- Include desktop-file-utils/desktopdb.mk to handle the mime types defined
in the desktop file properly.
- Depend on pkg-config, needed at build time.
- Use xdg-dirs, not gnome2-dirs. The former is enough.
- Sort dependencies.
- Regenerate the PLIST so that it's sorted and to avoid lots of files that
shouldn't be there (handled automatically by mimedb.mk and desktopdb.mk).
- Bump PKGREVISION to 1.
* 2005-03-04 22:48 (Cosmetic Security)
Unexpected access control results on configuration errors
* 2005-03-04 11:55 (Minor)
Links in FTP listings without / fails due to missing BASE HREF
* 2005-03-04 11:55 (Minor)
Fails to parse the EPLF FTP directory format
* 2005-03-03 02:26 (Minor Security)
Race condition related to Set-Cookie header
Version 7.13.1 (4 March 2005)
Daniel (4 March 2005)
- Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
the cookie "engine" without having to provide an empty or non-existing file.
- Rene Rebe fixed a -# crash when more data than expected was retrieved.
Daniel (22 February 2005)
- NTLM and ftp-krb4 buffer overflow fixed, as reported here:
http://www.securityfocus.com/archive/1/391042 and the CAN report here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
If these security guys were serious, we'd been notified in advance and we
could've saved a few of you a little surprise, but now we weren't.
Daniel (19 February 2005)
- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
Daniel (18 February 2005)
- Mike Dobbs reported a mingw build failure due to the lack of
BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
configure when mingw is used.
Daniel (17 February 2005)
- David in bug report #1124588 found and fixed a socket leak when libcurl
didn't close the socket properly when returning error due to failing
localbind
Daniel (16 February 2005)
- Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back
a list of types from which it picks NTLM, it needs to either continue
sending its data if it keeps the connection alive, or not send the data but
close the connection. Then do the first step in the NTLM auth. libcurl
didn't send the data nor close the connection but simply read the
response-body and then sent the first negotiation step. Which then failed
miserably of course. The fixed version forces a connection if there is more
than 2000 bytes left to send.
Daniel (14 February 2005)
- The configure script didn't check for ENGINE_load_builtin_engines() so it
was never used.
Daniel (11 February 2005)
- Removed all uses of strftime() since it uses the localised version of the
week day names and month names and servers don't like that.
Daniel (10 February 2005)
- Now the test script disables valgrind-testing when the test suite runs if
libcurl is built shared. Otherwise valgrind only tests the shell that runs
the wrapper-script named 'curl' that is a front-end to curl in this case.
This should also fix the huge amount of reports of false positives when
valgrind has identified leaks in (ba)sh and not in curl and people report
that as curl bugs. Bug report #1116672 is one example.
Also, the valgrind report parser has been adapted to check that at least one
of the sources in a stack strace is one of (lib)curl's source files or
otherwise it will not consider the problem to concern (lib)curl.
- Marty Kuhrt streamlined the VMS build.
Daniel (9 February 2005)
- David Byron fixed his SSL problems, initially mentioned here:
http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
SSL_pending() as we should.
- Converted lots of FTP code to a statemachine, so that the multi interface
doesn't block while communicating commands-responses with an FTP server.
I've added a comment like BLOCKING in the code on all spots I could find
where we still have blocking operations. When we change curl_easy_perform()
to use the multi interface, we'll also be able to simplify the code since
there will only be one "internal interface".
While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the
new CURLE_LOGIN_DENIED. The first one is now access denied to a function,
like changing directory or retrieving a file, while the second means that we
were denied login.
The CVS tag 'before_ftp_statemachine' was set just before this went in, in
case of future need.
- Gisle made the DICT code send CRLF and not just LF as the spec says so.
Daniel (8 February 2005)
- Gisle fixed problems when libcurl runs out of memory, and worked on making
sure the proper error code is returned for those occations.
Daniel (7 February 2005)
- Maruko pointed out a problem with inflate decompressing exactly 64K
contents.
Daniel (5 February 2005)
- Eric Vergnaud found a use of an uninitialised variable in the ftp when doing
PORT on ipv6-enabled hosts.
- David Byron pointed out we could use BUFSIZE to read data (in
lib/transfer.c) instead of using BUFSIZE -1.
- Whitespace police
- PLIST sorting and fixing
- Fix postgresql support to now extend to 8.0 as noted in PR# 29590 by
jaapb (at) kerguelen.org, thanks for the PR.
> Major changes compared to the Horde version 3.0.3-RC1 are:
> * Added support for clearing user preferences to LDAP driver.
> * Minor bug fixes and improvements.
>
> Major changes compared to the Horde version 3.0.2 are:
> * Improved layout of wrapping menus in Gecko and KHTML based browsers.
> * Fixed some session handler issues.
> * Fixed caching in the Version Control library, used by Chora.
> * Fixed updating of IMAP folder trees when (un)subscribing IMAP folders.
> * Improved performance of DataTree library, used by IMP's message history.
> * Changed log level of logins and logouts.
> * Updated German and Japanese translations.
> * Minor bug and layout fixes.
>
There is no runtime change from 2.5.8nb3.
- Fix for a wrong configure warning on Solaris 9 x86 when enabling ARP
ACl support: The effective host type is i386-pc-solaris2.9.
- Documentation update for squid 2.5.STALBE9.
Previously rc.d/apache was updated to run stop & start for restart.
'/etc/rc.d/apache restart' then picked up startssl if apache was not
running, but if apache was running it has a large chance of the
start running before the stop completes, leaving no httpd running.
Instead, add a restartssl option to apachectl, and use it.
* 2005-02-23 00:11 (Medium) Should not automatically retry request on 403
and other server errors
* 2005-02-21 17:02 (Minor) fqdn lookups with spaces may confuse redirectors
* 2005-02-21 03:38 (Cosmetic) Display FTP URLs in decoded format to allow for
sane display of national characters etc
* 2005-02-21 02:58 (Minor) Peer related memory leaks on "squid -k reconfigure"
* 2005-02-21 01:38 (Cosmetic) Doesn't work specifying the AR variable to
configure
0.19 2005-02-15
- Add support for Apache::RequestRec as header_object by checking
header_object for err_headers_out and headers_out methods.
0.18 2004-06-30
- Made the password & lock_password parameters default to undef.
1.09 Fri Feb 25 17:49:00 EST 2005
- Tables can now be selected by table tag attributes
- lineage() method now returns row and column information, as
well as depth and count, for each ancestor (potential
backwards incompatability, entries are now 4 element arrays
now rather than 2)
- header matching and column retention enhancements
- header retention
- old-style procedures deprecated in prepration for them to
become methods
- various bug fixes
And switched to use gtk2.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
for www/firefox.
- deal with Linux binaries having a different directory structure than
others on the MASTER_SITES.
- undo some brain damage when MOZILLA_USE_LINUX is defined.
1.12 Thu Feb 24 23:38:44 CST 2005
[FIXES]
* Fixed RT #9026: hang in t/local/back.t under Windows XP.
Thanks Andrew Savige. It also should no longer complain
about being unable to clean up a temp file.
1.11_01 Mon Feb 14 00:12:48 CST 2005
[THINGS THAT MAY BREAK YOUR CODE]
* Removed deprecated _parse_html() method.
[FIXES]
* Was incorrectly looking for INPUT tags TYPE="SUBMIT" as images.
Thanks to Abe Timmerman.
[ENHANCEMENTS]
* Calling $mech->set_fields() with no current form now dies.
Thanks to Julien Beasley.
* Fix crash when closing window while filepicker is up [#156816]
* Use gnome_vfs_url_show() for Send To [#162532]
* Set selection mode to BROWSE in topics selector [#162331]
* We don't need to implement nsIBrowserHistory
* Don't focus the close-tab button on click [#119461]
* Don't store more than 5 hidden popups [Adam Hooper, #160863]
* Fix a mem leak [#164302]
* Really make confirm-overwrite dialogue have a parent window [#164189]
* Rename EphyTab's "visible" property to not clash with GtkWidget property
* Default typeaheadfindsea to on [#157435]
* Switch to fullscreen toolbar also in lockdown fullscreen mode [#165256]
* Disable DownloadLinkAs and SetAsBackground if saving to disk is disabled
* Don't crash if we need to open an orphan non-chrome window [part of #165445]
* Some sparse fixes
* Ungrab the pointer when moving tab between notebooks [#165797]
* Don't weak ref the shell when it's finalised already [#165542]
* Don't show the menubar with F10 in lockdown mode [#165550]
* Don't disable print preview if print setup is locked down [#165552]
* Adapt to mozilla API changes
* Implement nsIWebProgressListener [#165328]
* Fix window destruction [#165992]
Wed Feb 23 19:46:01 MET 2005 mikulas:
Correct implementation of non-aggressive cache (i.e. allow more keywords
in Cache-Control
Wed Feb 23 18:36:52 MET 2005 mikulas:
Allow typing only characters valid in current character set into form
fields on web
Wed Feb 23 16:31:56 MET 2005 Serge Winitzki <serge at cosmos dot phy dot tufts dot edu>:
Updated Russian translation
Wed Feb 23 16:25:41 MET 2005 mikulas:
Allow cookies without a value
Mon Feb 14 13:15:00 MET 2005 user:
When server returns cookie values as "deleted", delete it
Tue Feb 1 18:22:11 MET 2005 user:
Fixed non-working find next/previous in view menu
Thu Jan 27 19:09:46 CET 2005 mikulas:
Fixed wrong prototypes causing compilation problem on MacOS X and some
other systems
Thu Jan 27 16:28:35 MET 2005 mikulas:
Fixed configure failure on Solaris
Thu Jan 27 00:23:09 CET 2005 Brain
javascript: set form action
> v3.2 (Dec-29-2004)
> * Some options were missing in apache 1.3x part of the code.
>
> * There was a syntax error in TLS related code. Thanks for many of you
> who pointed it out.
>
> * Don't try to re-initialize TLS. Thanks to Volker for pointing it out.
>
> * if the ldap header files and libaries are no in ldap base directory,
> they can be specified with --with-ldap-includes and
> --with-ldap-libraries respectively.
>
> v 3.3 (Dec-30-2004)
> * some tls code was outside
does. This allows us to use dynamic PLISTs for Perl modules that are
built using Module::Build. Bump the PKGREVISION of p5-Module-Build
to 1.
* Drop the use of PERL5_USES_MODULE_BUILD and introduce a new variable
PERL5_MODULE_TYPE that is either "MakeMaker" or "Module::Build" that
names the framework used to build/install the module.
* Split out the variables set in perl5/buildlink3.mk that are also used
by perl5/module.mk into a new file perl5/vars.mk. Move some PERL5_*
variable definitions from pkgsrc/mk/bsd.pkg.use.mk into perl5/vars.mk.
This just centralizes the common PERL5_* definitions into a single
file location.
* Convert the known packages that use Module::Build to set
PERL5_MODULE_TYPE and PERL5_PACKLIST:
devel/p5-Class-Container
devel/p5-Exception-Class
devel/p5-Log-Dispatch
devel/p5-Array-Compare
textproc/p5-Pod-Coverage
www/p5-Apache-Session-Wrapper
www/p5-MasonX-Request-WithApacheSession
o 1.33 - December 15, 2004
MacOSX docs tweaks [David Wheeler]
fix Makefile.PL to properly skip the test suite if A-T requirements
weren't satisfied [Stas]
require Apache::Test 1.13 to run perl tests (need() was added at that
version) [Stas]
Fix `strEQ' redefined warnings in the perl build [Stas]
Upgrade license to the Apache License Version 2.0. [davidw, joes]
o 1.32
Fix mfd's Content-Type parser to deal with Opera 7.2's extra attributes.
For details see
http://marc.theaimsgroup.com/?l=apreq-dev&m=106606052700407&w=2
Bug first reported by Sven Geisler [joes].
o 1.31 - ongoing
added a proper implementation of the ithreads support. At the same
time it should resolve the problem with perl 5.8.2 under threaded
applications, since it no longer relies on the implicit context and
passes aTHX around. [Stas]
o 1.30 - September 27, 2003
libapreq-1.3 is released.
o 1.25 - August 23, 2003
Michael G. Schwern's "play it safe" patch to c/Makefile.PL
(applied patch submitted by Steve Hay). See
http://marc.theaimsgroup.com/?l=perl5-porters&m=105981649201380&w=2http://marc.theaimsgroup.com/?l=apreq-dev&m=106146287323705&w=2
for details. [joes]
o 1.24 - August 23, 2003
Applied Steve Hay's Request.pm doc patch explaining the tempnam()
dependence for C<Apache::Request::new()>'s TEMP_DIR option. [joes]
o 1.23 - July 10, 2003
Applied Graham Clark's patch to cleanup apache_request.h macros.
Added missing doc credits for Steve Hay in Request.pm. [joes]
o 1.22 - July 5, 2003
Open uploaded files with binary mode (relevant for Perl > 5.7),
so as to be able to get the correct sizes on systems where such
a mode makes a difference. Thanks to Steve Hay for first pointing
out this problem. [randyk]
o 1.21 - June 25, 2003
Fix memory access problem with TEMP_DIR - see
http://marc.theaimsgroup.com/?l=apreq-dev&m=105647058517842&w=2
Thanks to Jay Buffington for the spot. [joes]
=item 1.20 - January 22, 2005
instead of trying to match various custom server name variations (each
vendor seems to replace "Apache" in 'httpd -v' with their own name),
just try to match the "/x.y" in "Foo-Apache-Bar/x.y.z" to figure out
the server generation (rev). [Stas]
extend Apache::TestConfig::which() to search under perl's bin
directory (in the case of local perl install many utils get installed
there, but won't be in PATH). [Stas]
Apache::TestConfig::inherit_load_module handles .dll modules
(previously was only .so) [Stas]
Apache::TestConfig::should_skip_module now works with regex
patterns. [Stas]
=item 1.19 - January 5, 2005
Test for module.c instead of module.so for IfModule in
find_and_load_module [Chia-Liang Kao <chialiang gmail.com>]
Apache-Test/META.yml is excluded from mp2 distro to make PAUSE indexer
happy, but then perl Makefile.PL complains about a missing META.yml,
so autogenerate it if it wasn't in the distro [Stas]
=item 1.18 - December 23, 2004
fix a bug in A-T config generation, when a vhost entry was in
autogenerated httpd.conf (e.g. coming from .pm file) and another from
extra.conf.in. We used to have a ports collision, since extra.conf
wasn't reparsed and the same port was getting assigned to more than
one vhost entry, preventing server startup:
default_ VirtualHost overlap on port 8530, the first has precedence
(98)Address already in use: make_sock: could not bind to address
0.0.0.0:8530 no listening sockets available, shutting down
could be reproduced with t/TEST -conf followed by t/TEST -maxclients 1
in the mp2 test suite (or the new Apache-TestMe test suite, which now
includes a special setup for this bug). [Stas]
new TestConfig wrapper find_and_load_module [Chia-Liang Kao <chialiang
gmail.com>]
add Apache-TestItSelf and Apache-TestMe sub-projects. [Stas]
add various straps to aid the new Apache-TestItSelf sub-project, which
is used to test A-T config options [Stas]
avoid entering endless loops when interactive config is used, by
restarting the test suite with an explicit selected arguments for
-httpd (and optionally -apxs) [Stas]
META.yml is now locally maintained. we need to tell PAUSE indexer not
to try to index HTTP::Request::Common and warnings packages, which
happen to be used by A-T [Stas]
=item 1.17 - December 11, 2004
Apache::TestHandler: need to load Apache::RequestIO for mp2 for puts()
to work [Stas]
new Apache::TestConfig wrapper untaint_path() [Randy Kobes]
fix the config thaw() functionality (when top_dir wasn't in @INC the
saved config won't be loaded and tests will blow) [Stas]
new wrapper Apache::TestRequest::module2url to simplify handling of
vhosts in the client. ["Christopher H. Laco" <apache-test
chrislaco.com>]
resolve -T taint issues: [Stas]
- untaint $cmd in Apache::TestConfig::open_cmd
- fix the tainting of @INC (by untaintinig top_dir variable)
require Cwd 2.06 or higher (to solve File::Spec::rel2abs problems
under -T). Enforce the modules version requirements for those who
aren't running under CPAN/CPANPLUS shell) [Stas]
Apache::TestTrace: don't export by default the 'todo' utility's symbol
since it collides with Test::More [Stas]
Tweak the handling of mp2 source build case in
Apache::TestConfig::httpd_config(), apparently mp2 source build
doesn't always know where httpd/apxs are, so we need to give a better
error message in this particular case. [Stas]
Add cookie jar tests ["Christopher H. Laco" <apache-test
chrislaco.com>]
Don't run interactive prompts when STDIN is closed [Stas]
Add LockFile directive in the autogenerated httpd.conf, which points
to t/logs, to handle the case where LockFile is hardcoded at compile
time to some other directory on the system. [Stas]
