o egmentation fault in idnsGrokReply() on certain platforms
synopsis A bug in how Squid processes certain DNS
replies can cause segmentation faults on
certain platforms. Linux and FreeBSD on X86
platforms seems unaffected however.
severity Major
bugzilla #605
versions Squid-2.5 and earlier
platforms Solaris SPARC and several other
patch squid-2.5.STABLE2-dns_root_label.patch
workaround Recompile squid with --disable-internal-dns
o The example header_access paranoid setting is missing WWW-Authenticate
synopsis The paranoid header_access example is missing
WWW-Authenticate, and thereby unintentionally
denying authentication to web sites if used
without modifitaions.
severity Cosmetic
bugzilla #600
versions Squid-2.5
platforms All
patch squid-2.5.STABLE2-header_access_paranoid.patch
linker seemingly does not pass the rpath down from binaries to shared
libs, resulting in libs not being able to find other libs they require.
patch from taya@, tested on FreeBSD 5.0.
Release notes do not have a lot of relevance to say:
- Enhanced security
- Improved stability
- New Macromedia® Flash 6 r65 plugin for Windows
- New Java 1.4.0_03 plugin for Windows
o New pure perl version (not built though, experimental)
o More perl 5.8.0 compatibility
o library fixes
o fix perl 5.005 compatibility problem
o fix strict warning
o Update build process
o Fix refcounting bug
o Add GetEnvironment for pure version
o Add LastCall method
o Allow filehandle for Request's socket parameter
o Add BINMODE method
o convert echo.fpl to new interface
changes:
-- Added the ability to edit the date of posting on the posting edit form.
-- Update the posting's 'modified' attribute when postings are editted.
-- Use BTrees.IIBTree.IISet instead of the deprecated intSet.intSet.
-- Fixed problems with indexes and metadata for Zope 2.6.0.
-- Added 'date' as metadata by default.
-- Fixed handling of reply counts and moderated counts when un-approving
postings.
-- Moved to Strip-o-Gram 1.4.
-- Better documentation and some renaming in updaters.
changes:
-bugfixes, cleanups
-mail support more or less rewritten
-CMF skin updates
-enhancements to comment behaviour
-Simpler page ids, faster performance and better memory efficiency
-new general-purpose page type including tracker and fit support
-preliminary stylesheet support
changes:
Send online post cards with photos
Support for LocalFS 1.1 and LocalFS 1.0
Choose between small,medium,large and full size for thumbnails creation
Statistics about visits of photos and albums
User can order his ZPhotoSlides as he want
Parse EXIF informations in JPEG coming from digital camera
Correct troubles with upgrade between different versions
Add photos from the browser
-cleanup, bug fixes... a long ChangeLog with little structure
-needs Zope-2.6.* now (ActivePak issue)
-i18n stuff not yet installed - need some framework first to avoid
conflicts
- Attribute generation now correctly respects the value of autoEscape()
- Fixed endofrm() syntax error
- Fixed bug in redirect header handling
- Added P3P option to header()
- Patches to make CGI::Carp work correctly with object-oriented exceptions
- Removed inaccurate description of how to set multiple cookies from
CGI::Cookie pod file
- Patch to prevent running out of filehandles when uploading lots of files
- Documentation enhancement to note that the import_names() method
transforms the parameter names into valid Perl names
- Patch to suppress lang attribute in <html> tag if not provided explicitly
- Patch to fix broken XHTML-transitional 1.0 validation on endform()
- Custom html header fix (first letter correctly upcased now)
- Added a -verbatim option to stylesheet generation
- Faster delete() method
- Added empty charset support
- Patch to fix file upload failures when uploaded file is a multiple of 4096
- Fixed behavior of ACTION tag when POSTING to a URL that has a query
string
- Patch to handle multipart/mixed uploads from Opera
There are lots of features added - too much to list here.
Still compatible enough to work with products and user data written for
zope-2.5, so we can stay in the zope25 directory for now.
Patches provided by Ossi Herrala (pkg/20725) and Marc Recht (pkg/20995).
Changes:
0.20.1:
=======
User-visible changes:
* fix svnadmin load bug so that property deletions actually occur
* fix checksum compatibility issue for older repositories
0.20.0:
=======
User-visible changes:
* new compatibility rule: require only that each interim release be
compatible with the one before it (see HACKING)
* ra_svn is still new so above rule doesn't yet apply
(i.e. 0.20 over ra_svn is NOT compatible with previous releases)
* merge infers the target path (see book chapters 4 & 8)
* merge continues in presence of missing target file
* merge's add notifications are no longer duplicated
* commands can be safely interrupted (Ctrl-C)
* --encoding global default in ~/.subversion/config
* new option --editor-cmd
* begin multi-release transition to escape binary properties over DAV
* misc performance improvements
Developer-visible changes:
* RA vtable functions take pool argument
* svn-config --includes path fixed
* uuid at creation now complete
* start having test failures throw exceptions rather than return errors
* test suite option --cleanup with --verbose being default mode
* continued diff library development
* minor revprop hook changes
* bug fixes: no diff on binary files (#1019), consistent error messages
(#1181), version numbers in hook scripts (#1182), win98 codepage (#1186)
0.18.1:
=======
User-visible changes:
* editor environment variables no longer incorrectly required
* 'svn help import' now displays correct usage
* fix crashes in the internal diff library and ra_dav
* fix Win9x/Me console issue
* cvs2svn.py api fix
* hot_backup.py now correctly removes old backups
Developer-visible changes:
* various rpm package fixes
0.18.0:
=======
User-visible changes:
* renamed the [default] section to [global] in the servers config file
* compression option is now http-compression and lives in servers file
* use internal diff by default rather than external program (#405 in
progress)
* symlinked hook scripts now run
* read-only access flag (-R) for svnserve
* quiet flag (--quiet) for svnadmin dump
* --ignore-uuid and --force-uuid for svnadmin load
* miscellaneous performance improvements
* more work on the Book
Developer-visible changes:
* new authentication library libsvn_auth (#724)
* new bdb table uuids
* client context object in libsvn_client
* more work on java and other language bindings
* test framework now has a quiet option (-q)
* miscellaneous small code cleanups
* bug fixes: more valgrind memory bugs, apr xlate i18n mess (#872),
non-existent URL checkout (#946), props on to-be-deleted files (#1066),
ra_svn move/copy (#1084), eol translation (#1085), ra_svn
checksumming (#1099), cat command corrupt output (#1104), cvs2svn
memory consumption (#1107), merge of property add (#1109),
'..' relative path (#1111), commit/cleanup/diff3 (#1119),
.svn/entries checksum (#1120), svn commit in / (#1122),
status on uncontrolled directory (#1124), commit message eol
characters (#1126), cat -r PREV (#1134), ra_dav wcprops (#1136)
split XML cdata/attribute encoding (#1118)
This is the official Flash Player 6 from Macromedia. This plugin
enables you to see .swf and .spl files on the 'net using the
mozilla-linux package.
provided by zuntum@ with some cleanup by me.
- Squid may hang or behave oddly on shutdown while requests is being processed.
synopsis Squid may hang or otherwise behave oddly in shutdown
if there is new requests processed at the same
time. On shutdown Squid internally shut down DNS,
redirectors and external acls while still processing
new requests already received. In combination with the
external acl queue overload bug this can completely
hang Squid, preventing it from shutting down.
severity Minor
bugzilla #590
versions Squid-2.5 and earlier
platforms All
- external acl lookups does not deal well with queue overload
synopsis If there is a queue overload for external acl lookups
then Squid logs "externalAclLookup: 'xxx' queue
overload" at a very high rate in cache.log until the
condition clears up.
severity Major
bugzilla #590
versions Squid-2.5
platforms All
- cache_effective_user documentation unclear
synopsis The cache_effective_user/group documentation was
unclear on what happens if only one of the directives
is set, or when Squid is started as a non-root user.
severity Cosmetic
versions Squid-2.5 and earlier
platforms All
- cache_peer documentation missing for htcp and carp
synopsis The cache_peer documentation for the htcp and carp
related options was missing
severity Cosmetic
versions Squid-2.5 and earlier
platforms All
Changes:
* the curl tool now "clears" sensitive commands line args
* no more emacs local variables in the source files
* script for distributed, automatic, multi-platform testing added. Please join up and help us test
the bleeding edge curl on various platforms!
* the "scratch buffer" is now only allocated when actually needed
* removed the strequal and strnequal macros from curl/curl.h
* added CURLOPT_UNRESTRICTED_AUTH / --location-trusted
Bugs:
* "curl -O" only, now outputs an error message accordingly
* builds fine on Redhat Linux 9 (configure fix)
* the CA cert bundle included a demo cert now removed
* changing some attributes between two transfers when re-using a connection did not "take effect"
properly
* the test suite runs faster and hopefully a bit more reliably
* improved configure check for presence of functions, needed for HPUX
* the curl tool now makes a correct URL escaping when appending to the URL when using -T and the
file name is appended to the URL.
* configure --enable-libgcc now explicitly add -lgcc to the linker
* better configure checks for headers (since some platforms got nasty warnings output previously)
* configure --help looks nicer
* data transfer bug on HP-UX systems
* improved random seeding for systems without a reliable random source
* 64bit Sparc compiler warnings removed
* a case where a connect failure didn't return an error string
* DNS cache problem in AIX 4.3 and later was fixed
* a POST-then-GET problem when re-using the same handle in libcurl
* extra precaution added for FTP servers returning 0 bytes to SIZE commands
* looping issue in the receive function (i.e badly updated progress meter)
* Fixed the 'Expect: 100-continue' behavior
* CURLOPT_MAXCONNECTS segfault fixed
* multi-interface connecting on Windows to non-listening ports fixed
* Curl_base64_encode() now encodes zero-bytes too properly
* fixed the infamous SSL error:00000000 outputs
* zlib build fix in the mingw makefile
* don't check for ca cert env variable if --insecure is used
* always use strict cert name check unless --insecure is used
* content-type extracting fixed
* DEBUGFUNCTION could be called with wrong arguments in uploads
* ftp downloads could wrongly return CURLE_PARTIAL_FILE in some conditions
* the fopen.c example code didn't work
* content-type extracting memory leak fixed
* curl/multi.h was fixed for C++ compiles
* .netrc file scanning for names+passwored fixed
* curl-config --cflags works even when include dirs isn't /usr/include
* CURLINFO_PRIVATE can return NULL properly
Changes with mod_ssl 2.8.14 (18-Mar-2002 to 21-Mar-2003)
*) Fixed logic in the destruction of a temporary certificate
structure and this way avoid a crash due to freeing NULL object.
*) Removed one newly introduced X509_free() call in the context of
SSL_get_certificate(), because this function does not increment a
reference count (although SSL_get_peer_certificate() does).
*) Fixed hash-table based shared memory session cache (shmht)
implementation by making sure that the underlying hash table
library does not crash if memory cannot be allocated.
Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003)
*) Always enforce RSA blinding on RSA private keys in order to be
resistent to timing attacks.
*) Added timeout also to the "pre-sucking" of the trailing data in
POST request handling.
*) Correctly shutdown shared memory pools on fork+exec situations.
*) Bugfix SSL client certificate verification: OpenSSL was not
informed with SSL_set_verify_result(ssl, X509_V_OK) in case
mod_ssl forced the verification to be ok.
*) Consistently use OPENSSL_free() instead of plain free() to
deallocate memory chunks allocated inside OpenSSL.
*) Fixed various memory leaks related to X509 certificates.
New patch-ac sent to maintainer.
- PNG images can now be used directly in the album (even if then are
still renamed to .jpg...).
- File timestamps are now preserved when they are copied in the gallery.
- bins_cleanupgallery script has been added. Use it to remove any unused
file in your HTML galleries. Run it without argument for usage
information. Note that this script is still experimental, so if it
performs wrong, just re-run bins to recreate erased files.
This program was written by Jochen Schaeuble <psionic @ psionic.de>.
- default templates has been updated
- joi templates have been updated
The primary purpose of whisker is to be a URL scanner, which is
used to search for known vulnerable CGIs on websites. Whisker does
this by both scanning the the CGIs directly as well as crawling the
website in order to determine what CGIs are already currently in
use.
Submitted by adrianp@stindustries.net in pkgsrc-wip
Changes:
arts
* Several memory corruption fixes.
kdelibs
* kdialog: Fix screen numbering problem for centerOnScreen() static method
* kprogress: Fix math problem in displaying correct percentage for large
numbers
* kio_http: Fix data processing for webdav(s) listing of directories and files
* kate: Many small bugfixes, including:
+ Fixed code completion drop-down box position
+ Fixed "wrap cursor disabled" bugs
+ Fixed vertical scrollbar middle mouse behaviour
+ Fixed remove whitespace feature
+ Now clears the redo history when it is irrelevant
+ Fixed crash after starting up with a non-existant directory in the file
selector history
* kparts: Fix extension of transparently downloaded files, this fixes ark
(used to display temp file instead of archive content)
* klauncher: Fixed support for "Path=" entry in .desktop files. This entry
can be used to specify a working directory.
* kio: Don't let ChModJob's -X emulation interfere with mandatory file locking.
* kdeui: Fix for alternate background coloring in Konqueror list views.
* kdeui: Fix to prevent an event loop in conjunction with Qt 3.1.2.
* kio/bookmarks: Properly handle multiple shown bookmarks with the same URL;
fixes crash on exit in Konqueror when bookmarkbar is on and some bookmarks
points to the same place
* kstyles: Handle focus indicators on label-less checkboxes better
* kdeprint: Don't freeze when there is no route to the selected CUPS server
* SSL: add support for OpenSSL 0.9.7
* SSL: ADH ciphers are now explicitly disabled in all cases
* SSL: new CA root certificate added
* Several Xinerama related fixes
* QXEmbed fixes for various situations that don't handle XEMBED well
* Java on IRIX with SGI 1.2 VM is fixed
* khtml: Several major bugfixes, partially incorporated fixes from Safari as well.
kdeaddons
kdeadmin
* Linux Kernel Configurator: Add details about the lightbulb icon's meaning
* Linux Kernel Configurator: Support for more incorrect kernel configuration
files
kdeartwork
kdebase
* kcmshell: Restored backwards compatibility wrt KDE 3.0 module names
* klipper: Escape "&" everywhere.
* konsole:
+ Removed "get prompt back"-hacks, don't assume emacs key shell bindings.
+ Fixed usage of background images with spaces in the filename.
+ Profile support fixes (disabled menubar etc.)
+ Bookmarks invoked from "Terminal Sessions" kicker menu now set correct
title.
+ Fixed a problem with the "Linux" font that prevented it from being used
with fontconfig.
* kdesktop: Made desktop menus pop up in unused Kicker space work.
* kicker: Fixed empty taskbar sometimes showing scroll buttons.
* konqueror:
+ Various startup performance improvements
+ Fix crash when sidebar tree expands hidden directory
+ Fix crash when config button hidden from config button's menu
+ Extensive fixes to Netscape plugins, fixing crashes and plugin support
+ Changes to default preview settings, making the defaults safer on various
platforms
* Java configuration module: Make it possible to properly configure Java in
all cases
* Previews: Fixed a privacy issue where previews of HTML files could access
files or hosts on the network.
kdeedu
* KStars:
+ Fixed bug #51708: No longer exits if starting position is below horizon
(only affected some systems)
+ Fixed bug #52205: Country of Lhasa is China, not Tibet.
+ Fixed too-narrow coordinates field in statusbar.
+ Fixed bug in "length of day" calculator module; it now properly accounts
for latitude and longitude
kdegames
* Atlantik: Many small bugfixes, including:
+ Better handling of incoming messages
+ Fixed token animation
* kbackgammon: Common crash fix.
kdegraphics
* KIconEdit: Fix the ellipse/circle tool not to leave any "holes" in the
drawings
* Kooka: Some UI crashes fixed
* KViewShell: Default paper size is fixed
* KGhostView: Fixed wheel-mouse scrolling
kdemultimedia
* KsCD:
+ Stopped KsCD from pausing after tracks in random mode
+ Correctly associate extra CDDB information with tracks
+ Support non-Latin encodings properly in CDDB entries and elsewhere
+ Proper systemtray behaviour
+ Updated key accel code to avoid depricated calls
* Movie previews have been removed due to severe unresolved stability problems
kdenetwork
* Desktop Sharing server (krfb):
+ fix problems on X11 servers with 8 bit depth
+ fix problems on X11 servers with big-endian framebuffer
+ allow X11 servers without XShm (thin clients). Warning: requires a lot
of bandwidth
+ remove read timeouts. This should solve problems with some clients that
got disconnected after a minute of inactivity (but increases the time to
detect dead clients)
+ fix problem with clients that support both RichCursor and SoftCursor
encodings (like krdc from HEAD)
* Desktop Sharing client (krdc):
+ fix: when an error occurred in fullscreen krdc did not restore the
original resolution
+ fix: krdc stopped to repaint the framebuffer after a disconnect while
the error dialog was displayed
+ the quality setting in medium quality mode has been increased because
the original setting looked too bad with Keramik
kdepim
* KOrganizer bug fixes:
+ Use correct default duration for events crossing a day boundary (#53477).
+ Correctly save category colors (#54913).
+ Don't show todos more than once in what's next view.
+ Include todos in print output of month view (#53291).
+ Don't restrict maximum size of search dialog (#54912).
+ Make cancel button of template selection dialog work (#54852).
+ Don't break sorting when changing todos by context menu (#53680).
+ Update views on changes of todos directly in the todo list (#43162).
+ Save state of statusbar (#55380).
* knotes: Escape "&" in note titles
kdesdk
* Cervisia:
+ Fixed line break in protocol view
+ Fixed timestamp for files that are not in cvs (#55053)
+ Fixed handling of Cervisia's options like 'Update Recursively' when run
as embedded part in konqueror (#55665)
kdetoys
* kworldclock: Fixed that all clocks show the same time.
* kweather: Made it work again with non-english locales. (#52147)
* kweather: Prevent KWeather from looping and freezing Kicker when not
connected to the internet.(#49191)
kdeutils
* klaptopdaemon: Fix serious stalling problems on GNU/Linux with ACPI
* kcalc: Now a KMainWindow instead of a KDialog to fix various UI
inconsistencies
* kdf: Support escapes in fstab
quanta
* Bugfixes:
+ Allow resizing of the main window even with large user toolbars [#53230]
+ Insert valid DTD definitions [#53274]
+ Honor the View Default settings from Settings->Configure Editor [#53569]
+ Be less braindead regarding the Show DTD Toolbar setting [#53739]
+ Be able to select also directories in tag dialogs [#54819]
+ Do not complain about text files being binary ones on a system with
broken mimetypes [#54924]
+ Bring up the "File Changed" dialog only, when the file content has
changed[#55678]
+ Select Tag Area behaviour fixed for optional tags
+ Insert non-translated string in CSS code parts
+ Insert "border-top", "border-right", etc. correctly in CSS
+ Don't quote the script line more than once in the action configuration
dialog
+ Memory leak fixed: editor parts were not deleted when a file was closed
+ Fix insertion of "img" tags in HTML documents
+ Upload/rescan project/add to new project tree view behaviour fixed
+ Fix renaming of file in the Project Tree, when a file with the new name
was already present in the project
+ Rename only what has to be renamed in the project and enable project
saving after a rename
+ Use the correct encoding for newly created files
+ Saving of Author and E-Mail project options was broken in some cases
+ Fix the numbering of new documents
+ Fix the execution of actions
+ Fix crash when deleting an action
+ Insert valid single tags from the toolbar
* Enhancements:
+ Show the tag attributes (Alt-Down) menu lower than the current line
+ "Insert in cursor position" for script actions replaces the selection if
there was some text selected
+ New DCOP interface (WindowManagerIf) added to enable the modification of
the opened documents from a script
+ DTD for Quanta tags (DTD definition) added
+ XHTML 1.0 Strict DTD added
Changelog
* Secunia Security fix (redirect exploit fix)
* Fixes in Xft library loader
* Fix for match failures in XftConfig when font size was involved
in the conditions. Now it should be possible to e.g. disable anti-aliasing
for certain font sizes.
