*) Upgraded to Apache 1.3.24
*) Support leading whitespaces in commands of SSLLog "|..." directives.
*) Fixed timeout handling on connection establishment by correctly
resetting the timeout on errors.
*) Fixed two memory leaks related to CA certificate configuration.
*) Fixed memory leak related to temporary DH key handling.
*) Fixed memory leak on shutdown if CRLs are used.
*) Fixed remaining SIGBUS problems on SPARC inside SHMCB session
cache implementation.
Relevant changes from version 1.3.23 include:
* Prevent invalid client hostnames from appearing in the log file.
* Various mod_proxy improvements, such as the new ProxyIOBufferSize
directive.
* The new ''IgnoreCase' keyword to the IndexOptions directive.
* mod_rewrite's 'rnd' was broken and has been fixed.
* The '-S' option of 'apxs' was not able to handle quotes; also 'apxs'
is now rebuilt when options are changed.
* proxy now correctly handles Cookies and X-Cache headers.
* Fixed a problem in TPF when we were using the wrong subpool when
opening the error log.
* pthread accept() mutexes on Solaris were broken (since we were
not linking against pthread)
handler (useful for reducing the bandwidth expended in transferring large
plaintext or HTML files). From DESCR:
**
mod_gzip uses the well established and publicly available IETF
Content-Encoding standards in conjunction with publicy available GZIP
compression libraries such as ZLIB to deliver dynamically compressed
content 'on the fly' to any browser or user-agent that is capable of
receiving it. It is a software based solution that runs perfectly in
conjunction with any Apache Web Server on both UNIX and Win32 platforms.
No additional client side software is required to use this product.
mod_gzip does not require ANY software to be installed on the client
side. There is no accompanying 'Plug-in' or 'Client Proxy' of any kind.
All you need is your current HTTP 1.1 compliant browser. All modern
browsers released since early 1999 are already capable of receiving
compressed Internet content via standard IETF Content Encoding if they
are HTTP 1.1 compliant.
and reviewed by the maintainer, Eric Gillespie <epg@pretzelnet.org>.
Major version changed so that BUILDLINK_DEPENDS.neon bumped.
Part of changes from NEWS:
Changes in release 0.19.1-0.19.3:
* For platforms lacking snprintf or vsnprintf in libc, require trio.
* Add NE_FMT_OFF_T to fix Win32 build (Dan Berlin, Branko Èibej).
* Fix non-SSL build broken in 0.19.1.
* Working SOCKSv5 support (thanks to Torsten Kalix <torsten.kalix@bredex.de>)
* Add missing stubs for ne_ssl_* functions for non-SSL build.
* Fix some error messages in new SSL code.
Changes in release 0.19.0:
* Major API change: ne_session_create now takes (scheme, hostname, port)
arguments: a session is clarified to be "a group of requests to a
certain server".
- removal of ne_session_server, ne_set_secure, and ne_set_proxy_decider
- ne_session_proxy returns void.
- DNS lookups are delayed until request dispatch time.
* Significant improvements to TLS/SSL support:
- SSL is enabled if scheme passed to ne_session_create is "https"
- new interfaces to load CA certs and to load SSL library's bundled CA certs
- add server cert verification callback. An SSL connection to a server
with an unknown CA will now fail unless a verification callback is used.
- enable SSL session caching (performance improvement)
- support for wildcard server certs where commonName is "*.example.com".
- thanks to Tommi Komulainen for the contribution of code from mutt's
IMAP/SSL implementation under the LGPL, from which bits of this were derived.
Changes in release 0.18.4-0.18.5:
* Removed old neon.dsp, neon.dsw.
* Update Win32 build to add OpenSSL and zlib support (Branko Èibej).
* Fixes for Content-Type parsing using ne_content_type_handler (Greg Stein)
- also now parses the charset parameter from header value.
* Removed ne_concat() function, which didn't work and wasn't used.
Re-enable package
Highlights from CHANGELOG:
- Mozilla 0.9.9 Compatibility
- Fix in config.mk
- Implemented Minimum Font Size in font section in config.
- Patch from Muthu Kumar to enable middle clicking on bookmarks from menus
and adds folder/link pixmaps to menu bookmarks/folders.
- Patch from Peter Balhos, enabled red tabs while loading, must enable from
the misc config section first.
- Added fr.po by Rolland Dudemaine.
Replace 'ns-remote: not running on display :0.0' error message with more
appropriate 'Netscape not running. Spawning new browser in the background'
From Benjamin Wong in PR pkg/15615
Bug Fixes:
Ensure that the -put or -post options to wwwoffle have one URL. Fix IPv6
checking (configure fails if IPv6 not available). Fix conditional request
problem (304 reply for non-conditional requests). Make the socket binding
errors less confusing. Fix requesting of compressed data. Handle NULL strings
in FTP code and parsing requests. Speed up wildcard matching of '/*' paths.
When search script fails give an error not a blank page. The content-length
header is not removed unless compression is being used. Fix core dump with
configuration page adding first item to DontGet/DontCache section. Preserve
cache file timestamps when compressing them. Handle relative URLs that start
with '//'. Fix Solaris compilation problem with statfs/statvfs. Bug fix for
failure to censor some headers. Remove the 'alt' attribute from disabled
images when modifying HTML.
New Features:
Re-instate the old configuration editing web pages due to user demand.
Allow wildcards to have more than two '*' in them.
The upgrade-config.pl script warns about URL-SPECs with path='/' not '/*'.
2.3 Thu June 28 12:00:00 2001
- New Feature: template tags can now span lines. (Roland Giersig)
- New Feature: new() option 'filehandle'. (Roland Giersig)
- Bug Fix: includes were broken in some cases using scalarref
templates. (Lance Thomas)
- Bug Fix: recursive include detection was broken for scalarref
templates. (Mark Stosberg)
- Bug Fix: cleaned up more 5.004 warnings. (Jere Julian)
2.4 Mon August 27 12:00:00 2001
- Bug Fix: case_sensitive option broke loops (Peter Leonard)
- Bug Fix: code-ref params now work with IF and UNLESS
2.5 Fri Feb 01 12:00:00 2002
- Bug Fix: global_vars fixed for loops within loops
- Bug Fix: include paths were broken under Windows (David Ferrance)
- Bug Fix: nested include path handling was wrong (Gyepi Sam)
- Bug Fix: MD5 signatures for file cache corrected (Martin Schroth)
- Bug Fix: print_to was broken for tied filehandles (Darren Chamberlain)
- Doc Fix: added mailing-list archive URL to FAQ, added link to
tutorial, fixed typos and formatting
- Doc Fix: added reference to new HTML::Template website at
http://html-template.sourceforge.net/
This fixes squid's potential security problem.
Changes to Squid-2.4.STABLE6 (March 19, 2002):
- The patch for 2.4.STABLE5 was insufficnetly tested and
introduced a bug that causes frequent assertions when
handling DNS PTR answers.
Changes to Squid-2.4.STABLE5 (March 15, 2002):
- Fixed an array bounds bug in lib/rfc1035.c. This bug
could allow a malicious DNS server to send bogus replies
and corrupt the heap memory.
- Security fix for cross-site scripting security bug.
- Upgraded zlib code to version 1.1.4 (although analog wasn't vulnerable
to the security bug in zlib 1.1.3).
- The PROGRESSFREQ messages now go to the screen as well as to the
ERRFILE.
- The second argument to SUBDOMAIN can now contain *'s and $'s.
- Added eight new domains to many of the domains files.
- Revised Japanese language files.
Simplified the Makefile.PL:
- the scripts are not longer *.PL files
- don't try to make symlinks for GET, HEAD, POST
as that has not worked for a long time
- the GET, HEAD, POST aliases for lwp-request should
now work on Windows.
HTTP::Cookies:
- added 'clear_temporary_cookies' method;
patch by Mike Schilli <schilli1@pacbell.net>.
- trailing space in old cookie parameters not ignored;
patch by Ivan Panchenko
- protect against $SIG{__DIE__} handlers;
patch by Adam Newby <adam@NewsNow.co.uk>.
LWP::Authen::Digest:
- abort digest auth session if we fail repeatedly with
the same username/password.
- fixed setColAttr was documented but didn't actually exist
- fixed setColHeight was actually setting the column width
- fixed table align wasn't working
- fixed spurious double quote in the output after user defined table attributes
- fixed method setStyle missing although documented
LTCONFIG_OVERRIDE changed to LIBTOOL_OVERRIDE.
GNU make no longer needed.
Install some documentation in ${PREFIX}/share/doc/curl, and examples of
libcurl usage in ${PREFIX}/share/examples/curl.
XXX A buildlink.mk would be nice to have...
Bump PKGREVISION for the PLIST additions.
---
Version 7.9.5
Daniel (7 March 2002)
- Added docs/KNOWN_BUGS to the release archive.
Daniel (6 March 2002)
- Kevin Roth corrected a flaw in the curl client globbing code that made it
mess up backslashes. This was most notable on windows (cygwin) machines when
using file://.
- Brad provided another fix for building outside the source-tree.
- Ralph Mitchell patched away a few compiler warnings in tests/server/sws.c
Daniel (5 March 2002)
- I noticed that the typedef in curl.h for the progress callback prototype was
wrong and thus applications that used it would not get the proper input
data. It used size_t where the implementation actually uses doubles!
I wish I could blame someone else, but this was my fault. Again.
Version 7.9.5-pre6
Daniel (4 March 2002)
- Cut off the changes done during 2001 from this changelog file and put them
in a separate file (CHANGES.2001), available from CVS of course.
- I removed the multi directory. The example sources were moved to the
docs/examples directory where they belong.
- Wrote 7 new man pages for the current functions in the new multi interface.
They're all still pretty basic, but we can use them as a start and add more
contents to them when we figure out what to write. The large amount of man
pages for libcurl now present made me decide to put them in a new separate
subdirectory in the docs directory. Named libcurl.
- Giuseppe Corbelli provided a template file for the EPM package manager, it
gets generated nicely by the configure script now.
Version 7.9.5-pre5
Daniel (1 March 2002)
- Moved the memanalyze.pl script into the tests/ dir and added it to the
release archives. It was previously only present in the CVS tree.
- Modified the February 17th Host: fix, as bug report #523718 pointed out that
it caused crashes!
- Nico Baggus added more error codes to the VMS stuff.
- Wesley Laxton brought the code that introduced the new CURLOPT_PREQUOTE
option. It is just another FTP quote option that allows the user to specify
a list of FTP commands to issue *just before* the transfer command (RETR or
STOR etc). It has turned up a few systems that really need this.
The curl command line tool can also take advantage of this by prefixing the
quote commands with a plus (+) in similar style that post transfer quote
commands are specified.
This is not yet documented. There is no test case for this yet.
Daniel (28 February 2002)
- Ralph Mitchell made some serious efforts and put a lot of sweat in setting
up scripts and things for me to be able to repeat his problems, and I
finally could. I found a problem with the header byte counter that wasn't
increased properly and thus we could return CURLE_GOT_NOTHING when we in
fact had received data.
Daniel (27 February 2002)
- I had to revert the non-space parsing cookie fix I posted to the mailing
list. Expire dates do have spaces and still need to get parsed properly!
Instead we just ignore trailing white space and it seems to work...
Daniel (26 February 2002)
- Made the cookie property 'Max-Age' work, just since we already tried to
support it, it is better to do it right. No one uses this anyway.
- The cookie parser could crash if a really weird (illegal) cookie line was
received. I also made it better discard really oddly formatted lines better.
Made the cookie jar store the second field from the left using the syntax
that Netscape and Mozilla probably like. Curl itself ignores it.
Added test case 31 for these cases.
Clay Loveless' email regarding some cookie issues started my cleanup.
- Kevin Roth pointed out that my automake fiddles broke the ability to build
outside the source-tree and I posted a patch to the mailing list that brings
this ability back.
Version 7.9.5-pre4
Daniel (25 February 2002)
- Fiddled with the automake files to make all source files in the lib
directory not have ../src in the include path, and the src sources shouldn't
have ../lib!
- All 79 test cases ran OK under Linux and Solaris using the new HTTP server
in the test suite. The new HTTP server was first donated by Georg Horn and
subsequently modified to work with the test suite. It is currently still not
portable enough to run on "all over" but this is a start and I can run all
curl tests on my machines. This is an important requirement for the upcoming
public release.
- Using -d and -I on the same command line now reports an error, as it implies
two different HTTP requests that can't be mixed.
- Jeffrey Pohlmeyer provided a patch that made the -w/--write-out option
support %{content_type} to get the content type of the recent download.
- Kevin Roth reported that pre2 and pre3 didn't compile properly on cygwin,
and this was because I used #ifdef HAVE_WINSOCK_H in lib/multi.h to figure
out if we could include winsock.h which turns out not to be a wise choice to
do on cygwin since it has the file but can't include it!
Daniel (22 February 2002)
- Added src/config-vms.h to the release archive.
- Fixed the connection timeout value again, the change from February 18 wasn't
complete.
Version 7.9.5-pre3
Daniel (21 February 2002)
- Kevin Roth and Andrés García both found out that lib/config.h.in was missing
in the pre-release archive and thus the configure script failed.
Version 7.9.5-pre2
Daniel (20 February 2002)
- Andrés García provided a solution to bug report #515228. the total time
counter was not set correctly when -I was used during some conditions (all
headers were read in one single read).
- Nico Baggus provided a huge patch with minor tweaks all over to make curl
compile nicely on VMS.
Daniel (19 February 2002)
- Rick Richardson found out that by replacing PF_UNSPEC with PF_INET in the
getaddrinfo() calls, he could speed up some name resolving calls with an
order of magnitudes on his Redhat Linux 7.2.
- Philip Gladstone found a second INADDR_NONE problem where we used long
intead of in_addr_t which caused 64bit problemos. We really shouldn't define
that on two different places.
Daniel (18 February 2002)
- Philip Gladstone found a problem in how HTTP requests were sent if the
request couldn't be sent all at once.
- Emil found and corrected a bad connection timeout comparison that made curl
use the longest of connect-timeout and timout as a timeout value, instead of
the shortest as it was supposed to!
- Aron Roberts provided updated information about LDAP URL syntax to go into
the manual as a replacement for the old references.
Daniel (17 February 2002)
- Philip Gladstone pointed out two missing include files that made curl core
dump on 64bit architectures. We need to pay more attention on these details.
It is *lethal* to for example forget the malloc() prototype, as 'int' is
32bit and malloc() must return a 64bit pointer on these platforms.
- Giaslas Georgios fixed a problem with Host: headers on repeated requests on
the same handle using a proxy.
Daniel (8 February 2002)
- Hanno L. Kranzhoff accurately found out that disabling the Expect: header
when doing multipart formposts didn't work very well. It disabled other
parts of the request header too, resulting in a broken header. When I fixed
this, I also noticed that the Content-Type wasn't possible to disable. It is
now, even though it probably is really stupid to try to do this (because of
the boundary string that is included in the internally generated header,
used as form part separator.)
Daniel (7 February 2002)
- I moved the config*.h files from the root directory to the lib/ directory.
- I've added the new test suite HTTP server to the CVS repository, It seems to
work pretty good now, but we must make it get used by the test scripts
properly and then we need to make sure that it compiles, builds and runs on
most operating systems.
Version 7.9.5-pre1
Daniel (6 February 2002)
- Miklos Nemeth provided updated windows makefiles and INSTALL docs.
- Mr Larry Fahnoe found a problem with formposts and I managed to track down
and patch this bug. This was actually two bugs, as the posted size was also
said to be two bytes too large.
- Brent Beardsley found out and brought a correction for the
CURLINFO_CONTENT_TYPE parser that was off one byte. This was my fault, I
accidentaly broke Giaslas Georgios' patch.
Daniel (5 February 2002)
- Kevin Roth found yet another SSL download problem.
Version 7.9.4
- no changes since pre-release
Version 7.9.4-pre2
Daniel (3 February 2002)
- Eric Melville provided a few spelling corrections in the curl man page.
Daniel (1 February 2002)
- Andreas Damm corrected the unconditional use of gmtime() in getdate, it now
uses gmtime_r() on all hosts that have it.
Daniel (31 January 2002)
- An anonymous bug report identified a problem in the DNS caching which made it
sometimes allocate one byte too little to store the cache entry in. This
happened when the port number started with 1!
- Albert Chin provided a patch that improves the gethostbyname_r() configure
check on HP-UX 11.00.
Version 7.9.4-pre1
Daniel (30 January 2002)
- Georg Horn found another way the SSL reading failed due to the non-blocking
state of the sockets! I fixed.
Daniel (29 January 2002)
- Multipart formposts now send the full request properly, including the CRLF.
They were previously treated as part of the post data.
- The upload byte counter bugged.
- T. Bharath pointed out that we seed SSL on every connect, which is a time-
consuming operation that should only be needed to do once. We patched
libcurl to now only seed on the first connect when unseeded. The seeded
status is global so it'll now only happen once during a program's life time.
If the random_file or egdsocket is set, the seed will be re-made though.
- Giaslas Georgios introduced CURLINFO_CONTENT_TYPE that lets
curl_easy_getinfo() read the content-type from the previous request.
Daniel (28 January 2002)
- Kjetil Jacobsen found a way to crash curl and after much debugging, it
turned out it was a IPv4-linux only problem introduced in 7.9.3 related to
name resolving.
- Andreas Damm posted a huge patch that made the curl_getdate() function fully
reentrant!
- Steve Marx pointed out that you couldn't mix CURLOPT_CUSTOMREQUEST with
CURLOPT_POSTFIELDS. You can now!
Daniel (25 January 2002)
- Krishnendu Majumdar pointed out that the header length counter was not reset
between multiple requests on the same handle.
- Pedro Neves rightfully questioned why curl always append \r\n to the data
that is sent in HTTP POST requests. Unfortunately, this broke the test suite
as the test HTTP server is lame enough not to deal with this... :-O
- Following Location: headers when the connection didn't close didn't work as
libcurl didn't properly stop reading. This problem was added in 7.9.3 due to
the restructured internals. 'Frank' posted a bug report about this.
Daniel (24 January 2002)
- Kevin Roth very quickly spotted that we wrongly installed the example
programs that were built in the multi directory, when 'make install' was
used. :-/
Version 7.9.3
Daniel (23 January 2002)
- Andrés García found a persistancy problem when doing HTTP HEAD, that made
curl "hang" until the connection was closed by the server. This problem has
been introduced in 7.9.3 due to internal rewrites, this was not present in
7.9.2.
Version 7.9.3-pre4
Daniel (19 January 2002)
- Antonio filed bug report #505514 and provided a fix! When doing multipart
formposts, libcurl would include an error text in the actual post if a
specified file wasn't found. This is not libcurl's job. Instead we add an
empty part.
Daniel (18 January 2002)
- Played around with stricter compiler warnings for gcc (when ./configure
--enable-debug is used) and changed some minor things to stop the warnings.
- Commented out the 'long long' and 'long double' checks in configure.in, as
we don't currently use them anyway and the code in lib/mprintf.c that use
them causes warnings.
- Saul Good and jonatan pointed out Mac OS X build problems with pre3 and how
to correct them. Two compiler warnings were removed as well.
- Andrés García fixed two minor mingw32 building problems.
Version 7.9.3-pre3
Daniel (17 January 2002)
- docs/libcurl-the-guide is a new tutorial for our libcurl programming
friends.
- Richard Archer brought back the ability to compile and build with OpenSSL
versions before 0.9.5.
[http://sourceforge.net/tracker/?func=detail&atid=100976&aid=504163&group_id=976]
- The DNS cache code didn't take the port number into account, which made it
work rather bad on IPv6-enabled hosts (especially when doing passive
FTP). Sterling fixed it.
Daniel (16 January 2002)
- Georg Horn could make a transfer time-out without error text. I found it and
corrected it.
- SSL writes didn't work, they return an uninitialized value that caused
havoc all over. Georg Horn experienced this.
- Kevin Roth patched the curl_version() function to use the proper OpenSSL
function for version information. This way, curl will report the version of
the SSL library actually running right now, not the one that had its headers
installed when libcurl was built. Mainly intersting when running with shared
OpenSSL libraries.
Version 7.9.3-pre2
Daniel (16 January 2002)
- Mofied the main transfer loop and related stuff to deal with non-blocking
sockets in the upload section. While doing this, I've now separated the
connection oriented buffers to have one for downloads and one for uploads
(as two can happen simultaneously). I also shrunk the buffers to 20K
each. As we have a scratch buffer twice the size of the upload buffer, we
arrived at 80K for buffers compared with the previous 150K.
- Added the --cc option to curl-config command as it enables so very cool
one-liners. Have a go a this one, building the simple.c example:
$ `curl-config --cc --cflags --libs` -o example simple.c
Daniel (14 January 2002)
- I made all socket reads (recv) handle EWOULDBLOCK. I hope nicely. Now we
only need to address all writes (send) too and then I'm ready for another
pre-release...
- Stoned Elipot patched the in_addr_t configure test to make it work better on
more platforms.
Daniel (9 January 2002)
- Cris Bailiff found out that filling up curl's SSL session cache caused a
crash!
- Posted the curl questionnaire on the web site. If you haven't posted your
opinions there yet, go there and do it now while it is still there:
http://curl.haxx.se/q/
- Georg Horn quickly found out that the SSL reading no longer worked as
supposed since the switch to non-blocking sockets. I've made a quick patch
(for reading only) but we should improve it even further.
Version 7.9.3-pre1
Daniel (7 January 2002)
- I made the 'bool' typedef use an "unsigned char". It makes it the same on
all platforms, no matter what the platform thinks the default format for
char is. This was noticed since we made a silly comparison involving such a
bool variable, and only one compiler/platform combination (on Debian Linux)
complained about it (that happened to have its char unsigned by default).
- Bug report #495290 identified a cookie parsing problem that was corrected.
When a Set-Cookie: line is received without a trailing semicolon, libcurl
didn't read the last "name=value" pair of the line, leading to confusions...
- Sterling committed his updated DNS cache code.
- I worked with Georg Horn and comments from Götz Babin-Ebell and switched
curl's socket operations completely over to non-blocking for the entire
operation (previously we used non-blocking only for the connection phase).
We had to do this to make the SSL connection phase timeout properly without
the use of signals. A little extra code to deal with this was added.
- T. Bharath pointed out a slightly obscure cookie engine flaw.
- Pete Su pointed out that libcurl didn't treat HTTP code 204 as it should.
204-replies never provides a response-body. This resulted in bad persistant
behavior when 204 was received.
Daniel (5 January 2002)
- SM updated the VC++ library Makefiles for the new source files.
Daniel (4 January 2002)
- I discovered that we wrongly used inet_ntoa() (instead of inet_ntoa_r() in
two places in the source code). One happened with VERBOSE set on connects,
and the other when VERBOSE was on and krb4 over nat was used... I honestly
don't think anyone has suffered from these mistakes.
- I replaced a lot of silly occurances of printf() to instead use the more
appropriate Curl_infof() or Curl_failf(). The krb4 and telnet code were
affected.
- Philip Gladstone found a few more problems with 64-bit archs (the 64-bit
sparc on solaris 8).
- After discussions on the libcurl list with Raoul Cridlig, I just made FTP
response lines get passed to the header callback if such a one is
registered. It'll make it possible for any application to get all the
responses an FTP server sends to libcurl.
Daniel (3 January 2002)
- Sterling Hughes brought a few buckets of code. Now, libcurl will
automatically cache DNS lookups and re-use the previous results first if any
such is available. It greatly improves speed when doing many repeated
operations to the same host.
- As the test case uses --include and then --head, I had to modify src/main.c
to deal with this situation slightly better than previously. When done, we
have 100% good tests again in the main branch.
Daniel (2 January 2002)
- Made test case 25 run again in the multi-dev branch. But it seems that the
changes done on dec-20 made test case 104 cease to work (in both branches).
- Philip Gladstone pointed out a few portability problems in the source code
that didn't compile on 64-bit sparcs using Sun's native
all dependencies on packages depending on "png" which contain shared
libraries, all for the (imminent) update to the "png" package.
[List courtesy of John Darrow, courtesy of "bulk-build".]
Changes from release mail:
- Mozilla 0.9.9 required
- Improved tab context menu
- Favicon speedups/fixes
- Improved crash recovery dialog
- Memory leaks fixed
- New smartbookmarks and bookmarklets
- Bookmark importer fixes
- "Select all" menuitem
- Show favicons in tabs
- "Properties" and "Page Info" windows added
- Autoapply of changes in the prefs window
- Bookmarks removal confirmation dialog
- Mouse gesture support -- see the manual
- Session autosave improvements
- Better session manager behavior -- we should shut down cleanly when
gnome-session tells us to now
- "Copy email address" context menu item
- Page titles in autocompletion window
- Native JavaScript console
- New prefs window icons, courtesy of jimmac
- Location entry fixes
- Autobookmarks cleanup
- Dialog cleanups
- Fold/unfold arrows on smartbookmarks
- Improved behavior of various command-line options
- Zoom cleanups
- SMB url-encoding fixes
- "Recent sessions" submenu works now :)
- Save last-selected download directory
- Fullscreen should work in both old and new window managers now
- Frame context menus should work correctly now
Changes from release mail:
* MathML is now enabled by default on those platforms that support it,
including Windows and Unix.
* The JavaScript debugger, (aka Venkman) can now profile JavaScript.
* Greatly improved View-> Page Info dialog.
* Mozilla now supports SOAP.
* Users now have the option of installing plugins in the Mozilla user
directory ($HOME/.mozilla/plugins on Unix).
* Mozilla has a new Page Setup dialog and the Print Preview window is
much improved.
and much, much more.
See release notes for detail
http://www.mozilla.org/releases/mozilla0.9.9/
dealing better with javascript pages, and fixes for old ftp servers.
Lots of new features and configure options, too. Also, new
translations for French, Dutch, Polish, German; docs and notes in
a few other languages; and translations for local pages are now
selected by browser settings!
Changes:
* parser fix: convert remaining isalpha(), toupper() calls so that
parameters are cast to unsigned char
* parser fix: internal flags were not properly reset when end of buffer
was encountered while reading command
* with EAPI, hook the mod_ssl hooks to different processing phase,
so that CSacek works with SSL also when authentication is _not_ used
* radical documentation facelift (still czech only, tho)
again.
Highlights from the Changelog:
- Updated Dutch Translations from Francois Duprez.
- Chagnes to make skipstone compile on HPUX. Thanks to Geoferrey Hausheer
for his help.
- Patch from anamaru@sekine-lab.ei.tuat.ac.jp (Takashi Kanamaru) to
call mozilla_save_prefs() - says it helps with saving cache.
- Change skipstone script to use /bin/sh instead of /bin/bash
- I wonder why I never changed the File menu in tabbed mode to say
New Tab, open in current tab and open in a new tab ! done ;)
- The long awaited feature of being able to enable/disable plugins is
implemented. checkout the plugins root node, now its selectable and has a
checkbutton for each of the loaded plugins. Disabling/Enabling plugins
requires a restart.
- Updated Russian translations from Aleksandr Blohin
- ConfirmEx dialog implemented properly now, cookie prompts and signon prompts
should work fine now.
- Oops - disable popups option was not sticking!
- Made it so that the AutoComplete plugin display the alternative
completions when the option is set to off if the ctrl and tab were
used instead of tab only.
- AutoComplete config item where one could disable the display of the
alternative items and a fix to skipstone when writing a plugin config
item that is set to '0'.
- Applied a patch from Muthu that replaces the entry in the open in new window
dialog with a combo that has the latest urls. Default behavior of the entry
being focused and it being blank is still retained.
- FavIcon plugin can be told to fetch favicons even if they were not included
in the HTML source, its off by default since it will be probing each server
for favicon.ico which can be annoying.
- You can now assign FavIcons to sites that dont set one, also you can refresh
a FavIcon.
- Thanks to Hiroyuki Ikezoe for reporting a mess up with bookmarks. Fixed now.
The following is from the web page:
Release notes for htdig-3.1.6 1 Feb 2002
As with previous releases, this version cleans up some remaining bugs and adds a few
heavily-requested features. As the latest stable release, it is recommended for all
production servers.
* Fixed another nasty security hole in htsearch, which would allow a denial of service
attack or forcing htsearch to read in config files outside of the configuration
directory.
* Fixed some problems with htmerge, including problems with words beginning with special
characters and merging multiple databases.
* Fixed a bug in handling hopcounts.
* Fixed problems in handling non-standard relative HTTP redirects.
* Fixed bugs in external parsers support including being confused by charset information
in the Content-Type header and handling binary output from external converters.
* Fixed bugs in the default English endings database. (Under ispell, it wasn't quite
intended for the accuracy needed for our usage.)
* Fixed additional bugs in the endings fuzzy algorithm.
* Fixed bugs with compiling with gcc-3.0 and later.
* Fixed bugs compiling and running on Mac OS X.
* Fixed problems with servers not returning a Last-Modified date--now assums indexing
time as modification time.
* Fixed a variety of bugs in the HTML parser to more flexibly handle non-standard HTML.
* Fixed problems in the TCP connection code and will more reliably timeout when a
connection hangs and will retry bad connections several times before giving up.
* Added the -m "minimal" flag to htdig for only indexing a set list of URLs and made the
-l (log) flag the default behavior so that htdig will stop and restart automatically.
* Added htdump and htload programs for dumping ASCII representations of the databases
and reloading the same.
* Added support for htnotify to collect multiple URLs and allow easy customization of
notification messages, including the new attributes htnotify_replyto,
htnotify_webmaster, htnotify_prefix_file, and htnotify_suffix_file.
* Added a new "accents" fuzzy algorithm to morph accents, including the new accents_db
attribute.
* Added a 'list all' feature to htsearch with a query of '*' or the current
prefix_match_character.
* Added date restricted searching to htsearch including relative dates.
* Added documentation on running ht://Dig and the rundig script.
* Added METADESCRIPTION and NSTARS variables to the htsearch templates as well as
support for $=(var) template variable references.
* Added new config attributes to htsearch for restrict and exclude which work like the
normal htsearch form variables if the form variables are not set.
* Added many new attributes, including ignore_dead_servers description_meta_tag_names,
max_keywords, translate_latin1, url_rewrite_rules, search_rewrite_rules,
anchor_target, ignore_alt_text, search_results_contenttype, boolean_keywords,
boolean_syntax_errors, multimatch_method, maximum_page_buttons, max_excerpts,
plural_suffix, any_keywords and use_doc_date.
* Extended the build_select_lists attribute to support select multiple, radio boxes and
checkboxes.
* Revised the documentation to make it clearer in parts, including the url_part_aliases
attribute.
* Updated various contributed utilities including doc2html, xmlsearch, rundig.sh,
htparsedoc, acroconv.pl, multidig, etc.
* A variety of other bug fixes, and many documentation updates. See the ChangeLog for
details.
version 1.0.2 include:
* ignore Depth: Infinity for non-collection resources in a PROPFIND;
this prevents a bogus error when someone has not used the
"DAVDepthInfinity On" directive
* fix for Web Folders not recognizing the last-modified date in
PROPFIND responses (Joe Orton)
* tweak to also allow recognition of the creationdate
* fix copying of collection properties during a Depth:0 operation
(Keith Wannamaker)
* return 507 (Insufficient Space) for quota errors (on Linux, at
least) (Joe)
* fix moving/copying of a collection over a non-collection (found by
Joe's interop testing tool)
* LOCK with a missing intermediate collection now returns a standard
409 (Conflict) response rather than 500 (Internal Server Error)
(Keith, reported by Dan Brotsky)
* fix problems with empty URIs in xmlns attributes (fixes from Joe
and Greg, reported by Julian Reschke)
include:
*) Move the binaries back into ${PREFIX}/sbin to match the locations
for www/apache.
*) Build the Apache modules (including mod_ssl) so that apache2 has
the same functionality as apache.
*) Support shared modules on platforms that support them. Otherwise,
link the modules statically into the server.
*) Support suEXEC in the same way as for www/apache.
*) Honor PKG_SYSCONFDIR.
*) Add a rc.d-style control script based on www/apache/files/apache.sh.
*) Strongly buildlinkify again after previous changes broke it.
Relevant changes from version 2.0.28 beta include:
*) A ton of bug fixes in both the main server code and the module code
(it _is_ a beta release following a previous beta release).
*) Several performance and memory optimizations.
*) The Location: response header field, used for external
redirect, *must* be an absoluteURI. The Redirect directive
tested for that, but RedirectMatch didn't -- it would allow
almost anything through. Now it will try to turn an abs_path
into an absoluteURI, but it will correctly varf like Redirect
if the final redirection target isn't an absoluteURI.
*) Add several new mod_proxy directives:
ProxyTimeout, ProxyPreserveHost, ProxyPass.
*) FTP directory listings are now always retrieved in ASCII mode.
The FTP proxy properly escapes URI's and HTML in the generated
listing, and escapes the path components when talking to the FTP
server.
*) Add FileETag directive to allow configurable control of what
data are used to form ETag values for file-based URIs.
*) Introduced the ForceLanguagePriority directive, to prevent
returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
when using Multiviews.
only emit a message and don't actually fetch anything. This allows
us to make the output of "fetch-list" for these packages consistent
with other packages.
While we're in here, integrate DYNAMIC_MASTER_SITES with the
${ORDERED_SITES} macro. The only functional change here is that
${MASTER_SITE_OVERRIDE} is now respected. Still to do -- something
appropriate for "fetch-list" for these packages, like sourcing
"getsites.sh" into the generated script. (Well, "package", but there
are two others that do something similar in their "Makefile".)
Also eliminate the misbegotten _FETCH_ALLFILES macro -- now that only
"fetch" uses it, move it's functionality directly under "do-fetch".
the library routines we will use when loaded into httpd.
* This package won't work with apache-2.*, so ensure that it won't match
the apache dependency.
* Don't use the shared libneon as the neon API is just too unstable.
Revert back to using the included neon library.
* Remove dependency on gettext-lib as the NLS build is broken.
* Remove dependency on libgetopt as cadaver provides its own
getopt_long implementation if one doesn't exist on the system.
Changes from version 0.19.0 include:
* Fix permissions of local file downloaded using 'get' (Dan Mullen).
* Add man page (Jules <jules@jules.com>)
* lockdepth option is used for any non-collection resource.
* Add 'quiet' option; when set, connection status messages are
supressed.
a security fix for a file-upload bug.
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
- Fixed start up failure when mm save handler is used and there is multiple
SAPIs are working at the same time. (Yasuo)
- Fixed a buffer overflow in the RFC-1867 file upload code (Stefan)
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
[...]
"If you are running PHP 4.0.3 or above one way to workaround these bugs is
to disable the fileupload support within your php.ini (file_uploads = Off).
If you are running php as module keep in mind to restart the webserver.
Anyway you should better install the fixed or a properly patched version to
be safe."
Relevant changes from version 2.8.6 include:
*) Fixed potential buffer overflow in DBM and SHMHT session
cache if very very large certificate chains are used.
*) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete
"head -1" and "tail -1" constructs with sed variants in scripts.
the EAPI patches from modssl-2.8.7-1.3.23. Also, link against the MM
Shared Memory library (devel/libmm) to provide shared memory support in
Apache/EAPI. For example, this allows mod_ssl to use a high-performance
RAM-based session cache instead of a disk-based one.
that was lost in the previous commit.
"${apache_start}" is the subcommand sent to apachectl to control how
httpd is started. It's value may be overridden in:
@PKG_SYSCONFDIR@/apache_start.conf
/etc/rc.conf
/etc/rc.conf.d/apache,
in order of increasing precedence. Its possible values are "start"
and "startssl", and defaults to "start".
From DESCR:
Mod_Layout creates a framework for doing design. Whether you need a
simple copyright or ad banner attached to every page, or need to have
something more challenging such a custom look and feel for a site that
employs an array of technologies (Java Servlets, mod_perl, PHP, CGI's,
static HTML, etc...), Mod_Layout creates a framework for such an
environment. By allowing you to cache static components and build sites
in pieces, it gives you the tools for creating large custom portal sites.
2.4STABLE3:
- htcp_port 0 now properly disables htcp
- Fixed problem with certain non-anonymous ftp:// style URL's
- SNMP bugfixes including several memory leaks
- Corrected the MacHTTP log format, which didn't work in 5.2.
- All the BARSTYLEs redrawn, and two new BARSTYLEs added, adapted from
an idea by Dave Holle. (You will have to move the new graphics into your
IMAGEDIR in order to use them.)
Fixes several known bugs, as well as a cross-site scripting vulnerability
(discovered by Flavio Veloso of Magnux Software), that could allow
malicious HTML tags to be injected in the reports generated by the Webalizer.
This release also includes several new and updated language files. All users
are encouraged to upgrade as soon as possible.
- replace a hack adding fd_mask definition in autoconf.h with re-writing
configure script. It cause to run configure twice and result "no fd_mask".
- Incorporate three official patches from
http://www.squid-cache.org/Versions/v2/2.4/bugs/.
o SNMP memory leaks
synopsis
The SNMP implementation in Squid had several memory leaks
possibly causing an denial of service.
workaround
Disable the SNMP port if enabled by using "snmp_port 0" in
squid.conf. Or if you only use SNMP for MRTG data
collection running on the same host then use
"snmp_incoming_address 127.0.0.1" to limit reachability
of the SNMP port to only localhost or some other trusted
network.
o Coredump on certain ftp:// style URL's
synopsis
If certain constructed ftp:// style URL's are received then
squid crashes, causing a denial of service and maybe even
remote execution of code.
workaround
Deny forwarding of non-anonymous FTP URLs by inserting
the following rules at the top of squid.conf, prior to
any http_access allow lines.
acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
http_access deny non_anonymous_ftp
o "htcp_port 0" fails to disable the HTCP port
synopsis
"htcp_port 0" fails to completely disable the HTCP port as
documented in squid.conf, instead HTCP will be listening on
a random port number.
Summary of changes:
- removal of USE_GTEXINFO
- addition of mk/texinfo.mk
- inclusion of this file in package Makefiles requiring it
- `install-info' substituted by `${INSTALL_INFO}' in PLISTs
- tuning of mk/bsd.pkg.mk:
removal of USE_GTEXINFO
INSTALL_INFO added to PLIST_SUBST
`${INSTALL_INFO}' replace `install-info' in target rules
print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info'
- a couple of new patch files added for a handful of packages
- setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it
- devel/cssc marked requiring texinfo 4.0
- a couple of packages Makefiles were tuned with respect of INFO_FILES and
makeinfo command usage
See -newly added by this commit- section 10.24 of Packages.txt for
further information.
* added a --emacs command-line option to produce output intended
for parsing by Emacs
* added errors for references to non-existent IDs in attributes
such as the headers attribute of the td element
5.2 (13-Feb-02)
- You can now plot the lower levels of hierarchical reports on the pie
charts by using the new CHARTEXPAND family of commands.
- Added MACHTTP to the list of built-in log formats that analog recognises
automatically.
- Recognises ; as well as & as query-string separator.
- The rules for generating "organisations" from numerical addresses have
changed.
- Filenames given on the command line are now relative to the current
directory, not the analog directory.
- Ignores completely blank lines at the top of a logfile.
- Makefiles for Microsoft Visual C++ can be found in the new
src/build directory. Makefiles for other platforms have moved
out of the source tree into there too.
- You can now refer to kilobytes as kibibytes by editing your language file.
- Revised versions of Japanese language files.
- Revised the Licence.
- Advertised new donations page.
"has been released. The 2.0 release is a massive upgrade of the Horde Application Framework. Many components have been added or streamlined. Inter-application support is much more robust, a generic MIME_Viewer framework is included, a new preferences system supports global or application scope for preferences, and more!"
*) Upgraded to Apache 1.3.23
*) Fixed a subtle indexing bug in SHMCB. Each sub-cache used an
indexing structure that (correctly) used index values (and ranges)
as "unsigned int", but the meta-structure in the header had these
ranged as "unsigned char".
*) Perform the SHMCB remove operation under mutual exclusion
to prevent a inter-process synchronization problem.
*) Made sure that mod_ssl does not segfault in case of
SCOREBOARD_SIZE < 1024.
*) Merged in the SDBM patch from Uwe Ohse which fixes a problem with
sdbms .dir file, which arrises when a second .dir block is needed
for the first time. read() returns 0 in that case, and the library
forgot to initialize that new block. A related problem is that the
calculation of db->maxbno is wrong. It just appends 4096*BYTESIZ
bits, which is not enough except for small databases (.dir
basically doubles everytime it's too small).
