still considered suspect and COMMON blocks are the wave of the future.
Also, apparently we don't want underscores in constant identifiers, but
minus signs are fine. I.e. do_htpasswd -> bozohttpd-do-htpasswd.
Changes:
- Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Firefox may now be half a
megabyte or smaller. Updating extensions has also improved.
- Faster browser navigation with improvements to back and forward button
performance.
- Drag and drop reordering for browser tabs.
- Improvements to popup blocking.
- Clear Private Data feature provides an easy way to quickly remove
personal data through a menu item or keyboard shortcut.
- Answers.com is added to the search engine list.
- Improvements to product usability including descriptive error pages,
redesigned options menu, RSS discovery, and "Safe Mode" experience.
- Better accessibility including support for DHTML accessibility and
assistive technologies such as the Window-Eyes 5.5 beta screen reader
for Microsoft Windows. Screen readers read aloud all available
information in applications and documents or show the information on
a Braille display, enabling blind and visually impaired users to use
equivalent software functionality as their sighted peers.
- Report a broken Web site wizard to report Web sites that are not
working in Firefox.
- Better support for Mac OS X (10.2 and greater) including profile
migration from Safari and Mac Internet Explorer.
- New support for Web Standards including SVG, CSS 2 and CSS 3, and
JavaScript 1.6.
- Many security enhancements.
Full release notes: http://www.mozilla.com/firefox/releases/1.5.html
XXX: Solaris packages available, need work.
From NEWS:
* added auto-reconnect to ldap-server in mod_auth
(joerg@netbsd.org)
* changed auth.ldap-cafile to be optional
(joerg@netbsd.org)
* added strip_request_uri in mod_fastcgi
* added more X-* headers to mod_proxy
(Ben Grimm <bengrimm@gmail.com>)
* added 'debug' to simple-vhost to suppress the
(mod_simple_vhost.c.157) No such file or directory /servers/ww.lighttpd.net/pages/
messages by default
* added support to let the server listen on UNIX-socket
* changed default stat-cache-engine to 'simple'
* fixed max-age timestamps in mod_expire
* fixed encoding the filenames in PROPFIND in mod_webdav
* fixed range request handling in network_writev
* fixed retry on connect error in mod_fastcgi
(Robert G. Jakabosky <bobby@alphatrade.com>)
* fixed possible crash in mod_webdav if sqlite3 support
is available but not use
* fixed fdvent-handler init if server.max-worker was used
(Siddharth Vijayakrishnan <mail@bluefireworks.net>)
* fixed missing cleanup in mysql_vhost
* fixed assert() in "connections.c:962:
connection_handle_read_state: Assertion 'c->mem->used' failed."
* fixed 64bit issue in md5
* fixed crash in mod_status
* fixed duplicate headers in mod_proxy
* fixed Content-Length in HEAD request in mod_proxy
* fixed unsigned/signed comparisions
* fixed streaming in mod_cgi
* fixed possible overflow in password-salt handling
(reported on slashdot by james-web@and.org)
* fixed server-traffic-limit if connection limit is not set
Change most pkgs to depend on either
emulators/suse_linux/Makefile.application (normal pkgs) or
Makefile.common (suse91 and suse themselves) to filter out Operating
Systems without Linux ABI support. Use CPU masks to limit the pkg to
supported platforms.
2005-12-08 Gisle Aas
Release 5.805
HTTP::Date: The str2time function returned wrong values for
years in the early 20th century, because timelocal() actually
expects the year to be provided on a different scale than what
localtime() returns.
HTTP::Headers can now be constructed with field names that repeat.
The $h->header function now also accept repeating field
names and can also remove headers if passed undef as value.
HTML::Form: The parse method now takes hash style optional
arguments and the old verbose behaviour is now off by default.
HTML::Form: Accept <select multiple=""> for compatibilty with
other browsers. Patch by Josh Rai
HTML::Form: Sane handling of 'disabled' for ListInput.
Based on patch by Joao Lopes
HTTP::Negotiate: Fixed matching of partial language tags.
Patch contributed by Dan Kubb.
HTTP::Response: The as_string method now returns a status line
that doesn't add the "official" code name in the message
field. This improves the ability to round-trip response objects
via HTTP::Response->parse($res->as_string) and makes the first
line of the string returned agree with $res->status_line.
Net::HTTP: The host attribute can now be set undef in
order to suppress this header for HTTP/1.0 requests.
Net::HTTP: The default Host: header does not include the
port number if it is the default (80 for plain HTTP). Some
servers get confused by this.
Net::HTTP: Ignore bogus Content-Length headers. Don't get
confused by leading or trailing whitespace.
LWP::Protocol::http: More efficient sending of small PUT/POST
requests by trying harder to pass off the whole request in a
single call to syswrite.
lwp-request now give better error messages if you used the
-o option without having the HTML-Tree distribution installed.
Also document this dependency.
2005-12-06 Gisle Aas
Release 5.804
HTTP::Message->parse did not work when the first line of the body
was something that looked like a header.
HTTP::Header::Auth needs HTTP::Headers to be loaded before
it replace its functions.
LWP::Protocol::nntp improvements by Ville Skyttä
- Support the nntp: scheme.
- Support hostname in news: and nntp: URIs.
- Close connection and preserve headers also in non-OK responses.
- HEAD support for URIs identifying a newsgroup.
- Comment spelling fixes.
Fix quotes in Net::HTTP example.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=283916
Detect EOF when expecting a chunk header. Should address the
warnings shown in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286775
WWW::RobotRules: Improved parsing of not strictly valid robots.txt files
Makefile.PL: Set name to LWP so that the .packlist ends up in the
expected place.
=== RELEASE 2.1pre20 ===
Wed Dec 7 21:21:18 MET 2005 E. Rosten
Blocklist blocks all accesses, not only images
Wed Dec 7 00:41:09 MET 2005 user:
Fixed proper position after go-back if the file was not in cache
Fixed incorrect initial position on some pages with long tables during
viewing while loading
Fixed some quirks with Braille terminal and jumping by words
-dump -html-numbered-links 1 prints links' locations
Tue Nov 29 00:36:24 MET 2005 mikulas:
Do not load too big files on background (maximum size is cache size / 4)
Mon Nov 28 01:49:54 MET 2005 mikulas:
Restore terminal attributes on fatal errors
Sun Nov 27 22:35:25 CET 2005 mikulas:
Allowed download of files larger than 2G
Thu Nov 24 18:17:38 MET 2005 Konstantin
Regular expressions for javascript
Sat Nov 19 18:57:04 MET 2005 mikulas:
Allow cookies with "secure" parameter
Cookies without path act as if path was "/" instead of current directory
Sat Nov 12 23:34:13 cet 2005 mikulas:
Remove username and password from referer
An option to send real referer only to the same server
Sat Nov 12 20:37:06 MET 2005 user:
Allow user and password in http url --- http://user:password@host/
Wed Nov 9 20:20:45 MET 2005 user:
In graphics mode, prefer "title" to "alt" in <img> tag
Thu Nov 3 00:22:18 MET 2005 user:
Status line is redrawn only when it changes --- prevents cursor flicker
Wed Nov 2 15:36:17 MET 2005 user:
Do not use HTTP/1.1 on lighttpd server
Mon Oct 24 22:19:33 CEST 2005 mikulas:
Account document.write content to javascript memory quota
Print javascript memory in "memory info" dialog window
Mon Oct 24 16:32:40 MET 2005 user:
Recognise "title" attribute in <LINK> tag
Mon Oct 24 16:23:41 MET 2005 user:
Accept application/xhtml as html type
Sun Oct 23 03:38:48 cet 2005 mikulas:
Allow usemap and ismap on images simultaneously
Sat Oct 22 17:16:52 MET 2005 Rezzie
Updated Indonesian translation
Fri Oct 21 15:58:56 MET 2005 user:
"e;
Thu Oct 20 03:30:48 MET DST 2005 mikulas:
Special handling for relative URLs beginning with '&' or '?'
Wed Oct 12 13:27:52 MET 2005 Jakub Bogusz
Updated Polish translation
Tue Oct 11 17:23:26 MET 2005 user:
An optional retry on internal server errors
Tue Oct 11 03:48:52 MET DST 2005 mikulas:
Get indenting of TAB character in UTF-8 documents right
Tue Oct 11 02:40:17 MET DST 2005 mikulas:
Better glob match that does not cause stack overflow
Complete changes are unknown, but some items from HOMEPAGE.
- Make sure to close the file descriptors for temporary files
when uploading files.
- Fix a problem with handling of "file:" scheme.
The second problem might be claimed as a security problem.
pkgsrc changes:
- Add dependency to p5-libwww.
Many new features and refinements.
Notable changes include:
* Konqueror is the second web browser to pass the Acid2 CSS test,
ahead of Firefox and Internet Explorer
* Konqueror can also now free web pages from adverts with its
ad-block feature
* SuperKaramba is included in KDE, providing well-integrated and
easy-to-install widgets for the user's desktop
* Kopete has support for MSN and Yahoo! webcams
* The edutainment module has three new applications (KGeography,
Kanagram and blinKen), and has seen huge improvements in Kalzium
Changes:
- the libcurl.pc pkgconfig file now gets installed on make install
- URL globbing now offers "range steps": [1-100:10]
- LDAPv3 is now the preferred LDAP protocol version
- --max-redirs and CURLOPT_MAXREDIRS set to 0 limits redirects
- improved MSVC makefile
Bugfixes:
- URL buffer overflow problem (CVE-2005-4077)
- using file:// on non-existing files are properly handled
- builds fine on DJGPP
- CURLOPT_ERRORBUFFER is now always filled in on errors
- curl outputs error on bad --limit-rate units
- fixed libcurl's use of poll() on cygwin
- the GnuTLS code didn't support client certificates
- TFTP over IPv6 works
- no reverse lookups on IP addresses when ipv6-enabled
- SSPI compatibility fix: using the proper DLLs
- binary LDAP properties are now shown base64 encoded
- Windows uploads from stdin using curl can now contain ctrl-Z bytes
- -r [num] would produce an invalid HTTP Range: header
- multi interface with multi IP hosts could leak socket descriptors
- the GnuTLS code didn't handle rehandshakes
- re-use of a dead FTP connection
- name resolve error codes fixed for Windows builds
- double WWW-Authenticate Digest headers are now handled
- curl-config --vernum fixed
Including fix for long title & history file problem.
http://www.mozilla.org/security/history-title.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=319004
What's New in Firefox 1.5
Firefox 1.5 is the next version of our award-winning Web browser.
Here's what's new in Firefox 1.5:
* Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Firefox may now be half a
megabyte or smaller. Updating extensions has also improved.
* Faster browser navigation with improvements to back and forward
button performance.
* Drag and drop reordering for browser tabs.
* Improvements to popup blocking.
* Clear Private Data feature provides an easy way to quickly remove
personal data through a menu item or keyboard shortcut.
* Answers.com is added to the search engine list.
* Improvements to product usability including descriptive error pages,
redesigned options menu, RSS discovery, and "Safe Mode" experience.
* Better accessibility including support for DHTML accessibility and
assistive technologies such as the Window-Eyes 5.5 beta screen reader
for Microsoft Windows. Screen readers read aloud all available
information in applications and documents or show the information on a
Braille display, enabling blind and visually impaired users to use
equivalent software functionality as their sighted peers.
* Report a broken Web site wizard to report Web sites that are not
working in Firefox.
* Better support for Mac OS X (10.2 and greater) including profile
migration from Safari and Mac Internet Explorer.
* New support for Web Standards including SVG, CSS 2 and CSS 3, and
JavaScript 1.6.
* Many security enhancements.
The Burning Edge has more detailed lists of new features and notable bug fixes.
http://www.squarefree.com/burningedge/releases/1.5-comprehensive.html
"unlinkd" option is propsed from Dave Sainty by private mail.
- Change "perl:run" to "perl" in USE_TOOLS since perl is used at build time.
- Quiet pkglint; changing make macro in double quotation into :Q modifier.
Bump PKGREVISION.
- WARN: Makefile:9: PKGNAME should not be used in DIST_SUBDIR, as it
sometimes includes the PKGREVISION. Please use PKGNAME_NOREV instead.
Noted by Geert Hendrickx on tech-pkg.
From the CHANGES:
> Major changes compared to the Horde version 3.0.5 are:
> * Fixed sidebar menu layout with Opera browsers.
> * Fixed calendar popup with Safari browsers.
> * Fixed blank screens with Internet Explorer browsers after logins.
> * Fixed warnings with PHP 4.4.0 and 5.0.5.
> * Added ability to enable and disable IMSP globally.
> * Fixed URL generation with some PHP CGI setups.
> * Fixed sharing with groups if using group hooks.
> * Updated Finnish, French, German, Hungarian, Korean, Polish, Slovak,
> Turkish, and Traditional Chinese translations.
> * Minor improvements and bug fixes.
>
> Major changes compared to the Horde version 3.0.6 are:
> * Fixed cross site scripting vulnerabilities in the gzip/tar and css MIME
> viewers.
> * Fixed MySQL session handler.
1.8 2005-10-06
- Bug fix to stop death in Apache::Session::Lock::Semaphore.
1.70_01 2004-09-01
- Casey West takes the pumpkin.
- Complete rewrite of test suite to use Test::* modules.
- Minor documentation tweaks.
1.27 - October 20, 2005
localize ScriptSock directive to always point to t/logs/cgisock
regardless of inherited and custom mod_cgid settings
[Geoffrey Young]
Prevent the config file from being overwritten
on platforms such as WIN32 under certain conditions.
[Randy Kobes]
make sure that the TESTS Makefile.PL parameter is properly
recognized ["Christopher H. Laco"]
Add the output of ldd(unix/cygwin) and otool -L (darwin)
for httpd to the mp2bug report script.
[Philip M. Gollucci]
fall back on using httpd-defined HTTPD_ROOT as the base for
httpd.conf if all other options fail. [Geoffrey Young]
1.26 - July 25, 2005
some people have their Apache user/group names include spaces, so fix
the autogenerated httpd.conf to quote the two. [Stas]
make sure mp2 loading doesn't make it impossible to complete
mp1 runs. [Matt Sergeant, Geoffrey Young]
add Apache::TestConfigParrot and Apache::TestRunParrot to
support mod_parrot server-side testing [Geoffrey Young]
update -withtestmore action to properly work with newer versions
of Test::Builder [Geoffrey Young]
1.25 - June 17, 2005
provide $Apache::TestUtil::DEBUG_OUTPUT as target for t_debug()
statements, defaulting to STDOUT. this allows for changing
t_debug() to STDERR when using functions like t_write_file()
from within handler() server-side tests. [Geoffrey Young]
adjust need_module()/have_module() to not try to require a module if
it was explicitly passed with a .c extension. in certain cases this
prevents a fatal error (e.g. trying to call
Apache::Test::have_module('mod_alias.c') from the <Perl>
sections. [Stas]
1.24 - May 20, 2005
When adding TypesConfig directives (either inherited from the global
httpd.conf or from the locally generated mime.types) make sure to
enclose it in <IfModule mod_mime.c>..</IfModule>, since mod_mime might
be unavailable. [Stas]
1.23 - May 3, 2005
Fix Apache::TestRequest::hostport to return the default host:port
string if $Apache::TestRequest::Module is 'default' or undef [Stas]
Fix Apache::TestRequest::module2url to allow passing '' as a URI
path. [Stas]
tweaks to Apache::TestClient to better deal with corrupted responses
when LWP is not available. [Stas]
1.22 - April 14, 2005
******************** IMPORTANT ********************
this version of Apache-Test does not completely
configure mod_perl for mod_perl versions 1.99_21 or
earlier. Please read the below changes carefully.
***************************************************
remove Apache::TestConfig::modperl_2_inc_fixup(). Apache-Test
is no longer Apache2.pm aware - it will not configure mod_perl
support to look in Apache2/ automatically. [joes]
Add support for mp2's Apache:: -> Apache2:: rename [joes]
1.21 - March 23, 2005
fix Apache::TestConfig (was missing 'use lib' before using
lib::import) [William McKee]
TestConfigPerl will now configure mod_perl last, giving mod_perl
highest priority throughout the httpd lifecycle. [Geoffrey Young]
Apache::TestConfig::untaint_path needs to remove empty entries in the
PATH list, since -T considers those tainted too. [Stas]
add Apache::TestHarnessPHP which allows for running client-side
scripts via php instead of perl. [Geoffrey Young]
1.16 Fri Oct 28 17:34:20 CDT 2005
[ENHANCEMENTS]
* Sped up Mech significantly (~20% in some cases). Images and
links are extracted from the HTML, and objects are created,
only when they're actually needed. This will be a speedup for
pages where you're only following links, or vice versa.
[THINGS THAT MAY BREAK YOUR CODE]
* If you've been relying on the $mech->{images} and $mech->{links}
fields being populated so that you can bypass the $mech->images()
and $mech->links() accessors, your code will break. That's OK,
because you should have been using the accessors all along.
1.14 Tue Aug 30 17:17:40 CDT 2005
[DOCUMENTATION]
* Added lots of new FAQs. Thanks to Peter Stevens.
[INTERNALS]
* Now requires Test::LongString. That's not too odious.
[FIXES]
* Tests now pass with the shuffling around that Google did.
1.13_01 Tue Apr 12 14:11:18 CDT 2005
[ENHANCEMENTS]
* Now dies if you call submit_form() with a non-existsing
form_number or form_name. Before, it would just warn.
[DOCUMENTATION]
* Added an example of using credentials() in the cookbook.
2005-10-24 Gisle Aas
Release 3.46
Don't try to treat an literal as space.
This breaks Unicode parsing.
https://rt.cpan.org/Ticket/Display.html?id=15068
The unbroken_text option is now by default on
for HTML::TokeParser.
HTML::Entities::encode will no encode "'" by default.
Improved report/ignore_tags documentation by
Norbert Kiesel
Test suite now use Test::More, by
Norbert Kiesel
Fix HTML::Entities typo spotted by
Stefan Funke
Faster load time with XSLoader (perl-5.6 or better now required).
Fixed POD markup errors in some of the modules.
This is done via an option group, default is CGI. Note that the
FastCGI interpreter can still be used for normal CGI, but there
might be security issues involved in doing so.
