* meta: Fix calling of htmlscrubber to pass the page parameter. The
change of the htmlscrubber to look at page rather than destpage
caused htmlscrubber_skip to not work for meta directives.
=== RELEASE 2.3pre1 ===
Sun Aug 16 06:17:03 MET 2009 mikulas:
Accept cookies for domains with two parts, such as xxxx.yy, where
"xxxx" has at least 4 chars. This likely won't be generic domain such
as "co.tw", so accepting the cookie is safe.
Sun May 17 22:29:43 MET DST 2009 mikulas:
Support encryption with NSS (GPL fanatics don't like OpenSSL, grrr)
Sun May 17 18:51:07 cet 2009 mikulas:
Ignore textarea that is not inside form (for Google)
Sun Jan 18 19:27:56 CET 2009 mikulas:
Avoid quadratic complexity when parsing long forms
Thu Jan 1 14:04:38 CET 2009 mikulas:
UTF-8 text mode terminal support
Sun Sep 14 01:02:06 MET 2008 mikulas:
Decode '%' in downloaded file names
Tue Sep 9 23:13:20 MET 2008 mikulas:
Do not add another '?' or '&' if already present at the end of form
submit URL
Sun Aug 24 17:19:32 MET 2008 Christian Biere <christianbiere@gmx.de>:
magnet: URL support
Wed Aug 20 23:03:10 cet 2008 mikulas:
More strict check for invalid GIF header
(catches some misgenerated images that reported too big size and
overflowed the memory allocator)
Sun Aug 17 23:30:34 MET 2008 mikulas:
Check for too big images
Wed Aug 13 00:24:41 CEST 2008 mikulas:
Fixed occasional drawing after VT switch on framebuffer
Mon Aug 4 18:53:52 cet 2008 mikulas:
Don't submit disabled form entries (this is compatible with
Mozilla/MSIE; Netscape and Lynx do submit them)
Sun Aug 3 02:40:58 MET 2008 mikulas:
Handle restart with servers that send 206 but don't send Content-Range
Changelog
=========
Since 1.7.3
------------
bugfix: Email address autocomplete click fix.
bugfix: Fixed calendar when rendering some evnets (week & day views).
bugfix: Error when sending notifications through cron.
bugfix: Improved email parsing for some email encodings.
bugfix: Improved email list refresh after taking some actions.
bugfix: Overview - view as list does not order emails properly.
bugfix: Emails are not ordered properly by 'to' field.
bugfix: Email permissions when sending.
bugfix: Email background sending process improved.
Version 2.9.2 (2010-12-02)
--------------------------
- Updated TCPDF to version 5.9.023 (#2686)
- Updated MooTools Core to version 1.2.5 (#2545)
- Updated TinyMCE to version 3.3.9.2 (#2702)
- Updated mediaboxAdvanced to version 1.2.5 (#2701)
- Added: allow external images in HTML newsletters (#2396)
- Added: added insert tags for acronyms and abbreviations (#2478)
- Added: add class "sibling" to pages on the same level in the navigation menu (#2419)
- Fixed: do not allow insert tags in comments (#2499)
- Fixed: check for custom layout sections during the theme import
- Fixed: only send the comments notification once (#2407)
- Fixed: skipping the first item of a news list did not work correctly (#2488)
- Fixed: allow column width 0 in page layouts (#2554)
- Fixed: consider the protocol when loading scripts from the Google CDN (#2450)
- Fixed: textareas in the back end were cut off in Opera (#2404)
- Fixed: the task history could not be collapsed (#2424)
- Fixed: the link insert tags showed the page title instead of the page name (#2371)
- Fixed: do not show empty fieldset legends in the form generator (#2625)
- Fixed: preserve curly brackets when replacing simple tokens (#2597)
- Fixed: the style sheet importer did not support some CSS3 selectors (#2566)
- Fixed: textual date insert tags were not replaced when loaded from cache (#2644)
- Fixed: the image insert tag did not output the image dimensions (#2529)
- Fixed: clear the $_GET array after rendering the event list module (#2445)
- Fixed: do not aggregate style sheets with a @font-face selector (#2443)
- Fixed: news insert tags did not handle entities correctly (#2604)
- Fixed: do not show the FTP and database passwords in the install tool (#2417)
- Fixed: minor fixes for the TimePeriod widget (#2477)
- Fixed: update the CSS files after an old version of a record has been restored (#2524)
- Fixed: custom page templates were not shown in "override all" mode (#2494)
- Fixed: incorrect event sorting (#2675)
- Fixed: do not execute hooks in the extension manager (#2448)
- Fixed: check for existing files when renaming files in the file manager (#2610)
- Fixed: check redirect pages for circular references (#2704)
- Fixed: fixed a few minor spelling issues (#2403)
- Fixed some minor issues
4.15 Sun Nov 28 2010: - Balint Szilakszi <szbalint at cpan.org>
- Refactored constant handling and added thorough testing for it.
- Fixed CURLOPT_PRIVATE, it is now a string and can be set/get accordingly.
4.14 Sun Oct 24 2010: - Balint Szilakszi <szbalint at cpan.org>
- Scalar references can now be used to receive body/header data [gfx].
- Speed optimizations for threaded perl. [gfx, szbalint].
- Added a more generic libcurl constant detection.
- Added the pushopt method for appending strings to array options.
- Documentation improvements.
4.1 Mon Oct 25 2010
[FIXES]
* '/' is a valid attribute (pull from tokuhirom) (RT #61809)
* Change check fo subclasses in as_HTML. (RT #61673)
* Fix ProhibitThreeArgumentOpen being triggered. (RT #61857)
* websetup: Fix encoding problem when restoring old setup file.
* more: Add pages parameter to limit where the more is displayed.
(thanks, dark)
* Fix escaping of filenames in historyurl. (Thanks, aj)
* inline: Improve RSS url munging to use a proper html parser,
and support all elements that HTML::Tagset knows about.
(Which doesn't include html5 just yet, but then the old version
didn't either.) Bonus: 4 times faster than old regexp method.
* Optimise glob() pagespec. (Thanks, Kathryn and smcv)
* highlight: Support new format of filetypes.conf used by version 3.2
of the highlight package.
* edittemplate: Fix crash if using a .tmpl file or other non-page file
as a template for a new page.
* git: Fix temp file location.
* rename: Fix to pass named parameters to rcs_commit.
* git: Avoid adding files when committing, so as not to implicitly add
files like recentchanges files that are not normally checked in,
when fixing links after rename.
Changes with mod_fcgid 2.3.6
*) SECURITY: CVE-2010-3872 (cve.mitre.org)
Fix possible stack buffer overwrite. Diagnosed by the reporter.
P R 49406. [Edgar Frank <ef-lists email.de>]
*) Change the default for FcgidMaxRequestLen from 1GB to 128K.
Administrators should change this to an appropriate value based on
site requirements. [Jeff Trawick]
*) Allow FastCGI apps more time to exit at shutdown before being
forcefully killed. [Jeff Trawick]
*) Correct a problem that resulted in FcgidMaxProcesses being ignored
in some situations. P R 48981. [<rkosolapov gmail.com>]
*) Fix the search for processes with the proper vhost config when
ServerName isn't set in every vhost or a module updates
r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
or a module updates r->server dynamically (e.g., mod_vhost_ldap).
[Jeff Trawick]
*) FcgidPassHeader now maps header names to environment variable names
in the usual manner: The header name is converted to upper case and
is prefixed with HTTP_. An additional environment variable is
created with the legacy name. P R 48964. [Jeff Trawick]
*) Allow processes to be reused within multiple phases of a request
by releasing them into the free list as soon as possible.
[Chris Darroch]
*) Fix lookup of process command lines when using FcgidWrapper or
access control directives, including within .htaccess files.
[Chris Darroch]
*) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
ownership of mutex files was incorrect, resulting in a startup failure.
P R 48651. [Jeff Trawick, <pservit gmail.com>]
*) Return 500 instead of segfaulting when the application returns no output.
[Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]
*) In FCGI_AUTHORIZER role, avoid spawning a new process for every
different HTTP request. [Chris Darroch]
- Allow the "error_page" directive to change the status code in a
redirect
- Support special "degration" mask in "gzip_disable" directive
- Fix a socket leak with file AIO
- Fix bug that made a server the default if none was explicitly set and
the first server has no "listen" directive
Update to 0.9.9.3. Nothing much changed between .2 and .3, update is
straightforward.
While here, make MESSAGE more helpful in case of package upgrade.
Changelog:
0.9.9.2 => 0.9.9.3
Functionality Enhancements
* Bindings available to a principal are now listed in the Admin UI.
* Attempt to login using supplied basic authentication credentials, if all else fails.
Bug Fixes
* WebDAV Sync is now supported for Addressbook collections.
* VCARD resources will no longer report a blank ETag in an XML responses.
* The ETag property will be properly quoted when appearing an XML response.
Other Changes
* 412 error responses to PUT for addressbook resources now include useful information.
* A new temporary configuration option is added to allow use of the old sync-response tag in WebDAV sync for compatibility with the Inverse CardDAV plugin for Lightning.
* Basic recognition of VLIST resources.
Changelog:
0.9.9.1 => 0.9.9.2
Functionality Enhancements
* Tickets and Bindings related to a collection or principal are now listed in the Admin UI.
Bug Fixes
* The CardDAV 'addressbook-query' report is enabled.
* A bug is fixed in the database libraries which caused some valid hexadecimal strings to be treated as numbers.
* The PAM auth method now parses the username field better (Jim Hague).
* An ETag will now be sent in response to a PUT for non-Calendar resources as well as for calendaring ones.
* Collection / Principal maintenance screens will no longer cause query errors during the create action.
0.9.9 => 0.9.9.1
Functionality Enhancements
* Initial support for vCard Extensions to WebDAV (CardDAV) - Draft
* WebDAV Sync RFC (draft) support is updated to draft version -03
* Support for /.well-known/caldav and /.well-known/carddav URLs (per RFC5785: Defining Well-Known URIs)
Bug Fixes
* Free/busy handling has been completely rewritten.
* LDAP group handling should be better
* UTF8 calendars should now be more reliably imported.
* There should be no need to override the DAV header.
* Many others.
Other Changes
* Some updated translations
* Clients which set the Content-Type incorrectly on PUT should be accommodated with a warning logged.
* Errors in the DAViCal configuration file should not generate output to the screen. This has been a common problem causing breakage in the DAV functionality. Errors will still be logged to the PHP error log (usually the Apache error log).
* txt: Fix display when used inside a format directive.
* highlight: Ensure that other, more-specific format plugins,
like txt are used in preference to this one in case of ties.
* htmltidy, sortnaturally: Add missing checkconfig hook
registration. Closes: #601912
(Thanks, Craig Lennox and Tuomas Jormola)
* git: Use author date, not committer date. Closes: #602012
(Thanks, Tuomas Jormola)
* Fix htmlscrubber_skip to be matched on the source page, not the page it is
inlined into. Should allow setting to "* and !comment(*)" to scrub
comments, but leave your blog posts unscrubbed, etc. CVE-2010-1673
* comments: Make postcomment() pagespec work when previewing a comment,
including during moderation. CVE-2010-1673
* comments: Make comment() pagespec also match comments that are being
posted. CVE-2010-1673
* Fix searching DataTree elements (groups) if backend charset is different
from interface charset
* Fix accessing IMAP ACLs that contain non-alphanumeric characters
* Avoid fatal errors when using DateTime with not properly configured PHP 5.3+
* Fix importing recurrence exceptions from vCalendar 1.0.
* Fix preferences management regression
* Fix conversion of all-day events and certain yearly recurring events for
Funambol clients.
* Fix memcache cache regression.
* Fix SyncML page sometimes deleting more anchors than selected.
New features/improvements:
- Detect Windows 7.
- Can format numbers according to language.
- More mime types.
- Added geoip_asn_maxmind plugin.
- Geoip Maxmind city plugin have now override file capabilities to complete
missing entries in geoip maxmind database.
- Added graphgooglechartapi to use online Google chart api to build graph.
- Can show map of country to report countries when using graphgooglechartapi.
- Part of codes was change to use more functions and have a cleaner code.
- Added parameter to ignore missing log files when merging for a site on
multiple servers where a single server may not have created a log for a given day.
- Update robots database.
- Added Download tracking where certain mime types are defined as downloads
and HTTP status 206 is tracked as download continuation
- Can use wrapper with parameters in WrapperScript parameter.
- Change to allow usage of AWStats inside a plugin
for Opensource Dolibarr ERP & CRM software (http://www.dolibarr.org).
Fixes:
- Webmin module works with new version of webmin.
- Security fix (Traverse directory of LoadPlugin)
- Security fix (Limit config to defined directory to avoid access to external
config file via a nfs or webdav link).
Geeklog History/Changes:
Oct 31, 2010 (1.7.1)
------------
- Fixed description of $index parameter for STORY_renderArticle (bug #0001203)
[Dirk]
- The number of successfully imported users was always reported as 0 for the
"Batch Add" option in the User Manager (bug #0001211) [Ivy, Dirk]
- Fixed a bug in the MS SQL changeDESCRIBE method to properly prefix the proper
sql query string [Randy]
- Updated Hebrew language files, provided by LWC
- New Italian language files for the Links plugin, provided by Rouslan Placella
- Updated Italian language files for the Static Pages plugin, provided by
Rouslan Placella
Calendar Plugin
---------------
- Fixed an SQL error when returning search results for the Personal Calendar
(bug #0001195) [Dirk]
Oct 10, 2010 (1.7.1rc1)
------------
- If content from an Autotag produces another Autotag it will be executed (to a
maximum of 5 times) [Tom]
- Themes can now have their own display functions for the start and end of
Blocks. (Feature #0001188) [Tom]
- Reverted a change in 1.7.0 that would send a Content-Type header when calling
COM_refresh since this conflicts with some plugins (e.g. the Forum) [Dirk]
- Fixed wrong view after posting a comment on a poll (bug #0001080, patch
provided by Wojtek Szkutnik)
- Fixed language in the dropdown for the permanent cookie in the Configuration
(bug #0001117, patch provided by Eric Brisco)
- Added cancel and delete buttons to comment edit and submission forms when
needed. (Feature #0000981) [Tom]
- Reverted parts of the changes for bug #0001057: Do _not_ escape curly braces
when displaying a block's content (bug #0001156). If you run into the problem
that words in curly braces inside blocks are interpreted as template
variables, simply add a space after the opening and/or the closing brace
[Dirk]
- Autotags can now be inserted directly into template files.
(Feature #0001181) [Tom]
- Plugins are able to control moderation and return a string to be displayed.
(Feature #0000619 patch provided by jmucchiello)
- Admin lists can now display a 0 in a column instead of being blank
(bug #0001060 patch provided by jmucchiello)
- Fixed "Show & Hide Boxes" option in My Account (reported by Pushkar) [Dirk]
- Display the topic name (instead of the topic id) in the list of draft stories
(bug #0001171) [Dirk]
- Fixed COM_formatTimeString to correctly handle intervals bigger than 4 weeks
(bug #0001158) [Dirk]
- Call PLG_templateSetVars for the Advanced Search form [Dirk]
- Make sure we keep the current status of the user's Advanced Editor option
even when Advanced Editor is disabled for the site (Thanks, Markus) [Dirk]
- Comment submissions for plugins were missing the type [Dirk]
- In the Group Editor, hide the 'Apply "Default Group" change' option until the
state of the "Default Group" checkbox changes (feature request #0001116,
patch provided by Dushyant Tiwari)
- Fixed handling of $LANG_DIRECTION in the install script (cf. bug #0000871)
- Fixed query highlighting in articles - didn't work for queries that contained
characters filtered by COM_applyFilter [Dirk]
- Updated Japanese language file, provided by the Geeklog.jp group
- New and updated French (France) language files, provided by Ben
- Updated Hebrew language file for the Links plugin, provided by LWC
Static Pages Plugin
-------------------
- Call up the Advanced Editor when enabled (bug #0001147, patch provided by
Samuel Leathers)
- A Static Page can now be marked as a template and used by other Static Pages.
(Feature #0001085) [Tom]
4.5.3 brings a number of improvements:
* KSharedDataCache has cache invalidation bug fixed that caused stability
when daylight saving time changed.
* Icon overlays in Dolphin are now positioned correctly after adjusting
the zoom level.
* Okular, KDE's universal document viewer has seen improvements in the
DjVu and XPS backends.
- Bug 3088: dnsserver is segfaulting
- Bug 3084: IPv6 without Host: header in request causes connection to hang
- Bug 3082: Typo in error message
- Bug 3073: tunnelStateFree memory leak of host member
- Bug 3058: errorSend and ICY leak MemBuf object
- Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
- Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper
dies
- Bug 3053: cache version 1 LFS support detection broken
- Bug 3051: integer display overflow
- Bug 3040: Lower-case domain entries from hosts and resolv.conf files
- Bug 3036: adaptation_access acls cannot see myportname
- Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
- Bug 2964: Prevent memory leaks when ICAP transactions fail
- Bug 2808: getRoundRobinParent not handling weights correctly
- Bug 2793: memory statistics sometimes display wrong
- Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
- Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
- Ensure /var/cache or jail equivalent exists on install
- HTTP/1.1: delete Warnings that have warning-date different from Date
- HTTP/1.1: do not remove ETag header from partial responses
- HTTP/1.1: make date parser stricter to better handle malformed Expires
- HTTP/1.1: improve age calculation
- HTTP/1.1: reply with a 504 error if required validation fails
- HTTP/1.1: add appropriate Warnings if serving a stale hit
- HTTP/1.1: support requests with Cache-Control: min-fresh
- HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
- squidclient: Display IP(s) connected to in verbose (-v) display
- Fixes several issues with ICAP persistent connections
- Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
- ... and some cosmetic polishing
Trac-0.12.1ja1 (Nov 1, 2010)
* Merge Trac-0.12.1
* Translate default Wiki pages into Japanese.
- trac/wiki/default-pages/*
* Translate document for trac.ini options into Japanese.
- trac/env.py
- trac/versioncontrol/admin.py
- trac/versioncontrol/api.py
- trac/versioncontrol/svn_authz.py
- trac/versioncontrol/web_ui/browser.py
- trac/web/chrome.py
- trac/web/main.py
- trac/wiki/api.py
Trac 0.12.1 (October 9, 2010)
http://svn.edgewall.org/repos/trac/tags/trac-0.12.1
This list contains only a few highlights:
- db: improve concurrency behavior (#9111)
- fcgi: add an environment variable `TRAC_USE_FLUP` to control the usage of flu
p vs. bundled _fcgi.py (defaults to 0, i.e. use bundled as before)
- svn authz: improve compatibility with svn 1.5 format (#8289)
- milestone: allow to set the time for the due date (#6369, #9582)
- ticket: fixes for the CC: property (#8597, #9522)
- notification: improved the formatting of ticket fields in notification e-mail
s (#9484, #9494)
- i18n: added a configuration option to set the default language (#8117)
- several fixes for upgrade (#9400, #9416, #9483, #9556)
* SECURITY: CVE-2010-1452 (cve.mitre.org)
mod_dav: Fix Handling of requests without a path segment.
* SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects.
* SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
* SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
* SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
attack when compiled against OpenSSL version 0.9.8m or later. Introduces
the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
and offer unsafe legacy renegotiation with clients which do not yet
support the new secure renegotiation protocol, RFC 5746.
* SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
for OpenSSL versions prior to 0.9.8l; reject any client-initiated
renegotiations. Forcibly disable keepalive for the connection if there
is any buffered data readable. Any configuration which requires
renegotiation for per-directory/location access control is still
vulnerable, unless using openssl 0.9.8l or later.
* SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body.
* SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage.
* SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
* SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7.
* Fix recursive ErrorDocument handling.
* mod_ssl: Do not do overlapping memcpy.
* Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass
through on a 304 response.
* apxs: Fix -A and -a options to ignore whitespace in httpd.conf
* prefork MPM: Run cleanups for final request when process exits gracefully
to work around a flaw in apr-util.
* mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
connections and other protocol handlers (like mod_ftp). Enforce the
timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering
close time from 30 to 2 seconds.
* Proxy balancer: support setting error status according to HTTP response
code from a backend.
* mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
password to UTF-8.
* core: check symlink ownership if both FollowSymlinks and
SymlinksIfOwnerMatch are set
* core: fix origin checking in SymlinksIfOwnerMatch
* mod_headers: Enable multi-match-and-replace edit option
* mod_log_config: Make ${cookie}C correctly match whole cookie names
instead of substrings.
* mod_dir, mod_negotiation: Pass the output filter information
to newly created sub requests; as these are later on used
as true requests with an internal redirect. This allows for
mod_cache et.al. to trap the results of the redirect.
* rotatelogs: Fix possible buffer overflow if admin configures a
mongo log file path.
* mod_ssl: Do not do overlapping memcpy.
* vhost: A purely-numeric Host: header should not be treated as a port.
* core: (re)-introduce -T commandline option to suppress documentroot
check at startup.
4.5.2
translation updates, performance and stability improvements and other
bugfixes.
4.5.0
new versions of the Plasma Workspaces, the KDE Applications and the KDE
Development Platform in version 4.5.0. While focus within this release
cycle lay on stability, the overall polish and performance gain is well
noticable. Features such as the reworked notification area, Marble's map
routing and support for WebKit in Konqueror round up this release.
* Fix test suite failure on other side of date line.
* htmltidy: Allow configuring tidy parameters in setup file.
(W. Trevor King)
* Updated French program translation. Closes: #598918
* git: Added new rcs_revert and rcs_preprevert hooks.
* recentchanges: Add revert buttons to RecentChanges page, and
implement web-based reversion interface.
* Thanks to Peter Gammie for his assistance with the web-based reversion
feature.
* actiontabs: More consistent styling of Hn tags.
* websetup: Fix saving of advanced mode changes.
* websetup: Fix defaults of checkboxes in advanced mode.
* monotone: Fix recentchanges page when the srcdir is not at the top
of the monotone workspace. Thanks, tommyd.
* img: If a class is specified, don't also put the img in the img
class.
* auto-blog.setup: Don't enable opendiscussion by default; require users be
logged in to post comments.
Updating this leaf package during the freeze for bugfixes.
Changes:
* curl -T: ignore file size of special files
* Added GOPHER protocol support
* Added mk-ca-bundle.vbs script
* c-ares build now requires c-ares >= 1.6.0
Bugfixes:
* --remote-header-name security vulnerability fixed
* multi: support the timeouts correctly, fixes known bug #62
* multi: use timeouts properly for MAX_RECV/SEND_SPEED
* negotiation: Wrong proxy authorization
* multi: avoid sending multiple complete messages
* cmdline: make -F type= accept ;charset=
* RESUME_FROM: clarify what ftp uploads do
* http: handle trailer headers in all chunked responses
* Curl_is_connected: use correct errno
* Added SSPI build to Watcom makefile
* progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
* linking problem on Fedora 13
* Link curl and the test apps with -lrt explicitly when necessary
* chunky parser: only rewind stream internally if needed
* remote-header-name: don't output filename when NULL
* Curl_timeleft: avoid returning "no timeout" by mistake
* timeout: use the correct start value as offset
* FTP: fix wrong timeout trigger
* buildconf got better output on failures
* rtsp: avoid SIGSEGV on malformed header
* LDAP: Support for tunnelling queries through HTTP proxy
* configure's --enable-werror had a bashism
* test565: Don't hardcode IP:PORT
* configure: check for gcrypt if using GnuTLS
* configure: don't enable RTMP if the lib detect fails
* curl_easy_duphandle: clone the c-ares handle correctly
* MacOSX-Framework: updates for Snowleopard
* support URL containing colon without trailing port number
* parsedate: allow time specified without seconds
* curl_easy_escape: don't escape "unreserved" characters
* SFTP: avoid downloading negative sizes
* Lots of GSS/KRB FTP fixes
* TFTP: Work around tftpd-hpa upload bug
* libcurl.m4: several fixes
* HTTP: remove special case for 416
* examples: use example.com in example URLs
* globbing: fix crash on unballanced open brace
* cmake: build fixed
