* Polish translation update.
* SSL patch for Solaris and other systems without /dev/random
* Links-now button.
* Belarusian translation
* Swaped open and closed folder symbol in bookmarks.
* Fixed Solaris keyboard translation bug.
Previously, if apache_start was set in /etc/rc.conf and /etc/rc.d/apache was
loaded as part of the /etc/rc start sequence, apache_start's value would
be overridden by "apache_start=start" in this script, because /etc/rc.conf
would have already been loaded and load_rc_config() would not reload it again.
This problem would not have been seen if /etc/rc.d/apache was started
manually, or /etc/rc.conf.d/apache or @PKG_SYSCONFDIR@/apache_start.conf
was used to set apache_start.
(I am using /etc/rc.conf, and was wondering why apache wasn't starting
with ssl support at boot, but worked after a manual restart...)
http://www.squid-cache.org/Versions/v2/2.5/bugs/.
Now try to install more authentication modules, but those modules
should be handled by proper frame work (Curretly, SASL modules
aren't handled).
Changes to squid-2.5 ():
- Major rewrite of proxy authentication to support other schemes
than basic. First in the line is NTLM support but others can
easily be added (minimal digest is present). See Programmers Guide.
(Robert Collins & Francesco Chemolli)
- Reworked how request bodies are passed down to the protocols.
Now all client side processing is inside client_side.c, and
the pass and pump modules is no longer used.
- Optimized searching in proxy_auth and ident ACL types. Squid should
now handle large access lists a lot more efficiently.
(Francesco Chemolli)
- Fixed forwarding/peer loop detection code (Brian Degenhardt) -
now a peer is ignored if it turns out to be us, rather than
committing suicide
- Changed the internal URL code to obey appendDomain for internal
objects if it needs appending. This fixes weirdnesses where
a machine can think it is "foo.bar.com", and "foo" is requested.
(Brian Degenhardt)
- Added the use of Automake to create the Makefile.in's in the squid
source tree. This will allow libtool in the future, and immediately
allows better dependency tracking - with or without gcc - as well
as the dist-all and distcheck targets for developers which respectively
build a tar.gz and a tar.bz2 distribution, and check that what will be
distributed builds.
- Added TOS and source address selection based on ACLs,
written by Roger Venning. This allows administrators to set
the TOS precedence bits and/or the source IP from a set of
available IPs based upon some ACLs, generally to map different
users to different outgoing links and traffic profiles.
- Added 'max-conn' option to 'cache_peer'
- Added SSL gatewaying support, allowing Squid to act as a SSL server
in accelerator setups.
- SASL authentication helper by Ian Castle
- msntauth updated to v2.0.3
- no_cache now applies to cache hits as well as cache misses
- the Gopher client in Squid has been significantly improved
- Squid now sanity checks FTP data connections to ensure the
connection is from the requested server. Can be disabled if
needed by turning off the ftp_sanitycheck option.
- external acl support. A mechanism where flexible ACL checks
can be driven by external helpers. See the external_acl_type
and acl external directives.
- Countless other small things and fixes
- HTML pages generated by Squid or CacheMgr as well as the
ERR documents now contain a doctype declaration so that
browsers know which HTML specification the document uses.
In addition to that they have a new look (background-color, font)
and are valid according to the HTML standards at www.w3.org.
(Clemens Löser)
- Login and password send to Basic auth helpers is now URL escaped
to allow for spaces and other "odd" characters in logins and
passwords
- Proxy Authentication is no longer blindly forwarded to peer
caches if not used locally. If forwarding of proxy authentication
is desired then it must now be configured with the login=PASS
cache_peer option.
- Responses with Vary: in the header are now cached by squid.
(Henrik Nordstrom).
- Removed unused 'siteselect_timeout' directive.
This allows the the user to choose 'custom' as an installation method
as well as 'complete' or 'recommended'. This obsoletes the NS_INST
variable and reduces likeliness of errors due to not properly set PKG_LANG.
Some more re-organizing wrt Linux-emul root etc: the installer behaves
differently according to who runs 'make'. (Try to) clean up parts of
the emul root if it was used, too.
These changes should help address some of the issues pointed out in
PR pkg/18606 and PR pkg/18615.
Changes:
- Compatible with 1.0.x, 1.1.x and 1.2a
- Compatible with gcc 3.2 with --disable-werror
- Complete Basic Sidebar support
- Basic means basic. No XUL sidebars supported.
- Proxy prefs should actually be respected for a change
- Support for forcing all cookies to be session cookies
- Fixed almost all downloader progress dialog related crashes.
- Helper app handling improved, and a number of bugs fixed
discovered in version 1.3.26 including these security fixes:
- SECURITY: CAN-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page. The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
a domain that allows wildcard DNS. [Matthew Murphy]
- SECURITY CAN-2002-0843 (cve.mitre.org)
Fix some possible overflows in ab.c that could be exploited by
a malicious server. Reported by David Wagner. [Jim Jagielski]
- SECURITY CAN-2002-0839 (cve.mitre.org)
Add the new directive 'ShmemUIDisUser'. By default, Apache
will no longer set the uid/gid of SysV shared memory scoreboard
to User/Group, and it will therefore stay the uid/gid of
the parent Apache process. This is actually the way it should
be, however, some implementations may still require this, which
can be enabled by 'ShmemUIDisUser On'. Reported by iDefense.
[Jim Jagielski]
- Upgraded to Apache 1.3.27.
- Fixed internal error handling for CRL verification.
- Initialize OpenSSL ENGINE before initializing OpenSSL
to workaround problems with the PRNG.
- Also find "openssl" executable in "sbin" directories.
- Honor specified number of maximum bytes on SSLRandomSeed
if reading from EGD.
- Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables.
discovered in version 1.3.26 including these security fixes:
- SECURITY: CAN-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page. The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
a domain that allows wildcard DNS. [Matthew Murphy]
- SECURITY CAN-2002-0843 (cve.mitre.org)
Fix some possible overflows in ab.c that could be exploited by
a malicious server. Reported by David Wagner. [Jim Jagielski]
- SECURITY CAN-2002-0839 (cve.mitre.org)
Add the new directive 'ShmemUIDisUser'. By default, Apache
will no longer set the uid/gid of SysV shared memory scoreboard
to User/Group, and it will therefore stay the uid/gid of
the parent Apache process. This is actually the way it should
be, however, some implementations may still require this, which
can be enabled by 'ShmemUIDisUser On'. Reported by iDefense.
[Jim Jagielski]
This is a stable branch of mozilla.
A select group of APIs have been marked "@FROZEN. Mozilla.org intends
to maintain API compatibility for this set until next major release.
This branch is targeted at the developer community and enables
the creation of Internet-based applications.
Changes with Apache 2.0.43
*) SECURITY: [CAN-2002-0840] HTML-escape the address produced by
ap_server_signature() against this cross-site scripting
vulnerability exposed by the directive 'UseCanonicalName Off'.
Also HTML-escape the SERVER_NAME environment variable for CGI
and SSI requests. It's safe to escape as only the '<', '>',
and '&' characters are affected, which won't appear in a valid
hostname. Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
[Brian Pane]
*) Fix a core dump in mod_cache when it attemtped to store uncopyable
buckets. This happened, for instance, when a file to be cached
contained SSI tags to execute a CGI script (passed as a pipe
bucket). [Paul J. Reder]
*) Ensure that output already available is flushed to the network
when the content-length filter realizes that no new output will
be available for a while. This helps some streaming CGIs as
well as some other dynamically-generated content. [Jeff Trawick]
*) Fix a mutex problem in mod_ssl session cache support which
could lead to an infinite loop. PR 12705
[amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]
*) SECURITY: Allow POST requests and CGI scripts to work when DAV
is enabled on the location. [Ryan Bloom]
*) Allow the UserDir directive to accept a list of directories.
This matches what Apache 1.3 does. Also add documentation for
this feature. [Jay Ball <jay@veggiespam.com>]
*) New Module: mod_logio. adds the ability to log bytes sent and
received. [Bojan Smojver <bojan@rexursive.com>]
*) SuExec needs to use the same default directory as the rest of
server, namely /usr/local/apache2.
[SangBeom han <sbhan@os.korea.ac.kr>]
*) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
[Thomas Bennett <thomas.bennett@eds.com>, Graham Leggett]
*) Make sure the contents of the WWW-Authenticate header is
passed on a 4xx error by proxy. Previously all headers
were dropped, resulting in the browser being unable to
authenticate. [Dr Richard Reiner <rreiner@fscinternet.com>,
Richard Danielli <rdanielli@fscinternet.com>, Graham Wiseman
<gwiseman@fscinternet.com>, David Henderson
<dhenderson@fscinternet.com>]
*) Make mod_cache's CacheMaxStreamingBuffer directive work
properly for virtual hosts that override server-wide mod_cache
setttings. [Matthieu Estrade <estrade-m@ifrance.com>]
*) Add -p option to apxs to allow programs to be compiled with apxs.
[Justin Erenkrantz]
---
Changes with Apache 2.0.42
*) mod_dav: Check for versioning hooks before using them.
[Greg Stein]
Changes with Apache 2.0.41
*) The protocol version (eg: HTTP/1.1) in the request line parsing
is now case insensitive. [Jim Jagielski]
*) Allow AddOutputFilterByType to add multiple filters per directive.
[Justin Erenkrantz]
*) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz]
*) Fixed mod_disk_cache's generation of 304s
[Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
*) Add support for using fnmatch patterns in the final path
segment of an Include statement (eg.. include /foo/bar/*.conf).
and remove the noise on stderr during config dir processing.
[Joe Orton <jorton@redhat.com>]
*) mod_cache: cache_storage.c. Add the hostname and any request
args to the key generated for caching. This provides a unique
key for each virtual host and for each request with unique
args. [Paul J. Reder, args code provided by Kris Verbeeck]
*) mod_cache: Do not cache responses to GET requests with query
URLs if the origin server does not explicitly provide an
Expires header on the response (RFC 2616 Section 13.9)
[Kris Verbeeck krisv@be.ubizen.com]
*) Fix memory leak in core_output_filter. [Justin Erenkrantz]
*) Update OpenSSL detection to work on Darwin.
[Sander Temme <sctemme@covalent.net>]
*) Update the xslt and css to give the documentation a more
modern style.
[André Malo <nd@perlig.de>, Gernot Winkler <greh@o3media.de>]
*) Fix some bucket memory leaks in the chunking code
[Joe Schaefer <joe+apache@sunstarsys.com>]
*) Add ModMimeUsePathInfo directive. [Justin Erenkrantz]
*) mod_cache: added support for caching streamed responses (proxy,
CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
*) Add image/x-icon to httpd.conf PR 10993.
[Ian Holsman, Peter Bieringer <pb@bieringer.de>]
*) Fix FileETags none operation. PR 12207.
[Justin Erenkrantz, Andrew Ho <andrew@tellme.com>]
*) Restored the experimental leader/followers MPM to working
condition and converted its thread synchronization from
mutexes to atomic CAS. [Brian Pane]
*) Fix Logic on non-html file removal in mod_deflate
[Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
*) Fix "ab -g"'s truncated year: the last digit was cut off.
[Leon Brocard <acme@astray.com>]
*) mod_rewrite can now sets cookies in err_headers, uses the correct
expiry date, and can now set the path as well
PR 12132,12181,12172.
[Ian Holsman / Rob Cromwell <apachechangelog@robcromwell.com>]
*) The content-length filter no longer tries to buffer up
the entire output of a long-running request before sending
anything to the client. [Brian Pane]
*) Win32: Lower the default stack size from 1MB to 256K. This will
allow around 8000 threads to be started per child process.
'EDITBIN /STACK:size apache.exe' can be used to change this
value directly in the apache.exe executable.
[Bill Stoddard]
*) Win32: Implement ThreadLimit directive in the Windows MPM.
[Bill Stoddard]
*) Remove CacheOn config directive since it is set but never checked.
No sense wasting cycles on unused code. Besides, the only truly
bug free code is deleted code. :) [Paul J. Reder]
*) BufferLogs are now run-time enabled, and the log_config now has 2 new
callbacks to allow a 3rd party module to actually do the writing of the
log file [Ian Holsman]
*) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
[André Malo, Astrid Keßler <kess@kess-net.de>]
*) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
*) Fix a null pointer dereference in the merge_env_dir_configs
function of the mod_env module. PR 11791
[Paul J. Reder]
*) New option to ServerTokens 'maj[or]'. Only show the major version
Also Surfaced this directive in the standard config (default FULL)
[Ian Holsman]
*) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
maps. The dbm type (e.g., ndbm, gdbm) can be specified on the
RewriteMap directive. PR 10644 [Jeff Trawick]
*) Fixed mod_rewrite's RewriteMap prg: support so that request/response
pairs will no longer get out of sync with each other. PR 9534
[Cliff Woolley]
*) Fixes required to get quoted and escaped command args working in
mod_ext_filter. PR 11793 [Paul J. Reder]
*) mod-proxy: handle proxied responses with no status lines
[JD Silvester <jsilves@uwo.ca>, Brett Huttley <brett@huttley.net>]
*) Fix bug where environment or command line arguments containing
non-ASCII-7 characters would cause the Win32 child process creation
to fail. PR 11854 [William Rowe]
*) Bug #11213.. make module loading error messages more informative
[Ian Darwin <Ian779@darwinsys.com>]
*) thread safety & proxy-ftp [Alexey Panchenko alexey@liwest.ru, Ian Holsman]
*) mod_disk_cache works much better. This module should still
be considered experimental. [Eric Prud'hommeaux]
*) Performance improvement for keepalive requests: when setting
aside a small file for potential concatenation with the next
response on the connection, set aside the file descriptor rather
than copying the file into the heap. [Brian Pane]
as discussed on pkgsrc-changes. Sorry everybody for the mess, this
(hopefully) was the last episode of netscape7's big PLIST/distinfo-shuffle
(aka 'why-cvs-really-should-have-a-mv-command').
a variable (PKG_LANG), adding and modifying PLISTs and distinfo's as necessary.
- Do not use the installer as the distfile, but the "real" distfile.
This increases the initial download time, but allows for building without
a network connection. As suggested by grant in PR pkg/18461
- Only try to pax over files from the linux-emul root if they were
created in there. This should address PR pkg/18461 by grant.
Bump PKGREVISION.
Changes:
NEW FEATURES
- Now support many Windows code pages in addition to ISO charsets.
- HTMLDOC now supports heading levels 1 to 15.
- HTMLDOC now allows the author to omit headings from
the TOC using the _HD_OMIT_TOC attribute.
- HTMLDOC now supports remote book files when running
from the command-line.
- HTMLDOC now supports hexadecimal character constants (ÿ)
- New --nup and NUMBER-UP options for PostScript and PDF output.
- HTMLDOC now logs HTML errors.
- HTMLDOC now supports the A3, B, Legal, and Tabloid size names.
- HTMLDOC now supports embedding of the base Type1 fonts
in PostScript and PDF output.
CHANGES
- HTMLDOC now calculates the resolution of the body
image using the printable width instead of the page width.
- HTMLDOC should now compile out-of-the-box using the Cygwin tools.
- HTMLDOC no longer inserts whitespace between text inside DIV elements.
- HTMLDOC now supports quoted usernames and passwords in URLs.
- HTMLDOC now defaults unknown colors to white for background colors and
black for foreground colors. This should make documents that use
non-standard color names still appear readable.
- The HTML parser now allows BODY to auto-close HEAD and visa-versa.
BUG FIXES
- HTMLDOC could crash when checking if a URL is already cached.
- HTMLDOC didn't adjust the top margin when changing the
page header if the comment didn't appear at the top of a page.
- HTMLDOC didn't initialize the right number of TOC headings.
- When using a logo image in the header, the header was
placed too low on the page.
- "make install" didn't work in the fonts directory.
- "€" didn't work, while "€" did: the
character name table was not sorted properly...
- Links didn't always point to the right page in PDF output.
- XRX comment output could crash HTMLDOC.
- Fixed-width columns in tables could be resized by HTMLDOC.
- When writing PostScript commands, some printers reset
their duplexing state when a new setpagedevice command
is received; we now cache the current duplex state and
change it only as needed.
- The MEDIA SIZE comment didn't adjust the printable
size for the current landscape setting.
- HTMLDOC placed the header one line too high.
- When continuing a chapter onto the next page, H3 and
higher headings would be indented the wrong amount.
- HTMLDOC wouldn't compile using GCC under HP-UX due to
a badly "fixed" system header file (vmtypes.h).
- Generating a book without a table-of-contents would
produce a bad PDF file.
- The Xerox XRX comments used the wrong units for the
media size, points instead of millimeters.
- IMG elements with links that use the ALIGN attribute
didn't get the links.
- Header and footer comments would interfere with the
top and bottom margin settings.
- Fixed a bug in the htmlReadFile() function which
caused user-provided title pages not to be displayed
in PS or PDF output.
- The table-of-contents would inherit the last media
settings in the document, but use the initial settings
when formatting.
* New config variable: annotate_options
* Make annotate work under mod_perl
* Output address only if it's set
* Fix annotate HTML output
* Escape file names in directory listings
* Mention cvs < 1.11 '-l' bug
Changes :
- Added URI::QueryParam module. It contains some
extra methods to manipulate the query form key/value pairs.
- Added support for the sip: and sips: URI scheme.
Contributed by Ryan Kereliuk <ryker@ryker.org>.
- use_buildlink2
- use perl5 module
BINS 1.1.17
---------
- new parameter feedbackMail to add a link "Send Feedback" in the
pages (only used in the joi templates for now).
- new parameter treePreview to add a the thumbnail album in the tree
page (only used in the joi templates for now).
- new parameters backgroundImage & excludeBackgroundImage to use an
image as a wallpaper (only used in the joi templates for now).
- joi templates have been updated, using above features.
(templates and patch by Joachim Kohlhammer).
- Russian translation has been updated.
(thanks to Andrei Emeltchenko).
BINS 1.1.16
-----------
- static elements (icons, css, javascript, etc.) can now be used by
the templates, by using a static subdir in the templates directory
(see the joi templates).
- joi templates has been added. It uses icons, css and javascript. See
http://album.sautret.org/300_lieux/500_Paris/index.html for an example
applied on some of the sub-albums of my main album. You can use it
with the templateStyle parameter in the binsrc or album.xml, or with
the -s command line parameter (see bins(1) man page).
(templates and patch by Joachim Kohlhammer).
- new parameter homeURL has been added to link your home page to the
Leave button of the joi template.
- javaScriptPreloadImage parameter has been renamed to
javaScriptPreloadThumbs. New javaScriptPreloadImage parameter can be
used to add some javascript code in image pages to preload the next
image of the same size when current one is loaded, to speed up the
album browsing.
(patch from David Panofsky).
- added Russian translation.
(thanks to Andrei Emeltchenko).
- Mandrake 9.0 and NetBSD packages are now available. Check the
download page.
(mdk rpm by C<E9>dric Thevenet, NetBSD package by dmcmahill @ netbsd.org)
- install.sh script can now install BINS in specified directories. For
example, to install it in /opt/bins, use the following command :
PREFIX=/opt/bins install.sh
extension Makefile fragments, because they really don't have anything to
do with the buildlink[12] frameworks. Change all the Makefiles that use
application.buildlink.mk and extension.buildlink.mk to use application.mk
and extension.mk instead.
* Copy the real libtool, not the libtool buildlink2 wrapper, to
${PREFIX}/share/httpd/build. This fixes pkg/18349 by YAMAMOTO Takashi
<yamt@mwd.biglobe.ne.jp>.
