* fiberlamp fix for array bounds read and leak fix for deluxe
+ magick and raster file (ras) fixes for True Color by Jouk Jansen
Removed some compiler/lint warnings.
deluxe mode ported from xscreensaver by Jouk Jansen.
anemone mode ported from xscreensaver by Jouk Jansen
win32 changes from Petey Leinonen:
added XPutPixel()
pacman now works by changing the initialization and now can create a
1 bit depth bitmap when asked for.
* new since BETA
+ update since BETA
2.08 Wed May 3 17:17:33 EDT 2006
- Implemented new rasterizer for grid mapping. Thanks to Roland
Schar for a tortuous example of span issues.
- Regular extraction and TREE mode are using the same
rasterizer now.
- Fixed HTML stripping for a header matching bug on single word
text in keep_html mode (thanks to Michael S. Muegel for
pointing the bug out)
2.07 Sun Feb 19 13:40:44 EST 2006
- Fixed subtable slicing bug
- Fixed hrow() attachment bug
- Added tests
* Add -adaptive-sharpen to the convert and mogrify programs.
Changes 6.2.7.2:
* Generate proper image filenames when filename has more than one embedded
period (e.g. image.gif.eps becomes image.gif-0.eps, image.gif-1.eps,
etc.).
* CompositeImage() is now thread-safe.
* add options -l, -r and -t. add to -f option
* improve I/O on Linux using fgetc_locked().
* improve searching of long sorted lists using tsearch()
* change order of merging and prefix-stripping so stripping all prefixes,
e.g., with -p9, will be sorted as expected
* correct a reference to freed memory after merging found with valgrind.
* fix a different case for data beginning with "--" which was treated as
a header line.
* Fix allocation problems. Open files in binary mode for reading.
Getopt returns -1, not necessarily EOF. Add const where useful. Use
NO_IDENT where necessary. malloc() comes from <stdlib.h> in standard
systems
* minor fix for resync of unified diffs checks for range (line beginning
with '@' without header lines (successive lines beginning with "---"
and "+++")
Changes:
2006-04-25 Mikio Hirabayashi
* estnode.c (est_get_host_addr): a bug about race confition of
threads was fixed.
* wavermod.c (fetch_document): a bug about checking
"content-type" header was fixed.
* wavermod.c (make_doc_from_html): "frame" and "link" elements
were to be followed.
* wavermod.c (make_doc_from_draft, make_doc_from_mime,
make_doc_with_xcmd): new functions.
* wavermod.c (waver_open): "allowrx" and "denyrx" were to be
able to be more than once.
* estwaver.c (runcrawl, proccrawl): "-restart" and "-revisit"
options were added.
* estcmd.c (doputdoc): "_lpath", "_lreal", and "_lfile" were not to be overwritten.
* estwolefind (outputlist): WWWOFFLE 2.9a was to be supported.
- Release: 1.2.4
to version 2.0.58. Change since Apache relase 2.0.55:
- Legal: Restored original years in copyright notices.
- mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. Apache#36410.
- core: Prevent read of unitialized memory in ap_rgetline_core.
Apache#39282.
- mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. Apache#11971.
- mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix.
- HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>.
- SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
Apache#37791.
- SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
- Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'.
- Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
- Default handler: Don't return output filter apr_status_t values.
Apache#31759.
- mod_speling: Stop crashing with certain non-file requests.
- keep the Content-Length header for a HEAD with no response body.
Apache#18757
- Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
- Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. Apache#38070.
- mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. Apache#27787.
- mod_cache: Correctly handle responses with a 301 status. Apache#37347.
- mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. Apache#37145.
- Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
- mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. Apache#34452.
- Document the ReceiveBufferSize change done in r157583.
- mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. Apache#37559.
- mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL.
- mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows.
- Write message to error log if AuthGroupFile cannot be opened.
Apache#37566.
- Add ReceiveBufferSize directive to control the TCP receive buffer.
- mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125.
- Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header.
- http_request.c: Add missing va_end call.
- Add httxt2dbm to support/ for creating RewriteMap DBM Files.
- support/check_forensic: Fix temp file usage
- Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets.
- mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
Apache#15242
- Added new module mod_version, which provides version dependent
configuration containers.
- Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
are custom paper sizes, n-up printing selections, page borders, jpeg
and png previewing, job control options, and extended option types
to support foomatic and fax4CUPS.
A repeatable SEGV is fixed (patch also sent to xpp maintainer).
Closes PR pkg/32930
Reviewed by <bouyer>
Some of the key changes include:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare()
function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
* Fixed a number of crashes in the DOM, SOAP and PDO extensions.
* Upgraded bundled PCRE library to version 6.6
* The use of the var keyword to declare properties no longer raises
a deprecation E_STRICT.
* FastCGI interface was completely reimplemented.
* Multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions.
* Over 120 various bug fixes.
See release annoucement on:
http://www.php.net/release_5_1_3.php
And ChangeLog:
http://www.php.net/ChangeLog-5.php#5.1.3
