Fixed (parse_url() fails if passing '@' in passwd).
# Fixed (Calling undefined method prints insufficient error message).
# Fixed (segfault when calling setlocale() in userspace session handler).
# Fixed (constructor is not called for classes used in userspace stream wrappers).
# Fixed (wddx_serialize_value() generates no wellformed xml).
# Fixed (aggregate_methods_by_list fails to take certain methods).
# Fixed (natcasesort() causes array_pop() to misbehave).
# Fixed (CURLOPT_HEADERFUNCTION, couldn't set the function in the class).
# Fixed (recursive array_walk causes segfault).
2006-03-12 Mattias Holmlund
Version 0.7
Add NoUpdate option.
Remove Verbose output for HEAD requests.
2005-05-30 Mattias Holmlund
Version 0.6
Handle invalid cache-directories.
Create the cache directory if it doesn't exist.
Store the headers Content-Type, Content-Length, Content-Encoding,
Content-Range and Last-Modified in the cache and restore them
when returning a cached response.
Fix bug in ETag cache handling.
1.4 Sun Nov 7 09:30:29 GMT 2004
- More fixes from the fantastic Mr Thurn
1.3 Fri Oct 15 16:24:47 BST 2004
- Fixes from Martin Thurn
1.2 Wed Sep 8 16:32:28 BST 2004
- Fix UK template layout
1.1 Wed Jun 2 09:57:59 BST 2004
- Changes to US template layout
1.0 Tue Dec 16 14:55:15 2003
- switch to using Template::Extract
- add more fields
- cleanup
0.9 Tue Feb 11 12:30:16 2003
- set User Agent again to fix weirdness
- ASIN format has changed
0.85 Fri Oct 25 17:43:12 2002
- Fix some minor bugs
0.8 Mon Aug 36 10:25:33 2002
- Amazon changed the layout of their .com pages
so this heroic patch from the mysteriously
named Artimage fixes it. Actually he fixed it ages
ago it's just I was too slack to apply it and figure out
some stuff.
0.7 Wed Feb 27 13:10:56 2002
- there was some cruft creeping in if it was a DVD.
All fixed now :)
0.66 Tue Dec 18 17:28:54 2001
- fixed mistake in amazonwish documentation about where
your settings are saved.
[Changes for 0.40 - 2005-09-17]
* Support for capturing matched regular expressions into variables,
Contributed by "woremacx". For example, this captures an nonempty
header text into the "heading" variable:
<h2>[% heading =~ /((?!<\/h2).+?)/ %]</h2>
[Changes for 0.39 - 2005-07-15]
* Allow passing Template::Parser options directly into
Template::Extract->new(). Suggested by brian d foy.
* Factored out the parser into Template::Extract::Parser to
allow use of alternate parsers with the PARSE_CLASS class method.
[Changes for 0.38 - 2004-10-25]
* Fix test failure with pre-5.8.4's regex optimizer.
Reported by CPAN testers.
[Changes for 0.37 - 2004-10-20]
* Move under SVK for version management.
* If the template ends with a capturing variable, make it
greedy instead of nongreedy, so it won't always match the
empty string. Reported by LTJake on IRC.
[Changes for 0.36 - 2004-02-16]
* Separate the compilation and run parts into two
modules, for ease of deployment (::Run may be put
on a machine without TT2) and marginally faster
execution. Suggested by Bruno De Fraine.
[Changes for 0.35 - 2004-01-09]
* Fixes regression caused by newer TT2 versions,
which adds the extra "#line" directives into the
regular expressions. Spotted by Yi-Ming Cao
and Sam Smith.
* Implement suggestion from Luis Oliveira: embedded
non-capturing regexes, such as [% /\s*/ %].
* Add implicit optional newlines around [% FOREACH %]
blocks, so it can intuitively work.
[Changes for 0.33 - 2003-12-13]
* Adds MANIFEST.SKIP that takes care of Module::Build
files, so older versions of Module::Build/MakeMaker
won't trip Module::Signature over. Thanks to CPAN
smoker Jost Krieger for the report.
[Changes for 0.32 - 2003-12-13]
* Improved build intrastructure, suggested by Mark Fowler,
to automatically check and download nmake.exe on Windows,
as well as supporting a Module::Build-compatible Build.PL.
* Clarify documents; add links to Simon and Mark's articles.
[Changes for 0.31 - 2003-10-21]
* New flag $EXACT to control whether partial documents
should match. (defaults to 0 for backward compatibility)
* Tatsuhiko Miyagawa pointed out that [% FOREACH %] blocks
fail to match prematurely because it can match zero times.
Now outermost foreach blocks must match at least once.
[Changes for 0.30 - 2003-10-20]
* This module is no longer experimental. :)
* Russell Matbouli reports that extract did not properly
set \%values. Fixed.
* [% SET key = "value" %] now works inside FOREACHs.
* [% SET nested.key = "value" %] now works.
* Much more robust validating code inside FOREACHs.
* Refactored the common context walking code from "get",
"set" and "validate" into _ext, and improved readability.
#------------------------------------------------------------------------
# Version 2.15 - 26th May 2006
#------------------------------------------------------------------------
Chomping Options
----------------
* Added the CHOMP_GREEDY option and '~' chomping flag. Changed
CHOMP_COLLAPSE to greedily chomp all whitespace (including multiple
newlines) and replace it with a single space. Previously it only
chomped one line. Renamed the CHOMP_ALL option to CHOMP_ONE which
makes more sense. CHOMP_ALL is still provided as an alias for
CHOMP_ONE for backwards compatibility. Thanks to Paul Seamons for
doing all the hard work on this.
http://tt2.org/pipermail/templates/2006-February/thread.html#8354
* Added code to the replace text virtual method to use a faster and
simpler implementation if the replacement text doesn't contain any
back references. Thanks to Josh Rosenbaum for all his efforts on
this.
http://tt2.org/pipermail/templates/2006-February/008344.html
Stash
-----
* Changed various tests for private/hidden variables (starting '_'
or '.') to use a regex defined in the $PRIVATE package variable in
Template::Stash. This can be redefined or undefined. Note that
the XS Stash only looks to see if $PRIVATE is defined or not, and
currently hard-codes the regex.
Plugins
-------
* Changed the Image plugin tag() method to call the name() method
instead of accessing the name directly, making it easier for
subclasses to provide an alternate name. Thanks to Cees Hek for
his patch.
http://tt2.org/pipermail/templates/2006-February/008423.html
* Change the AUTOLOAD regex in the Table plugin to be more robust.
http://tt2.org/pipermail/templates/2006-May/008602.html
Documentation
-------------
* Added the Template::Toolkit documentation pointing people to
the right place.
* Updated the Template::Stash::XS documentation to remove the
"experimental" description and tidy things up a bit.
0.52, released Jan 22, 2007
Belatedly update the SVN::Web installation to note that Subversion
1.4.0 or above is now required to use SVN::Web.
0.51, released Jan 15, 2007
C<reposparent> functionality was inadvertently broken in 0.50. This
release fixes that. This was rt#24377 reported by Christoph Buescher
<Christoph.Buescher@fiducia.de>.
0.50, released Jan 12, 2007
SVN::Web now supports accessing repositories that are B<not> on the same
host as the SVN::Web installation. Repositories can be accessed using
the I<file:///>, I<http://>, and I<svn://> protocols.
A mechanism for configuring which actions are available on each page has
been introduced. See L<SVN::Web/"Action menu configuration"> for more.
A new action, L<SVN::Web::Blame> has been introduced. This generates
output that shows the Subversion annotation/blame information for a
file.
Diff output (from L<SVN::Web::Diff> and L<SVN::Web::Revision>) is now
generated by Subversion, rather than SVN::Web. This makes diff
generation much faster, and much less memory intensive. However, it
has meant that the I<context> option is no longer available.
There are several small tweaks to the diff and revision output.
Refactoring and rewriting has meant that L<Digest::MD5>, L<Text::Diff>,
and L<Text::Diff::HTML> are no longer prequisites.
A bug has been fixed in RSS generation. The contents of the
<description> element are now wrapped in CDATA markers to ensure that
any embedded markup is preserved.
There is now support for keeping localisation files in arbitrary
directories, configured by the C<language_dirs> configuration option.
This makes it simpler to maintain your own localisation files outside
of SVN::Web, and makes it easier to integrate third party actions in
to an SVN::Web installation.
See L<SVN::Web/Languages> and L<SVN::Web::I18N> for more details.
The Template::Toolkit C<log_msg> meta-filter has been replaced with a
Template::Toolkit MACRO, defined in F<_log_msg>. The effect is the
same, but this approach affords more flexibility (e.g., having
different log message filters per repository).
The log template now supports rudimentary 'paging' through the log
messages. I<Proper> paging support requires new functionality in
Subversion. Selecting the number of log messages to show per page
is also more straightforward.
L<SVN::Web::Revision> supports a C<max_diff_size> configuration option
to cope with revisions which may generate huge diffs.
The configuration file (F<config.yaml>) must contain a C<version> key,
otherwise a fatal error is generated.
Most extraneous whitespace is now removed from the templates when output
is being produced.
Documentation bug rt#22282, reported by Andrew Sterling Hanenkamp
<sterling@hanenkamp.com>, has been fixed.
0.49, released Aug 23, 2006
SVN::Web now properly supports Apache 2 / mod_perl 2. In addition, the
test suite contains tests that work under Apache 2, and ensure that
future changes should not introduce regressions in this functionality.
File::Spec is now used when constructing filesystem paths, instead of
assuming that the directory separator is F</>. This should allow the
use of native paths on Windows, e.g. F<< C:\path\to\svnweb >>.
A bug in the mod_perl handler meant that the [% script %] directive
wasn't generating fully qualified links. This resulted in links in
the RSS feed being relative. This is now fixed. Reported by
Dietrich Streifert <dietrich.streifert@visionet.de>.
When testing the generated F<httpd.conf> includes an explicit
C<ServerName> directive, removing a warning on some hosts. Reported
in rt#20170 by <fiajro@cy.ath.cx>.
Set permissions on the temporary directories when running tests as
root. Otherwise they fail. Reported in rt#20170 by
<fiajro@cy.ath.cx>.
Fix a bug encounted on Solaris. SVN::Core::time_from_cstring() was
returning negative numbers.
The questions that are asked when running C<< perl Build.PL >> can now
be answered and/or skipped by passing command line options to F<Build.PL>.
Run C<< perldoc Build.PL >> for the documentation options.
Paths to Apache modules are no longer hardcoded in F<conf/httpd.tt>.
C<apxs> is used to retrieve the value of the Apache library directory.
In addition, the name of the mod_perl .so file is now configurable, as
different systems call it different things.
Included documentation on using SVN::Web with the IIS web server.
Submitted by Tom Hukins <tom@eborcom.com> in rt#20341.
A bug in the author's testing environment meant that 0.48 shipped with
templates that generated HTML that was not strictly valid. This, and
the templates, have been fixed.
0.48, released Jun 28, 2006
The interface localisation can now be selected. The interface has always
been localised, but the mechanism for choosing it has been badly exposed.
SVN::Web now supports two configuration options (C<languages> and
C<default_language>) to specify the language selection.
In addition, the available configured languages are also exposed through
the (C<trac>) user interface, and the user can choose from the list of
available localisation. Their choice is saved in a cookie.
Generation of RSS feeds is now done using a template, instead of using
L<XML::RSS>. This removes a dependency on XML:RSS, and should make it
easier to customise the content of the RSS feed should you desire.
This fixes rt#18169, reported by Mike Ellery <mikee@s2technologies.com>.
RSS feeds are now autodiscoverable in modern browsers.
The formatting of timestamps is now configurable using
L<POSIX/strftime>. You can choose how timestamps are formatted, and
they can be displayed in UTC (the Subversion default), the server's
local timezone, or the timezone of your choice. See L<SVN::Web/"Time
and date formatting"> for details.
This fixes rt#18806, reported by Mike Ellery <mikee@s2technologies.com>.
Worked around a bug in Subversion where repository paths that were
specified with a tailing slash would trigger an assertion. This fixes
rt#19273, reported by Michael Schwern <MSCHWERN@cpan.org>.
Fixed a bug where the C<directory_umask> cache backend option was not being
treated as an octal number. This fixes rt#19272, reported by
Michael Schwern <MSCHWERN@cpan.org>.
The L<SVN::Web::Revision> action now show's the repository's youngest
revision if no C<rev> parameter is provided.
Fixed a bug in L<SVN::Web::Revision>. Revisions that contain files that
were copied from another file, modified, and then committed will now be
displayed properly instead of generating an error.
The documentation for L<SVN::Web> includes an example configuration for
Apache and FastCGI, contributed by Robert Spier <rspier@pobox.com>.
Made extensive changes to the test suite. Include tests that exercise
SVN::Web when running under C<svnweb-server>, as a CGI script, and as an
Apache mod_perl1 handler. These tests are optional -- the installer
is prompted at C<perl Build.PL> time whether to run these tests, and
to provide the information the tests need (such as the port to run on).
0.47, released May 6, 2006
Implement support for caching the results of the actions, using any of
the L<Cache::Cache> family of modules. In tests (see
F<t/benchmark.t>) this can yield a 20% or greater speed benefit. See
L<SVN::Web/"Data cache"> for details of how to enable the cache and
configure cache related options.
Support Subversion repo directories and files that have spaces or other
characters that should be URI escaped in their names. Fixes rt#19093,
reported by <gbloice@gmail.com>.
Commented out the references to L<Template::Plugin::Clickable> and
L<Template::Plugin::Clickable::Email> in the config file that is
generated by C<svnweb-install>. This stops log files filling up with
warnings if they're not present. The lines remain, commented out, as
a suggestion for users.
Improved the modperl2 support, fixing rt#19004, rt#18437, and rt#18346
(Garrison Hoffman <garrison@codefix.net>, <cpan@rickster.com>,
Thomas Nagel <me@thomasnagel.com>).
0.46, released Mar 9, 2006
Fixed a bug in C<svnweb-server>. The L<CGI> module is now always used
when running under this server, instead of L<CGI::Fast>. This should
fix problems if you are trying to use C<svnweb-server> on a host with
L<CGI::Fast> installed.
0.45, released Mar 8, 2006
Fixed a bug that broke mod_perl support.
0.44, released Mar 8, 2006
When browsing the repository the F<trac> templates now include age
of the file, expressed as {seconds, minutes, hours, days, weeks,
months, years} since the file was last modified.
The C<revision>, C<log>, C<view>, and C<rss> actions are much more
conservative with memory when processing commits that changed a large
number of files. Fixes rt#17359, reported by Dietrich Streifert
<dietrich.streifert@visionet.de>.
Included support for running under mod_perl2 as well as mod_perl1. Fixes
rt#17085 and rt#17350. Based on a patch from Garrison Hoffman
<garrison@codefix.net>.
Fixed a bug when running under mod_perl -- the HTTP headers were not
being sent. Some browsers could cope with this, others just displayed
the raw HTML. Reported by Dominic Mitchell <dom@happygiraffe.net>.
Entering a revision number that does not exist will now generate a
localised error message. Fixes rt#17822, reported by
<gk5885@kickstyle.net>
The L<SVN::Web::Revision> action will now not show diffs between
file revisions if either revision of the file has a non-text MIME type.
Fixes rt#17625, reported by Mike Ellery <mikee@s2technologies.com>.
Fixed some bugs in C<svnweb-server>. Option parsing works properly,
fixing rt#17347 (reported by <miyagawa@cpan.org>) and the
C<--net-server> option is now honoured.
C<svnweb-install> should now work if any directories in the install path
contain regexp metacharacters in the filename. Fixes rt#17282, reported by
<CORION@cpan.org>. It also emits warnings if copying files or making
directories during the install process fails, fixing rt#17283.
0.43, released Jan 25, 2006
Fix a syntax error in the config file generated by svnweb-install.
Fix the instructions and code for running under mod_perl.
When viewing an HTML diff, include a link to the plain text equivalent.
Showing diffs when viewing a revision is now optional, but defaults to on.
Require Exception::Class 1.22 or above. Versions below lack the necessary
C<caught()> syntax.
Improve the installation and configuration documentation.
Include C<svnweb-server>, a simple web server to make it easier for people
to get started with SVN::Web.
0.42, released Dec 16, 2005
Throw exceptions instead of die()ing on almost all errors. Catch the
exceptions and generate much friendlier error messages. Error messages
are now easy to localise.
When viewing a diff, the I<trac> templates show the two revision numbers
being compared, and include a link allowing the user to reverse the order
of the diff.
The syntax for specifying permitted actions, and the classes that implement
them, has changed. See L<UPDATING> for more information. This mechanism
also allows for easy configuration of per-action options.
A (partial) French localisation has been supplied by Cyril Brulebois.
Any C<svn:externals> properties that are set on a directory are now shown
when browsing that directory.
When viewing a file's revision log, you can now select two arbitrary
revisions and get a diff showing the changes between those revisions.
Fixes rt#15813.
If you only have one repository configured then the C<list> action can be
configured to immediately redirect to browsing that repository, saving the
user from having to click through an intermediate page. See L<SVN::Web::List>
for more information.
1.82 2007-02-21 by Alexandr Ciornii (alexchorny AT gmail.com)
- Slightly faster test skip
- 99semaphore.t and 99flex.t check for cygserver on Cygwin
- 99flex.t skips less tests in some cases
- 99flex.t checks for Digest::MD5, MIME::Base64
- Warning in Apache::Session::Lock::Semaphore about cygserver
- Makefile.PL requires File::Temp
- changed order of use/chdir in tests (RT#16539, from Andrew Benham)
Fixed in Firefox 1.5.0.10
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.10.html
2.10 Sat Jul 15 20:50:41 EDT 2006
- minor bug fixed in HTML repair routines (thanks to Dave Gray)
2.09 Thu Jun 8 15:46:17 EDT 2006
- Tweaked rasterizer to handle some situations where the HTML is
broken but tables can still be inferred.
- Fixed TREE() definition for situations where import() is
not invoked. (thanks to DDICK on cpan.org)
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.2/releasenotes/
1.17 Wed May 3 16:52:03 EDT 2006
- new_from_tree() uses a better rasterizer now, properly
handling even more tortuous span issues. Thanks to Roland
Schar.
- Fixed as_XML rendering Thanks to Roger Crew.
1.16 Sat Feb 25 12:41:57 EST 2006
- Fixed new_from_tree() to handle (ignore) tbody, thead and
tfoot tags. Otherwise rows were ignored.
1.15 Fri Feb 24 15:34:13 EST 2006
- Fixed some scoping issues ('my' collisions)
- Fixed some undef issues running under -w (thanks to Carl
Franks)
and appears to currently be the latest "stable" Zope 3 version.
Discussed with package maintainer, Yoshito Komatsu, who sent me
some minor tweaks to my changes.
The part of Zope/doc/CHANGES.txt relevant for 3.3.0 -> 3.3.1 is:
Bugfixes
- Fixed widget bug in zope.app.form.browser; _getCurrentValue always
returns an input value now. This fixes a bug in _getFormValue.
(This required a backport of a small restructuring: Changed internal
widget API to allow retrieving the current value (from request,
default or current field value) in addition to the current form
representation of the value.)
- Fixed bug #707: "layer" directive was marked as deprecated in a
confusing way.
- Fixed bug #728: Able to change-dir into non-existant directories using
FTP
- Fixed bug #717: formlib raised FormError when schema fields were
missing from a request although not required.
- Fixed bug #738: RestrictedPython was unable to parse
Unicode expressions correctly (as passed in from e.g. ZPTPages).
- Fixed bug #723: Testbrowser was handling multiple submit buttons with
the same name incorrectly.
- Fixed HTML rendered by ItemsMultiDisplayWidget: The 'name' attribute
is not allowed in list tags and 'type' has a different meaning.
- Fileresources now also set the Cache-control headers on 304
responses. This speeds up page loads a lot on pages with many
resources.
- Fixed validate method of schema.Date, now it does not accept
datetime objects anymore. this is needed because datetime and
date values are not comparable
- Fixed issue 730: Subversion 1.4 breaks mkzopeinstance.py
- Fixed zope.annotation.factory to correctly setup containment for
objects that do not implement IContained.
- Fixed encoding of newlines, carriage returns, and tabs when
encoding attributes for widgets so we're consistent under all
Python 2.4.x versions (including 2.4.4, which failed tests before).
- Fixed issue 535: make HTTPInputStream work with Python 2.4.4.
- Improved fix for issue 599: Made sure i18n Message based Invalid
exceptions are handled correctly.
- Fixed a bug in getImageInfo which could cause an
UnboundLocalError under certain conditions.
- Fixed ``get/queryNextUtility`` to work with multiple base registries.
- Fixed zope.app.catalog.attribute.AttributeIndex. It did not
remove the the previous value/object from the index IF the NEW
value was None.
- Fixed zope.index.field.index.FieldIndex. Unindex broke if the value
somehow dropped out of the forward index.
Changes in 1.4.13:
* added initgroups in spawn-fcgi (#871)
* added apr1 support htpasswd in mod-auth (#870)
* added lighty.stat() to mod_magnet
* fixed segfault in splitted CRLF CRLF sequences
(introduced in 1.4.12) (#876)
* fixed compilation of LOCK support in mod-webdav
* fixed fragments in request-URLs (#869)
* fixed pkg-config check for lua5.1 on debian
* fixed Content-Length = 0 on HEAD requests without
a known Content-Length (#119)
* fixed mkdir() forcing 0700 (#884)
* fixed writev() on FreeBSD 4.x and older (#875)
* removed warning about a 404-error-handler
returned 404
* backported and fixed the buildsystem changes for
webdav locks
* fixed plugin loading so we can finally load lua
extensions in mod_magnet scripts
* fixed large uploads if xattr is enabled
Changes in 1.4.12:
* added experimental LOCK support for webdav
* added Content-Range support for PUT in webdav
* added support for += on empty arrays in config-files
* added ssl.cipher-list and ssl.use-sslv2
* added $HTTP["querystring"] conditional
* added mod_magnet as long-term replacement for mod_cml
* added work-around for a Opera Bug with SSL + Chunked-Encoding
* changed --print-config to print to stdout instead of stderr
* changed no longer use 0600 for new files with webdav. umask is
honored. Make sure you have set a proper umask.
* fixed upload hangs with SSL
* fixed connection drops with SSL (aka bad retry)
* fixed path traversal with \ on cygwin
* fixed mem-leak in mod_flv_streaming
* fixed required trailing newline in configfiles (#142)
* fixed quoting the autoconf files (#466)
* fixed empty Host: + $HTTP["host"] handling (#458)
* fixed handling of If-Modified-Since if ETag is not set
* fixed default-shell if SHELL is not set (#441)
* fixed appending and assigning of env.* vars
* fixed empty FCGI_STDERR packets
* fixed conditional server.allow-http-11
* fixed handling of follow-symlink + lstat()
* fixed SIGHUP handling if max-workers is used
* fixed "Software caused connection abort" messages on FreeBSD
In addition fix a nasty problem in LDAP auth when using with buggy
commercial servers. Some threat an empty password as anonymous bind
and would only fail on the first query, if that requires privileges.
Patch will be included with 1.4.14.
code is shared with psycopg1.
Include a small patch to make keyword mistakes in query args much
more obvious (from django svn). Other users might be as stupid as
the maintainer. Bump revision.
Changes:
* Fix gem deprecation warnings, which also means depending on RubyGems 0.9.0+
[Chad Fowler]
* Require the dispatcher for Rails::Configuration#to_prepare. [Rick]
2007-02-03 Hans de Graaff
* Checkbot 1.79 is released
* RELEASE-PROCESS: Add the release process documentation.
2007-01-27 Gerald Pfeifer
* checkbot (init_suppression): Check and provide error if
suppression file is in fact a directory.
2006-12-28 Hans de Graaff
* checkbot: Add summary to tables to make files XHTML 1.1 compliant.
2006-11-16 Hans de Graaff
* checkbot (handle_doc): Parse the decoded content so that all
character set issues are dealt with before parsing. This solves
bug 1264729.
2006-11-14 Hans de Graaff
* checkbot (performRequest): Simplify the code dealing with
problems of HEAD requests by retrying all 500 reponses instead of
special-cases particular failures that we happen to know
about. This type of problem is all to common, and if there really
is a problem GET will find it anyway.
(add_error): Allow regular expressions in the suppression
file. Based on patch from Eric Noack
2006-11-14 Eric Noack
* checkbot (send_mail): Indicate how many errors are detected in
the notification email's subject.
(handle_doc): Use the URL with which the document was received for
the problem reports and internal accounting, but keep on using the
proper base URL as defined by the reponse object when retrieving
links from the document. This fixes the case where a weird BASE
URL in a document could make it unclear where the actual problem
was.
2006-10-28 Hans de Graaff
* checkbot (performRequest): Handle case where an FTP server may
not be able to handle a HEAD request. This may cause a lot of data
to be transferred in those cases.
2006-05-03 Hans de Graaff
* Checkbot 1.78 is released
2005-12-18 Hans de Graaff
* checkbot (printServerProblems): Make pages XHTML compliant again.
2005-12-18 Jens Schweikhardt
* checkbot: Add classes and ids so that more styling options for
CSS are available.
* checkbot2.css: Example CSS file using the new classes and ids.
2005-11-11 Hans de Graaff
* checkbot: React in a more subtle way if the Time::Duration
module is not found.
2005-09-22 Hans de Graaff
* Makefile.PL: Check for presence of Net::SSL and explain the
effects if this it not present.
2005-08-20 Hans de Graaff
* checkbot (handle_doc): Ignore some 'links' found by LinkExtor
which do not need to link to live links. Fixed bugs #1264447 and
#1107832.
* test.html: Add test cases for it.
2005-08-06 Hans de Graaff
* checkbot (performRequest): Switch from HEAD to GET on a 400
error, as the most likely cause is that the server has trouble
with HEAD requests.
2005-08-05 Hans de Graaff
* checkbot (handle_doc): Also show how many new links are found on
a page, not just the total number of links.
(performRequest): Don't retry GET method on a 403 error.
(handle_doc): Properly handle newlines in the matches for title
and robots meta tag.
2005-07-28 Hans de Graaff
* Checkbot 1.77 is released.
* checkbot: Fix use of $VERSION so that it compiles and can be
used by MakeMaker at the same time.
(handle_doc): Check for presence of robots meta tag and act on it.
Based on a patch by Donald Willingham.
2005-07-25 Hans de Graaff
* Checkbot 1.76 is released.
2005-06-07 Hans de Graaff
* checkbot (printServerProblems): Include title of page.
(handle_doc): Extract title for later printing.
Add new hash url_title to store page titles.
Based on a patch from John Bintz.
2005-04-23 Hans de Graaff
* checkbot: Add documentation on use of file:/// URLs.
2005-01-23 Hans de Graaff
* checkbot: Only send mail when Checkbot has detected any
problems, based on suggestion from Thomas Kuerten.
Print duration of run on final report, and refactor use of start
time variable to facilitate this. Feature depends on availability
of Time::Duration, but checkbot will work without it. Based on
patch from Adam Griff.
2005-01-23 Adam Griff
* checkbot (create_page): Print out more options on results page.
2005-01-21 Hans de Graaff
* checkbot: Remove automatic version number based on CVS version
now that commits will be more frequent than releases.
2004-11-12 Hans de Graaff
* checkbot (handle_url): Ignore javascript: URLs instead of
generating a 904 error. It would be nice to handle these as well.
2004-05-26 Hans de Graaff
* Makefile.PL: Sync HTML::Parser requirement with required
versions of libwww-perl.
2004-05-03 Hans de Graaff
* checkbot: Write better documentation for --file option.
2004-04-26 Hans de Graaff
* checkbot: Minor documentation changes thank to Jens
Schweikhardt.
2007-01-30
cameron:
rc/patterns: exception for upload.wikimedia.org/wikipedia,
report from Mike Lawther 2007-01-24
cameron:
rc/patterns: another bluestreak.com pattern 2007-01-14
cameron:
rc/patterns: sitepoint.com popup 2007-01-05
cameron:
rc/patterns: another ad.yieldmanager.com pattern from Neal
Macklin 2007-01-02
cameron:
rc/patterns: cyber-knowledge.net ad 2006-12-22
cameron:
rc/patterns: sponsorads.de and info-ad.de 2006-12-17
cameron:
rc/patterns: another pattern for mail.com from Clem Jones
index.html: Reassure users about reporting to my personal
address; suggestion from Bill Trost. Mykefile: Tidy up
rebuild process. 2006-12-10
cameron:
rc/patterns: date.com ads 2006-11-22
cameron:
rc/patterns: exception for edubase.com.au from Khairul Faizi
2006-11-17
cameron:
rc/patterns: www.dumpanimage.com 2006-11-16
cameron:
rc/patterns: pennyweb.com ads 2006-11-14
cameron:
rc/patterns: xyz.freeweblogger.com counter 2006-11-12
cameron:
rc/patterns: widen adology pattern 2006-10-27
cameron:
rc/patterns: ads.addynamix.com pattern
extend adultfriendfinder.com/piclist ADJS pattern;
report from Mark Felder
2006-09-29
cameron:
rc/patterns: Refine doubleclick patterns.
pricegrabber ads
2006-09-09
cameron:
scripts/squid_redirect: Add "use bytes" to avoid UTF-8 encoding
complaints on report and diagnosis
from Mike Mitchell. Now regexps are
formally in an 8-bit encoding; we'll
pretend Latin-1 (ISO8859-1).
2006-09-03
cameron:
rc/patterns: www.technologyreview.com PRINT rule 2006-09-02
cameron:
rc/patterns: linkshare pattern widened
a new ad server adtology
2006-07-02
cameron:
rc/patterns: cisco.netacad.net exception from Bruno ROGER
www.splenda.com exception from Billy Newsom
images.blogads.com ads, report from Bill Trost
2006-07-01
cameron:
rc/patterns: private.com banner exception 2006-06-23
cameron:
rc/patterns: generic adserver.* pattern
drop https pattern
2006-06-10
cameron:
rc/patterns: smh.com.au ads 2006-06-01
cameron:
rc/patterns: totemcash.com ad
ads.adsonar.com
2006-05-29
cameron:
rc/patterns: google serves ad images! ouch! 2006-05-27
cameron:
scripts/squid_redirect: Re-enable the *TEXT classes. It
confused too many users. rc/patterns: in page iframe - ick
content.cpxinteractive.com ads widen
content.cpxinteractive.com pattern
2006-05-23
cameron:
rc/patterns: another counter 2006-05-21
cameron:
rc/patterns: another web bug 2006-05-20
cameron:
rc/patterns: tweak mediaplex image pattern
try https pattern for mediaplex
2006-05-19
cameron:
rc/patterns: another web counter 2006-05-16
cameron:
rc/patterns: internationalisation fix for switch.atdmt.com
signup links from Robert Backhaus 2006-05-08
cameron:
index.html: Add mention of BFilter to "other software".
2006-04-25
cameron:
index.html: Make it a little more clear that unzap and overzap
reports should come by email:-)
1.29 November 28, 2006
Require a minium of Module::Build 0.18 when using Apache::TestMB.
PR: 19513
[Philip M. Gollucci]
Teach Apache::TestClient to encode spaces(' ') in query string of URLs
as %20. This is not a full mapping of ASCII to URL encoding.
If you need this, install LWP -- then Apache-Test will use
LWP -- which does this for you.
[Philip M. Gollucci]
Allow Apache::TestClient which is used when LWP is not installed
to accept mutiple headers of the same name.
[Philip M. Gollucci]
Add t_start_error_log_watch() and t_finish_error_log_watch()
to the Apache::TestUtil API which are only exported unpon request.
[Torsten Foertsch <torsten.foertsch@gmx.net>]
Allow version variants of debuggers to be passed as arguments
to -debug. i.e. -debug=gdb65 for systems with multiple
versions of the same debugger. [Philip M. Gollucci]
On Win32, the Apache executable is called httpd.exe in Apache/2.2,
so let Apache::TestConfig try to find that if Apache.exe isn't
found [Randy Kobes]
force reconfiguration if existing configuration was generated
by an older version of Apache-Test [Geoffrey Young]
the -t_pid_file code resulted in confusing and fatal error message
for people using stale 1.27 configurations. so take steps to make
sure things continue to work. [Geoffrey Young]
1.20
[ENHANCEMENTS]
* Added new two-argument form of credentials() method.
$mech->credentials($username, $password);
That provides simpler visiting of password-protected
resources in the vast majority of cases and still
allows the other cases to be supported. (Peter Scott)
[BUG FIXES]
* autocheck no longer is triggered when informational
responses are returned. (Mark Stosberg)
[INTERNALS]
* test suite no longer fails when Test::Warn is missing.
(CPAN testers, Mark Stosberg)
* Removed all the testing against live sites. The networking
code is not actually in Mech anway, and they were prone to
breaking, as the live sites changed. (Mark Stosberg)
1.19_02 Mon Aug 7 23:57:56 CDT 2006
[ENHANCEMENTS]
* Add new Do-What-I-Mean submit_form() option.
$mech->submit_form(
with_fields => \%data
);
That expresses that you want to select the first form contains all
fields in \%data, and then submit the data to that form. See the docs
for form_with_fields() and submit_form() for details.
(Mark Stosberg, inspired by RT#6100)
[BUG FIXES]
* The behavior of clone() now copies over the cookie jar, which
is probably what you expected it did in the first place.
This fixes bug RT#13541 filed against Test::WWW::Mechanize,
which was using clone() internally. (Mark Stosberg)
* The correct URL is returned after redirecting. This a regression
from 1.04 and was reported as RT#9059, RT#12882, and RT#12786.
The documentation about this has also been clarified that we
return a URI object, but that it stringifies to the URI itself.
[DOCUMENTATION]
* Fixed a misleading parm in the constructor.
* Document the return value of set_visible (RT#6071, MJD,
Mark Stosberg)
* Document that form_name and form_number return an HTML::Form
object (Mark Stosberg)
[INTERNALS]
* Made lots of little cleanups based on Perl::Critic
* Fix Taint-mode warnings with Perl 5.6.1 (RT#16945)
3.23 Sun Nov 12 11:09:31 CST 2006
[THINGS THAT MAY BREAK YOUR CODE OR TESTS]
* Mark-Jason Dominus points out that the fix for as_html was not
proper, and broken behavior should never be codified. Fixed
as_html so an empty string doesn't encode entites, instead of
blaming the behavior on HTML::Entities. (RT 18571)
3.22 Sat Nov 11 21:23:22 CST 2006
[THINGS THAT MAY BREAK YOUR CODE OR TESTS]
* HTML::Element::as_XML now only escapes five characters, instead
of escaping everything but alphanumerics and spaces. This is
more in line with the XML spec, and will no longer escape wide
characters as two (or more) entities. Resolves RT 14260. Thanks
to Carl Franks and somewhere [at] confuzzled.lu for assistance.
[FIXES]
* A string comparison was commented to use lc() on both sides, but
didn't. This caused HTML::Element::look_down to not properly find
elements in certain cases. Thanks to Andrew Suhachov. (RT 21114)
[TESTS]
* Added several new tests and enhanced others. Thanks to Rocco
Caputo for t/attributes.t, and several others for providing
test cases in their RT bugs.
[DOCUMENTATION]
* Fixed description of HTML::Element::all_attr_names. Thanks
to dsteinbrunner [at] pobox.com for catching it.
* Fixed example code in HTML::Element::push_content. Thanks
to dsteinbrunner [at] pobox.com for catching it. (RT 21293)
* Fixed description of HTML::Element::as_HTML. Thanks to
Mark-Jason Dominus for catching it. (RT 18569)
3.21 Sun Aug 6 19:10:00 CDT 2006
[FIXES]
* Updated HTML::Parser requirement to 3.46 to fix a bug in
tag-rendering.t, noted in RT 20816 and 19796. Thanks to
Gordon Lack and Ricardo Signes
* Fixed HTML::TreeBuilder to not remove where it shouldn't,
using patch supplied in RT 17481. Thanks to Chris Madsen.
[DOCUMENTATION]
* HTML-Tree has a new maintainer: Pete Krawczyk
two issues. The PLIST was incorrect and since the PLIST is used by
the "moz-install" script, anything missing from the PLIST is never
installed even when building from source. When libfreebl* were not
installed it caused the clients to fail to load the security component
and fail with "The browser failed to load its security component".
The second issue is that many installations of solaris-2.9 include
various glib/gtk/gnome libraries in /usr/lib. This causes failures
because the pkgsrc ones were used at link time and the /usr/lib ones
at run time. Work around this by setting a LD_LIBRARY_PATH that includes
the pkgsrc lib directory first.
pkgrevision bumps all around.
Package info: scp support not enabled (libssh2 is not packaged).
Version 7.16.1 (29 January 2007)
Daniel (29 January 2007)
- Michael Wallner reported that when doing a CONNECT with a custom User-Agent
header, you got _two_ User-Agent headers in the CONNECT request...! Added
test case 287 to verify the fix.
Daniel (28 January 2007)
- curl_easy_reset() now resets the CA bundle path correctly.
- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII
platforms.
Daniel (25 January 2007)
- Added the --libcurl [file] option to curl. Append this option to any
ordinary curl command line, and you will get a libcurl-using source code
written to the file that does the equivalent operation of what your command
line operation does!
Dan F (24 January 2007)
- Fixed a dangling pointer problem that prevented the http_proxy environment
variable from being properly used in many cases (and caused test case 63
to fail).
Daniel (23 January 2007)
- David McCreedy did NTLM changes mainly for non-ASCII platforms:
#1
There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT
defined. I noticed this while testing various configurations. Line 867 of
the current http_ntlm.c is a closing bracket for an if/else pair that only
gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket
wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was
defined. Lines 198 and 140 of my patch wraps that closing bracket in an
#ifdef USE_NTLM2SESSION.
#2
I noticed several picky compiler warnings when DEBUG_ME is defined. I've
fixed them with casting. By the way, DEBUG_ME was a huge help in
understanding this code.
#3
Hopefully the last non-ASCII conversion patch for libcurl in a while. I
changed the "NTLMSSP" literal to hex since this signature must always be in
ASCII.
Conversion code was strategically added where necessary. And the
Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c
creates are NOT translated on non-ASCII platforms.
Dan F (22 January 2007)
- Converted (most of) the test data files into genuine XML. A handful still
are not, due mainly to the lack of support for XML character entities
(e.g. & => & ). This will make it easier to validate test files using
tools like xmllint, as well as to edit and view them using XML tools.
Daniel (16 January 2007)
- Armel Asselin improved libcurl to behave a lot better when an easy handle
doing an FTP transfer is removed from a multi handle before completion. The
fix also fixed the "alive counter" to be correct on "premature removal" for
all protocols.
Dan F (16 January 2007)
- Fixed a small memory leak in tftp uploads discovered by curl's memory leak
detector. Also changed tftp downloads to URL-unescape the downloaded
file name.
Daniel (14 January 2007)
- David McCreedy provided libcurl changes for doing HTTP communication on
non-ASCII platforms. It does add some complexity, most notably with more
#ifdefs, but I want to see this supported added and I can't see how we can
add it without the extra stuff added.
- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present,
libcurl would crash when trying to read a NULL pointer.
Daniel (12 January 2007)
- Toby Peterson found a nasty bug that prevented (lib)curl from properly
downloading (most) things that were larger than 4GB on 32 bit systems. Matt
Witherspoon helped as narrow down the problem.
Daniel (5 January 2007)
- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
will make libcurl shutdown SSL/TLS after the authentication is done on a
FTP-SSL operation.
Daniel (4 January 2007)
- David McCreedy made changes to allow base64 encoding/decoding to work on
non-ASCII platforms.
Daniel (3 January 2007)
- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store
downloaded data in two buffers, just to be able to deal with a special HTTP
pipelining case. That is now only activated for pipelined transfers. In
Matt's case, it showed as a considerable performance difference,
Daniel (2 January 2007)
- Victor Snezhko helped us fix bug report #1603712
(http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate
(CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken
on Windows (since 7.16.0, but that's when they were introduced as previous
to that the limiting logic was made in the application only and not in the
library). It was actually also broken on select()-based systems (as apposed
to poll()) but we haven't had any such reports. We now use select(), Sleep()
or delay() properly to sleep a while without waiting for anything input or
output when the rate limiting is activated with the easy interface.
- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs
to get built static. It has been mentioned before and was again brought to
our attention by Nathanael Nerode who filed debian bug report #405226
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226).
Daniel (29 December 2006)
- Make curl_easy_duphandle() set the magic number in the new handle.
Daniel (22 December 2006)
- Robert Foreman provided a prime example snippet showing how libcurl would
get confused and not acknowledge the 'no_proxy' variable properly once it
had used the proxy and you re-used the same easy handle. I made sure the
proxy name is properly stored in the connect struct rather than the
sessionhandle/easy struct.
- David McCreedy fixed a bad call to getsockname() that wrongly used a size_t
variable to point to when it should be a socklen_t.
- When setting a proxy with environment variables and (for example) running
'curl [URL]' with a URL without a protocol prefix, curl would not send a
correct request as it failed to add the protocol prefix.
Daniel (21 December 2006)
- Robson Braga Araujo reported bug #1618359
(http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a
patch for it: when downloading 2 zero byte files in a row, curl 7.16.0
enters an infinite loop, while curl 7.16.1-20061218 does one additional
unnecessary request.
Fix: During the "Major overhaul introducing http pipelining support and
shared connection cache within the multi handle." change, headerbytecount
was moved to live in the Curl_transfer_keeper structure. But that structure
is reset in the Transfer method, losing the information that we had about
the header size. This patch moves it back to the connectdata struct.
Daniel (16 December 2006)
- Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE
during certain conditions when GnuTLS is used.
Daniel (11 December 2006)
- Alexey Simak found out that when doing FTP with the multi interface and
something went wrong like it got a bad response code back from the server,
libcurl would leak memory. Added test case 538 to verify the fix.
I also noted that the connection would get cached in that case, which
doesn't make sense since it cannot be re-use when the authentication has
failed. I fixed that issue too at the same time, and also that the path
would be "remembered" in vain for cases where the connection was about to
get closed.
Daniel (6 December 2006)
- Sebastien Willemijns reported bug #1603712
(http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections
getting cut off prematurely when --limit-rate is used. While I found no such
problems in my tests nor in my reading of the code, I found that the
--limit-rate code was severly flawed (since it was moved into the lib, since
7.15.5) when used with the easy interface and it didn't work as documented
so I reworked it somewhat and now it works for my tests.
Daniel (5 December 2006)
- Stefan Krause pointed out a compiler warning with a picky MSCV compiler when
passing a curl_off_t argument to the Curl_read_rewind() function which takes
an size_t argument. Curl_read_rewind() also had debug code left in it and it
was put in a different source file with no good reason when only used from
one single spot.
- Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is
no code present in the library that receives the option. Since it was not
possible to use, we know that no current users exist and thus we simply
removed it from the docs and made the code always use the default path of
the code.
- Jared Lundell filed bug report #1604956
(http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting
CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl
will always internally use no less than 1 entry in the connection cache.
- Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in
the 7.16.0 release.
- Martin Skinner brought back bug report #1230118 to haunt us once again.
(http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work
properly for all input dates on Windows. It was mostly seen on some TZ time
zones using DST. Luckily, Martin also provided a fix.
- Alexey Simak filed bug report #1600447
(http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active
FTP connections don't work with the multi interface. The problem is here
that the multi interface state machine has a state during which it can wait
for the data connection to connect, but the active connection is not done in
the same step in the sequence as the passive one is so it doesn't quite work
for active. The active FTP code still use a blocking function to allow the
remote server to connect.
The fix (work-around is a better word) for this problem is to set the
boolean prematurely that the data connection is completed, so that the "wait
for connect" phase ends at once.
The proper fix, left for the future, is of course to make the active FTP
case to act in a non-blocking way too.
- Matt Witherspoon fixed a problem case when the CPU load went to 100% when a
HTTP upload was disconnected:
"What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is
setting *only* POLLHUP on poll() when the conditions in my previous mail
occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So
basically what was happening, is poll() was returning immediately (with
POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or
POLLOUT was set. This still caused Curl_readwrite() to be called, which
quickly returned. Then the transfer() loop kept continuing at full speed
forever."
Daniel (1 December 2006)
- Toon Verwaest reported that there are servers that send the Content-Range:
header in a third, not suppported by libcurl, format and we agreed that we
could make the parser more forgiving to accept all the three found
variations.
Daniel (25 November 2006)
- Venkat Akella found out that libcurl did not like HTTP responses that simply
responded with a single status line and no headers nor body. Starting now, a
HTTP response on a persistent connection (i.e not set to be closed after the
response has been taken care of) must have Content-Length or chunked
encoding set, or libcurl will simply assume that there is no body.
To my horror I learned that we had no less than 57(!) test cases that did bad
HTTP responses like this, and even the test http server (sws) responded badly
when queried by the test system if it is the test system. So although the
actual fix for the problem was tiny, going through all the newly failing test
cases got really painful and boring.
Daniel (24 November 2006)
- James Housley did lots of work and introduced SFTP downloads.
Daniel (13 November 2006)
- Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed
out a stack overwrite (and the corresponding fix) on 64bit Windows when
dealing with HTTP chunked encoding.
Daniel (9 November 2006)
- Nir Soffer updated libcurl.framework.make:
o fix symlinks, should link to Versions, not to ./Versions
o indentation improvments
- Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov
2006. It turned out we wrongly assumed that the connection cache was present
when tearing down a connection.
- Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the
multi interface, but I could also repeat it doing multiple sequential ones
with the easy interface. Using Ciprian's test case, I could fix it.
Daniel (8 November 2006)
- Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
SSL handshake. This is now stopped.
Daniel (7 November 2006)
- Olaf fixed a leftover problem with the CONNECT fix of his that would leave a
wrong error message in the error message buffer.
Daniel (3 November 2006)
- Olaf Stueben provided a patch that I edited slightly. It fixes the notorious
KNOWN_BUGS #25, which happens when a proxy closes the connection when
libcurl has sent CONNECT, as part of an authentication negotiation. Starting
now, libcurl will re-connect accordingly and continue the authentication as
it should.
Daniel (2 November 2006)
- James Housley brought support for SCP transfers, based on the libssh2 library
for the actual network protocol stuff.
Added these new curl_easy_setopt() options:
CURLOPT_SSH_AUTH_TYPES
CURLOPT_SSH_PUBLIC_KEYFILE
CURLOPT_SSH_PRIVATE_KEYFILE
2007-01-12 Gisle Aas
Release 3.56
Cloning of parser state for compatiblity with threads.
Fixed by Bo Lindbergh
Don't require whitespace between declaration tokens.
<http://rt.cpan.org/Ticket/Display.html?id=20864>
2006-07-10 Gisle Aas
Release 3.55
Treat <> at the end of document as text. Used to be
reported as a comment.
Improved Firefox compatiblity for bad HTML:
- Unclosed <script>, <style> are now treated as empty tags.
- Unclosed <textarea>, <xmp> and <plaintext> treat rest as text.
- Unclosed <title> closes at next tag.
Make <!a'b> a comment by itself.
to the old realplayer package; update to reflect this and make it work.
Remove an obsolete exec entry in the PLIST, the same function is already
performed in the do-install target.
Bump PKGREVISION.
pkgsrc changes: merge ap2-ruby to here.
mod_ruby-1.2.6 released
mod_ruby-1.2.6 is released.
Main changes from mod_ruby-1.2.5
- apache/rails-dispatcher.rb supports Rails 1.1.
- added guard conditionals around code that uses dconf to avoid SEGV. Thanks,
Michael Granger.
- fixes for Ruby 1.6.x.
- do not call downcase content_type, content_encoding, and content_lnaguages.
at 2006-06-15 13:32
mod_ruby-1.2.5 released
mod_ruby-1.2.5 is released.
Main changes from mod_ruby-1.2.4
- added RubyRestrictDirectives by David Garamond.
- added Apache::Request#all_params.
- set $0 correctly
- added Apache::RubyProfile.
- added RubyOption.
- added Apache::RailsDispatcher.
- supported Apache 2.2 thanks to Michael Sullivan.
- added RubyGcPerRequest.
- do not timeout if RubyTimeOut is 0.
at 2006-02-19 21:52
Changes since 1.1.6:
* Removed invocation of deprecated before_action and around_action filter
methods. Corresponding before_invocation and after_invocation methods
should be used instead.
* Provide access to the underlying SOAP driver.
* ActionWebService WSDL generation ignores HTTP_X_FORWARDED_HOST
* Tighten rescue clauses.
* Fixed XMLRPC multicall when one of the called methods returns a struct
object.
* Fix invoke_layered since api_method didn't declare :expects.
Changes to squid-2.6.STABLE9 (Jan 24 2007)
- Bug #1878: If-Modified-Since broken in 2.6.STABLE8
- Bug #1877 diskd bug in storeDiskdIOCallback()
Changes to squid-2.6.STABLE8 (Jan 21 2007)
- Bug #1873: authenticateNTLMFixErrorHeader: state 4.
- Document the https_port vhost option, useful in combination with
a wildcard certificate
- Document the existence of connection pinning / forwarding of NTLM
auth and a few other features overlooked in the release notes.
- Spelling correction of the ssl cache_peer option
- Add back the optional "accel" http_port option. Makes accelerator
mode configurations easier to read.
- Bug #1872: Date parsing error causing objects to get unexpectedly
cached.
- Cleanup to have the access.log tags autogenerated from enums.h
- Bug #1783: STALE: Entry's timestamp greater than check time. Clock
going backwards?
- Don't update object timestamps on a failed revalidation.
- Fix how ftp://user@host URLs is rendered when Squid is built with
leak checking enabled
A lot of changes since 1.3.3, including Unicode support and add-on modules
("shimbun").
NOTE:
I had to comment out w3m's "ucs_conv=1" option which is hard-coded in w3m.el,
so that w3m without unicode option also works with emacs-w3m. Do we want
w3m to always have its homegrown yet another Unicode mapping table?
% ls w3m.*
-rwxr-xr-x 1 uebayasi users 513186 Jan 27 20:46 w3m.no-unicode
-rwxr-xr-x 1 uebayasi users 1182323 Jan 27 20:48 w3m.unicode
Quanta Plus
* show Find in Files menu if KFileReplace is installed
* fix various crashes in the debugger
* fix crash when editing a >style> CSS area
* use the correct encoding in the file dialogs
* don't lose upload profile settings in certain cases
* fix symlink handling in Project Rescan, New Project adding
files/folders
* do not set the current project mark to a project that could not
be opened
* allow closing of an untitle editor tab when an image is previewed
inside
* fix problems with the automatic backup system
The mod_fcgid Apache module is a binary compatible alternative to
Apache module mod_fastcgi, but only for apache2 and later.
FastCGI provides a high-performance alternative to CGI for writing
webserver applications.
* A patch for a small security vulnerability in the script Django's
internationalization system uses to compile translation files.
* A fix for a bug in Django's authentication middleware which could cause
apparent "caching" of a logged-in user.
* A patch which disables debugging mode in the flup FastCGI package
Django uses to launch its FastCGI server, which prevents tracebacks
from bubbling up during production use.
devel/apr0/buildlink3.mk:
Add apr<1.0 to BUILDLINK_API_DEPENDS.apr .
devel/subversion/Makefile.common:
Drop --with-apr and --with-apr-util from CONFIGURE_ARGS; these
have not been needed since the buildlink framework started
ensuring the PATH is correct. Drop --with-ssl from
CONFIGURE_ARGS; this has not been necessary since this stopped
using the built-in neon. Include new options.mk .
devel/subversion-base/Makefile:
devel/subversion-base/buildlink3.mk:
Use devel/apr0 or devel/apr & devel/apr-util if
PKG_OPTIONS.subversion has the apr1 option.
devel/subversion-base/options.mk:
Provide apache22 and apr1 options; currently these must be set
together, so enforce that.
www/ap2-subversion/Makefile:
Use apache22 if PKG_OPTIONS.subversion has the apache22 option,
else use apache2.
The serf library is a C-based HTTP client library built upon the Apache
Portable Runtime (APR) library. It multiplexes connections, running the
read/write communication asynchronously. Memory copies and transformations
are kept to a minimum to provide high performance operation.
Update to 1.2.8 (formerly in devel/apr1), no longer build from the
httpd distfile.
devel/rapidsvn:
devel/subversion-base:
parallel/ganglia-monitor-core:
security/hydra:
www/apache2:
Use devel/apr0.
www/apache22:
Use devel/apr and devel/apr-util.
Many changes. See http://kazehakase.sourceforge.jp/
Some of the changes include:
* Fix wrong labels in Certificate Properties dialog.(Jan Jeronym Zvanovec)
* used ruby_disable_message.(Kouhei SUTOU)
* fix the compile problem on NetBSD(Hiroyuki IKEZOE)
* fix bug of purge_history_file_by_timestamp(). (Ryo SHIMIZU)
* support gziped favicon (Kouhei SUTOU)
* use "/favion.ico" as favicon file automatically if favicon URI is not specified by <link ref="..."> tag. (Kouhei SUTOU, Ryo SHIMIZU)
* make exit process faster (Ryo SHIMIZU)
* bug fix of GoUp action(Tomoyuki KAMO)
* use "RSS" when the page title is null(Ryo SHIMIZU)
* New creating thumbnail process with new GECKO APIs. But it is caprice(Hiroyuki IKEZOE)
* Can compile with Firefox2.0 beta(Hiroyuki IKEZOE)
* Show rendering engine on "About" dialog(Kouhei SUTOU)
* Bugfixes, please see http://www.apache.org/dist/httpd/CHANGES_2.2
pkgsrc changes:
* Do not use the included pcre source in apache22.
* devel/apr1 now uses the apache22 version (increased to 1.2.8.2.2.4) to
sync the source with the httpd distfile.
* Remove patches in devel/apr1 which were applied upstream.
Changes since 2.2a1 [2006/07/20]:
- Added a dashboard style display for templates (with multiple selections).
- New "Format" parameter can be used in graph URL to override saved setting.
- PDF and SVG formats are now properly embedded in HTML.
- Added warning and check to avoid obscure error caused by misconfiguration.
- Minor JavaScript enhancements to the graph editor.
- Added notice about CGI.pm incompatibility.
Changes since 2.1.3 [2005/06/19]:
- Various improvements for the graph editor:
+ Extensive code rewrite/cleanup.
+ Added simple HTML tooltips to provide (some) contextual help.
+ Extended JavaScript automation.
+ Clarified creation of new Data Sources.
- rrdtool 1.2.x support:
+ Three new image formats: SVG, EPS and PDF.
+ GIF is no longer supported, automatically switch to PNG.
+ Removed support for deprecated --overlay parameter.
+ Added support for --no-gridfit.
+ Added support for new VDEF, TICK and SHIFT graph commands.
+ Deprecated use of HRULE, STACK and old style GPRINT graph command.
release.
The calendar component has been removed from Seamonkey in favour of Sunbird
(time/sunbird) and Lightning, see http://www.mozilla.org/projects/calendar/
New features and fixes in this version:
General
* ChatZilla has been updated to a newer version (Bug 324439)
* When launching SeaMonkey, already-running instances are detected (Bug 122698)
Browser
* Spelling is checked when writing in textareas (Bug 302050 and bug 338318)
* A warning page is now shown before displaying about:config (Bug 339720)
* Tooltips from web pages can now be multiple lines, either due to automatic
text wrapping or explicit newlines added to the text value (Bug 356900)
* When you visit a secure site, the URL bar changes color to turns make
security status more visible (Bug 335113)
* When using keyword URLs, it is no longer necessary to type "keyword:" (typing
"keyword:" will no longer work). Just type the keyword name (Bug 337339)
* You can now drop URLs and bookmarks between existing tabs, which will result
in a new tab being created where you dropped the URL (Bug 324591)
* When hovering on a tab, the tooltip now displays a preview of the tab's
contents (Bug 315207)
* The search sidebar now behaves better (Bug 252802)
* The bookmarks menu and personal toolbar folder overflow menu now have context
menus (Bug 50504)
Mail & Newsgroups
* Message labelling has been superceded by tagging, which provides much more
than the original 5 labels and comes with new preferences (Bug 342560 and
others)
* The preferences for junk mail have been reorganized, and can now be set on a
per-account basis (Bug 335846)
* Improved phishing detection (Bug 326082 and others)
* New mail notification has been improved (Bug 327613, 305384, and others)
Address Book
* It is now possible to move or copy cards between address books. Cards can
only be copied to mailing lists, so you need to use ctrl key while dragging
to copy the card to the mailing list. When dragging cards between address
books, the default action is move, use ctrl to copy instead. (Bug 35837)
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1/changelog.html
Kahua is CPS, Continuation Passing Style application framework written
in one of scheme implementation, Gauche.
CPS has following advantages.
- You can use "Continuation" easily so you can resolve the typical Web
Applicaiton's problem of process disconnection.
- You can program declaratively by using S-expressions as fundamental
data type.
- You can use Kahua's Object Database to permanent data by itself.
- You can modify the function being run and it supports incremental
development.
Gauche is an R5RS Scheme implementation that is designed to be a
useful tools for daily work. See http://practical-scheme.net/gauche/
in detail.
Kahua is licensed under the modified BSD license. See COPYING in detail.
"Kahua" means platform, location or base in Hawaiian.
tool for creating authentication systems based on other databases.
The module can be used in either of two somewhat divergent ways:
1) External Authentication:
2) Hardcoded Authentication:
o arp-acl is now supported on NetBSD contributed by Jaromir Dolecek <jdolecek@>.
Changes to squid-2.6.STABLE7 (Jan 13 2007)
- Windows port: Fix intermittent build error using Visual Studio
- Add missing tproxy info from the dump of http port configuration
- Bug #1853: Support for ARP ACL on NetBSD
- clientNatLookup(): fix wrong function name in debug messages
- Convert ncsa_auth man page from DOS to Unix text format.
- Bug #1858: digest_ldap_auth had some remains of old hash format
- Correct the select_loops counter when using select(). Was counted twice
- Clarify the http_port vhost option a bit
- Fix cache-control: max-stale without value or bad value
- Bug #1857: Segmentation fault on certain types of ftp:// requests
- Bug #1848: external_acl crashes with an infinite loop under high load
- Bug #1792: max_user_ip not working with NTLM authentication
- Bug #1865: deny_info redirection with authentication related acls
- Small example on how to use the squid_session helper
- Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
- Clarify the transparent http_port option a bit more
- Bug #1828: squid.conf docutemtation error for proxy_auth digest
- Bug #1867: squid.pid isn't removed on shutdown
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
abs_srcdir in config_vars.mk is used during install so needs to reference
the work dir path, and by other packages such as ap2-fastcgi after install,
so we fix after install to reference the installed path
- Fixes ap2-fastcgi build
Patch provided by Alaric Snell-Pym in pkgsrc-users@.
-> Visitors 0.7 Released (30 March 2006)
30Mar2005 - Added screen resolution and color depth report (via Javascript) see the README file for more info.
12Dic2005 - Added --debug option for verbose errors.
17Nov2004 - Debian Bug#339594: default output is html, but the manpage says text. Fixed. Thanks to Rick Pasotto for reporting the bug.
15Nov2005 - --grep and --exclude options implemented.
13Nov2005 - --ignore-404 option, useful to ignore log lines about missing pages. When this option is turned on log lines with 404 errors are just used to genera te the 404 errors report and not used for other reports.
-> Visitors 0.61 Released (25 October 2005)
24Oct2005 - Versioning scheme changed, after 0.6 now there is 0.61 instead of 0.6a like it was in the past. 0.6a may look like an alpha release.
24Oct2005 - Ignore more bots other than bots from google when computing unique visitors stats. This makes unique visitors stats much more reliable, there are crawlers with 200 and more different IP addresses so the unique visitors algorithm does not help there.
-> Visitors 0.6 Released (10 October 2005)
10Oct2005 - New report: Adsensed-pages. Like googled-pages but for the adsense crawler, that's supposted to be the one with Mediapartners-Google user agent.
10Oct2005 - Fixed a bug resulting in wrong googled-pages report.
04Oct2005 - Some formatting problem and a bug introduced in the 0.6 beta version fixed thanks to Simon Waters <sysadmin at zynet dot net>
03Oct2005 - Visitors's site finally contains a Japanese translation thanks to Takeshi ABE (tabe (at) fixedpoint (dot) jp).
02Oct2005 - Fixed the parsing code to detect the user agent string when no occurence of (...) string is present. This results in more accurate stats.
02Oct2005 - New feature: Referer spam filtering via blacklist.h
02Oct2005 - New report: google's "hl" human language.
17Sep2005 - Browsers list updated, Internet Explorer splitted into IE4, IE5 and IE6, detection of Firefox as a special case of Gecko based.
16Sep2005 - Fixed Debian Bug #312345, adding newline for every 'td' table
element generated to create 2D maps. This makes simpler to send reports by
email. Thanks to Simon Waters <sysadmin at zynet dot net>
web.py is a web framework for python that is as simple as it is powerful.
web.py is in the public domain; you can use it for whatever purpose with
absolutely no restrictions.
Trac-0.10.3-ja-1 (Dec 15, 2006)
* Merge trac-0.10.3
* Update to current statement.
* README.trac-ja
* wiki-default/TracJa
* Fixes a invalid trac-links.
* wiki-default/TracModPython
* Fixes ununified translations for "View changes".
* templates/anydiff.cs
* templates/log.cs
* templates/wiki.cs
* wiki-default/TracTermsJa
Trac 0.10.3 (Dec 12, 2006)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.3
Trac 0.10.3 is a bug fix release. The following list contains only a
few highlights:
* Timeline fail to load with a "NoSuchChangeset" error message (#4132).
* Timed out MySQL connections not handled properly (#3645).
* Subversion repository resync broken. (#4204).
The complete list of closed tickets can be found here:
http://trac.edgewall.org/query?status=closed&milestone=0.10.2
or USE_X11BASE set, but don't include mk/x11.buildlink3.mk directly or
via buildlink3.mks
- introduce BUILDLINK_PREFIX.libXpm as alias for BUILDLINK_PREFIX.xpm
in the !modular case
- fix some cases where the check for libX11 couldn't work at all by using
C++ for compilation without including the proper headers
Verified using a full X11_TYPE=xorg bulk build without additional
breakage. Discussed with salo@, wiz@ and send to packages@ for feedback.
MFSA 2006-76 XSS using outer window's Function object
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/
MFSA 2006-76 XSS using outer window's Function object
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/
MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.7/README.html
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.9.html
Changes:
This release of Opera introduces Fraud Protection.
Changes Since Opera 9.02
User interface
* Fixed handling of access keys on Web pages with frames.
* Mail, messaging, and newsfeeds
* Fixed an instability connected with delayed entry of the Master password.
* Deleting of newsfeeds in the panel now both unsubscribes and deletes.
Display and scripting
* Improved performance for elements with both :focus and :hover.
* Fixed an issue with opacity on links that have images nested within them.
Security
* New Fraud Protection feature (a phishing filter).
* Changed Wand data to a new format. The upgrade to this new format
is not reversible.
Miscellaneous
* Multiple stability issues solved, including crashes on Gmail and Google Maps.
* Changed the Mozilla User Agent string to include Firefox identification.
* Improved handling of Web site logins on slow connections.
* Cancellation of torrent downloads now functions as expected.
UNIX-specific changes
* Fixed smooth scrolling.
* Flash 9 beta support for Linux.
* Implemented support for Linux plug-ins on FreeBSD.
* When masking as Internet Explorer, the platform is masked as Windows XP.
* Fixed an issue where floating point numbers were treated as integers
on some Linux systems.
I would list the changes here, but I don't entirely understand them.
XXX Why do we have a separate multimedia/ns-flash package? The
XXX packages to handle the opera plugins depend the ns-flash package
XXX -- perhaps this could do the same so there is only one place this is
XXX handled?
