The main security vulnerabilities addressed in 1.3.33 are:
* CAN-2004-0940 (cve.mitre.org)
Fix potential buffer overflow with escaped characters in SSI tag string.
* CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid
(negative) Content-Length.
New features
* Win32: Improve error reporting after a failed attempt to
spawn a piped log process or rewrite map process.
* Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It
controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined
during compilation, UseCanonicalName Off will use the physical
port number to generate the canonical name. If not defined, it
tries the current Port value followed by the default port for
the current scheme.
The following bugs were found in Apache 1.3.31 (or earlier) and
have been fixed in Apache 1.3.33:
* mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
* mod_rewrite: Fix 0 bytes write into random memory position. PR 31036.
* mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920.
* Fix trivial bug in mod_log_forensic that caused the child to
seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
* No longer breaks mod_dav, frontpage and others. Repair a
patch in 1.3.31 which prevented discarding the request body
for requests that will be keptalive but are not currently
keptalive. PR 29237.
so that we'd not force dependance on specific MySQL version, and instead pick
the currently installed mysql*-client (or install the default if there
is no mysql-client package installed yet)
this makes package buildable with arbitrary MySQL version, such as 3.23.x,
4.0.x or 4.1.x
Collection.
FastCGI provides a high-performance alternative to CGI for writing Web
server applications in a variety of languages, including Perl, C, C++,
Java, and Python. FastCGI gets its speed by having keeping application
processes running between requests. So, unlike CGI, you do not have the
overhead of starting up a new process and doing application initialization
(e.g. connecting to a database) each time somebody requests a document.
This package works with Apache version 2 series. In order to use FastCGI
with the version 1.3 series, use www/ap-fastcgi instead.
rest through a Makefile.common entity. It will help with incoming
ap2-fastcgi addition.
Changes: lots of!
2.4.2
*) [WIN] Fix handle leaks in the process manager.
Sascha Schumann [sascha@schumann.cx]
*) [WIN] Use a permanent pool for allocating the SystemRoot
environment variable. Sakamoto [ringring@zb4.so-net.ne.jp]
*) [WIN] Fix starting of scripts under AP2.
*) Do the connect() to the application *after* collecting a chunk
of client data. This reinstates the pre-2.4.0 behaviour.
James Jurach [muaddib@erf.net].
*) Remove an assert that was triggering on WIN when spawn() failed.
*) Provide the NO_SUEXEC_FOR_AP_USER_N_GROUP macro for building
mod_fastcgi with the AP13 suexec behaviour (don't use suexec
if httpd's user and group match that needed for the application).
*) Prevent the use of all but the "auth" directives from being used
anywhere but in global scope. Prevent more than one instance
of the FastCgiWrapper directive.
*) Return NOT_FOUND (404) or FORBIDDEN (403) instead of
INTERNAL_SERVER_ERROR (500) when there are configuration issues
or the script does't exist. Suggested by Jeff Lawson [bovine@ud.com].
2.4.0
*) [*nix Security] - When FastCgiWrapper (FastCgiSuexec) was in use
and a vhost configured to use the same uid/gid as the main
server, mod_fastcgi would not bother using the wrapper (suexec)
because its effective uid/gid was already appropriate. This is
consistent with Apache's v1.3 mod_cgi behaviour. There are two
problems with this approach: 1) when FastCgWrapper is in use
mod_fastcgi's process manager keeps its root privileges (as its
real uid/gid) so it can terminate the applications its starts -
this privilege was being passed to applications when the use of
the wrapper was bypassed 2) wrappers are often employed to
perform functionality beyond setting the uid/gid - by not calling
the wrapper under certain circumstances, application invocation
environments were inconsistent. With this change, the wrapper is
always used (when enabled) under both Apache 1.3 and 2.
Reported by Michael Richards [michael@fastmail.ca].
*) [*nix/AP2] Use the vhost uid/gid instead of the server uid/gid
for dynamic application invocation when the FastCgiWrapper is in use.
Reported by Michael Richards [michael@fastmail.ca]
*) [*nix] Fix handling of FastCgiWrapper when passed a real path,
i.e. other than "on" or "off". Michael Richards [michael@fastmail.ca]
*) Eliminate the logging of "incomplete headers (0 bytes) received from
server" when a client aborts.
*) [WIN32] Fix a delay in handling large POSTs to named pipe based
servers. Philip Gladstone [philip@okena.com]
*) [*nix/AP2] Prevent the module from being initalized twice at startup
(resulting in confusing error messages to the log).
*) Eliminate the need for SetHandler or AddHandler with static or
external applications.
*) Limit PM requests to start a dynamic application
to 5sec to prevent endless spinning (this is a drop-dead
limit that should only occur if the socket/named_pipe directory
is removed out from under a running server).
*) [*nix] Change the default socket directory from /tmp/fcgi to:
Apache - logs/fastcgi
Apache2 - RUNTIMEDIR/fastcgi
*) Add -user & -group args to FastCgiServer and FastCgiExternalServer
for use with wrappers (in lieu of finding the user/group associated
with a virtual host - under Apache2 this isn't accomodated).
*) [WIN32] Under Apache2, require v2.0.41 or later in order to pickup my
apr_proc_create() changes.
*) Log when invoking and restoring the restart backoff policy.
*) [WIN32] Prevent intermittent ReadFile() failures (properly initialize the
OVERLAPPED structure).
*) Eliminate need for dummy files for external servers under Apache2
*) Fix auth compatibility mode handling for access checker and authorizer
*) Fix HEAD request handling. Based on a patch by
Chris Lightfoot [chris@ex-parrot.com]
*) [*nix] When autoupdate is enabled touch the socket when restarting
the processes to prevent further requests.
Eckebrecht von Pappenheim [evp@heise.de]
*) Apache 2.0 support.
*) [WIN32] Don't read from a potentially closed named pipe.
Philip Gladstone [philip@okena.com]
*) Require the Apache version 1.3.6 or later to eliminate some signal
handling funk.
*) [WIN32] Use asyncronous io with named pipes instead of polled
nonblocking io. This should eliminate the last of the npipe issues.
*) Handle an application returning a complete and valid response without
having consumed all of the data sent to it.
*) Consume remaining client data (RESPONDERs only) if any.
*) Add support for backing off attempts to start applications that continuously
fail to start. Three new macros defined in mod_fastcgi.h control this
behaviour: MAX_FAILED_STARTS, RUNTIME_SUCCESS_INTERVAL, FAILED_STARTS_DELAY
*) [WIN32] Add (back) support for use of TerminateProcess() to accomodate
applications that do not (properly) support the shutdown event (this
feature was introduced in fcgi2 2.2.2 and improved in 2.2.4). The
new macro WIN32_SHUTDOWN_GRACEFUL_WAIT in mod_fastcgi.h conrols the
interval between signaling a proper shutdown and wacking the process(s)
with a TerminateProcess().
*) [WIN32] Don't set the OVERLAPPED_IO flag on NamedPipe listen HANDLEs -
setting it was just plain broken.
*) [WIN32] Fix the accept mutex - all applications were sharing one!?
*) Fix 'FastCgiConfig -autoUpdate'.
*) Fix 'FastCgiConfig -flush'.
*) Prevent silly maxProcesses and processSlack combinations.
Dmitry Dorofeev [dima@yasp.com]
*) Properly handle the killing of idle processes when one takes a long time
to exit once signaled down (or the config is funky).
Dmitry Dorofeev [dima@yasp.com]
2.2.12
*) Delay the logging of write errors to the pm to account for shutdown/restart.
*) (Win32) An assortment of fixes.
*) Fix some broken casts that were likely the cause of an assert.
*) Win32. Eliminate forward slashes from the named pipe path name.
Gerald Richter [richter@ecos.de]
*) SIGUSR2 is no longer blocked in the process manager and the fastcgi
applications it spawns. [ryans@amazon.com]
*) Added support for the -flush argument to FastCgiConfig.
Eric Sit [esit@alum.mit.edu]
*) Change the "which call to module_init() is this" check to a more
reliable approach. Doru Petrescu [pdoru@kappa.ro]
*) Close the old pipe file descriptor in apache main on USR1/HUP
(elimnates a small leak). James E. Jurach Jr. jjurach@fundsxpress.com
*) Fix a bug in fcgi_config_set_authoritative_slot(). Tetsuya Furukawa
[tetsuya@secom-sis.co.jp]
*) Eliminate the use of locks to assist in the clean shutdown of
applications. Instead, it is assumed that applications handle
termination signals properly (this is now embedded in the C
application lib).
*) Fix Win32 process termination. Proper operation requires the use of
an updated application lib (termination is now signalled with an
Event and handled by specialized thread).
*) Docs cleanup. Andrew Benham [adsb@bigfoot.com]
*) Added code so if the last instance of a dynamic application died without
provocation, then don't restart it if singleThreshold > 0 (i.e. if the
configuration allows the last instance to be killed, then allow it to die).
Andrew Benham [adsb@bigfoot.com]
*) Fix the loadFactor calculation used to determine when dyanmic
applications could be killed off due to low demand [adsb@bigfoot.com].
*) Fix a deadlock condition that could occur with Win32 named
pipes (dynamic).
*) Fix a potential deadlock condition when FastCGI application
sent responses while still reading the client request (POST data).
#------------------------------------------------------------------------
# Version 2.14 - 4th October 2004
#------------------------------------------------------------------------
* Applied patch from Harald Joerg to prevent ttree from spewing warnings
when copying files.
* Applied a patch from Paul Orrock to fix a couple of missing errors in
ttree.
* Commented out line 797 of Template::Directive.pm which serves no
purpose and generates a warning.
* Applied a patch from Mark Fowler to add support for Unicode to TT.
* Changed the fourth argument to process() to accept named IO layers for
binmode, e.g. process($in, $vars, $out, binmode => ':utf8');
* Added full range of command line options to tpage.
* Applied patches from Tosh Cooey, Simon Wilcox and Kenny Gatdula to fix
XML::Simple to allow direct access to XMLin() and XMLout() methods.
* Fixed a bug in the 'callers' list maintained by a template component
which was failing to remove callers from the list after processing.
* Applied a doc patch from Dave Cash documenting caller and callers.
#------------------------------------------------------------------------
# Version 2.13 - 30th January 2004
#------------------------------------------------------------------------
* Applied patch from Dave Cash to add 'caller' and 'callers' to
'component', see
* Applied patch from Dylan William Hardison to ttree which prevents
dependencies from interfering with files that are copied. See
#------------------------------------------------------------------------
# Version 2.12a - 13th January 2004 ## DEVELOPER RELEASE ##
#------------------------------------------------------------------------
* Fixed the bug in test 25 of t/date.t, hopefully for good this time,
thanks to the efforts of Steve Peters.
* Added the FILE_INFO option to Template::Parser. Enabled by default,
this can be set to 0 to prevent the parser from adding file and line
info to the generated Perl file. Don't ask me why - Autrijus wanted
it (which probably means he's up to something twisted again :-).
#------------------------------------------------------------------------
# Version 2.12 - 12th January 2004
#------------------------------------------------------------------------
* Added the module_version() method to Template::Base to report the
version number of a module. Added some tests to t/base.t.
* Added the --template_module option to ttree, to allow the user to
specify a template processing module other than the default 'Template'
to be used. Also changed various print statements to send all
verbose output to stdout, whereas previously it was split across stdout
and stderr.
#------------------------------------------------------------------------
# Version 2.11b - 7th January 2004 ## DEVELOPER RELEASE ##
#------------------------------------------------------------------------
* Applied patch from Myk Melez to ensure the 'component' variable
remains correctly set to the current templates.
#------------------------------------------------------------------------
# Version 2.11a - 6th January 2004 ## DEVELOPER RELEASE ##
#------------------------------------------------------------------------
* Fixed bug in t/date.t and corrected version number of
Template::Grammar.
#------------------------------------------------------------------------
# Version 2.11 - 6th January 2004
#------------------------------------------------------------------------
* Bumped version number and updated documentation for release.
#------------------------------------------------------------------------
# Version 2.10b - 2nd December 2003 ## DEVELOPER RELEASE ##
#------------------------------------------------------------------------
* Changed the Template::Document process() method to pass itself
to the context visit() method when it calls it. Similarly, changed
the context visit() method to expect it. This is useful when
subclassing the context but shouldn't have any other effect.
* Modified parser to add the file name and line number of the source
template to generated Perl code. This provides useful information
when warnings and errors are generated by Perl at runtime. Added
the t/fileline.t script to test it.
#------------------------------------------------------------------------
# Version 2.10a - 9th October 2003 ## DEVELOPER RELEASE ##
#------------------------------------------------------------------------
* Applied two patches from Axel Gerstmair to fix bugs in Makefile.PL
and t/date.t.
* Applied patch from Jim Cromie to t/autoform.t to skip tests on all
versions of Perl from 5.8.0 onwards.
* Changed $OUTPUT in Template::Directive to be a package variable,
allowing it to be re-defined to permit a flushed output hack.
* Applied a patch from Darren to the 'item' hash vmethod to protect
against accessing private variables (prefixed '.' or '_')
* Applied a patch from Ivan Adzhubey to template/splash/frame.
* Applied a patch from Bryce Harrington to add the absolute and
relative options to ttree. Also applied a patch from Mark Anderson
to add the 'template_debug'. Removed the old debug option which was
as good as useless.
* Applied another patch from Mark to push files named on the command
line through the process_file() sub to ensure that various options
like accept checking, pemission preserving and copy processing (but
not modification time) are applied.
* Applied a variation of yet another ttree patch from Mark to add the
'suffix' option for changing the suffix of output files created.
* Applied a variation of a patch from Dylan William Hardison which
adds the 'depend' and 'depend_file' options to ttree.
More specifically, this lets Mozilla NSS be used by other programs.
Also make the pkgconfig substitutions happen at post-build time, so that
the right rpaths are added to the mozilla-nspr.pc file (which is filled
in during the build).
Bump PKGREVISION to 1 for both packages. Ok'ed by taya@, the maintainer.
Changes since 0.5.3:
* Finally added a menu option to remove a single item.
Sorry that it took so long! (Lars Lindner)
* Item modification times are now correctly converted to the local
timezone. (Nathan Conrad)
* The help feeds are now (almost) normal subscriptions
and can be removed and modified. The only remaining
difference is that the version in the URL is updated
automatically and that old items are dropped. This
also removes the special icon of the help folder.
(Lars Lindner)
* Removed the ugly unavailable icon. Now the GNOME stock
icon for the error dialog is used. (Lars Lindner)
* Added a default feed list that is installed upon the
first program start. Added a Spanish localized version
by Topopardo. (Lars Lindner)
* Added support for reading subscriptions URLs from
a named pipe (~/.liferea/new_subscription) to allow
external programs to add feeds. (Lars Lindner)
* Itemlist sorting order is now saved on a per-feed basis.
(Nathan Conrad)
* Experimental vfolder implementation. When you do a search
you now can save the search result as a vfolder. There
is still a lot to do but just play around and write us
your opinion! (Lars Lindner)
* Fixed a bug that caused a crash when right clicking the
feed list in filtered mode. (Lars Lindner)
* Fixed a problem with the session managment registering
which prevented the usage of the Mozilla browser module.
(Nathan Conrad)
* Iconification state is saved between sessions. (Nathan Conrad)
* URLs are now stripped of leading and trailing
whitespace. (Nathan Conrad)
* Update of the Italian translation (Dario Conigliaro)
* Fixed a big memory leak. (Lars Lindner)
* Some fixes in the RPM spec file (Noa Resare)
* Update of the Czech translation (Juraj Kubelka)
* Updated RPM spec file. (Daniel Resare)
* Update of the French translation (Vincent Lefevre)
* Fixed HTTP authentication problem with case sensitivy
in the HTTP headers. (Nathan Conrad)
* Fixed gaim strings in the configure output reported by
Russell Kaiser. (Nathan Conrad)
* Corrected dependency for libxml2 from 2.0 to 2.4.1 for the
configure script and allow older versions of gconf. (Nathan
Conrad)
* Removed accidental usage of libxml2 2.6 usage. Liferea should
now work with libxml2 2.4.1 or newer. (Nathan Conrad)
* Fixed a mistake in the German translation. (Lars Lindner)
* Fixed a bug that prevented RSS content:encoded tags
to be parsed. (Lars Lindner)
- mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
[michael teitler <michael.teitler cetelem.fr>,
Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
- mod_rewrite: Fix 0 bytes write into random memory position.
PR 31036. [André Malo]
- mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920. [Joe Orton]
- Trigger an error when a LoadModule directive attempts to
load a module which is built-in. This is a common error when
switching from a DSO build to a static build.
[Jeff Trawick, Geoffrey Young]
- Fix trivial bug in mod_log_forensic that caused the child
to seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
[Will Slater <Will Slater orbisuk.com>]
- Fix memory leak in the cache handling of mod_rewrite. PR 27862.
[chunyan sheng <shengperson yahoo.com>, André Malo]
- mod_rewrite no longer confuses the RewriteMap caches if
different maps defined in different virtual hosts use the
same map name. PR 26462. [André Malo]
- mod_setenvif: Remove "support" for Remote_User variable which
never worked at all. PR 25725. [André Malo]
- mod_usertrack: Escape the cookie name before pasting into the
regexp. [André Malo]
- Win32: Improve error reporting after a failed attempt to spawn a
piped log process or rewrite map process. [Jeff Trawick]
- SECURITY: CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid (negative)
Content-Length. [Mark Cox]
- Fix a bunch of cases where the return code of the regex compiler
was not checked properly. This affects mod_usertrack and
core. PR 28218. [André Malo]
- No longer breaks mod_dav, frontpage and others. Repair a patch
in 1.3.31 which prevented discarding the request body for requests
that will be keptalive but are not currently keptalive. PR 29237.
[Jim Jagielski, Rasmus Lerdorf]
- COMPATIBILITY: Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT.
It controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined during
compilation, UseCanonicalName Off will use the physical port number to
generate the canonical name. If not defined, it tries the current Port
value followed by the default port for the current scheme.
[Jim Jagielski]
* Fixes:
- Check for curl-7.11.1 or greater to avoid a hang during login (Todd).
- Patch a leak and icon-sizing problem in the recent files menu (Todd).
* Improvements:
- Update build system to automake-1.7 (Todd).
- Sort USE_* section alphabetically.
- Add explicit run dependency on glib2 (because of gmodule).
- Sort other dependencies alphabetically.
- Register liferea.schemas into the GConf2 database (and add them to the
PLIST!).
- With OpenSSL 0.9.7, prevent session resumption during a
renegotiation to force the client to negotiate a new (and
acceptable to mod_ssl) cipher suite. Additionally, ensure
that a correct cipher suite has been negotiated afterwards
(CAN-2004-0885).
- Fixed more printf(3) style format string bugs (not security
related) which could crash the server if mod_ssl's trace
or debug log level is enabled.
cp -r copies symlinks as symlinks (which caused
files to be missing in install).
Hopefully, this is portable. I tested under NetBSD and with coreutils.
And I brought this up on tech-pkg in July.
* fixed crash occuring in autosave after paste
* expose api version in pkgconfig file
* more line breaking touches
* fixed embedded widgets not shown problem
Unfortunately, guile{,14}/buildlink3.mk directly includes it, and I don't
know which dependencies actually need libltdl, so it was a recursive bump.
Hopefully this recursive inclusion can be ripped out of
guile{,14}/buildlink3.mk at some point and bubble down to dependencies that
actually use libltdl, avoiding this headache in the future....
Bug fixes
* Add a list of printers to the print dialog. Fix printing
in several recent ditributions. (Marco)
* Remove duplicate AC_PROG_INTLTOOL (Christian) [#155028]
* Fix a crash when rebuilding bookmarks menu (Christian) [#154805]
This includes security problem with SNMP support which enabled by default.
<http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities>
* pkgsrc changes:
- Don't use PKGNAME within DIST_SUBDIR. Instead, date based DIST_STAMP.
This change prevent extra DIST_SUBDIR change asked by kim@.
- Remove setproctitle(3) hack for dnsserver helper program since use of
dnsserver itself is problematic with huge size of squid process.
* Changes to squid-2.5.STABLE7 (11 Oct 2004)
- [Medium] No objects cached in ufs cache_dir type in some
configurations. Issue introduced in 2.5.STABLE6 by the patch for
Bug #676. (Bug #1011)
- [Minor] LDAP helpers update to correct LDAP connection management
and add support for literal password compare instead of binding
- [Minor] A large number of queued DNS lookups for the same domain
(Bug #852)
- [Cosmetic] request_header_max_size configuration partly ignored
(Bug #899)
- [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
- Bug #1012: [Cosmetic] HEAD requests may return stale information
(Bug #1012)
- [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
- [Minor] case insensitive authentication (Bug #431)
- [Cosmetic] Add delay pools information to active_requests. (Bug
#882)
- [Minor] Apparent memory leak in client_db (Bug #833)
- [Minor] NTLM authentication truncated causing failures. (Bug
#1016)
- [Cosmetic] Grammatical corrections in squid.conf.default
- [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
#1030)
- [Medium] Segfaults and other strange crashes when using heap
policies. (Bug #1009)
- [Minor] Supplementary group memberships not set (Bug #1021)
- [Cosmetic] ERR_TOO_BIG Portugese translation
- [Minor] external_acl does not handle newlines (Bug #1038)
- [Major] NTLM authentication denial of service when using msnt_auth
or fake_auth (Bug #1045)
- [Medium] Memory leaks when using NTLM authentication without
challenge reuse. (Bug #994)
- [Minor] Temporary NTLM memory leak with challenge reuse enabled
(Bug #910)
- [Minor] assertion failed: "n_ufs_dirs <=
Config.cacheSwap.n_configured". (Bug #1053)
- [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
- [Minor] acl time fails to parse multiple time specifications
(Bug #1060)
- [Minor] cachemgr config dumps mixed up Range and Request-Range
headers in http_header_access & replace directives. (Bug #1056)
- [Minor] Content-Disposition added as a well known header (Bug #961)
- [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
(Bug #1074)
- [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
- [Medium] New acl types to match arbitrary HTTP headers. In addition
the http_header_access & replace directivess now support arbitrary
headers and not only the well known ones. (Bug #961)
- [Cosmetic] ncsa_auth now accepts Window formatted password files
(Bug #1078)
- [Cosmetic] Support the --program-prefix/suffix options or other
configure program name transforms (Bug #1019)
- [Minor] Fix race condition in CONNECT and also handle aborts of
CONNECT requests in a more graceful manner. (Bug #859)
- [Minor] New balance_on_multiple_ip directive to work around certain
broken load balancers and optimized ipcache on reload requests
(Bug #1058)
- [Medium] New reply_header_max_size directive (Bug #874)
- [Minor] Suspected instability on aborted PUT/POST requests (Bug #1089)
- [Security] SNMP Denial of Service fix (CAN-2004-0918)
Changes:
* Quanta Plus
o VPL: enable VPL on KDE 3.3.x
o show (again) the full filename in a tooltip
o don't crash if the preview widget is closed with a JavaScript command
from the code itself
o possible crash on startup fixed
o don't try to autofill a closing tag for non-xml tags
o when opening a Quanta 3.2 project set the upload status of the files
to "When Modified" not to "Never"
o when adding files to a project, use the upload status of the parent
directory for the newly added file
o fix the Save As.. behavior (it defaulted to some strange directories,
depending on the active treeview, selected directory, etc.)
o update the modified status text/icon when using Save All
o always find the right action to edit, even if there are more actions
with the same user visible name
o don't change the template description if writing to the .dirinfo file
fails (usually for global templates)
o fix creation of new template directories (template type was stored
incorrectly)
o display the user-readable template type in every dialog
o fix the Konqueror launch in meinproc.kmdr
o fix open dialog in checkxml.kmdr: use the the folder selection dialog
to select folders
o improvement: don't show the project toolbar when no project is loaded
o improvement: support loading of more than one toolbar at a time
o improvement: don't ask for toolbar saving if the toolbar names was
modified by Quanta to add (1), (2), etc. at the end
o improvement: disable the Quanta Template page in properties if you
don't have writing rights to the directory
o improvement: show the user-readable template description for every
template file, not just the directories.
o improvement: don't allow to change the template type in the properties
of a file as it's valid per-directory.
* Kommander
o output from ExecButton wasn't sent to standard output
* KLinkStatus
o enable the hide toolbar menu item in the toolbar context menu (and
don't crash with KDE 3.3.0 when you right click on the toolbar)
under ${PREFIX} instead of being an absolute path.
So fix the references using RCD_SCRIPTS_EXAMPLEDIR to be
${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}.
This should have no changes to use before.
Please note that the MESSAGE files in most cases are wrong in the
first place. We have automated mechanisms and could have an automated
message for explaining rc.d script usage. (This is something to do!)
Also, work around a horrible interaction with the gzip in NetBSD
2.0 (at least RC4). If gzip is used in a pipeline the tarfile
fails to extract (PR bin/27228)
Changes since 5.0.27:
General
fix 30239: Updated IIS how-to to link to Wiki page with
instrutions for IIS 5 and IIS 6 configurations. (yoavs)
fix 30238: Replaced isapi_redirector.dll isapi_redirect.dll
in installation script for consistency. (yoavs)
fix 29584: Enhanced and clarified JNDI documentation.
(yoavs)
fix 30245: Corrected Connector documentation to list
"address" as a common attribute. (yoavs)
fix 29826: Modified setclasspath.bat exit code to 1.
(yoavs)
update Updated status page, mostly rewritten. (yoavs)
update Updated Jakarta-Commons dependencies: BeanUtils to 1.7.0,
Collections to 3.1. (yoavs)
update Removed classic compiler directives from Ant build, as we
use modern anyways. (yoavs)
update Modified RELEASE-PLAN-5.0.html to indicate status given
start of work on Tomcat 5.next. (yoavs)
update Added command lines utilities version.sh, version.bat to
let you know what version is installed. (funkman)
Catalina
30602: Subject is not available during the first call
fix to the servlet which use the basic authentication
(jfarcand)
fix 29831: Added support for Boolean property to
BeanFactory. (yoavs)
fix 28875: Made ErrorReportValve use UTF-8 encoding by
default. (yoavs)
fix 30325: Only set CATALINA_HOME if not already set (in
bin/catalina.sh). (yoavs)
fix 30144: Made SSIServlet check resource MimeType before
using text/html and UTF-8 default. (yoavs)
29406: Made JAASRealm configurable as to whether it
fix should use the context ClassLoader or the default
ClassLoader by adding a useContextClassLoader boolean
attribute. (yoavs)
If ServletResponse.getWriter() is called and no char
encoding has been specified, set response char encoding to
fix default (ISO-8859-1) so that it is reflected in
getContentType() and Content-Type header, as required by
the Servlet Spec (Bugtraq 6152759) (luehe)
fix 29869: Better JMX/JSR77 support in StandardContext and
StandardWrapper. (remm)
update Fixed broken link to JK documenration from AJP Connector
reference page. (yoavs)
fix 30587: Typo in ExtendedAccessLogValve. (yoavs)
fix 30561: Broken restart of NamingService. (yoavs)
fix 29668: NPE in HostConfig, directory created for
deployed WAR instead of xml file. (yoavs)
fix 30179: Improved Bootstrap catalina.properties
handling. (yoavs)
fix 30762: Servlet#destroy was called before
contextDestroyed. (yoavs)
fix 30650: Added explicit comments on session equals()
implementation. (yoavs)
Coyote
fix 30770: Check that the browser actually sent a user-agent
header before using it. (billbarker)
Default charset not included in Content-Type response header
fix if no char encoding was specified (see Bugtraq 6152759).
(luehe)
Jasper
fix 29971: Commented out page directive is parsed. (luehe)
fix 30067: 'Scripting elements are disallowed here' exception
behind scriptless tag. (luehe)
fix 30073: NPE when compiling .jspx with broken xml format in
jspcmode. (luehe)
fix 30291: Smap for a tag should not include its body.
(kinman)
fix 30289: Incorrect Smap for multiple line java expression.
(kinman)
Cluster
Webapps
fix 29779: Admin/Examples SetCharacterEncodingFilter wrong
package. (yoavs)
fix 30354: manager-howto.xml used wrong Ant task. (yoavs)
- Works with Mozilla 1.4 through 1.8a2 and trunk
- Support printing with Xprint
- Get rid of the startup script; you need to update your scripts
if you have been using galeon-bin directly
- Add saved files in recent-files list for easy access
- Add support for vfolders of bookmarks.
- Restore the 'Reload Frame' context menu item
- Add progress dialog when printing.
- Don't copy the history of the old tab, when creating an
unrelated new tab
- Support the new GNOME 2.8 mime type system
- lots of other bug fixes
Also include fix for http://bugzilla.gnome.org/show_bug.cgi?id=153693
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
Added 35 share/httpd/manual entries to PLIST. Most are .ko.euc-kr,
.ko, ja.euc-jp, and .ja files.
I don't know when these were added.
Bump PKGREVISION because now package has several more files.
