- Requested in PR# 29610 by joel (at) carnat.net, thanks for the PR!
> 2005-02-04 Balazs Scheidler <bazsi@bzorp.balabit>
>
> * configure.in: bumped verison number to 0.3.15
>
> 2005-02-01 Balazs Scheidler <bazsi@bzorp.balabit>
>
> * src/werror.c (msg_vformat): fixed signed/unsigned comparison wrt
> the length variable, a stack overflow (not buffer overflow) can be
> caused by a very long format result (werror("%2147483648i", 1)),
> credits go to Thief_hu for reporting it; it is believed not to be
> exploitable as werror format strings do not contain dynamic values
>
> 2004-08-05 Balazs Scheidler <bazsi@bzorp.balabit>
>
> * configure.in: bumped version number to 0.3.14, cleaned up to
> work with autoconf2.50 and automake 1.7
>
> exploitable as werror format strings do not contain dynamic values
>
> 2004-08-05 Balazs Scheidler <bazsi@bzorp.balabit>
>
> * configure.in: bumped version number to 0.3.14, cleaned up to
> work with autoconf2.50 and automake 1.7
>
> * src/objtypes.h: removed colliding macro names to avoid warnings
> on BSD derived systems
>
> 2004-07-04 Balazs Scheidler <bazsi@bzorp.balabit>
>
> * src/io.c (get_inaddr): use in_addr_t for the private definition
> of INADDR_NONE if one is not found.
>
> 2004-05-06 Balazs Scheidler <bazsi@bzorp.balabit>
>
> * added libol.spec.in patch by jpo
>
> 2004-05-04 Balazs Scheidler <bazsi@bzorp.balabit>
>
> * configure.in: use CFLAGS from environment if set
that is, filter them through the command to uncompress them on the fly.
We don't need to add dependencies anymore than we ever needed a dependency
on "uncompress". Crank PKG_REVISION for the feature change.
which have no extutil.h header file, just make them depend on the
xextensions package which provides it.
Bump PKGREVISION for Xrandr and randrext.
Add builtin.mk file for xextensions.
jlam says ok.
Changes since 4.0b2:
- Made sure all the prefs are saved (Bug# 878340)
- Put all the Aqua stuff in one place
- Fix detection of a ,v file in the current directory for RCS
Version 7.13.1 (4 March 2005)
Daniel (4 March 2005)
- Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
the cookie "engine" without having to provide an empty or non-existing file.
- Rene Rebe fixed a -# crash when more data than expected was retrieved.
Daniel (22 February 2005)
- NTLM and ftp-krb4 buffer overflow fixed, as reported here:
http://www.securityfocus.com/archive/1/391042 and the CAN report here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
If these security guys were serious, we'd been notified in advance and we
could've saved a few of you a little surprise, but now we weren't.
Daniel (19 February 2005)
- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
Daniel (18 February 2005)
- Mike Dobbs reported a mingw build failure due to the lack of
BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
configure when mingw is used.
Daniel (17 February 2005)
- David in bug report #1124588 found and fixed a socket leak when libcurl
didn't close the socket properly when returning error due to failing
localbind
Daniel (16 February 2005)
- Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back
a list of types from which it picks NTLM, it needs to either continue
sending its data if it keeps the connection alive, or not send the data but
close the connection. Then do the first step in the NTLM auth. libcurl
didn't send the data nor close the connection but simply read the
response-body and then sent the first negotiation step. Which then failed
miserably of course. The fixed version forces a connection if there is more
than 2000 bytes left to send.
Daniel (14 February 2005)
- The configure script didn't check for ENGINE_load_builtin_engines() so it
was never used.
Daniel (11 February 2005)
- Removed all uses of strftime() since it uses the localised version of the
week day names and month names and servers don't like that.
Daniel (10 February 2005)
- Now the test script disables valgrind-testing when the test suite runs if
libcurl is built shared. Otherwise valgrind only tests the shell that runs
the wrapper-script named 'curl' that is a front-end to curl in this case.
This should also fix the huge amount of reports of false positives when
valgrind has identified leaks in (ba)sh and not in curl and people report
that as curl bugs. Bug report #1116672 is one example.
Also, the valgrind report parser has been adapted to check that at least one
of the sources in a stack strace is one of (lib)curl's source files or
otherwise it will not consider the problem to concern (lib)curl.
- Marty Kuhrt streamlined the VMS build.
Daniel (9 February 2005)
- David Byron fixed his SSL problems, initially mentioned here:
http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
SSL_pending() as we should.
- Converted lots of FTP code to a statemachine, so that the multi interface
doesn't block while communicating commands-responses with an FTP server.
I've added a comment like BLOCKING in the code on all spots I could find
where we still have blocking operations. When we change curl_easy_perform()
to use the multi interface, we'll also be able to simplify the code since
there will only be one "internal interface".
While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the
new CURLE_LOGIN_DENIED. The first one is now access denied to a function,
like changing directory or retrieving a file, while the second means that we
were denied login.
The CVS tag 'before_ftp_statemachine' was set just before this went in, in
case of future need.
- Gisle made the DICT code send CRLF and not just LF as the spec says so.
Daniel (8 February 2005)
- Gisle fixed problems when libcurl runs out of memory, and worked on making
sure the proper error code is returned for those occations.
Daniel (7 February 2005)
- Maruko pointed out a problem with inflate decompressing exactly 64K
contents.
Daniel (5 February 2005)
- Eric Vergnaud found a use of an uninitialised variable in the ftp when doing
PORT on ipv6-enabled hosts.
- David Byron pointed out we could use BUFSIZE to read data (in
lib/transfer.c) instead of using BUFSIZE -1.
eblook-1.6.1, efont-unicode-0.4.2, gftp-2.0.18, nicotine-1.0.8,
p5-Apache-Gallery-0.9.1, p5-Filter-1.30, p5-Mail-ClamAV-0.13,
p5-PostScript-MailLabels-2.10, postgresql-autodoc-1.24, squid-2.5.9,
teapop-0.3.8, tex-musixtex-112, tkdiff-4.0.2, xdx-1.2, xzgv-0.8.
Done by various people over the last months.
pOverview of changes between 1.8.0 and 1.8.1
===========================================
* Fix several problems with conjuct formation in Sinhala [Harshula]
* Fix problems that were causing fonts to be missized and
not print in GtkHTML [Ross Burton]
* Fix compilation with old fontconfig [Vincent Noel] and
old FreeType [Andrew P. Lentvorski, Jr]
* Work around problem with glyphs in monospace fonts being truncated
by Xft [Billy Biggs]
* Misc bug fixes [Damon Chaplin, Matthias Clasen, Kees Cook, Nick Lamb,
Adam Sampson,Manish Singh, Morten Welinder]
* Misc build fixes [Sebastien Bacher, Matthias Clasen, Tor Lillquist]
* Doc improvements [Torsten Schoenfeld, Billy Biggs, Morten Welinder]
Clearlooks is new and modern-looking GTK2+ engine, based on Bluecurve.
It has the looks of various themes blended together, resulting in a
theme that's easy on the eyes and visually pleasing.
The difference with pixmap based themes is that it does not sacrifice
a lot of speed. In fact, it is roughly as fast as Bluecurve.
* Major changes in 1.0.7
** New add-on riece-toolbar. (ueno)
riece-toolbar displays icons on toolbar. Currently not all the
icons are included.
** New add-on riece-keepalive. (ueno)
riece-keepalive spontaneously sends a PING message to server to
keep an IRC connection.
** New add-on riece-google. (bg66)
riece-google searches on Google and sends the result to the channel.
** New add-on riece-eval. (bg66)
riece-eval evaluates elisp expression and sends the result to the channel.
** Some add-ons are enabled by default. (ueno)
riece-log, riece-alias, riece-ctlseq, and riece-keyword are now
enabled by default.
** New command riece-command-suspend-resume. (ueno)
riece-command-suspend-resume saves or restores the current window
configuration.
** Preserve cursor position when clicking button widget. (ueno)
** Decorate modeline indicator with faces. (ueno)
** Count users in NAMES reply. (ueno)
** New user option riece-part-message. (ueno)
** Add-ons located in riece-addon-directory are automatically enabled. (ueno)
** Default value of riece-buffer-dispose-function is now kill-buffer. (ueno)
** Backtrace when encountered an error in process-filter. (ueno)
** Ask channel key to user when it is required. (ueno)
** Automatic buffer shrinking is now disabled by default. (ueno)
** New directory structure for riece-log. (ueno)
** Fixed a bug in user-renamed signal-filter. (kaoru)
** Fixed a bug in riece-command-enable-addon and
riece-command-disable-addon. (yoichi)
* Major changes in 1.0.6
** Bundle url-riece, a backend of url-irc which comes with the recent
GNU Emacs. (Yamato-san)
** New user option riece-url-regexp-alist to allow users to define
mapping from arbitrary strings (such as "Bug#12345") to URL. (This
feature is a backport from Liece) (ueno)
** New modeline indicator which represents user's channel operator
status in the current channel. (ueno, thanks to k-to)
** Remove multiple lines at a time when shrinking channel buffers.
Number of lines to be removed is controlled by
riece-shrink-buffer-remove-lines option. (ueno, thanks to ysjj)
** riece-alias-alist now works again. (ueno)
** Fixed a bug in flow control for sending long messages, introduced
in 1.0.4. (ueno)
** New command riece-submit-bug-report to generate a template for good
problem report. (ueno)
** Accept radical IRC proxy programs which break with tradition of the
original IRC server implementation. (ueno, thanks to k-to san)
** New key bind C-c # <number> to switch channel by number. (ueno,
thanks to ysjj)
** If a prefix-argument is given, riece-yank sends message as a NOTICE. (bg66)
