(ports/lang/php4/files/patch-ext::pcre::php_pcre.c). Fixes a bug
(described at http://bugs.php.net/bug.php?id=27810) which causes
apache2 to dump core on receiving SIGHUP.
This is supposedly fixed in the next release of PHP.
Revision History
Version 3.05
1. Fixed uninitialized variable warning on start_form() when running from
command line.
2. Fixed CGI::_set_attributes so that attributes with a - are handled
correctly.
3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
clobbering @_.
4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy), the
various functions that return HOST will use that instead.
5. Fix for undefined utf8() call in CGI::Util.
6. Changed the call to warningsToBrowser() in CGI::Carp::fatalsToBrowser
to call only after HTTP header is sent (thanks to Didier Lebrun for
noticing).
7. Patches from Dan Harkless to make CGI.pm validatable against HTML 3.2. 8. Fixed an extraneous "foo=bar" appearing when extra style parameters passed to start_html;
9. Fixed potential cross-site scripting bug in startform().
10. Fixed documentation to discuss list context behavior of form-element
generators explicitly.
11. Fixed incorrect results from end_form() when called in OO manner.
12. Fixed query string stripping in order to handle URLs containing
escaped newlines.
13. During server push, set NPH to 0 rather than 1. This is supposed to
fix problems with Apache.
14. Fixed incorrect processing of multipart form fields that contain
embedded quotes. There's still the issue of how to handle ones that
contain embedded semicolons, but no one has complained (yet).
15. Fixed documentation bug in -style argument to start_html()
16. Added -status argument to redirect().
Version 3.04
1. Fixed the problem with mod_perl crashing when "defaults" button
pressed.
Version 3.03
1. Fix upload hook functionality 2. Workaround for CGI->unescape_html()
3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe
Version 3.02
1. Bring in Apache::Response just in case.
2. File upload on EBCDIC systems now works.
Version 3.01
1. No fix yet for upload failures when running on EBCDIC server.
2. Fixed uninitialized glob warnings that appeared when file uploading
under perl 5.8.2.
3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from
command line.
4. Added patch from Steve Hay to correctly unlink tmp files under
mod_perl/windows
5. Added upload_hook functionality from Jamie LeTaul
6. Workarounds for mod_perl 2 IO issues. Check that file upload and state
saving still working.
7. Added code for underreads.
8. Fixed misleading description of redirect() and relative URLs in the
POD docs. 9. Workaround for weird interaction of CGI::Carp with Safe module
reported by William McKee.
10. Added patches from Ilmari Karonen to improve behavior of CGI::Carp.
11. Fixed documentation error in -style argument.
12. Added virtual_port() method for finding out what port server is
listening on in a virtual-host aware fashion.
Version 3.00
1. Patch from Randal Schwartz to fix bug introduced by cross-site
scripting vulnerability "fix."
2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
0xfc. Hope this is right!
Version 2.99
1. Patch from Steve Hay to fix extra Content-type: appearing on browser
screen when FatalsToBrowser invoked.
2. Patch from Ewann Corvellec to fix cross-site scripting vulnerability.
3. Fixed tmpdir routine for file uploading to solve problem that occurs
under mod_perl when tmpdir is writable at startup time, but not at
session time.
Hightlights:
* User interface redesigned
* Added Chat client
* Added RSS newsfeeds
* Fast full-text indexing of e-mail messages
* Support for spell check (via aspell)
* Graphical smileys in chat and e-mail
Note: on upgrade, e-mail from previous Opera versions will be
reindexed for faster searching and sorting. The new e-mail format
is not backward compatible, so earlier versions of Opera
won't be able to read the mail once this happens.
For details, see:
http://www.opera.com/linux/changelogs/750/http://www.opera.com/linux/changelogs/750b1/
Changes with mod_ssl 2.8.17 (01-Nov-2003 to 11-May-2004)
*) Upgraded to Apache 1.3.31
*) Log the OpenSSL error stack contents if the crypto engine
load/init fails.
*) Fixed segfault in lookup of variable SESSION_ID
in case SSL_get_session() returns NULL.
*) Bugfix "dbm" session cache: the DBM file was closed
too early (before accessing the data).
*) Bugfix "shmcb" session cache for situations where
the session data is bigger than the cache size.
*) Adjusted all copyright messages to contain the new year 2004 ;)
Apache 1.3.31 Major changes
Security vulnerabilities
* CAN-2003-0987 (cve.mitre.org)
In mod_digest, verify whether the nonce returned in the client
response is one we issued ourselves. This problem does not affect
mod_auth_digest.
* CAN-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog.
* CAN-2004-0174 (cve.mitre.org)
Fix starvation issue on listening sockets where a short-lived
connection on a rarely-accessed listening socket will cause a
child to hold the accept mutex and block out new connections until
another connection arrives on that rarely-accessed listening socket.
* CAN-2003-0993 (cve.mitre.org)
Fix parsing of Allow/Deny rules using IP addresses without a
netmask; issue is only known to affect big-endian 64-bit
platforms
New features
New features that relate to specific platforms:
* Linux 2.4+: If Apache is started as root and you code
CoreDumpDirectory, core dumps are enabled via the prctl() syscall.
New features that relate to all platforms:
* Add mod_whatkilledus and mod_backtrace (experimental) for
reporting diagnostic information after a child process crash.
* Add fatal exception hook for running diagnostic code after a
crash.
* Forensic logging module added (mod_log_forensic)
* '%X' is now accepted as an alias for '%c' in the
LogFormat directive. This allows you to configure logging
to still log the connection status even with mod_ssl
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.29 (or earlier)
and have been fixed in Apache 1.3.31:
* Fix memory corruption problem with ap_custom_response() function.
The core per-dir config would later point to request pool data
that would be reused for different purposes on different requests.
* mod_usertrack no longer inspects the Cookie2 header for
the cookie name. It also no longer overwrites other cookies.
* Fix bug causing core dump when using CookieTracking without
specifying a CookieName directly.
* UseCanonicalName off was ignoring the client provided
port information.
A Wiki is a website that allows its users to add pages, and edit any
existing pages.
You can create a new kwiki website with a single command. The module
has no prerequisite modules, except the ones that ship with Perl.
It doesn't require a database backend, although it could be made to
use one. The default kwiki behaviour is fairly full featured, and includes
support for html tables. Any behaviour of the kwiki can be customized,
without much trouble.
User Interface/Editing
Bug fixes
* Windows platforms only: several transformations crashed.
* Fix crashes in the spell checker.
* GTK version: Amaya is now able to copy and paste utf-8 characters.
* A significant space were sometimes removed after a copy + paste
command.
CSS
Bug fixes
* Local CSS files were not reparsed when they are saved.
* Fix a confusion with classes, pseudo-classes, ids, and attributes.
* Amaya now generates an empty User style sheet ($AmayaHome/amaya.css)
if this file doesn't exist.
* Amaya didn't parse correctly non-quoted font family names containing
whitespace.
(X)HTML
Bug fixes
* Amaya generated a new line character after an <img> element within
headlines (<h1>, <h2>, etc.).
And more... please review http://www.w3.org/Amaya/User/New.html
* removed maximum user+password+hostname size limit
* removed maximum dir depth limit for FTP
* the ares build now requires c-ares 1.2.0 or later
* --tcp-nodelay and CURLOPT_TCP_NODELAY were added
* curl/curlver.h contains the libcurl version info now
* bugfixes
