Fixed in Firefox 1.5.0.10
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.10.html
2.10 Sat Jul 15 20:50:41 EDT 2006
- minor bug fixed in HTML repair routines (thanks to Dave Gray)
2.09 Thu Jun 8 15:46:17 EDT 2006
- Tweaked rasterizer to handle some situations where the HTML is
broken but tables can still be inferred.
- Fixed TREE() definition for situations where import() is
not invoked. (thanks to DDICK on cpan.org)
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.2/releasenotes/
1.17 Wed May 3 16:52:03 EDT 2006
- new_from_tree() uses a better rasterizer now, properly
handling even more tortuous span issues. Thanks to Roland
Schar.
- Fixed as_XML rendering Thanks to Roger Crew.
1.16 Sat Feb 25 12:41:57 EST 2006
- Fixed new_from_tree() to handle (ignore) tbody, thead and
tfoot tags. Otherwise rows were ignored.
1.15 Fri Feb 24 15:34:13 EST 2006
- Fixed some scoping issues ('my' collisions)
- Fixed some undef issues running under -w (thanks to Carl
Franks)
and appears to currently be the latest "stable" Zope 3 version.
Discussed with package maintainer, Yoshito Komatsu, who sent me
some minor tweaks to my changes.
The part of Zope/doc/CHANGES.txt relevant for 3.3.0 -> 3.3.1 is:
Bugfixes
- Fixed widget bug in zope.app.form.browser; _getCurrentValue always
returns an input value now. This fixes a bug in _getFormValue.
(This required a backport of a small restructuring: Changed internal
widget API to allow retrieving the current value (from request,
default or current field value) in addition to the current form
representation of the value.)
- Fixed bug #707: "layer" directive was marked as deprecated in a
confusing way.
- Fixed bug #728: Able to change-dir into non-existant directories using
FTP
- Fixed bug #717: formlib raised FormError when schema fields were
missing from a request although not required.
- Fixed bug #738: RestrictedPython was unable to parse
Unicode expressions correctly (as passed in from e.g. ZPTPages).
- Fixed bug #723: Testbrowser was handling multiple submit buttons with
the same name incorrectly.
- Fixed HTML rendered by ItemsMultiDisplayWidget: The 'name' attribute
is not allowed in list tags and 'type' has a different meaning.
- Fileresources now also set the Cache-control headers on 304
responses. This speeds up page loads a lot on pages with many
resources.
- Fixed validate method of schema.Date, now it does not accept
datetime objects anymore. this is needed because datetime and
date values are not comparable
- Fixed issue 730: Subversion 1.4 breaks mkzopeinstance.py
- Fixed zope.annotation.factory to correctly setup containment for
objects that do not implement IContained.
- Fixed encoding of newlines, carriage returns, and tabs when
encoding attributes for widgets so we're consistent under all
Python 2.4.x versions (including 2.4.4, which failed tests before).
- Fixed issue 535: make HTTPInputStream work with Python 2.4.4.
- Improved fix for issue 599: Made sure i18n Message based Invalid
exceptions are handled correctly.
- Fixed a bug in getImageInfo which could cause an
UnboundLocalError under certain conditions.
- Fixed ``get/queryNextUtility`` to work with multiple base registries.
- Fixed zope.app.catalog.attribute.AttributeIndex. It did not
remove the the previous value/object from the index IF the NEW
value was None.
- Fixed zope.index.field.index.FieldIndex. Unindex broke if the value
somehow dropped out of the forward index.
Changes in 1.4.13:
* added initgroups in spawn-fcgi (#871)
* added apr1 support htpasswd in mod-auth (#870)
* added lighty.stat() to mod_magnet
* fixed segfault in splitted CRLF CRLF sequences
(introduced in 1.4.12) (#876)
* fixed compilation of LOCK support in mod-webdav
* fixed fragments in request-URLs (#869)
* fixed pkg-config check for lua5.1 on debian
* fixed Content-Length = 0 on HEAD requests without
a known Content-Length (#119)
* fixed mkdir() forcing 0700 (#884)
* fixed writev() on FreeBSD 4.x and older (#875)
* removed warning about a 404-error-handler
returned 404
* backported and fixed the buildsystem changes for
webdav locks
* fixed plugin loading so we can finally load lua
extensions in mod_magnet scripts
* fixed large uploads if xattr is enabled
Changes in 1.4.12:
* added experimental LOCK support for webdav
* added Content-Range support for PUT in webdav
* added support for += on empty arrays in config-files
* added ssl.cipher-list and ssl.use-sslv2
* added $HTTP["querystring"] conditional
* added mod_magnet as long-term replacement for mod_cml
* added work-around for a Opera Bug with SSL + Chunked-Encoding
* changed --print-config to print to stdout instead of stderr
* changed no longer use 0600 for new files with webdav. umask is
honored. Make sure you have set a proper umask.
* fixed upload hangs with SSL
* fixed connection drops with SSL (aka bad retry)
* fixed path traversal with \ on cygwin
* fixed mem-leak in mod_flv_streaming
* fixed required trailing newline in configfiles (#142)
* fixed quoting the autoconf files (#466)
* fixed empty Host: + $HTTP["host"] handling (#458)
* fixed handling of If-Modified-Since if ETag is not set
* fixed default-shell if SHELL is not set (#441)
* fixed appending and assigning of env.* vars
* fixed empty FCGI_STDERR packets
* fixed conditional server.allow-http-11
* fixed handling of follow-symlink + lstat()
* fixed SIGHUP handling if max-workers is used
* fixed "Software caused connection abort" messages on FreeBSD
In addition fix a nasty problem in LDAP auth when using with buggy
commercial servers. Some threat an empty password as anonymous bind
and would only fail on the first query, if that requires privileges.
Patch will be included with 1.4.14.
code is shared with psycopg1.
Include a small patch to make keyword mistakes in query args much
more obvious (from django svn). Other users might be as stupid as
the maintainer. Bump revision.
Changes:
* Fix gem deprecation warnings, which also means depending on RubyGems 0.9.0+
[Chad Fowler]
* Require the dispatcher for Rails::Configuration#to_prepare. [Rick]
2007-02-03 Hans de Graaff
* Checkbot 1.79 is released
* RELEASE-PROCESS: Add the release process documentation.
2007-01-27 Gerald Pfeifer
* checkbot (init_suppression): Check and provide error if
suppression file is in fact a directory.
2006-12-28 Hans de Graaff
* checkbot: Add summary to tables to make files XHTML 1.1 compliant.
2006-11-16 Hans de Graaff
* checkbot (handle_doc): Parse the decoded content so that all
character set issues are dealt with before parsing. This solves
bug 1264729.
2006-11-14 Hans de Graaff
* checkbot (performRequest): Simplify the code dealing with
problems of HEAD requests by retrying all 500 reponses instead of
special-cases particular failures that we happen to know
about. This type of problem is all to common, and if there really
is a problem GET will find it anyway.
(add_error): Allow regular expressions in the suppression
file. Based on patch from Eric Noack
2006-11-14 Eric Noack
* checkbot (send_mail): Indicate how many errors are detected in
the notification email's subject.
(handle_doc): Use the URL with which the document was received for
the problem reports and internal accounting, but keep on using the
proper base URL as defined by the reponse object when retrieving
links from the document. This fixes the case where a weird BASE
URL in a document could make it unclear where the actual problem
was.
2006-10-28 Hans de Graaff
* checkbot (performRequest): Handle case where an FTP server may
not be able to handle a HEAD request. This may cause a lot of data
to be transferred in those cases.
2006-05-03 Hans de Graaff
* Checkbot 1.78 is released
2005-12-18 Hans de Graaff
* checkbot (printServerProblems): Make pages XHTML compliant again.
2005-12-18 Jens Schweikhardt
* checkbot: Add classes and ids so that more styling options for
CSS are available.
* checkbot2.css: Example CSS file using the new classes and ids.
2005-11-11 Hans de Graaff
* checkbot: React in a more subtle way if the Time::Duration
module is not found.
2005-09-22 Hans de Graaff
* Makefile.PL: Check for presence of Net::SSL and explain the
effects if this it not present.
2005-08-20 Hans de Graaff
* checkbot (handle_doc): Ignore some 'links' found by LinkExtor
which do not need to link to live links. Fixed bugs #1264447 and
#1107832.
* test.html: Add test cases for it.
2005-08-06 Hans de Graaff
* checkbot (performRequest): Switch from HEAD to GET on a 400
error, as the most likely cause is that the server has trouble
with HEAD requests.
2005-08-05 Hans de Graaff
* checkbot (handle_doc): Also show how many new links are found on
a page, not just the total number of links.
(performRequest): Don't retry GET method on a 403 error.
(handle_doc): Properly handle newlines in the matches for title
and robots meta tag.
2005-07-28 Hans de Graaff
* Checkbot 1.77 is released.
* checkbot: Fix use of $VERSION so that it compiles and can be
used by MakeMaker at the same time.
(handle_doc): Check for presence of robots meta tag and act on it.
Based on a patch by Donald Willingham.
2005-07-25 Hans de Graaff
* Checkbot 1.76 is released.
2005-06-07 Hans de Graaff
* checkbot (printServerProblems): Include title of page.
(handle_doc): Extract title for later printing.
Add new hash url_title to store page titles.
Based on a patch from John Bintz.
2005-04-23 Hans de Graaff
* checkbot: Add documentation on use of file:/// URLs.
2005-01-23 Hans de Graaff
* checkbot: Only send mail when Checkbot has detected any
problems, based on suggestion from Thomas Kuerten.
Print duration of run on final report, and refactor use of start
time variable to facilitate this. Feature depends on availability
of Time::Duration, but checkbot will work without it. Based on
patch from Adam Griff.
2005-01-23 Adam Griff
* checkbot (create_page): Print out more options on results page.
2005-01-21 Hans de Graaff
* checkbot: Remove automatic version number based on CVS version
now that commits will be more frequent than releases.
2004-11-12 Hans de Graaff
* checkbot (handle_url): Ignore javascript: URLs instead of
generating a 904 error. It would be nice to handle these as well.
2004-05-26 Hans de Graaff
* Makefile.PL: Sync HTML::Parser requirement with required
versions of libwww-perl.
2004-05-03 Hans de Graaff
* checkbot: Write better documentation for --file option.
2004-04-26 Hans de Graaff
* checkbot: Minor documentation changes thank to Jens
Schweikhardt.
2007-01-30
cameron:
rc/patterns: exception for upload.wikimedia.org/wikipedia,
report from Mike Lawther 2007-01-24
cameron:
rc/patterns: another bluestreak.com pattern 2007-01-14
cameron:
rc/patterns: sitepoint.com popup 2007-01-05
cameron:
rc/patterns: another ad.yieldmanager.com pattern from Neal
Macklin 2007-01-02
cameron:
rc/patterns: cyber-knowledge.net ad 2006-12-22
cameron:
rc/patterns: sponsorads.de and info-ad.de 2006-12-17
cameron:
rc/patterns: another pattern for mail.com from Clem Jones
index.html: Reassure users about reporting to my personal
address; suggestion from Bill Trost. Mykefile: Tidy up
rebuild process. 2006-12-10
cameron:
rc/patterns: date.com ads 2006-11-22
cameron:
rc/patterns: exception for edubase.com.au from Khairul Faizi
2006-11-17
cameron:
rc/patterns: www.dumpanimage.com 2006-11-16
cameron:
rc/patterns: pennyweb.com ads 2006-11-14
cameron:
rc/patterns: xyz.freeweblogger.com counter 2006-11-12
cameron:
rc/patterns: widen adology pattern 2006-10-27
cameron:
rc/patterns: ads.addynamix.com pattern
extend adultfriendfinder.com/piclist ADJS pattern;
report from Mark Felder
2006-09-29
cameron:
rc/patterns: Refine doubleclick patterns.
pricegrabber ads
2006-09-09
cameron:
scripts/squid_redirect: Add "use bytes" to avoid UTF-8 encoding
complaints on report and diagnosis
from Mike Mitchell. Now regexps are
formally in an 8-bit encoding; we'll
pretend Latin-1 (ISO8859-1).
2006-09-03
cameron:
rc/patterns: www.technologyreview.com PRINT rule 2006-09-02
cameron:
rc/patterns: linkshare pattern widened
a new ad server adtology
2006-07-02
cameron:
rc/patterns: cisco.netacad.net exception from Bruno ROGER
www.splenda.com exception from Billy Newsom
images.blogads.com ads, report from Bill Trost
2006-07-01
cameron:
rc/patterns: private.com banner exception 2006-06-23
cameron:
rc/patterns: generic adserver.* pattern
drop https pattern
2006-06-10
cameron:
rc/patterns: smh.com.au ads 2006-06-01
cameron:
rc/patterns: totemcash.com ad
ads.adsonar.com
2006-05-29
cameron:
rc/patterns: google serves ad images! ouch! 2006-05-27
cameron:
scripts/squid_redirect: Re-enable the *TEXT classes. It
confused too many users. rc/patterns: in page iframe - ick
content.cpxinteractive.com ads widen
content.cpxinteractive.com pattern
2006-05-23
cameron:
rc/patterns: another counter 2006-05-21
cameron:
rc/patterns: another web bug 2006-05-20
cameron:
rc/patterns: tweak mediaplex image pattern
try https pattern for mediaplex
2006-05-19
cameron:
rc/patterns: another web counter 2006-05-16
cameron:
rc/patterns: internationalisation fix for switch.atdmt.com
signup links from Robert Backhaus 2006-05-08
cameron:
index.html: Add mention of BFilter to "other software".
2006-04-25
cameron:
index.html: Make it a little more clear that unzap and overzap
reports should come by email:-)
1.29 November 28, 2006
Require a minium of Module::Build 0.18 when using Apache::TestMB.
PR: 19513
[Philip M. Gollucci]
Teach Apache::TestClient to encode spaces(' ') in query string of URLs
as %20. This is not a full mapping of ASCII to URL encoding.
If you need this, install LWP -- then Apache-Test will use
LWP -- which does this for you.
[Philip M. Gollucci]
Allow Apache::TestClient which is used when LWP is not installed
to accept mutiple headers of the same name.
[Philip M. Gollucci]
Add t_start_error_log_watch() and t_finish_error_log_watch()
to the Apache::TestUtil API which are only exported unpon request.
[Torsten Foertsch <torsten.foertsch@gmx.net>]
Allow version variants of debuggers to be passed as arguments
to -debug. i.e. -debug=gdb65 for systems with multiple
versions of the same debugger. [Philip M. Gollucci]
On Win32, the Apache executable is called httpd.exe in Apache/2.2,
so let Apache::TestConfig try to find that if Apache.exe isn't
found [Randy Kobes]
force reconfiguration if existing configuration was generated
by an older version of Apache-Test [Geoffrey Young]
the -t_pid_file code resulted in confusing and fatal error message
for people using stale 1.27 configurations. so take steps to make
sure things continue to work. [Geoffrey Young]
1.20
[ENHANCEMENTS]
* Added new two-argument form of credentials() method.
$mech->credentials($username, $password);
That provides simpler visiting of password-protected
resources in the vast majority of cases and still
allows the other cases to be supported. (Peter Scott)
[BUG FIXES]
* autocheck no longer is triggered when informational
responses are returned. (Mark Stosberg)
[INTERNALS]
* test suite no longer fails when Test::Warn is missing.
(CPAN testers, Mark Stosberg)
* Removed all the testing against live sites. The networking
code is not actually in Mech anway, and they were prone to
breaking, as the live sites changed. (Mark Stosberg)
1.19_02 Mon Aug 7 23:57:56 CDT 2006
[ENHANCEMENTS]
* Add new Do-What-I-Mean submit_form() option.
$mech->submit_form(
with_fields => \%data
);
That expresses that you want to select the first form contains all
fields in \%data, and then submit the data to that form. See the docs
for form_with_fields() and submit_form() for details.
(Mark Stosberg, inspired by RT#6100)
[BUG FIXES]
* The behavior of clone() now copies over the cookie jar, which
is probably what you expected it did in the first place.
This fixes bug RT#13541 filed against Test::WWW::Mechanize,
which was using clone() internally. (Mark Stosberg)
* The correct URL is returned after redirecting. This a regression
from 1.04 and was reported as RT#9059, RT#12882, and RT#12786.
The documentation about this has also been clarified that we
return a URI object, but that it stringifies to the URI itself.
[DOCUMENTATION]
* Fixed a misleading parm in the constructor.
* Document the return value of set_visible (RT#6071, MJD,
Mark Stosberg)
* Document that form_name and form_number return an HTML::Form
object (Mark Stosberg)
[INTERNALS]
* Made lots of little cleanups based on Perl::Critic
* Fix Taint-mode warnings with Perl 5.6.1 (RT#16945)
3.23 Sun Nov 12 11:09:31 CST 2006
[THINGS THAT MAY BREAK YOUR CODE OR TESTS]
* Mark-Jason Dominus points out that the fix for as_html was not
proper, and broken behavior should never be codified. Fixed
as_html so an empty string doesn't encode entites, instead of
blaming the behavior on HTML::Entities. (RT 18571)
3.22 Sat Nov 11 21:23:22 CST 2006
[THINGS THAT MAY BREAK YOUR CODE OR TESTS]
* HTML::Element::as_XML now only escapes five characters, instead
of escaping everything but alphanumerics and spaces. This is
more in line with the XML spec, and will no longer escape wide
characters as two (or more) entities. Resolves RT 14260. Thanks
to Carl Franks and somewhere [at] confuzzled.lu for assistance.
[FIXES]
* A string comparison was commented to use lc() on both sides, but
didn't. This caused HTML::Element::look_down to not properly find
elements in certain cases. Thanks to Andrew Suhachov. (RT 21114)
[TESTS]
* Added several new tests and enhanced others. Thanks to Rocco
Caputo for t/attributes.t, and several others for providing
test cases in their RT bugs.
[DOCUMENTATION]
* Fixed description of HTML::Element::all_attr_names. Thanks
to dsteinbrunner [at] pobox.com for catching it.
* Fixed example code in HTML::Element::push_content. Thanks
to dsteinbrunner [at] pobox.com for catching it. (RT 21293)
* Fixed description of HTML::Element::as_HTML. Thanks to
Mark-Jason Dominus for catching it. (RT 18569)
3.21 Sun Aug 6 19:10:00 CDT 2006
[FIXES]
* Updated HTML::Parser requirement to 3.46 to fix a bug in
tag-rendering.t, noted in RT 20816 and 19796. Thanks to
Gordon Lack and Ricardo Signes
* Fixed HTML::TreeBuilder to not remove where it shouldn't,
using patch supplied in RT 17481. Thanks to Chris Madsen.
[DOCUMENTATION]
* HTML-Tree has a new maintainer: Pete Krawczyk
two issues. The PLIST was incorrect and since the PLIST is used by
the "moz-install" script, anything missing from the PLIST is never
installed even when building from source. When libfreebl* were not
installed it caused the clients to fail to load the security component
and fail with "The browser failed to load its security component".
The second issue is that many installations of solaris-2.9 include
various glib/gtk/gnome libraries in /usr/lib. This causes failures
because the pkgsrc ones were used at link time and the /usr/lib ones
at run time. Work around this by setting a LD_LIBRARY_PATH that includes
the pkgsrc lib directory first.
pkgrevision bumps all around.
Package info: scp support not enabled (libssh2 is not packaged).
Version 7.16.1 (29 January 2007)
Daniel (29 January 2007)
- Michael Wallner reported that when doing a CONNECT with a custom User-Agent
header, you got _two_ User-Agent headers in the CONNECT request...! Added
test case 287 to verify the fix.
Daniel (28 January 2007)
- curl_easy_reset() now resets the CA bundle path correctly.
- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII
platforms.
Daniel (25 January 2007)
- Added the --libcurl [file] option to curl. Append this option to any
ordinary curl command line, and you will get a libcurl-using source code
written to the file that does the equivalent operation of what your command
line operation does!
Dan F (24 January 2007)
- Fixed a dangling pointer problem that prevented the http_proxy environment
variable from being properly used in many cases (and caused test case 63
to fail).
Daniel (23 January 2007)
- David McCreedy did NTLM changes mainly for non-ASCII platforms:
#1
There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT
defined. I noticed this while testing various configurations. Line 867 of
the current http_ntlm.c is a closing bracket for an if/else pair that only
gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket
wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was
defined. Lines 198 and 140 of my patch wraps that closing bracket in an
#ifdef USE_NTLM2SESSION.
#2
I noticed several picky compiler warnings when DEBUG_ME is defined. I've
fixed them with casting. By the way, DEBUG_ME was a huge help in
understanding this code.
#3
Hopefully the last non-ASCII conversion patch for libcurl in a while. I
changed the "NTLMSSP" literal to hex since this signature must always be in
ASCII.
Conversion code was strategically added where necessary. And the
Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c
creates are NOT translated on non-ASCII platforms.
Dan F (22 January 2007)
- Converted (most of) the test data files into genuine XML. A handful still
are not, due mainly to the lack of support for XML character entities
(e.g. & => & ). This will make it easier to validate test files using
tools like xmllint, as well as to edit and view them using XML tools.
Daniel (16 January 2007)
- Armel Asselin improved libcurl to behave a lot better when an easy handle
doing an FTP transfer is removed from a multi handle before completion. The
fix also fixed the "alive counter" to be correct on "premature removal" for
all protocols.
Dan F (16 January 2007)
- Fixed a small memory leak in tftp uploads discovered by curl's memory leak
detector. Also changed tftp downloads to URL-unescape the downloaded
file name.
Daniel (14 January 2007)
- David McCreedy provided libcurl changes for doing HTTP communication on
non-ASCII platforms. It does add some complexity, most notably with more
#ifdefs, but I want to see this supported added and I can't see how we can
add it without the extra stuff added.
- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present,
libcurl would crash when trying to read a NULL pointer.
Daniel (12 January 2007)
- Toby Peterson found a nasty bug that prevented (lib)curl from properly
downloading (most) things that were larger than 4GB on 32 bit systems. Matt
Witherspoon helped as narrow down the problem.
Daniel (5 January 2007)
- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
will make libcurl shutdown SSL/TLS after the authentication is done on a
FTP-SSL operation.
Daniel (4 January 2007)
- David McCreedy made changes to allow base64 encoding/decoding to work on
non-ASCII platforms.
Daniel (3 January 2007)
- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store
downloaded data in two buffers, just to be able to deal with a special HTTP
pipelining case. That is now only activated for pipelined transfers. In
Matt's case, it showed as a considerable performance difference,
Daniel (2 January 2007)
- Victor Snezhko helped us fix bug report #1603712
(http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate
(CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken
on Windows (since 7.16.0, but that's when they were introduced as previous
to that the limiting logic was made in the application only and not in the
library). It was actually also broken on select()-based systems (as apposed
to poll()) but we haven't had any such reports. We now use select(), Sleep()
or delay() properly to sleep a while without waiting for anything input or
output when the rate limiting is activated with the easy interface.
- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs
to get built static. It has been mentioned before and was again brought to
our attention by Nathanael Nerode who filed debian bug report #405226
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226).
Daniel (29 December 2006)
- Make curl_easy_duphandle() set the magic number in the new handle.
Daniel (22 December 2006)
- Robert Foreman provided a prime example snippet showing how libcurl would
get confused and not acknowledge the 'no_proxy' variable properly once it
had used the proxy and you re-used the same easy handle. I made sure the
proxy name is properly stored in the connect struct rather than the
sessionhandle/easy struct.
- David McCreedy fixed a bad call to getsockname() that wrongly used a size_t
variable to point to when it should be a socklen_t.
- When setting a proxy with environment variables and (for example) running
'curl [URL]' with a URL without a protocol prefix, curl would not send a
correct request as it failed to add the protocol prefix.
Daniel (21 December 2006)
- Robson Braga Araujo reported bug #1618359
(http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a
patch for it: when downloading 2 zero byte files in a row, curl 7.16.0
enters an infinite loop, while curl 7.16.1-20061218 does one additional
unnecessary request.
Fix: During the "Major overhaul introducing http pipelining support and
shared connection cache within the multi handle." change, headerbytecount
was moved to live in the Curl_transfer_keeper structure. But that structure
is reset in the Transfer method, losing the information that we had about
the header size. This patch moves it back to the connectdata struct.
Daniel (16 December 2006)
- Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE
during certain conditions when GnuTLS is used.
Daniel (11 December 2006)
- Alexey Simak found out that when doing FTP with the multi interface and
something went wrong like it got a bad response code back from the server,
libcurl would leak memory. Added test case 538 to verify the fix.
I also noted that the connection would get cached in that case, which
doesn't make sense since it cannot be re-use when the authentication has
failed. I fixed that issue too at the same time, and also that the path
would be "remembered" in vain for cases where the connection was about to
get closed.
Daniel (6 December 2006)
- Sebastien Willemijns reported bug #1603712
(http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections
getting cut off prematurely when --limit-rate is used. While I found no such
problems in my tests nor in my reading of the code, I found that the
--limit-rate code was severly flawed (since it was moved into the lib, since
7.15.5) when used with the easy interface and it didn't work as documented
so I reworked it somewhat and now it works for my tests.
Daniel (5 December 2006)
- Stefan Krause pointed out a compiler warning with a picky MSCV compiler when
passing a curl_off_t argument to the Curl_read_rewind() function which takes
an size_t argument. Curl_read_rewind() also had debug code left in it and it
was put in a different source file with no good reason when only used from
one single spot.
- Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is
no code present in the library that receives the option. Since it was not
possible to use, we know that no current users exist and thus we simply
removed it from the docs and made the code always use the default path of
the code.
- Jared Lundell filed bug report #1604956
(http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting
CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl
will always internally use no less than 1 entry in the connection cache.
- Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in
the 7.16.0 release.
- Martin Skinner brought back bug report #1230118 to haunt us once again.
(http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work
properly for all input dates on Windows. It was mostly seen on some TZ time
zones using DST. Luckily, Martin also provided a fix.
- Alexey Simak filed bug report #1600447
(http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active
FTP connections don't work with the multi interface. The problem is here
that the multi interface state machine has a state during which it can wait
for the data connection to connect, but the active connection is not done in
the same step in the sequence as the passive one is so it doesn't quite work
for active. The active FTP code still use a blocking function to allow the
remote server to connect.
The fix (work-around is a better word) for this problem is to set the
boolean prematurely that the data connection is completed, so that the "wait
for connect" phase ends at once.
The proper fix, left for the future, is of course to make the active FTP
case to act in a non-blocking way too.
- Matt Witherspoon fixed a problem case when the CPU load went to 100% when a
HTTP upload was disconnected:
"What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is
setting *only* POLLHUP on poll() when the conditions in my previous mail
occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So
basically what was happening, is poll() was returning immediately (with
POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or
POLLOUT was set. This still caused Curl_readwrite() to be called, which
quickly returned. Then the transfer() loop kept continuing at full speed
forever."
Daniel (1 December 2006)
- Toon Verwaest reported that there are servers that send the Content-Range:
header in a third, not suppported by libcurl, format and we agreed that we
could make the parser more forgiving to accept all the three found
variations.
Daniel (25 November 2006)
- Venkat Akella found out that libcurl did not like HTTP responses that simply
responded with a single status line and no headers nor body. Starting now, a
HTTP response on a persistent connection (i.e not set to be closed after the
response has been taken care of) must have Content-Length or chunked
encoding set, or libcurl will simply assume that there is no body.
To my horror I learned that we had no less than 57(!) test cases that did bad
HTTP responses like this, and even the test http server (sws) responded badly
when queried by the test system if it is the test system. So although the
actual fix for the problem was tiny, going through all the newly failing test
cases got really painful and boring.
Daniel (24 November 2006)
- James Housley did lots of work and introduced SFTP downloads.
Daniel (13 November 2006)
- Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed
out a stack overwrite (and the corresponding fix) on 64bit Windows when
dealing with HTTP chunked encoding.
Daniel (9 November 2006)
- Nir Soffer updated libcurl.framework.make:
o fix symlinks, should link to Versions, not to ./Versions
o indentation improvments
- Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov
2006. It turned out we wrongly assumed that the connection cache was present
when tearing down a connection.
- Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the
multi interface, but I could also repeat it doing multiple sequential ones
with the easy interface. Using Ciprian's test case, I could fix it.
Daniel (8 November 2006)
- Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
SSL handshake. This is now stopped.
Daniel (7 November 2006)
- Olaf fixed a leftover problem with the CONNECT fix of his that would leave a
wrong error message in the error message buffer.
Daniel (3 November 2006)
- Olaf Stueben provided a patch that I edited slightly. It fixes the notorious
KNOWN_BUGS #25, which happens when a proxy closes the connection when
libcurl has sent CONNECT, as part of an authentication negotiation. Starting
now, libcurl will re-connect accordingly and continue the authentication as
it should.
Daniel (2 November 2006)
- James Housley brought support for SCP transfers, based on the libssh2 library
for the actual network protocol stuff.
Added these new curl_easy_setopt() options:
CURLOPT_SSH_AUTH_TYPES
CURLOPT_SSH_PUBLIC_KEYFILE
CURLOPT_SSH_PRIVATE_KEYFILE
2007-01-12 Gisle Aas
Release 3.56
Cloning of parser state for compatiblity with threads.
Fixed by Bo Lindbergh
Don't require whitespace between declaration tokens.
<http://rt.cpan.org/Ticket/Display.html?id=20864>
2006-07-10 Gisle Aas
Release 3.55
Treat <> at the end of document as text. Used to be
reported as a comment.
Improved Firefox compatiblity for bad HTML:
- Unclosed <script>, <style> are now treated as empty tags.
- Unclosed <textarea>, <xmp> and <plaintext> treat rest as text.
- Unclosed <title> closes at next tag.
Make <!a'b> a comment by itself.
