to version 2.0.58. Change since Apache relase 2.0.55:
- Legal: Restored original years in copyright notices.
- mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. Apache#36410.
- core: Prevent read of unitialized memory in ap_rgetline_core.
Apache#39282.
- mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. Apache#11971.
- mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix.
- HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>.
- SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
Apache#37791.
- SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
- Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'.
- Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
- Default handler: Don't return output filter apr_status_t values.
Apache#31759.
- mod_speling: Stop crashing with certain non-file requests.
- keep the Content-Length header for a HEAD with no response body.
Apache#18757
- Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
- Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. Apache#38070.
- mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. Apache#27787.
- mod_cache: Correctly handle responses with a 301 status. Apache#37347.
- mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. Apache#37145.
- Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
- mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. Apache#34452.
- Document the ReceiveBufferSize change done in r157583.
- mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. Apache#37559.
- mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL.
- mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows.
- Write message to error log if AuthGroupFile cannot be opened.
Apache#37566.
- Add ReceiveBufferSize directive to control the TCP receive buffer.
- mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125.
- Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header.
- http_request.c: Add missing va_end call.
- Add httxt2dbm to support/ for creating RewriteMap DBM Files.
- support/check_forensic: Fix temp file usage
- Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets.
- mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
Apache#15242
- Added new module mod_version, which provides version dependent
configuration containers.
- Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
are custom paper sizes, n-up printing selections, page borders, jpeg
and png previewing, job control options, and extended option types
to support foomatic and fax4CUPS.
A repeatable SEGV is fixed (patch also sent to xpp maintainer).
Closes PR pkg/32930
Reviewed by <bouyer>
Some of the key changes include:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare()
function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
* Fixed a number of crashes in the DOM, SOAP and PDO extensions.
* Upgraded bundled PCRE library to version 6.6
* The use of the var keyword to declare properties no longer raises
a deprecation E_STRICT.
* FastCGI interface was completely reimplemented.
* Multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions.
* Over 120 various bug fixes.
See release annoucement on:
http://www.php.net/release_5_1_3.php
And ChangeLog:
http://www.php.net/ChangeLog-5.php#5.1.3
Changes:
- USB tablet support (Brad Campbell, Anthony Liguori)
- win32 host serial support (Kazu)
- PC speaker support (Joachim Henke)
- IDE LBA48 support (Jens Axboe)
- SSE3 support
- Solaris port (Ben Taylor)
- Preliminary SH4 target (Samuel Tardieu)
- VNC server (Anthony Liguori)
- slirp fixes (Ed Swierk et al.)
- USB fixes
- ARM Versatile Platform Baseboard emulation (Paul Brook)
This way, missing language dependencies will be caught at build time.
(Tested without problems on several C++ packages by unsetting LANGUAGES in
them. I don't have a machine fast enough to bulk build, but I shall be
watching the next round on pkgsrc-bulk to fix what I may not know about
right now.)
Changelog:
* Update FSF addresses.
* caff: tweak documentation.
* caff: note that mailed keys are encrypted (suggested by Sune Vuorela).
* caff: You can now specify additional arguments to pass to the
send method of Mail::Mailer. This allows you to send mails via
SMTP and use authentication for instance. Thanks to Martin von Gagern.
* gpg-key2ps, keylookup: make them less dependent on specific
installation paths and thus better portable outside of Debian
(Closes: #354142).
in declarations when compiling C++ code. Patch the perl.h and XSUB.h
headers to avoid using this attribute if using GCC<3.4 and building
C++ modules. This fixes PR pkg/33403 by OBATA Akio.
Bump PKGREVISION to 2.
Remove use of internal png library function, to make this package
build against the current png package.
From the povray.general newsgroup:
Well - you could remove that call but will probably loose ability to
interrupt/continue render with PNG output.
* Implemented bit depth reduction for palette images.
* Upgraded libpng to version 1.2.10-optipng [private]
* Improved the BMP support.
* Added a Unix man page.
* Allowed abbreviation of command-line options.
* Changed user option -log to accept a file name as an argument.
* Changed user option -no to -simulate.
* Fixed an error in handling .bak files on Unix.
* Fixed a small typo in the help screen.
* Added the GUIDE and THANKS documents.
* Converted some text document files to HTML.
RELEASE 3.6.5-STABLE
MAINT: PgSQL SQL tuning
MAINT: WebUI aesthetic and functional fixes
MAINT: Added --disable-syslog and --with-logfile= configuration flags
MAINT: Added -t flag for dspam_stats to total stats
MAINT: Markov result used as X-DSPAM-Confidence when Markov used
MAINT: Support for separate read/write servers to be used with mysql_drv
BUGFIX: Spam are quarantined when --deliver=summary
BUGFIX: Admin graphs malformatted when subject contains newline character
BUGFIX: WebUI does not use MAX_COL_LEN
BUGFIX: Output for dspam_admin aggr pref incorrect
BUGFIX: Flat-file preference writes fail on some systems
BUGFIX: Failure to connect to ClamAV causes segmentation fault
BUGFIX: NULL username in system causes segmentation fault
BUGFIX: ClamAV processing and cleanup issues
BUGFIX: Fragment files overwritten on retrain
BUGFIX: Miscellaneous invalid read / segmentation fault bugs
BUGFIX: If TrainingMode not specified in dspam.conf or passed in, segmentation fault
BUGFIX: No output returned when using --deliver=summary with dspamc
RELEASE 3.6.4-STABLE
DOC: Documented user preferences in README
MAINT: Added dspam_train tool, replacing most functions of dspam_corpus
MAINT: Code cleanup and performance improvements
MAINT: Significant improvements in accuracy, specifically reduced false pos.
MAINT: Removed experimental neural collaboration functions
MAINT: Added ClassAlias configuration directive to dspam.conf
MAINT: Added undo option for retraining via WebUI
MAINT: Added storeFragments support to WebUI
MAINT: Added mass-retraining support to WebUI
BUGFIX: DSPAM segfaults when invalid UID specified using UIDInSignature
BUGFIX: No output when using --classify with --client
BUGFIX: dspam_corpus overrides default dspam.conf settings
BUGFIX: Multi-driver builds fail when preferences-extension is not supported
* Remove deprecated WITH_DVDCSS option, it's not used anymore.
* Depend on SDL_image and libxml2 to build missing modules that are
enabled by default.
Bump PKGREVISION (BTW this package now works perfectly on NetBSD, thanks
drochner!).
