dealing better with javascript pages, and fixes for old ftp servers.
Lots of new features and configure options, too. Also, new
translations for French, Dutch, Polish, German; docs and notes in
a few other languages; and translations for local pages are now
selected by browser settings!
Changes:
* parser fix: convert remaining isalpha(), toupper() calls so that
parameters are cast to unsigned char
* parser fix: internal flags were not properly reset when end of buffer
was encountered while reading command
* with EAPI, hook the mod_ssl hooks to different processing phase,
so that CSacek works with SSL also when authentication is _not_ used
* radical documentation facelift (still czech only, tho)
again.
Highlights from the Changelog:
- Updated Dutch Translations from Francois Duprez.
- Chagnes to make skipstone compile on HPUX. Thanks to Geoferrey Hausheer
for his help.
- Patch from anamaru@sekine-lab.ei.tuat.ac.jp (Takashi Kanamaru) to
call mozilla_save_prefs() - says it helps with saving cache.
- Change skipstone script to use /bin/sh instead of /bin/bash
- I wonder why I never changed the File menu in tabbed mode to say
New Tab, open in current tab and open in a new tab ! done ;)
- The long awaited feature of being able to enable/disable plugins is
implemented. checkout the plugins root node, now its selectable and has a
checkbutton for each of the loaded plugins. Disabling/Enabling plugins
requires a restart.
- Updated Russian translations from Aleksandr Blohin
- ConfirmEx dialog implemented properly now, cookie prompts and signon prompts
should work fine now.
- Oops - disable popups option was not sticking!
- Made it so that the AutoComplete plugin display the alternative
completions when the option is set to off if the ctrl and tab were
used instead of tab only.
- AutoComplete config item where one could disable the display of the
alternative items and a fix to skipstone when writing a plugin config
item that is set to '0'.
- Applied a patch from Muthu that replaces the entry in the open in new window
dialog with a combo that has the latest urls. Default behavior of the entry
being focused and it being blank is still retained.
- FavIcon plugin can be told to fetch favicons even if they were not included
in the HTML source, its off by default since it will be probing each server
for favicon.ico which can be annoying.
- You can now assign FavIcons to sites that dont set one, also you can refresh
a FavIcon.
- Thanks to Hiroyuki Ikezoe for reporting a mess up with bookmarks. Fixed now.
The following is from the web page:
Release notes for htdig-3.1.6 1 Feb 2002
As with previous releases, this version cleans up some remaining bugs and adds a few
heavily-requested features. As the latest stable release, it is recommended for all
production servers.
* Fixed another nasty security hole in htsearch, which would allow a denial of service
attack or forcing htsearch to read in config files outside of the configuration
directory.
* Fixed some problems with htmerge, including problems with words beginning with special
characters and merging multiple databases.
* Fixed a bug in handling hopcounts.
* Fixed problems in handling non-standard relative HTTP redirects.
* Fixed bugs in external parsers support including being confused by charset information
in the Content-Type header and handling binary output from external converters.
* Fixed bugs in the default English endings database. (Under ispell, it wasn't quite
intended for the accuracy needed for our usage.)
* Fixed additional bugs in the endings fuzzy algorithm.
* Fixed bugs with compiling with gcc-3.0 and later.
* Fixed bugs compiling and running on Mac OS X.
* Fixed problems with servers not returning a Last-Modified date--now assums indexing
time as modification time.
* Fixed a variety of bugs in the HTML parser to more flexibly handle non-standard HTML.
* Fixed problems in the TCP connection code and will more reliably timeout when a
connection hangs and will retry bad connections several times before giving up.
* Added the -m "minimal" flag to htdig for only indexing a set list of URLs and made the
-l (log) flag the default behavior so that htdig will stop and restart automatically.
* Added htdump and htload programs for dumping ASCII representations of the databases
and reloading the same.
* Added support for htnotify to collect multiple URLs and allow easy customization of
notification messages, including the new attributes htnotify_replyto,
htnotify_webmaster, htnotify_prefix_file, and htnotify_suffix_file.
* Added a new "accents" fuzzy algorithm to morph accents, including the new accents_db
attribute.
* Added a 'list all' feature to htsearch with a query of '*' or the current
prefix_match_character.
* Added date restricted searching to htsearch including relative dates.
* Added documentation on running ht://Dig and the rundig script.
* Added METADESCRIPTION and NSTARS variables to the htsearch templates as well as
support for $=(var) template variable references.
* Added new config attributes to htsearch for restrict and exclude which work like the
normal htsearch form variables if the form variables are not set.
* Added many new attributes, including ignore_dead_servers description_meta_tag_names,
max_keywords, translate_latin1, url_rewrite_rules, search_rewrite_rules,
anchor_target, ignore_alt_text, search_results_contenttype, boolean_keywords,
boolean_syntax_errors, multimatch_method, maximum_page_buttons, max_excerpts,
plural_suffix, any_keywords and use_doc_date.
* Extended the build_select_lists attribute to support select multiple, radio boxes and
checkboxes.
* Revised the documentation to make it clearer in parts, including the url_part_aliases
attribute.
* Updated various contributed utilities including doc2html, xmlsearch, rundig.sh,
htparsedoc, acroconv.pl, multidig, etc.
* A variety of other bug fixes, and many documentation updates. See the ChangeLog for
details.
version 1.0.2 include:
* ignore Depth: Infinity for non-collection resources in a PROPFIND;
this prevents a bogus error when someone has not used the
"DAVDepthInfinity On" directive
* fix for Web Folders not recognizing the last-modified date in
PROPFIND responses (Joe Orton)
* tweak to also allow recognition of the creationdate
* fix copying of collection properties during a Depth:0 operation
(Keith Wannamaker)
* return 507 (Insufficient Space) for quota errors (on Linux, at
least) (Joe)
* fix moving/copying of a collection over a non-collection (found by
Joe's interop testing tool)
* LOCK with a missing intermediate collection now returns a standard
409 (Conflict) response rather than 500 (Internal Server Error)
(Keith, reported by Dan Brotsky)
* fix problems with empty URIs in xmlns attributes (fixes from Joe
and Greg, reported by Julian Reschke)
include:
*) Move the binaries back into ${PREFIX}/sbin to match the locations
for www/apache.
*) Build the Apache modules (including mod_ssl) so that apache2 has
the same functionality as apache.
*) Support shared modules on platforms that support them. Otherwise,
link the modules statically into the server.
*) Support suEXEC in the same way as for www/apache.
*) Honor PKG_SYSCONFDIR.
*) Add a rc.d-style control script based on www/apache/files/apache.sh.
*) Strongly buildlinkify again after previous changes broke it.
Relevant changes from version 2.0.28 beta include:
*) A ton of bug fixes in both the main server code and the module code
(it _is_ a beta release following a previous beta release).
*) Several performance and memory optimizations.
*) The Location: response header field, used for external
redirect, *must* be an absoluteURI. The Redirect directive
tested for that, but RedirectMatch didn't -- it would allow
almost anything through. Now it will try to turn an abs_path
into an absoluteURI, but it will correctly varf like Redirect
if the final redirection target isn't an absoluteURI.
*) Add several new mod_proxy directives:
ProxyTimeout, ProxyPreserveHost, ProxyPass.
*) FTP directory listings are now always retrieved in ASCII mode.
The FTP proxy properly escapes URI's and HTML in the generated
listing, and escapes the path components when talking to the FTP
server.
*) Add FileETag directive to allow configurable control of what
data are used to form ETag values for file-based URIs.
*) Introduced the ForceLanguagePriority directive, to prevent
returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
when using Multiviews.
only emit a message and don't actually fetch anything. This allows
us to make the output of "fetch-list" for these packages consistent
with other packages.
While we're in here, integrate DYNAMIC_MASTER_SITES with the
${ORDERED_SITES} macro. The only functional change here is that
${MASTER_SITE_OVERRIDE} is now respected. Still to do -- something
appropriate for "fetch-list" for these packages, like sourcing
"getsites.sh" into the generated script. (Well, "package", but there
are two others that do something similar in their "Makefile".)
Also eliminate the misbegotten _FETCH_ALLFILES macro -- now that only
"fetch" uses it, move it's functionality directly under "do-fetch".
the library routines we will use when loaded into httpd.
* This package won't work with apache-2.*, so ensure that it won't match
the apache dependency.
* Don't use the shared libneon as the neon API is just too unstable.
Revert back to using the included neon library.
* Remove dependency on gettext-lib as the NLS build is broken.
* Remove dependency on libgetopt as cadaver provides its own
getopt_long implementation if one doesn't exist on the system.
Changes from version 0.19.0 include:
* Fix permissions of local file downloaded using 'get' (Dan Mullen).
* Add man page (Jules <jules@jules.com>)
* lockdepth option is used for any non-collection resource.
* Add 'quiet' option; when set, connection status messages are
supressed.
a security fix for a file-upload bug.
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
- Fixed start up failure when mm save handler is used and there is multiple
SAPIs are working at the same time. (Yasuo)
- Fixed a buffer overflow in the RFC-1867 file upload code (Stefan)
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
[...]
"If you are running PHP 4.0.3 or above one way to workaround these bugs is
to disable the fileupload support within your php.ini (file_uploads = Off).
If you are running php as module keep in mind to restart the webserver.
Anyway you should better install the fixed or a properly patched version to
be safe."
Relevant changes from version 2.8.6 include:
*) Fixed potential buffer overflow in DBM and SHMHT session
cache if very very large certificate chains are used.
*) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete
"head -1" and "tail -1" constructs with sed variants in scripts.
the EAPI patches from modssl-2.8.7-1.3.23. Also, link against the MM
Shared Memory library (devel/libmm) to provide shared memory support in
Apache/EAPI. For example, this allows mod_ssl to use a high-performance
RAM-based session cache instead of a disk-based one.
that was lost in the previous commit.
"${apache_start}" is the subcommand sent to apachectl to control how
httpd is started. It's value may be overridden in:
@PKG_SYSCONFDIR@/apache_start.conf
/etc/rc.conf
/etc/rc.conf.d/apache,
in order of increasing precedence. Its possible values are "start"
and "startssl", and defaults to "start".
From DESCR:
Mod_Layout creates a framework for doing design. Whether you need a
simple copyright or ad banner attached to every page, or need to have
something more challenging such a custom look and feel for a site that
employs an array of technologies (Java Servlets, mod_perl, PHP, CGI's,
static HTML, etc...), Mod_Layout creates a framework for such an
environment. By allowing you to cache static components and build sites
in pieces, it gives you the tools for creating large custom portal sites.
