SVN::Web is a repository browser for Subversion, similar to cvsweb
and ViewCVS.
This is a snapshot from the SVN::Web Subversion repository; it is
*NOT* a stable release.
Moved to latest version 2.7.8.
Added patch that fixed flags when sending location header.
Added patch to cgihandler to append local directory so that relative URLs
would work.
Added patch to cgihandler to handle SystemExit so that pages would not
ISE when sys.exit(0) was used to exit from the script.
Added patch to break HTTP headers off from page correctly when CRLF and LF
is used inconsistently in a page.
Changes:
o Better user interface (for example a reworked menu, and
improved keyboard navigation)
o Support for remote files using gnome-vfs
o Nicer user interface (many new icons and buttons, and general
user interface cleanups)
o Many bug fixes and much more.
* connection setup may look like syn flood attack if server is
refusing connection
* --enable-arp-acl may give warning about net/route.h
* Incorrect html on empty Gopher responses
* positive_dns_ttl ignored when using internal DNS client
* squid_ldap_group update to version 2.12
* 100% CPU loop if external_acl combined with authentication
* maximum_object_size too large causes squid not to cache
* Install of Mozilla/Netscape plugins fails because .xpi mime type unknown
* Segfault if failing to load error page
* Error page translation updates for German and Lithuanian
* auth_param documentation update
* pam_auth fails on Solaris when using pam_authtok_get
* FQDNcache discards negative responses when using internal DNS
* login with space confuses redirector helpers
* digest auth never detects password changes
* cache.log message on "squid -k reconfigure" confusing
changes since 1.23:
Release 1.27
The URI module is now less strict about the values accepted
for gopher_type attribute of gopher:-URLs. Patch suggested
by the Net::Gopher author; William G. Davis.
Release 1.26
Help Storable deal with URI objects. Patch contributed
by <talby@trap.mtview.ca.us>.
Fix failure under OS/2. Patch contributed by Ilya Zakharevich.
Release 1.25
Allow literal '@' in userinfo. If there are multiple '@' chars
in the 'authority' component use the last (instead of first) as
the 'userinfo' delimiter.
Make URI->query_form escape '[' and ']'. These chars where added
to the reserved set in RFC 2732. This also match MSIE behaviour.
Silience warning from 'sip' support class.
Release 1.24
Relative URIs that start with the query string directly (i.e. "?q")
are now absolutized as specified in rfc2396bis. See:
http://www.apache.org/~fielding/uri/rev-2002/issues.html#003-relative-query
Added URI::Split module. It's a lightweight module that can be
used to parse and compose URI string to/from its component parts.
The rel() method will now work from canonical URIs. That allow it
to extract a relative URI in more cases.
changes since 3.31:
Release 3.34
Fix segfault that happened when the parse callback caused
the stack to get reallocated. The original bug report was
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217616>
Release 3.33
Perl 5.005 or better is now required. For some reason we get
a test failure with perl-5.004 and I don't really feel like
debugging that perl any more. Details about this failure can
be found at <http://rt.cpan.org/Ticket/Display.html?id=4065>.
New HTML::TokeParser method called 'get_phrase'. It returns
all current text while ignoring any phrase-level markup.
The HTML::TokeParser method 'get_text' now expands skipped
non-phrase-level tags as a single space.
Release 3.32
If the document parsed ended with some kind of unterminated markup,
then the parser state was not reset properly and this piece of markup
would show up in the beginning of the next document parsed.
<http://rt.cpan.org/Ticket/Display.html?id=3954>
The get_text and get_trimmed_text methods of HTML::TokeParser can
now take multiple end tags as argument. Patch by <siegmann@tinbergen.nl>
at <http://rt.cpan.org/Ticket/Display.html?id=3166>.
Various documentation tweaks.
Included another example program: hdump
where 0.6.1 is still the latest build available).
Here are the news in this release of Mozilla Firebird:
* Advanced preferences panel
* Download/helper apps preferences panel
* Cookie whitelisting
(through the new Cookie Exceptions window)
* New password manager
* Web panels (like Mozilla's sidebar panels)
* Alternate stylesheet support (through a status bar button)
* Send Page, Send Link, and Send Image menu items
* Autoscroll
* Lots of bug fixes and other small improvements
There have been too many bug fixes since Mozilla Firebird 0.6.1 to keep track of them all. It's better. Trust us ;-)
New Features and Fixes
* Mozilla now includes a spellchecker for MailNews and Composer.
* Additional MailNews improvements include:
o Users can add header lines to *every* message sent out via a
certain identity.
o A common application hang with SSL-encrypted SMTP
connections has been fixed.
o Printing of the attachments list is now supported.
o Users can now mark message as read by date.
* Many great improvements to Mozilla Composer including:
o Better resizing for images, tables, and absolutely
positioned objects.
o Support for absolutely positioned objects, movable on the
canvas using the mouse.
o Support for z-index management.
o "Snap to grid" when moving an absolutely positioned object.
o Source View now uses an editor instead of a simple textarea
(allows find and replace).
o Numerous fixes in caret management, inline styles handling,
and CSS styles handling.
* Improvements to tabbed browsing, including:
o Tabs are now replaced when a bookmark group is loaded. This
can be changed to the old "append" behavior in the Tabbed
browsing preferences.
o Back and Forward navigation for tabbed browsing and bookmark
groups has been improved. Users can now use the back button
after loading a bookmark group to restore the previous set of tabs.
o Closing a window with multiple tabs now prompts the user
with a confirmation dialog (which can be disabled for future
close operations).
* ChatZilla, Mozilla's internet relay chat (IRC) client, has had a
major overhaul bringing logging and many additional improvements.
* DOM Inspector can now display the #document node (the document root).
* It is now possible to jump from the JavaScript console to the
relevant line in the View Source Window.
* Mozilla's view source now displays line and column numbers in the
status bar.
* A quicksearch filter has been implemented for about:config.
* Gecko now supports setting color for <HR>.
* The '::' notation for CSS pseudo-elements is now supported. The old
':' notation is still supported only for pseudo-elements in CSS2
(:first-line, :first-letter, :before, :after) and the various
:-moz-tree-* pseudo-elements.
* Unstyled XML display has been improved.
* Some Windows GDI problems in Mozilla have been resolved.
* A common problem collapsing the URL bar popup on Windows has been fixed.
* Mozilla has improved performance, stability, standards support and
Web compatibility.
Here are the news in this release of Mozilla Firebird:
* Advanced preferences panel
* Download/helper apps preferences panel
* Cookie whitelisting
(through the new Cookie Exceptions window)
* New password manager
* Web panels (like Mozilla's sidebar panels)
* Alternate stylesheet support (through a status bar button)
* Send Page, Send Link, and Send Image menu items
* Autoscroll
* Lots of bug fixes and other small improvements
There have been too many bug fixes since Mozilla Firebird 0.6.1 to keep track of them all. It's better. Trust us ;-)
New Features and Fixes
* Mozilla now includes a spellchecker for MailNews and Composer.
* Additional MailNews improvements include:
o Users can add header lines to *every* message sent out via a
certain identity.
o A common application hang with SSL-encrypted SMTP
connections has been fixed.
o Printing of the attachments list is now supported.
o Users can now mark message as read by date.
* Many great improvements to Mozilla Composer including:
o Better resizing for images, tables, and absolutely
positioned objects.
o Support for absolutely positioned objects, movable on the
canvas using the mouse.
o Support for z-index management.
o "Snap to grid" when moving an absolutely positioned object.
o Source View now uses an editor instead of a simple textarea
(allows find and replace).
o Numerous fixes in caret management, inline styles handling,
and CSS styles handling.
* Improvements to tabbed browsing, including:
o Tabs are now replaced when a bookmark group is loaded. This
can be changed to the old "append" behavior in the Tabbed
browsing preferences.
o Back and Forward navigation for tabbed browsing and bookmark
groups has been improved. Users can now use the back button
after loading a bookmark group to restore the previous set of tabs.
o Closing a window with multiple tabs now prompts the user
with a confirmation dialog (which can be disabled for future
close operations).
* ChatZilla, Mozilla's internet relay chat (IRC) client, has had a
major overhaul bringing logging and many additional improvements.
* DOM Inspector can now display the #document node (the document root).
* It is now possible to jump from the JavaScript console to the
relevant line in the View Source Window.
* Mozilla's view source now displays line and column numbers in the
status bar.
* A quicksearch filter has been implemented for about:config.
* Gecko now supports setting color for <HR>.
* The '::' notation for CSS pseudo-elements is now supported. The old
':' notation is still supported only for pseudo-elements in CSS2
(:first-line, :first-letter, :before, :after) and the various
:-moz-tree-* pseudo-elements.
* Unstyled XML display has been improved.
* Some Windows GDI problems in Mozilla have been resolved.
* A common problem collapsing the URL bar popup on Windows has been fixed.
* Mozilla has improved performance, stability, standards support and
Web compatibility.
compile-time visible change, but it certainly makes an impact at run-time.
Bump the PKGREVISION so that we can differentiate this fixed package from
previous, unloadable versions.
Changes:
Addressing two issues reported by Jouko Pynnönen:
- Forced placement of downloaded skin-files in undesirable locations
- Buffer overflow when processing skins
- Additionally, added an OpenSSL ASN.1 patch. (from OpenSSL 0.9.6k, November 4, 2003)
Changes:
Privacy and security
* Opera 7.22 includes Sun Java version 1.4.2_01
* Security update specifically addressing the downloading of setup files
in Opera (bug reported by S.G. Masood)
* Fix for completion of help-file URL shortcuts
Fixes pkg/23437 by Hideyuki KURASHINA
=== Release 2.1pre14
SunOS 4 portability fixes
Fixed bug with moving bookmark directory into itself
Search in bookmarks, extensions and associations
FTP rest was broken after passive FTP
Support for smb:// urls. smbclient must be installed
Support for incomplete pasv addresses
Fixed blank page instead of directory redirect when using passive ftp
Do not send first ftp command until head is received
Image view & download with 'i', '*' to change inlined image display
Display image names
Better parsing of ftp directories
Fixed authorization not working when file was in top directory
Updated Russian translation
Allow broken html tags with '=' inside
Do not retry DNS failures
=== Release 2.1pre13
Fixed possibility that invalid communication on socket could crash links
Do not print 1000l on FreeBSD console on exit
Fixed passive FTP, added option to fast FTP
Print host name in HTTP auth dialog
Passive FTP.
Fixed incorrect truncating of file on 304 reply
Updated Russian translation
Russian letters
Changed translation of Russian letters into 7bit ascii
Basic HTTP authentication (sponsored PerMov^(TM))
Fixed aliasing problem on gcc 3.31
Do not set timeout in DNS lookup and connection making
Fixed PmShell quirks in keyboard handling
Fixed screen sometimes not updating highlighted link
November 4, 2003
wdg-sgml-lib 1.1.3: updated DTDs for MathML 2.0 Second Edition
October 13, 2003
validate 1.2:
* added warnings for valid but unsafe HTML when giving a --warn
or -w command-line option
* included a patch from Ville Skyttä to support Perl's taint
mode, better portability with file paths, and auto-detection
of Emacs mode
From release announcemenet:
After a lengthy QA process, PHP 4.3.4 is finally out!
This is a medium size maintenance release, with a fair number of bug fixes.
All users are encouraged to upgrade to 4.3.4.
Bugfix release
PHP 4.3.4 contains, among others, following important fixes, additions
and improvements:
* Fixed disk_total_space() and disk_free_space() under FreeBSD.
* Fixed FastCGI support on Win32.
* Fixed FastCGI being unable to bind to a specific IP.
* Fixed several bugs in mail() implementation on win32.
* Fixed crashes in a number of functions.
* Fixed compile failure on MacOSX 10.3 Panther.
* Over 60 various bug fixes!
For full list of changes in PHP 4.3.4, see ChangeLog:
http://www.php.net/ChangeLog-4.php#4.3.4
Major changes since 1.3.28:
Security vulnerabilities
* CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred if
one configured a regular expression with more than 9 captures.
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
and have been fixed in Apache 1.3.29:
* Within ap_bclose(), ap_pclosesocket() is now called
* consistently
for sockets and ap_pclosef() for files. Also, closesocket()
is used consistenly to close socket fd's. The previous
confusion between socket and file fd's would cause problems
with some applications now that we proactively close fd's to
prevent leakage.
* Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name.
* Prevent creation of subprocess Zombies when using CGI wrappers
such as suEXEC and cgiwrap.
Major changes since 2.8.15:
*) Upgraded to Apache 1.3.29
*) Avoid memory corruption in certificate handling caused by a heap
memory double-freeing situation.
*) Allow "HTTPS" variable to be passed through by suEXEC.
*) Clear the OpenSSL error code in pass phrase reading code to
workaround the following situation: multiple keys, all with
different passphrases -- entering the correct pass phrase at each
prompt leads to an OpenSSL error message after the last prompt.
*) Reverted the recent change where ap_cleanup_for_exec() called
ap_kill_alloc_shared(). This caused nasty side-effects in other
processes and is not necessary at all (because shared memory
segments are not inherited across exec).
*) mod_ssl was checking the OpenSSL error reason code against
SSL_R_HTTP_REQUEST and concluded the result is an SSL error. Since
OpenSSL reason codes are not unique, this isn't always the case.
It now additionally checks that the library is the SSL library.
Major changes since 1.3.28:
Security vulnerabilities
* CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred if
one configured a regular expression with more than 9 captures.
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
and have been fixed in Apache 1.3.29:
* Within ap_bclose(), ap_pclosesocket() is now called
* consistently
for sockets and ap_pclosef() for files. Also, closesocket()
is used consistenly to close socket fd's. The previous
confusion between socket and file fd's would cause problems
with some applications now that we proactively close fd's to
prevent leakage.
* Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name.
* Prevent creation of subprocess Zombies when using CGI wrappers
such as suEXEC and cgiwrap.
unfortunately.
Tidy now comes with a (static) library, thus a buildlink2.mk file is now
provided.
There's no need to set PRESERVE_FILE_TIMES in CFLAGS anymore, thus
PR pkg/20489 is fixed.
Changes with Apache 2.0.48
*) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
the AF_UNIX socket used to communicate with the cgid daemon and
the CGI script. [Jeff Trawick]
*) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and
mod_rewrite which occurred if one configured a regular expression
with more than 9 captures. [André Malo]
*) mod_include: fix segfault which occured if the filename was not
set, for example, when processing some error conditions.
PR 23836. [Brian Akins <bakins@web.turner.com>, André Malo]
*) fix the config parser to support <Foo>..</Foo> containers (no
arguments in the opening tag) supported by httpd 1.3. Without
this change mod_perl 2.0's <Perl> sections are broken.
["Philippe M. Chiasson" <gozer@cpan.org>]
*) mod_cgid: fix a hash table corruption problem which could
result in the wrong script being cleaned up at the end of a
request. [Jeff Trawick]
*) Update httpd-*.conf to be clearer in describing the connection
between AddType and AddEncoding for defining the meaning of
compressed file extensions. [Roy Fielding]
*) mod_rewrite: Don't die silently when failing to open RewriteLogs.
PR 23416. [André Malo]
*) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
rewritten request using "proxy:". The code was adding multiple "proxy:"
fields in the rewritten URI. PR: 13946.
[Eider Oliveira <eider@bol.com.br>]
*) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
expires as directed in RFC 2616. [Thomas Castelle tcastelle@generali.fr]
*) Ensure that ssl-std.conf is generated at configure time, and switch
to using the expanded config variables to work the same as
httpd-std.conf PR: 19611
[Thom May]
*) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
[Hartmut Keil <Hartmut.Keil@adnovum.ch>]
*) mod_autoindex: If a directory contains a file listed in the
DirectoryIndex directive, the folder icon is no longer replaced
by the icon of that file. PR 9587.
[David Shane Holden <dpejesh@yahoo.com>]
*) Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name. PR 16661.
[Manni Wood <manniwood@planet-save.com>]
*) mod_cache: Fix the cache code so that responses can be cached
if they have an Expires header but no Etag or Last-Modified
headers. PR 23130.
[bjorn@exoweb.net]
*) mod_log_config: Fix %b log format to write really "-" when 0 bytes
were sent (e.g. with 304 or 204 response codes). [Astrid Keßler]
*) Modify ap_get_client_block() to note if it has seen EOS.
[Justin Erenkrantz]
*) Fix a bug, where mod_deflate sometimes unconditionally compressed the
content if the Accept-Encoding header contained only other tokens than
"gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo]
*) Avoid an infinite recursion, which occured if the name of an included
config file or directory contained a wildcard character. PR 22194.
[André Malo]
*) mod_ssl: Fix a problem setting variables that represent the
client certificate chain. PR 21371 [Jeff Trawick]
*) Unix: Handle permissions settings for flock-based mutexes in
unixd_set_global|proc_mutex_perms(). Allow the functions to be
called for any type of mutex. PR 20312 [Jeff Trawick]
*) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
*) Fix a misleading message from the some of the threaded MPMs when
MaxClients has to be lowered due to the setting of ServerLimit.
[Jeff Trawick]
*) Lower the severity of the "listener thread didn't exit" message
to debug, as it is of interest only to developers. PR 9011
[Jeff Trawick]
*) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
[Cliff Woolley, Jean-Jacques Clar]
*) Install config.nice into the build/ directory to make
minor version upgrades easier. [Joshua Slive]
*) Fix mod_deflate so that it does not call deflate() without checking
first whether it has something to deflate. (Currently this causes
deflate to generate a fatal error according to the zlib spec.)
PR 22259. [Stas Bekman]
*) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an
identity spoof is encountered.
[Sander Striker]
*) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
containing the .htaccess file is requested without a trailing slash.
PR 20195. [André Malo]
*) ab: Overlong credentials given via command line no longer clobber
the buffer. [André Malo]
*) mod_deflate: Don't attempt to hold all of the response until we're
done. [Justin Erenkrantz]
*) Assure that we block properly when reading input bodies with SSL.
PR 19242. [David Deaves <David.Deaves@dd.id.au>, William Rowe]
*) Update mime.types to include latest IANA and W3C types. [Roy Fielding]
*) mod_ext_filter: Set additional environment variables for use by
the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
*) Fix buildconf errors when libtool version changes. [Jeff Trawick]
*) Remember an authenticated user during internal redirects if the
redirection target is not access protected and pass it
to scripts using the REDIRECT_REMOTE_USER environment variable.
PR 10678, 11602. [André Malo]
*) mod_include: Fix a trio of bugs that would cause various unusual
sequences of parsed bytes to omit portions of the output stream.
PR 21095. [Ron Park <ronald.park@cnet.com>, André Malo, Cliff Woolley]
*) Update the header token parsing code to allow LWS between the
token word and the ':' seperator. [PR 16520]
[Kris Verbeeck <kris.verbeeck@advalvas.be>, Nicel KM <mnicel@yahoo.com>]
*) Eliminate creation of a temporary table in ap_get_mime_headers_core()
[Joe Schaefer <joe+gmane@sunstarsys.com>]
*) Added FreeBSD directory layout. PR 21100.
[Sander Holthaus <info@orangexl.com>, André Malo]
*) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
response. PR 21085. [Glenn Nielsen <glenn@apache.org>, André Malo]
*) mod_rewrite: Perform child initialization on the rewrite log lock.
This fixes a log corruption issue when flock-based serialization
is used (e.g., FreeBSD). [Jeff Trawick]
*) Don't respect the Server header field as set by modules and CGIs.
As with 1.3, for proxy requests any such field is from the origin
server; otherwise it will have our server info as controlled by
the ServerTokens directive. [Jeff Trawick]
New in version 2.24:
* Added a bunch of MIME types.
* Fix minor problem with returning unknown protocol on some errors.
* Changed the config-file option for diabling symlink checking from "nosymlink" to "nosymlinkcheck" to make its function clearer.
* Allow blank lines in the config file.
* Handle more than one SIGHUP and SIGUSR2 (Cameron Gregory).
* Slight change to handle_newconnect() to better deal with unexpected errors from accept(), such as running out of file descriptors (Alex Keahan).
* Added optional minimum rate to throttles.
* Stats syslog messages downgraded from LOG_NOTICE to LOG_INFO.
* Use unsigned short consistently for port number.
* Prohibit slashes in the Host: header (Marcus Breiing).
* Added a -dd data_dir flag and corresponding config-file option.
* Got rid of the old timer-based zombie process reaper, replacing it with a SIGCHLD handler.
* Changed the idle connection checking from using a separate timer for each connection to using a single timer that checks all active connections.
* Correction to missing-slash directory redirect with query string.
* Added a watchdog alarm handler that forces a core dump if thttpd stops running its timers for too long.
* Don't send Content-Length header on 304 Not Modified responses.
* Allow user-agent log entries to be up to 200 characters long, instead only of 80.
* Fixed buffer overflow bug in defang().
* Re-arranged the order of calling de_dotdot() so that it doesn't get applied to query strings.
* Some fixes for the syslogtocern script (paul fox).
* Changed configure script to use "gcc -dumpversion" instead of "gcc --version" (Ed Goforth).
* Changed most uses of \r and \n to \015 and \012 (Jens Bauer).
* In ssi.c, lack of PATH_INFO is now non-fatal (David Phillips).
* Some improvements to fdwatch (David Burgess).
o fixes for basic authorisation. from <ecu@ipv42.net>
o always display file size in directory index mode
o add .xbel, .xml & .xsl -> text/xml mappings. from
<wiz@danbala.ifoer.tuwien.ac.at>
o fixes for basic authorisation. from <ecu@ipv42.net>
o always display file size in directory index mode
o add .xbel, .xml & .xsl -> text/xml mappings. from
<wiz@danbala.ifoer.tuwien.ac.at>
Fixed memory leak with Content-Type at http.c:37
Workaround broken cfmakeraw on AIX
Users can enter own shell command for executing external programs.
Commands in X are executed in xterm, not on console.
Do not send Range on refresh
More information on image files in Info menu.
Allow opening of a link in a new window (target="_blank").
Serbian translation
Added "id" attribute to the <img> tag.
Serbian Cyrillic letters
Updated Hungarian translation
Table frame and rules when no border attribute present
Fixed spelling errors found by Francois Gouget's program
Fixed crash in frames introduced in Tue Jun 17 23:15:46 MET DST 2003
Add slash after URLs like ftp://host:1234
Anchors allowed in frame locations
No char with code 13 when pasting in OS/2
Aggressive cache is in cache dialog, not in HTTP bugs dialog
302 redirects are not cached
Fixed redirect left after reloading cached document
Do not send "Range" when cache expires
Fixed some languages (removed name ELinks)
Updated Russian localization
Fixed \001 in bookmarks and window title when title contained 0xa0
Fixed bug that can't happen in select_mainmenu
Fixed numbers on links not consistent with internal order. Still not
perfect but better than it used to be.
structures and rendered documents together, and deduce
templates that could have performed the transformation.
It is a companion to Template and Template::Extract; their
relationship is shown below:
Template: ($template + $data) ==> $document # normal
Template::Extract: ($document + $template) ==> $data # tricky
Template::Generate: ($data + $document) ==> $template # very tricky
This module is considered experimental.
template extraction functionality. It can take a rendered document
and its template together, and get the original data structure
back, effectively reversing the "process" function.
This module is considered experimental. If you just wish to extract
RSS-type information out of a HTML document, WWW::SherlockSearch
may be a more robust solution.
Version 2.10 provides a few trivial new features and applies fixes to
some small bugs. For example, you can now use IN instead of = in a
loop, e.g. FOREACH item IN list. The WRAPPER configuration option is
new, and Template::Context and Template::Stash now both implement
define_vmethod() methods which make it easier to define new virtual
methods.
Version 2.09 contained mostly bug fixes and minor enhancements.
Version 2.08 added compile time constant folding which can result in a
significant performance boost when processing templates. It also
offered several other minor enhancements and bug fixes.
curses.buildlink2.mk. This was wrong because we _really_ do want to
express that we want _n_curses when we include the buildlink2.mk file.
We should have a better way to say that the NetBSD curses doesn't
quite work well enough. In fact, it's far better to depend on ncurses
by default, and exceptionally note when it's okay to use NetBSD curses
for specific packages. We will look into this again in the future.
Changes in release sitecopy 0.13.4, 29 July 2003
* Fix ~/.sitecopy directory permissions check on some platforms.
* Fix included getopt build on some platforms.
* Updated Italian translation (Cristian Rigamonti).
* neon updates:
- add support for Kerberos authentication over HTTP ("GSS-Negotiate").
- fix compatibility with OpenSSL 0.9.6.
Changes in release sitecopy 0.13.3, 30 June 2003
* 'ls' parsing tweaks in FTP fetch mode.
* Better error handling for corrupt site storage files.
* Update to neon 0.24.
Changes in release sitecopy 0.13.2, 17 June 2003
* Fixes for FTP synch mode (Paul J. Mantyla, David Madore and others).
Changes in release sitecopy 0.13.1, 15 June 2003
* Fixes for FTP fetch mode:
- corruption of downloaded files
- handling of empty lines in responses
* Drop support for non-XML storage files produced by sitecopy-0.7.0 and earlier.
* Fixes for SSL certificate caching.
* Fix build using included libintl.
* Fix fn_escape() build with some compilers.
Changes in release sitecopy 0.13.0, 10 May 2003
* Really fix use of non-ASCII filenames:
- drop 'charset' config option - this should no longer be used
- filenames should be preserved exactly regardless of character set
* Support WebDAV over SSL again: user is prompted to verify the server
certificate on first access.
* Enable use of bundled expat.
* Add Italian translation from Cristian Rigamonti.
* Fix segfault if SSL is requested but not supported.
* Fix build on AIX (Takeshi NISHIMATSU), FreeBSD.
Changes in release sitecopy 0.12.1, 19 February 2003
* Fix corruption of uploaded files in FTP mode (Jonathan Paisley)
* Fix build when included libintl is used (Nathan Hand).
* Fix bogus "XML parser received non-8-bit data" error.
* Fix make install (Juergen Daubert).
* Disable use of bundled expat pending build fix.
- Support mod_perl version 1 and 2 (1.99) (Michael Legart)
- Send status code 500 on errors, 404 on file not found and
make IE show our own errorpage. (Thomas L. Kjeldsen)
- Bugfix for directories named "0" (Andreas Plesner Jacobsen)
- Added "selection mode". Select images with checkboxes and
get a list of filenames. (Peter Andreasen)
- Fix to let the module work with perl 5.005 (Aaron)
- Do not allow scaling pictures to sizes above their
original size (Aaron)
- Added GalleryUseFileDate option to make A::G show
the files timestamps instead of using the EXIF value (Dennis Haney)
- Remember display size when turning Slideshow off (Hans Joergensen)
- Nice new layout (Thomas Kjaer)
- New option GalleryEXIFMode to control the way EXIF
info is displayed. See docs for details (Michael Legart)
- Support for the FNumber EXIF value (Thomas Corell)
- Added GalleryRootText option to allow changing the name of
the root element in the menu (Christopher Knight)
- Use Image::Imlib2 instead of Inline::C (Andreas Plesner Jacobsen)
- New option GalleryMaxThumbnailsPerPage to limit the number
of thumbnails displayed per page. Disabled by default
and requires templates update. (Michael Legart)
- Bugfix for the GalleryThumbnailSize option. Both height and
width max sizes are now obeyed. (David Gee)
Changes:
* resolve symlinks before opening a file [#60860 ]
* don't insert the "<meta http-equiv="Content-Type" content="text/html;
charset=..." line when using the Quick Start dialog [#61500 ]
* fix CTRL-C behavior [#62624]
* fix message window handling
* fix script action error output handling
* honour the "Do not load the modified version from disk." setting in the
dirty file dialog
1.4
o Added AuthPGGroupQuery.
o AuthPGGroupQuery doesn't require AuthPGGroupTable.
o Database access errors in verifying group permission leave log messages.
o AuthPGQuery works with AuthPGVirtual.
o Fixed a bug in AuthPGCookie.
1.3
o Fix a security problem.
(See http://cert.uni-stuttgart.de/advisories/apache_auth.php for details.)
squid 2.5.3nb4 package.
Changes to squid-2.5.STABLE4 (15 Sep 2003):
- Lithuanian error messages added to the distribution
- Bug #660: segfauld if more than one custom deny_info line
- cache_dir disd documentation cleanup
- check open of /dev/null to avoid 100% CPU loop in badly
configured chroot environments
- documentation update on uri_whitespace to refer to the correct RFC
- Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
- Bug #683: external_acl does not wait for ident lookups to complete
- aufs: Fix a minor use-after-free problem which could cause the
count of opening filedescriptors to grow larger than it should
- Syntax changes to make GCC-3.3 accept Squid without complaints
- Warning if CARP server defined in incorrect load factor order
- neighbor_type_domain documentation update
- http_header_access now works when using cache peers
- high_memory_warning now uses sbrk as fallback mechanism on
platforms where neither mallinfo or mstats are available.
- hosts_file now handles comments at the end of lines correcly
- storeCheckCachable() Stats corrected for release_request and
wrong_content_length.
- cachePeerPingsSent MIB type corrected
- unused minimum_retry_timeout directive removed
- Bug #702: ERR_TO_BIG spanish translation
- Bug #705: Memory leak on deny_info TCP_RESET
- Code cleanup to fix compile error in httpHeaderDelById
- Bug #699: Host header now forwarded exactly where it was in the
original request to work around certain broken firewalls or
load balancers which fail if this header is too far into the
request headers.
- Bug #704: Memory leak on reply_body_max_size
- Bug #686: requests denied due to http_reply_access are now
logged with TCP_DENIED (instead of TCP_MISS, etc).
- Bug #708: ie_refresh now sends no-cache to have the reload
request propagate properly in cache meshes
- Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
- Bug #709: cbdata.c:186: "c->valid" assertion due to peer
digest not found
- Bug #710: round-robin cache_dir selection incorrectly
compares max-size.
- Statistics corrections in HTTP header statitics
- QUICKSTART cleanups
- Bug #715: statCounter.syscalls.disk counters treated
inconsistently. Now increment the counters in AUFS
functions and for unlinkd.
- Improvements to the (experimental) COSS storage scheme.
- Bug #721: User name field in access.log sometimes blank
- Bug #94: assertion failed: http.c: "-1 == cfd ||
FD_SOCKET == fd_table[cfd].type"
- Bug #716: assertion failed: client_side.c:1478: "size > 0"
- Bug #732: aufs calculates number of threads and limits wrongly
- Bug #663: Username not logged into access.log in case of /407
- Bug #267: Form POSTing troubles with NTLM authentication
and occationally in differen other error conditions.
- Bug #736: ICP dynamic timeout algorithm ignores multicast.
- Bug #733: No explicit error message when ncsa_auth can't access
passwd file
- Bug #267, #757: POST with NTLM stops after persistent connection
timeout
- Bug #742: Wrong status code on access denials if delay_access
is used. Most notably 407 instead of 403 could be returned.
- Bug #763: segfault if using ntlm in http_reply_access
- Bug #638: assertion error if using proxy_auth in delay_access
- Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
- The issue of reply_body_max_size limiting the size of error
messages no longer applies.
- external_acl_type concurrency= option renamed to children= to
prepare for Squid-3 upgrades. Old syntax still accepted for the
duration of the Squid-2.5 release.
- number of filedescriptors rounded down to an even multiple of 64
to work around issues in certain libc implementations.
- winbind helpers less noisy in cache.log on restarts/shutdown.
- Squid now automatically restarts helpers if too many of them
have crashed.
Changes since 2.2.4rc1:
[mdj] SECURITY: Add dereferer to strip off session information from links to
the outside of the Horde system to protect against session hijacking.
[jan] Fix a bug with importing vCard 2.1 data.
[jan] Add Arabic (Syria) translation (Platinum Development Team
<devteam@platinum-sy.net>).
added python23-pth support
Many changes and fixes.
See ChangeLog for a complete list.
Important:
* WARNING: Removed the deprecated pycurl.init() and pycurl.multi_init()
names - use pycurl.Curl() and pycurl.CurlMulti() instead.
* WARNING: Removed the deprecated Curl.cleanup() and CurlMulti.cleanup()
methods - use Curl.close() and CurlMulti.close() instead.
- Fixed crash in Dump() function.
- Removed warning from reset() method.
- Moved <area> and <map> tags into the :html3 group. Hope this removes
undefined CGI::Area errors.
- Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
reporting of compile-time errors.
- Fixed potential deadlock between web server and CGI.pm when aborting
a read due to POST_MAX (reported by Antti Lankila).
- Fixed issue with tag-generating function not incorporating content when
first variable undef.
- Fixed cross-site scripting bug reported by obscure.
- Fixed Dump() function to return correctly formed XHTML - bug reported by
Ralph Siemsen.
- Fix to be P3P compliant submitted from MPREWITT.
- Added CGI->r() API for mod_perl1/mod_perl2.
- Fixed bug in redirect() that was corrupting cookies.
- Minor fix to behavior of reset() button to make it consistent with
submit() button (first time this has been changed in 9 years).
- Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
- Patch from Steve Hay to make CGI::Carp's error messages appear on MSIE
browsers.
- Added Yair Lenga's patch for non-urlencoded postings.
- Added Stas Bekman's patches for mod_perl 2 compatibility.
- Fixed uninitialized escape behavior submitted by William Campbell.
- Fixed tied behavior so that you can pass arguments to tie()
- Fixed incorrect generation of URLs when the path_info contains + and other
odd characters.
- Fixed redirect(-cookies=>$cookie) problem.
- Fixed tag generation bug that affects -javascript passed to start_html().
USE_GCC2 or USE_GCC3 where appropriate.
the functionality of the old gcc.buildlink2.mk has been rolled into
compiler.mk now, which is automatically used.
more changes to come later...
This version of Apache is principally a security and bug fix release.
Of particular note is that 1.3.28 addresses and fixes the following
issues: CAN-2003-0460 (cve.mitre.org) (rotatelogs bug), VU#379828
(infinite loop potential), and file descriptor leakage .
external_acl_type concurrency= renamed to children=
synopsis To lessen confusion in later upgrades to Squid-3 the
external_acl_type concurrency= option has been renamed to
children= to match Squid-3 usage. This is done because
concurrency= has a completely different meaning in
squid-3. Squid-2.5 still accepts the old syntax to keep
compatibility within the Squid-2.5 release, but it is recommended
to start using the new syntax unless you need to be able to
easily downgrade to a earlier Squid-2.5 release.
severity Cosmetic
date 2003-09-02 07:02
versions Squid-2.5.STABLE3 and earlier
platforms All
workaround Make sure to read the Squid-3 releasenotes very carefully when
upgrading.
Assertion error or segmentation fault if using proxy_auth in delay_access
synopsis If proxy_auth acl type is used in delay_access then Squid may
abort with an assertion error or segmentation fault. Notice: This
patch may change some error conditions to be logged with
TCP_DENIED rather than TCP_MISS.
severity Medium
date 2003-09-01 20:01
bugzilla #638, #756
versions Squid-2.5
platforms All
workaround Don't use proxy_auth acl types in delay_access
Segmentation fault if proxy_auth with ntlm used in http_reply_access
synopsis In configurations where authentication is enforced in http_access
and then reused in http_reply_access to further control access
levels Squid may segfault if the ntlm authentication scheme is
used.
severity Medium
date 2003-09-01 20:01
bugzilla #763
versions Squid-2.5
platforms All
workaround Don't use proxy_type acls in http_reply_access or disable the use
of the ntlm authentication scheme (disabled by default)
code 407 instead of 403 for authenticated traffic-shaped user
synopsis delay_access can disturb Squids logics on when to request a new
login from the user. Most notably if delay_access ends up in a
proxy_auth acl then any access denials will require a new login
but the opposite may also happen.
severity Medium
date 2003-08-31 09:31
bugzilla #742
versions Squid-2.5 and earlier
platforms All
workaround make sure delay_access always ends up in the same class of ACL as
http_access does on the same request.
Form POSTing troubles with NTLM authentication or other error responses
synopsis Large POST/PUT requests may fail with a "Connection reset" error
in the browser in situations where Squid immediately responds
with an error page. This is most notable when using NTLM
authentication but may also occur in a few other situations
severity Medium
date 2003-08-28 22:28
bugzilla #267, #757
versions Squid-2.5 and earlier
platforms All
workaround Allow POST/PUT without requiring authentication if you are using
NTLM authentication.
No explicit error message when ncsa_auth (squid user) can't access passwd file
synopsis ncsa_auth just exists if it can not read the supplied password
file, instead of reporting an error.
severity Minor
date 2003-08-20 12:20
bugzilla #733
versions Squid-2.5 and earlier
platforms All
workaround If ncsa_auth exits for no apparent reason, verify that the given
ncsa password file is readable by the cache_effective_user.
forwarded_for off has no effect
synopsis The patch for Bug #92 (squid-2.5.STABLE3-mem_cfd.patch) broke the
forwarded_for directive.
severity Minor
date 2003-08-18 17:18
bugzilla #750
versions Squid-2.5.STABLE3 snapshots 2003-08-07 to 2003-08-18
platforms All
workaround Use anonymization via http_header_access to delete the
X-Forwarded-For header from forwarded requests. This is probably
preferred in any case.
following note to the Makefile:
# DON'T make this package depend on the www/neon package until neon
# becomes stable; keep it using its internal copy of neon as with
# www/sitecopy. This package has in the past bounced back and forth
# between using external and internal neon because neon moves faster
# than cadaver, and does so incompatibly.
Changes in release 0.24.1:
* Add support for "GSS-Negotiate" Kerberos authentication scheme (from
Risko Gergely and Burjan Gabor).
* Disable Nagle to improve performance of small requests (thanks to
Jim Whitehead and Teng Xu).
* Fix compatibility with OpenSSL 0.9.6 (broken in 0.24.0).
* Fix prototype mismatch in ne_207.c.
* Define ssize_t from ne_request.h for Win32.
* Prevent segfault on zlib initialization failures.
* ne_sock_init does not fail if PRNG could not be seeded.
* Fix segfault in cookies code (Markus Mueller).
* Documentation updates.
Changes in release 0.24.0:
* Major changes to XML interface:
- have the start-element callback either accept, decline, abort,
or return a state integer.
- remove 'struct ne_xml_elm'; callbacks are passed {nspace, name}
strings along with a state integer.
- dropped "collect", "strip-leading-whitespace" modes
- push responsibility for accumulating cdata onto caller; drop 'cdata'
argument from end-element callback.
- don't abort if no handler accepts a particular element, just ignore
that branch of the tree.
- dropped support for libxml 1.x and expat < 1.95.0.
- guarantee that start_element callback is not passed attrs=NULL
- add ne_xml_doc_encoding() to retrieve encoding of parsed XML document.
* Major changes to SSL interface:
- rewrite of interfaces for handling server and client certificates;
ne_ssl.h: many new functions available.
- only PKCS#12-encoded client certs are supported.
- changes to most names of SSL-related functions operating on an
ne_session, e.g. ne_ssl_load_cert->ne_ssl_trust_cert.
- client cert provider callback is passed the set of acceptable CA
names sent by the server
- the entire chain of certs presented by server is now accessible
* Remove unused ne_register_progress() from socket layer.
* Changes to resolver interface: ne_addr_first and _next return const;
ne_addr_print renamed to ne_iaddr_print; ne_iaddr_make and ne_iaddr_free
have been added.
* ne_request_create() now duplicates the method string passed in.
* ne_redirect_location() will now return NULL in some cases.
* Split socket creation to ne_sock_create() from ne_sock_connect:
- should report connect() error messages properly on Win32.
* Fix several memory leaks in error handling paths.
* Add a pkg-config file, neon.pc.in.
Notable changes:
* Apache now internally handles image dispatch which enables use of
all Apache caching possibilities
* Support the EXIF Orientation key for automatic rotate
* Directory comments
* New GallerySortBy option to allow sort by time, size etc.
* Set width/height on thumbnail images for better performance
* InlineDir is no longer configurable using PerlSetVar
* Write to the error log if unable to open files in the cache
* Added slideshow feature
* Moved the cache to one single directory outside the webscope
* Allow user to customize the "No info found" message
Some people have been reporting problems with Apache segfaulting
when displaying images from certain cameras (eg. the Canon G2).
The problem can be solved by using Image::Info 1.11 or earlier.
Some highlights of changes since 4.2.3:
* PCRE updated to 4.3, GD to 2.0.15
* improved Apache2 support
* much improved stream & URL wrapper support, output compression support
* added CLI (Command Line Interface) SAPI
* debug_backtrace() backported from ZendEngine2
* faster build system
* huge number of other bug fixes and improvements
Packaging changes:
* 'pcre', 'xml', and 'session' modules folded back into main package -
'pcre' and 'xml' is required by PEAR, and 'session' is just too essential
to be separate
* 'gd' module now uses bundled PHP GD library, which is better integrated
* PHP modules use shared distinfo when possible to ease future PHP updates
* ${PREFIX}/bin/php is now CLI version, ${PREFIX}/libexec/cgi-big/php
remains CGI version
