- Updating package of p5 module for HTTP::Proxy from 0.22nb1 to 0.23
- Adjusting module type to Module::Build
- Setting license to ${PERL5_LICENSE} accroding to Makefile
Upstream changes:
0.23 Thu Sep 4 02:29:47 CEST 2008
[ENHANCEMENTS]
- HTTP::Proxy::BodyFilter::save had an issue with cygwin because
of an incorrect use of File::Spec's catdir(). This is fixed.
- CONNECT requests are now forwarded to the upstream proxy, if there
is one. Errors from the upstream proxy are relayed to the client.
[TESTS]
- t/23connect.t does not use sysread() anymore. This time the test
should pass about everywhere.
- Updating package of p5 module HTTP::DAV from 0.35 to 0.38
- Setting license to explicit 'gnu-gpl-v2 # OR artistic' as specified
in module's documentation
Upstream changes:
v0.38 (released 2009/06/09):
* bug fixes
- Fixed RT #14506 (http://rt.cpan.org/Public/Bug/Display.html?id=14506),
about the missing get_lastresponse() method. It was a documentation bug.
- Fixed RT #29788 (http://rt.cpan.org/Public/Bug/Display.html?id=29788),
avoid file corruptions on Win32 when calling HTTP::DAV::get() method.
- Fixed RT #31014 (http://rt.cpan.org/Public/Bug/Display.html?id=31014),
probably already in v0.34, since it seems related to propfind() "depth" bug.
v0.37 (released 2009/03/24):
* bug fixes
- Fixed RT #44409 (http://rt.cpan.org/Public/Bug/Display.html?id=44409),
Small bug in HTTP::DAV::put(). Passing a reference as local content resulted
in the "SCALAR(0x12345678)" being logged instead of the real scalar.
v0.36 (released 2009/02/25):
* bug fixes
- Fixed RT #19616 (http://rt.cpan.org/Public/Bug/Display.html?id=19616),
LWP::UserAgent::redirect_ok() is not changed anymore. We're subclassing
it from HTTP::DAV::UserAgent and overriding redirect_ok() there.
- Fixed RT #42877 (http://rt.cpan.org/Public/Bug/Display.html?id=42877),
HTTP::DAV::UserAgent::credentials() has been modified to behave like
LWP::UserAgent::credentials(), otherwise basic authentication breakages
can occur.
- Fixed a problem with C<-depth> argument to C<HTTP::DAV::propfind()> that
could lead to massive performance degradation, especially when running
C<propfind()> against large folders.
C<-depth> was set to 1 even when passed as zero.
Changes since 0.4:
* Rack is now managed by the Rack Core Team.
* Rack::Lint is stricter and follows the HTTP RFCs more closely.
* Added ConditionalGet middleware.
* Added ContentLength middleware.
* Added Deflater middleware.
* Added Head middleware.
* Added MethodOverride middleware.
* Rack::Mime now provides popular MIME-types and their extension.
* Mongrel Header now streams.
* Added Thin handler.
* Official support for swiftiplied Mongrel.
* Secure cookies.
* Made HeaderHash case-preserving.
* Many bugfixes and small improvements.
* Fix directory traversal exploits in Rack::File and Rack::Directory.
* SPEC changes.
* New middleware Rack::Lock.
* New middleware Rack::ContentType.
* Rack::Reloader has been rewritten.
* Major update to Rack::Auth::OpenID.
* Support for nested parameter parsing in Rack::Response.
* Support for redirects in Rack::Response.
* HttpOnly cookie support in Rack::Response.
* The Rakefile has been rewritten.
* Many bugfixes and small improvements.
OpenGoo is an easy to use Open Source Web Office.
Manage tasks, documents, contacts, e-mail, calendar, and more...
Manage project progress, track time, and bill your customers.
Access all information from a single and elegant dashboard.
Communicate with co-workers, clients and vendors.
- Fixed several security issues:
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-31 XUL scripts bypass content-policy checks
MFSA 2009-30 Incorrect principal set for file: resources loaded via
location bar
MFSA 2009-29 Arbitrary code execution using event listeners attached
to an element whose owner document is null
MFSA 2009-28 Race condition while accessing the private data of a
NPObject JS wrapper class object
MFSA 2009-27 SSL tampering via non-200 responses to proxy
CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-25 URL spoofing with invalid unicode characters
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
- Fixed several stability issues.
- Several issues were reported with the internal database, SQLite, which
have now been fixed by upgrading to a newer version.
- Fixed an issue where, in some specific cases, the bookmarks database
would become corrupt. (bug 464486)
- Updating package of p5 module for CGI::Simple from 1.109 to 1.112
- Adjusting dependencies according to META:yaml
- Setting LICENSE=${PERL5_LICENSE} according to META.yaml
Upstream changes since 1.109:
1.110 2009-05-24
- Added missing test to manifest / distro.
- Added a test to ensure the manifest is consistent.
- Migrated to git.
1.111 2009-05-28
- Implemented Michael Nachbaur fixes for multipart form data
handling.
1.112 2009-05-31
- (thanks bingos) added missing IO::Scalar dependency.
- Updating package for p5 module Catalyst::Devel from 1.15 to 1.17
- using ${PERL_LICENSE} as license
- using Module::Install support to avoid cpan invoked for feature
installs
Upstream changes:
1.17 2009-05-24 18:18:17
- Catalyst::Restarter::Forking loaded the threads and
Thread::Cancel module, even though it doesn't need them.
1.16 2009-05-23 17:29:29
- Catalyst prereq changed to 5.80. Thanks, kold! (jhannah)
- Fixed the restarter to actually work on Win32. The fix means
that the restarter is as slow as ever on Win32, but it
works. Thanks to Rodrigo for the bug report and suggestion
on how to fix it. (Dave Rolsky)
- Actually fix -p option for port number, as I failed to do it
right last time as I'm an idiot (t0m)
Version 7.19.5 (18 May 2009)
Daniel Stenberg (17 May 2009)
- James Bursa posted a patch to the mailing list that fixed a problem with
no_proxy which made it not skip the proxy if the URL entered contained a
user name. I added test case 1101 to verify.
Daniel Stenberg (11 May 2009)
- Balint Szilakszi reported a memory leak when libcurl did gzip decompression
of streams that had some parts (legitimately) missing. We now provide and use
a proper cleanup function for the content encoding submodule.
http://curl.haxx.se/mail/lib-2009-05/0092.html
- Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth
at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12
If an incorrect password is given while loading a private key, libcurl ends
up in an infinite loop consuming memory. The bug is critical.
- I fixed the problem with doing NTLM, POST and then following a 302 redirect,
as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on
curl-library). The transfer was mistakenly marked to get more data to send
but since it didn't actually have that, it just hung there...
Daniel Stenberg (10 May 2009)
- Andre Guibert de Bruet correctly pointed out an over-alloc with one wasted
byte in the digest code.
Yang Tse (9 May 2009)
- Removed DOS and TPF package's subdirectory Makefile.am, it was only used
to include some files in the distribution tarball serving no other purpose.
Files from the DOS and TPF subdirectories are now included in the EXTRA_DIST
of the Makefile in the parent subdirectory.
Yang Tse (8 May 2009)
- Changed host name literal in several tests to one under the haxx.se domain.
- Renamed vc6 workspace and project files to avoid filename clash when used
for conversion to later VS versions.
Daniel Stenberg (8 May 2009)
- Constantine Sapuntzakis fixed bug report #2784055
(http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to
connect to SOCKS proxies when using the multi interface. It turned out to
almost not work at all previously. We need to wait for the TCP connect to
be properly verified before doing the SOCKS magic.
There's still a flaw in the FTP code for this.
Daniel Stenberg (7 May 2009)
- Made the SO_SNDBUF setting for the data connection socket for ftp uploads as
well. See change 28 Apr 2009.
Yang Tse (7 May 2009)
- Fixed an issue affecting FTP transfers, introduced with the transfer.c
patch committed May 4.
Daniel Stenberg (7 May 2009)
- Man page *roff problems fixed thanks to input from Colin Watson. Problems
reported in the Debian package.
- Vijay G filed bug report #2723236
(http://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with
libcurl's TFTP code and its lack of dealing with the OACK packet.
Yang Tse (5 May 2009)
- Fixed the --ftp-port address of test #251 to the CLIENTIP address, and
reverted the change affecting test suite harness committed 4 May.
Daniel Stenberg (5 May 2009)
- Inspired by Michael Smith's session id fix for OpenSSL, I did the
corresponding fix in the GnuTLS code: make sure to store the new session id
in case the previous re-used one is rejected.
Daniel Stenberg (4 May 2009)
- Michael Smith posted bug report #2786255
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
libcurl did not deal with SSL session ids properly if the server rejected a
re-use of one. Starting now, it will forget the rejected one and remember
the new. This change was for OpenSSL only, it is likely that other SSL lib
code needs similar fixes.
Yang Tse (4 May 2009)
- Applied David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and
non-ASCII platform HTTP requests" patch addressing two HTTP PUT problems:
1) On non-ASCII platforms not all of the protocol portions of the PUT are
being translated to ASCII. 2) On all platforms the line endings of part of
the protocol portions are mangled from CRLF to CRCRLF if data->set.crlf or
data->set.prefer_ascii are set (depending on CURL_DO_LINEEND_CONV).
- Applied David McCreedy's patch to fix test suite harness to allow test FTP
server and client on different machines, providing FTP client address when
running the FTP test server.
Daniel Fandrich (3 May 2009)
- Added and disabled test case 563 which shows KNOWN_BUGS #59. The bug
report failed to mention that a proxy must be used to reproduce it.
Yang Tse (2 May 2009)
- Use a build-time configured curl_socklen_t data type instead of socklen_t.
Yang Tse (1 May 2009)
- Applied David McCreedy's patches "TPF-platform specific changes to various
files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the
former with minor edits.
Daniel Stenberg (30 Apr 2009)
- I was going to fix issue #59 in KNOWN_BUGS
If the CURLOPT_PORT option is used on an FTP URL like
"ftp://example.com/file;type=A" the ";type=A" is stripped off.
I added test case 562 to verify, only to find out that I couldn't repeat
this bug so I hereby consider it not a bug anymore!
Daniel Stenberg (29 Apr 2009)
- Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219)
I've now made TFTP "connections" not being kept for re-use within libcurl.
TFTP is UDP-based so the benefit was really low (if even existing) to begin
with so instead of tracking down to fix this problem we instead removed the
re-use. I also enabled test case 1099 that I wrote a few days ago to verify
that this change fixes the reported problem.
Daniel Stenberg (28 Apr 2009)
- Constantine Sapuntzakis filed bug report #2783090
(http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows
we need to grow the SO_SNDBUF buffer somewhat to get really good upload
speeds. http://support.microsoft.com/kb/823764 has the details. Friends
confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough.
- Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim
Chen pointed out how curl couldn't upload with resume when reading from a
pipe.
This ended up with the introduction of a new return code for the
CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but
that libcurl may try to resolve the situation anyway. In our case this means
libcurl will attempt to instead read that much data from the stream instead
of seeking and that way curl can now upload with resume when data is read
from a stream!
Daniel Stenberg (26 Apr 2009)
- Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
interface and provided a patch that fixed the problem!
Daniel Stenberg (24 Apr 2009)
- Kamil Dudka fixed another NSS-related leak when client certs were used.
- Bug report #2779245 (http://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer
Koenig pointed out that the man page didn't tell that the *_proxy
environment variables can be specified lower case or UPPER CASE and the
lower case takes precedence,
Daniel Fandrich (21 Apr 2009)
- Added new libcurl source files to Amiga, RiscOS and VC6 build files.
Yang Tse (21 Apr 2009)
- Moved potential inclusion of system's malloc.h and memory.h header files to
setup_once.h. Inclusion of each header file is based on the definition of
NEED_MALLOC_H and NEED_MEMORY_H respectively.
Renamed libcurl's memory.h to curl_memory.h
Daniel Stenberg (20 Apr 2009)
- Leanic Lefever reported a crash and did some detailed research on why and
how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The
conclusion was that if an error is detected and Curl_done() is called for
the connection, ftp_done() could at times return another error code that
then would take precedence and that new code confused existing logic that
works for the first error code (CURLE_SEND_ERROR) only.
- Gisle Vanem noticed that --libtool would produce bogus strings at times for
OBJECTPOINT options. Now we've introduced a new function - my_setopt_str -
within the app for setting plain string options to avoid the risk of this
mistake happening.
Daniel Stenberg (17 Apr 2009)
- Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP
proxy. libcurl would then wrongly close the connection after each
request. In his case it had the weird side-effect that it killed NTLM auth
for the proxy causing an inifinite loop!
I added test case 1098 to verify this fix. The test case does however not
properly verify that the transfers are done persistently - as I couldn't
think of a clever way to achieve it right now - but you need to read the
stderr output after a test run to see that it truly did the right thing.
Daniel Stenberg (13 Apr 2009)
- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by Martin
Storsj
confusing as it set the method to either GET or HEAD. The example he showed
looked like:
curl_easy_setopt(curl, CURLOPT_PUT, 1);
curl_easy_setopt(curl, CURLOPT_NOBODY, 0);
The new way doesn't alter the method until the request is about to start. If
CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is
0 and the request happens to have been set to HEAD, it will then instead be
set to GET. I believe this will be less surprising to users, and hopefully
not hit any existing users badly.
- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
is found in Redhat's bug tracker:
https://bugzilla.redhat.com/show_bug.cgi?id=453612
There are still memory leaks present, but they seem to have other reasons.
Daniel Fandrich (11 Apr 2009)
- Added new libcurl source files to Symbian OS build files.
- Improved Symbian support for SSL.
Yang Tse (10 Apr 2009)
- Daniel Johnson improved the MacOSX-Framework shell script to now perform all
the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64
libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later.
Yang Tse (8 Apr 2009)
- Removed Sun compilers preprocessor block from curlbuild.h.dist, this also
removes it from the curlbuild.h file originally distributed by the cURL
project as this file is intended for systems not capable of running the
configure script. For those who have been building curl out of the source
code curl distribution tarball provided by curl.haxx.se the change implies
nothing. Previous change in this area committed 2 Apr becomes irrelevant.
Daniel Stenberg (6 Apr 2009)
- I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success
and 1 on fatal errors. Previously it only mentioned non-zero on fatal
errors. This is a slight change in meaning, but it follows what we've done
elsewhere before and it opens up for LOTS of more useful return codes
whenever we can think of them...
Yang Tse (2 Apr 2009)
- Fix curl_off_t definition for builds done using Sun compilers and a
non-configured libcurl. In this case curl_off_t data type was gated
to the off_t data type which depends on the _FILE_OFFSET_BITS. This
configuration is exactly the unwanted configuration for our curl_off_t
data type which must not depend on such setting. This breaks ABI for
libcurl libraries built with Sun compilers which were built without
having run the configure script with _FILE_OFFSET_BITS different than
64 and using the ILP32 data model.
Daniel Stenberg (1 Apr 2009)
- Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a
strdup() call failed.
Daniel Fandrich (31 Mar 2009)
- Properly return an error code in curl_easy_recv (reported by Jim Freeman).
Daniel Stenberg (18 Mar 2009)
- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
explicitly.
Daniel Stenberg (13 Mar 2009)
- Use libssh2_version() to present the libssh2 version in case the libssh2
library is found to support it.
Yang Tse (12 Mar 2009)
- Added missing Curl_read() return code checking in TELNET transfers.
- Pierre Brico found and fixed TELNET transfers not being aborted upon
a write callback failure.
Daniel Stenberg (11 Mar 2009)
- Kamil Dudka made the curl tool properly call curl_global_init() before any
other libcurl function.
Yang Tse (11 Mar 2009)
- Added missing TELNET timeout support for Windows builds. This issue was
reported by Pierre Brico.
Daniel Stenberg (9 Mar 2009)
- Frank Hempel found out a bug and provided the fix:
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
option. It only enabled the cookie engine in the destination handle if
data->cookies is not NULL (where data is the source handle). In case of a
newly initialized handle which just had the cookie support enabled by a
curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
still NULL because the setopt-call only appends the value to
data->change.cookielist, hence duplicating this handle would not have the
cookie engine switched on.
We also concluded that the slist-functionality would be suitable for being
put in its own module rather than simply hanging out in lib/sendf.c so I
created lib/slist.[ch] for them.
- Andreas Farber made the 'buildconf' script check for the presence of m4
scripts to make it detect a bad checkout earlier. People with older
checkouts who don't do cvs update with the -d option won't get the new dirs
and then will get funny outputs that can be a bit hard to understand and
fix.
Daniel Stenberg (8 Mar 2009)
- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.
- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
when the man pages state that GNUTLS_E_SUCCESS is returned on success and
other values indicate error conditions.
- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
problem. Nonetheless I modified the code to not rely on such particular
features and to not cause further raised eyebrowse with no good reason.
Daniel Fandrich (5 Mar 2009)
- Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using
applications.
Yang Tse (5 Mar 2009)
- Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This
issue was noticed by Chris Deidun.
Daniel Fandrich (4 Mar 2009)
- Fixed a problem with m4 quoting in the OpenSSL configure check reported
by Daniel Johnson.
Daniel Stenberg (3 Mar 2009)
- David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.
1. After cleaning up a dead connection, "continue" instead of
returning FALSE. This ensures that we clean up all dead connections,
rather than just cleaning up the first dead connection.
2. Move up the cleanup for dead connections so that it occurs for
all connections, rather than just the connections which have the same
preferences as our current new connection.
Changes:
- We found out that WebKitWebHistoryItems were being kept with a
reference count of 2 instead of 1 as they should; nobody should be
relying on that, but if you hit reference counting problems with
items you were creating yourself, this is for you.
- You can now copy images from the web page to the clipboard.
- Improvements were made to the Plugin handling code.
- Scroll events will now be correctly reported to web applications.
- You can now embed arbitrary widgets as if it was a plugin, with
the new "create-plugin-widget" signal.
- The atk_text_get_text_{at,after,before}_offset methods are now
implemented for all boundary types except LINE_AFTER and
LINE_BEFORE.
- The usual stream of minor fixes and improvements, as always.
4.07 Sun May 31 2009: - Balint Szilakszi <szbalint at cpan.org>
- Fixed >32bit integer option passing to libcurl on 32bit systems.
(Thanks to Peter Heuchert for the report and fix suggestion!)
- The CURL_CONFIG environment variable can now be used to specify
which curl-config to use (contributed by claes).
- Fixed segfault when a string option with setopt was set to undef
(contributed by claes).
- Fixed incomplete cleanup routine at destruction time
(contributed by claes).
- Readded Easy.pm and Share.pm stubs so that they are indexed by
CPAN, thus avoiding complications with outdated versions appearing.
+ Save the activation status of extensions
+ Catch and ignore mouse buttons meant for horizontal scrolling
+ Improve panel detaching and how panels handle it
+ Add a Feed Panel extension
+ Add a Fixed-width Font Family preference
+ Support spell checking
+ Implement (optional) Speed dial feature
+ Support nicer error pages with WebKitGTK+ 1.1.6
+ Implement middle click to open menu items in tabs
+ Implement -s, --snapshot command line switch
+ Use libnotify (runtime dependency) for finished transfers
+ Add a Go button to the address entry
+ Always append tabs opened via middle/ double click on the tab bar
+ Implement Open new pages in: New window preference
+ Implement inline find with direct '.' and '/' hotkeys
+ Add basic support for @-moz-document in user styles
This in turn makes the build of ap2-perl with apache22 fail.
The patches committed here make ap2-perl build again.
They may not be sufficient to actually use the package in earnest, though.
- Bug 2656: Pinger dies with general protection fault
- Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
- Bug 2648: Authentificator processes deferring and don't shutdown.
- Bug 2645: allow squid to ignore must-revalidate
- Bug 2644: auth scheme initialization is broken
- Bug 2632: Make number of reforwarding tries configurable
- Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
[This problem was reported for pkgsrc in PR pkg/41521.]
- Bug 2627: HTCP Logging
- Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
- Bug 2589: SNMP returning no data - wrong oid decoded
- Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
- Bug 2559: Problem parsing /0 and /0.0.0.0
- Bug 2404: WCCP in mask mode is broken
- ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
- Complete Interception multiple NAT support
- Add Content-Disposition to the known headers list.
- Make PEER_TCP_MAGIC_COUNT configurable
- Fix pinger install location
- Enable TPROXY v4 spoofing of CONNECT requests
- ... and much documentation and code polishing
Wed May 13 02:30:21 BST 2009 - surfraw 2.2.5
* Replaced scaleplus elvi with comlaw.
* rfc: use HTML for RFCs and BCPs.
* Support '--' to indicate end of options, so, for instance,
"sr google -g -- foo -bar" works.
* debpackages, debcontents: update ubuntu release names.
In brief:
46933: Update StringManager to use Java 5 features. Patch provided by Jens Kapitza. (markt)
46990: Fix synchronization issues reported by FindBugs. Patch provided by Sebb. (markt)
Allow huge request body packets for AJP13. (rjung)
Manager application prints FAIL if application was deployed but failed to start (fhanik)
When shutdown port is disabled, print user friendly message and not a stack trace. (fhanik)
The invoker servlet has been deprecated and will be removed in Tomcat 7 onwards. (markt)
45154 Implement SEND_FILE behavior for SSL connections using NIO (fhanik)
For full details see:
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
Firefox 2.0.0.20 includes an additional security fix over Firefox 2.0.0.19 for
users of the Windows platform.
So no significant changes for Linux edition, but 2.0.0.19 is not available.
* Make SAML authentication assertion and Lasso session available in the
environement.
* Autogeneration of SP metadata. (Requires Lasso 2.2.2 or newer.)
* Multiple IdP support, with discovery service.
* Built in discovery service which tests the availability of each IdP,
and uses the first available IdP.
* Fix a mutex leak.
* MellonSecureCookie option, which enables Secure + HttpOnly flags on
session cookies.
* Better handling of logout request when the user is already logged out.
NetBSD Packages Collection.
Apache2::AuthCASSimple is an authentication module for Apache2/mod_perl2.
It allows you to authenticate users through a Yale CAS server. Users
do not need to log in if they are already authenticated by the CAS
server, only tickets are exchanged between Web client, Apache2
server and CAS server. If they are not yet authenticated, they will
be redirected to the CAS server login form.
You may want to run ikiwiki-transition deduplinks my.setup after
upgrading to this version of ikiwiki. This command will optimise
your wiki's saved state, removing duplicate information that can
slow ikiwiki down.
* ikiwiki-transition: If passed a nonexistant srcdir, or one not
containing .ikiwiki, abort with an error rather than creating it.
* Allow underlaydir to be overridden without messing up inclusion
of other underlays via add_underlay.
* More friendly display of markdown, textile in edit form selector (jmtd)
* Allow curly braces to be used in pagespecs, and avoid a whole
class of potential security problems, by avoiding performing
any string interpolation on user-supplied data when translating
pagespecs.
* ikiwiki-transition: Allow setup files to be passed to all subcommands
that need a srcdir.
* ikiwiki-transition: deduplinks was broken and threw away all
metadata stored by plugins in the index. Fix this bug.
* listdirectives: Avoid listing _comment directives and generally
assume any directive starting with _ is likewise internal.
* Re-enable python-support and add python:Depends to control file.
* ikiwiki-makerepo: Avoid using abs_path, as it apparently fails
on nonexistant directories with some broken perl versions.
* inline: Minor optimisation.
* add_link: New function, which plugins should use rather than
modifying %links directly, to avoid it accumulating duplicates.
* ikiwiki-transition: Add a deduplinks action, that can be used to
remove duplicate links and optimise a wiki w/o rebuilding it.
* external: Fix pagespec_match and pagespec_match_list. Closes: #527281
- Updating package for p5 module URI from 1.37nb1 to 1.38
- Adjusting dependencies according to META.yml
Upstream changes:
2009-05-27 Gisle Aas <gisle@ActiveState.com>
Release 1.38
Ville Skytt"a (3):
Spelling fixes.
Tatsuhiko Miyagawa (1):
skip DNS test if wildcard domain catcher (e.g. OpenDNS) is there
Gisle Aas (1):
Avoid "Insecure $ENV{PATH} while running with -T switch" error with perl-5.6.
Inspirerd by PR#39887.
Pkgsrc changes:
* Allow NetBSD>=5 cuurses
* LICENS=gnu-gpl-v2
Changes:
i(not available for 1.5.11, but it seems small changes).
Version 1.5.10 released
2008-07-28, 09:40 GMT
- shift+t now force reloads a selected feed, ignoring the last modified value
- Added a lot of OpenBSD supplied patches (Martynas Venckus)
- net-support.c: HTTP header only needs to be ASCII in the token
- conversions.c: Determine output charset with nl_langinfo()
- xmlparse.c: Convert feed title to target charset, too. Should probaly be in interface.c
- main.c, interface.h, interface.c: Add a signal handler for resizing to work on many other ncurses implementations
* Added a more reliable HTTP request class
* Added the "name" attribute to the FormSubmit widget (#702)
* Added automatic capitalization to the glossary module (#697)
* Added option to disable the table wizard cell magnifier (#716)
* Moved template "mod_message" to the front end module (#703)
* Fixed issue with mandatory password fields not being shown (#693)
* Fixed issue with "checkCredentials" hook only being executed once (#728)
* Fixed issue with insert tag "iflng" being cached (#707)
* Fixed issue with error pages sending the wrong redirect header(#749)
* Fixed issue with special characters in news links not being encoded (#747)
* Fixed issue with news pagination menu being calculated wrongly (#704)
* Fixed issue with aliases not being case-sensitive (#752)
* Fixed broken "shortened view" of the event list module (#694, #153)
* Fixed a couple of misspellings in the german translation (#701)
* Fixed a few issues with the new 2-column layout
* Fixed a few minor issues
Rehsack. apr1 is no longer an option; that's just the way it is.
Version 1.6.2
(09 May 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.2
User-visible changes:
* vastly improve memory usage with 'svn merge' (issue #3393)
* make default depth for merge 'infinity' (r37156)
* make 'status --quiet' show tree conflicts (issue #3396)
* allow '--set-depth infinity' to expand shallow subtrees (r37169)
* return an error if attempting to reintegrate from/to the repo root (r37385)
* don't store bogus mergeinfo for '--ignore-ancestry', foreign merges (r37333)
* don't allow merge of difference between two repos (r37519)
* avoid potential segfault with subtree mergeinfo (r36613, -15, -31, -41)
* recommend sqlite 3.6.13 (r37245)
* avoid unnecessary server query for implicit mergeinfo (r36509)
* avoid unnecessary server query during reverse merges (r36527)
* set depth=infinity on 'svn add' items with restricted depth (r37607)
* fixed: commit log message template missing paths (issue #3399)
* fixed: segfault on merge with servers < 1.6 (r37363, -67, -68, -79)
* fixed: repeat merge failures with non-inheritable mergeinfo (issue #3392)
* fixed: another memory leak when performing mergeinfo-aware merges (r37398)
* fixed: incorrect mergeinfo on children of shallow merges (issue #3407)
* fixed: pool lifetime issues in the BDB backend (r37137)
Developer-visible changes:
* don't fail if an embedding app has already initialized SQLite (issue #3387)
* resolve naming collisions with static stat() function in svnserve (r37527)
* fix an expectation for a failing dirent windows test (r37121)
Version 1.6.1
(10 Apr 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.1
User-visible changes:
* recommend Neon 0.28.4. (r36388)
* improve performance of 'svn merge --ignore-ancestry' (r36256)
* improve 'svn merge' performance with subtree mergeinfo (r36444)
* correctly proxy LOCK and UNLOCK requests (r36159)
* prevent a crash when updating old working copies (r36751)
* don't let svnmerge.py delete a nonexistent property (r36086, -767, -769)
* don't fail when upgrading pre-1.2 repositories (r36851, -7)
* allow escaping of separator characters in autoprops (r36763, -84)
* improve tempfile creation robustness on Windows (r36442, -3)
* fix change-svn-wc-format.py for 1.6.x working copies (r36874, -5)
* improve configure's detection of Berkeley DB (r36741, -2)
* don't allow foreign merges to add foreign mergeinfo (issue #3383)
* improve performance of 'svn update' on large files (r36389, et. al.)
* fixed: error leak and potential crash (r36860)
* fixed: parent directory handling on Windows (r36049, -50, -51, -131)
* fixed: unintialized memory errors (r36252, -3)
* fixed: potential working copy corruption (r36714)
* fixed: working copy upgrade error (r36302)
* fixed: pointer dereference error (r36783)
* fixed: error diff'ing large data with ignored whitespace (r36816)
* fixed: potential hang in ra_serf (r36913)
* fixed: problem with merge and non-inheritable mergeinfo (r36879)
* fixed: repeated merging of conflicted properties fails (issue #3250)
* fixed: excluding an absent directory segfaults (issue #3391)
Developer-visible changes:
* ensure svn_subst_translate_cstring2() properly flushes data (r36747)
* make serf report a base checksum to apply_textdelta (r36890)
* syntax updates for strict C89 compilers (r36799)
* update RPM scripts for RHEL4 (r36834)
* allow tests to be run with Python 2.6.1 on Windows (r36149, -50, -51, -56)
* allow building JavaHL with Visual Studio 2008 (r36954)
* stop setting default translation domain in JavaHL (r36955)
* fixed: warning with Python 2.6 and ctypes bindings (r36559)
* fixed: undefined references to svn_fs_path_change2_create() (r36823)
Version 1.6.0
(20 Mar 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.0
User-visible changes:
- General:
* Now require Windows 2000 or newer on Windows (r33170)
- Major new features:
* identical files share storage space in repository (issue #2286)
* file-externals support for intra-repository files (issue #937)
* "tree" conflicts now handled more gracefully (issue #2282, #2908)
* repository root relative URL support on most commands (issue #3193)
- Minor new features and improvements:
* pre-lock hook can now specify lock tokens via stdout (r32778)
* svnmucc: support '--with-revprop' (r29492)
* merge: log include-descendants in operational log (r30426, r30428)
* improved operational logging for 'svn switch' (r30517)
* new 'Header' keyword, similar to 'Id' but with full URL (r35386)
* warn/disallow when storing plain-text passwords (r31046)
* support KWallet and GNOME keyring for password storage (r31241, -337)
* client now caches SSL client cert passphrases (issue #2489)
* add '--prefix-file' option to 'svndumpfilter' (issue #2697)
* add '--ignore-externals' option to 'svn cp' (issue #3365)
* add '--with-no-revprops' to 'svn log' (issue #3286)
* new 'svnadmin pack' command to compress FSFS filesystems
* new SVNAllowBulkUpdates mod_dav_svn directive (issue #3121)
* new public mod_dav_svn URI syntax: path?[p=PEG][&r=REV] (r34076)
* new 'svnsync info' command to show synchronization information (r35053)
* conflict resolver supports display-conflict, mine-conflict and theirs-conflict
- Client-side bugfixes:
* faulty reflexive merges (issue #2897)
* buffer overflow on a 0 byte string buffer (r35968, -74)
* conflict resolver needed more useful 'diff' option (issue #3048)
* disable username assumption (issue #2324)
* more accurate usage message for 'svn log' (r30449)
* do not repeat merge if target has explicit mergeinfo (issue #2821)
* corruption when filtering self-referential mergeinfo (r30467)
* filter empty mergeinfo with self-referential mergeinfo (r30510)
* pay attention to partial replay from the server in svnsync (r30440)
* improved property name handling in svnsync (r30480)
* properly recognize the file:/// in repository with svnsync (r30482)
* svn+ssh SIGKILLs ssh processes (issue #2580)
* 'svn up'/'svn co' early abort with svn:externals (issue #3148)
* improve tempfile names for conflict resolver (issue #3166)
* ra_serf: 'svn merge' aborts (issue #3212)
* 'svn cleanup' failed on non-ASCII characters (issue #3313)
* 'svn update' fails on moved, modified file with local mods (issue #3354)
* easier use of NTLM for proxy with ra_neon (r29874)
* 2-url merge from DAV-accessed foreign repo makes bad wcprops (issue #3118)
* can't add .svn (and children) to your wc via '--parents' (r35819)
* improved performance removing unversioned directories (r36111)
* 'svn cp --parents' had path URL encoding issues (issue #3374)
* support shell quoting rules in externals definitions (issue #2461)
* new SVN_LOCALE_DIR environment variable for localization (issue #2879)
* scheme and domain name in urls handled case insensitive (issue #2475)
* merge: pick default revisions with peg revision in single url (r30455)
* many other minor bugfixes, optimizations, plugs of memory leaks, etc
- Server-side bugfixes:
* mod_dav_svn runs pre-revprop-change twice (issue #3085)
* mod_dav_svn ignores pre-revprop-change failure on delete (issue #3086)
* mod_dav_svn prevented lock breaks from being propagated to client (r29914)
* non-UTF8 filenames could enter repository (issue #2748)
* 'svnlook proplist' xml output (issue #2809)
* don't let mod_dav_svn hide errors from client (issue #3102)
* ra_serf failure during update (issue #3113)
* ra_serf comply with RFC 2617 in handling authentication headers (r35981)
* use both SHA1 and MD5 in the FS backends (r34388)
* many other minor bugfixes too numerous to list here
- Contributed tools improvements and bugfixes:
* commit-email.pl: Deprecated; use mailer.py instead (r31755, -67)
* svnmerge.py migration tool munged svn:mergeinfo ordering (issue #3302)
* And other random sundry stuff
Developer-visible changes:
- General:
* serf 0.3.0 required, when building with serf (r35586)
* require SQLite 3.4.0 or newer (r33520)
* allow the use of an in-tree SQLite amalgamation (r35263)
* svn_log_changed_path_t now includes a 'kind' field (issue #1967)
* BDB `changes' table inconsistency when APIs are misused (issue #3349)
* configure should prefer apr-1 over apr-0 if both are present (issue #2671)
* make 'Not Found' errors consistent between RA layers (issue #3137)
* fix a potential buffer overrun (r34374)
* many bug fixes and improvements to the test suite
- API changes:
* notification system for properties and revision properties (issue #783)
* make ra_svn's merge commit-revprops public (r30462, r30453)
* mod_dav_svn operational logging compatible with svnserve logging (r30518)
* improve speed of svn_client__get_copy_source() (issue #3356)
* if fsfs commit fails return SVN_INVALID_REVNUM (r35950)
- Bindings:
* new: ctypes python bindings
* many improvements to all bindings (Java, Perl, Python, and Ruby)
* respect CFLAGS in SWIG bindings (r35879)
* fix building Ruby bindings with Ruby 1.9 (r35852, r35883)
