1.08 Fri Oct 22 09:39 BST 2010
- Updated to work with Perl versions 5.11.0 up to 5.13.0,
including particularly the major change in when rv2cv ops get
built in 5.11.2
This module is a helper for installing, reading and finding configuration
file locations. It's intended to work in every supported Perl5 environment
and will always try to Do The Right Thing(tm).
File::ConfigDir is a module to help out when perl modules (especially
applications) need to read and store configuration files from more than one
location. Writing user configuration is easy thanks to File::HomeDir, but
what when the system administrator needs to place some global configuration
or there will be system related configuration (in /etc on UNIX(tm) or
$ENV{windir} on Windows(tm)) and some network configuration in nfs mapped
/etc/p5-app or $ENV{ALLUSERSPROFILE} . "\\Application Data\\p5-app",
respectively.
File::ConfigDir has no "do what I mean" mode - it's entirely up to the user
to pick the right directory for each particular application.
Changelog:
2010-09-20 Andrew McMillan <andrew@morphoss.com>
* [AWLDbDialect] Quote hex numbers as strings.
2010-09-11 Andrew McMillan <andrew@morphoss.com>
* [iCalendar/vComponent/vEvent] UTF8 mode for RFC5545 wrap regexes
2010-09-10 Andrew McMillan <andrew@morphoss.com>
* [AWLUtilities] Undeclared globals in force_utf8.
* [iCalendar,vEvent,vComponent] Fix the line wrapping in V* components.
2010-08-30 Andrew McMillan <andrew@morphoss.com>
* [vComponent] Add a function to return a single property.
2010-08-28 Andrew McMillan <andrew@morphoss.com>
* [vComponent] Various changes in use with VCard.
- Enforce upercase property names.
- Invert array sense for MaskComponents / MaskProperties to match
the way it is with the GetProperties, GetComponents.
2010-08-26 Andrew McMillan <andrew@morphoss.com>
* Add some basic filter processing for addressbook-query usage.
* Wrap password logging in logs behind $c->dbg['password'] = 1;
2010-06-23 Andrew McMillan <andrew@morphoss.com>
* [XMLDocument] Add helper for CardDAVElement.
2010-06-17 Andrew McMillan <andrew@morphoss.com>
* [Session] Try and clarify the lost password text a little better.
* Don't send multipart/form-data if the form is GET.
2010-05-28 Andrew McMillan <debian@mcmillan.net.nz>
* [AwlQuery] Fixing backward compatibility with PgQuery.
* [AwlQuery] Fix handling of queries with no parameters.
2010-05-27 Andrew McMillan <andrew@morphoss.com>
* [iCalendar] Apply correct wrapping for RFC5545.
* [iCalendar] Don't add a trailling space when wrapping for RFC5545.
2010-05-19 Andrew McMillan <andrew@morphoss.com>
* [vComponent] Generic base class for handling VCALENDAR, VCARD, etc.
* Expose transaction state at query level.
* No need to return anything from the schema update.
2010-05-09 Andrew McMillan <andrew@morphoss.com>
* [Translation] If gettext is not installed, fall back to English.
2010-05-08 Andrew McMillan <andrew@morphoss.com>
* Add Australia to the list of possible TZ continents.
2010-04-28 Andrew McMillan <andrew@morphoss.com>
* [AwlQuery] Handle setting an alternative connection somewhat better.
* [Session] _CheckLogin needs to access $c for external authentication.
* Allow for multiple records to have somehow got into the DB.
* Better parameter escaping, including escaping ? for older PHP::PDO.
2010-04-20 Andrew McMillan <andrew@morphoss.com>
* Replace deprecated split() calls.
2010-04-17 Andrew McMillan <andrew@morphoss.com>
* Release 0.43
2010-04-15 Andrew McMillan <andrew@morphoss.com>
* [iCalendar] Add and use a new olson_from_tzstring() function.
2010-04-14 Andrew McMillan <andrew@morphoss.com>
* We can close this bug now, since it was fixed a wee while ago.
* [AwlQuery] Warn if named parameters are passed in incorrectly.
* Fix strange alternate reality definition of aparche_read_header.
2010-04-12 Andrew McMillan <andrew@morphoss.com>
* Preparing to release 0.43
* The new database libraries should be with the library code.
Especially since they're being used for more than just DAViCal now.
karora@dave:~/projects/awl$ gitlog-to-changelog --since=2010-04-13
2010-09-11 Andrew McMillan <andrew@morphoss.com>
* [vComponent] Tweak wrapping one last time.
* [iCalendar/vComponent/vEvent] UTF8 mode for RFC5545 wrap regexes
The regexes used for wrapping to 72 characters in line with
RFC5545 wrapping rules need to be UTF8 aware, otherwise they
will break lines in the middle of UTF8 sequences and we get
to fail to put both broken parts into the database.
2010-09-10 Andrew McMillan <andrew@morphoss.com>
* [AWLUtilities] Undeclared globals in force_utf8.
* Ignore Eclipse droppings.
* [iCalendar,vEvent,vComponent] Fix the line wrapping in V* components.
The wordwrap was not being done in a repeatably reversible manner
due to a misguided effort to make it more readable. This gives up
on readability in favour of reversability.
2010-09-02 Andrew McMillan <andrew@morphoss.com>
* [vComponent] Revert that last change.
2010-08-30 Andrew McMillan <andrew@morphoss.com>
* [vComponent] Add a function to return a single property.
* Slightly better TZname to Olson matching.
2010-08-28 Andrew McMillan <andrew@morphoss.com>
* [vComponent] Various changes in use with VCard.
- Enforce upercase property names.
- Invert array sense for MaskComponents / MaskProperties to match
the way it is with the GetProperties, GetComponents.
- Generally improve the consistency.
2010-08-26 Andrew McMillan <andrew@morphoss.com>
* Add some basic filter processing for addressbook-query usage.
* Wrap password logging in logs behind $c->dbg['password'] = 1;
2010-06-23 Andrew McMillan <andrew@morphoss.com>
* [XMLDocument] Add helper for CardDAVElement.
2010-06-17 Andrew McMillan <andrew@morphoss.com>
* [Session] Try and clarify the lost password text a little better.
* Don't send multipart/form-data if the form is GET.
2010-05-28 Andrew McMillan <debian@mcmillan.net.nz>
* [AwlQuery] Fixing backward compatibility with PgQuery.
* [AwlQuery] Fix handling of queries with no parameters.
2010-05-27 Andrew McMillan <andrew@morphoss.com>
* [iCalendar] Apply correct wrapping for RFC5545.
* [iCalendar] Don't add a trailling space when wrapping for RFC5545.
2010-05-19 Andrew McMillan <andrew@morphoss.com>
* [vComponent] Generic base class for handling VCALENDAR, VCARD, etc.
* Expose transaction state at query level.
* No need to return anything from the schema update.
2010-05-09 Andrew McMillan <andrew@morphoss.com>
* [Translation] If gettext is not installed, fall back to English.
2010-05-08 Andrew McMillan <andrew@morphoss.com>
* Add Australia to the list of possible TZ continents.
2010-04-28 Andrew McMillan <andrew@morphoss.com>
* [AwlQuery] Handle setting an alternative connection somewhat better.
* [Session] _CheckLogin needs to access $c for external authentication.
* Allow for multiple records to have somehow got into the DB.
* Better parameter escaping, including escaping ? for older PHP::PDO.
2010-04-20 Andrew McMillan <andrew@morphoss.com>
* Replace deprecated split() calls.
* When processing DartMeasurements use the tests working directory.
* ExternalProject: No svn --username if empty.
* Avoid problem reading jni.h on Macs.
* Fixed appending PATH to dumpbin tool from growing without bounds.
* Switch to CMAKE_PATH when doing PATH comparisons on Windows.
* Remove unecessary TO_CMAKE_PATH for gp_cmd_dir.
* Append the gp_tool path to the system PATH using native slashes.
* Fixes to GetPrerequisites for cygwin.
* CPackDeb Added several optional debian binary package fields.
* ENH: Added case for Python 2.7.
* Fixed parallel build for generators with EXTRA.
#define _XOPEN_SOURCE 600 in glib/tests/strfuncs.c and include the required
header to define the major() & minor() macros in gio/gdbusmessage.c
upstream bug https://bugzilla.gnome.org/show_bug.cgi?id=633390
(macro changes, need to recompile package using it)
Bump BUILDLINK_ABI_DEPENDS and bump PKGREVISION of two packages using it
(other packages depending on Ruby/GLib2 are part of Ruby/Gnome2 and
already depending on the version).
Changes
- The database scheme was changed; please execute 'mtn db migrate'
on all your local and remote databases.
- Normal and automate sync, push, and pull now take a
--dry-run option; no data is transferred, but the connection
is made and a summary of what would be transferred is
output.
- The changelog editor format was simplified; user entered text
is back at the top of file and the instructions have been reduced.
The edited text is saved now even if a commit is canceled.
- Selectors are much more powerful now and selector functions to
calculate common sets of revisions have been introduced.
The characters '(', ')', and ';' need to be quoted if mean literally
(just like '/') because of this. See section 3.2 in the documentation
for details.
(fixes monotone bug #18302).
- The SERVER [BRANCH] call syntax for network-related commands
has been deprecated in favour of the existing, universal
URI syntax. Additionally, file:// and ssh:// URIs are now
parsed for include and exclude patterns just as the native
mtn:// URIs.
The possibility to specify include patterns by using
'include=' and exclude patterns by using 'exclude='
in the query string has been removed. Patterns are separated
by ';' and will be treated as include patterns unless prefixed
with '-'. Where you could previously specify
'mtn://host/?include=foo,exclude=bar', you would now give
'mtn://host/?foo;-bar' instead.
The URI parser was made a bit more standards compliant and
treats the scheme and host in a case insensitive manner.
The path and query parts are now automatically URL-decoded.
We deviate from RFC 3986 however by recognizing the authority
part in scheme-less URLs, where the standard would force us
to recognize a path instead. For example, for the URL
'code.monotone.ca/monotone'
we'd normally parse 'code.monotone.ca/monotone' as path, but our
implementation parses 'code.monotone.ca' as authority and
'/monotone' as path, so you are not forced to type 'mtn://' on
command line, just as you are not forced to type 'http://' in
your browser. Monotone's native scheme / protocol 'mtn' is by
the way set as default in cases like this.
The format for the server part of the 'default-server',
'known-server', 'server-include' and 'server-exclude'
database variables has been changed and now always includes
the complete (normalized) URI resource, consisting of the
used protocol, user, host, port and path parts. Older entries
in existing databases which do not match the new format are
preserved and not changed by monotone.
Please check the manual section 5.3 for more details on the
URI syntax.
- Naturally, the 'clone' command now also accepts mtn:// URIs,
though the use of branch globs is forbidden unless a branch is
specified separately with the new --branch option.
To avoid confusion with an existing workspace, clone no longer
looks for and loads the options of such a workspace, therefor
it now also falls back to the configured default database and
no longer to the database used in the workspace if no explicit
database is given.
- Server defaults for netsync operations are now only saved if
the exchange was successful. The progress messages which have
been issued for this previously have been removed, since they
would come up now unexpectedly and would clutter the output of
commands such as 'clone', 'automate remote' and
'automate remote_stdio'.
- The following characters have been deprecated in branch names
?,;*%+{}[]!^
as they denote either meta characters in monotone's URI syntax
or are used in globs to resolve branch patterns.
Furthermore, branch names should no longer start with a dash
(-), since this character is used to denote an exclude pattern
in the aforementioned URI syntax.
monotone warns on the creation of branches which violate these
restrictions and gives further directions.
- The 'cert' command can now operate on multiple revisions at once.
- The command 'db kill_rev_locally' has been renamed to
'local kill_revision', and 'db kill_tag_locally' and
'db kill_branch_certs_locally' have been replaced with a more
flexible command 'local kill_certs'.
- The 'import' command now keeps the created bookkeeping root if
--dry-run is not specified. This makes it possible to re-use
the import directory as workspace and is also more closely
to what our documentation states, when it says that import
is basically "setup with a twist".
- On Win32 native, the option '--no-format-dates' which disables
the localized date format, is now the default for 'commit', since
dates are not parseable on Win32 native.
- The automate commands sync, push, and pull now output information
about each transferred revision, cert and key, in basic_io format.
- monotone no longer passes syntactically correct, but non-existent
revision ids through the selector machinery. The most visible
place for this change is 'automate select', which no longer
echoes every possible 40 hex-byte string.
- The 'automate genkey' command has been renamed to
'automate generate_key'
New features
- Options can now be overridden; you can specify '--no-unknown
--unknown' on the command line and effectively get back the original
state in the application. Similarly, you can specify '--no-unknown'
in the 'get_default_command_options' hook and then override that
with '--unknown' on the command line.
- New global options:
--no-ignore-suspend-certs undo previous --ignore-suspend-certs
--use-default-key undo previous --key
--allow-default-confdir undo previous --no-default-confdir
--allow-workspace undo previous --no-workspace
--interactive undo previous --non-interactive
--no-standard-rcfiles replaces --norc
--standard-rcfiles undo previous --no-standard-rcfiles
--no-builtin-rcfile replaces --nostd
--builtin-rcfile undo previous --no-builtin-rcfile
--clear-rcfiles undo previous --rcfile
--verbose [-v] increase verbosity (opposite of --quiet)
- Global options now hidden:
--roster-cache-performance-log
- New command options:
add
--no-recursive undo previous --recursive
--respect-ignore undo previous --no-respect-ignore
--no-unknown undo previous --unknown
bisect *, checkout, pivot_root, pluck, update, automate update
--no-move-conflicting-paths undo previous --move-conflicting-paths
diff
--without-header undo previous --with-header
--show-encloser undo previous --no-show-encloser
disapprove, suspend
--no-update undo previous --update
drop
--no-recursive undo previous --recursive
explicit_merge, merge, merge_into_dir propagate
--no-resolve-conflicts undo previous --resolve-conflicts
--no-update undo previous --update
log
--no-brief undo previous --brief
--no-diffs undo previous --diffs
--clear-from undo previous --from
--files undo previous --no-files
--graph undo previous --no-graph
--merges undo previous --no-merges
--clear-to undo previous --to
import
--no-dry-run undo previous --dry-run
--respect-ignore undo previous --no-respect-ignore
mkdir
--respect-ignore undo previous --no-respect-ignore
serve
--no-pid-file undo previous --pid-file
sync, pull, push, automate remote_stdio, automate remote
automate pull, automate push, automate sync
--no-set-default undo previous --set-default
sync, pull, push, automate pull, automate push, automate sync
--dry-run just report what would be sent/received
automate inventory
--corresponding-renames undo previous --no-corresponding-renames
--ignored undo previous --no-ignored
--unchanged undo previous --no-unchanged
--unknown undo previous --no-unknown
automate content_diff
--without-header undo previous --with-header
automate show_conflicts
--no-ignore-suspend-certs undo previous --ignore-suspend-certs
automate log
--clear-from undo previous --from
--merges undo previous --no-merges
--clear-to undo previous --to
- Command options now hidden:
(several commands) --no-prefix
serve --stdio --no-transport-auth
(all netsync/remote commands) --min-netsync-version --max-netsync-version
- Deprecated options:
--norc use --no-standard-rcfiles
--nostd use --no-builtin-rcfile
--reallyquiet use --quiet --quiet
--debug use --verbose
- To aid command line typing, partial option names are tried to
be expanded; if the expansion leads to multiple possibilities,
all matches and an accompanying short description of the
particular expansion are displayed.
Two types of expansions are available: simple prefix matching
and word abbreviation matching. Single-word options like '--update'
are easier to expand from prefixes, as they're unique after a few
characters, in this example '--up' already matches.
Multi-word options like for example '--ignore-suspend-certs' might
collide however with single-worded ones and are best expanded from
abbreviations, in this case '--isc'.
- The 'disapprove' command now accepts a revision range in
addition to a single revision.
- A new 'manpage' command has been added which dumps the monotone
command help including all global and command specific options in
standard troff format. If this command is used interactively, its
output is automatically processed through nroff and less, in case
both are available on your system. If not, you can change the default
command by overwriting the 'get_man_page_formatter_command' hook.
The 'manpage' command is also used to create a static version of
mtn(1) which is now installed with the rest of monotone's docs.
- New 'k:' selector type to query revisions where at least one
certificate was signed with the given key.
- New automate command 'log' which behaves identical to the
normal 'log' command, except that it only outputs the
revision ids.
- New automate command 'checkout' which works just as its
non-automate counterpart.
- Monotone now tracks file size information (hence the previously
mentioned schema change).
File sizes are currently only queryable via the automation
interface, directly for specific files via 'get_file_size' or
as part of the extended manifest (see below), but these
information may become visible as part of the user UI later on
as well.
- New automate command 'get_extended_manifest_of', which prints
a beefed-up manifest format with file size and extensive marking
information. This can be used to easily determine when specific
nodes have been changed or moved at last.
- New automate commands 'put_public_key', 'get_public_key' and
'drop_public_key'. (closes monotone bug #30345)
Bugs fixed
- The 'mv' command now warns when a source is being renamed onto
itself or one of its children (fixes monotone bug #29484).
- The 'mv' command now also handles this usage properly, where
'foo' is a directory:
$ mv foo bar
$ mtn mv --bookkeep-only foo bar
- monotone no longer asks to pick a branch from a set of branches
of a revision in which all but one branch have been suspended
(fixes monotone bug #29843)
- The annotate command no longer fails if it should print out
empty or untrusted date cert values
(fixes monotone bug #30150)
- monotone now tries harder to find the cancel hint in a commit
message and only aborts if it can't find it anywhere
(fixes monotone bug #30215)
- The import command no longer warns about not being able
to write out _MTN/options on --dry-run
(fixes monotone bug #30225)
- 'automate remote' and 'automate remote_stdio' can now be used
without transport authentication (e.g. on file:// or ssh://
transports) as well as anonymously over netsync
(fixes monotone bug #30237)
- monotone does no longer warn about missing implicit includes
when dealing with restricted file sets
(fixes monotone bug #30291)
- The 'passphrase' and 'dropkey' commands now handle private keys
in old-style key files (without the hash part in the file name)
properly.
monotone also makes it very sure now that the key file of a
private key which is about to be deleted really and only
contains the key which should be deleted and nothing else
(fixes monotone bug #30376)
- monotone no longer throws an unrecoverable error if a public or
private key is addressed with some non-existing key id
(fixes monotone bug #30462)
- A globish that contains a bracket pair with an empty sub-pattern
such as "{,.foo}", "{.foo,}" or even "{.foo,,.bar}" now correctly
expands the empty target, so e.g. the branch pattern
"net.venge.monotone{,.*}"
now matches "net.venge.monotone" and "net.venge.monotone.*"
as expected. (fixes monotone bug #30655)
- A regression in 0.48 made a path-restricted 'mtn log' show
revisions, in which not the picked path(s), but one of its parents
were changed. This has been fixed.
- 'mtn trusted' will no longer accept single bogus revision ids,
but instead validates if the given revision really exists in the
current database.
- 'mtn read' (and also 'mtn automate read_packets') now tests public
and private key data more thoroughly and aborts if it encounters
invalid data.
- 'mtn conflicts store' now gives a proper error message when
run outside a workspace (fixes monotone bug #30473)
- monotone did not properly parse URIs which missed a scheme or
which did not mark the start of the authority with a double slash.
This has been fixed.
(fixes monotone issue 94)
* Added the ATF_REQUIRE_THROW_RE to atf-c++, which is the same as
ATF_REQUIRE_THROW but allows checking for the validity of the exception's
error message by means of a regular expression.
* Added the ATF_REQUIRE_MATCH to atf-c++, which allows checking for a
regular expression match in a string.
* Changed the default timeout for test cases from 5 minutes to 30 seconds.
30 seconds is long enough for virtually all tests to complete, and 5
minutes is a way too long pause in a test suite where a single test case
stalls.
* Deprecated the use.fs property. While this seemed like a good idea in
the first place to impose more control on what test cases can do, it
turns out to be bad. First, use.fs=false prevents bogus test cases
from dumping core so after-the-fact debugging is harder. Second,
supporting use.fs adds a lot of unnecessary complexity. atf-run will
now ignore any value provided to use.fs and will allow test cases to
freely access the file system if they wish to.
* Added the atf_tc_get_config_var_as_{bool,long}{,_wd} functions to the atf-c
library. The 'text' module became private in 0.11 but was being used
externally to simplify the parsing of configuration variables.
* Made atf-run recognize the 'unprivileged-user' configuration variable
and automatically drop root privileges when a test case sets
require.user=unprivileged. Note that this is, by no means, done for
security purposes; this is just for user convenience; tests should, in
general, not be blindly run as root in the first place.
4.5.3 brings a number of improvements:
* KSharedDataCache has cache invalidation bug fixed that caused stability
when daylight saving time changed.
* Icon overlays in Dolphin are now positioned correctly after adjusting
the zoom level.
* Okular, KDE's universal document viewer has seen improvements in the
DjVu and XPS backends.
1.7 (2010-11-01)
1.1. Core
* filelog: improve cmp performances (issue2273)
* patch: don't strip '#' lines from patch descriptions (issue2417)
* patch: when native patching fails (ui.patch is not set), don't retry with an external tool
* setup/hg: always load Mercurial from where it was installed.
* setup: user-friendly error message if Python headers are missing
* store: new unsupported and experimental parentdelta format (see UpgradeNotes)
* store: encode first period or space in filenames (issue1713)
* url: expand environment variables in [auth] settings (issue2328)
* url: check validity (notBefore/notAfter) using OpenSSL (issue2407)
1.2. Commands
* addremove: use similarity 100 by default
* alias: add support for shell command aliases starting with '!' (see [alias] in hgrc(5))
* backout: add --tool argument for specifying merge tool
* backout: backout linearly by default instead of branching and merging (use --merge to get the former behaviour)
* dispatch: properly handle relative path aliases used with -R (issue2376)
* init: expand destination url as a configured paths
* log: do not --follow file that is deleted and recreated later (issue732)
* merge: don't detect copies as "divergent renames", make error message more helpful
* merge: add --tool argument to merge and resolve
* merge: handle no file parent in backwards merge (issue2364)
* tags: do not fail if tags.cache is corrupted (issue2444)
* templater: add "hex" filter and "children" keywords (see hg help templating)
1.3. Subrepos
* support remapping of subrepository source paths (see [subpaths] in hgrc(5))
* make add, diff, incoming, outgoing and status commands recurse into subrepos with --subrepos/-S
* subrepo: add support for 'hg archive'
* subrepo: fix status check on SVN subrepos (issue2445)
1.4. Revsets
* add id() and rev() to allow explicit references to changes by hash or rev (see hg help revsets)
* add min() function to complement max()
* add present() function to avoid lookup errors on possibly missing changesets
* rename tagged() to tag() and allow it to take an optional tag name
* strip: add revsets support
* add revsets support to bisect and update (issue1993)
* bookmarks: add a bookmark([name]) revset for referencing bookmarks
* transplant: add a transplanted(set) revset to get transplanted revisions
1.5. hgweb
* add a help view for accessing the built-in documentation (see help link in hg serve)
* let HTTPS serve use more compatible but less secure encryption
* support very simple caching model (issue1845)
1.6. Extensions
* color: better support for branches and mq guards
* convert: handle closed branch heads in hg-hg conversion (issue2185)
* convert: support darcs changelogs with bytes 0x7F-0xFF (issue2411)
* convert: deprecate --authors in preference for --authormap
* graphlog: support header and footer templates when using styles (issue2395)
* keyword: do not expand at all during diff
* keyword: support copy and rename
* mq: extend support for the --mq argument to extension commands
* mq: save qrefresh message for easy recovery in case it fails (issue2062)
* mq: support hg qimport --existing --name renametothis thatexistingpatch, fix --force case on Windows
* mq/qqueue: support renaming of active queue
* mq/qqueue: add --purge option to delete a queue and its patches
* pager: add global --pager=<auto/boolean> option
* patchbomb: add --confirm option to show series details and ask for confirmation
* patchbomb: let diffstat prompt only once with complete summary
* progress: support rebase and patchbomb
* rebase: re-add patches to mq repo after rebase
* strip: add --keep flag to avoid modifying working directory during strip
* strip: rename --nobackup option to --no-backup (issue2377)
* strip: support stripping multiple revisions
1.7. contrib
* mergetools.hgrc: add vimdiff
* zsh completion: support bookmarks and patchbomb extensions
* zsh completion: add qpush --move option
manifests (resulting in much less metadata for large repositories), lots
of speed ups for the manifest parser, and smaller improvements like revert
dealing with merge records.
* SECURITY: CVE-2010-1452 (cve.mitre.org)
mod_dav: Fix Handling of requests without a path segment.
* SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects.
* SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
* SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
* SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
attack when compiled against OpenSSL version 0.9.8m or later. Introduces
the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
and offer unsafe legacy renegotiation with clients which do not yet
support the new secure renegotiation protocol, RFC 5746.
* SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
for OpenSSL versions prior to 0.9.8l; reject any client-initiated
renegotiations. Forcibly disable keepalive for the connection if there
is any buffered data readable. Any configuration which requires
renegotiation for per-directory/location access control is still
vulnerable, unless using openssl 0.9.8l or later.
* SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body.
* SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage.
* SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
* SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7.
* Fix recursive ErrorDocument handling.
* mod_ssl: Do not do overlapping memcpy.
* Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass
through on a 304 response.
* apxs: Fix -A and -a options to ignore whitespace in httpd.conf
