Patched for pkgsrc pathnames (default location of squid config file),
and for NetBSD; probably needs help for other pkgsrc platforms but not
marked ONLY_ because there's no good reason it can't be made to work.
While not useful to run this w/o squid, the package does not depend on
it because it can be built and installed without it.
The package and binary are named squidpurge because purge seems too
likely to conflict and squid users are more likely to notice it this way.
The purge tool is a kind of magnifying glass into your squid-2 cache.
You can use purge to have a look at what URLs are stored in which file
within your cache. The purge tool can also be used to release objects
which URLs match user specified regular expressions. It can extract
objects matching a regular expression, creating a directory tree
matching the server layout. A more troublesome feature is the ability
to remove files squid does not seem to know about any longer.
o pkgsrc changes: change DIST_SUBDIR to ${PKGNAME_NOREV} only (stop
using time stamp) since squid's patches are provided with revision
if updated.
o official patches:
* 2005-09-28 21:52 (Minor) CNAME adresses remembered with wrong TTL
* 2005-09-28 21:16 (Cosmetic) Defining CACHE_HTTP_PORT does not set
the default http_port
* 2005-09-28 21:07 (Minor) httpd_accel_single_host breaks in combination
with server_persistent_connections
* 2005-09-28 21:07 (Cosmetic) More tracing in test mode of squid_ldap_auth
* 2005-09-28 21:07 (Cosmetic) Document that tcp_outgoing_xxx works badly
in combination with server_persistent_connections
* 2005-09-27 22:29 (Major) Truncated responses when using delay pools
o changes from 2.5.10; most of them are already included in squid 2.5.10nb5
package
Changes to squid-2.5.STABLE11 (22 Sep 2005)
- [Minor] Workaround for servers sending double content-length headers
(Bug #1305)
- [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
- [Cosmetic] Date header corrected on internal objects (icons etc)
(Bug #1275)
- [Minor] squid -k fails in combination with chroot after patch for
bug 1157 (Bug #1307)
- [Cosmetic] Segmentation fault if compiled with
--enable-ipf-transparent but denied access to the NAT device.
(Bug #1313)
- [Minor] httpd_accel_signle_host incompatible with redireection
(Bug #1314)
- [Minor] squid -k reconfigure internal corruption if the type of
a cache_dir is changed (Bug #1308)
- [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
(Bug #1317)
- [Minor] Title in FTP listings somewhat messed up after previous
patch for bug 1220 (Bug #1220)
- [Minor] FTP listings uses "BASE HREF" much more than it needs to,
confusing authentication. (Bug #1204)
- [Minor] winfo_group.pl only looked for the first group if multiple
groups were defined in the same acl. (Bug #1333)
- [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
- [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
- [Cosmetic] The new --with-build-environment=... option doesn't work
- [Cosmetic] New 'mail_program' configuration option in squid.conf
- [Minor] Fails to compile with ip-filter and ARP support on Solaris
x86 (Bug #199)
- [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
- [Medium] assertion failed in StatHist.c:93 (Bug #1325)
- [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
- [Cosmetic] Invalid URLs in error messages when failing to connect
to peer, and a few other inconsistent error messages (Bug #1342)
- [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
(Bug #1344)
- [Minor] Some odd FTP servers respond with 250 where 226 is expected
(Bug #1348)
- [Cosmetic] Greek translation of error messages (Bug #1351)
- [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
- [Minor] squid_ldap_auth -U does not work (Bug #1370)
- [Minor] SNMP cacheClientTable fails on "long" IP addresses
(Bug #1375)
- [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
- [Minor] E-mail sent when cache dies is blocked from many antispam
rules (Bug #1380)
- [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
- [Cosmetic] Incorrect store dir selection debug message on objects
larger than 2Gigabyte (Bug #1343)
- [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
- [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
- [Medium] Clients could bypass delay_pool settings by faking a cache
hit request (Bug #500)
- [Minor] IP-Filter 4.X support (Bug #1378)
- [Medium] Odd results on pipelined CONNECT requests
- [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
when using NTLM authentication.
- [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
authentication (bug #1396)
- [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
(Bug #1394)
- [Cosmetic] New --with-maxfd=N configure option to override build
time filedescriptor limit test
- [Minor] Added support for Windows code name "Longhorn" on Cygwin.
when the base PHP is compiled with openssl extension (e.g. ssl://, tls://
stream support, and couple others). These don't work when SSL support
is loaded via extension.
For this reason, make openssl extension unconditionally built-in
into the main PHP package, and g/c security/php-openssl.
"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the "log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.
Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."
http://secunia.com/advisories/17028/
Patch from FreeBSD PR ports/86833.
BINS 1.1.29
-----------
- A search engine has been added. It only woks on web browser
supporting javascript and DOM. It can be deactivated via the new
searchEngine parameter. It allows search on image description fields
set in the new searchFields parameter. Maximum results returned by the
search engine is set by the searchLimit parameter.
This adds a new dependency on Text::Unaccent.
- Michael Olson's mwolson templates have been added.
- Martin Pohlack's martin templates have been added. These templates are based
upon marc ones, in turn based on joi. Here are the modifications with
marc:
- fixed some bugs in the css
- more layout stuff done in css
- changed colors to grey-levels, which allows the viewer to
concentrate on the important parts, the images (if you don't like
it, you only have to change some lines in the css).
- some layout changes, links (next, prev, ...) have a fixed
position now, so you don't have to move the mouse if you want to
cycle through many images.
- use transparent pngs for the slide background in browser which
support it -> smoother slide corners (round corners are
oversampled, compare the gif and the png)
- Display the content of the jpeg-comment filed below the image
- Fixed a bug when javaScriptPreloadImage was set to 1 : the next image
preloaded was always at maximum size.
Patch from Malcolm Parsons
- Add support for jpegtran with MMX (libjpeg-mmx-progs).
Patch by Ludovic Rousseau
- Fix -f option so it can work with files given with a relative path.
Patch by Ludovic Rousseau
- Default template has been renamed to swigs, has it may not be the
default in the future (it uses tables and don't use CSS).
- A tools directory has been added in the archive, containing the
small BINS related utilities. The new tools add_num_prefix,
remove_num_prefix and bins_addtext have been added. All is documented
on the web site.
- A FAQ has been added.
- BINS now has a page on gna!, see https://gna.org/projects/bins/
BINS 1.1.28
-----------
- Replaced parameter "enlarge" with "whenSrcSmaller" to dictate what to
do if the source image is smaller than the size of the generated
image. Fixed a bug that prevented enlarged image from actually being
generated.
Patch from Alexander Blazej
- Added new linkRelative parameter allow to use relative links if
linkInsteadOfCopy is set to 1.
Patch from Dan McMahill
- Transform functionality now allow perl code. A new dateString
parameter allow to specify the date string to be used (following
date(1)), introducing a dependency on Date::Parse.
Patch from Martin Michlmayr
- Handle buggy EXIF information in DateTimeOriginal.
Patch from Martin Michlmayr
- Fix on deExifyImages option.
Patch from Martin Michlmayr
- Fix encoding problem whith ISO 646 used by Solaris.
Patch from Martin Michlmayr
- Fix bug when source directories is a prefix of the destination one.
Patch from Pizza
- Make JPEG Comments available as image subtext.
Patch from Martin Pohlack
- Catalan translation (ca) has been added.
Thanks to Joan Antoja Sabin
- A CSS bug in marc template has been fixed.
Correction from Martin Pohlack
- The image details page, using the Joi template, now respects use of a
background image.
Fix by Alexander Blazej
- The image details page's "Album Tree" link is fixed.
Fix by Alexander Blazej
- Standardized indentation (4 columns).
Done by Alexander Blazej
- Default value of borderOnThumbnails has been set to 0.
fix crashes with nested framesets
fix dmalloc conflicts
fix crashes with invalid x/html tags
fix memory corruptions
fix attributes with null values
replace tabs with spaces
a lot generic stability fixes
fix accessibility crashes
accessibility missing output added
use id= instead of a name=
fix crashes with mixed php-like code in html
fix memory leaks
xml: was stripped from xml:lang
make sure id and name are identical when used
do not add xml:lang for XHTML 1.1
check validity of id/name values
a lot of new options for finegrained control
support align="char"
fix 64 bit portability issues
fix support for nested <sub> and <sup>
make sure id's are unique
be more resistant against malformed comments
make sure attribute values are lowercase for xhtml specified values
ensure xml declarations are present
allow empty action="" to form
area does not need a mandatory href
This is a bug fix release.
Fixed bugs are follows:
* Fix for a potential buffer overflow vulnerability when loading
a hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Fix a crash in mail when stopping a search and then searching again
* Other stability and security fixes
MFSA 2005-59 Command-line handling on Linux allows shell execution
MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
MFSA 2005-57 IDN heap overrun using soft-hyphens
- Fix for a potential buffer overflow vulnerability when loading a hostname
with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed by the
shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that
uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Fix a crash in mail when stopping a search and then searching again
- Other stability and security fixes
package now, and this header file is only directly used by apr itself,
hidden from httpd. (Clarifies bug 36750 that I have on file with Apache
Bugzilla.)
diff between 1.31 and 1.3101 is minimal, yet it fixes important issues
people have been reporting on e.g. the rt-users mailing list.
1.1301 August 23, 2005
- One last fix for CGIHandler. If you provided your own out_method it
was ignoring it and using its own. Reported by David Glasser.
version 1.0.6 include:
* Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Other stability and security fixes
Approved by taya.
Three new official patches are added.
o 2005-09-19 15:50 (Cosmetic) --with-maxfd=N configure option to override
max filedescriptors test
o 2005-09-16 21:58 (Minor) invalid host is processed as IP 255.255.255.255
in dst acl
o 2005-09-16 21:49 (Cosmetic) Odd results when pipeline_prefetch is combined
with NTLM authentication
One official patch was updated.
o 2005-09-20 12:29 (Major) FATAL: Incorrect scheme in auth header
- Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed
by the shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script
that uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Other stability and security fixes
thus leaving the package dangling if apache2 were to be removed or upgraded.
Change to using apache2/buildlink3.mk, like the other ap2-* modules do,
and bump PKGREVISION for the implicit DEPENDS change.
Update www/kazehakase from 0.2.9 to 0.3.0.
Changes from 0.2.9 to 0.3.0:
* Added feed bookmark action (Kouhei Sutou)
* Fixed some crash bugs.
(I have been running this since Sept. 10. Sorry for the
delay in updating.)
registration out of the installation step and into the INSTALL script.
Also, remove the registration commands from the PLIST as well. Putting
them into the INSTALL script allows for the same commands to be run
in the same way, so that there are fewer differences between installing
from source and installing from a binary package. Also, this makes
these packages pass CHECK_FILES=yes. Bump the PKGREVISION of firefox,
firefox-gtk1, mozilla, and mozilla-gtk2.
Also, include bsd.pkg.mk from the package Makefiles, not from within
Makefile.common. This is a style issue and allows for appending to
variables originally defined in Makefile.common from the package
Makefile.
no longer correct since update to libevent 1.x; it now uses libtool and
generates a shlib.
Remove the offending bl3 line, and bump all dependents' PKGREVISIONs, since
the binary pkg changes for any OS that doesn't have a sufficient builtin
libevent version (or the package has requested a non-builtin version).
- Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require"
was not enforced in per-location context if "SSLVerifyClient optional"
was configured in the global virtual host configuration.
Sync apache with the latest ap-ssl.
- pkgsrc update:
o s/SQUID_BACKEND/SQUID_BACKENDS/ as suggested by pkglint.
o Fix leaving ${PREFIX}/etc/squid/msntauth.conf.default out of PLIST.
o IP Filter related patches are incorporated to squid.
- Add/update official patches:
o 2005-09-15 11:15 (Major) FATAL: Incorrect scheme in auth header
o 2005-09-15 09:56 (Medium) Odd results on pipelined CONNECT requests
o 2005-09-13 23:59 (Minor) Transparent proxy problem with IP Filter
o 2005-09-11 01:53 (Medium) Clients bypassing delay pools by faking a cache
hit
o 2005-09-11 01:42 (Cosmetic) Allow leaving core dumps on Linux
o 2005-09-11 01:21 (Cosmetic) enums can not be assumed to be signed ints
o 2005-09-11 01:21 (Cosmetic) Incorrect store dir selection debug message on
objects >2G
o 2005-09-11 00:57 (Minor) LDAP helpers does not work with TLS (-Z option)
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900. Fixes runtime usage on NetBSD 2.1. New Versions:
- firefox-1.0.6nb2
- firefox-gtk1-1.0.6nb2
- mozilla-1.7.11nb1
- mozilla-gtk2-1.7.11nb1
- thunderbird-1.0.6nb1
- thunderbird-gtk1-1.0.6nb1
Took some time to do this release, and the fixes are numerous, an
upgrade is highly recommended. Major changes include an increased
header limit, which fixes inter-operation with some versions of lynx;
a fix for a crash when trying to access user pages of people who do
not actually exist (ie, /~badusername).
On the new features front, the -U option now accepts usernames too,
not just user ids.
*0.8.1* (11 July, 2005)
* Fix scaffolding for Action Pack controller changes
*0.8.0* (6 July, 2005)
* Fix WSDL generation by aliasing #inherited instead of trying to overwrite it, or the WSDL action may end up not being defined in the controller
* Add ActionController::Base.wsdl_namespace option, to allow overriding of the namespace used in generated WSDL and SOAP messages. This is equivalent to the [WebService(Namespace = "Value")] attribute in .NET.
* Add workaround for Ruby 1.8.3's SOAP4R changing the return value of SOAP::Mapping::Registry#find_mapped_soap_class #1414 [Shugo Maeda]
* Fix moduled controller URLs in WSDL, and add unit test to verify the generated URL #1428
* Fix scaffolding template paths, it was broken on Win32
* Fix that functional testing of :layered controllers failed when using the SOAP protocol
* Allow invocation filters in :direct controllers as well, as they have access to more information regarding the web service request than ActionPack filters
* Add support for a :base64 signature type #1272 [Shugo Maeda]
* Fix that boolean fields were not rendered correctly in scaffolding
* Fix that scaffolding was not working for :delegated dispatching
* Add support for structured types as input parameters to scaffolding, this should let one test the blogging APIs using scaffolding as well
* Fix that generated WSDL was not using relative_url_root for base URI #1210 [Shugo Maeda]
* Use UTF-8 encoding by default for SOAP responses, but if an encoding is supplied by caller, use that for the response #1211 [Shugo Maeda, NAKAMURA Hiroshi]
* If the WSDL was retrieved over HTTPS, use HTTPS URLs in the WSDL too
* Fix that casting change in 0.7.0 would convert nil values to the default value for the type instead of leaving it as nil
*0.7.1* (20th April, 2005)
* Depend on Active Record 1.10.1 and Action Pack 1.8.1
*0.7.0* (19th April, 2005)
* When casting structured types, don't try to send obj.name= unless obj responds to it, causes casting to be less likely to fail for XML-RPC
* Add scaffolding via ActionController::Base.web_service_scaffold for quick testing using a web browser
* ActionWebService::API::Base#api_methods now returns a hash containing ActionWebService::API::Method objects instead of hashes. However, ActionWebService::API::Method defines a #[]() backwards compatibility method so any existing code utilizing this will still work.
* The :layered dispatching mode can now be used with SOAP as well, allowing you to support SOAP and XML-RPC clients for APIs like the metaWeblog API
* Remove ActiveRecordSoapMarshallable workaround, see #912 for details
* Generalize casting code to be used by both SOAP and XML-RPC (previously, it was only XML-RPC)
* Ensure return value is properly cast as well, fixes XML-RPC interoperability with Ecto and possibly other clients
* Include backtraces in 500 error responses for failed request parsing, and remove "rescue nil" statements obscuring real errors for XML-RPC
* Perform casting of struct members even if the structure is already of the correct type, so that the type we specify for the struct member is always the type of the value seen by the API implementation
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
- pkgsrc changes: check IP filter's header file <ipl.h> as well as
<netinet/ipl.h>.
- Apply recent official patches including a security fix for DoS noted by
http://secunia.com/advisories/16674/
* 2005-09-03 09:41 (Minor) E-mail sent when cache dies is blocked from many
antispam rules
* 2005-09-03 09:41 (Minor) Solaris 10 SPARC transparent proxy build problem
with ipfilter
* 2005-09-01 22:57 (Minor) snmo cacheClientTable fails on "long" IP addresses
* 2005-09-01 22:49 (Minor) squid_ldap_auth -U does not work
* 2005-09-01 22:44 (Major) assertion failed:
store.c:523: "e->store_status == STORE_PENDING"
* 2005-09-01 22:39 (Cosmetic) Greek translation of error messages
* 2005-09-01 22:31 (Minor) Some odd FTP servers respond with 250
where 226 is expected
* 2005-09-01 22:26 (Cosmetic) Fails to compile with glibc -D_FORTIFY_SOURCE=2
* 2005-09-01 22:18 (Cosmetic) Odd URLs when failing to forward request via
parent and several error messages inconsistent
in reported request details
* 2005-09-01 22:09 (Minor) More chroot_dir and squid -k reconfigure issues
* 2005-09-01 21:56 (Medium) assertion failed:
StatHist.c:93: ((int) floor (0.99L + statHistVal(H, 0) - min)) == 0
* 2005-09-01 20:27 (Major) Segmentation fault in sslConnectTimeout
* 2005-08-19 09:31 (Minor) sync redeclarations when support for ARP acls
* 2005-08-14 17:05 (Cosmetic) New 'mail_program' configuration option in
squid.conf
* GNU GSS support
* --ignore-content-length and CURLOPT_IGNORE_CONTENT_LENGTH added
* negotiates data connection SSL earlier when doing FTPS with PASV
* CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
* trailer support for chunked encoded data streams
* -x/CURL_PROXY strings may now contain user+password
* --trace-time now outputs the full microsecond, all 6 digits
* Bugfixes
1) Simplify the way how an emacs version is picked when no emacs
is installed, but a user try to install an Emacs Lisp package.
Just pick up the version set as EMACS_TYPE than searching for
versions already installed etc. If the EMACS_TYPE version is
not supported by the Emacs Lisp Package, just fail. EMACS_TYPE
be default to GNU Emacs 21.
(In other words, users should set EMACS_TYPE as they want.
Otherwise GNU Emacs 21 is used.)
2) All Emacs Lisp Packages *must* prepend EMACS_PKGNAME_PREFIX to
a) the PKGNAME itself, and b) PKGNAME in its dependency lines.
EMACS_PKGNAME_PREFIX is expanded to "xemacs-" when XEmacs is
used. This keeps dependency graph of Emacs-Lisp-packages-
installed-for-XEmacs consistent.
3) Document EMACS_* variables as much as possible.
4) Provide more cookies for PLIST. Maybe utilized later.
Note that the 2) change doesn't affect the default, GNU Emacs 21
behaviour. So no version / revision bumps in this commit.
- awstats.pl will now look in @PKG_SYSCONFDIR@/awstats for config files
- create datadir with correct permissions under @VARBASE@/awstats
- update MESSAGE telling user than can now use @PKG_SYSCONFDIR@ awstats
- fix location of apache log dirs so they match the pkgsrc default
- fix location of apache conf dirs so they match the pkgsrc default
- bump PKGREVISION
Changes
* Fix a mem leak
* Work around broken mime detection which cannot detect that a .ico
file from content
* Fix signed/unsigned confusion (gcc4 fixes)
* Update list of mime types
* Fix default printer name [#301730]
* Also ellipsise the menu entries in the toolbar overflow menu
* Don't crash in case a desktop file is not found
* Fix a crash when deactivating a dead menu [part of #309918]
* Fix setting homepage to current page [#311962]
* Fix focus bug [#105153]
Updated translations:
* Priit Laes (et)
* Ganesh Ghimire (ne)
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
* Improvements:
- Keep the History dialog open while editing past entries (Matt)
- Shade alternating rows in the History dialog's entry list (Todd)
* Fixes:
- Resolve an issue with inserting links (Todd)
- Mark LiveJournal entries as back-dated when manually specifying a date in
the past (Todd)
* Translations:
- Updated Canadian English translation (Adam Weinberger)
- Updated German translation (Jens Seidel)
- Added Traditional Chinese translation (Chao-Hsiung Liao)
- Added Polish translation (Michał Kastelik)
- added fixes/enhancements required for sope-ical to NGExtensions
- fixed MySQL include flags
- fixed duplicate decoding of base64 values libXmlRpc
- merged in SOPE 4.5 changes for vCard support (sope-ical)
- merged in SOPE 4.5 changes for iCal recurrences (sope-ical)
- changed NGCTextStream and NGFileStream not to flush input streams
- added NGImap4 method to store flags for MSN sequences
- added support for ACL commands to NGImap4
- fixed duplicate decoding of base64 values in XML-RPC results
- added namespace declaration for XML vCards
- renamed most implementations from DOMxx to NGDOMxx (WebKit compat)
- keep JavaScript as a static in WEDropContainer
- SoHTTPAuthenticator.m: deprecated -authRealm (now -authRealmInContext:)
- more dynamic elements report on WODebugTakeValues
- major improvements in WebDAV protocol layer
- fixed SoProduct lookup with gstep-make on OSX
- -synchronizesVariablesWithBindings now returns NO if the comp. is
stateless
- -frameworkName now returns 'nil' if the component is in the main bundle
- +templateWithHTMLString:declarationString:languages: is now a class
method
- -pathForResourceNamed: now checks whether a session is available
- prepared MKCALENDAR method in WebDAV dispatcher
- added support for PROPFIND without content (same like <allprop/>)
- added Perl HTTP::DAV as a known WebDAV user agent
- WOMailDelivery.m generates proper \r\n instead of \n to sendmail
- rewrote HTML and WOD parsers to use unichar
- properly deal with seconds in NSCalendarDate+ICal.m
- added extensive vCard support to NGiCal
- changed vCard parser to decode qp property values
- vCard parser now supports groupings (as emitted by Apple Addressbook)
- added support for parsing UTF-16 vCards
release versions of ap2-perl. Changes:
=====
An HTML version of this file, complete with links to documentation, is
available at http://www.masonhq.com/code/history.html.
** denotes an incompatible change
1.31 August 20, 2005
[ BUG FIXES ]
- Fix several regressions in the CGIHandler and FakeApache modules.
Some changes from the stable branch were never merged into the trunk
before 1.30. Reported by Jesse Vincent. Task id #589.
- Under Apache2, if an ApacheHandler object was created during server
startup and the associated Interp object created any files or
directories, Mason would crash when attempting to chown those
files/dirs to the uid/gid that Apache will use after forking. Task
#586.
- The compiler was adding an extra block around a component's
body, which meant that variables declared in the body (in perl lines
or blocks) were not seen in the cleanup section. Task id #587.
- The compiler was also adding "no warnings 'uninitialized'" in this
block, which could hide various errors.
- Hopefully fix $VERSION in ApacheHandler so PAUSE will not be
confused and think we have regressed.
- Turned off some prompts during the module's installation. These
were intended to help new users configure Apache to run Mason
components, but they're probably a bit confusing. Will return in a
future release as a separate script that can be run from the command
line.
1.30 August 11, 2005
[ INCOMPATIBLE CHANGES ]
- ** Under mod_perl2, MasonArgsMethod will default to "CGI", since
libapreq2 is still in development. If you have successfully installed
libapreq2, just set MasonArgsMethod to "mod_perl" to use it.
[ ENHANCEMENTS ]
- Some doc tweaks to clarify that Mason should work out of the box
with both mod_perl 1 and 2.
- Added "use warnings" to all modules and made sure all tests ran
warnings-free.
[ BUG FIXES ]
- Silence a warning when HTML::Mason::ApacheHandler was loaded outside
of mod_perl.
- Support renamed Apache2::Status module.
1.29_02 June 22, 2005
[ ENHANCEMENTS ]
- ** Support for mod_perl-2.00 (mod_perl-1.99 is no longer supported
because of API changes in 2.0RC5).
- Mason recovers more gracefully from an empty or corrupted object
file. Task id #579.
[ BUG FIXES ]
- Fixed bug with content type being reset when decline_dirs=0.
Submitted by Brian Phillips. Task id #584.
- Put "Mason" prefix back in Params.pod. Task id #575.
- Fixed fetch_comp(undef) to not return an empty hash. Task id #578.
- static_source_touch_file did not take effect until after one request
for a top-level component. Reported by Lai Zit Seng. Task id #576.
1.29_01 January 25, 2005
[ INCOMPATIBLE CHANGES ]
- ** Mason now requires Perl 5.6.0 or later. However, because 5.6.0
has so many problems, it cannot be officially supported; we strongly
recommend upgrading to at least 5.6.1.
- ** Mason now requires version 1.24 of mod_perl in the ApacheHandler
module.
- ** The behaviors of $m->flush_buffer and $m->clear_buffer have been
simplified. $m->flush_buffer only acts on the top-level output buffer;
$m->clear_buffer clears all output buffers. Task id #554.
- ** max_code_cache_size is now kept in terms of number of components,
not bytes, and its default value is 'unlimited'.
- ** Components with a <%filter> and a cache_self are no longer cached
in their filtered state. Performance-related code simplifications made
this behavior difficult to maintain. Long term this would be
easier to implement with a cache_self component <%flag>.
- ** All compiler properties are now read-only. If you need to change
compiler properties on a per-request basis, you'll need to create
multiple compiler and interpreter objects.
- ** comp_exists may try to load the designated component, and may
throw an error if it contains a syntax error.
- ** The current_time method, deprecated in 1.1x, has been removed.
- ** The HTML::Mason::Buffer class has been eliminated for performance
reasons. You can use separate components, methods, or subcomponents
and scomp to achieve the same effects as buffer pushes and pops.
[ ENHANCEMENTS ]
- Significantly improved performance in component execution,
especially in static_source mode.
- Added static_source_touch_file, making it much easier to update
a server running in static_source mode.
- Added a plugin architecture. Plugin classes can perform actions at
key points, e.g. before and after each request and each component
call. See HTML::Mason::Plugin for documentation. Task id #24.
Initial implementation by Doug Treder.
- Added the ability to change component root(s) on the fly if the
dynamic_comp_root parameter is turned on. Task id #561. Suggested
by Alex Robinson.
- Added enable_autoflush parameter. When turned off, Mason can
compile components to a more efficient form.
- Changed the </&> tag to allow the starting component name to be
included. e.g. <&| /foo &> ... </& /foo >. Task id #556. Suggested
by Alex Robinson, John Williams, and others.
- Moved the notion of component roots (single and multiple) from the
Resolver to the Interpreter. This improved the performance of multiple
component roots in conjunction with static source mode. Any resolver,
file-based or otherwise, can benefit from component root settings or
choose to ignore them.
- Added the compiler object_id to the object file path, so that
multiple versions of Mason do not collide in the same object
directory. Task id #569.
- Added .obj (or a configurable extension) to object filenames.
Task id #152. Suggested by John Tobey.
- Added $m->clear_and_abort, syntactic sugar for the common idiom
of calling clear_buffer() and then abort(). Task id #505.
- Added an official comment syntax, <% # ... %>, and documented
the various comment markers in the developer's manual. Task id #566.
- Added buffer_preallocate_size parameter, which allows you to
potentially reduce buffer reallocations.
- Augmented the 'could not find component' error message with the
current component root(s). Task id #562.
[ BUG FIXES ]
- Mason now throws an error if the path specified in a component's
'inherit' flag cannot be found. Task id #480.
- Fixed comp_exists to work with any path accepted by comp or
fetch_comp, and fixed fetch_comp to stop throwing errors for certain
bad paths. Task id #572.
- Fixed $m->decline to work from /dhandler. Task id #573. Submitted
by Carl Raiha.
- Using 'next' or 'last' without a loop can no longer corrupt
the component stack. Task id #539.
@section v2_06 Changes with libapreq2-2.06 (released July 20, 2005)
- C API [Marc Gràcia, joes]
Fix apreq_decode(v) when iso-latin-1 chars appear
at the end of an encoded string.
- Perl API [Philip M. Gollucci]
Fix "Attempt to free temp prematurely" error in apreq_xs_croak().
- C API [Philip M. Gollucci]
Add mod_apreq2 to httpd's server tokens.
- Perl API [joes]
Drop support for $req->env(), which also died with 2.05-dev.
- Perl API [joes]
Support for table set/add/delete methods is formally withdrawn.
Technically this feature died with the module API refactoring in
2.05-dev.
- C API [max]
Right-hand limit of apreq_brigade_move() is declared as "excluding",
but APR_RING_UNSPLICE() wants an "including" right-hand limit. Fixed
this by passing the previous bucket.
- Perl API [joes]
Drop support for Apache2::Request::new's HOOK_DATA.
UPLOAD_HOOK now takes only two arguments: ($upload, $data).
- Perl API [joes]
Drop support for Apache2::Cookie::Jar::new's VALUE_CLASS.
2.05-dev broke that API, and it's not worth trying to fix.
People who need that should use APR::Request::Cookie::Table's
cookie_class() API instead.
- Perl API [joes]
Fix cookie domain/path munging in Apache2::Cookie::new().
@section v2_05_dev Changes with libapreq2-2.05-dev (released May 5, 2005)
- Win32 build [Randy Kobes]
Have top-level 'nmake', 'nmake test', and 'nmake install'
targets, respectively, also include building, testing, and
installing the corresponding perl glue targets.
- C API [geoff]
Minimum httpd version is now 2.0.48, which includes the official
apr 0.9.4 release.
- C API [Max Kellermann]
Fix apreq_quote.
- Perl API [joes]
Remove Apache2::Request::args. WARNING: through inheritance,
args() now maps to Apache2::RequestRec::args. Folks that want
the pre-2.05-dev behavior need to invoke APR::Request::args by name.
- C API [joes, Max Kellermann]
Add apreq_initialize, apreq_pre_initialize and apreq_post_initialize.
These are not thread-safe operations, so applications need to ensure
they are invoked (in the correct sequence) prior to using any apreq2
modules.
- C, Perl API [joes]
Add pool, bucket_alloc to apreq_handle_t.
- Perl API [joes]
Drop $data argument from UPLOAD_HOOK, and also drop HOOK_DATA option.
Perl folks should use a closure instead of passing in context data.
- Perl API [joes]
Move bake, bake2 to Apache2::Cookie, now requiring
an extra $r argument. Also ""-operator is mapped
to as_string() for Apache2::Cookie; but APR::Request::Cookie
maps it to value().
- C API [joes]
Remove header_in & header_out from apreq_module_t.
Remove apreq_ua_cookie_version() and apreq_cookie_bake*().
Remove cookie2 argument to apreq_handle_custom().
- C API [joes]
s/APREQ/APREQ2/g in webserver configuration directives.
- C API [Igor Shevchenko, Philip Gollucci]
Fix segfault in mfd parser caused by parts w/ empty param names.
- C API [joes]
Add apreq_cp1252_to_utf8().
- C, Perl API [joes]
Add charset support for params and couple the SvUTF8 flag
to the param's taint flag.
- C API [joes]
Replace v->size with v->nlen + v->dlen.
Added supporting apreq_value_table_add().
- C API [joes]
Remove apreq_cookie_attr().
- C API [joes]
- Add apreq_error.h, apreq_module.h.
- Rename apreq_run* and apreq_make* funcs to conform with
apreq_$obj_$meth scheme.
- Replace c->version & c->secure with flags.
- Parsers are assumed to be working with external data, so the
cookies & params they produce are marked tainted.
- C API [joes]
apreq_parse_cookie_header() failed to parse RFC Cookie headers which
contained no space chars after the '$Version=1' preamble.
- C API [joes]
Reorganize around include/, library/, and module/ dirs.
- C Tests [joes]
Replace CuTest-based tests with custom TAP-compliant framework.
- C API [Max Kellermann]
Continue the API improvements:
- Convert APREQ_RUN_PARSER and APREQ_RUN_HOOK to inline, and downcase them.
- Remove apreq_memmem.
- Convert apreq_(un)escape to inline.
- apreq_escape does not create an apreq_value_t*.
- Initialize default_parsers explicitly to NULL.
- Convert APREQ_BRIGADE_COPY to inline, and downcase it.
- Lowercase APREQ_BRIGADE_SETASIDE, APREQ_BRIGADE_COPY.
- Convert apreq_cookie_name and apreq_cookie_value macros to inline.
- Convert apreq_param_name, apreq_param_value, apreq_param_info, and
apreq_param_brigade to inline.
- C API [joes]
Widespread API refactorization to remove apreq_jar_t and apreq_request_t:
- Header includes reorganized; apreq_parsers.h added (back again).
- Replaced apreq_jar_t and apreq_request_t with single apreq_env_handle_t.
- Added const qualifier to "v" attribute of apreq_cookie_t and apreq_param_t.
- Use union type-puns to drop const qualifiers inside the new
apreq_value_to_cookie and apreq_value_to_param implementations
(gcc generates same object code as the macro versions did).
- Moved "flags" attribute from apreq_value_t to apreq_cookie_t and apreq_param_t.
- Remove env argument from hooks and parsers.
- Reduce apreq_env_module to minimal set of operations.
- Replace apreq_log calls with apreq-specific error codes.
- Hooks are called on each body param now, not just during file uploads.
- Tie the cgi handle to its creator pool.
Detailed changes by header file:
[apreq.h]
- Remove flags from apreq_value_t.
- Remove const qualifier from apreq_value_t's "name" attribute.
- Remove apreq_value_merge* and apreq_value_copy*.
- Remove apreq_char_to_value, apreq_strtoval, and apreq_strlen.
- Move apreq_enctype to apreq_env.h.
- Move apreq_env_handle_t struct definition to apreq_env.h
- Change signature of apreq_decode.
- Move apreq_brigade_concat here, changed its signature and improved it alot.
- Remove apreq_brigade_spoolfile.
- Dropped APREQ_*_ENCTYPE, renamed some APREQ_$foo defaults APREQ_DEFAULT_$foo.
- Added APREQ_ERROR_*.
[apreq_cookie.h]
- Remove apreq_env.h include.
- Remove apreq_jar_t.
- Add "flags" to apreq_cookie_t, add const qualifier to its "v" attr.
- Remove apreq_jar* functions.
- Add apreq_parse_cookie_header.
- Move apreq_cookie, apreq_cookie_bake(2), and
apreq_ua_cookie_version to apreq_env.h.
[apreq_params.h]
- Remove apreq_env.h include.
- Remove apreq_request_t.
- Add "flags" to apreq_param_t, and const qualifier to its "v" attr.
- Rename "bb" attribute "upload" in apreq_param_t.
- Remove apreq_request* functions.
- Remove apreq_parse_request.
- Changed apreq_decode_param signature.
- Replace env argument with apr_table_t in apreq_params_as_array,
apreq_params_as_string,
- Move remaining apreq_param* to apreq_env.h.
- Move parser and hook sections to apreq_parsers.h.
- Change apreq_upload(s) old apreq_request_t arg to apr_table_t.
[apreq_parsers.h]
- Acquire the hook and parser sections of original apreq_params.h.
- Remove env argument from APREQ_PARSER_ARGS and APREQ_HOOK_ARGS
- Augment apreq_hook_t and apreq_parser_t to replace missing env features.
- Change apreq_make_parser and apreq_make_hook signatures.
- Rename apreq_add_hook to apreq_parser_add_hook, returning apr_status_t.
- Change apreq_parser signature.
[apreq_env.h]
- Remove read, log, pool, bucket_alloc, request, jar, and query_string methods.
- Include apreq_parsers.h.
- Reorganize apreq_env_module_t to provide hook, parser, jar, args,
& body table ops.
- Rename max_brigade to "brigade_limit", max_body to "read_limit".
- Change related module sigs, including temp_dir, to get/set methods.
- Add parser and read_limit args to apreq_env_make_custom_handle.
- Drop "name" arg and APREQ_ENV_MODULE =~ s/_ENV//.
- s/apreq_env_make/apreq_handle/ in the handle constructor names.
[mod_apreq.c, apreq_env_apache2.h]
- Changed APREQ_Max* configs to APREQ_BrigadeLimit and APREQ_ReadLimit.
- Handle constructor renamed apreq_handle_apache2.
- C API [joes]
Make our "libtool current interface" number depend on apr's
major number. This allows libapreq2 to be installed into a
system-wide location while avoiding ABI conflicts arising from
our apr-based interfaces.
- C API [Max Kellermann]
Introduce apreq_env_handle_t to replace the void *env usage.
Also added apreq_env_custom for making private handles, and new
apreq_env_apache2.h to let mod_apreq export apreq_env_make_apache2.
- C API [Max Kellermann]
Rename apreq_env_t to apreq_env_module_t, to prepare for
a new thread-safe apreq_env API.
- C API [Max Kellermann]
mod_apreq must check the return value of apreq_brigade_concat
to avoid a RAM-consuming infinite loop. A bad APREQ_TempDir
setting can cause this situation.
- C API [joes]
Provide workaround for chunked trailers bug in ap_http_filter.
- C, Perl API [joes]
Several upload-related bugfixes:
1) apreq_upload and apreq_uploads did not search the full body table,
2) $upload->slurp and $io->read did not autovivify the resultant string.
- C API [joes]
Add "flags" attribute to apreq_value_t, planning for charset support.
This is an ABI change, starting with libapreq2.so.2.0.24.
- C API [joes]
Add apreq_env_bucket_alloc() to get an allocator directly from the
environment instead of creating them from a pool. This is an
ABI change, starting with libapreq2.so.2.0.23.
- Build system [joes]
Add --with-apache2-httpd option so users can override apxs's
notion of where the httpd executable is. XSBuilder's header
parser runs from buildconf now instead of configure, so we
will include those tables in the release tarball. buildconf
gets an additional --with-perl option for running the xsbuilder.pl
parsing script. The XS generation code in xsbuilder.pl has moved
to glue/perl/Makefile.PL.
- Perl API [joes]
Allow ctors for Apache::Cookie, Apache::Cookie::Jar
and Apache:::Request to accept Apache::Request objects
(instead of requiring an Apache::RequestRec object).
This thread details the bug
http://thread.gmane.org/gmane.comp.apache.mod-perl/15727
- C API [Bojan Smojver]
Bake cookies with err_headers_out so they are
sent on non-2xx server responses (ie. a 304 redirect).
Also ensure that headers are copied with apr_table_add
instead of apr_table_addn. Since apreq_cookie_bake()
allocates from the stack, the Set-Cookie headers would
occasionally get mangled without this patch.
- C API [joes]
Add apreq_register_parser(), which allows users to add
their own parsers to apreq_parser()'s recognized MIME types.
- C API [joes]
Support "multipart/mixed" file uploads.
Support XForms' "multipart/related" enctype.
- C API [joes]
Add apreq_hook_apr_xml_parser(), which is a simple wrapper
hook around APR's expat-based apr_xml_parser. Add a generic
parser apreq_parse_generic() to parse arbitrary enctypes using
the hook API.
that these directories will be conditionally removed (based on reference
counts), regardless of the value of PKG_CONFIG. Bump the PKGREVISION
for packages that were modified as a result.
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
changed all through it). While there, make the package correctly fetch the
NetBSD logo.
Bump PKGREVISION, and after that I'll delete the copy ftp.netbsd.org
currently has. The tarball change doesn't happen often enough for this
package to justify the use of DIST_SUBDIR (and that avoids the hairy
problem of sharing the sitedrivenby.gif file).
PR#30641 by Jared Momose.
of bugs discovered since the 4.3.11 release which could e.g. lead to
memory corruption.
Furthermore integrate version 1.4.0 of PEAR XML_RPC which contains a fix
for the "PEAR XML_RPC Remote PHP Code Injection Vulnerability" security
problem reported by the Hardened-PHP Project.
Changes:
- Add option ShowSummary.
- If Geoip plugin is enabled, add a column in Host report.
- Other minor changes on geoip and hostinfo plugins to enhance look.
- If LogFormat is 2, AWStats autodetect log format change.
- Add a way to set ArchiveLogRecords with same tags than LogFile to
add suffix to archived log files.
- Fix security hole that allowed a user to read log file content even
when plugin rawlog was not enabled.
- Fix a possible use of AWStats for a DoS attack.
- Fix errors for setup to analyze media servers.
- If there is no referer field in the log format, do not use them in the
errors reports.
- Label of real player ("media player", not "audio player")
- configdir option was broken on windows servers (Pb on Sanitize function
on windows local use).
- Minor fixes.
- Fix: [ 1094056 ] Bad html-output for maillogs
- Fix: [ 1094060 ] More bad html/xml output
- Fix: [ 1100550 ] Missing flag icon for euskera
- Fix: [ 1111817 ] AllowToUpdateStatsFromBrowser defaults to 1 contrary
to docs
This is from pkgsrc-wip originally imported by me, but now
maintained by Leonard Schmidt. Thank you Leonard!
Kazehakase is a GTK+2-based web browser with plans to add support
for switching between various rendering engines such as Dillo,
Gecko, GtkHTML, Gtk+ WebCore or w3m. Currently, however, only
supporting Mozilla's Gecko engine.
It provides tabbed windows and RSS support, drag-and-drop of browser
tabs, a bookmark editor, remote and smart bookmarks, mouse gestures,
a search window, find as you type, a cookie and a password manager.
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
- Added ability to remove multiple meta tags in Quickstart dialog.
- Updated Debian packaging files (standards version and build-dependencies).
- Updated config scripts.
- Updated for traditional Chinese translation.
- Fixed Ctrl-Z/undo bug.
- Fixed outdated configure script and aspell detection.
- Fixed format specification bug in Bulgarian translation.
- Fixed translation bugs and typos in German translation.
Changes 1.0.1:
- New QuickStart dialog.
- Spaces not being used to instead of tabs.
- Updated Debian packaging files (build-depends).
- Updated and improved spell checking.
- Updated and improved highlighting patterns.
- Fixed custom menu.
- Fixed bookmarks handling.
- Fixed missing CSS dialog properties.
- Fixed improperly opened color dialog when opening the CSS dialog.
- Fixed project dialog segmentation fault when clicking the "Browse button".
- Fixed not retained "View" menu item settings after closing/restarting.
- Fixed several build issues (debugging output, configure, ...)
- Slightly simplify installation of example configurations.
- Add official patches.
* 2005-07-11 00:46 (Cosmetic) The new --with-build-environment=...
option doesn't work
* 2005-07-09 08:58 (Cosmetic) Allow wb_ntlm_auth to run more silent
* 2005-07-03 08:24 (Cosmetic) "make all" gives many warnings
* 2005-06-29 20:36 (Minor) wbinfo_group.pl only looks into the first
group specified
* 2005-06-21 22:28 (Minor) FTP listings uses "BASE HREF" much more than
it needs to,
* 2005-06-22 10:46 (Cosmetic) Title in FTP listings somewhat messed up
* 2005-06-19 21:03 (Minor) SNMP GETNEXT fails if the given OID is
outside the Squid MIB
* 2005-06-19 09:39 (Minor) squid -k reconfigure internal corruption
if the type of a cache_dir is changed
* 2005-06-13 22:55 (Minor) httpd_accel_signle_host incompatible
with redireection
* 2005-06-30 08:49 (Minor) Core dump with --enable-ipf-transparent
if access to NAT device not granted
* 2005-06-27 21:24 (Minor) squid -k fails in combination with chroot
after patch for bug 1157
* 2005-06-09 08:01 (Minor) Squid internal icons served up with slightly
incorrect HTTP headers
* 2005-06-06 21:38 (Cosmetic) Updated Spanish error messages
Bump PKGREVISION.
=== Release 2.1pre18
Sat Jul 30 00:01:55 MET DST 2005 mikulas:
Fixed reverse numbering of form fields in javascript
Fri Jul 29 22:45:30 MET 2005 user:
Fixed cursor position in bookmarks after HOME, END, PAGE UP, PAGE DOWN
Thu Jun 23 04:05:45 cet 2005 mikulas:
<sub>, <sup> and alignment images to top and middle of line
Wed Jun 22 18:15:11 MET 2005 user:
Implemented <hr> in graphics mode
Mon Jun 20 15:57:00 cet 2005 mikulas:
Do not make whitechar-elimination on invisible form entries
Sat Jun 18 18:16:24 MET 2005 user:
Allow '#' in smb files and directories
Fri Jun 17 23:10:24 MET 2005 Simen Graaten
Updated Norwegian translation
Mon Jun 6 18:47:37 MET 2005 user:
Do not respond to unknown authentication methods with basic response
Sun May 29 05:43:58 cet 2005 mikulas:
Do always use cache when going back
Sun May 22 21:03:16 MET 2005 user:
Allow '#' in ftp password
Wed May 18 01:18:58 cet 2005 mikulas:
Allow image map elements without href and only with javascript
Thu May 12 04:15:43 MET 2005 user:
Fixed crash with -anonymous and "frame at full-screen" in menu
Sun May 8 15:37:22 cet 2005 mikulas:
Fix lockup with terminal height only 1 or 2 characters
Fri May 6 20:06:50 MET 2005 user:
Make '*' work in graphics mode too
Fixed badly displayed images when image displaying was toggled
Thu Apr 21 21:52:28 cet 2005 mikulas:
Do not count time that connection waits in queue
Fri Apr 15 17:37:51 MET 2005 user:
Do not parse <TITLE> inside <SCRIPT>
Sat Apr 2 20:32:01 MET DST 2005 mikulas:
Workaround for bug in Sun C compiler
Fri Apr 1 00:21:39 MET DST 2005 mikulas:
Accept as line break in textarea (fixes bugzilla)
Thu Mar 24 04:06:53 MET 2005 Federico G. Schwindt <fgsch@lodoss.net>:
Use MD5 functions from libc when available
Mon Mar 7 22:36:45 MET 2005 user:
Support for another smb client --- smbc by Martin Zlomek
Wed Mar 2 23:39:30 CET 2005 mikulas:
Fixed crash of javascript with debuglevel<2 (uninitialized memory)
Fixed possible touching of data beyond allocated space in javascript
Changes since 8.01:
Security
* Solved download dialog spoofing issue described in Secunia Advisory SA15870
* Fixed image dragging issue described in Secunia Advisory SA15756
Miscellaneous
* Improved default handling of encodings in spelling checker.
* Multiple stability fixes.
* When an installed plug-in is available, use as default handler rather
than display download dialog.
* Improved support for XMLHttpRequest.
* Fixed download handling when closing originating page.
a powerpc architecture (e.g. NetBSD-mapcppc). This cures display glitches
(e.g. text appearing at the wrong location). Bump package revision
because of this change.
The suPHP Apache module together with suPHP itself provides an easy way
to run PHP scripts with different users on the same server.
It provides security, because the PHP scripts are not run with the
rights of the webserver's user. In addition to that you probably won't
have to use PHP's "safe mode", which applies many restrictions on the
scripts.
this release fixed two issues
Changelog for Mozilla 1.7.11
300749 Switching folders doesn't work on 1st try/Click to mail folder displays
messages not always [JS error in msgMail3PaneWindow.js::ClearMessagePane]
301917 Cursor keys disabled/Caret not moving with keyboard in message compose window
This is a security fix release.
Fixed in Mozilla 1.7.9/1.7.10
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities