GPM (which we do not support) and its lovely signal handler.
See my comment in main.c for more information. This fixes the extremely
annoying behavior I've been noticing on NetBSD-current where links seems to
send a SIGSTP to any jobs attempting to use its terminal after it received
a SIGSTP.
Bump rev.
Security fixes in this version:
MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.10/releasenotes/
that just because the OS is Darwin we don't want aliases.
This adds an options.mk so that if users want to they can install the
aliases on Darwin.
No change in the defaults
Fix install permissions to silence checkperms
In brief:
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host Manager. Reported by Daiki Fukumori. (markt)
Fix NPE when a ResourceLink in context.xml tries to override an env-entry in web.xml. (markt)
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples. Reported by Toshiharu Sugiyama. (markt)
Add some additional mime-type mappings. (markt)
Ensure JARs in webapps are scanned for TLDs when the Tomcat installation path contains spaces. (markt)
Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
For all the details see:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
v3.1.5
------
[cjh] Fix identity javascript when some fields are disabled
(veikko@immonen@otaverkko.fi, Bug 5595).
[cjh] Disable the Turkish locale if using PHP 5 (see
http://bugs.php.net/bug.php?id=35050).
[jan] Improved webroot detection (Request 4126).
[jan] Fix selecting the language on the login screen (Bug 5098).
[jan] Fix searching for single quotes in email headers (qa@cpanel.net, Bug
4854).
[jan] Fix portal layouts with more than one horizontally expanded block per
row.
Full changelog from 2.22 is too long to list here,
so only latest changes.
2.28 Mon 2005-08-08
- Updating date-picker man page to document -Label option required.
- Added code to make sure that javascript attributes get output on the span
code when displaying a read-only text element.
- Make sure the -onload/-onunload/-onbeforeunload code gets processed even
for a read-only form item.
- Updated the POD documentation to group select and radio -Type options
together for generate().
- Added setBodyAttribute() so you can define a custom attribute that doesn't
have a helper method and have it apply to the <body> tag. The attribute
must be a known html attribute to be applied.
- Used formProtect() to make sure that the input fields do not lose any
special user input like, ", &, etc.
- Added javascriptReadOnly to allow a read-only form to allow/disallow
javascript from being generated.
- Improved read-only output of hidden tags that have an array of values.
- Added qw() function to the form_methods.js file to make creating an array
from a space seperated string much easier, ala perl.
- Removed the -WidgetOptions hash and made what used to be the contents of
that hash be - (dash) prefixed. Internally, those arguments will be
converted back to the name that the Widgets method is expecting. Sorry
if this causes any problems. :)
- Tacked any onchange code for a calculator widget to my onchange code.
- formEncode()/formEncodeString() now can handle multiple sequences that you
want to ignore.
- Fixed datePicker validation code. Closes bug #1285443.
- calcDatePrev/Next now calls the onchange code if the date form field has
one defined. Closes bug #1286269.
=== RELEASE 2.1pre31 ===
Sat Oct 27 02:52:07 CEST 2007 mikulas:
Some newer Linuxes unfortunatelly do not send SIGCONT when running
process is brougt to foreground with 'fg' command. So implement 0.5s
polling to test if we're on foreground.
Wed Oct 24 03:41:19 MET 2007 mikulas:
Do not request compression for files with .Z, .gz or .bz2 suffix
--- some servers will compress them again
Wed Oct 24 03:16:43 MET 2007 mikulas:
Support HTTP/0.9 (without header)
Mon Oct 22 18:35:16 MET 2007 mikulas:
In case of non-restartable connection, proceed with the connection
even if the server is on blacklist
Mon Oct 22 02:00:13 MET 2007 mikulas:
An option to disallow non-proxy connections (for anonymization via tor
or similar services)
Sat Oct 20 22:08:02 MET 2007 mikulas:
Turn off compression if the server closes the connection prematurely
Some servers errorneously send the size of uncompressed data
Sat Oct 13 18:19:45 MET 2007 mikulas:
An option to disable compression. Disable compression automatically for
a given server if links receives errorneous compressed data
Mon Sep 17 03:59:33 CEST 2007 mikulas:
Break ansi aliasing on ICC 10 with -ipo
Empty function call was not enough to break it
Fri Sep 7 00:00:29 MET 2007 mikulas:
When the connection dies after the last received byte, do not send
"Range:" header in retry request --- servers don't like "Range" pointing
after the last byte
occupied when otherwise nothing would appear to be happening.
It aims to require that the recipient client have a minimum of
JavaScript 1.0, HTML 4.0, ancd CSS/1, but this has yet to be tested.
Fixes a number of regressions introduced in 2.0.0.8:
* Bug 400406 - Firefox will ignore the clear CSS property when used beneath a
box that is using the float property. There is a temporary workaround JS/CSS
code available for web developers with affected layouts.
* Bug 400467 - Windows Vista users will get Java not found or Java not working
errors when trying to load Java applets after updating. To fix this, users
can right-click the Firefox icon and Run as administrator, then browse to a
page with a Java applet doing this once will fix the problem and permanently
restore Java functionality.
* Bug 396695 - Add-ons are disabled after updating. Users can fix this problem
by opening their profile folder and removing three files (extensions.rdf,
extensions.ini and extensions.cache)
* Bug 400421 - Removing a single area element from an image map will cause the
entire map to disappear. There is no workaround available at this time.
* Bug 400735 - Some Windows users may experience crashes at startup. There is
no workaround available at this time.
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.9/releasenotes/
Version 7.17.1 (29 October 2007)
Dan F (25 October 2007)
- Added the --static-libs option to curl-config
Daniel S (25 October 2007)
- Made libcurl built with NSS possible to ignore the peer verification.
Previously it would fail if the ca bundle wasn't present, even if the code
ignored the verification results.
Patrick M (25 October 2007)
- Fixed test server to allow null bytes in binary posts.
_ Added tests 35, 544 & 545 to check binary data posts, both static (in place)
and dynamic (copied).
Daniel S (25 October 2007)
- Michal Marek fixed the test script to be able to use valgrind even when the
lib is built shared with libtool.
- Fixed a few memory leaks when the same easy handle is re-used to request
URLs with different protocols. FTP and TFTP related leaks. Caught thanks to
Dan F's new test cases.
Dan F (24 October 2007)
- Fixed the test FTP and TFTP servers to support the >10000 test number
notation
- Added test cases 2000 through 2003 which test multiple protocols using the
same easy handle
- Fixed the filecheck: make target to work outside the source tree
Daniel S (24 October 2007)
- Vladimir Lazarenko pointed out that we should do some 'mt' magic when
building with VC8 to get the "manifest" embedded to make fine stand-alone
binaries. The maketgz and the src/Makefile.vc6 files were adjusted
accordingly.
Daniel S (23 October 2007)
- Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
that libcurl tried to re-use connections a bit too much when using non-SSL
protocols tunneled over a HTTP proxy.
Daniel S (22 October 2007)
- Michal Marek forwarded the bug report
https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
FTP that caused memory havoc. His work together with my efforts created two
fixes:
#1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
at connection cleanup, at which time the struct HandleData could be
used by another connection.
Also, the unused char *urlpath member is removed from struct FTP.
#2 - provide a Curl_reset_reqproto() function that frees
data->reqdata.proto.* on connection setup if needed (that is if the
SessionHandle was used by a different connection).
A long-term goal is of course to somehow get rid of how the reqdata struct
is used, as it is too error-prone.
- Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
that specifying a proxy with a trailing slash didn't work (unless it also
contained a port number).
Patrick M (15 October 2007)
- Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again
and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode.
Patrick M (12 October 2007)
- Added per-protocol callback static tables, replacing callback ptr storage
in the connectdata structure by a single handler table ptr.
Dan F (11 October 2007)
- Fixed the -l option of runtests.pl
- Added support for skipping tests based on key words.
Daniel S (9 October 2007)
- Michal Marek removed the no longer existing return codes from the curl.1
man page.
Daniel S (7 October 2007)
- Known bug #47, which confused libcurl if doing NTLM auth over a proxy with
a response that was larger than 16KB is now improved slightly so that now
the restriction at 16KB is for the headers only and it should be a rare
situation where the response-headers exceed 16KB. Thus, I consider #47 fixed
and the header limitation is now known as known bug #48.
Daniel S (5 October 2007)
- Michael Wallner made the CULROPT_COOKIELIST option support a new magic
string: "FLUSH". Using that will cause libcurl to flush its cookies to the
CURLOPT_COOKIEJAR file.
- The new file docs/libcurl/ABI describes how we view ABI breakages, soname
bumps and what the version number's significance to all that is.
Daniel S (4 October 2007)
- I enabled test 1009 and made the --local-port use a wide range to reduce the
risk of failures.
- Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
This happened because the tftp code always uncondionally did a bind()
without caring if one already had been done and then it failed. I wrote a
test case (1009) to verify this, but it is a bit error-prone since it will
have to pick a fixed local port number and since the tests are run on so
many different hosts in different situations I'll add it in disabled state.
Yang Tse (3 October 2007)
- Fixed issue related with the use of ares_timeout() result.
Daniel S (3 October 2007)
- Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
CURLOPT_OPENSOCKETDATA to set a callback that allows an application to
replace the socket() call used by libcurl. It basically allows the app to
change address, protocol or whatever of the socket.
- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made
this return code get used by the previous SSH MD5 fingerprint check in case
it fails.
- Based on a patch brought by Johnny Luong, libcurl now offers
CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both
make the SCP or SFTP connection verify the remote host's md5 checksum of the
public key before doing a connect, to reduce the risk of a man-in-the-middle
attack.
Daniel S (2 October 2007)
- libcurl now handles chunked-encoded CONNECT responses
Daniel S (1 October 2007)
- Alex Fishman reported a curl_easy_escape() problem that was made the
function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
signed / unsigned mistake in the code. I fixed it and added test case 543 to
verify.
Daniel S (29 September 2007)
- Immanuel Gregoire fixed a problem with persistent transfers over SFTP.
Daniel S (28 September 2007)
- Adapted the c-ares code to the API change c-ares 1.5.0 brings in the
notifier callback(s).
Dan F (26 September 2007)
- Enabled a few more gcc warnings with --enable-debug. Renamed a few
variables to avoid shadowing global declarations.
Daniel S (26 September 2007)
- Philip Langdale provided the new CURLOPT_POST301 option for
curl_easy_setopt() that alters how libcurl functions when following
redirects. It makes libcurl obey the RFC2616 when a 301 response is received
after a non-GET request is made. Default libcurl behaviour is to change
method to GET in the subsequent request (like it does for response code 302
- because that's what many/most browsers do), but with this CURLOPT_POST301
option enabled it will do what the spec says and do the next request using
the same method again. I.e keep POST after 301.
The curl tool got this option as --post301
Test case 1011 and 1012 were added to verify.
- Max Katsev reported that when doing a libcurl FTP request with
CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE
before it does SIZE which makes it less useful. I walked over the code and
made it do this properly, and added test case 542 to verify it.
Daniel S (24 September 2007)
- Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle
URLs ending with a slash properly (it should list the contents of that
directory). Test case 351 brought back and also test 1010 was added.
Daniel S (21 September 2007)
- Mark Davies fixed Negotiate authentication over proxy, and also introduced
the --proxy-negotiate command line option to allow a user to explicitly
select it.
Daniel S (19 September 2007)
- Rob Crittenden provided an NSS update with the following highlights:
o It looks for the NSS database first in the environment variable SSL_DIR,
then in /etc/pki/nssdb, then it initializes with no database if neither of
those exist.
o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
loaded, including the ca-bundle. If it is not available then only
certificates already in the NSS database are used.
o Tries to detect whether a file or nickname is being passed in so the right
thing is done
o Added a bit of code to make the output more like the OpenSSL module,
including displaying the certificate information when connecting in
verbose mode
o Improved handling of certificate errors (expired, untrusted, etc)
The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.
Daniel S (18 September 2007)
- Immanuel Gregoire pointed out that public key SSH auth failed if no
public/private key was specified and there was no HOME environment variable,
and then it didn't continue to try the other auth methods. Now it will
instead try to get the files id_dsa.pub and id_dsa from the current
directory if none of the two conditions were met.
Dan F (17 September 2007)
- Added hooks to the test suite to make it possible to test a curl running
on a remote host.
- Changed some FTP tests to validate the format of the PORT and EPRT commands
sent by curl, if not the addresses themselves.
Daniel S (15 September 2007)
- Michal Marek made libcurl automatically append ";type=<a|i>" when using HTTP
proxies for FTP urls.
- Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3
support on Windows.
Dan F (13 September 2007)
- Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and
fixed some AC_SUBST configure entries.
