- Squid may hang or behave oddly on shutdown while requests is being processed.
synopsis Squid may hang or otherwise behave oddly in shutdown
if there is new requests processed at the same
time. On shutdown Squid internally shut down DNS,
redirectors and external acls while still processing
new requests already received. In combination with the
external acl queue overload bug this can completely
hang Squid, preventing it from shutting down.
severity Minor
bugzilla #590
versions Squid-2.5 and earlier
platforms All
- external acl lookups does not deal well with queue overload
synopsis If there is a queue overload for external acl lookups
then Squid logs "externalAclLookup: 'xxx' queue
overload" at a very high rate in cache.log until the
condition clears up.
severity Major
bugzilla #590
versions Squid-2.5
platforms All
- cache_effective_user documentation unclear
synopsis The cache_effective_user/group documentation was
unclear on what happens if only one of the directives
is set, or when Squid is started as a non-root user.
severity Cosmetic
versions Squid-2.5 and earlier
platforms All
- cache_peer documentation missing for htcp and carp
synopsis The cache_peer documentation for the htcp and carp
related options was missing
severity Cosmetic
versions Squid-2.5 and earlier
platforms All
Changes:
* the curl tool now "clears" sensitive commands line args
* no more emacs local variables in the source files
* script for distributed, automatic, multi-platform testing added. Please join up and help us test
the bleeding edge curl on various platforms!
* the "scratch buffer" is now only allocated when actually needed
* removed the strequal and strnequal macros from curl/curl.h
* added CURLOPT_UNRESTRICTED_AUTH / --location-trusted
Bugs:
* "curl -O" only, now outputs an error message accordingly
* builds fine on Redhat Linux 9 (configure fix)
* the CA cert bundle included a demo cert now removed
* changing some attributes between two transfers when re-using a connection did not "take effect"
properly
* the test suite runs faster and hopefully a bit more reliably
* improved configure check for presence of functions, needed for HPUX
* the curl tool now makes a correct URL escaping when appending to the URL when using -T and the
file name is appended to the URL.
* configure --enable-libgcc now explicitly add -lgcc to the linker
* better configure checks for headers (since some platforms got nasty warnings output previously)
* configure --help looks nicer
* data transfer bug on HP-UX systems
* improved random seeding for systems without a reliable random source
* 64bit Sparc compiler warnings removed
* a case where a connect failure didn't return an error string
* DNS cache problem in AIX 4.3 and later was fixed
* a POST-then-GET problem when re-using the same handle in libcurl
* extra precaution added for FTP servers returning 0 bytes to SIZE commands
* looping issue in the receive function (i.e badly updated progress meter)
* Fixed the 'Expect: 100-continue' behavior
* CURLOPT_MAXCONNECTS segfault fixed
* multi-interface connecting on Windows to non-listening ports fixed
* Curl_base64_encode() now encodes zero-bytes too properly
* fixed the infamous SSL error:00000000 outputs
* zlib build fix in the mingw makefile
* don't check for ca cert env variable if --insecure is used
* always use strict cert name check unless --insecure is used
* content-type extracting fixed
* DEBUGFUNCTION could be called with wrong arguments in uploads
* ftp downloads could wrongly return CURLE_PARTIAL_FILE in some conditions
* the fopen.c example code didn't work
* content-type extracting memory leak fixed
* curl/multi.h was fixed for C++ compiles
* .netrc file scanning for names+passwored fixed
* curl-config --cflags works even when include dirs isn't /usr/include
* CURLINFO_PRIVATE can return NULL properly
Changes with mod_ssl 2.8.14 (18-Mar-2002 to 21-Mar-2003)
*) Fixed logic in the destruction of a temporary certificate
structure and this way avoid a crash due to freeing NULL object.
*) Removed one newly introduced X509_free() call in the context of
SSL_get_certificate(), because this function does not increment a
reference count (although SSL_get_peer_certificate() does).
*) Fixed hash-table based shared memory session cache (shmht)
implementation by making sure that the underlying hash table
library does not crash if memory cannot be allocated.
Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003)
*) Always enforce RSA blinding on RSA private keys in order to be
resistent to timing attacks.
*) Added timeout also to the "pre-sucking" of the trailing data in
POST request handling.
*) Correctly shutdown shared memory pools on fork+exec situations.
*) Bugfix SSL client certificate verification: OpenSSL was not
informed with SSL_set_verify_result(ssl, X509_V_OK) in case
mod_ssl forced the verification to be ok.
*) Consistently use OPENSSL_free() instead of plain free() to
deallocate memory chunks allocated inside OpenSSL.
*) Fixed various memory leaks related to X509 certificates.
New patch-ac sent to maintainer.
- PNG images can now be used directly in the album (even if then are
still renamed to .jpg...).
- File timestamps are now preserved when they are copied in the gallery.
- bins_cleanupgallery script has been added. Use it to remove any unused
file in your HTML galleries. Run it without argument for usage
information. Note that this script is still experimental, so if it
performs wrong, just re-run bins to recreate erased files.
This program was written by Jochen Schaeuble <psionic @ psionic.de>.
- default templates has been updated
- joi templates have been updated
The primary purpose of whisker is to be a URL scanner, which is
used to search for known vulnerable CGIs on websites. Whisker does
this by both scanning the the CGIs directly as well as crawling the
website in order to determine what CGIs are already currently in
use.
Submitted by adrianp@stindustries.net in pkgsrc-wip
Changes:
arts
* Several memory corruption fixes.
kdelibs
* kdialog: Fix screen numbering problem for centerOnScreen() static method
* kprogress: Fix math problem in displaying correct percentage for large
numbers
* kio_http: Fix data processing for webdav(s) listing of directories and files
* kate: Many small bugfixes, including:
+ Fixed code completion drop-down box position
+ Fixed "wrap cursor disabled" bugs
+ Fixed vertical scrollbar middle mouse behaviour
+ Fixed remove whitespace feature
+ Now clears the redo history when it is irrelevant
+ Fixed crash after starting up with a non-existant directory in the file
selector history
* kparts: Fix extension of transparently downloaded files, this fixes ark
(used to display temp file instead of archive content)
* klauncher: Fixed support for "Path=" entry in .desktop files. This entry
can be used to specify a working directory.
* kio: Don't let ChModJob's -X emulation interfere with mandatory file locking.
* kdeui: Fix for alternate background coloring in Konqueror list views.
* kdeui: Fix to prevent an event loop in conjunction with Qt 3.1.2.
* kio/bookmarks: Properly handle multiple shown bookmarks with the same URL;
fixes crash on exit in Konqueror when bookmarkbar is on and some bookmarks
points to the same place
* kstyles: Handle focus indicators on label-less checkboxes better
* kdeprint: Don't freeze when there is no route to the selected CUPS server
* SSL: add support for OpenSSL 0.9.7
* SSL: ADH ciphers are now explicitly disabled in all cases
* SSL: new CA root certificate added
* Several Xinerama related fixes
* QXEmbed fixes for various situations that don't handle XEMBED well
* Java on IRIX with SGI 1.2 VM is fixed
* khtml: Several major bugfixes, partially incorporated fixes from Safari as well.
kdeaddons
kdeadmin
* Linux Kernel Configurator: Add details about the lightbulb icon's meaning
* Linux Kernel Configurator: Support for more incorrect kernel configuration
files
kdeartwork
kdebase
* kcmshell: Restored backwards compatibility wrt KDE 3.0 module names
* klipper: Escape "&" everywhere.
* konsole:
+ Removed "get prompt back"-hacks, don't assume emacs key shell bindings.
+ Fixed usage of background images with spaces in the filename.
+ Profile support fixes (disabled menubar etc.)
+ Bookmarks invoked from "Terminal Sessions" kicker menu now set correct
title.
+ Fixed a problem with the "Linux" font that prevented it from being used
with fontconfig.
* kdesktop: Made desktop menus pop up in unused Kicker space work.
* kicker: Fixed empty taskbar sometimes showing scroll buttons.
* konqueror:
+ Various startup performance improvements
+ Fix crash when sidebar tree expands hidden directory
+ Fix crash when config button hidden from config button's menu
+ Extensive fixes to Netscape plugins, fixing crashes and plugin support
+ Changes to default preview settings, making the defaults safer on various
platforms
* Java configuration module: Make it possible to properly configure Java in
all cases
* Previews: Fixed a privacy issue where previews of HTML files could access
files or hosts on the network.
kdeedu
* KStars:
+ Fixed bug #51708: No longer exits if starting position is below horizon
(only affected some systems)
+ Fixed bug #52205: Country of Lhasa is China, not Tibet.
+ Fixed too-narrow coordinates field in statusbar.
+ Fixed bug in "length of day" calculator module; it now properly accounts
for latitude and longitude
kdegames
* Atlantik: Many small bugfixes, including:
+ Better handling of incoming messages
+ Fixed token animation
* kbackgammon: Common crash fix.
kdegraphics
* KIconEdit: Fix the ellipse/circle tool not to leave any "holes" in the
drawings
* Kooka: Some UI crashes fixed
* KViewShell: Default paper size is fixed
* KGhostView: Fixed wheel-mouse scrolling
kdemultimedia
* KsCD:
+ Stopped KsCD from pausing after tracks in random mode
+ Correctly associate extra CDDB information with tracks
+ Support non-Latin encodings properly in CDDB entries and elsewhere
+ Proper systemtray behaviour
+ Updated key accel code to avoid depricated calls
* Movie previews have been removed due to severe unresolved stability problems
kdenetwork
* Desktop Sharing server (krfb):
+ fix problems on X11 servers with 8 bit depth
+ fix problems on X11 servers with big-endian framebuffer
+ allow X11 servers without XShm (thin clients). Warning: requires a lot
of bandwidth
+ remove read timeouts. This should solve problems with some clients that
got disconnected after a minute of inactivity (but increases the time to
detect dead clients)
+ fix problem with clients that support both RichCursor and SoftCursor
encodings (like krdc from HEAD)
* Desktop Sharing client (krdc):
+ fix: when an error occurred in fullscreen krdc did not restore the
original resolution
+ fix: krdc stopped to repaint the framebuffer after a disconnect while
the error dialog was displayed
+ the quality setting in medium quality mode has been increased because
the original setting looked too bad with Keramik
kdepim
* KOrganizer bug fixes:
+ Use correct default duration for events crossing a day boundary (#53477).
+ Correctly save category colors (#54913).
+ Don't show todos more than once in what's next view.
+ Include todos in print output of month view (#53291).
+ Don't restrict maximum size of search dialog (#54912).
+ Make cancel button of template selection dialog work (#54852).
+ Don't break sorting when changing todos by context menu (#53680).
+ Update views on changes of todos directly in the todo list (#43162).
+ Save state of statusbar (#55380).
* knotes: Escape "&" in note titles
kdesdk
* Cervisia:
+ Fixed line break in protocol view
+ Fixed timestamp for files that are not in cvs (#55053)
+ Fixed handling of Cervisia's options like 'Update Recursively' when run
as embedded part in konqueror (#55665)
kdetoys
* kworldclock: Fixed that all clocks show the same time.
* kweather: Made it work again with non-english locales. (#52147)
* kweather: Prevent KWeather from looping and freezing Kicker when not
connected to the internet.(#49191)
kdeutils
* klaptopdaemon: Fix serious stalling problems on GNU/Linux with ACPI
* kcalc: Now a KMainWindow instead of a KDialog to fix various UI
inconsistencies
* kdf: Support escapes in fstab
quanta
* Bugfixes:
+ Allow resizing of the main window even with large user toolbars [#53230]
+ Insert valid DTD definitions [#53274]
+ Honor the View Default settings from Settings->Configure Editor [#53569]
+ Be less braindead regarding the Show DTD Toolbar setting [#53739]
+ Be able to select also directories in tag dialogs [#54819]
+ Do not complain about text files being binary ones on a system with
broken mimetypes [#54924]
+ Bring up the "File Changed" dialog only, when the file content has
changed[#55678]
+ Select Tag Area behaviour fixed for optional tags
+ Insert non-translated string in CSS code parts
+ Insert "border-top", "border-right", etc. correctly in CSS
+ Don't quote the script line more than once in the action configuration
dialog
+ Memory leak fixed: editor parts were not deleted when a file was closed
+ Fix insertion of "img" tags in HTML documents
+ Upload/rescan project/add to new project tree view behaviour fixed
+ Fix renaming of file in the Project Tree, when a file with the new name
was already present in the project
+ Rename only what has to be renamed in the project and enable project
saving after a rename
+ Use the correct encoding for newly created files
+ Saving of Author and E-Mail project options was broken in some cases
+ Fix the numbering of new documents
+ Fix the execution of actions
+ Fix crash when deleting an action
+ Insert valid single tags from the toolbar
* Enhancements:
+ Show the tag attributes (Alt-Down) menu lower than the current line
+ "Insert in cursor position" for script actions replaces the selection if
there was some text selected
+ New DCOP interface (WindowManagerIf) added to enable the modification of
the opened documents from a script
+ DTD for Quanta tags (DTD definition) added
+ XHTML 1.0 Strict DTD added
Changelog
* Secunia Security fix (redirect exploit fix)
* Fixes in Xft library loader
* Fix for match failures in XftConfig when font size was involved
in the conditions. Now it should be possible to e.g. disable anti-aliasing
for certain font sizes.
Phoenix is a redesign of the Mozilla browser component, similar to Galeon,
K-Meleon and Chimera, but written using the XUL user interface language
and designed to be cross-platform.
This package provides a simple way to track nightly Linux builds of
phoenix.
pkgsrc change: install some supplemental documents.
Changes to squid-2.5.STABLE2 (Mars 17, 2003):
- Contrib files added back to the distribution
- Several compiler warnings fixed when using --disable-ident or
--disable-http-violations
- authentication can now be used in most access controls, but
must in most cases first be enforced in http_access to force
the user to authenticate.
- cleanups in the developer bootstrap.sh process when preparing
the sources.
- several squid.conf.default documentation updated to correctly
refer to the current names when refering to other directives
- authenticate_ip_ttl documentation updates
- several assertion faults and segmentation violations corrected
- the RunCache/RunAccel and squid.rc scripts updated to refer to
the squid binary in sbin rather than the old bin location.
- squid_ldap_auth command line processing fixes when specifying
the LDAP server last on the line instead of -h option
- aufs data corruption bugfix
- aufs performance improvement for low traffic systems
- aufs stability improvements
- external_acl corrected to properly deal with quoted strings
- WCCPv1 bugfix to make sure the router accepts the hash assignments
- "Total accounted memory" now correctly reported in cachemgr
- several small memory leaks (mostly reconfigure related)
- new squid.conf option to allow GET/HEAD requests with a request
entity
- "make uninstall" no longer removes squid.conf
- cachemgr.cgi now uses POST to avoid having the cachemgr password
logged in the web server logs
- authentication schemes which are known to not be proxyable are now
filtered out from forwarded server replies to avoid that the clients
tries to use such schemes when we know for a fact it won't work
- spelling corrections in various error messages
- now possible to define acl values with spaces in them
by using the "include file" feature
- squid_ldap_group updated to 2.10 to fix compilation issues with
recent (and older) OpenLDAP libraries and to make the helper deal
correctly with true LDAP groups by first looking up the user DN.
- Some internal code cleanups
- now verifies that programs etc exists iside the chroot directory
when using chroot_dir. No longer neccesary to set up a split view
environment where the same paths works both inside the chroot and
outside just to convince Squid that the files is actually there..
- improved memory usage reporting
- --disable-hostname-checks configure option
- no longer ignores double dots in host names. Any hostname with
double dots is now rejected as invalid.
- log_mime_hdrs no longer logs garbage if very long headers
are seen.
- 'select_fds_hist' object added to cachemgr 'histogram' output
- pid file now unlinked when squid has really shut down, not
immediately when the shutdown request is received. This allows
the pid file to be monitored to determine when Squid has shut down
properly
- correct authentication scheme setups on some platforms or compilers
- several squid.conf.default documentation updates to remove references
to renamed or replaced directives by changing them to their current
names.
- the SSL reverse proxy support updated to allow building with
OpenSSL 0.9.7 and and later.
- Corrected a minor performance problem while processing HEAD replies
from various broken web servers not sending a correct HTTP reply
- time acls can now specify multiple times in the same acl name, like
most other acl types.
- winbind helpers updated to match Samba-2.2.7a and should
work with Samba-2.2.6 or later (required). For compability with
older Samba versions A new configure option --with-samba-sources=...
has been added to allow you to specify which Samba version the
helpers should be built for if different than the above versions.
- Squid MIB definition syntax correction to work better with newer
(and older) SNMP tools.
- Fixed access.log format when logging "error:invalid-HTTP-ident" on
requests where parsing the HTTP identifier (HTTP/1.0) failed.
- "make distclean" no longer removes the icons, this avoids the
dependency on "uudecode" to rebuild Squid after "make distclean"
- User name returned by external acl lookups (external_acl_type)
is now available as "ident" in later acl checks in addition to
the logging in access.log.
- Incorrect behaviour of Digest authentication partly corrected - it
will not handle sessions, but will always enforce password
correctness.. (patch submitted by Sean Burford).
- Issue with persistent connections and PUT/POST request corrected
- Recognises Safari and Camino browsers.
- New LOGFORMAT specification %D (processing time in microseconds).
- Understands %A and %D in APACHELOGFORMAT.
Many minor new features (at least nothing major struck me)
and lots of bug fixes (details: http://www.w3.org/Amaya/User/New.html).
pkg: now uses GTK instead of Motif.
Changes:
o Fix posible obscure buffer overflow bug in DNS resolver code
o Added additional extended character fixes
o Let code accept partial content response codes along with 200's
o Added code to catch blank hostnames (yes, they have been found!)
Will convert them into 'Unknown'
What's new from release notes
* Mozilla Mail has junk-mail classification. With some initial
"training" the client can identify and segregate spam messages from
good messages. To see more about Mozilla's junk-mail classification,
visit the Mozilla Spam Filtering page.
* Newsgroup filters have been implemented.
* An initial implementation of Mozilla Midas, rich text editing
controls, has landed in Mozilla for 1.3. See the Midas page for more
information.
* Image auto sizing allows a user to toggle between full-sized images
and images sized to fit the browser window. To give it a try, load a
large image into the browser window or size the window to be much
smaller. Now clicking on the image will alternate between auto-sized
and full-sized. The feature can be disabled (or enabled) from the
Appearance panel in Preferences.
* Users can now "dynamically" switch profiles. To give it a try, from
the tools menu select "Switch Profile..."
* Find as you type, formerly known as type ahead find, has a new
preferences panel (Advanced: Keyboard Navigation).
* When installed, Chatzilla now has a normal Mozilla preferences panel.
* Mozilla 1.3 also includes fixes for performance, standards
compliance and site compatibility.
* Mozilla has a new splash screen. We already know. Please don't
report this to Bugzilla. Thanks