Tomcat 5.5.23 (fhanik)
Catalina
41608 Make log levels consistent when Servlet.service() throws an exception. (markt)
41666 Correct handling of boundary conditions for If-Unmodified-Since and If-Modified-Since headers. Patch provided by Suzuki Yuichiro. (markt)
41674 Fix error messages when parsing context.xml that incorrectly referred to web.xml. (markt)
41739 Correct handling of servlets with a load-on-startup value of zero. These are now the first servlets to be started. (markt)
Coyote
Requests with multiple content-length headers are now rejected. (markt)
Tomcat 5.5.22 (fhanik)
General
Fix regression in build that prevented connectors from building. (markt)
Tomcat 5.5.21 (fhanik)
Catalina
41401: StandardService.getConnectorNames() return array of Connector JMX objectnames. (pero)
29727: If env-entry values in web.xml are changed then ensure new values are applied when context is reloaded. (markt)
34956: Ensure request and response objects passed to a RequestDispatcher meet the requirements of SRV.8.2 and SRV.14.2.5.1. This is disabled by default. The Java option -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true is required to enable this test. (markt)
36274: When including static content with the DefaultServlet also treat content types ending in xml as text. (markt)
36976: Don't use CATALINA_OPTS when stopping Tomcat. This allows options for starting and stopping to be set on JAVA_OPTS and options for starting only to be set on CATALINA_OPTS. Without this fix, some startup options (eg the port for remote JMX) would cause stop to fail. Based on a fix suggested by Michael Vorburger. (markt)
37070: Update mbean name documentation to include the StandardWrapper. (markt)
37356: Ensure sessions time out correctly. This has been fixed by removing the accessCount feature by default. This feature prevents the session from timing out whilst requests that last longer than the session time out are being processed. This feature is enabled by setting the Java option -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true The feature is now implemented with synchronization which addresses the thread safety issues associated with the original bug report. (markt)
37439: Update documentation for Engine component to add the requirement that the name must be unique. (markt)
37458: Add syncs to the WebappClassloader to address rare issues when multiple threads attempt to load the same class concurrently. (markt)
37509: Do not remove whitespace from the end of values defined in logging.properties files. (markt)
38198: Add reference to Context documentation from Host documentation that explains how Context name is obtained from the Context filename. (markt)
39088: Prevent infinte loops when an exception is thrown that returns itself for getRootCause(). Based on a patch by Wouter Zelle. (markt)
39436: Correct MIME type for SVG. (markt)
39627: JULI no longer ignores a ".level=XXX" directive in logging.properties. Patch provided by Roger Keays and Richard Fearn. (markt)
39724: Removing the last valve from a pipeline did not return the pipeline to the original state. Patch provided by David Gagon. (markt)
40367: Update JK auto configuration documentation to clarify that workers.properties must also exist. (markt)
40524: HttpServletRequest.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT for certificate authentication as per the spec. Note that web.xml continues to use CLIENT-CERT to specify the certificate authentication should be used. (markt)
40526: Add support for JPDA_OPTS to catalina.bat and add a JPDA_SUSPEND environment variable to both startup scripts. Patch provided by Kurt Roy. (markt)
40528: Add missing message localisations as provided by Ben Clifford. (markt)
40585: Fix parameterised constructor for o.a.juli.FileHandler so parameters have an effect. (markt)
40625: Stop CGIServlet swallowing the root cause of an exception. Patch provided by Takayoshi Kimura. (markt)
40723: Correct table creation example in JavaDoc for JDBCAccessLogValve. (markt)
40802: Add jsp-api.jar to fileset in catalina-tasks.xml as provided by Daniel Santos. (pero)
40817: Correct problem where CGI scripts in the root of the ROOT context threw a StringIndexOutOfBoundsException. (markt)
Set the SCRIPT_FILENAME environment variable required by PHP when using the CGIServlet to execute PHP. (markt)
40823: Update context doc to clarify use of ROOT.xml, multi-level context paths and to further discourage use of server.xml (markt)
40844: Add additional syncs to JDBCRealm to resolve NPE when two users try to authenticate using DIGEST authentication at the same time. (markt)
40860: Log exceptions and other problems during parameter processing. (markt)
40901: Encode directory listing output. Based on a patch provided by Chris Halstead. (markt)
40929: Correct JavaDoc for StandardCalssLoader. (markt)
41008: Allow POST to be used for indexed queries with CGI Servlet. Patch provided by Chris Halstead. (markt)
41020: Improve error message when custom error report Valve fails to load. Also remove requirement that custom error report Valves extend ValveBase. (markt)
41217: Set secure attribute on SSO cookie when cookie is created during a secure request. Patch provided by Chris Halstead. (markt)
Ensure Accept-Language headers conform to RFC 2616. Ignore them if they do not. (markt)
Make provided instances of RequestDispatcher thread safe. (markt)
Fix formatting of CGI variable SCRIPT_NAME. (markt)
34643: Improved documentation for per-user / per-session clientAuth usage in SSL Authenticator. Docs provided by jack and Ralf Hauser. (yoavs)
40668: Update release notes and readme files specific to v5.5.20 to notify users of missing MailSessionFactory in distribution, suggest workarounds, and link to relevant Bugzilla issue. (yoavs)
37977: adapt BUILDING.txt and net build.xml for SVN. Patch by Christopher Sahnwaldt. (yoavs)
39055: Link to sample workaround code for using JSR160 JMX monitoring with a local firewall. Thanks to George Lindholm for the patch. (yoavs)
39476: add xml declaration to most build.xml files, as suggested by Gregory S. Hoerner Sr. (yoavs)
40326: stop using File#deleteOnExit in DefaultServlet to avoid JVM memory leak, as suggested by quartz. (yoavs)
40192: update setup.html notes regarding Windows tray icon. (yoavs)
40177: add more warnings to documentation about RequestDumperValve character encoding. (yoavs)
39255: NPE in AuthenticatorBase when logging level is set to DEBUG and no prinicpal found. (yoavs)
41437: Make log messages and loglevel consistent during Context start. Patch provided by Suzuki Yuichiro. (markt)
Coyote
38332: Add backlog attribute to ChannelSocket as provided by Takayoshi Kimura. (pero)
Backport packetSize feature from Tomcat 6.0.x at standard coyote AJP Jk handler. (pero)
40771: Fix implementation of SavedRequestInputFilter.doRead() so POST data may be read using a Valve or Filter. Patch provided by Michael Dufel. (markt)
41017: Restore behaviour of MessageBytes.setString(null). (remm/markt)
41057: Modify StringCache to add a configurable upper bound to the length of cached strings. (remm/markt)
38774: Check javax.net.ssl.keyStorePassword system property as a secondary source for keystore password in JSSESocketFactory, as suggested by Ted X. Toth. (yoavs)
39402: Modify existing Vary HTTP header, rather than overwrite it, if it exists when using GZip compression. Patch by Matthew Cooke. (yoavs)
40241: Catch Exceptions instead of Throwables in Default and SSI servlets. Also improve relevant logging while we're at it. (yoavs)
40133: Better error message when context name is not available on startup, as suggested by Andreas Plesner Jacobsen. (yoavs)
Jasper
39975: don't have static Log references to prevent classloader leaks. (yoavs)
40104: When displaying JSP source after an exception, handle included files. (markt)
40797: This was a regression as a result of the fix for 33407. TLD validation was failing as a result of the use of the escape character (0x1b) as a temporary replacement for \$. An alternative character (0xe000) from the unicode private use range is now used. (markt)
41057: Make jsp:plugin output XHTML compliant. (markt)
41327: Show full URI for a 404. Patch provided by Vijay. (markt)
41265: Allow JspServlet checkInterval init parameter to be explicitly set to the stated default value of zero by removing the code that resets it to 300 if explicitly specified as zero. (markt)
Display the JSP source when a compilation error occurs and display the correct line number rather than start of a scriptlet block. (markt)
Webapps
34952: Clarify that the Windows Installer always installs a Windows service. (markt)
35968: Make environment entry properties input a text area. Patch provided by Tristan Marly. (markt)
37588: Fix creation of JNDI Realm in admin application. Patch provided by Terry Zhou. (markt)
38048: Fix memory leak assoaciated with use of expression language in JSPs. Patch provided by Taras Tielkes. (markt)
39572: Improvements to CompressionFilter example provided by Eric Hedstrom. (markt)
40507: Update host-manager and servlet-examples web-apps to use the servlet 2.4 xsd. Patch provided by Chris Halstead. (markt)
40581: Add information on the use of a symbloic link as the docBase for a Context to the Context documentation. (markt)
40633: Remove references to the DefaultContext from the documentation. (markt)
40677: Update SSL documentation to indicate that PKCS11 keystores may be used. (markt)
40714: Admin webapp no longer requires a username for a DataSource since it is not required in all cases. (markt)
40720: Fix exception in admin webapp when adding a group to a user. (markt)
40874: Correct log4j configuration in documentation webapp. Patch provided by Franck Borel. (markt)
40999: Add trust store configuration for SSL connectors to the admin webapp. (markt)
41051: Add information on keystore aliases and case sensitivity to SSL HOW-TO. (markt)
41182: Update the Jasper documentation for the classpath attribute. (markt)
41493: Fix handling of APR connectors in Admin webapp. (markt)
41512: Version number was not inserted in release notes. (markt)
40257: Update Manager webapp howto on remote deployment to reflect need for explicit path in one specific use-case. Thanks to Venkatesh Jayaraman. (yoavs)
40160: add reference to the Filter proposed in this Bugzilla item to the WebdavServlet. While at it, give the WebdavServlet some long-overdue TLC by cleaning up some of the old data structures in favor of modern (but still JDK 1.4-compliant) interfaces. (yoavs)
Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
Cluster
Add clustered SSO code and backport feature from Tomcat 6.0.x, submitted by Fabien Carrion (pero)
Add better recovery at FastAsyncQueueSender. Made the startegy more robust for temporary connection problems (pero)
Most important changes are:
- fix a crash for files with an mtime of 0
- fix cpu hog in certain requests
- added mod_extforward module
- reduced default PATH_MAX to 255
Based on patch provided in PR 36156.
0.27
* 0.26 release apparently didn't get to cpan correctly
0.26
* Supports multi-line encoded values in query_sting (like foo%0Abar) -- Dobrica Pavlinusic
* Fixes to URI unescaping to behave like apache does
0.24
* Hopefully deal with an odd case where a poorly behaved Internet Explorer could crash the server.
Thanks to the Catalyst project.
0.23
Fix a release-engineering messup. Thanks to ANDK
0.22 Wed Oct 18 23:36:34 EDT 2006
* Query string processing improvements
0.21 Wed Oct 18 23:31:42 EDT 2006
[rt.cpan.org #21727] [PATCH] Support for Perl 5.004
-- Sebastien Aperghis-Tramoni
0.20
Require POSIX only if we need it, rather than "use" it all the time
[cpan #17533] - Brad Bowman
0.19
Catch and ignore SIGPIPE, so broken pipes from the client don't cause
Standalone to drop all the way back to the shell.
Version 7.16.2 (11 April 2007)
Yang Tse (10 April 2007)
- Ravi Pratap provided some fixes for HTTP pipelining
- configure script will ignore --enable-sspi option for non-native Windows.
Daniel S (9 April 2007)
- Nick Zitzmann did ssh.c cleanups
Daniel S (3 April 2007)
- Rob Jones fixed better #ifdef'ing for a bunch of #include lines.
Daniel S (2 April 2007)
- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The
accepted commands are as follows:
chgrp (gid) (path)
Changes the group ID of the file or directory at (path) to (gid). (gid)
must be a number.
chmod (perms) (path)
Changes the permissions of the file or directory at (path) to
(perms). (perms) must be a number in the format used by the chmod Unix
command.
chown (uid) (path)
Changes the user ID of the file or directory at (path) to (uid). (uid)
must be a number.
ln (source) (dest)
Creates a symbolic link at (dest) that points to the file located at
(source).
mkdir (path)
Creates a new directory at (path).
rename (source) (dest)
Moves the file or directory at (source) to (dest).
rm (path)
Deletes the file located at (path).
rmdir (path)
Deletes the directory located at (path). This command will raise an error
if the directory is not empty.
symlink (source) (dest)
Same as ln.
Daniel S (1 April 2007)
- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many
easy handles are added to a multi handle, by avoiding the looping over all
the handles to find which one to remove.
- Matt Kraai provided a patch that makes curl build on QNX 6 fine again.
Daniel S (31 March 2007)
- Fixed several minor issues detected by the coverity.com scanner.
- "Pixel" fixed a problem that appeared when you used -f with user+password
embedded in the URL.
Dan F (29 March 2007)
- Don't tear down the ftp connection if the maximum filesize was exceeded
and added tests 290 and 291 to check.
- Added ftps upload and SSL required tests 401 and 402.
- Send an EOF message before closing an SCP channel, as recommended by
RFC4254. Enable libssh2 tracing when ssh debugging is turned on.
Yang Tse (27 March 2007)
- Internal function Curl_select() renamed to Curl_socket_ready()
New Internal wrapper function Curl_select() around select (2), it
uses poll() when a fine poll() is available, so now libcurl can be
built without select() support at all if a fine poll() is available.
Daniel S (25 March 2007)
- Daniel Johnson fixed multi code to traverse the easy handle list properly.
A left-over bug from the February 21 fix.
Dan F (23 March 2007)
- Added --pubkey option to curl and made --key also work for SCP/SFTP,
plus made --pass work on an SSH private key as well.
- Changed the test harness to attempt to gracefully shut down servers
before resorting to the kill -9 hammer.
- Added test harness infrastructure to support scp/sftp tests, using
OpenSSH as the server.
- Fixed a memory leak when specifying a proxy with a file: URL.
Yang Tse (20 March 2007)
- Fixed: When a signal was caught awaiting for an event using Curl_select()
or Curl_poll() with a non-zero timeout both functions would restart the
specified timeout. This could even lead to the extreme case that if a
signal arrived with a frecuency lower to the specified timeout neither
function would ever exit.
Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in
Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR
defined both functions will return as soon as a signal is caught. Use it
at your own risk, all calls to these functions in the library should be
revisited and checked before fully supporting this feature.
Yang Tse (19 March 2007)
- Bryan Henderson fixed the progress function so that it can get called more
frequently allowing same calling frecuency for the client progress callback.
Dan F (15 March 2007)
- Various memory leaks plugged and NULL pointer fixes made in the ssh code.
Daniel (15 March 2007)
- Nick made the curl tool accept globbing ranges that only is one number, i.e
you can now use [1-1] without curl complaining.
Daniel (10 March 2007)
- Eygene Ryabinkin:
The problem is the following: when we're calling Curl_done and it decides to
keep the connection opened ('left intact'), then the caller is not notified
that the connection was done via the NULLifying of the pointer, so some easy
handle is keeping the pointer to this connection.
Later ConnectionExists can select such connection for reuse even if we're
not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
false and we can reuse this connection for another easy handle. But thus the
connection will be shared between two easy handles if the handle that wants
to take the ownership is not the same as was not notified of the connection
was done in Curl_done. And when some of these easy handles will get their
connection really freed the another one will still keep the pointer.
My fix was rather trivial: I just added the NULLification to the 'else'
branch in the Curl_done. My tests with Git and ElectricFence showed no
problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
so it was a considerable amount of Curl's work.
Dan F (9 March 2007)
- Updated the test harness to add a new "crypto" feature check and updated the
appropriate test case to use it. For now, this is treated the same as the
"SSL" feature because curl doesn't list it separately.
Daniel (9 March 2007)
- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.
- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
machine type too.
- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
upload a file it couldn't open. Bug #1676581
(http://curl.haxx.se/bug/view.cgi?id=1676581)
Dan F (9 March 2007)
- Updated the test harness to check for protocol support before running each
test, fixing KNOWN_BUGS #11.
Dan F (7 March 2007)
- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
harness. It is very limited as it supports only ftps:// URLs with
--ftp-ssl-control specified, which implicitly encrypts the control
channel but not the data channels. That allows stunnel to be used with
an unmodified ftp server in exactly the same way that the test https
server is set up.
Dan F (7 March 2007)
- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
unencrypted data connections.
Dan F (6 March 2007)
- Fixed a couple of improper pointer uses detected by valgrind in test
cases 181 & 216.
Daniel (2 March 2007)
- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
makefiles that are included in the source release archives, generated from
the Makefile.vc6 files by the maketgz script. I also modified the root
Makefile to have a VC variable that defaults to vc6 but can be overridden to
allow it to be used for vc8 as well. Like this:
nmake VC=vc8 vc
Daniel (27 February 2007)
- Hang Kin Lau found and fixed: When I use libcurl to connect to an https
server through a proxy and have the remote https server port set using the
CURLOPT_PORT option, protocol gets reset to http from https after the first
request.
User defined URL was modified internally by libcurl and subsequent reuse of
the easy handle may lead to connection using a different protocol (if not
originally http).
I found that libcurl hardcoded the protocol to "http" when it tries to
regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
follows and it's working fine so far
Daniel (25 February 2007)
- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
the multi interface. Note that it still does a part of the connection in a
blocking manner.
Daniel (23 February 2007)
- Added warning outputs if the command line uses more than one of the options
-v, --trace and --trace-ascii, since it could really confuse the user.
Clarified this fact in the man page.
Daniel (21 February 2007)
- Ravi Pratap provided work on libcurl making pipelining more robust and
fixing some bugs:
o Don't mix GET and POST requests in a pipeline
o Fix the order in which requests are dispatched from the pipeline
o Fixed several curl bugs with pipelining when the server is returning
chunked encoding:
* Added states to chunked parsing for final CRLF
* Rewind buffer after parsing chunk with data remaining
* Moved chunked header initializing to a spot just before receiving
headers
Daniel (20 February 2007)
- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
line option.
Daniel (19 February 2007)
- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.
- Shmulik Regev found a memory leak in re-used HTTPS connections, at least
when the multi interface was used.
- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
5).
Daniel (18 February 2007)
- Jeff Pohlmeyer identified two problems: first a rather obscure problem with
the multi interface and connection re-use that could make a
curl_multi_remove_handle() ruin a pointer in another handle.
The second problem was less of an actual problem but more of minor quirk:
the re-using of connections wasn't properly checking if the connection was
marked for closure.
Daniel (16 February 2007)
- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
CURLOPT_RANGE back to no range on an easy handle when using FTP.
Dan F (14 February 2007)
- Fixed curl-config --libs so it doesn't list unnecessary libraries (and
therefore introduce unnecessary dependencies) when it's not needed.
Also, don't bother adding a library path of /usr/lib
Daniel (13 February 2007)
- The default password for anonymous FTP connections is now changed to be
"ftp@example.com".
- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
gmtime_r() like the older VC versions. He also made use of some machine-
specific defines to differentiate the "OS" define.
Daniel (12 February 2007)
- Rob Crittenden added support for NSS (Network Security Service) for the
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
This is the fourth supported library for TLS/SSL that libcurl supports!
- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
to the debug callback.
- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
internal decoding of content or transfer encoded content. This may be
preferable in cases where you use libcurl for proxy purposes or similar. The
command line tool got a --raw option to disable both at once.
- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
define set to hold the exact date and time of when the tarball was built, as
a human readable string using the UTC time zone.
- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
that has an easy handle present in the "closure" list pending closure.
Daniel (6 February 2007)
- Regular file downloads wiht SFTP and SCP are now done using the non-blocking
API of libssh2, if the libssh2 headers seem to support them. This will make
SCP and SFTP much more responsive and better libcurl citizens when used with
the multi interface etc.
Daniel (5 February 2007)
- Michael Wallner added support for CURLOPT_TIMEOUT_MS and
CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
millisecond resolution. The only restriction to that is the alarm()
(sometimes) used to abort name resolves as that uses full seconds. I fixed
the FTP response timeout part of the patch.
Internally we now count and keep the timeouts in milliseconds but it also
means we multiply set timeouts with 1000. The effect of this is that no
timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
equals 24.86 days. We probably couldn't before either since the code did
*1000 on the timeout values on several places already.
Daniel (3 February 2007)
- Yang Tse fixed the cookie expiry date in several test cases that started to
fail since they used "1 feb 2007"...
- Manfred Schwarb reported that socks5 support was broken and help us pinpoint
the problem. The code now tries harder to use httproxy and proxy where
apppropriate, as not all proxies are HTTP...
=== RELEASE 2.1pre28 ===
Wed Apr 11 01:39:36 cet 2007 mikulas:
Fixed a bug in decompression and javascript document.write introduced in
previous release (compressed data were displayed after document.write)
(BTW. because the javascript interpreter has bugs, Martin Pergel has not
time for it and the code is so messy that it couldn't be understand by
anyone else, javascript will likely be removed in next release)
=== RELEASE 2.1pre27 ===
Sat Apr 7 02:43:28 CEST 2007 mikulas:
Terminal resize, window title and clipboard support for Cygwin
Clipboard supports non-ascii characters badly, it is a limitation in
Cygwin
Wed Apr 4 23:19:00 MET 2007 Carles Pina i Estany <carles@pina.cat>:
Add more top-level domains
Sat Mar 31 03:02:40 CEST 2007 student:
win32.c file removed because in each new version of windows it doesn't
work. Don't even try to fix it unless you have computers with Windows
NT, Window 2000, Windows XP and Windows Vista side by side.
(new Cygwin emulates xterm-like mouse on the console, so it's not needed
for mouse)
Cygwin sometimes doesn't send SIGWINCH, it is its bug, so I didn't try
to fix it in links. Press twice Alt-Enter if links doesn't notify window
size change
Sun Mar 25 22:26:41 MET 2007 mikulas:
Fixed bad behaviour of scrollbars on very large documents due to integer
overflow
Wed Mar 21 22:15:25 MET 2007 mikulas:
Support for zlib, gzip and bzip2 files
Wed Mar 21 04:37:42 MET 2007 mikulas:
Limit image scaling to prevent allocation overflow
Tue Feb 6 00:23:43 MET 2007 mikulas:
Allow quotation marks in Refresh URL parameter --- fixes Google Picasa
Changes since 2.2a2 [2007/01/14]:
- Improved default color assignment (courtesy of David Nolan).
- Allow configuring a custom set of colors (courtesy of David Nolan).
- Updated RRDs::fetch usage for newer RRDtool versions (courtesy of
John Milton)
Changes from 0.18:
---
version: 0.20
date: Wed Nov 22 09:12:25 PST 2006
changes:
- Fix tests due to assumed file glob sorting. Thanks Cees.
- Fix tests where compile line numbers are off by one or two.
---
version: 0.19
date: Tue Nov 21 08:22:25 PST 2006
changes:
- Fixed setting a hash value. Reported by Theo Petersen. Thanks.
- David added ability to compile path names by passing directory to recurse
- Allow TT2 compile time options to be specified on command line.
- Create runtime code from CLI script.
- Allow Jemplate objects to be created with runtime configs.
- Port some TT2 runtime options.
- Better doc
- --runtime command prints the runtime JavaScript module
- --list lists the template names to be used
Ocsigen is a web programming framework for OCaml. It can be used as a web
server, serving static pages, but it is also possible to implement entire
web sites as OCaml modules.
WWW: http://www.ocsigen.org/
Drupal 5.1, 2007-01-29
----------------------
- fixed security issue (code execution), see SA-2007-005
- fixed a variety of small bugs.
Drupal 5.0, 2007-01-15
------------------------
- completely retooled the administration page
* /admin now contains an administration page which may be themed
* reorganised administration menu items by task and by module
* added a status report page with detailed PHP/MySQL/Drupal information
- added web-based installer which can:
* check installation and run-time requirements
* automatically generate the database configuration file
* install pre-made 'install profiles' or distributions
* import the database structure with automatic table prefixing
* be localized
- added new default Garland theme
- added color module to change some themes' color schemes
- included the jQuery JavaScript library 1.0.4 and converted all core JavaScript
to use it
- introduced the ability to alter mail sent from system
- module system:
* added .info files for module meta-data
* added support for module dependencies
* improved module installation screen
* moved core modules to their own directories
* added support for module uninstalling
- added support for different cache backends
- added support for a generic "sites/all" directory.
- usability:
* added support for auto-complete forms (AJAX) to user profiles.
* made it possible to instantly assign roles to newly created user accounts.
* improved configurability of the contact forms.
* reorganized the settings pages.
* made it easy to investigate popular search terms.
* added a 'select all' checkbox and a range select feature to administration
tables.
* simplified the 'break' tag to split teasers from body.
* use proper capitalization for titles, menu items and operations.
- integrated urlfilter.module into filter.module
- block system:
* extended the block visibility settings with a role specific setting.
* made it possible to customize all block titles.
- poll module:
* optionally allow people to inspect all votes.
* optionally allow people to cancel their vote.
- distributed authentication:
* added default server option.
- added default robots.txt to control crawlers.
- database API:
* added db_table_exists().
- blogapi module:
* 'blogapi new' and 'blogapi edit' nodeapi operations.
- user module:
* added hook_profile_alter().
* e-mail verification is made optional.
* added mass editing and filtering on admin/user/user.
- PHP Template engine:
* add the ability to look for a series of suggested templates.
* look for page templates based upon the path.
* look for block templates based upon the region, module, and delta.
- content system:
* made it easier for node access modules to work well with each other.
* added configurable content types.
* changed node rendering to work with structured arrays.
- performance:
* improved session handling: reduces database overhead.
* improved access checking: reduces database overhead.
* made it possible to do memcached based session management.
* omit sidebars when serving a '404 - Page not found': saves CPU cycles and
bandwidth.
* added an 'aggressive' caching policy.
* added a CSS aggregator and compressor (up to 40% faster page loads).
- removed the archive module.
- upgrade system:
* created space for update branches.
- forms API:
* made it possible to programmatically submit forms.
* improved api for multistep forms.
- theme system:
* split up and removed drupal.css.
* added nested lists generation.
* added a self-clearing block class.
No change on other platforms, so skipped PKGREVISION bump. Steve
has already fed the patches back to the author.
Currently the package hardcodes some search paths from /usr/pkg - I have
an sent a question to the author as to how he would best like to handle
those in his framework.
This is for PR #34808.
No ChangeLog found. Changes include: add ogg mime type, lowercase
some HTML, make it more portable, get directory details using dirent
instead of running "ls".
change:
This release introduces a changed internal item lookup handling that
changes linear list searches to two step hash map lookups. While this
might improve performance it also can introduce new instabilities.
nspluginwrapper is an Open Source compatibility plugin for Netscape
4 (NPAPI) plugins. It separates the execution environment of the
plugin from the browser, allowing a plugin compiled for one ABI to
be used in a browser compiled for another.
For example the linux 32bit Adobe Flash plugin can be used in a
native Firefox under Linux/x86_64, NetBSD and FreeBSD platforms.
To install the Linux flash player into a native Firefox browser:
- Also install multimedia/ns-flash and multimedia/libflashsupport
- Run "nspluginwrapper -i /usr/pkg/lib/netscape/plugins/libflashplayer.so"
- Run Firefox
This is working at least under NetBSD/i386 4.0_BETA with native and modular
x11.
Version 7.16.1 [requires libcurl-7.16.1 or better]
--------------
* Added constants for all libcurl (error) return codes. They
are named the same as the macro constants in curl.h but prefixed
with E_ instead of CURLE. Return codes for the multi API are
prefixed with M_ instead of CURLM.
* Added CURLOPT_FTP_SSL_CCC, CURLOPT_SSH_PUBLIC_KEYFILE,
CURLOPT_SSH_PRIVATE_KEYFILE, CURLOPT_SSH_AUTH_TYPES.
* Removed CLOSEPOLICY and friends since this option is now
deprecated in libcurl.
* Set the _use_datetime attribute on the CURLTransport class
to unbreak xmlrpc_curl.py on Python 2.5.
Version 7.16.0 [no public release]
--------------
* Added CURLOPT_SSL_SESSIONID_CACHE.
* Removed SOURCE_* options since they are no longer
supported by libcurl.
Version 7.15.5.1
----------------
* Added test for basic ftp usage (tests/test_ftp.py).
* Fix broken ssl mutex lock function when using
GNU TLS (Debian bug #380156, fix by Bastian Kleineidam)
Version 7.15.5
--------------
* Added CURLOPT_FTP_ALTERNATIVE_TO_USER,
CURLOPT_MAX_SEND_SPEED_LARGE,
and CURLOPT_MAX_RECV_SPEED_LARGE.
Version 7.15.4.2
----------------
* Use SSL locking callbacks, fixes random
crashes for multithreaded SSL connections
(patch by Jayne <corvine at gmail.com>).
Version 7.15.4.1
----------------
* Fixed compilation problem with C compilers
not allowing declarations in the middle of
code blocks (patch by
K.S.Sreeram <sreeram at tachyontech.net>).
* Fixed bug in curl_multi_fdset wrapping,
max_fd < 0 is not an error (patch by
K.S.Sreeram <sreeram at tachyontech.net>).
Version 7.15.4
--------------
* Added support for libcurl shares, patch from
Victor Lascurain <bittor at eleka.net>. See the
file tests/test_share.py for example usage.
* Added support for CURLINFO_FTP_ENTRY_PATH.
Version 7.15.2
--------------
* Added CURLOPT_CONNECT_ONLY, CURLINFO_LASTSOCKET,
CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE.
Version 7.15.1
--------------
2006-01-31 Kjetil Jacobsen <kjetilja>
* Fixed memory leak for getinfo calls that return a
list as result. Patch by Paul Pacheco.
Version 7.15.0
--------------
2005-10-18 Kjetil Jacobsen <kjetilja>
* Added CURLOPT_FTP_SKIP_PASV_IP.
Version 7.14.1
--------------
2005-09-05 Kjetil Jacobsen <kjetilja>
* Added CURLOPT_IGNORE_CONTENT_LENGTH, CURLOPT_COOKIELIST as
COOKIELIST and CURLINFO_COOKIELIST as INFO_COOKIELIST.
Version 7.14.0
--------------
2005-05-18 Kjetil Jacobsen <kjetilja>
* Added missing information returned from the info() method
in the high-level interface.
* Added the FORM_FILENAME option to the CURLFORM API
with HTTPPOST.
Version 7.13.2
--------------
2005-03-30 Kjetil Jacobsen <kjetilja>
* Unbreak tests/test_gtk.py and require pygtk >= 2.0.
2005-03-15 Kjetil Jacobsen <kjetilja>
* Cleaned up several of the examples.
2005-03-11 Kjetil Jacobsen <kjetilja>
* WARNING: multi.select() now requires the previously optional
timeout parameter. Updated the tests and examples to reflect
this change. If the timeout is not set, select could block
infinitely and cause problems for the internal timeout handling
in the multi stack. The problem was identified by
<unknownsoldier93 at yahoo.com>.
Version 7.13.1
--------------
2005-03-04 Kjetil Jacobsen <kjetilja>
* Use METH_NOARGS where appropriate.
2005-03-03 Kjetil Jacobsen <kjetilja>
* Added support for CURLFORM API with HTTPPOST: Supports a
a tuple with pairs of options and values instead of just
supporting string contents. See tests/test_post2.py
for example usage. Options are FORM_CONTENTS, FORM_FILE and
FORM_CONTENTTYPE, corresponding to the CURLFORM_* options,
and values are strings.
2005-02-13 Markus F.X.J. Oberhumer <mfx>
* Read callbacks (pycurl.READFUNCTION) can now return
pycurl.READFUNC_ABORT to immediately abort the current transfer.
* The INFILESIZE, MAXFILESIZE, POSTFIELDSIZE and RESUME_FROM
options now automatically use the largefile version to handle
files > 2GB.
* Added missing pycurl.PORT constant.
Version 7.13.0
--------------
2005-02-10 Kjetil Jacobsen <kjetilja>
* Added file_upload.py to examples, shows how to upload
a file.
* Added CURLOPT_IOCTLFUNCTION/DATA.
* Added options from libcurl 7.13.0: FTP_ACCOUNT, SOURCE_URL,
SOURCE_QUOTE.
* Obsoleted options: SOURCE_HOST, SOURCE_PATH, SOURCE_PORT,
PASV_HOST.
Version 7.12.3
--------------
2004-12-22 Markus F.X.J. Oberhumer <mfx>
* Added CURLINFO_NUM_CONNECTS and CURLINFO_SSL_ENGINES.
* Added some other missing constants.
* Updated pycurl.version_info() to return a 12-tuple
instead of a 9-tuple.
Version 7.12.2
--------------
2004-10-15 Kjetil Jacobsen <kjetilja>
* Added CURLOPT_FTPSSLAUTH (and CURLFTPAUTH_*).
* Added CURLINFO_OS_ERRNO.
2004-08-17 Kjetil Jacobsen <kjetilja>
* Use LONG_LONG instead of PY_LONG_LONG to make pycurl compile
on Python versions < 2.3 (fix from Domenico Andreoli
<cavok at libero.it>).
gitweb provides an easy to use and full-fledged web interface to
your Git repositories. It allows users to browse the contents of
all served projects, including the ability to inspect individual
files and their history for any of the available branches.
equivalent functionality in recent versions of tomcat and the JSP standard.
Mark them as BROKEN= to see if anyone is using them. They will go away soon.
go away -- I have real doubts that a version 1.1 jdk and the accompanying
swing are any use to anyone, but am not sure the newer stuff we have
supports all ports which are supported by lang/jdk.
------
v3.1.4
------
[jan] SECURITY: Correctly quote file names in cleanup script for temporary
files.
[jan] Fix RPC authentication on CGI SAPIs.
[jan] Detect unencrypted PGP messages.
----------
v3.1.4-RC1
----------
[jan] SECURITY: Fix an XSS vulnerability in the language selection.
[jan] Complete Cyrus virtual domain support in cyrsql driver (Vilius Sumskas
<vilius@lnk.lt>, Request #4967).
[jan] Add option whether to strip domains from usernames in the account block
(Request #4955).
[jan] Fix email lists not being validated under certain conditions (Bug #4834).
[cjh] Add a REST-ful preferences interface.
[cjh] Faster DataTree-to-SQL History migration script
(josh@endries.org, Request #4732).
[cjh] Improved automatic webroot detection (Ben Klang, Request #4126).
[cjh] Rewrite and fix the OCI8 SessionHandler (Bug #3452).
[cjh] Allow signup hooks to override the user_name and password fields
(thomas@gelf.net, Request #2904).
[cjh] Fix creation of mailbox quotas by the Auth_cyrus driver
(pascal@vmfacility.fr, Bug #4678).
[cjh] Add "Save and Finish" to the share edit window (webmgr@muskingum.edu,
Request #4307).
[cjh] Let mailto: and anchor (#) links through Horde::externalUrl (Bug #3079).
[cjh] Add smbclient version of the SMB Auth class (larry@wimble.biz,
Request #4338).
[cjh] Remove problematic "data descriptor" segment from generated ZIP files
(reitsma@denison.edu, Bug #4670).
[cjh] Strip accesskeys from menu tooltips when only showing icons (Bug #4667).
[jan] Fix saving files in the root directory of an SQL VFS backend (Bug #4652,
Ben Klang <ben@alkaloid.net>).
[jan] Fix displaying all maintenance tasks to be confirmed at once (Bug #4377).
[cjh] Fix return format of DataTree_null::getByAttributes()
(thomas.jarosch@intra2net.com, Bug #4651).
[jan] Support departments in vCard's ORG properties (martin@matuska.org,
Request #4285).
[cjh] Rename Auth_sasl backend to Auth_peclsasl to avoid conflicts with PEAR's
Auth_SASL (Bug #4547).
[cjh] Implement handling of vTimezones in iCalendar data
(Carl Thompson <lists-horde@carlthompson.net>, Bug #4399).
[cjh] keybindings.js now works with Safari/KHTML.
[jan] Avoid recursive folder creation when sharing Kolab folders
(michael.sheldon@credativ.de, Bug #4325).
[jan] Add Kolab specific account block driver to support special Kolab users
(mzizka@hotmail.com, Request: #4119).
[mms] Only dim below the last signature line of input text in the dimsignature
Text_Filter driver.
Changes to squid-2.6.STABLE11 (Mar 17 2007)
- Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
!conn->body.request"
- Handle garbage helper responses better in concurrent protocol format
- Fix kqueue when overflowing the changes queue
- Make sure the child worker process commits suicide if it could
not start up
- Don't log short responses at debug level 1
- Fix bswap16 & bwsap32 error on NetBSD
- Fix collapsed_forwarding for non-GET requests
Changes:
* Apply [5709] to stable.
* session_enabled? works with session :off.
* Performance: patch cgi/session to require digest/md5 once rather than per
#cre ate_new_id.
4.20 - Monday, December 4, 2006
* INTERNAL: No Changes since 4.20_1. Declaring stable.
4.20_1 - Friday, November 24, 2006
* FIX: -ip_match now works even when it's not the last import item. (RT#21779)
* FIX: In the PostgreSQL driver, a race condition is when storing is now worked around. (Mark Stosberg)
* FIX: Added important clarification and example to MySQL driver docs that the session column
needs to be defined as a primary key to avoid duplicate sessions. (Justin Simoni, Mark Stosberg)
* FIX: The default serializer now works correctly with certain data structures. (RT#?) (Matt LeBlanc)
* FIX: A documentation bug in find() was fixed (Matt LeBlanc)
* FIX: Documented how to declare a database handle to be used on demand, which was introduced
in 4.04. (Mark Stosberg)
* FIX: Connections made with SQLite now disconnect only when appropriate, instead of always.
This addresses a symptom seen as "attempt to prepare on inactive database handle"
(Jaldhar Vyas, Sherzod, Mark Stosberg)
* FIX: Args to the constructor for CGI::Session and the drivers are now always shallow
copied rather than used directly, to prevent modification.
(RT#21952, Franck Porcher, Sherzod, Mark Stosberg)
* FIX: The documentation for expire($param, $time) was made more explicit
(pjf, Mark Stosberg)
* NEW: Added recommended use of flush() to the Synopsis (Michael Renner, RT#22333)
* NEW: Added links to Japanese translations of the documentation (Makio Tsukamoto)
http://digit.que.ne.jp/work/index.cgi?Perldoc/ja
* INTERNAL: Update test to workaround YAML versions less than 0.58. (Matt LeBlanc)
* INTERNAL: param() code was refactored for clarity (Mark Stosberg, Ali ISIK, RT#21782)
* INTERNAL: new() and load() were refactored (Ali Isik)
* INTERNAL: renamed some environment variables used for testing (Ron Savage)
* INTERNAL: Multi key-value syntax of param() now always returns number of keys
successfully processed, 0 if no key/values were processed.
4.14 - Sunday, June 11, 2006
* NEW: The find() command now has better documentation. (Ron Savage, Matt LeBlanc)
* FIX: find() no longer changes the access or modified times (RT#18442) (Matt LeBlanc)
* FIX: param() called with two parameters now returns the value set, if any (RT#18912) (Matt LeBlanc)
* FIX: driver, serializer, and id generator names are now untainted (RT#18873) (Matt LeBlanc)
* INTERNAL: automatic flushing has been documented to be unreliable, although
it was recommended in the past. Automatic flushing can be affected adversely
in persistent environments and in some cases by third party software. There are
also some cases in which flushing happened automatically in 3.x, but quit working
with 4.x. See these tickets for details.
http://rt.cpan.org/Ticket/Display.html?id=17541http://rt.cpan.org/Ticket/Display.html?id=17299
4.13 - Wednesday, April 12, 2006
* FIX: Applied patch to fix cookie method (RT#18493,Nobuaki ITO)
* FIX: Berkeley DB 1.x exhibits a bug when used in conjunction with O_NOFOLLOW. Because of this,
we've removed it from the db_file driver. It will still attempt to stop symlinks but the
open itself has dropped the flag. (Matt LeBlanc)
* FIX: json and yaml db_file tests now check for the presence of DB_File. (Matt LeBlanc)
4.12 - Friday, April 7, 2006
* SECURITY: Fix possible SQL injection attack. (RT#18578, DMUEY)
4.11 - Friday, March 31, 2006
* FIX: Since 4.10, using name() as a class method was broken. This has
been fixed, and regression tests for both uses have been added. (Matt LeBlanc)
4.10 - Tuesday, March 28, 2006
* SECURITY: Hopefully this settles all of the problems with symlinks. Both the file
and db_file drivers now use O_NOFOLLOW with open when the file should exist and
O_EXCL|O_CREAT when creating the file. Tests added for symlinks. (Matt LeBlanc)
* SECURITY: sqlite driver no longer attempts to use /tmp/sessions.sqlt when no
Handle or DataSource is specified. This was a mistake from a security standpoint
as anyone on the machine would then be able to create and therefore insert data
into your sessions. (Matt LeBlanc)
* NEW: name is now an instance method (RT#17979) (Matt LeBlanc)
4.09 - Friday, March 16th, 2006
* SECURITY: Applying security patch from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555 (Julien Danjou)
4.08 - Thursday, March 15th, 2006
* FIX: DESTROY was sometimes wiping out exception handling. RT#18183, Matt LeBlanc.
* SECURITY: Resolve some issues in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555
- db_file and file now check for symlinks either explicitly or by using O_EXCL on sysopen
- file creation umask defaults to 660
* NEW: db_file and file drivers now accepts a UMask option. (Matt LeBlanc)
* INTERNAL: test suite clean up (Tyler MacDonald)
VERSION 3.0301
This is a bugfix release to repair these main items:
- optgroups bugfix for complex arrays
- removal of HTML::Entities support due to utf8 issues
- new es_ES Messages module with better translations
- a patch from Mark Hedges to enable plugin modules for mailresults()
The rest of the features remain the same as below.
VERSION 3.03
Subclassable Fields
Each field is now rendered by its own class, named for the field type.
For example, text fields are rendered by
"CGI::FormBuilder::Field::text". This allows you to create custom field
types and plugging them in by creating your own
"CGI::FormBuilder::Field::whatever_you_want" module. Thanks to Peter
Eichman for his contributions to this scheme.
Messages Localization
All messages are now handled in a similar way to field types: They are
delegated to "CGI::FormBuilder::Messages::locale" where "locale" is the
appropriate string such as "en_US" or "da_DK". A number of localizations
are included as part of the standard distribution.
There are two ways to use these messages: Either the 'auto' messages
mode or by specifying a specific locale:
my $form = CGI::FormBuilder->new(messages => 'auto'); # check client
my $form = CGI::FormBuilder->new(messages => ':da_DK'); # specified
You can create your own messages by copying "_example.pm" and modifying
it for your language. When using messages in this way, the HTTP Charset
is changed to "utf-8".
Select optgroup support
By using the "field()" option "optgroups", you can now cause select
fields to automatically generate optgroup tags:
$form->field(name => 'browser', options => \@opt, optgroups => 1);
See the documentation on "optgroups" for more details.
Data::FormValidator Support
Thanks to another great patch from Peter Eichman, "Data::FormValidator"
is supported as a validation option to "new()", just by passing it in as
an object. See the documentation on "validate" for more information.
Option sorting by LABELNAME or LABELNUM
You can now sort options by "LABELNAME" or "LABELNUM", similar to the
value-based sorting of "NAME" and "NUM". See the documentation for more
details.
XHTML Compliance
Generated code now validates against <http://validator.w3.org>. This
includes stuff like lowercase "get" and "post" methods, lowercase
"onchange" and "onsubmit" actions, and so on.
Version 3.27
1. Applied patch from Steve Taylor that allows checkbox_groups to be
disabled with a new -disabled=> option.
Version 3.26
1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
3. Added "~" as an unreserved character in escape().
4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
Version 3.25
1. Fixed the link to the Netscape frames page.
2. Added ability to specify an alternate stylesheet.
3. Add support for XForms POST submssion both as application/xml or as multipart/related
Version 3.24
1. In startform(), if request_uri() returns undef, then falls back
to self_url(). This should rarely happen except when run outside of
the CGI environment.
2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
Version 3.23
1. Typo in upload() persisted, now fixed for real. Thanks to
Emanuele Zeppieri for correct patch and regression test.
Version 3.22
1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
Version 3.21
1. Don't try to read data at all when POST > $POST_MAX.
2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019).
Changes since 1.0.6:
Bluefish 1.0.7 (05 November 2006)
---------------------------------
- Updated translations: French, Japanese.
- Adds datarootdir to all Makefile.in to avoid warnings with autoconf 2.60
- Fixes application/bluefish-project MIME type icon name
- Fixes Tcl highlighting
- Fixes a bug when trying to save a file with a new install and a file has
never been opened or a project is not open. Closes bug #360401.
- Fix a bug where Bluefish would crash when deleting multiple bookmarks.
- Fix a bookmark memory leak
- Fix a bug where the editor tab was incorrectly displayed when moving a
document to another window.
- README: more complete README
Trac-0.10.3.1-ja-1 (Mar 12, 2007)
* Merge trac-0.10.3.1
* Translate Messages into Japanese.
* trac/attachment.py
* trac/versioncontrol/web_ui/browser.py
* Fixes unified diff download error.
* trac/versioncontrol/web_ui/changeset.py
* Update to current statement.
* README.trac-ja
Trac 0.10.3.1 (March 8, 2007)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.3.1
Trac 0.10.3.1 is a security release:
* Always send "Content-Disposition: attachment" headers where potentially
unsafe (user provided) content is available for download. This behaviour
can be altered using the "render_unsafe_content" option in the
"attachment" and "browser" sections of trac.ini.
* Fixed XSS vulnerability in "download wiki page as text" in combination with
Microsoft IE. Reported by Yoshinori Oota, Business Architects Inc.
* Fix buffer under-read in URI parser (Laszlo Boszormenyi, CVE-2007-0157)
* Fix regression in handling of "attempt" argument passed to auth callbacks;
ensure the value only increments for each invocation of the callback
* Fix handling of "nextnonce" parameter in Digest authentication
Changes 0.26.2:
* Fix error reported for LOCK responses lacking a Lock-Token header.
* Use Libs.private in neon.pc for newer versions of pkg-config.
* Build fix for platforms without libintl.h.
* Build fixes for MinGW.
* Build fix for h_errno detection on HP-UX 10.
* Win32: enable debugging; build fixes with some SDKs.
Changes 0.26.1:
* Build fixes for Win32 (D.J. Heap) and OS X.
* Add Simplified Chinese translation
Changes in release 0.26.0:
* Added internationalization support:
* Added support for GnuTLS
* Changes and additions to URI support:
* Changed results callbacks for ne_lock_discover, PROPFIND interfaces:
* Added functions which give control over authentication protocol use:
* Added ne_unhook_* functions to remove hooks
* Added ne_set_session_flags()/ne_get_session_flags() functions:
* Added ne_set_request_flags()/ne_get_request_flags() functions:
* Change ne_md5.h interface to make struct ne_md5_ctx opaque:
* Fixed ne_get_range(), added ne_get_range64()
* Removed NE_FREE() macro from ne_alloc.h
* Added ne_strcasecmp(), ne_strncasecmp(), ne_tolower() functions
* Changed ne_sock_init()/ne_sock_exit() such that ne_sock_exit()
* Added "--enable-threadsafe-ssl=posix" configure flag, to enable
* The manual is now licensed under the GPL rather than the GFDL
Packaged by David Rankin and provided in PR 33248.
Kwiki plugin to archive pages using CVS.
(This package includes the http://www.kwiki.org/?PatchKwikiArchiveCvs patches
to make Kwiki::Archives::Cvs work with Kwiki::Revision.)
Trac 0.10.3.1 (March 8, 2007)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.3.1
Trac 0.10.3.1 is a security release:
* Always send "Content-Disposition: attachment" headers where potentially
unsafe (user provided) content is available for download. This behaviour
can be altered using the "render_unsafe_content" option in the
"attachment" and "browser" sections of trac.ini.
* Fixed XSS vulnerability in "download wiki page as text" in combination with
Microsoft IE. Reported by Yoshinori Oota, Business Architects Inc.
1.22 Fri Mar 2 00:05:57 CST 2007
[INTERNALS]
Added new tests.
Added Perl::Critic changes and a perlcriticrc file.
1.21_04 Sat Oct 7 21:35:42 CDT 2006
[FIXES]
* $mech->content( type => 'text' ) was not freeing memory. Thanks to
Cat Okita for finding it.
[INTERNALS]
* Made the order of parms to $mech->content() not relevant.
1.21_03 Sat Oct 7 01:21:46 CDT 2006
[THINGS THAT MAY BREAK YOUR CODE]
* The methods $mech->form() and $mech->follow() have been removed.
They've been deprecated since 1.10, which was released in Feb 2005.
[ENHANCEMENTS]
* I'm trying to nail down what seems to be a memory leak on long-running
Mech programs. I'm stringifying URI::URL objects wherever I can.
[INTERNALS]
* No longer uses UNIVERSAL.
1.21_02 Wed Oct 4 13:14:30 CDT 2006
[ENHANCEMENTS THAT MAY BREAK YOUR CODE]
* The $mech->stack_depth() setting had no way to say "don't cache any
pages at all". How silly!
Now, if you set $mech->stack_depth(0), no history of pages will be kept.
In the past, it would mean "Keep all pages." This means that if you want
to set it to keep all pages, set it to some ridiculously large number.
[DOCUMENTATION]
* The docs previously refered to Compress::Gzip instead of Compress::Zlib.
1.21_01 Mon Sep 18 17:18:43 CDT 2006
[ENHANCEMENTS]
* If Compress::Zlib is installed, gzipped content is now
accepted and transparently decoded. No additional syntax needed!
This should save time and bandwidth in a number of cases.
(Mark Stosberg)
* Added a put() method. It also calls a subfunction called
_SUPER_put that will be removed once LWP::UserAgent supports put().
New features (some are compile-time options):
* INFO and Options pages are laid out properly for multibyte locales,
accounting for character widths.
* change configure option default for --enable-justify-elts to true.
Change default for JUSTIFY to "false".
* add PREFERRED_ENCODING to lynx.cfg, along with an options-menu
selection for this, to set "Accept-Encoding:" string
* add PREFERRED_MEDIA_TYPES to lynx.cfg, corresponding to the option for
HTFilterPresentations(). A minimal set of media types is used by
default, though the old behavior can be selected
* add -nonumbers option, which modifies the output of -dump to suppress
the link-numbering
* add -listonly option, which modifies the output of -dump to show only
the list of links
* add -syslog-urls option and lynx.cfg settings (SYSLOG_TEXT,
SYSLOG_REQUESTED_URLS) to allow syslog'ing of URLs to be optional.
This cannot be set from the options menu
* the -version option shows the version of ncurses, curses, etc., from
runtime data when available.
* add -notitle option to suppress title line and following blank line to
maximize screen use for small displays
* add -nomargins option to suppress left/right margins to maximize
screen use for small displays
* add NO_MARGINS and NO_TITLE to lynx.cfg
* add NESTED_TABLES setting to lynx.cfg to allow site override of the
built-in default
* add DEFAULT_COLORS item to lynx.cfg to allow disabling the default
colors feature at runtime, allowing better matching of old color
scheme via a script
* add -stderr option to write error messages when doing a -dump -or
-source. Normally these are written to the status line but that does
not exist when dumping to standard output
* add configure --enable-largefile / --disable-largefile options.
* add --enable-widec configure option to allow building lynx without
wide character support using ncursesw, to accommodate users with older
releases of ncurses
Other enhancements:
* improve SSL support:
* updated README.sslcerts
* update CF_GNUTLS macro to look for -lgnutls-openssl as well as
the older -lgnutls-extra library
* modify HTLoadHTTP() to interpret leading asterisks in common name
fields as wildcards
* suppress OpenSSL URL from version message if it happens to be
built using GNU TLS (or other libraries which happen to define
symbols to pretend they are OpenSSL).
* improve HTML interpretation:
* fix function, which was checking for the absence only of some
nonstandard encodings (8bit, 7bit, binary) rather than for the
presence of the encodings as specified in RFC 2068 (gzip,
compress, etc). This makes lynx able to view a site which puts
the charset as the Content-Type
* add "deflate" to the encoding types which lynx implements. This
consists of several parts
* adapted logic from w3m's inflate.c to construct an internal
"deflate" decompressor. Tested this with
http://carsten.codimi.de/gzip.yaws/
* add "deflate" to the options menu.
* modify logic that builds "Accept-Encoding" value to omit
encodings which have no external decompressor associated.
The effect of this change is to allow lynx to behave as it
did before adding the (possibly incomplete) "inflate"
support.
* add INFLATE_PATH to lynx.cfg, to optionally specify an
external program which can be used to decompress deflated
files. For testing, a shell script using w3m's utility,
e.g., /usr/lib/w3m/inflate, sufficed. NOTE: As currently
implemented, lynx requires the external decompression
programs to be specified even if it can decompress using
library calls.
* use ".zz" for suffix of downloaded (but not inflated)
deflated files, mapped to application/deflate and
application/x-deflate.
* modify source-view toggle to keep the current anchor visible.
Toggling source view may change the line number on which the
anchor is found, requiring some adjustment. This feature is
implemented only for source cached pages
* fixes to source-view of ftp:// and file:// URLs, i.e., eliminate
redundant PRE's, add DOCTYPE and meta tags
* correct parsing of embedded URLs which have parameters but no
path, e.g., base
http://wj55.org/Minutes.php
and embedded
?date_meeting=2004-08-31
* add presentation type for application/xml and text/xml mime types
as per
http://www.w3.org/TR/xhtml-media-types/http://www.w3.org/TR/2002/NOTE-xhtml-media-types-20020801
which states that they may be used, though application/xhtml+xml
is the preferred media type
* add presentation type for application/xhtml+xml mime type as per
RFC 3236
* add presentation for text/css, to allow browsing ".css" files
* force a newline in HTML_end_element() after a </pre>, which
causes lines containing only whitespace before the </pre> to
display a new line, rather than putting that whitespace before
text that follows the </pre>
* following a link consisting of a "#" fragment will move the
cursor to the link containing the target rather than simply
ensuring that it is visible
* improvements to character sets and display:
* new message files for localization: rw.po, vi.po
* updated message files for localization: cs.po, da.po, de.po,
et.po, fr.po, hu.po, nl.po, pt_BR.po, sv.po, tr.po
* use puts() rather than printf() in some messages to avoid chance
of "%" in the translation
* modify HTConfirmCookie() to ensure the translator's note is
copied into the lynx.pot file, by adding a gettext("Y/N/A/V")
call after the comment
* improve layout of options-menu and info-page for multibyte
character sets by computing the extent of the labels. This works
only for wide-character curses.
* add ISO-8859-13 and ISO-8859-14 chrtrans tables, revise
ISO-8859-10 based on
http://czyborra.com/charsets/iso8859.html
Change display name for ISO-8859-10 to indicate the region
* improve checking if the current character set does not match the
character set inferred from the locale. This reduces the number
of cases where line-drawing in the options menu does not work
* improve recovery when a charset is found that cannot be
translated. Before this change, the charset was not stripped from
the format string, e.g.,
text/html; charset=big5
and since there would be no match for the format, lynx would
offer to simply download the page (if interactive), or refuse to
format (for dumps). Although the content of the page is unusable,
the user can still navigate the page using the links which may be
there
* modify logic for locale_charset configuration variable so it is
not modified simply by saving the .lynxrc while in running in a
non-locale configuration. That does not alter the display charset
used by lynx
* improve workaround for line-drawing characters with
font-switching by checking if the loaded font has line-drawing
characters in the same positions as the terminal description,
rather than simply ignoring line-drawing when the codeset differs
* workaround for codepage support on OS/2 by changing the effect of
unctrl(). Add/use new preferred function use_legacy_coding() to
ncurses which provides the same effect with the wide-character
ncursesw
* improve def7_uni.tbl substitutions for the symbols beginning at
U+2600
* add experimental option --enable-japanese-utf8 for using libiconv
for Japanese and UTF-8
* improvements to color-style:
* change configure script --enable-color-style so it is enabled by
default
* add COLOR_STYLE setting to lynx.cfg
* change default initialization of color-style code when no lss
file is given to simulate the non-color-style code. There are
some visual differences, e.g., links that contain a mixture of
styles will display with mixed colors, but overall the visual
effect matches the non-color-style code well enough to change the
default configuration. If an empty string is given for the lss
filename, this is treated as an empty style file, and lynx will
not use its built-in default color style. To make the behavior
easier to diagnose, lynx will now exit with an error if it cannot
find the lss file.
* improve interaction with user:
* highlight the target and pause for 20 milliseconds when selecting
a link with the mouse
* modify behavior when user attempts to toggle a radiobutton off,
to make the message that one radio button must be selected only
in novice mode
* modify column limits, allowing text to be written to the last
column on the screen. This allows users to view text which is
formatted for 80 columns without the last character of each line
wrapping to the next line
* prompt user, displaying the command that would be executed, to
confirm that it should be. This makes it easier to notice when a
local program would be run by activating a lynxcgi link. This is
not done in advanced mode, since the URL is already visible in
the status line
* modify HTSaveAndExecute() to check first for result from
HTFileSuffix() before choosing between BIN_SUFFIX and
HTML_SUFFIX. This allows the PDF viewer on OS X to get the proper
suffix (.pdf) rather than .bin
* add check for failure to write to disk, e.g., on disk full, and
report error condition via HTAlert()
* modify suggested_filename() to strip bzip2's ".bz2" suffixes as
well as ".zz" suffixes
* modify INFO-page to list the rendered size in bytes if the
Content-Length is not available
* print the contents of image maps, if any, at the end of a dump
* command-line options that toggle or set a boolean now accept
"true" and "false" strings.
* improve interaction with other programs:
* strip special characters such as '%' from parameters passed to
external programs for EXTERNAL mechanism on Windows platform.
This is ifdef'd with WIN_EX
* improve cookie support:
* modify HTConfirmCookie() and statusline() to allow cookie prompt
message in Japanese to not be truncated when using wide-curses
* make the maximum number of cookies configurable in lynx.cfg,
added MAX_COOKIES_DOMAIN, MAX_COOKIES_GLOBAL and
MAX_COOKIES_BUFFER
* improvements to debug/traces:
* use symbol USE_VERTRACE in HTUtils.h to allow makefiles that do
not use the configure script to turn on the equivalent --enable
vertrace feature
* improvements to scripting/logging:
* make "lynx -version" work in the absence of ".cfg" or ".lss"
files
* modify print_wwwfile_to_fd() and print_crawl_to_fd() to ensure
that no trailing blanks are written in a -dump, etc.
* correct parsing of "key 0xNN" lines in command-scripts, had
omitted a "!" to invert a check
* modify initialization so that
cat options.txt | lynx -
will allow interactive use
* other improvements:
* modify logic for -dump so it can dump all pages listed on the
command line
* lynx accepts multiple URLs on the command line; all are added to
G)oto history. Documented this in manpage
* add (ifdef'd with EXP_HTTP_HEADERS) code to display the full text
of the HTTP headers in the INFO page.
* modify treatment of symbolic links for ftp-URLs to show the link
target, as with the local directory editor
* correct sort-order of local directory listing, using the target
of a symbolic link to determine whether it is grouped with files
or directories
* modified mailcap command and testcommand substitutions to provide
for running the testcommand's after program initialization
* read user's ".newsauth" file for news-server authentication
information
* escape "From " when it appears in a page which is mailed, to
avoid confusing mail clients
* add "Anonymous FTP Password" to Options menu, to allow user to
override use of personal email address as the anonymous ftp
password
New/improved sample files:
* add script samples/oldlynx, which gives the non-color-style scheme
using an executable built for color-style
* add scripts/tbl2html.pl, which can be used to generate test pages for
the charsets from src/chrtrans/*.tbl
* add test/special_urls.html
* modify ".lss" files to work equally well on terminals setup with white
text on black background, or the reverse. This also required fixing a
few places in LYsubwindow() and curses_w_style() to make window
backgrounds use the colors given in the ".lss" default- and
normal-colors lines
* make ".lss" example files somewhat readable by modifying parser to
remove blanks from the color description lines and modifying the
example files to use this feature
New ports:
* none
(it seems to run everywhere, but there are a few possibilities)
Improvements to existing ports:
* UNIX:
* improve configure script macro CF_XOPEN_SOURCE, ensuring that
_POSIX_C_SOURCE is defined with a value.
* revise configure script check whether _POSIX_C_SOURCE should be
defined, taking into account the _POSIX_SOURCE definition
* Linux:
* add codepage 857 (DOSTurkish), since console-tools package
provides a suitable font
* update Linux console font support to use console-tools package.
The configure script checks for consolechars and setfont programs
(must find at least one). The corresponding SETFONT_PATH can be
set in lynx.cfg to provide a choice between the two
* modify configure script to check for Intel compiler 8.0 (and
9.0).
* some others [stripped]
Improvements for maintainability and testing:
* remove macros such as ARGS1, NOPARM which supported K&R compilers
* make ANSI C required, drop support for K&R C.
* add scripts/indent.sh, use this to reindent C source files
* add tags rules to makefile.in's
* modify makefile.in to ensure that scripts are prefixed with $(SHELL),
in case packager has stripped executable permissions from scripts,
e.g., by using CVS
* modify configure script and makefiles to allow cross-compiling
* add --with-system-type option to configure script to simplify testing
the case-statements involving $host_os
* change configure script to put the ".cfg" and ".lss" files by default
in the --sysconfdir, e.g., $prefix/etc, and the help-files in lynx_doc
and lynx_help directories under --datadir, e.g.,
$prefix/share/lynx_doc, $prefix/share/lynx_doc. To obtain the old
behavior, use configure --sysconfdir=/usr/local/lib
--datadir=/usr/local/lib
* add configure options --with-cfg-file and --with-lss-file to allow one
to specify the names and paths of the default configuration and
color-style files
* filter out obsolete URLs from the customizations saved during install
of lynx.cfg
* rename test/iso8859-1.html and test/iso88592.html to
test/iso-8859-1.html and test/isoi-8859-2.html, corresponding to the
proper MIME names to simplify test-scripts
* update test/iso8859-1.html (minor fixes) from
http://www.ramsch.org/martin/uni/fmi-hp/iso8859-1.html
* applied lynx's changes to updated files from ftp.unicode.org to take
advantage of less restrictive copyright
As well as security-related changes:
* eliminate fixed-size buffers in HTrjis() and related functions to
avoid potential buffer overflow in nntp pages
* eliminate fixed-size buffers in LYExpandHostForURL() to guard against
buffer overflow resulting from too-long domain prefix/suffix data from
lynx.cfg
* reduce TRST_MAXROWSPAN and TRST_MAXCOLSPAN to 200, which is more
plausible than 10000 by 1000.
* limit TEXTAREA columns to the screen width, and rows to 3 times the
screen height.
And finally:
* A lot of bug fixes
* A lot of documentation changes.
* A lot of dead code removed
the exact names of the freebl libraries depends on the platform and they
have a habit of changing even on minor releases. This causes these mozilla
packages to be broken quite a lot on platforms other than NetBSD/i386.
Hopefully this fix will last longer than previous ones. pkgrevision bumps
all around.
Changes to squid-2.6.STABLE10 (Mar 4 2007)
- Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
- various diskd bugfixes
- In the access.log hierarchy field log the unique peer name
instead of the host name
- unlinkdClose() should be called after (not before) storeDirSync()
- CLEAN_BUF_SZ was defined, but never used anywhere
- logging HTTP-request size
- Fix icmp pinger communication on FreeBSD and other not supporing
large dgram AF_UNIX sockets
- Release objects on swapin failure
- Bug #1787: Objects stuck in cache if origin server clock in future
- Bug #1420: 302 responses with an Expires header is always cached
- Primitive support for HTTP/1.1 chunked encoding, working around
broken servers
- Clean up relations between TCP probing and DNS checks of peers with
no known addresses.
- Fix a minor HTML coding error in ftp directory listings with // in
the path
- Bug #1875, #1420. Cleanup of refresh logics when dealing with
non-refreshable content
- Negotiate authentication fixed again. Broken since STABLE7 by the
patch for Bug #1792.
- Bug #1892: COSS tries to shut down the same directory twice on exit
- Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
entries
- Added support for Subversion HTTP request methods MKACTIVITY,
CHECKOUT and MERGE.
* Updated PCRE to version 7.0.
* Fixed segfault in ext/session when register_globals=On.
* Fixed (segfault in cURL extension).
* Fixed (possible cURL memory error).
* Fixed (imagettftext() multithreading issue).
* Fixed (ext/interbase compile failure).
* Fixed (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed).
4.4.5
# Upgraded PEAR to 1.5.0.
# Updated PCRE to version 6.7.
# Moved extensions to PECL: ext/ovrimos
# Added a meta tag to phpinfo() output to prevent search engines from indexing the page.
# Backported a fix in the configure tests to detect the "rounding fuzz".
# Backported fix for ext/imap compilation failure with recent c-client versions.
# Fixed missing open_basedir check inside chdir() function.
# Fixed (Compile fails when using GCC 4.1.1/binutils 2.17).
# Fixed (pg_insert/pg_update do not allow now() to be used for timestamp fields).
# Fixed (using autoconf 2.6x and --with-layout=GNU breaks PEAR install path).
# Fixed (Using $this not in object context can cause segfaults).
# Fixed (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled).
# Fixed (ftp_put() does not change transfer mode to ASCII).
# Fixed (ftp_nlist() returns false on empty dirs).
# Fixed (Allow building of curl extension against libcurl 7.16.0).
# Fixed (curl_exec() with return transfer returns TRUE on empty files).
# Fixed (Fixed a possible open_basedir bypass in tempnam()).
# Fixed (ldap_connect causes segfault with newer versions of OpenLDAP).
# Fixed (parse_url() fails if passing '@' in passwd).
# Fixed (Calling undefined method prints insufficient error message).
# Fixed (segfault when calling setlocale() in userspace session handler).
# Fixed (constructor is not called for classes used in userspace stream wrappers).
# Fixed (wddx_serialize_value() generates no wellformed xml).
# Fixed (aggregate_methods_by_list fails to take certain methods).
# Fixed (natcasesort() causes array_pop() to misbehave).
# Fixed (CURLOPT_HEADERFUNCTION, couldn't set the function in the class).
# Fixed (recursive array_walk causes segfault).
