taya ... well really he said "I don't object your idea.")
This fixes a build bug when heimdal is detected but not buildlinked.
It is a known mozilla bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=245467
I didn't put this in the mozilla/Makefile.common, because didn't test that
yet.
This issue probably only happens when using /usr as the LOCALBASE,
which is not really supported and maybe I am the only one to hit this
with pkgsrc.
Maybe later someone can consider adding a build option for GSSAPI,
but I don't know anything about it in regards to a web browser myself.
o 2005-04-23 01:38 (Minor Security)
Fix for CVE-1999-0710: cachemgr malicouse use
o 2005-04-22 20:48 (Cosmetic) PID file check fails when chrooting
o 2005-04-24 16:35 (Minor)
Make the use of the %m error page to return auth info messages
o 2005-04-22 20:21 (Minor)
Unrecognized cache-control directives are silently dropped
pkgsrc change.
- remove aufs from store I/O backend until it controlled by options.mk
frame work.
- remove patch-cd; it is covered by squid-2.5.STABLE9-transparent_port.patch.
Bump PKGREVISION.
o fix some off-by-one errors from <roland.illig@gmx.de>
o properly support nph- CGI
o make content maps case insensitive
o fix proto header merging to include the missing comma
o major source reorganisation; most features are in separate files now
o new -V flag that makes unknown virtualhosts use slashdir
from <rumble@ephemeral.org>
o HTTP/1.x protocol headers are now properly merged for CGI
*) mod_cache: Add CacheIgnoreHeaders directive.
*) mod_ldap: Added the directive LDAPConnectionTimeout to configure
the ldap socket connection timeout value.
*) Correctly export all mod_dav public functions.
*) Add a build script to create a solaris package.
*) worker MPM: Fix a problem which could cause httpd processes to
remain active after shutdown.
*) Unix MPMs: Shut down the server more quickly when child processes are
slow to exit.
*) Remove formatting characters from ap_log_error() calls. These
were escaped as fallout from CAN-2003-0020.
*) mod_ssl: If SSLUsername is used, set r->user earlier.
*) htdigest: Fix permissions of created files.
*) core_input_filter: Move buckets to a persistent brigade instead of
creating a new brigade. This stop a memory leak when proxying a
Streaming Media Server.
*) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid
hiccups from additional path information passed in non-utf-8 format.
make sure lib/mozilla-linux/plugins exists, even for binary packages.
Should fix moz-bin-* packages in bulk builds.
XXX: binary package still doesn't install quite a number of (empty)
directories that do get created with 'make install'.
o 2005-04-21 10:31 (Cosmetic)
Correctly read DOS/Windows formatted config files with CRLF as
line terminator
o 2005-04-20 21:55 (Minor) Unable to run "squid -k" when hostname cannot
be determined
o 2005-04-20 21:55 (Minor) fix transparent proxying when squid listens
on NATed non-80 port
o 2005-04-21 10:46 (Cosmetic) Missing newlines in debug statements
o 2005-04-20 21:36 (Cosmetic) Error template substitution for
authenitcated user name
Because of update of squid-2.5.STABLE9-2GB.patch, DIST_SUBDIR updated again.
* Add one more offcial patch:
- 2005-04-05 23:05 (Cosmetic) should syslog to daemon facility not local4
* One patch updated, so update DIST_SUBDIR through DIST_STAMP change.
* Add aufs to --enable-storeio configuration.
TODO: use <bsd.options.mk> frame work and allow to use
--enable-pf-transparent which is mutual exclusive parameter
with --enable-ipf-transparent.
share/htdig/common/root2word.db
share/htdig/common/word2root.db
with md5 checksums, because they get changed too often; use
@unexec ${RM} instead.
Bump PKGREVISION for thus fixed PLIST.
gets restarted when "/etc/rc.d/apache restart" is used. This fixes
PR pkg/24179 for the "apache" package.
Based on a similar change for the apache2 package.
Bump PKGREVISION.
package to match.
There are no firefox gtk1 binary packages for linux any longer, so
no need to keep two different -bin packages around.
This way it also matches the non-bin firefox packages.
not available yet but it includes security fixes for e.g. SA14821.
Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.
This is a maintenance release that in addition to over 70 non-critical
bug fixes addresses several security issues inside the exif and
fbsql extensions as well as the unserialize(), swf_definepoly()
and getimagesize() functions. All Users of PHP are strongly
encouraged to upgrade to this release.
Bugfix release
* Crash in bzopen() if supplied path to non-existent file.
* DOM crashing when attribute appended to Document.
* unserialize() float problem on non-English locales.
* Crash in msg_send() when non-string is stored without being serialized.
* Possible infinite loop in imap_mail_compose().
* Fixed crash in chunk_split(), when chunklen > strlen.
* session_set_save_handler crashes PHP when supplied non-existent object ref.
* Memory leak in zend_language_scanner.c.
* Compile failures of zend_strtod.c.
* Fixed crash in overloaded objects & overload() function.
* cURL functions bypass open_basedir.
PHP4 also doesn't bundle PEAR Net_Socket and Net_SMTP anymore now.
Changes since 7.1 according to
http://wp.netscape.com/eng/mozilla/ns7/relnotes/7.html:
* Popup Window Controls have been improved to block mouseover pop-ups and
limit the number of pop-ups when popup window controls preference is set
to off.
* Password Manager allows you to display saved passwords.
* vCard support in Netscape Mail.
* Improvements to Palm Sync.
* Table Editing controls in Composer.
* New Macromedia? Flash 7 plugin for Windows.
* Improvements in browser rendering speed and application start-up.
* Improvements in standards support.
Action Pack splits the response to a web request into a controller
part (performing the logic) and a view part (rendering a template).
This two-step approach is known as an action, which will normally
create, read, update, or delete (CRUD for short) some sort of model
part (often backed by a database) before choosing either to render a
template or redirecting to another action.
Action Pack implements these actions as public methods on Action
Controllers and uses Action Views to implement the template rendering.
Action Controllers are then responsible for handling all the actions
relating to a certain part of an application. This grouping usually
consists of actions for lists and for CRUDs revolving around a single
(or a few) model objects. So ContactController would be responsible
for listing contacts, creating, deleting, and updating contacts. A
WeblogController could be responsible for both posts and comments.
Action View templates are written using embedded Ruby in tags mingled
in with the HTML. To avoid cluttering the templates with code, a
bunch of helper classes provide common behavior for forms, dates, and
strings. And it's easy to add specific helpers to keep the separation
as the application evolves.
Changes since 0.10.1:
0.10.2:
New features:
- Merge in the official debian packaging files so it is now easy to
build your own .deb files. Just apt-get install devscripts and run
debuild in the ELinks root directory.
- Add experimental Ruby scripting back-end. An example hooks file is
available in contrib/ruby/hooks.rb but it doesn't do anything
interesting yet.
Feature updates and improvements:
- Add LEDs info dialog. It can be opened using the Help menu and when
the LED display is clicked.
- Introduce a very simple ECMAScript pop-up window blocking mechanism.
Will show a 'P' in the LED indicators. Off by default.
- Add an example user style sheet and configuration file in contrib/.
- Add support for disabling extended horizontal scrolling, so it will
work like vertical scrolling. Requested by Russ Rowan.
- Optimize CSS style handling.
- Enable usage of the search history also for incremental link text
searching.
- Add a little help text to the terminal options dialog, which also
indicates the value of the TERM environment variable. Hopefully this
will help new users to figure out how configuration of terminals
works.
- When in cursor-routing mode, scroll the document as many rows or
columns as necessary rather than only be one row or one column.
- A few documentation updates.
Bugs fixed:
- Fix handling of forms embedded in table code. (bug 602)
- Alert about file saving error when -no-home was given.
- The default user style sheet is now applied correctly.
- Fix leak related to CSS being disabled and applying the default
style sheet.
- Fix underline rendering when using 256 colors.
- Localization fixes.
- Fix calling of get-proxy scripting hooks. Now they should work
again.
- When using the goto link number functionality in cursor-routing
mode, position the cursor on the newly selected link.
- Compile fixes for *BSD and IRIX systems. Reported by Nelson H. F. Beebe.
0.10.3:
New features:
- Merge the MingGW patches so that --dump should now work. The patches
also improves portability.
Feature updates and improvements:
- Change the behavior of an empty action attribute to be like Mozilla
which handles action="" as action="<current-URI>". (bug 615)
- The Perl hooks file is growing more and more insane thanks to Russ.
- Improve the reporting of errors related to the proxy configuration.
- Add toggle HTML/plain to the right click menu (aka. the tab menu),
and make it to not display reload/bookmark when no document is
available.
- Add a <base href=cwd /> element to the generated listing of local
directories.
- When the URL parameter to the Refresh HTTP-equiv is missing refresh
the current document.
Bugs fixed:
- Fix opening of either single bookmarks or folders referring to URLs
without a slash at the end.
- Fix honouring of the Refresh-header when the loaded document is
empty.
- Fix CSS handling by reverting the proposed optimization introduced in
0.10.2.
- Fix displaying of ordered lists when <li> is not directly nested in
<ol>-elements.
- Build fixes on amd64.
- Fix the Perl get-proxy hook so that an undef return value from the
Perl hook results in the default proxy being used, as is supposed to
be the case with get-proxy hooks.
- Fix compile error related name clashes with the <locale.h> system
header.
- The debian package now really contains relevant documentation from
doc/.
- Only create $prefix/lib directory if the gettext code is going to
install a new charset.alias file.
- Truncate NNTP cache entries when ending connections.
0.10.4:
New features:
- Explicit keyboard accelerators were defined for buttons in
dialogue boxes and are now highlighted.
- Add support for bookmarks separators.
Feature updates and improvements:
- Switch to use a ``new'' FTP directory listing parser based on code
from GNU Wget. The switch is motivated by licensing issues with
ftpparse.[ch] files. (debian bug 300889)
- More hooks.pl updating by the new cvs commiter Russ Rowan.
- Change the verbose level to show warnings (debian bug 303083)
- Add FAQ from homepage in doc/ directory. (debian bug 301861)
- When block cursor terminal option is set, keep cursor at lower
right of screen in dialogs too. (bug 583)
- Use plural gettext message IDs, which make the resource info
dialog more readable.
- 'I' in the LEDs now mean "insert mode" and 'i' now mean modeless.
The change is due to document.browse.forms.insert_mode defaulting
to 1.
- Strip protocol part (ftp://, etc) also from proxy strings returned
from scripting hooks.
- Add option to control whether (expanded) folder states should be
stored when saving bookmarks (bookmarks.folder_state). Defaults to
on; the current behavior. (bug 642)
- Do not display terminal options help text when terminal height is
too low.
- Introduce the option infofiles.secure_save_fsync, which allows one
to configure whether secure file saving calls fsync(3).
- Move focus to the first widget when clearing a dialog.
- Add two new functions available from Lua scripts:
set_option(name, value) and and get_option(name).
Bugs fixed:
- Only add /dev/stdin to the URL list when no URLs was given on the
command line. Allow special files when /dev/stdin is added.
(debian bug 296976)
- Fix reading from /dev/stdin on Mac OS X. (bug 616)
- Fix Guile and Ruby detection, it was a quoting issue.
- Fix handling of empty cache entries in the HTML highlighting
engine.
- Fix redirection issues on newsnow.co.uk due to single quotes
enclosing of URL.
- Add dialog.checkbox-selected color to options. (bug 644)
- Decode the subject when handling mailto: links. There is still an
encoding problem when adding the subject to the command string.
- Fix displaying of accesskeys.
- Encode the base href URI when generating file listings. (bug 358)
Release Notes for Clearsilver 0.9.14 03/08/2005
-------------------------------------
bugfix release
- one incompatible change: semi-public function cgi_html_ws_strip now
takes a second argument to set the level of stripping
- white space stripper now has two levels: 1 is the old debug level
(which doesn't strip whitespace at the beginning of a line) and the
second strips all duplicate whitespace
- fix for cgi_register_strfuncs missing for ruby/perl modules
- fix for color problems in generated images in imd with GD2
Changes in 3.0.5, released 2005-01-22:
* Fixed links in human readable diff view when it's the default diff format.
* Submitting the option form preserves hidden user settings.
* Improvements related to tightly controlled setups such as SELinux.
* Configuration and configuration documentation improvements.
* Tab expansion fix for HTMLized views.
Changes in 1.3.19:
* Works with mozilla 1.7 -> 1.7.5, 1.8a3 -> 1.8a6 and trunk
(Note that there's a bug in 1.8a6 that prevents it working with
galeon if mozilla is compiled by FC3's gcc or gcc cvs. This is
fixed in trunk.)
* Try and stop the page from stealing focus from the location
bar
* Jump to tabs that open javascript dialogs, secunia advisory
SA12712
* Make the location bar turn yellow for secure sites
* Myportal overhaul, including clickable folder headers, and
working file urls
* Fix cookie preferences
* Improved Javascript console
* Allow compilation against FireFox libs (no type-ahead-find
though)
* Allow compilation against Thunderbird libs (requires custom
thunderbird build with extra components)
* Launch urls opened from the command line in a new tab if a
galeon window is on the current workspace
* Encode smart bookmarks better, so they work when the substituion
is in the path portion of the url
* Use the iso-codes package if it is available for language names
* Lots of other bug fixes
Changes in 1.3.20:
* Works with mozilla 1.7 -> 1.7.5, 1.8a3 -> 1.8b1 and trunk
* Using FireFox patched according to the instructions on
http://live.gnome.org/Epiphany_2fMozillaPatches, type ahead
find will work.
* Further improvements to the attempt to stop the focus being
stolen from web pages.
* Works with Gnome 2.10:
o Use startup notification when launching programs
o Don't steal focus from other applications when launching
new windows
o Show application icons in the "Open With" menu
* Don't show security dialogs twice
* Use our own version of the security dialogs to look nicer,
and allow better translation
* Much improved favicon cache - only store favicons on disk
for bookmarks
* When saving files, check the user has permission.
* Lots of other bug fixes
* 2005-04-04 00:19 (Medium)
Fails to process requests for files larger than 2GB in size
Since the name of the patch file is the same as before, DIST_SUBDIR has
been udpated via DIST_STAMP.
Bump PKGREVISION.
Changes:
* web/pie.php (1.5): Updated the file to explicitly reflect that
this file was/is released into the public domain
* web/header.php (1.6): Make some more information available to
templates.
* web/host_view.php (1.5): Patched web frontend to report
gmond_started
http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=31
* web/: cluster_view.php (1.6), conf.php (1.6),
templates/default/cluster_view.tpl (1.7): Make packet graph
optional in a way that allows new optional graphs to be easily
added as well. Fix bug reported by Koo Kee Kiat relating to null
arrays.
* web/conf.php (1.5): Use the generated version.php instead of hard
coding the value here.
* web/: conf.php (1.4), get_context.php (1.6), graph.php (1.8),
templates/default/cluster_view.tpl (1.6),
templates/default/host_view.tpl (1.7): MKN: Add cpu_wio to the CPU
Summary. Lost in the CVS wars :-) MKN: Add Packets/sec summary to
Cluster and Host view. Ditto lost. MKN: Bring version to 3.0.0 to
be in line with release name.
on the actual used emulation base (i.e. works now even when using SuSE 9.1
emulation packages otherwise), update depends accordingly.
Adresses PR pkg/29561 by Robert Elz
Tomcat is the Java Servlet / Java Server Page environment produced
by the Apache Foundation's Jakarta Project. Tomcat can be run as
a standalone web server with Servlet and JSP support, or using
Apache Server as its web server via the mod_jk Apache module
(www/ap-jk). This is the Tomcat 5.5 package, which is a Java Serlet
2.4 and JSP 2.0 server.
if installed on the system. Follows www/firefox/Makefile 1.13.
PKGREVISION unchanged as generated binary unaltered (on those systems which
could build it previously)
Add these official patches:
* 2005-03-30 22:51 (Cosmetic)
external acls requiring authentication does not request new
credentials on access denials like proxy_auth does.
* 2005-03-29 09:52 (Cosmetic)
New cachemgr pending_objects and client_objects actions
* 2005-03-26 23:53 (Minor) rename() related cleanup
* 2005-03-30 22:51 (Medium)
Fails to process requests for files larger than 2GB in size
* 2005-03-19 23:57 (Cosmetic)
aufs warning about open event filedescriptors on shutdown
* 2005-03-19 01:35 (Minor) --disable-hostname-checks not working
* 2005-03-19 01:11 (Cosmetic) LDAP helpers fails to compile with SUN LDAP SDK
* 2005-03-21 20:44 (Minor)
CONNECT requests truncated if client side disconnects first
assertion failed: comm.c:430: "ntohs(address->sin_port) != 0"
* 2005-03-19 00:25 (Minor)
Basic authentication fails with very long logins or password
* 2005-03-29 08:45 (Minor) Several minor aufs issues
* 2005-03-09 15:46 (Cosmetic)
Extend relaxed_header_parser to work around "excess data from"
errors from many major web servers.
* 2005-03-09 15:46 (Cosmetic)
Duplicate content-length headers logged as conflicting with
relaxed_header_parser off
* 2005-03-09 15:46 (Cosmetic)
Defer digest fetch if the peer is not allowed to be used
* 2005-03-10 23:38 (Minor) Incorrect use of ctype functions
* 2005-03-15 04:27 (Minor) compile warnings due to pid_t not being an int
* 2005-03-09 15:46 (Minor)
bzero is a non-standard function not available on all platforms
* 2005-03-09 15:46 (Cosmetic)
Check several squid.conf directives for int overflows
* 2005-03-09 15:46 (Cosmetic) Clarify delay_access function
* 2005-03-09 15:46 (Minor)
reload_into_ims fails to revalidate negatively cached entries
* 2005-03-09 15:46 (Minor) Handle odd date formats
> Major changes compared to the Horde version 3.0.4-RC2 are:
> * Fixed an XSS vulnerability.
> * Added PostgreSQL specific upgrade script.
> * Updated Dutch translation.
> * Some minor bug fixes.
>
> Major changes compared to the Horde version 3.0.4-RC1 are:
> * Improved SQL configuration.
> * Improved Oracle support.
> * Updated Finnish, French, Italian, Norwegian Bokmaal, and Slovak
> translations.
> * Some layout and bug fixes.
>
> Major changes compared to the Horde version 3.0.3 are:
> * Re-added support for the mime_magic extension.
> * Added database specific connection parameters to setup interface.
> * Added Horde_Tree_select class.
> * Improved IMAP folder trees and IMAP message threads.
> * Improved IMSP support.
> * Automatically create configuration files if possible.
> * Updated German, Hungarian, Italian, Japanese, and Slovenian translations.
> * Lots of improvements and bug fixes.
by other package Makefiles, and with the deprecation of USE_BUILDLINK3
support in the infrastructure files, these had the potential to break
existing packages.
cpan mirrors.
Changes:
1.10 Mon Mar 7 10:45:54 EST 2005
- Minor fix to resets during calls to parse(). Resets must be
requested manually.
- Docs update to reflect impending arrival of 2.x series.
Firefox 1.0.2 is a security and stability update.
Followings bugs are fixed in this release.
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
This is a security fix release.
Fixed bugs are follows.
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
see changelog for detail.
http://www.mozilla.org/releases/mozilla1.7.6/changelog.html
Highlights at a glance
* Text-to-speech system with support built into Konqueror, Kate, KPDF
and the standalone application KSayIt
* Support for text to speech synthesis is integrated with the desktop
* Completely redesigned, more flexible trash system
* Kicker with improved look and feel
* KPDF now enables you to select, copy & paste text and images from
PDFs, along with many other improvements
* Kontact supports now various groupware servers, including eGroupware,
GroupWise, Kolab, OpenGroupware.org and SLOX
* Kopete supports Novell Groupwise and Lotus Sametime and gets
integrated into Kontact
* DBUS/HAL support allows to keep dynamic device icons in media:/ and
on the desktop in sync with the state of all devices
* KHTML has improved standard support and now close to full support for
CSS 2.1 and the CSS 3 Selectors module
* Better synchronization between 2 PCs
* A new high contrast style and a complete monochrome icon set
* An icon effect to paint all icons in two chosen colors, converting
third party application icons into high contrast monochrome icons
* Akregator allows you to read news from your favourite RSS-enabled
websites in one application
* Juk has now an album cover management via Google Image Search
* KMail now stores passwords securely with KWallet
* SVG files can now be used as wallpapers
* KHTML plug-ins are now configurable, so the user can selectively
disable ones that are not used. This does not include Netscape-style
plug-ins. Netscape plug-in in CPU usage can be manually lowered, and
plug-ins are more stable.
* more than 6,500 bugs have been fixed
* more than 1,700 wishes have been fullfilled
* more than 80,000 contributions with several million lines of code and
documentation added or changed
- when giving the URL to a running 'netscape' do not explicitly
specify a new window, let the browser decide (allows firefox to
use a new tab based on user preference)
- move firefox ahead of communicator in preference terms
=========================
Epiphany Extensions 1.6.0
=========================
Changes
* Enable extension description translations.
* Make sure mozilla is started before setting the prefs
* Sync headers with Epiphany
* Implement Metadata tab in Page Info dialogue
* Don't start off-line if NetworkManager is unavailable
Contributors:
Christian Persch and Jean-François Rameau, and the translators
Frank Arnold (de), Adam Weinberger (en_CA) and Gabor Kelemen (hu).
=========================
Epiphany Extensions 1.5.8
=========================
Changes
* Fix build for sh != bash [Grzegorz Golawski, #167011]
* Adapt to mozilla API change
* Improved Find extension
* Ref the tray icon [#163819]
* Destroy open "Add to sidebar" dialogues when unloading the extension [#156523]
* Don't activate find bar when pressing Space [#167415]
* Focus links while finding
* Disable gestures while print preview mode [Jean-François Rameau]
Contributors:
Grzegorz Golawski, Christian Persch and Jean-François Rameau; and the
translators David Lodge (en_GB), Francisco Javier F. Serrador (es),
Francesco Marletta (it), Takeshi AIHANA (ja), Changwoo Ryu (ko),
Reinout van Schouwen (nl), Estêvão Samuel Procópio (pt_BR) and
Marcel Telka (sk).
=========================
Epiphany Extensions 1.5.7
=========================
New extensions
* "Actions" extension, written by Jean-Yves Lefort
* "Net Monitor" extension, written by Jean-François Rameau
(experimental; requires Epiphany compiled with --enable-dbus)
Changes
* Implement EphyExtension's attach_window/detach_window interface
instead of simulating them
* Fix LOG() statements in non-gcc varargs case
* Updated HOWTO to include some Python
* Add missing QI in page info helper
* Remove tooltip from window [#166010]
* Better error dialog when command failed in actions extension
Contributors to this release: Adam Hooper, Jean-Yves Lefort, Christian Persch,
Jean-François Rameau, and the translators Rostislav Raykov (bg),
Miloslav Trmac (cs), Frank Arnold (de), Adam Weinberger (en_CA),
Francisco Javier F. Serrador (es), Takeshi AIHANA (ja), Žygimantas Beručka (lt),
Reinout van Schouwen (nl) and Marcel Telka (sk).
=========================
Epiphany Extensions 1.5.6
=========================
New extensions
* 'Find' extension adds a find-bar.
This extension is experimental and will crash or hang your browser.
* 'Tab-States' extensions
Changes
* Build extensions modules as not versioned DSO
* Hook adblock extension onto "check-content" signal
* Adapt to Mozilla API change
* Fix a small memory leak
* Removed prefs dialogue from smart-bookmarks extension
* Work-in-progress: huge refactoring of adblock
* Fix builddir != srcdir build
* Use pcre instead of pcreposix. Check for utf-8 support, too
* Implement EphyExtension attach_window/detach_window interface in page-info ext
* Adapt to Epiphany API changes
Contributors to this release: Adam Hooper, Tomasz Kłoczko, Christian Persch,
Jean-François Rameau, and the translators Frank Arnold (de) and Takeshi AIHANA (ja).
=========================
Epiphany Extensions 1.5.5
=========================
Changes
* Fix fox bookmarks with underscore in their names [#161832]
* Adapt to changes Epiphany APIs
* Add DND to Media and Links tabs, and plug a few mem leaks
* Fix page info for pages with # in the url [#161201]
* Update sample extensions
* Hook into the "add-sidebar" signal in epiphany and remove mozilla dependency
from the sidebar extension [#156849, #157088]
Contributors to this release: Jean-François Rameau, Crispin Flowerday
and the translators: Miloslav Trmac (cs), Hendrik Brandt (de),
Adam Weinberger (en_CA), Francisco Javier F. Serrador (es),
Gabor Kelemen (hu), Takeshi AIHANA (ja), Reinout van Schouwen (nl),
Marcel Telka (sk)
=========================
Epiphany Extensions 1.5.4
=========================
Bug fixes
* Fix crash when going to Media tab in Page Info dialog [#161815]
Epiphany Extensions 1.5.3
=========================
Changes
* Sync headers with Epiphany
* List applet, embed and object elements in the Page Info dialogue,
add Media tab, only preview images (Jean-François Rameau, Christian)
* Makefile.am modernisations
* Use ellipsised labels instead of shortening strings
* Use GtkAboutDialog (Adam Hooper) [#161519]
Bug fixes
* Abort gesture on unmap (ported from galeon) [#160228]
* Fix context menu on Media page of Page Info dialogue
Translation updates
* Hendrik Brandt (de)
* Takeshi AIHANA (ja)
* Pablo Saratxaga (wa)
=========================
Epiphany Extensions 1.5.2
=========================
Changes
* Select first menu item when popping the menu up with keyboard
* Fix compilation with latest mozilla trunk
* Use ephy_embed_show_page_certificate
* Sync headers with Epiphany
* Also list CSS background images and mailto links in the
page info dialogue (Jean-François Rameau)
* Fix out-of-srcdir build
Bug fixes
* Fix tab closing with tab-groups extension
Translation updates
* Adam Weinberger (en_CA)
* Yannick Tailliez (fr)
* Takeshi AIHANA (ja)
=========================
Epiphany Extensions 1.5.1
=========================
New features
* Created copy-template script
* Added "Sidebar" extension, written by Crispin Flowerday
* Added "Extensions Manager" extension, written by Adam Hooper
* Added "Bookmarks Tray" extension
Changes
* Updated for epiphany 1.5 API changes
* Cleanup of mozilla stylesheet handling.
* Skip style sheets not for "screen" or "all" media
* Add tab-groups to default_extensions
* Fix context menu positioning
* Add warnings to CFLAGS and CXXFLAGS
* Fix loads of compiler warnings
* Set window icons
* Implement context menu in "Links" tab
* Add extension description files
* Make dialogue transient to the opening window
* Add separators in the Tools menu
* Use new gtk+ HIG message dialogue API.
* Listen to ephy-extension-manager's added/removed signals to add/remove
extensions from the list
Bug fixes
* Fix mem leaks [#153470, #153471, #153473]
* Fix crash after unloading the error-viewer extension [#153712]
* Make all extensions unload-proof
* Always load unnamed stylesheets [#153739]
* Don't block stylesheets without "media" attribute. Shorten menu
entries to 32 chars max [#153710]
* Hide the sidebar when in print preview mode
* 64-bit fix [Andrzej Dopierała]
* Don't make the extensions description ediable [#155389]
* Fix the extensions .xml description file build process
* Detach correctly from the window [#155388]
* Destroy info dialoguess with Extension Manager UI dialogue
* Fix alignment of "Authors" label
Documentation
* Updated HOW-TO
Translation updates
* Ole Laursen (da)
* Christian Neumair (de)
* Adam Weinberger (en_CA)
* David Lodge (en_GB)
* Francisco Javier F. Serrador (es)
* Yannick Tailliez (fr)
* (hr)
* Francesco Marletta (it)
* Reinout van Schouwen (nl)
* Raphael Higino (pt_BR)
==============
Epiphany 1.6.0
==============
Translation updates:
* Dafydd Harries (cy)
* Ole Laursen (da)
* Christophe Merlet (RedFox) (fr)
* Gabor Kelemen (hu)
* Takeshi AIHANA (ja)
* Mugurel Tudor (ro)
* Данило Шеган (sr, st@Latn)
* Maxim Dziumanenko (uk)
==============
Epiphany 1.5.8
==============
Changes
* Try to approximate startup time if not given in environment [#168820, Elijah Newren]
* Fix crash when quitting with queued downloads [#165999]
* Depend on gtk+ >= 2.6.3
==============
Epiphany 1.5.7
==============
Code changes
* Implement nsIWebProgressListener in MozDownload [#165328]
* Remove ephy_tab_get_action()
* Launch applications and handlers with user time
Bug fixes
* Move style notifier to ephy-toolbars-model, and apply the flags to new toolbars
* Move all the stuff from EphyWindow::finalize to dispose
* Keep a ref on the tray icon [#166143]
* Fix mixing up workspaces of windows when restoring session [#130990]
* Use event time when grabbing the pointer [#167473]
* Unparent the fixed toolbar before destroying the dock
* Unset size request if the fixed toolbar is present
* Don't activate startup notification with the recovery dialogue
* Don't switch tabs to modal alerts in ppv mode
* Fix bookmarks import [#163341]
* Don't assert if we don't have a new embed in new_window callback [#165445]
* Check the favicon file type and only allow ico, gif & png [#163886]
* Fix compress_tilde to only look at the prefix
Contributors:
Piers Cornwell, Xan Lopez, Carlos Garnacho Parro, Christian Persch
and Jean-François Rameau; and the translators Vladimir Petkov (bg),
Jordi Mallach (ca), Miloslav Trmac (cs), Ole Laursen (da),
Hendrik Richter (de), Nikos Charonitakis (el), Adam Weinberger (en_CA),
David Lodge (en_GB), Francisco Javier F. Serrador (es), Priit Laes (et),
Pauli Virtanen (fi), Vincent Carriere (fr), Ankit Patel (gu),
Takeshi AIHANA (ja), Changwoo Ryu (ko), Žygimantas Beručka (lt),
Kjartan Maraas (nb), Reinout van Schouwen (nl), Kjartan Maraas (no),
GNOME PL Team (pl), Afonso Celso Medina (pt_BR), Duarte Loreto (pt),
Leonid Kanter (ru), Marcel Telka (sk), Laurent Dhima (sq),
Christian Rose (sv) and Maxim Dziumanenko (uk)
==============
Epiphany 1.5.6
==============
Code changes
* Move new-window signal to the embed single, and new window creation
from EphyTab to EphyShell
* Make EphyWindow implement EphyLink interface
* Make ephy-link.h public
Bug fixes
* Better wording for the import-failed dialogue
* Default security.warn_submit_insecure.show_once to false
* Fix sidebar signal emission
* Fix "Go Up" not to omit the directory if the uri references a file [#165094]
* Alert the user when sidebar extension is not activated [#162685]
* Don't show the Leave Fullscreen button in lockdown fullscreen mode [#165256]
* Switch to fullscreen toolbar also in lockdown fullscreen mode [#165256]
* Fix reference counting problem in extensions manager
* Disable DownloadLinkAs and SetAsBackground if saving to disk is disabled
* Add lock fullscreen key to schemas file and improve key descriptions
* Fix LOG() statements for non-gcc varargs case
* Some sparse fixes
* Add title signal handler for XUL dialogues
* Ungrab the pointer when moving tab between notebooks [#165797]
* Set "Clear" context menu entry insensitive in lockdown mode [#165540]
* Don't weak ref the shell when it's finalised already [#165542]
* Chain up to GtkWindow's keypress handler in EphyWindow
* Don't show the menubar with F10 in lockdown mode [#165550]
* Don't disable print preview if print setup is locked down [#165552]
* Re-enable typeaheadfind autostart [#141963, #165811]
* Plug some mem leaks
* Force new windows in tabs in lockdown fs mode [#165566]
* Don't copy params with the email address [#144469]
* Don't exit when DBUS restarts
* Forward startup IO to the already-running ephy instance [#150085]
Documentation
* Update documentation.
Contributors:
Piers Cornwell, Crispin Flowerday, Adam Hooper,
Christian Persch and Jean-François Rameau; and the translators
Vladimir Petkov (bg), Jordi Mallach (ca), Miloslav Trmac (cs),
Hendrik Richter (de), Nikos Charonitakis (el), Adam Weinberger (en_CA),
David Lodge (en_GB), Francisco Javier F. Serrador (es),
Pauli Virtanen (fi), Takeshi AIHANA (ja), Changwoo Ryu (ko),
Žygimantas Beručka (lt), Kjartan Maraas (nb), Reinout van Schouwen (nl),
Kjartan Maraas (no), Afonso Celso Medina (pt_BR), Duarte Loreto (pt),
Leonid Kanter (ru), Marcel Telka (sk), Laurent Dhima (sq),
Christian Rose (sv) and Liu Songhe (zh_CN).
==============
Epiphany 1.5.5
==============
New features
Interface improvements
* Improved the fullscreen interface: show security and status indicator
in the popup, use new stock icon; and show it only if the toolbar is
hidden; otherwise embed it in the toolbar [#153270, #164676]
* Added favicon and security icon to location entry [#116482, #149506]
* Renamed Remove action on bookmarksbar context menu [#162132]
* Don't focus the zoom combo on click
* Don't use <tt> in the strings [#163378]
* Fix button text and capitalisation in the confirm-redirect-update
dialogue [#164131]
* Unify accels to Open in New _Window[s] [#164130]
* Show profile name for mozilla bookmarks, so we can distinguish
between different profiles. Don't show firefox bookmarks as mozilla
bookmarks [#143982]
* Ellipsize the value and path labels in the cookie content dialogue
Code changes
* Add GDK_ACTION_ASK, and prefer _NETSCAPE_URL over uri-list drag types,
to match the new Nautilus _NETSCAPE_URL DnD behaviour [#163937]
* Simplify cookie struct
* Add a function to get the default ephy_shell, making it easier for
bindings to get it
* Add boxed type for EphyNode
* Rename the password manager's methods to give better names in the bindings
* Remove useless ephy_node_get_property_time method
* Make ephy-bookmarks.h's enum a named enum, generate type.[ch] for it and
make sure our enum type is registered
* Added ephy_statusbar_remove_widget()
* Add proper _NETSCAPE_URL drag support, supplying the URL as well as the
title [#163937]
* Default typeaheadfindsea to on [#157435]
* Set typeaheadfind.autostart to off [#141963]
* Don't allow javascript to capture the context menu call
* Divert the contract ID of the nsSecureBrowserUIImpl class [#164670]
Documentation
* Some gtk-doc fixes
Bug fixes
* Fix parallel (make -j) builds
* Fix primary text of confirm-close command not to have a period
* Remove stamp files also on make clean
* Fix mem leak [#164302]
* Really make confirm-overwrite dialogue have a parent window [#164189]
Contributors:
Jorn Baayen, Piers Cornwell, Crispin Flowerday, Adam Hooper, Tomasz Kłoczko,
Christian Persch, Jean-François Rameau and Matthew Schick, and the translators
Vladimir Petkov (bg), Miloslav Trmac (cs), Rhys Jones (cy), Frank Arnold (de),
Adam Weinberger (en_CA), Francisco Javier F. Serrador (es), Ivar Smolin (et),
Takeshi AIHANA (ja), Žygimantas Beručka (lt), Marcel Telka (sk),
Laurent Dhima (sq), Christian Rose (sv) and Liu Songhe (zh_CN)
==============
Epiphany 1.5.4
==============
New features
* Make extensions loading extensible
Interface improvements
* Open the bookmarks in the new tabs in the same order as they in the menu
* Make "Open Image" open the image in the default application [#138396]
* Better tab sizing [#153725]
* Select first row when tabbing to the topics selector [#162331]
* Don't allow focus on the tab close buttons [#119461]
* Unify some strings
* Add context menu on notebook [#132989]
* Open the GNOME background properties capplet when setting the background [#161215]
* Improved security warning dialogues [#163278]
* Implement toolbar style overriding as per HIG [#102520]
Code changes
* Add context to ambiguous strings [#113932]
* Remove about: redirections
* Add sidebar backend
* Change C_lear to Cl_ear [#162706]
* Add GTypes for all flags and enums in public headers
* Adapt to mozilla API changes
* Display open lock for low 'secure' sites too [#151709]
* Unify the location and favicon actions
* Don't show the description for no-secure and broken sites
* Add more categories to desktop file [#162973]
Bug fixes
* Don't destroy the filepicker dialogue with the parent [#156816]
* Fix some mem leaks
* Don't store more than 5 hidden popups [#160863]
Contributors to this release:
Piers Cornwell, Crispin Flowerday, Adam Hooper, Jean-François Rameau
and the translators: Vladimir Petkov (bg), Miloslav Trmac (cs), [unknown] (el),
Adam Weinberger (en_CA), Francisco Javier F. Serrador (es), Takeshi AIHANA (ja),
Žygimantas Beručka (lt), Kjartan Maraas (nb), Reinout van Schouwen (nl),
Leonid Kanter (ru), Marcel Telka (sk), Laurent Dhima (sq)
==============
Epiphany 1.5.3
==============
New features
* Update bookmarks from HTTP 301 [#126312]
* Add bookmarks export to bookmarks editor
(patch by John Spray, XSL stylesheet by Stefan Rotsch) [#157745]
Interface improvements
* Fix "Open Frame" menu item name [#153816]
* Use stock icon for "Open In New Tab" in History Window and Bookmarks Editor
* Use ellipsised labels everywhere instead of shortening strings
* Tell the user with which application we're going to open the content [#141327]
* Add stock icon to "Save As..." button in content handler
* Add "Clear" to entry context menu [#118395]
* Add app name to content handler dialogue [#141327]
* Implement context menu on tray icon, as per HIG [#152903]
* Add "View Properties" to duplicated bookmarks dialogue [#117643, #138300]
* Remove inline help in toolbar editor [#137603]
Code changes
* Removed usage of deprecated gconf API
* Removed usage of deprecated glade API
* Makefile.am modernisations
* Ensure the extensions manager UI is loaded
* Use alignments instead of empty labels for alignment in glade files
* Disable search in downloader window [#157157]
* Check the encodings before we set the mozilla pref [#150266]
* Add attach_tab and detach_tab functions to extension interface
(Crispin Flowerday, Adam Hooper) [#153732]
* Use gtk_show_about_dialog(), and handle urls and mailto (Adam Hooper)
* Disable Zoom items for images, and disable zoom, encoding and view source
for images and xml (xul) documents [#132240]
* Make sure we don't have any app-modal dialogues [#110479]
* Adapt to mozilla API changes
Bug fixes
* Don't offer to resume if there are open windows [#160345]
* Deactivate the context menu on window close [#156812]
* Fix double-opening of content [backed out patch from #158466]
* Fix name for "gd" language (Scots Gaelic) [#161509]
* Disable Print and Print Preview while still loading the page [#116344]
* Don't show multiple toolbar editors for the same window [#111114]
* Correct language code for Afrikaans
* Fix untranslated string in downloader window [#161739]
Translation updates
* Vladimir Petkov (bg)
* Miloslav Trmac (cs)
* Martin Willemoes Hansen (da)
* Adam Weinberger (en_CA)
* David Lodge (en_GB)
* Francisco Javier F. Serrador (es)
* Takeshi AIHANA (ja)
* Žygimantas Beručka (lt)
* Reinout van Schouwen (nl)
* Marcel Telka (sk)
* Laurent Dhima (sq)
* Ercin Eker (tr)
* Liu Songhe (zh_CN)
==============
Epiphany 1.5.2
==============
Interface improvements
* When popping up the context menu with keyboard, select the first item[#154907]
* Don't detach the tab when releasing the mouse button while still over
the same window [#143954]
* Better wording for the crash recovery dialogue (Piers, Christian)
* Make the "duplicate bookmark" dialogue not modal
* Better wording for the accept cert dialogue [#127234]
* Add short-time filter in history window
* Better positioning for the context menu popup in a treeview (Crispin Flowerday)
* Add resize grip [#137845]
* Warn before deleting a topic (Xan) [#149294]
* Implement history deletion on per-site basis [#116609]
* Add shortcut to Send To menuitem, as per HIG [#148655]
* Make content handler dialogue not modal
Code changes
* Bring the window to the foreground when showing a modal alert
* Show language code in the string in languages editor [#115355]
* More porting to GtkMessageDialog
* Don't hardcode "epiphany" as argv[0], use g_get_prgname() instead [#118427]
* Size-allocate the embed if it's not mapped but has never been
size-allocated before [#156854]
* Fixes for mozilla API changes
* Don't save session_crashed.xml while shutting down
* Check favicon urls with script sec manager and content policy
* Simplify the gconf -> mozilla prefs bridge
* Add a way to show the cert info dialogue for the page's certificate
* Disallow favicon links from subframes
* Add --disable-filepicker to use when the mozilla build itself has a native gtk+ filepicker
* Remove generic 'site' hostname fallback (Mikhail Zabaluev) [#155442]
* If the iso-codes package is available, use that to translate
language names and offer a wider variety of languages [#155498]
* Don't use deprecated gnome vfs APIs (Marco)
Bug fixes
* Show tooltips for zoom control again[#155826]
* Make tooltips on zoom control work for Ctrl-F1
* Fix a mem leak (Adam)
* Sanitise the embed popup position [#157162]
* Fix button sensitivity setting in language editor
* Fix check for nsIPassword.h header to look in the right place [#157743]
* Fix time filter in history window for time zones != GMT
* Fix signed/unsigned int confusion
* Fix opening content with external content handlers (Marco)
* Portability fix for 64 bit systems (James Henstridge)
* Fix hang after --import-bookmarks [#136170]
* Fix crash when getting the "die" signal from session manager
* Don't access freed memory [#158202]
* Fix wrong certificate shown [galeon #158453]
* Fix opening of content when not downloading automatically [#158466]
* Fix build without PSM
* Fix tabs menu ordering with tab-groups extension
* Fix some string comparision bugs in event context
* Fix out-of-srcdir build (Marco, Christian)
* Don't raise window on --new-tab [#158923]
* Fix a mem leak (Vincent Untz)
Documentation updates
* Added manual translation into Finnish, by Pauli Virtanen.
Translation updates
* Jordi Mallach (ca)
* Miloslav Trmac (cs)
* Hendrik Richter (de)
* Adam Weinberger (en_CA)
* David Lodge (en_GB)
* (es)
* Takeshi AIHANA (ja)
* Žygimantas Beručka (lt)
* Kjartan Maraas (nb)
* Reinout van Schouwen (nl)
* Gustavo Noronha Silva (pt_BR)
* Marcel Telka (sk)
* Laurent Dhima (sq)
==============
Epiphany 1.5.1
==============
New features
* Load and unload extensions on user demand
Interface improvements
* Separate context menu for email links [#144244]
* Select the topic when adding it [#151925]
* Better positioning of context menus for treeviews [#152431]
* Install a placeholder for the view toggles group [#153767]
* Add tooltips for context menus [#151764]
* Support multiple printers in the print dialog
* Add tooltips on the navigation history arrows, and fix the tooltip
on the "Up" button to be consistent with nautilus [#155825]
* Add tooltip on the drag handle [#155827]
* Add tooltip on close button [#155828]
* Use new gtk+ HIG message dialogue API [#130232]
* Make the confirm-close-with-form-data dialogue window modal
* When showing a modal alert put up by a web page, switch the window
to that tab
Code changes
* Adapt to mozilla API changes
* Use ellipsisation support in GtkLabel
* Use new gtk+ GtkCellRendererProgress
* Use more icons from icon theme
* Use the gtk setting for the menubar accel instead of hardcoding F10
* Use new GtkMenuToolButton
* Just pass a GType to ephy_embed_factory_new_object()
* Add another mimetype to import types file filter
* Install ephy-embed-factory.h
* Add ephy_window_get_ui_manager(), and remove the manager
from the public EphyWindow struct
* Use GtkAboutDialog
* Make ephy-state.h public [#153809]
* Improved debugging support [#153805]
* Don't reference private objects from public headers [#153766]
* Split the default prefs into the common part, and mozilla/new toolkit
specific parts.
* Use gtk_window_set_default_icon_name()
* Recognise "Desktop" special downloads directory [#152926]
* Notify when entering or leaving print preview mode [#154591]
* Initialize plugins path env var for backward compatibility
* Allow to set the default window state to maximize, default to maximise
* Read extension descriptions from .xml, load them with the specified
loader (for now, just only .so is supported)
* Add extensions-manager-ui as default active extension
* Validate extension XML files against an XSD Schema
* Add varargs version of ephy_dialog_get_control to get more than one widget
at a time
* Remove ephy_string_parse_uri_list, and use new glib function
g_uri_list_extract_uris() instead
* Only multiplex [attach|detach]_window to extensions implementing the
EphyExtension interface
* Annotate "if (type == 0)" in get_type functions with G_UNLIKELY
* Add EPHY_NODE_CHANGED signal [Peter Harvey]
* Save tons of strdups in bookmarks menu
* Unset the use-underline label property instead of doubling the underscores
* Use named icon for the logo in about dialogue
* Use gtk_entry_set_width_chars() to set the smart bookmark entry width
* Use ellipsising labels to shorten the bookmarks and topics titles [#147765]
* Avoid strdups in entry completion func [Peter Harvey]
* Make bookmarks menu take a configurable path where to merge its UI
* Allow localised extensions names and descriptions
* Disable description file validation for now
* Fix node signal [dis]connection while a signal emission is running
* Make sure there's only one properties dialogue per bookmark [#148398]
* Remove remaining time from tooltip of tray icon [#145955]
Bug fixes
* Remove -s switch which was used by now-gone nautilus view
* Use a small custom icon for tabs close button [#144772]
* Fix navigation and Go button proxy menu items [#151648, #141548]
* Use rm -f as remove command, not rm -r
* Use SAME_APP flag for drag destination [#152388]
* Keep popup position synced with his size requisition [#143585]
* Enable conversion for favicon downloads [#152866]
* Fix download progress indicator in downloader view
* Fix overflow in remaining time calculation [#153136, Jhon Spray]
* Initialise position passed to gtk_editable_insert_text()
* Fix some mem leaks
* Remove explicit PAC autoconf call, it works perfectly ok without it
* Don't size-allocate unmapped tabs, fixing slow resizes [#128191]
* Fix print preview and fullscreen mode interaction [#154456]
* Don't allow activation of the hidden menubar in ppv mode
* Grammar fix in schema [#154605]
* Fix crash in bookmarks menu [#154805]
* Remove duplicate AM_PROG_INTLTOOL [#155028]
* Fix EphyNode callback data destruction [#152718, Peter Harvey]
* Fix import of bookmarks in root folder [#152443]
* Activate tray with double-click, as per HIG [#152899]
* Always chain up to parent's dispose handler
* Fix return type of tab_delete slot
* Move window destruction after tab-removed signal emission [#151607]
* De-couple instantiation and initialisation of the extensions manager
* Correctly change the statusbar children's frams's shadow type when
the statusbar shadow type changes
* Don't open all bookmarks in tabs [#156843]
* Depend on libxml >= 2.6.12, for its fix of bug #150647
* Fix restoring window size on crash recovery [#156881]
* Fix crash when deleting bookmark with open properties dialogue [#155880]
* Fix activation of the Go button while in toolbar activation mode [#155650]
Documentation updates
* Document EPHY_DEBUG_BREAK
* Add manpage [#156067, Jordi Mallach]
Translation updates
* Abdulaziz Al-Arfaj (ar)
* Vladimir Petkov (bg)
* Miloslav Trmac (cs)
* Marie Lund (da)
* Adam Weinberger (en_CA)
* David Lodge (en_GB)
* Francisco Javier F. Serrador (es)
* Meelad Zakaria (fa)
* Olivier Cortes (fr)
* Žygimantas Beručka (lt)
* Hasbullah Bin Pit (ms)
* Reinout van Schouwen (nl)
* Marcel Telka (sk)
* Laurent Dhima (sq)
* Danilo Segan (sr)
the API has changed (thus being incompatible):
gtkhtml-3.6.0 "Airedale" 2004-03-07
------------------------------------------------
New in this release
* fixed possible infinite loop
* fixed crash when pasting html with DIV blocks
* updated translations (Laszlo Dvornik, Danilo Šegan)
gtkhtml-3.5.7 "Snow white" 2004-02-28
------------------------------------------------
New in this release
* fixed margins calculation for RTL
* fixed quotation parsing
* keypress event return value fix (Harry Lu)
* fixed plain save padding for RTL
* fixed citation rendering
* fixed spell errors rendering
* fixed crash in cursor line down function
* fixed crash in cursor base calculation
* bind to Sun Undo/Copy/Cut/Paste keys (Mengjie Yu)
* a11y fixes (Mengjie Yu)
* rtl improvements - use keymap, save direction to html elements
* extended test suite
* updated translations (Kjartan Maraas, Leonid Kanter, Priit Laes,
Kostas Papadimas, Takeshi Aihana, David Lodge, Vincent van
Adrighem, Alexander Shopov, Laurent Dhima, Maxim Dziumanenko,
Duarte Loreto, Nikos Charonitakis, Raphael Higino, Miloslav
Trmač, Christophe Merlet, Martin Willemoes Hansen, Ankit Patel,
Amanpreet Singh Alamwala, Jordi Mallach, Artur Flinta)
gtkhtml-3.5.6 "Winter mood" 2004-02-07
------------------------------------------------
New in this release
* fixed broken cursor navigation around tables
* fixed RTL line up/down cursor navigation
* allow \' in email auto recognition
* fixed compilation with gcc 4.0.0 (amd)
* fixed nested cluev's editing
* fixed RTL item rendering
* fixed RTL citations
* more tests in regression test suite
* updated translations (Changwoo Ryu, Francisco Javier F. Serrador,
Frank Arnold, Pauli Virtanen, Adam Weinberger, Priit Laes,
Miloslav Trmac)
gtkhtml-3.5.5 "Try RTL" 2004-01-31
------------------------------------------------
New in this release
* merged fixes to RTL editing from rtl branch
* fixed selection drawing
* added more tests to regression test suite
* a11y fixes (Mengjie Yu)
* added a11y names (Mengjie Yu)
* fixed tabs drawwing/editing
* fixed nowrap keyword in table cells (Changwoo Ryu)
* added missing mnenonics in editor (Mengjie Yu)
* fixed nested iframes rendering
* fixed crash when deleting table/row/column when selection is active
* updated translations (Hendrik Brandt, Alexander Shopov, Kjartan
Maraas, Francisco Javier F. Serrador, Duarte Loreto, Adam Weinberger,
Miloslav Trmac, Priit Laes, Žygimantas Beručka, Christian Rose,
Vincent van Adrighem, Funda Wang)
gtkhtml-3.5.4 "Snowman" 2004-01-24
------------------------------------------------
New in this release
* fixed symbols conflict with gal's color combo
* fixed performance problem in paragraph direction code
* fixed bug in quotation code
* html input logging switching with GTK_HTML_LOG_INPUT_STREAM
environment variable
* color combo fixed to be accessible from keyboard (Mengjie Yu)
* fixed problem with unavailable toolbar icons
* put 2 insert icons back to be compatible with gnome icon theme
from gnome 2.6
* fixed Home/End navigation in Caret Mode (Mengjie Yu)
* introduced regression test suite
gtkhtml-3.5.3 "Resort" 2004-01-10
------------------------------------------------
New in this release
* Right-to-Left display support
* fix crash on a double-click on the background of the mail header
* i18n fixes (Mengjie Yu)
* a11y fixes (Mengjie Yu)
gtkhtml-3.5.2 "Valley" 2004-12-20
------------------------------------------------
New in this release
* run ask replace dialog until finished
* fix symbol conflicts with gal
* a11y fixes (Mengjie Yu)
gtkhtml-3.5.1 "Fern" 2004-11-01
------------------------------------------------
New in this release
* padding, border style for DIV tag
* background color style for clues
* merged changes from gtkhtml 3.3.x (Owen Taylor, gnome-2-8-devel branch)
* beginning of rtl support - HTML tags
* i18n fixes - use glib's i18n instead of deprecated libgnome i18n (Mariano Suarez-Alvarez)
* fixed crash in aligned images drawing
* use more GIT icons
* fixed two memory leaks
gtkhtml-3.5.0 "Frond" 2004-11-01
------------------------------------------------
New in this release
* added id attribute to objects
* beginning of border style
the following security issuses were fixed:
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.
"Cross-site scripting (XSS) vulnerability in ht://dig allows remote
attackers to execute arbitrary web script or HTML via the config
parameter, which is not properly sanitized before it is displayed
in an error message."
Patch from Debian. Bump PKGREVISION.
the build. Closes PR pkg/28646 by pancake@phreaker.net.
Changes:
- Solve ERROR_ vs LOG_ conflicts
- Add cache code into HSML (sepharad)
- Remove silly code in Date Format
- Hsml code fragmented into language modules: c, perl, brainfuck and python
modules
- Let the used user and group be customized through SCREWS_USER and
SCREW_GROUPS.
- Fix usage of PKG_USERS, which broke the build as seen in bulk build logs.
- Fix handling of configuration file (stale files could be left before in
${PREFIX}/etc).
- Honour VARBASE.
- Do not hardcode /usr/pkg in patches.
- Fix the "hsml" module so that it can find the lua library (missing rpaths).
Bump PKGREVISION to 3 due to all the previous changes.
Most of this brokenness was present since the package was first imported.
(Oh man, I hate packages reinventing the wheel when it comes to the build
infrastructure... I'm sure it's still not clean enough.)
some systems.
Since the manpages are distributed as ... manpages, install them as
(...drum roll please...) manpages!
Also fix permissions by using BSD_INSTALL_* macros.
- Include desktop-file-utils/desktopdb.mk to handle the mime types defined
in the desktop file properly.
- Depend on pkg-config, needed at build time.
- Use xdg-dirs, not gnome2-dirs. The former is enough.
- Sort dependencies.
- Regenerate the PLIST so that it's sorted and to avoid lots of files that
shouldn't be there (handled automatically by mimedb.mk and desktopdb.mk).
- Bump PKGREVISION to 1.
* 2005-03-04 22:48 (Cosmetic Security)
Unexpected access control results on configuration errors
* 2005-03-04 11:55 (Minor)
Links in FTP listings without / fails due to missing BASE HREF
* 2005-03-04 11:55 (Minor)
Fails to parse the EPLF FTP directory format
* 2005-03-03 02:26 (Minor Security)
Race condition related to Set-Cookie header
Version 7.13.1 (4 March 2005)
Daniel (4 March 2005)
- Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
the cookie "engine" without having to provide an empty or non-existing file.
- Rene Rebe fixed a -# crash when more data than expected was retrieved.
Daniel (22 February 2005)
- NTLM and ftp-krb4 buffer overflow fixed, as reported here:
http://www.securityfocus.com/archive/1/391042 and the CAN report here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
If these security guys were serious, we'd been notified in advance and we
could've saved a few of you a little surprise, but now we weren't.
Daniel (19 February 2005)
- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
Daniel (18 February 2005)
- Mike Dobbs reported a mingw build failure due to the lack of
BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
configure when mingw is used.
Daniel (17 February 2005)
- David in bug report #1124588 found and fixed a socket leak when libcurl
didn't close the socket properly when returning error due to failing
localbind
Daniel (16 February 2005)
- Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back
a list of types from which it picks NTLM, it needs to either continue
sending its data if it keeps the connection alive, or not send the data but
close the connection. Then do the first step in the NTLM auth. libcurl
didn't send the data nor close the connection but simply read the
response-body and then sent the first negotiation step. Which then failed
miserably of course. The fixed version forces a connection if there is more
than 2000 bytes left to send.
Daniel (14 February 2005)
- The configure script didn't check for ENGINE_load_builtin_engines() so it
was never used.
Daniel (11 February 2005)
- Removed all uses of strftime() since it uses the localised version of the
week day names and month names and servers don't like that.
Daniel (10 February 2005)
- Now the test script disables valgrind-testing when the test suite runs if
libcurl is built shared. Otherwise valgrind only tests the shell that runs
the wrapper-script named 'curl' that is a front-end to curl in this case.
This should also fix the huge amount of reports of false positives when
valgrind has identified leaks in (ba)sh and not in curl and people report
that as curl bugs. Bug report #1116672 is one example.
Also, the valgrind report parser has been adapted to check that at least one
of the sources in a stack strace is one of (lib)curl's source files or
otherwise it will not consider the problem to concern (lib)curl.
- Marty Kuhrt streamlined the VMS build.
Daniel (9 February 2005)
- David Byron fixed his SSL problems, initially mentioned here:
http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
SSL_pending() as we should.
- Converted lots of FTP code to a statemachine, so that the multi interface
doesn't block while communicating commands-responses with an FTP server.
I've added a comment like BLOCKING in the code on all spots I could find
where we still have blocking operations. When we change curl_easy_perform()
to use the multi interface, we'll also be able to simplify the code since
there will only be one "internal interface".
While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the
new CURLE_LOGIN_DENIED. The first one is now access denied to a function,
like changing directory or retrieving a file, while the second means that we
were denied login.
The CVS tag 'before_ftp_statemachine' was set just before this went in, in
case of future need.
- Gisle made the DICT code send CRLF and not just LF as the spec says so.
Daniel (8 February 2005)
- Gisle fixed problems when libcurl runs out of memory, and worked on making
sure the proper error code is returned for those occations.
Daniel (7 February 2005)
- Maruko pointed out a problem with inflate decompressing exactly 64K
contents.
Daniel (5 February 2005)
- Eric Vergnaud found a use of an uninitialised variable in the ftp when doing
PORT on ipv6-enabled hosts.
- David Byron pointed out we could use BUFSIZE to read data (in
lib/transfer.c) instead of using BUFSIZE -1.
- Whitespace police
- PLIST sorting and fixing
- Fix postgresql support to now extend to 8.0 as noted in PR# 29590 by
jaapb (at) kerguelen.org, thanks for the PR.
> Major changes compared to the Horde version 3.0.3-RC1 are:
> * Added support for clearing user preferences to LDAP driver.
> * Minor bug fixes and improvements.
>
> Major changes compared to the Horde version 3.0.2 are:
> * Improved layout of wrapping menus in Gecko and KHTML based browsers.
> * Fixed some session handler issues.
> * Fixed caching in the Version Control library, used by Chora.
> * Fixed updating of IMAP folder trees when (un)subscribing IMAP folders.
> * Improved performance of DataTree library, used by IMP's message history.
> * Changed log level of logins and logouts.
> * Updated German and Japanese translations.
> * Minor bug and layout fixes.
>
There is no runtime change from 2.5.8nb3.
- Fix for a wrong configure warning on Solaris 9 x86 when enabling ARP
ACl support: The effective host type is i386-pc-solaris2.9.
- Documentation update for squid 2.5.STALBE9.
Previously rc.d/apache was updated to run stop & start for restart.
'/etc/rc.d/apache restart' then picked up startssl if apache was not
running, but if apache was running it has a large chance of the
start running before the stop completes, leaving no httpd running.
Instead, add a restartssl option to apachectl, and use it.
* 2005-02-23 00:11 (Medium) Should not automatically retry request on 403
and other server errors
* 2005-02-21 17:02 (Minor) fqdn lookups with spaces may confuse redirectors
* 2005-02-21 03:38 (Cosmetic) Display FTP URLs in decoded format to allow for
sane display of national characters etc
* 2005-02-21 02:58 (Minor) Peer related memory leaks on "squid -k reconfigure"
* 2005-02-21 01:38 (Cosmetic) Doesn't work specifying the AR variable to
configure
0.19 2005-02-15
- Add support for Apache::RequestRec as header_object by checking
header_object for err_headers_out and headers_out methods.
0.18 2004-06-30
- Made the password & lock_password parameters default to undef.
1.09 Fri Feb 25 17:49:00 EST 2005
- Tables can now be selected by table tag attributes
- lineage() method now returns row and column information, as
well as depth and count, for each ancestor (potential
backwards incompatability, entries are now 4 element arrays
now rather than 2)
- header matching and column retention enhancements
- header retention
- old-style procedures deprecated in prepration for them to
become methods
- various bug fixes
And switched to use gtk2.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
for www/firefox.
- deal with Linux binaries having a different directory structure than
others on the MASTER_SITES.
- undo some brain damage when MOZILLA_USE_LINUX is defined.
1.12 Thu Feb 24 23:38:44 CST 2005
[FIXES]
* Fixed RT #9026: hang in t/local/back.t under Windows XP.
Thanks Andrew Savige. It also should no longer complain
about being unable to clean up a temp file.
1.11_01 Mon Feb 14 00:12:48 CST 2005
[THINGS THAT MAY BREAK YOUR CODE]
* Removed deprecated _parse_html() method.
[FIXES]
* Was incorrectly looking for INPUT tags TYPE="SUBMIT" as images.
Thanks to Abe Timmerman.
[ENHANCEMENTS]
* Calling $mech->set_fields() with no current form now dies.
Thanks to Julien Beasley.
* Fix crash when closing window while filepicker is up [#156816]
* Use gnome_vfs_url_show() for Send To [#162532]
* Set selection mode to BROWSE in topics selector [#162331]
* We don't need to implement nsIBrowserHistory
* Don't focus the close-tab button on click [#119461]
* Don't store more than 5 hidden popups [Adam Hooper, #160863]
* Fix a mem leak [#164302]
* Really make confirm-overwrite dialogue have a parent window [#164189]
* Rename EphyTab's "visible" property to not clash with GtkWidget property
* Default typeaheadfindsea to on [#157435]
* Switch to fullscreen toolbar also in lockdown fullscreen mode [#165256]
* Disable DownloadLinkAs and SetAsBackground if saving to disk is disabled
* Don't crash if we need to open an orphan non-chrome window [part of #165445]
* Some sparse fixes
* Ungrab the pointer when moving tab between notebooks [#165797]
* Don't weak ref the shell when it's finalised already [#165542]
* Don't show the menubar with F10 in lockdown mode [#165550]
* Don't disable print preview if print setup is locked down [#165552]
* Adapt to mozilla API changes
* Implement nsIWebProgressListener [#165328]
* Fix window destruction [#165992]
Wed Feb 23 19:46:01 MET 2005 mikulas:
Correct implementation of non-aggressive cache (i.e. allow more keywords
in Cache-Control
Wed Feb 23 18:36:52 MET 2005 mikulas:
Allow typing only characters valid in current character set into form
fields on web
Wed Feb 23 16:31:56 MET 2005 Serge Winitzki <serge at cosmos dot phy dot tufts dot edu>:
Updated Russian translation
Wed Feb 23 16:25:41 MET 2005 mikulas:
Allow cookies without a value
Mon Feb 14 13:15:00 MET 2005 user:
When server returns cookie values as "deleted", delete it
Tue Feb 1 18:22:11 MET 2005 user:
Fixed non-working find next/previous in view menu
Thu Jan 27 19:09:46 CET 2005 mikulas:
Fixed wrong prototypes causing compilation problem on MacOS X and some
other systems
Thu Jan 27 16:28:35 MET 2005 mikulas:
Fixed configure failure on Solaris
Thu Jan 27 00:23:09 CET 2005 Brain
javascript: set form action
> v3.2 (Dec-29-2004)
> * Some options were missing in apache 1.3x part of the code.
>
> * There was a syntax error in TLS related code. Thanks for many of you
> who pointed it out.
>
> * Don't try to re-initialize TLS. Thanks to Volker for pointing it out.
>
> * if the ldap header files and libaries are no in ldap base directory,
> they can be specified with --with-ldap-includes and
> --with-ldap-libraries respectively.
>
> v 3.3 (Dec-30-2004)
> * some tls code was outside
does. This allows us to use dynamic PLISTs for Perl modules that are
built using Module::Build. Bump the PKGREVISION of p5-Module-Build
to 1.
* Drop the use of PERL5_USES_MODULE_BUILD and introduce a new variable
PERL5_MODULE_TYPE that is either "MakeMaker" or "Module::Build" that
names the framework used to build/install the module.
* Split out the variables set in perl5/buildlink3.mk that are also used
by perl5/module.mk into a new file perl5/vars.mk. Move some PERL5_*
variable definitions from pkgsrc/mk/bsd.pkg.use.mk into perl5/vars.mk.
This just centralizes the common PERL5_* definitions into a single
file location.
* Convert the known packages that use Module::Build to set
PERL5_MODULE_TYPE and PERL5_PACKLIST:
devel/p5-Class-Container
devel/p5-Exception-Class
devel/p5-Log-Dispatch
devel/p5-Array-Compare
textproc/p5-Pod-Coverage
www/p5-Apache-Session-Wrapper
www/p5-MasonX-Request-WithApacheSession
o 1.33 - December 15, 2004
MacOSX docs tweaks [David Wheeler]
fix Makefile.PL to properly skip the test suite if A-T requirements
weren't satisfied [Stas]
require Apache::Test 1.13 to run perl tests (need() was added at that
version) [Stas]
Fix `strEQ' redefined warnings in the perl build [Stas]
Upgrade license to the Apache License Version 2.0. [davidw, joes]
o 1.32
Fix mfd's Content-Type parser to deal with Opera 7.2's extra attributes.
For details see
http://marc.theaimsgroup.com/?l=apreq-dev&m=106606052700407&w=2
Bug first reported by Sven Geisler [joes].
o 1.31 - ongoing
added a proper implementation of the ithreads support. At the same
time it should resolve the problem with perl 5.8.2 under threaded
applications, since it no longer relies on the implicit context and
passes aTHX around. [Stas]
o 1.30 - September 27, 2003
libapreq-1.3 is released.
o 1.25 - August 23, 2003
Michael G. Schwern's "play it safe" patch to c/Makefile.PL
(applied patch submitted by Steve Hay). See
http://marc.theaimsgroup.com/?l=perl5-porters&m=105981649201380&w=2http://marc.theaimsgroup.com/?l=apreq-dev&m=106146287323705&w=2
for details. [joes]
o 1.24 - August 23, 2003
Applied Steve Hay's Request.pm doc patch explaining the tempnam()
dependence for C<Apache::Request::new()>'s TEMP_DIR option. [joes]
o 1.23 - July 10, 2003
Applied Graham Clark's patch to cleanup apache_request.h macros.
Added missing doc credits for Steve Hay in Request.pm. [joes]
o 1.22 - July 5, 2003
Open uploaded files with binary mode (relevant for Perl > 5.7),
so as to be able to get the correct sizes on systems where such
a mode makes a difference. Thanks to Steve Hay for first pointing
out this problem. [randyk]
o 1.21 - June 25, 2003
Fix memory access problem with TEMP_DIR - see
http://marc.theaimsgroup.com/?l=apreq-dev&m=105647058517842&w=2
Thanks to Jay Buffington for the spot. [joes]
=item 1.20 - January 22, 2005
instead of trying to match various custom server name variations (each
vendor seems to replace "Apache" in 'httpd -v' with their own name),
just try to match the "/x.y" in "Foo-Apache-Bar/x.y.z" to figure out
the server generation (rev). [Stas]
extend Apache::TestConfig::which() to search under perl's bin
directory (in the case of local perl install many utils get installed
there, but won't be in PATH). [Stas]
Apache::TestConfig::inherit_load_module handles .dll modules
(previously was only .so) [Stas]
Apache::TestConfig::should_skip_module now works with regex
patterns. [Stas]
=item 1.19 - January 5, 2005
Test for module.c instead of module.so for IfModule in
find_and_load_module [Chia-Liang Kao <chialiang gmail.com>]
Apache-Test/META.yml is excluded from mp2 distro to make PAUSE indexer
happy, but then perl Makefile.PL complains about a missing META.yml,
so autogenerate it if it wasn't in the distro [Stas]
=item 1.18 - December 23, 2004
fix a bug in A-T config generation, when a vhost entry was in
autogenerated httpd.conf (e.g. coming from .pm file) and another from
extra.conf.in. We used to have a ports collision, since extra.conf
wasn't reparsed and the same port was getting assigned to more than
one vhost entry, preventing server startup:
default_ VirtualHost overlap on port 8530, the first has precedence
(98)Address already in use: make_sock: could not bind to address
0.0.0.0:8530 no listening sockets available, shutting down
could be reproduced with t/TEST -conf followed by t/TEST -maxclients 1
in the mp2 test suite (or the new Apache-TestMe test suite, which now
includes a special setup for this bug). [Stas]
new TestConfig wrapper find_and_load_module [Chia-Liang Kao <chialiang
gmail.com>]
add Apache-TestItSelf and Apache-TestMe sub-projects. [Stas]
add various straps to aid the new Apache-TestItSelf sub-project, which
is used to test A-T config options [Stas]
avoid entering endless loops when interactive config is used, by
restarting the test suite with an explicit selected arguments for
-httpd (and optionally -apxs) [Stas]
META.yml is now locally maintained. we need to tell PAUSE indexer not
to try to index HTTP::Request::Common and warnings packages, which
happen to be used by A-T [Stas]
=item 1.17 - December 11, 2004
Apache::TestHandler: need to load Apache::RequestIO for mp2 for puts()
to work [Stas]
new Apache::TestConfig wrapper untaint_path() [Randy Kobes]
fix the config thaw() functionality (when top_dir wasn't in @INC the
saved config won't be loaded and tests will blow) [Stas]
new wrapper Apache::TestRequest::module2url to simplify handling of
vhosts in the client. ["Christopher H. Laco" <apache-test
chrislaco.com>]
resolve -T taint issues: [Stas]
- untaint $cmd in Apache::TestConfig::open_cmd
- fix the tainting of @INC (by untaintinig top_dir variable)
require Cwd 2.06 or higher (to solve File::Spec::rel2abs problems
under -T). Enforce the modules version requirements for those who
aren't running under CPAN/CPANPLUS shell) [Stas]
Apache::TestTrace: don't export by default the 'todo' utility's symbol
since it collides with Test::More [Stas]
Tweak the handling of mp2 source build case in
Apache::TestConfig::httpd_config(), apparently mp2 source build
doesn't always know where httpd/apxs are, so we need to give a better
error message in this particular case. [Stas]
Add cookie jar tests ["Christopher H. Laco" <apache-test
chrislaco.com>]
Don't run interactive prompts when STDIN is closed [Stas]
Add LockFile directive in the autogenerated httpd.conf, which points
to t/logs, to handle the case where LockFile is hardcoded at compile
time to some other directory on the system. [Stas]
in next release.
Changes since 2.1pre15:
Sat Jan 22 20:27:41 cet 2005 mikulas:
Fixed empty lines in lists in graphics mode
Sat Jan 22 04:40:28 cet 2005 mikulas:
On OS/2 use 8.3 temp names, allowing DOS viewers
Sat Jan 22 03:55:08 cet 2005 mikulas:
Send Accept-Language
Sat Jan 22 02:05:47 MET 2005 user:
Display is scrolled to see the whole textarea when modifying it
Wed Jan 19 02:57:56 MET 2005 Jakub Bogusz
Updated Polish translation
Wed Jan 19 01:39:44 MET 2005 mikulas:
-dump url
Completed option documentation in links -h
Sun Jan 16 23:57:58 MET 2005 user:
Fixed bug in svgalib accelerator (tested for different operations)
Mon Jan 10 23:04:22 MET 2005 mikulas:
Support for border on framebuffer (use -mode left,top,right,bottom)
to set screen border
Sun Jan 2 20:46:18 MET 2005 Dieter
Fix warnings on 64-bit machines
Sun Jan 2 20:39:51 MET 2005 Edward Rosten
Block ad images
Sun Jan 2 18:51:15 cet 2005 mikulas:
Do not cache redirects if redirect loop is going to happen
Wed Nov 17 15:16:01 MET 2004 user:
Support for mms:// urls
Tue Nov 16 15:18:55 MET 2004 mikulas:
Send content-type when uploading files
Tue Nov 9 00:12:05 MET 2004 user:
^O to go to next form field in braill mode
Sun Oct 31 17:17:53 MET 2004 mikulas:
Correct jump at tag if it points to position, that moves during loading
Sat Oct 23 22:14:03 MET 2004 user:
Disallow opening new windows in anonymous mode
Fri Oct 22 22:31:20 MET DST 2004 mikulas:
Fixed bugs discovered with mangleme:
http://lcamtuf.coredump.cx/mangleme/mangle2.cgi
memory leak with nested <select multiple name=n> tags
integer overflow in frame widths causes an internal error
internal error with base url only containing //
internal error with base url containing javascript:
fixed incorrect generating of title (does not cause crash, but excessive
memory allocation)
fixed some quadratic algorithms in title displaying
internal error with invalid codebase attribute in OBJECT tag
fixed quadratic algorithm in menu creating
Fri Oct 22 20:12:05 MET DST 2004 mikulas:
Cleaned up configure script, wrote some more replacements of non-present
functions
Fri Oct 22 20:11:56 MET DST 2004 mikulas:
Fixed a lot of cases where overflowed integer arithmetic could cause
memory allocation corruption
Sat Oct 16 21:38:00 MET 2004 user:
Allow browsing local and ftp files with '#' in filename
Mon Oct 11 01:26:54 CEST 2004 Karel Karlik
Fixed framebuffer in 15 and 16-bit modes
Wed Oct 6 00:39:27 MET 2004 user:
Improved parsing of ftp directories in Windows NT format
Sun Oct 3 17:37:32 MET 2004 user:
Correct reporting of error on ftp directories
Sat Oct 2 04:29:40 MET 2004 user:
Ctrl-U cuts into clipboard
Fri Oct 1 15:51:37 MET 2004 user:
Display the whole page when connection to an image stucks
Thu Sep 23 18:47:11 MET 2004 user:
Resolving of double '..' in references
Fri Sep 10 04:23:24 cet 2004 mikulas:
Correctly find file extension if '?' and ';' is in ftp file
Fri Sep 3 03:07:52 MET DST 2004 Wojciech Puchar
Portability fixes for SunOS
Fri Sep 3 02:47:18 MET DST 2004 mikulas:
Fixed memory leak in http authentication
Wed Sep 1 19:08:46 MET DST 2004 Strahinya Radich
Updated Serbian translation
Sun Aug 29 17:43:39 MET DST 2004 mikulas:
Fix crash when saving options in svgalib due to missing shell
Thu Jul 29 13:03:07 MET 2004 user:
Allowed dots in extensions (for example "ps.gz")
Sun Jul 25 00:34:04 MET DST 2004 mikulas:
Allow Ctrl-Z in framebuffer driver
Sat Jul 24 14:56:13 MET DST 2004 mikulas:
Fixed an error when signal interrupted another syscall
Sat Jul 24 02:15:35 MET 2004 user:
Fixed bad error codes because of errno modified by signal handler
Fri Jul 23 21:29:22 MET 2004 user:
Fixed links stuck after Ctrl-Z when one code path lasted more than
1 second (because of pagefault, too high cpu load or similar)
Fri Jul 23 20:15:29 MET 2004 user:
Fixed incorrectly displayed character entities (&) in attributes (img
alt, etc.)
Tue Jun 29 03:35:32 MET 2004 user:
Fixed overflow when accessing local files >= 2G
Mon Jun 28 01:34:45 MET 2004 user:
Ctrl-K cuts current line
Sat Jun 26 13:54:53 MET DST 2004 mikulas:
Send Content-Type when uploading files
Sat Jun 26 02:24:32 MET 2004 user:
y and t move word forward and backward in braille terminal
Sat Jun 26 00:35:17 MET 2004 user:
Resolve dot-number IP address on systems when gethostbyname and
gethostbyaddr can't resolve it
Mon Jun 21 15:02:25 MDT 2004 mpat7421:
Fixed compilation problems on Irix
Sun Jun 20 18:49:53 MET DST 2004 mikulas:
Posting of <option> fields in correct charset
Sun Jun 20 15:58:08 MET DST 2004 Sam
SDL graphics driver
Sat Jun 19 18:10:05 MET 2004 user:
Fixed case when '&' entities or special characters were in ftp or disk
filenames
Sat Jun 19 18:09:50 MET 2004 user:
Fixed compilation problem on AIX
Thu Jun 17 20:32:59 MET DST 2004 mikulas:
Correct handling of Ctrl-Z when executing user viewer
Fri Jun 11 03:17:20 MET 2004 user:
Fixed incorrect error handling in smb
Sun Jun 6 03:12:00 MET 2004 user:
Allow '@' in ftp password in url
Thu Jun 3 22:39:24 MET 2004 user:
Allow characters >= 128 in ftp filenames
Fri May 28 15:40:35 CEST 2004 mikulas
Handling URLs in form http://host?params
Mon May 17 17:10:22 MET DST 2004 Serge Winitzki
Updated German and Russian localization
Add new two patches:
* 2005-02-20 19:11 (Cosmetic) GCC4 warnings
* 2005-02-20 10:47 (Minor) Relax header parsing slightly again to work
around broken web servers
Reflect update of one patch:
* 2005-02-20 11:03 (Cosmetic) Cross-platform format fixes
Update DIST_SUBDIR.
HTTP::Cache::Transparent is an implementation of http get that
keeps a local cache of fetched pages to avoid fetching the same
data from the server if it hasn't been updated. The cache is stored
on disk and is thus persistent between invocations.
The http-headers If-Modified-Since and ETag are used to let the
server decide if the version in the cache is up-to-date or not.
1.10
[FIXES]
* Fixed bug where images inside of links would not be found.
* Fixed test failures because of Google changes. Thanks to
Offer Kaye and others who sent in patches.
[DOCUMENTATION]
* More samples in the FAQ. Thanks to Joshua Gatcomb.
[INTERNALS]
* Added explanation of running live tests against Google in Makefile.PL.
1.08 Fri Dec 24 01:01:06 CST 2004
[ENHANCEMENTS]
* Added find_image() and find_all_images().
1.06 Wed Dec 8 14:58:39 CST 2004
[INTERNALS]
* Now uses the base pragma instead of setting @ISA.
1.05_04 Fri Nov 5 23:35:38 CST 2004
[ENHANCEMENTS]
* Added WWW::Mechanize::Image object for representing images.
* Improved the regex on the URL for META tags.
* Added --images flag to mech-dump.
[FIXES]
* When parsing urls out of meta refresh tags, "url" may now be
uppercase (RT#8230)
* Behavior of back() fixed in a number of cases (RT#8109 reported by
Josh Purinton, patched by Dominique Quatravaux)
[INTERNALS]
* Mark figured out to how to prevent his text editor from putting tabs
into the code. Andy's blood pressure dropped slightly.
1.05_03 Sun Oct 31 20:54:33 CST 2004
[ENHANCEMENTS]
* click_button() has a new input option for HTML::Form::SubmitInput
objects (DOMQ)
* content() has new options to return the page formatted
as text, with a <base href> added. (RT#8087, patch by
Dominique Quatravaux)
* update_html() method has been added, which can be used
to modify the HTML that Mech parses. It should be sub-classed
instead of _parse_html(), which has been deprecated.
(RT#8087, patch by Dominique Quatravaux)
* select() has new option to select an option by number
(RT#5789, Scott Lanning)
* WWW::Mechanize::Link now has support providing all the
attributes of the link through a new attrs() method, which
returns them as a hashref. This is a replacement for the
alt() method, added in 1.05_01. It's not backwards
compatible with that, but, hey, that's what developer
releases are for. (RT#8092, Rob Casey and Mark Stosberg)
[FIXES]
* Upload <input type="file" ... > does not use the default
value to prevent attacks, patch by Jan Pazdziora (RT #7843).
[INTERNALS]
* Improved tests and documentation for select() (RT#5789,
Scott Lanning)
* Improve taint-safeness on Perl 5.6.1 (RT#8042, patch by
Dominique Quatravaux)
* Added tests for click_button() (RT#8061, by Dominique
Quatravaux)
* Require URI 1.25, fixing bug which exposed itself in
WWW::Mechanize (RT#3048)
* Move select() to better location in docs. Document and
test the return values. The return value is now "1" on
success instead of the undocumented behavior of returning
a form value. (RT#6138, spotted by MJD, patched by Mark
Stosberg)
* Possible matching tags for the find_link() 'tag_regex'
attribute are now documented. (RT#2989, by Mark Stosberg)
* refactored find_link() to avoid use of eval(). This should
improve performance a bit and avoid potential security
issues. (Mark Stosberg)
1.05_02 Sat Oct 2 16:55:59 CDT 2004
[ENHANCEMENTS]
* Added the $mech->save_content( $filename ) function, so you
can dump stuff to files easily.
1.05_01 Thu Sep 30 21:04:44 CDT 2004
[FIXES]
* set_visible() doesn't stop setting values when it finds a zero.
[ENHANCEMENTS]
* WWW::Mechanize::Link has a new, easier to remember constructor
interface. The old one is still supported. Support for including
an 'alt' attribute was added, which is useful for <area> links.
(RT #3317). Thanks to Mark Stosberg.
* When links are extracted from <area> tags, the ALT attribute will
be captured and become part of the WWW::Mechanize::Link object.
(RT #3317). Patch by Mark Stosberg.
[INTERNALS]
* t/mech-dump.t is now more portable (RT #7690)
* t/local/follow.t has new tests to confirm that 'follow*' functions
work with characters like o-umlaut, even when the o-umlaut is
encoded in the HTML, but not in the call to follow(). (RT #2416)
By Mark Stosberg.
This release includes the following changes:
o added --ftp-account and CURLOPT_FTP_ACCOUNT
o added CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE
o obsoleted CURLOPT_SOURCE_HOST, CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT
and CURLOPT_PASV_HOST
o added --3p-url, --3p-user and --3p-quote
o -Q "+[command]" was added
o src/getpass.c license issue sorted (code was rewritten)
o curl -w now supports 'http_connect' for the proxy's response to CONNECT
o introducing "curl-config --protocols"
This release includes the following bugfixes:
o re-sending a request when retrying on a fresh connection with multi
interface
o improved valgrind report parser in the test suite
o several valgrind reports
o CURLOPT_FTPPORT and -P work when built ipv6-enabled
o FTP third party transfers was much improved
o proxy environment variables are now ignored when built HTTP-disabled
o CURLOPT_PROXY can now disable HTTP proxy even when built HTTP-disabled
o "curl dictionary.com" no longer assumes DICT protocol
o re-invoke some system calls on EINTR
o duplicate Host: when failed connection re-use
o SOCKS5 version check
o memory problem with cleaning up multi interface
o SSL certificate name memory leak
o -d with -G to multiple URLs crashed
o double va_list access crash fixed
o minor memory leak when "version" is set in a cookie header
o builds fine on BeOS and NetBSD
o builds and runs fine on FreeBSD
- Added new parameter borderOnThumbnails to change or remove the
border of the thumbnail's image in the thumbnails page, in pixels.
- Exit if target_dir is in source_dir since it will generate an
infinite recursion.
Correction from Ludovic Rousseau
- Bug on tips popup when text contained double quotes has been corrected.
Patch from Arthur de Jong
- bugs on -e and -o custom options has been fixed.
Patch from Adam Lackorzynski
- Adding a check for Perl < 5.8 in bins_edit for utf-8 handling.
Correction from Robert Funnell
- Hungarian translation (hu) has been added.
Thanks to Aurel Gabris
- zh language code has been changed to zh_TW.
- Correction in comments of binsrc.
Patch from Robert Funnell
- Added RCS directories in excludeDirs parameter of binsrc to shown
regexp use.
Suggestion from Ambrose Li
The following changes have been made in bins-edit-gui by Mark W.
Eichin:
- Primitive "current album" editor.
- Force LATIN1 if 7-bit ANSI is selected. Add charmap override box if
either conversion fails.
- Free server-side pixmap correctly (oops.)
- Fix grey-out of filename box.
- more error checks.
- Update man page.
- Also, shortcut for autofill has been corrected (now CTRL A).
Correction from Ivan Daou
2004-12-11 Gisle Aas
Release 5.803
HTTP::Message: $mess->decoded_content sometimes had the side
effect of destroying $mess->content.
HTTP::Message: $mess->decoded_content failed for
"Content-Encoding: deflate" if the content was not in the
zlib-format as specified for the HTTP protocol. Microsoft got
this wrong, so we have to support raw deflate bytes as well.
HTTP::Response->parse don't require the protocol to be
specified any more. This allows HTTP::Response->parse($resp->as_string)
to round-trip. Patch by Harald Joerg.
HTTP::Response: $resp->base might now return undef. Previously
it would croak if there was no associated request. Based on
patch by Harald Joerg.
HTML::Form now support <label> for check- and radio boxes.
Patch contributed by Dan Kubb.
Make HTTP::Daemon subclassable, patch by Kees Cook.
lwp-download allow directory to save into to be specified.
Patch by Radoslaw Zielinski
lwp-download will validate filename derived from server
controlled data and will fail if something looks not
quite right.
2004-11-30 Gisle Aas
Release 5.802
The HTTP::Message object now have a decoded_content() method.
This will return the content after any Content-Encodings and
charsets has been decoded.
Compress::Zlib is now a prerequisite module.
HTTP::Request::Common: The POST() function created an invalid
Content-Type header for file uploads with no parameters.
Net::HTTP: Allow Transfer-Encoding with trailing whitespace.
<http://rt.cpan.org/Ticket/Display.html?id=3929>
Net::HTTP: Don't allow empty content to be treated as a valid
HTTP/0.9 response.
<http://rt.cpan.org/Ticket/Display.html?id=4581>
<http://rt.cpan.org/Ticket/Display.html?id=6883>
File::Protocol::file: Fixup directory links in HTML generated
for directories. Patch by Moshe Kaminsky
Makefile.PL will try to discover misconfigured systems that
can't talk to themselves and disable tests that depend on this.
Makefile.PL will now default to 'n' when asking about whether
to install the "GET", "HEAD", "POST" programs. There has been
too many name clashes with these common names.
2004-11-12 Gisle Aas
Release 5.801
HTTP::Message improved content/content_ref interaction. Fixes
DYNAMIC_FILE_UPLOAD and other uses of code content in requests.
HTML::Form:
- Handle clicking on nameless image.
- Don't let $form->click invoke a disabled submit button.
HTTP::Cookies could not handle a "old-style" cookie named
"Expires".
HTTP::Headers work-around for thread safety issue in perl <= 5.8.4.
HTTP::Request::Common improved documentation.
LWP::Protocol: Check that we can write to the file specified in
$ua->request(..., $file) or $ua->mirror.
LWP::UserAgent clone() dies if proxy was not set. Patch by
Andy Lester
HTTP::Methods now avoid "use of uninitialized"-warning when server
replies with incomplete status line.
lwp-download will now actually tell you why it aborts if it runs
out of disk space of fails to write some other way.
WWW::RobotRules: only display warning when running under 'perl -w'
and show which robots.txt file they correspond to. Based on
patch by Bill Moseley.
WWW::RobotRules: Don't empty cache when agent() is called if the
agent name does not change. Patch by Ville Skyttä
2004-06-16 Gisle Aas
Release 5.800
HTML::Form will allow individual menu entries to be disabled.
This was needed to support <input type=radio disabled value=foo>
and <select><option disabled>foo.
HTML::Form now avoids name clashes between the <select> and
<option> attributes.
HTML::Form now implicitly close <select> elements when it sees
another input or </form>. This is closer to the MSIE behaviour.
HTML::Form will now "support" keygen-inputs. It will not
calculate a key by itself. The user will have to set its
value for it to be returned by the form.
HTTP::Headers now special case field names that start with a
':'. This is used as an escape mechanism when you need the
header names to not go through canonicalization. It means
that you can force LWP to use a specific casing and even
underscores in header names. The ugly $TRANSLATE_UNDERSCORE
global has been undocumented as a result of this.
HTTP::Message will now allow an external 'content_ref'
to be set. This can for instance be used to let HTTP::Request
objects pick up content data from some scalar variable without
having to copy it.
HTTP::Request::Common. The individual parts will no longer
have a Content-Length header for file uploads. This improves
compatibility with "normal" browsers.
LWP::Simple doc patch for getprint.
Contributed by Yitzchak Scott-Thoennes
LWP::UserAgent: New methods default_header() and
default_headers(). These can be used to set up headers that
are automatically added to requests as they are sent. This
can for instance be used to initialize various Accept headers.
Various typo fixes by Ville Skyttä
Fixed test failure under perl-5.005.
LWP::Protocol::loopback: This is a new protocol handler that
works like the HTTP TRACE method, it will return the request
provided to it. This is sometimes useful for testing. It can
for instance be invoked by setting the 'http_proxy' environment
variable to 'loopback:'.
2004-04-13 Gisle Aas
Release 5.79
HTML::Form now exposes the 'readonly' and 'disabled'
attribute for inputs. This allows your program to simulate
JavaScript code that modifies these attributes.
RFC 2616 says that http: referer should not be sent with
https: requests. The lwp-rget program, the $req->referer method
and the redirect handling code now try to enforce this.
Patch by Ville Skyttä
WWW::RobotRules now look for the string found in
robots.txt as a case insensitive substring from its own
User-Agent string, not the other way around.
Patch by Ville Skyttä
HTTP::Headers: New method 'header_field_names' that
return a list of names as suggested by its name.
HTTP::Headers: $h->remove_content_headers will now
also remove the headers "Allow", "Expires" and
"Last-Modified". These are also part of the set
that RFC 2616 denote as Entity Header Fields.
HTTP::Headers: $h->content_type is now more careful
in removing embedded space in the returned value.
It also now returns all the parameters as the second
return value as documented.
HTTP::Headers: $h->header() now croaks. It used to
silently do nothing.
HTTP::Headers: Documentation tweaks. Documented a
few bugs discovered during testing.
Typo fixes to the documentation all over the place
by Ville Skyttä
Updated tests.
2004-04-07 Gisle Aas
Release 5.78
Removed stray Data::Dump reference from test suite.
Added the parse(), clear(), parts() and add_part() methods to
HTTP::Message. The HTTP::MessageParts module of 5.77 is no more.
Added clear() and remove_content_headers() methods to
HTTP::Headers.
The as_string() method of HTTP::Message now appends a newline
if called without arguments and the non-empty content does
not end with a newline. This ensures better compatibility with
5.76 and older versions of libwww-perl.
Use case insensitive lookup of hostname in $ua->credentials.
Patch by Andrew Pimlott
2004-04-06 Gisle Aas
Release 5.77
LWP::Simple did not handle redirects properly when the "Location"
header used uncommon letter casing.
Patch by Ward Vandewege
LWP::UserAgent passed the wrong request to redirect_ok().
Patch by Ville Skyttä
https://rt.cpan.org/Ticket/Display.html?id=5828
LWP did not handle URLs like http://www.example.com?foo=bar
properly.
LWP::RobotUA construct now accept key/value arguments in the
same way as LWP::UserAgent.
Based on patch by Andy Lester
LWP::RobotUA did not parse robots.txt files that contained
"Disallow:" using uncommon letter casing.
Patch by Liam Quinn
WWW::RobotRules now allow leading space when parsing robots.txt
file as suggested by Craig Macdonald
We now also allow space before the colon.
WWW::RobotRules did not handle User-Agent names that use complex
version numbers. Patch by Liam Quinn
Case insensitive handling of hosts and domain names
in HTTP::Cookies.
https://rt.cpan.org/Ticket/Display.html?id=4530
The bundled media.types file now match video/quicktime
with the .mov extension, as suggested by Michel Koppelaar
Experimental support for composite messages, currently
implemented by the HTTP::MessageParts module. Based on
ideas from Joshua Hoblitt
Fixed libscan in Makefile.PL.
Patch by Andy Lester
The HTTP::Message constructor now accept a plain array reference
as its $headers argument.
The return value of the HTTP::Message as_string() method now
better conforms to the HTTP wire layout. No additional "\n"
are appended to the as_string value for HTTP::Request and
HTTP::Response. The HTTP::Request as_string now replace missing
method or URI with "-" instead of "[NO METHOD]" and "[NO URI]".
We don't want values with spaces in them, because it makes it
harder to parse.
blur6ex is a simple, fast, and moderately feature-rich content system. It
supports a blog, a simple content system for article publishing, RSS feed
generation, CSS-based layouts (no tables at all), simple galleries for
your photos and more.
Apply four official fixes.
* 2005-02-15 02:14 (Cosmetic) FTP URL cleanups
* 2005-02-15 01:07 (Cosmetic) Allow high characters in generated FTP and
Gopher directory listings
* 2005-02-15 00:03 (Cosmetic) Cross-platform format fixes
* 2005-02-13 05:58 (Major) Assertion failure on certain odd DNS responses
Fixes PR pkg/29412 from Mike M. Volokhov.
Most of these changes are already included in previous squid-2.5.7nb12.
But last one is really new one.
Changes to squid-2.5.STABLE8 (11 Feb 2005)
- [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
#1096)
- [Cosmetic] Document -v (protocol version) option to LDAP helpers
- [Minor] The new req_header and resp_header acls segfaults
immediately on parse of squid.conf (Bug #961)
- [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
(Bug #1118)
- [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
- [Minor] Squid fails to close TCP connection after blank HTTP
response (Bug #1116)
- [Minor security] Random error messages in response to malformed
host name (Bug #1143)
- [Minor] PURGE should not be able to delete internal objects
(Bug #1112)
- [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
#1121)
- [Minor] cachemgr vm_objects segfault (Bug #1149)
- [Minor security] Confusing results on empty acl declarations (Bug
#1166)
- [Minor] Don't close all "other" filedescriptors on startup (Bug
#1177)
- [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
#1183)
- [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
- [Medium security] Denial of service with forged WCCP messages
(Bug #1190)
- [Minor] DNS related memory leak on certain malformed DNS responses
(Bug #1197)
- [Minor] Internal DNS sometimes truncates host names in reverse
(PTR) lookups (Bug #1136)
- [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
- [Security] Harden Squid agains HTTP request smuggling attacks
- [Minor] Icon URLs fails in non-anonymous FTP directory listings is
short_icon_urls is on (Bug #1203)
- [Security] Harden Squid agains HTTP response splitting attacks
(Bug #1200)
- [Medium security] Buffer overflow in WCCP recvfrom() call
(Bug #1217)
- [Security] Properly handle oversized reply headers (Bug #1216)
- [Minor] LDAP helpers search fixed to properly ask for no attributes
- [Minor] A sporadic segmentation fault when using ntlm authentication
fixed (Bug #1127)
- [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
- [Medium] Persistent connection mismatch on failed PUT/POST request
(Bug #1122)
- [Minor] WCCP easily disturbed by forged packets (Bug #1225)
- [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
- [Major] HTTP reply data corruption in certain situations involving
reply headers split over multiple packets (Bug #1233)
- Fix --with-apr=/usr and/or --with-apr-util=/usr. Problem report 29740.
[Max Bowsher <maxb ukf.net>]
- mod_proxy: Fix ProxyRemoteMatch directive. Problem report 33170.
[Rici Lake <rici ricilake.net>]
- mod_proxy: Respect errors reported by pre_connection hooks.
[Jeff Trawick]
- --with-module can now take more than one module to be statically
linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
If the <modtype>-subdirectory doesn't exist it will be created and
populated with a standard Makefile.in. [Erik Abele]
- Fix the RPM spec file so that an RPM build now works. An RPM
build now requires system installations of APR and APR-util.
Remove some arbitrary moving around of binaries - the RPM now
maps to the ASF build of httpd.
[Graham Leggett]
- mod_dumpio, an I/O logging/dumping module, added to the
modules/expermimental subdirectory. [Jim Jagielski]
- mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
library handles special characters. Problem report 24437.
[Jess Holle]
- Win32 MPM: Correct typo in debugging output. [William Rowe]
- conf: Remove AddDefaultCharset from the default configuration because
setting a site-wide default does more harm than good.
Problem report 23421. [Roy Fielding]
- Add charset to example CGI scripts. [Roy Fielding]
- mod_ssl: fail quickly if SSL connection is aborted rather than
making many doomed ap_pass_brigade calls.
Problem report 32699. [Joe Orton]
- Remove compiled-in upper limit on LimitRequestFieldSize.
[Bill Stoddard]
- Start keeping track of time-taken-to-process-request again for
mod_status if ExtendedStatus is enabled. [Jim Jagielski]
- mod_proxy: Handle client-aborted connections correctly.
Problem report 32443. [Janne Hietamäki, Joe Orton]
- Fix handling of files >2Gb on all platforms (or builds) where
apr_off_t is larger than apr_size_t.
Problem report 28898. [Joe Orton]
- mod_include: Fix bug which could truncate variable expansions
of N*64 characters by one byte. Problem report 32985. [Joe Orton]
- Correct handling of certain bucket types in ap_save_brigade, fixing
possible segfaults in mod_cgi with #include virtual.
Problem report 31247. [Joe Orton]
- Allow for the use of --with-module=foo:bar where the ./modules/foo
directory is local only. Assumes, of course, that the required
files are in ./modules/foo, but makes it easier to statically
build/log "external" modules. [Jim Jagielski]
- Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
ldap authorization only modules have access to the util_ldap
user cache without having to require ldap authentication as well.
Problem report 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
- mod_auth_ldap: Added the directive "Requires ldap-attribute" that
allows the module to only authorize a user if the attribute value
specified matches the value of the user object. Problem report 31913
[Ryan Morgan <rmorgan pobox.com>]
- SECURITY: CAN-2004-0942 (cve.mitre.org)
Fix for memory consumption DoS in handling of MIME folded request
headers. [Joe Orton]
- SECURITY: CAN-2004-0885 (cve.mitre.org)
mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
bypassed during an SSL renegotiation. Problem report 31505.
[Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
- mod_ssl: Fail at startup rather than segfault at runtime if a
client cert is configured with an encrypted private key.
Problem report 24030. [Joe Orton]
- apxs: fix handling of -Wc/-Wl and "-o mod_foo.so".
Problem report 31448 [Joe Orton]
- mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
[Jeff Trawick]
- mod_cache: CacheDisable will only disable the URLs it was meant to
disable, not all caching. Problem report 31128.
[Edward Rudd <eddie omegaware.com>, Paul Querna]
- mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
cache responses. [Justin Erenkrantz]
- mod_rewrite: Handle per-location rules when r->filename is unset.
Previously this would segfault or simply not match as expected,
depending on the platform. [Jeff Trawick]
- mod_rewrite: Fix 0 bytes write into random memory position.
Problem report 31036. [André Malo]
- mod_disk_cache: Do not store aborted content. Problem report 21492.
[Rüdiger Plüm <r.pluem t-online.de>]
- mod_disk_cache: Correctly store cached content type.
Problem report 30278.
[Rüdiger Plüm <r.pluem t-online.de>]
- mod_ldap: prevent the possiblity of an infinite loop in the LDAP
statistics display. Problem report 29216. [Graham Leggett]
- mod_ldap: fix a bogus error message to tell the user which file
is causing a potential problem with the LDAP shared memory cache.
Problem report 31431 [Graham Leggett]
- mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
- Fix the re-linking issue when purging elements from the LDAP cache
Problem report 24801. [Jess Holle <jessh ptc.com>]
- mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
- Fix Expires handling in mod_cache. [Justin Erenkrantz]
- Alter mod_expires to run at a different filter priority to allow
proper Expires storage by mod_cache. [Justin Erenkrantz]
2005-01-06 Gisle Aas
Release 3.45
Fix stack memory leak caused by missing PUTBACK. Only
code that used $p->parse(\&cb) form was affected.
Fix provided by Gurusamy Sarathy
2004-12-28 Gisle Aas
Release 3.44
Fix confusion about nested quotes in <script> and <style> text.
2004-12-06 Gisle Aas
Release 3.43
The SvUTF8 flag was not propagated correctly when replacing
unterminated entities.
Fixed test failure because of missing binmode on Windows.
2004-11-05 Gisle Aas
Release 1.35
Documentation update.
Simplified uri_escape_utf8 implementation. No need to load the
Encode module. Contributed by Alexey Tourbin.
Work around bug in perl-5.6.0 that made t/query.t fail.
2004-10-05 Gisle Aas
Release 1.34
URI->canonical will now always unescape any escaped unreserved
chars. Previously this only happened for the http and https scheme.
Patch contributed by Eric Promislow
2004-09-19 Gisle Aas
Release 1.33
URI::file->canonical will now try to change the 'authority'
to the default one.
Fix heuristic test. Apparently www.perl.co.uk is no more.
2004-09-07 Gisle Aas
Release 1.32
Introduce $URI::file::DEFAULT_AUTHORITY which control what
authority string to use for absolute file URIs. Its value
default to "" which produce file URIs that better interoperates
with other implementations. The old mapping behaviour can be
requested by setting this variable to undef.
2004-06-08 Gisle Aas
Release 1.31
Added uri_escape_utf8() function to URI::Escape module.
Fixed abs/rel behaviour for sip: URIs. Fixed by
Ville Skyttä
Avoid croaking on code like $u->query_form(a => { foo => 1 }).
It will still not really do anything useful.
Ganglia provides a complete real-time monitoring and execution
environment that is in use by hundreds of universities, private and
government laboratories and commercial cluster implementors around the
world. Whether you want to monitor hundreds of computers in real-time
across a university campus or around the world, ganglia is for you.
The ganglia web frontend provides access to the data collected by the
monitoring core (parallel/ganglia-monitor-core) via the web.
Changes since 7.54u1:
Security
* Solved data URL issue described in Secunia Advisory SA13818
* Additional fixes for frame injection issue reported in Secunia Advisory
SA13253
Miscellaneous
* Improvements to handling of the must-revalidate directive.
* Solved stability issue in Japanese version.
UNIX specific
* Added extra warning dialog when opening .sh, .desktop or executables
directly from Web or from transfer manager with kfmclient exec. Addresses
issue reported in Secunia Advisory SA13447.
* Fixed crash when importing e-mail.
Also add a 'opera-distinfo' make target, which takes care to update
distinfo for all supported ports, which should significantly reduce
amount of necessary manual work on package updates.
Adding several official patches which fix security and critical problem.
o 2005-02-06 00:57 (Cosmetic)
Improve password handling in FTP gatewaying of ftp://user@host URLs
o 2005-02-04 11:41 (Minor) WCCP easily disturbed by forged packets
o 2005-02-04 00:33 (Medium)
Persistent connection trouble on failed PUT/POST requests
o 2005-02-04 00:12 (Major) Segmentation fault on failed PUT/POST request
o 2005-02-03 23:27 (Minor)
Sporadic segmentation fault when using ntlm authentication
o 2005-02-03 23:17 (Minor)
LDAP helpers sends slightly malformed search requests
o 2005-01-31 22:50 (Security issue)
Correct handling of oversized reply headers
squid-2.5.STABLE7-response_splitting.patch was updated, so update distinfo
and DIST_SUBDIR. It seems that a patch to one more file was added.
* 2005-01-31 01:50 (Security issue)
Strengthen Squid from HTTP response splitting cache pollution attack
- * Fixed a possible attack (program abortion) by malicious web pages, which
contain huge values for <table> attributes "colspan" and "rowspan".
* Changed anchors, they are now tested to be unique, and removed properly,
when a widget tree is changed (e.g. another page is visited). Also added
HTML warnings.
Patches: Sebastian Geerken
- * Fixed two minor memory leaks (IO's Buf1Start & html's SPCBuf).
* Fixed handling of XML's "/>" tag-closing (e.g. <script ... />). BUG#514
* Removed obsolete code from IO/file.c.
* Added a few missing EINTR handlers in dpi.c.
* Orthogonalized the generic parser:
- Fixes memory leaks and widget state when recovering from bad HTML.
- Improves error detection and validation (needed by XHTML).
- Makes DOC tree generation possible (needed by CSS).
- Cleaner design of handling routines for bad HTML.
- Orthodox treatment of double optional elements (HTML, HEAD, BODY).
- Lots of minor code cleanups.
* Switched the dpi file server's design to pthreads (fixes a critical race).
* Avoided a crash when indexed GIF images lack a color map (BUG#647).
* Fixed a bug when the remote HTTP server sends no Content-Type and
the TCP packetizing splits the header from data (BUG#650).
* Returned the parser to the old whitespace "collapsing" mode
(this can be changed with the SGML_SPCDEL define in html.c).
* Fixed a memory leak for DwStyle (there was one leak per page).
Patches: Jorge Arellano
- * Fixed a large memory leak of thread specific resources. --Very important
Patch: Jorge Arellano, Livio Baldini
- * Removed warnings for pointer arithmetic and strict prototypes all
around the code (now it works under LP64 architectures).
* Made miscelaneous cleanups for LP64 architectures.
Patches: Jorge Arellano, Dieter Baron
- * Changed dpid's umask to 0077.
Patch: Jorge Arellano, Richard Zidlicky
- * Switched to g_vsnprintf (instead of vsnprintf).
Patch: Frank Wille
- * Updated a bit the README file.
Patch: Dieter Baron
- * Made a grammatical and typographical review of the whole documentation
in doc/. Also added some clarifications.
* Fixed a libpng detection problem (e.g., on CYGWIN). BUG#651
Patches: Roberto Sanchez
- * Fixed "id" and "name" attributes parsing logic.
* Improved the parsing algorithm for character entities. BUG#605
Patches: Matthias Franz
- * Fixed a security bug with uncertain data and a_Interface_msg().
CAN-2005-0012.
Patch: Tavis Ormandy
Changes for version: 0.37 (Tue Jan 11 07:45:24 PST 2005)
- Remove load_class calls per Spoon 0.21
- Move archive commit hook into super class
- Split Kwiki::Command into Spoon::Command
- Make kwiki -compress work again :\
- Change -subwiki to -new_view
- List all plugins commented out in plugins file
- Support PagePrivacy
- Support multiple config*.*
- Make toolbar, widgets, and status prereqs of theme
python*-pth packages into meta-packages which will install the non-pth
packages. Bump PKGREVISIONs on the non-pth versions to propagate the
thread change, but leave the *-pth versions untouched to not affect
existing installations.
Sync all PYTHON_VERSIONS_AFFECTED lines in package Makefiles.
* Report 404 for HEAD requests to non-existing files or directories
* Scale images when they are requested from the cache instead of
before the index is displayed.
* Sort pictures the same way when viewing images as when viewing
directories
* New option GalleryUnderscoresToSpaces to convert underscores to
spaces in the listing of directories.
* Remember choosen width by setting a cookie
* Two new configuration options GalleryDocFile and GalleryImgFile
that makes it possible to configured which filetypes should be
displayed. See the documentation for details.
* Switched to use Text::Template instead of CGI::FastTemplate,
see the UPGRADE file for details.
* Create copyright notices on pictures using truetype fonts instead
of png images. Font, color and size can be configured.
and various bug fixes.
Notes:
* NetBSD-native version not available, this can be used only with
MOZILLA_USE_LINUX
* Linux sets MOZ_GTK2, gtk1-compiled version doesn't appear to be available
* Solaris not tested
o 2005-01-21 12:43 (Security issue)
Strengthen Squid from HTTP response splitting cache pollution attack
o 2005-01-21 12:10 (Minor)
Icons fails to load on non-anonymous FTP when using
short_icons_url directive
o 2005-01-21 12:10 (Minor)
FTP data connection fails on some FTP servers when requesting
directory without a trailing slash
One patch has problem to apply and hold to apply
o 2005-01-21 12:10 (Minor) Disable Path-MTU discovery on intercepted requests
Bump package revision.
Tomcat 5.0.30 (yoavs)
General
update Update web.xml files to 2.4 schema (from 2.3 DTD) where applicable. (yoavs)
update 32235: align conf/web.xml MIME types with Apache HTTPD. (yoavs)
fix 31132: Modified startup scripts for better OS/400 -x/-r handling. (yoavs)
update 22679: Added misc note on accessing session ID to SSL-HowTo. (yoavs)
update When the package protection is not used, do not create the doPrivileged objects so we don't suffer the performance hit (jfarcand)
update 32282: Modify Windows Uninstaller to remove webapps and webapps/ROOT only if user asks to remove everything. (yoavs)
Catalina
fix 31273: Add support for derefaliases in JNDIRealm. (markt)
fix 31623: Better OS400 support in setclasspath.sh. (yoavs)
fix 31592: Allow specification of digest encoding for realms. (yoavs)
update 31945: Added and updated Connector documentation. (yoavs)
update 31739: Minor documentation corrections for realm-howto and AJP docs. (yoavs)
fix 31753: Minor inconsistencies in JDBC and DataSourceRealm#authenticate. (yoavs)
update 31683: Minor clarifications to realm documentation. (yoavs)
fix 31851: UserTransaction in DefaultContext broken. (yoavs)
fix 32130: Check for null or empty file listing in FileStore#keys. (yoavs)
update 32276: Add developer info to Realm How-To. (yoavs)
fix 32082: Add protected getPrincipals method to MemoryRealm for easier extension. (yoavs)
fix 32023: CGIServlet fails to handle post message with multipart/form data. (yoavs)
fix 32269: JNDIRealm fails with InvalidNameException to authenticate users if LDAP distinguished name (DN) contains slash or double quote character(s). (yoavs)
Coyote
Jasper
fix Fixed default compiler target VM setting (to 1.3) so that compilation on J2SE 5.0 works out of the box. (yoavs)
update Exposed compilerSourceVM and compilerTargetVM options to JspC. (yoavs)
update Updated JspC usage messages to include recently added configurable parameters. (yoavs)
fix 29866: JspReader#skipUntil may try to read beyond the end of the file. (yoavs)
fix 32330: JspC changes context classloader. (yoavs)
Cluster
Webapps
fix 31707: Broken JavaScript confirmation in HTML manager. (yoavs)
update Removed hard-coded admin context path. (yoavs)
fix 31732: Fix Japanese localization of Manager's list command. (yoavs)
update 31656: Make admin webapp build on Struts 1.2. (yoavs)
update 32019: Remove maxlength=64 on env entry value in admin webapp. (yoavs)
Tomcat 5.0.29 (yoavs)
General
update Added Xalan note in RELEASE-NOTE section on XML parsers. (yoavs)
fix 30756: Bad syntax in sample web.xml. (yoavs)
update Enhanced Japanese resource bundles. (yoavs)
fix 30568: Incomplete setup.html documentation for launching jsvc. (yoavs)
Catalina
update Use CatalinaDigester on shutdown so you can use a sytem property to configure the port. (funkman)
fix Fix memory leak when Security Manager is turned on. (jfarcand)
fix 28914: threadPriority attribute ignored. (yoavs)
fix 30763: added failOnError attribute to UndeployTask. (yoavs)
fix 30624: Enhanced null checking in RealmBase#findSecurityConstraints. (yoavs)
fix Added explicit close of randomIS DataInputStream to ManagerBase for better resource handling. (yoavs)
update Added processTlds context attribute to allow disabling TLD processing. (yoavs)
update Backport if-else logic for SSI servlet from 4.1 (funkman)
update StandardClassLoader: Output the name of the repository if it failed to load. (funkman)
fix 31001: Missing domain attribute in MBean description for createStandardService. (yoavs)
fix 30636: NPE in DigesterFactory when resources cannot be located. (yoavs)
fix 30415: Directories ending in .war not handled well. (yoavs)
fix 31052: BeanFactory swallows root cause of exception. (yoavs)
fix 29914: Better lifecycle support for DefaultContext. (yoavs)
fix Set the FORM notes even when caching so that clustering with SSO works properly. (remm)
fix 30869: Make sure JAAS realm name is legal. (yoavs)
fix 31277: Clarified automatic application deployment section of Host configuration page. (yoavs)
fix 28631: JAASRealm enhancements to support custom user, role class names, use Commons-Logging. (yoavs)
fix 31364: Missing resource in org.apache.catalina.core.LocalString.properties. (yoavs)
fix 31362: Missing -Xdebug in catalina.bat when using JPDA and Security. (yoavs)
fix 30949: Make sure ApplicationDispatcher unwraps requests even if include fails. (yoavs)
fix 31511: Don't call setenv.bat if not found in *using-launcher scripts. (yoavs)
fix 31549: Add name of resource to load failed messaged in WebappClassLoader. (yoavs)
Webapps
fix 29526: Manager redeployment locked JAR because of context.xml stream. (yor "dangerous" manager tasks. (yoavs)
fix 29485: Added JavaScript confirmation prompts to HTML Manager actions. (yoavs)
fix 31058: Ensure StatusTransformer escapes query string for XML. (yoavs)
fix CGI Servlet: Revert the fix for 27090 as it introduced a JDK 1.4 dependency. (markt)
Jasper
fix 30984: Added compilerTargetVM option to Jasper. (yoavs)
fix 31171: Wrap to avoid ClassCastException in PageContextImpl. (yoavs)
fix 31257: Added specification of endorsed dirs if forking. (yoavs)
fix 31510: Set response=null in JspWriterImpl#recycle to aid in JBoss memory leak. (yoavs)
Coyote
fix 31018: Race condition in SystemLogHandler. (yoavs)
Changes since 2.001:
url_decode now interprets "+"s correctly, as encoded spaces.
url_encode ensures that all hex-encodings are padded correctly, to 2 digits (so
"%09" for a tab, not "%9"). The fake-encoding done on standard input when
testing at the command-line has been fixed equivalently.
url_encode also converts spaces to "+"s and emits hex characters in upper-case,
since this what web-browsers seem to do. Encoding is now performed on all but
known-safe characters, rather listing all the characters believed to be in need
of encoding.
The internal method _decode_url_encoded_data now uses url_decode, rather than
duplicating its content.