2005-09-25 Ville Skyttä <scop@FreeBSD.org>
* Release 3.0.6.
* README: CVS home page has moved to http://www.nongnu.org/cvs/
2005-08-26 Ville Skyttä <scop@FreeBSD.org>
* cvsweb.cgi: Allow the "content-type" CGI param to contain "+".
[Submitted by: <charles.buysschaert@advalvas.be>]
2005-06-19 Ville Skyttä <scop@FreeBSD.org>
* cvsweb.conf: Spelling fixes.
[Submitted by: Zafer Aydogan <zafer@gmx.org>,
Jonathan Noack <noackjr@alumni.rice.edu>]
2005-05-06 Ville Skyttä <scop@FreeBSD.org>
* cvsweb.cgi (printLog): Improve presentation of the "Diff to ..."
lines, thanks to Jerry Nairn for pointing this out.
2005-04-11 Ville Skyttä <scop@FreeBSD.org>
* cvsweb.cgi (human_readable_diff): Try harder to output sane
revision numbers when rcsdiff produced no output.
[Submitted by: Jerry Nairn <jpnairn@gmail.com>,
Jon Noack <noackjr@alumni.rice.edu> (modified)]
Thu Jul 27 04:53:01 CEST 2006 mikulas:
Fixed pagedown and search bugs in braille terminal introduced in
links-2.1pre20
Sun Jul 16 16:35:54 cet 2006 mikulas:
Link to "" redirects to current file rather than current directory
(fixes some forms)
Sun Jul 16 00:08:30 cet 2006 mikulas:
Better ftp directory parsing (process correctly file names starting with
year)
Sat Jul 15 16:37:36 MET 2006 user:
Bigger default textarea
Mon Jul 10 22:53:09 MET DST 2006 mikulas:
Use pkg-config to search for libpng and pcre
Tue Jun 27 23:50:43 cet 2006 mikulas:
Fixed display of multiple consecutive spaces when searching
Tue Jun 27 23:14:35 cet 2006 mikulas:
View as space when searching
Sun Jun 18 16:11:57 MET 2006 user:
Command "kill background connections" aborts also keepalive connections
Sat Jun 17 21:43:01 cet 2006 mikulas:
Removed SDL support until someone fixes it.
Remaining bugs:
palette not installed with 256-color svgalib support
drawing doesn't synchronize with softcursor (seen on svgalib)
stupid keyboard handling (SDL has the ability to query
operating system keymap and translate keys to unicode
but this driver didn't use it)
doesn't support virtual devices with Alt-1 ... Alt-0, like
svgalib and framebuffer
reportedly crashes with sdl-1.2.10
If you want SDL support continued, take file sdl.c from previous
version of links, fix the above issues and resubmit it.
Sat Jun 17 21:08:04 cet 2006 mikulas:
Fixed exponential memory consumption with table cell colspan/rowspan
Sat Jun 17 20:30:49 cet 2006 mikulas:
Do not try to interpret <script src=...> if server returns HTTP error
Sat Jun 10 23:52:00 cet 2006 mikulas:
Decode %AB sequences in position tags
Fri Jun 9 18:32:55 cet 2006 mikulas:
Accept broken meta refresh tags (fixes www.seznam.cz)
Fri Jun 9 02:14:42 MET 2006 user:
Shift-Q exits without question
Sat Jun 3 21:47:19 cet 2006 mikulas:
Fixed a bug that <body onload=...> was not processed when there were no
other scripts on that page
Sat Jun 3 19:31:35 CEST 2006 mikulas:
Fixed crash in javascript regular expressions
Wed May 31 18:25:32 CEST 2006 mikulas
Fixed mouse in Cygwin
Allowed to run in xterm or rxvt in Cygwin
Changes since 1.3.21:
Galeon 2.0 is now formally out. So we don't need to tell you how 1.3.x
is actually stable anymore. :-)
2.0.1 "Look what we found."
- Works with Mozilla 1.7.5+, Seamonkey 1.0+, Firefox 1.0.x and 1.5+, and
xulrunner 1.8+.
- Find toolbar ported from Epiphany. TypeAheadFind now works properly
with firefox.
- Bug fixes: 325501, 322668, 326813.
2.0.0 "One for the road."
- Works with mozilla 1.7.5+, 1.8a3 and up; Firefox 1.0.x and 1.5
- Embedded http error message pages. (If mozilla support them)
- Security Device Manager button in security prefs.
- Delete key works in Personal Data Manager.
- Support for multimedia keyboard keys like Back and Forward.
- Other bug fixes. (http://tinyurl.com/7zqb7)
flup is a collection of modules for the Python Web Server Gateway
Interface, including support for AJP 1.3, FastCGI and SCGI. It also
offers a basic middleware.
config.layout file instead of CONFIGURE_ARGS, to avoid defining things
twice. No actual change, since the paths are still the same.
Added all necessary variables to BUILD_DEFS, as reported by pkglint.
HTTP::Lite is a stand-alone lightweight HTTP/1.1 implementation
for perl. It is not intended as a replacement for the fully-features
LWP module. Instead, it is intended for use in situations where
it is desirable to install the minimal number of modules to achieve
HTTP support, or where LWP is not a good candidate due to CPU
overhead, such as slower processors. HTTP::Lite is also significantly
faster than LWP.
This release address a series of locally exploitable security problems
discovered since PHP 4.4.3. All PHP users are encouraged to upgrade to this
release as soon as possible.
This release provides the following security fixes:
* Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed memory_limit restriction on 64 bit system.
Major changes compared to Horde 3.1.2 are:
* Security Fixes
- Closed an XSS problem in index.php and improved protection against
phishing attempts.
* Bugfixes and improvements
- Added Kolab group ACL support.
- Improved import of date and time fields.
- Fixed synchronization support.
- Updated Catalan, German and Slovenian translations.
The full list of changes (from version 3.1.2) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.252&r2=1.515.2.261&ty=h
to fix https:// URLs broken with update of security/p5-IO-Socket-SSL
to 0.997 - behaviour was a null socket object returned in LWP::Agent
which was a joy to track down. Remember: "hidden perl dependencies
can expose you to perl code which may make your eyes bleed"
RFC 2865 RADIUS Servers.
Features:
* Supports popular RADIUS Servers including OpenRADIUS, FreeRADIUS and
commercial servers.
* Distributed Authentication Cache using apr_memcache.
* Local Authentication Cache using DBM.
* Uses standard HTTP Basic Authentication, unlike mod_auth_radius which uses
cookies for sessions.
All PHP 4.x users are encouraged to upgrade to this release as soon as possible.
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.
The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).
For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3
This also contains a fix for CVE-2006-4020 (SA21403)
Version 7.15.5 (7 August 2006)
Daniel (2 August 2006)
- Mark Lentczner fixed how libcurl was not properly doing chunked encoding
if the header "Transfer-Encoding: chunked" was set by the application.
http://curl.haxx.se/bug/view.cgi?id=1531838
Daniel (1 August 2006)
- Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror()
an unknown error number on glibc systems.
http://curl.haxx.se/bug/view.cgi?id=1532289
Daniel (31 July 2006)
- *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified
prototypes: they both now provide the number of running handles back to the
calling function. It makes the functions resemble the good old
curl_multi_perform() more and provides a nice way to know when the multi
handle goes empty.
ALERT2: don't use the curl_multi_socket*() functionality in anything
production-like until I say it's somewhat settled, as I suspect there might
be some further API changes before I'm done...
Daniel (28 July 2006)
- Yves Lejeune fixed so that replacing Content-Type: when doing multipart
formposts work exactly the way you want it (and the way you'd assume it
works).
Daniel (27 July 2006)
- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both
control and data connection, as the existing --ftp-ssl option only requests
it.
- [Hiper-related work] Added a function called curl_multi_assign() that will
set a private pointer added to the internal libcurl hash table for the
particular socket passed in to this function:
CURLMcode curl_multi_assign(CURLM *multi_handle,
curl_socket_t sockfd,
void *sockp);
'sockp' being a custom pointer set by the application to be associated with
this socket. The socket has to be already existing and in-use by libcurl,
like having already called the callback telling about its existance.
The set hashp pointer will then be passed on to the callback in upcoming
calls when this same socket is used (in the brand new 'socketp' argument).
Daniel (26 July 2006)
- Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl
tool option named --ftp-alternative-to-user. It provides a mean to send a
particular command if the normal USER/PASS approach fails.
- Michael Jerris added magic that builds lib/curllib.vcproj automatically for
newer MSVC.
Daniel (25 July 2006)
- Georg Horn made the transfer timeout error message include more details.
Daniel (20 July 2006)
- David McCreedy fixed a build error when building libcurl with HTTP disabled,
problem added with the curl_formget() patch.
Daniel (17 July 2006)
- Jari Sundell did some excellent research and bug tracking, figured out that
we did wrong and patched it: When nodes were removed from the splay tree,
and we didn't properly remove it from the splay tree when an easy handle was
removed from a multi stack and thus we could wrongly leave a node in the
splay tree pointing to (bad) memory.
Daniel (14 July 2006)
- David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared
for FTP ASCII transfers.
Daniel (8 July 2006)
- Ates Goral pointed out that libcurl's cookie parser did case insensitive
string comparisons on the path which is incorrect and provided a patch that
fixes this. I edited test case 8 to include details that test for this.
- Ingmar Runge provided a source snippet that caused a crash. The reason for
the crash was that libcurl internally was a bit confused about who owned the
DNS cache at all times so if you created an easy handle that uses a shared
DNS cache and added that to a multi handle it would crash. Now we keep more
careful internal track of exactly what kind of DNS cache each easy handle
uses: None, Private (allocated for and used only by this single handle),
Shared (points to a cache held by a shared object), Global (points to the
global cache) or Multi (points to the cache within the multi handle that is
automatically shared between all easy handles that are added with private
caches).
Daniel (4 July 2006)
- Toshiyuki Maezawa fixed a problem where you couldn't override the
Proxy-Connection: header when using a proxy and not doing CONNECT.
Daniel (24 June 2006)
- Michael Wallner added curl_formget(), which allows an application to extract
(serialise) a previously built formpost (as with curl_formadd()).
Daniel (23 June 2006)
- Arve Knudsen found a flaw in curl_multi_fdset() for systems where
curl_socket_t is unsigned (like Windows) that could cause it to wrongly
return a max fd of -1.
Daniel (20 June 2006)
- Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and
CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed
to send or receive data. This kind of adds the the command line tool's
option --limit-rate to the library.
The rate limiting logic in the curl app is now removed and is instead
provided by libcurl itself. Transfer rate limiting will now also work for -d
and -F, which it didn't before.
Daniel (19 June 2006)
- Made -K on a file that couldn't be read cause a warning to be displayed.
Daniel (13 June 2006)
- Dan Fandrich implemented --enable-hidden-symbols configure option to enable
-fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl
binary and speeds up dynamic linking by hiding all the internal symbols from
the symbol table.
web-server to become a RADIUS client for authentication and accounting
requests. You will, however, need to supply your own RADIUS server to
perform the actual authentication.
Bug fixes and support for apache2.
XXX: compilation for apache2 works, but installation fails -- if you
know apxs, please take a look:
apxs:Error: Sorry, cannot determine bootstrap symbol name.
apxs:Error: Please specify one with option `-n'.
