From the CHANGELOG:
> ------
> v3.0.5
> ------
>
> [mms] Fix VFS's autocreatePath() for directory paths containing the root
> directory.
> [jan] Fix cyrsql authentication driver with unixhierarchysep enabled
> (sgrondin@csbf.qc.ca, Bug 2367).
> [mms] Fix nested IMAP AND searches.
> [mms] In sql VFS driver, allow the use of '/' at the beginning of a path to
> indicate the base directory.
> [jan] Fix returning to last page after sending problem report (Bug 2350).
> [mms] Fix a bug that caused hook code to be run unnecessarily after a user
> is already logged in.
>
>
> ----------
> v3.0.5-RC2
> ----------
>
> [cjh] Fix a far-reaching DataTree bug in loading parent ids (Bug 2203).
>
>
> ----------
> v3.0.5-RC1
> ----------
>
> [jan] Add Bosnian translation (Vedran Ljubovic <vljubovic@smartnet.ba>).
> [cjh] Let Horde_Tree handle all indent calculation based on parent/child
> relationships (Bug 2198).
> [cjh] Add initial LDAP SessionHandler driver.
> [cjh] Use row-level locking or transactions where possible to avoid
> session corruption in SessionHandler (Bug 1580).
> [mms] Add the memcached SessionHandler:: driver (Rong-En Fan <rafan@csie.org>).
> [mms] Fix verification of MIME strings with escaped quotes (Bug 2168).
> [jan] Fix generation of free periods in free/busy code with overlapping events.
> [jan] Don't show Options button in problem reporting page.
> [jan] Add Util::realPath() method.
> [mas] Include version numbers for applications on Admin Setup screen. (Bug
> 1420)
> [mas] Change IMAP Auth driver to use imap/notls by default in non-DSN mode to
> match DSN mode.
> [mas] Add tls and self-signed certificate configuration options to IMAP Auth
> driver. (Bug 1357)
> [cjh] Recognize Opera 8+ as providing advanced features (Bug 2066).
> [cjh] Fix reading of binary files on Windows in VC_svn (Bug 2036).
> [mas] Fix SQL 'LIKE' case-insensitive comparison. (Bug 2030)
> [jan] Allow charset aware IMAP searches.
> [jan] Fix Google search block for non-ascii characters (Bug 1329).
> [jan] Add quick-install instructions.
> [jan] Improve performance of several framework packages.
> [mms] Fix MIME_Contents:: caching in PHP 5 (Bug 1410).
> [jan] Fix VC SVN backend to support user names with spaces
> (shimmanning@gmail.com, Bug 1919).
> [cjh] Escape HTML in identity names (Bug 1910).
> [mas] Use updated PostgreSQL function names.
> [ben] Update application list in horde's LDAP schema
> [cjh] Enforce maxlength restrictions in Horde_Form validation (Bug 1895).
> [jan] Disable weather.com Block if not configured.
> [cjh] Include sourceroot in VC cache keys (Bug 1783).
> [jan] Add SQL script and instructions for MSDE databases (Bugs 1862, 1870,
> jeff@image-src.com).
> [jan] Allow portal blocks to be larger than two column/rows (Bugs 1189, 1632).
> [jan] Add SMTP authentication to problem reporting (Bug 1128).
> [jan] Support help files in admin directory with translations.php (Bug 1344).
> [jan] Fixed SQL binding for ODBC and MSSQL drivers (Bug 1816).
> [jan] Add configuration option to set location of MIME magic database.
> [mms] Make sure headers in a MIME_Part are encoded with the same character
> set used in that MIME_Part (Bug 1591).
> [mms] Add List-Headers listed in RFC 2369 to the list of MIME Headers that
> can only appear once in a single header (Bug 1766).
> [cjh] Fix typo in parsing of FREEBUSY data (Bug 1590).
> [jan] Support SQLite and Oracle in all SQL backend configurations.
> [cjh] Use bind variables in the Auth, VFS, and SessionHandler SQL drivers,
> and in scripts/remove_prefs.php (selsky@columbia.edu, Bugs 1665,
> 1666, 1667, 1668, 1677).
> [cjh] session_set_cookie_params() expects a relative timeout; setcookie wants
> absolute. Go back to a configinteger for $conf['session']['timeout'] and
> add time() to that value in setcookie() calls (Bugs 1302, 1658).
> THIS MAY BREAK CONFIGURATIONS SET TO USE PHP CODE. MAKE SURE TO UPDATE
> YOUR $conf['session']['timeout'] SETTING AFTER UPGRADING.
> [cjh] Use bind variables in the Prefs and Token SQL drivers
> (selsky@columbia.edu, Bugs 1652, 1653).
> [mms] Prune expanded folders that no longer exist in IMAP_Tree (Bug 1517).
> [cjh] Don't try to compress output if ZPS compression is on (Bug 1626).
> [cjh] If an app only has one prefGroup, always show that prefGroup instead
> of showing an overview screen with only one entry.
Changes:
Quanta Plus
* fix crash when deleting a file which is part of a project from the
tab context menu
* do not autoclose tag starting with <?, like <?xml
* create empty description files for scripts that don't have one
* save the content entered in a new file in the VPL editor
* do not allow invocation of the CSS editor in an empty non-CSS document
* fix many cell-merging related errors in the table editor
* fix namespace editing in the attribute editor tree
* fix lots of table editor bugs
* restore automatic conversion of accented chars behavior to pre-3.4.2
* save the content entered in a new file in the VPL editor
* fix loading order of the project view files
* replace a leading ~ in an upload profile with the users home folder and
avoid a hang
* fix lots of VPL related crashes
* show DT tags in VPL
GtkHTML-3.8.1 "Shiny" 2005-10-03
------------------------------------------
New in this release
* Updated translations
- Alessio Frusciante (it)
- Ignacio Casal Quinteiro (gl)
GtkHTML-3.8.0 "Nilgiri Sunrise" 2005-09-05
------------------------------------------
New in this release
* Fix insertion of HTML Links on images (Kaushal Kumar)
* Code clean-up for link handling (Kaushal Kumar)
* Added ro for translations (Dan Damian)
* AMD (64 bit) related build, warning fixes (Not Zed)
* Fix the distclean of the .pc file (Kaushal Kumar)
* Updated translations
- Nickolay V. Shmyrev (ru)
- Zeno Ruset (ro)
- Ivar Smolin (et)
- Mohammad DAMT (id)
- Christophe Merlet (fr)
- Telsa Gwynne (cy)
- Alexander Shopov (bg)
- Hendrik Richter (de)
- Runa Bhattacharjee (bn)
gtkhtml-3.7.7 "Rose Dew" 2005-08-22
----------------------------------------
New in this release
* Punt some dependency version requirements (Kaushal)
* Fix handling of font size -2, -1 (Kaushal)
* Fix the dumps due to faulty variable list stream parsing (Kaushal)
* Clean up stream parsing (Kaushal)
* Convert an attribute function into an API for a11y (Mengjie Yu)
* Redirect commandline spew to debug log (Julien Gilli)
* Path construction using dllmain on Win32 (Tor Lillqvist)
* Fix the html List item parsing (Kaushal)
* Fetch the coordinates correctly for icon list window (S.Ragavan)
* Fix an argument evaluation order, fix warning (David Malcolm)
* Close stray file descriptor (Kaushal)
* Updated translations
- Chao-Hsiung Liao (zh_TW)
- Duarte Loreto (pt)
- Kostas Papadimas (el)
- Gabor Kelemen (hu)
- Nikos Charonitakis (el)
- Maxim Dziumanenko (uk)
- Laurent Dhima (sq)
- Xavier Conde Rueda (ca)
- Žygimantas Beručka (lt)
gtkhtml-3.7.6 "Look mom, there ain't no bizarre bugs no more!!" 2005-08-08
--------------------------------------------------------------------------
New in this release
* Fix insertion of tables over selections (Kaushal Kumar)
* Fix UI sensitivity for Text, Font, Style options (Kaushal Kumar)
* Enable all the atk attributes for text (Mengjie Yu)
* Fix handling of simple deletion of text from table (Kaushal Kumar)
* Fix infinite looping for cursor level (Kaushal Kumar)
* Updated translations
- Marcel Telka (sk)
- Priit Laes (et)
- Tino Meinen (nl)
- Ankit Patel (gu)
- Funda Wang (zh_CN)
- GNOME PL Team (pl)
- Takeshi AIHANA (ja)
- Alexander Shopov (bg)
gtkhtml-3.7.5 "White Rose" 2005-07-25
-----------------------------------------------
New in this release
* HIGification of few dialog titles and labels (H.A.Riyaz Ahmed)
* Removal of deprecated calls (Diego Gonzalez)
* Make Win32 compatible (Tor Lillqvist)
* HIGification of more strings, titles, etc.
* Fix UI issue with Page format dialog.
* Plug leaks (Kjartan Maraas)
* Updated translations (Roozbeh Pournader, Priit Laes,
Francisco Javier F. Serrador, Miloslav Trmac,
Vincent van Adrighem, Adam Weinberger, Marcel Telka,
Ankit Patel, Takeshi AIHANA, Ignacio Casal Quinteiro,
Clytie Siddall, Kjartan Maraas, Baris Cicek, Ilkka Tuohela)
gtkhtml-3.7.4 "Hare Rama" 2005-07-11
-----------------------------------------------
New in this release
* Fixed the passing of correct offsets and signal for the screen
reader (Mengjie Yu)
* Fixed the setting of offsets when start/end slave value is
not available (Mengjie Yu)
* Fixed two strings to resolve translation issues.
* Fixed the Solaris x86 Forte build failure (Damien Carbery)
* Updated translations (Vincent van Adrighem, Priit Laes,
Adam Weinberger, Francisco Javier F. Serrador, Jens Seidel).
gtkhtml-3.7.3 "Shri Ganpati" 2005-07-01
-----------------------------------------------
New in this release
* Added "cy" (Welsh) to ALL_LINGUAS (Rhys Jones)
* Updated translations (Priit Laes, Rhys Jones, Marcel Telka,
Abel Cheung)
gtkhtml-3.7.2 "Changing guards" 2005-06-06
-----------------------------------------------
New in this release
* Public API cleanup (Rodo)
* Fixed translation issues (Changwoo Ryu bug #301120)
* Fixed Find/Replace crash
* Enhaced DnD support (sragavan)
gtkhtml-3.7.1 "Changing guards" 2005-05-18
-----------------------------------------------
New in this release
* Fixed a table crash on undo
* Added visited link change of color feature.
* Cleaned up cluev and text slave code and made it more organized.
gtkhtml-3.7.0 "Changing guards" 2005-04-26
------------------------------------------------
New in this release
* a11y changes (Mengjie Yu)
* fixed crash happening when editing nested cluevs
* fixed infinite loop in cursor navigation
* fixed crash happening with invalid parsed structure
* fixed insertion color tracking (Mengjie Yu)
* introduced stress test
* fixed table cell parsing
* fixed deletion around tables
* fixed cursor movement around images
* fixed fonts zooming
* fixed table size editing
* fixed text foreground color
* fixed padding of table cells
* fixed scrolling in caret mode (Mengjie Yu)
* fixed cursor navigation around anchors
* fixed parsing of DIV blocks
* fixed cusror tracking in caret mode (Mengjie Yu)
* fixed the building process to compile on win32 (Tor Lillqvist)
* added [un]block selection commands
* cleaned up the debug prints
* fixed many memory leaks
* added more tests
* updated translations (Laszlo Dvornik, Abel Cheung, Baris Cicek,
Pawan Chitrakar, Ahmad Riza H Nst, Adam Weinberger,
Roozbeh Pournader, Steve Murphy, Adi Attar)
Activate memcache option, now that devel/libmemcache is imported.
From NEWS:
- 1.4.6 - 2005-10-09
* fixed compilation on MacOS X and cygwin
* fixed compressed output if caching was disabled (seen in IE and
Opera)
* fixed range-request option
* fixed mysql-vhost module (was broken in 1.4.5)
* fixed false positive in the detection of case-insensitive FS
- 1.4.5 - 2005-10-02
* added all DeltaV methods as known methods
* added buffer-to-disk of request content
* added warning for unused variables in conditionals
* added global index-generators to mod_indexfile
* fixed caching for remote-ip conditionals with keep-alive
* fixed redirects with content
* fixed infinite loop in exec-cmd in mod_ssi
* fixed segfault in config handling for mod_mysql_vhost
* fixed segfault on FIFOs/Sockets
* fixed possible crash on uninit memory if If-Modified-Since was too long
* fixed accounting of mem-chunks
* fixed starving of connections on high load
* fixed crc errors in mod_compress on 64bit platforms
* fixed handling of overlapping fastcgi packets (bug added in 1.4.4)
* fixed logic of conditionals if a header was not set
* fixed a segfault in mod_rewrite if %1 references were used
* fixed handling of empty request URIs in HTTP requests
- 1.4.4 - 2005-09-16
* added support for %V in mod_accesslog
* added a option for a FastCGI responser to send static files
* added md5 and blowfish hashes to htpasswd
* fixed METHOD in mod_accesslog of WebDAV methods
* fixed check for permission before files in sent
* fixed mod-proxy and content for non-POST requests
* fixed compilation of mod_cml on MacOS X
* fixed SSL errmsg after accept()
* fixed memleak in stat-cache
* fixed aborted connections if file was moved while in transfer
* fixed mem-usage for large FastCGI transfers
Patched for pkgsrc pathnames (default location of squid config file),
and for NetBSD; probably needs help for other pkgsrc platforms but not
marked ONLY_ because there's no good reason it can't be made to work.
While not useful to run this w/o squid, the package does not depend on
it because it can be built and installed without it.
The package and binary are named squidpurge because purge seems too
likely to conflict and squid users are more likely to notice it this way.
The purge tool is a kind of magnifying glass into your squid-2 cache.
You can use purge to have a look at what URLs are stored in which file
within your cache. The purge tool can also be used to release objects
which URLs match user specified regular expressions. It can extract
objects matching a regular expression, creating a directory tree
matching the server layout. A more troublesome feature is the ability
to remove files squid does not seem to know about any longer.
o pkgsrc changes: change DIST_SUBDIR to ${PKGNAME_NOREV} only (stop
using time stamp) since squid's patches are provided with revision
if updated.
o official patches:
* 2005-09-28 21:52 (Minor) CNAME adresses remembered with wrong TTL
* 2005-09-28 21:16 (Cosmetic) Defining CACHE_HTTP_PORT does not set
the default http_port
* 2005-09-28 21:07 (Minor) httpd_accel_single_host breaks in combination
with server_persistent_connections
* 2005-09-28 21:07 (Cosmetic) More tracing in test mode of squid_ldap_auth
* 2005-09-28 21:07 (Cosmetic) Document that tcp_outgoing_xxx works badly
in combination with server_persistent_connections
* 2005-09-27 22:29 (Major) Truncated responses when using delay pools
o changes from 2.5.10; most of them are already included in squid 2.5.10nb5
package
Changes to squid-2.5.STABLE11 (22 Sep 2005)
- [Minor] Workaround for servers sending double content-length headers
(Bug #1305)
- [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
- [Cosmetic] Date header corrected on internal objects (icons etc)
(Bug #1275)
- [Minor] squid -k fails in combination with chroot after patch for
bug 1157 (Bug #1307)
- [Cosmetic] Segmentation fault if compiled with
--enable-ipf-transparent but denied access to the NAT device.
(Bug #1313)
- [Minor] httpd_accel_signle_host incompatible with redireection
(Bug #1314)
- [Minor] squid -k reconfigure internal corruption if the type of
a cache_dir is changed (Bug #1308)
- [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
(Bug #1317)
- [Minor] Title in FTP listings somewhat messed up after previous
patch for bug 1220 (Bug #1220)
- [Minor] FTP listings uses "BASE HREF" much more than it needs to,
confusing authentication. (Bug #1204)
- [Minor] winfo_group.pl only looked for the first group if multiple
groups were defined in the same acl. (Bug #1333)
- [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
- [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
- [Cosmetic] The new --with-build-environment=... option doesn't work
- [Cosmetic] New 'mail_program' configuration option in squid.conf
- [Minor] Fails to compile with ip-filter and ARP support on Solaris
x86 (Bug #199)
- [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
- [Medium] assertion failed in StatHist.c:93 (Bug #1325)
- [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
- [Cosmetic] Invalid URLs in error messages when failing to connect
to peer, and a few other inconsistent error messages (Bug #1342)
- [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
(Bug #1344)
- [Minor] Some odd FTP servers respond with 250 where 226 is expected
(Bug #1348)
- [Cosmetic] Greek translation of error messages (Bug #1351)
- [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
- [Minor] squid_ldap_auth -U does not work (Bug #1370)
- [Minor] SNMP cacheClientTable fails on "long" IP addresses
(Bug #1375)
- [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
- [Minor] E-mail sent when cache dies is blocked from many antispam
rules (Bug #1380)
- [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
- [Cosmetic] Incorrect store dir selection debug message on objects
larger than 2Gigabyte (Bug #1343)
- [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
- [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
- [Medium] Clients could bypass delay_pool settings by faking a cache
hit request (Bug #500)
- [Minor] IP-Filter 4.X support (Bug #1378)
- [Medium] Odd results on pipelined CONNECT requests
- [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
when using NTLM authentication.
- [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
authentication (bug #1396)
- [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
(Bug #1394)
- [Cosmetic] New --with-maxfd=N configure option to override build
time filedescriptor limit test
- [Minor] Added support for Windows code name "Longhorn" on Cygwin.
when the base PHP is compiled with openssl extension (e.g. ssl://, tls://
stream support, and couple others). These don't work when SSL support
is loaded via extension.
For this reason, make openssl extension unconditionally built-in
into the main PHP package, and g/c security/php-openssl.
"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the "log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.
Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."
http://secunia.com/advisories/17028/
Patch from FreeBSD PR ports/86833.
BINS 1.1.29
-----------
- A search engine has been added. It only woks on web browser
supporting javascript and DOM. It can be deactivated via the new
searchEngine parameter. It allows search on image description fields
set in the new searchFields parameter. Maximum results returned by the
search engine is set by the searchLimit parameter.
This adds a new dependency on Text::Unaccent.
- Michael Olson's mwolson templates have been added.
- Martin Pohlack's martin templates have been added. These templates are based
upon marc ones, in turn based on joi. Here are the modifications with
marc:
- fixed some bugs in the css
- more layout stuff done in css
- changed colors to grey-levels, which allows the viewer to
concentrate on the important parts, the images (if you don't like
it, you only have to change some lines in the css).
- some layout changes, links (next, prev, ...) have a fixed
position now, so you don't have to move the mouse if you want to
cycle through many images.
- use transparent pngs for the slide background in browser which
support it -> smoother slide corners (round corners are
oversampled, compare the gif and the png)
- Display the content of the jpeg-comment filed below the image
- Fixed a bug when javaScriptPreloadImage was set to 1 : the next image
preloaded was always at maximum size.
Patch from Malcolm Parsons
- Add support for jpegtran with MMX (libjpeg-mmx-progs).
Patch by Ludovic Rousseau
- Fix -f option so it can work with files given with a relative path.
Patch by Ludovic Rousseau
- Default template has been renamed to swigs, has it may not be the
default in the future (it uses tables and don't use CSS).
- A tools directory has been added in the archive, containing the
small BINS related utilities. The new tools add_num_prefix,
remove_num_prefix and bins_addtext have been added. All is documented
on the web site.
- A FAQ has been added.
- BINS now has a page on gna!, see https://gna.org/projects/bins/
BINS 1.1.28
-----------
- Replaced parameter "enlarge" with "whenSrcSmaller" to dictate what to
do if the source image is smaller than the size of the generated
image. Fixed a bug that prevented enlarged image from actually being
generated.
Patch from Alexander Blazej
- Added new linkRelative parameter allow to use relative links if
linkInsteadOfCopy is set to 1.
Patch from Dan McMahill
- Transform functionality now allow perl code. A new dateString
parameter allow to specify the date string to be used (following
date(1)), introducing a dependency on Date::Parse.
Patch from Martin Michlmayr
- Handle buggy EXIF information in DateTimeOriginal.
Patch from Martin Michlmayr
- Fix on deExifyImages option.
Patch from Martin Michlmayr
- Fix encoding problem whith ISO 646 used by Solaris.
Patch from Martin Michlmayr
- Fix bug when source directories is a prefix of the destination one.
Patch from Pizza
- Make JPEG Comments available as image subtext.
Patch from Martin Pohlack
- Catalan translation (ca) has been added.
Thanks to Joan Antoja Sabin
- A CSS bug in marc template has been fixed.
Correction from Martin Pohlack
- The image details page, using the Joi template, now respects use of a
background image.
Fix by Alexander Blazej
- The image details page's "Album Tree" link is fixed.
Fix by Alexander Blazej
- Standardized indentation (4 columns).
Done by Alexander Blazej
- Default value of borderOnThumbnails has been set to 0.
fix crashes with nested framesets
fix dmalloc conflicts
fix crashes with invalid x/html tags
fix memory corruptions
fix attributes with null values
replace tabs with spaces
a lot generic stability fixes
fix accessibility crashes
accessibility missing output added
use id= instead of a name=
fix crashes with mixed php-like code in html
fix memory leaks
xml: was stripped from xml:lang
make sure id and name are identical when used
do not add xml:lang for XHTML 1.1
check validity of id/name values
a lot of new options for finegrained control
support align="char"
fix 64 bit portability issues
fix support for nested <sub> and <sup>
make sure id's are unique
be more resistant against malformed comments
make sure attribute values are lowercase for xhtml specified values
ensure xml declarations are present
allow empty action="" to form
area does not need a mandatory href
This is a bug fix release.
Fixed bugs are follows:
* Fix for a potential buffer overflow vulnerability when loading
a hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Fix a crash in mail when stopping a search and then searching again
* Other stability and security fixes
MFSA 2005-59 Command-line handling on Linux allows shell execution
MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
MFSA 2005-57 IDN heap overrun using soft-hyphens
