http://www.squid-cache.org/Versions/v2/2.5/bugs/.
Now try to install more authentication modules, but those modules
should be handled by proper frame work (Curretly, SASL modules
aren't handled).
Changes to squid-2.5 ():
- Major rewrite of proxy authentication to support other schemes
than basic. First in the line is NTLM support but others can
easily be added (minimal digest is present). See Programmers Guide.
(Robert Collins & Francesco Chemolli)
- Reworked how request bodies are passed down to the protocols.
Now all client side processing is inside client_side.c, and
the pass and pump modules is no longer used.
- Optimized searching in proxy_auth and ident ACL types. Squid should
now handle large access lists a lot more efficiently.
(Francesco Chemolli)
- Fixed forwarding/peer loop detection code (Brian Degenhardt) -
now a peer is ignored if it turns out to be us, rather than
committing suicide
- Changed the internal URL code to obey appendDomain for internal
objects if it needs appending. This fixes weirdnesses where
a machine can think it is "foo.bar.com", and "foo" is requested.
(Brian Degenhardt)
- Added the use of Automake to create the Makefile.in's in the squid
source tree. This will allow libtool in the future, and immediately
allows better dependency tracking - with or without gcc - as well
as the dist-all and distcheck targets for developers which respectively
build a tar.gz and a tar.bz2 distribution, and check that what will be
distributed builds.
- Added TOS and source address selection based on ACLs,
written by Roger Venning. This allows administrators to set
the TOS precedence bits and/or the source IP from a set of
available IPs based upon some ACLs, generally to map different
users to different outgoing links and traffic profiles.
- Added 'max-conn' option to 'cache_peer'
- Added SSL gatewaying support, allowing Squid to act as a SSL server
in accelerator setups.
- SASL authentication helper by Ian Castle
- msntauth updated to v2.0.3
- no_cache now applies to cache hits as well as cache misses
- the Gopher client in Squid has been significantly improved
- Squid now sanity checks FTP data connections to ensure the
connection is from the requested server. Can be disabled if
needed by turning off the ftp_sanitycheck option.
- external acl support. A mechanism where flexible ACL checks
can be driven by external helpers. See the external_acl_type
and acl external directives.
- Countless other small things and fixes
- HTML pages generated by Squid or CacheMgr as well as the
ERR documents now contain a doctype declaration so that
browsers know which HTML specification the document uses.
In addition to that they have a new look (background-color, font)
and are valid according to the HTML standards at www.w3.org.
(Clemens Löser)
- Login and password send to Basic auth helpers is now URL escaped
to allow for spaces and other "odd" characters in logins and
passwords
- Proxy Authentication is no longer blindly forwarded to peer
caches if not used locally. If forwarding of proxy authentication
is desired then it must now be configured with the login=PASS
cache_peer option.
- Responses with Vary: in the header are now cached by squid.
(Henrik Nordstrom).
- Removed unused 'siteselect_timeout' directive.
This allows the the user to choose 'custom' as an installation method
as well as 'complete' or 'recommended'. This obsoletes the NS_INST
variable and reduces likeliness of errors due to not properly set PKG_LANG.
Some more re-organizing wrt Linux-emul root etc: the installer behaves
differently according to who runs 'make'. (Try to) clean up parts of
the emul root if it was used, too.
These changes should help address some of the issues pointed out in
PR pkg/18606 and PR pkg/18615.
Changes:
- Compatible with 1.0.x, 1.1.x and 1.2a
- Compatible with gcc 3.2 with --disable-werror
- Complete Basic Sidebar support
- Basic means basic. No XUL sidebars supported.
- Proxy prefs should actually be respected for a change
- Support for forcing all cookies to be session cookies
- Fixed almost all downloader progress dialog related crashes.
- Helper app handling improved, and a number of bugs fixed
discovered in version 1.3.26 including these security fixes:
- SECURITY: CAN-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page. The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
a domain that allows wildcard DNS. [Matthew Murphy]
- SECURITY CAN-2002-0843 (cve.mitre.org)
Fix some possible overflows in ab.c that could be exploited by
a malicious server. Reported by David Wagner. [Jim Jagielski]
- SECURITY CAN-2002-0839 (cve.mitre.org)
Add the new directive 'ShmemUIDisUser'. By default, Apache
will no longer set the uid/gid of SysV shared memory scoreboard
to User/Group, and it will therefore stay the uid/gid of
the parent Apache process. This is actually the way it should
be, however, some implementations may still require this, which
can be enabled by 'ShmemUIDisUser On'. Reported by iDefense.
[Jim Jagielski]
- Upgraded to Apache 1.3.27.
- Fixed internal error handling for CRL verification.
- Initialize OpenSSL ENGINE before initializing OpenSSL
to workaround problems with the PRNG.
- Also find "openssl" executable in "sbin" directories.
- Honor specified number of maximum bytes on SSLRandomSeed
if reading from EGD.
- Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables.
discovered in version 1.3.26 including these security fixes:
- SECURITY: CAN-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page. The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
a domain that allows wildcard DNS. [Matthew Murphy]
- SECURITY CAN-2002-0843 (cve.mitre.org)
Fix some possible overflows in ab.c that could be exploited by
a malicious server. Reported by David Wagner. [Jim Jagielski]
- SECURITY CAN-2002-0839 (cve.mitre.org)
Add the new directive 'ShmemUIDisUser'. By default, Apache
will no longer set the uid/gid of SysV shared memory scoreboard
to User/Group, and it will therefore stay the uid/gid of
the parent Apache process. This is actually the way it should
be, however, some implementations may still require this, which
can be enabled by 'ShmemUIDisUser On'. Reported by iDefense.
[Jim Jagielski]
This is a stable branch of mozilla.
A select group of APIs have been marked "@FROZEN. Mozilla.org intends
to maintain API compatibility for this set until next major release.
This branch is targeted at the developer community and enables
the creation of Internet-based applications.
Changes with Apache 2.0.43
*) SECURITY: [CAN-2002-0840] HTML-escape the address produced by
ap_server_signature() against this cross-site scripting
vulnerability exposed by the directive 'UseCanonicalName Off'.
Also HTML-escape the SERVER_NAME environment variable for CGI
and SSI requests. It's safe to escape as only the '<', '>',
and '&' characters are affected, which won't appear in a valid
hostname. Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
[Brian Pane]
*) Fix a core dump in mod_cache when it attemtped to store uncopyable
buckets. This happened, for instance, when a file to be cached
contained SSI tags to execute a CGI script (passed as a pipe
bucket). [Paul J. Reder]
*) Ensure that output already available is flushed to the network
when the content-length filter realizes that no new output will
be available for a while. This helps some streaming CGIs as
well as some other dynamically-generated content. [Jeff Trawick]
*) Fix a mutex problem in mod_ssl session cache support which
could lead to an infinite loop. PR 12705
[amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]
*) SECURITY: Allow POST requests and CGI scripts to work when DAV
is enabled on the location. [Ryan Bloom]
*) Allow the UserDir directive to accept a list of directories.
This matches what Apache 1.3 does. Also add documentation for
this feature. [Jay Ball <jay@veggiespam.com>]
*) New Module: mod_logio. adds the ability to log bytes sent and
received. [Bojan Smojver <bojan@rexursive.com>]
*) SuExec needs to use the same default directory as the rest of
server, namely /usr/local/apache2.
[SangBeom han <sbhan@os.korea.ac.kr>]
*) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
[Thomas Bennett <thomas.bennett@eds.com>, Graham Leggett]
*) Make sure the contents of the WWW-Authenticate header is
passed on a 4xx error by proxy. Previously all headers
were dropped, resulting in the browser being unable to
authenticate. [Dr Richard Reiner <rreiner@fscinternet.com>,
Richard Danielli <rdanielli@fscinternet.com>, Graham Wiseman
<gwiseman@fscinternet.com>, David Henderson
<dhenderson@fscinternet.com>]
*) Make mod_cache's CacheMaxStreamingBuffer directive work
properly for virtual hosts that override server-wide mod_cache
setttings. [Matthieu Estrade <estrade-m@ifrance.com>]
*) Add -p option to apxs to allow programs to be compiled with apxs.
[Justin Erenkrantz]
---
Changes with Apache 2.0.42
*) mod_dav: Check for versioning hooks before using them.
[Greg Stein]
Changes with Apache 2.0.41
*) The protocol version (eg: HTTP/1.1) in the request line parsing
is now case insensitive. [Jim Jagielski]
*) Allow AddOutputFilterByType to add multiple filters per directive.
[Justin Erenkrantz]
*) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz]
*) Fixed mod_disk_cache's generation of 304s
[Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
*) Add support for using fnmatch patterns in the final path
segment of an Include statement (eg.. include /foo/bar/*.conf).
and remove the noise on stderr during config dir processing.
[Joe Orton <jorton@redhat.com>]
*) mod_cache: cache_storage.c. Add the hostname and any request
args to the key generated for caching. This provides a unique
key for each virtual host and for each request with unique
args. [Paul J. Reder, args code provided by Kris Verbeeck]
*) mod_cache: Do not cache responses to GET requests with query
URLs if the origin server does not explicitly provide an
Expires header on the response (RFC 2616 Section 13.9)
[Kris Verbeeck krisv@be.ubizen.com]
*) Fix memory leak in core_output_filter. [Justin Erenkrantz]
*) Update OpenSSL detection to work on Darwin.
[Sander Temme <sctemme@covalent.net>]
*) Update the xslt and css to give the documentation a more
modern style.
[André Malo <nd@perlig.de>, Gernot Winkler <greh@o3media.de>]
*) Fix some bucket memory leaks in the chunking code
[Joe Schaefer <joe+apache@sunstarsys.com>]
*) Add ModMimeUsePathInfo directive. [Justin Erenkrantz]
*) mod_cache: added support for caching streamed responses (proxy,
CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
*) Add image/x-icon to httpd.conf PR 10993.
[Ian Holsman, Peter Bieringer <pb@bieringer.de>]
*) Fix FileETags none operation. PR 12207.
[Justin Erenkrantz, Andrew Ho <andrew@tellme.com>]
*) Restored the experimental leader/followers MPM to working
condition and converted its thread synchronization from
mutexes to atomic CAS. [Brian Pane]
*) Fix Logic on non-html file removal in mod_deflate
[Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
*) Fix "ab -g"'s truncated year: the last digit was cut off.
[Leon Brocard <acme@astray.com>]
*) mod_rewrite can now sets cookies in err_headers, uses the correct
expiry date, and can now set the path as well
PR 12132,12181,12172.
[Ian Holsman / Rob Cromwell <apachechangelog@robcromwell.com>]
*) The content-length filter no longer tries to buffer up
the entire output of a long-running request before sending
anything to the client. [Brian Pane]
*) Win32: Lower the default stack size from 1MB to 256K. This will
allow around 8000 threads to be started per child process.
'EDITBIN /STACK:size apache.exe' can be used to change this
value directly in the apache.exe executable.
[Bill Stoddard]
*) Win32: Implement ThreadLimit directive in the Windows MPM.
[Bill Stoddard]
*) Remove CacheOn config directive since it is set but never checked.
No sense wasting cycles on unused code. Besides, the only truly
bug free code is deleted code. :) [Paul J. Reder]
*) BufferLogs are now run-time enabled, and the log_config now has 2 new
callbacks to allow a 3rd party module to actually do the writing of the
log file [Ian Holsman]
*) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
[André Malo, Astrid Keßler <kess@kess-net.de>]
*) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck@ubizen.com>]
*) Fix a null pointer dereference in the merge_env_dir_configs
function of the mod_env module. PR 11791
[Paul J. Reder]
*) New option to ServerTokens 'maj[or]'. Only show the major version
Also Surfaced this directive in the standard config (default FULL)
[Ian Holsman]
*) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
maps. The dbm type (e.g., ndbm, gdbm) can be specified on the
RewriteMap directive. PR 10644 [Jeff Trawick]
*) Fixed mod_rewrite's RewriteMap prg: support so that request/response
pairs will no longer get out of sync with each other. PR 9534
[Cliff Woolley]
*) Fixes required to get quoted and escaped command args working in
mod_ext_filter. PR 11793 [Paul J. Reder]
*) mod-proxy: handle proxied responses with no status lines
[JD Silvester <jsilves@uwo.ca>, Brett Huttley <brett@huttley.net>]
*) Fix bug where environment or command line arguments containing
non-ASCII-7 characters would cause the Win32 child process creation
to fail. PR 11854 [William Rowe]
*) Bug #11213.. make module loading error messages more informative
[Ian Darwin <Ian779@darwinsys.com>]
*) thread safety & proxy-ftp [Alexey Panchenko alexey@liwest.ru, Ian Holsman]
*) mod_disk_cache works much better. This module should still
be considered experimental. [Eric Prud'hommeaux]
*) Performance improvement for keepalive requests: when setting
aside a small file for potential concatenation with the next
response on the connection, set aside the file descriptor rather
than copying the file into the heap. [Brian Pane]
as discussed on pkgsrc-changes. Sorry everybody for the mess, this
(hopefully) was the last episode of netscape7's big PLIST/distinfo-shuffle
(aka 'why-cvs-really-should-have-a-mv-command').
a variable (PKG_LANG), adding and modifying PLISTs and distinfo's as necessary.
- Do not use the installer as the distfile, but the "real" distfile.
This increases the initial download time, but allows for building without
a network connection. As suggested by grant in PR pkg/18461
- Only try to pax over files from the linux-emul root if they were
created in there. This should address PR pkg/18461 by grant.
Bump PKGREVISION.
Changes:
NEW FEATURES
- Now support many Windows code pages in addition to ISO charsets.
- HTMLDOC now supports heading levels 1 to 15.
- HTMLDOC now allows the author to omit headings from
the TOC using the _HD_OMIT_TOC attribute.
- HTMLDOC now supports remote book files when running
from the command-line.
- HTMLDOC now supports hexadecimal character constants (ÿ)
- New --nup and NUMBER-UP options for PostScript and PDF output.
- HTMLDOC now logs HTML errors.
- HTMLDOC now supports the A3, B, Legal, and Tabloid size names.
- HTMLDOC now supports embedding of the base Type1 fonts
in PostScript and PDF output.
CHANGES
- HTMLDOC now calculates the resolution of the body
image using the printable width instead of the page width.
- HTMLDOC should now compile out-of-the-box using the Cygwin tools.
- HTMLDOC no longer inserts whitespace between text inside DIV elements.
- HTMLDOC now supports quoted usernames and passwords in URLs.
- HTMLDOC now defaults unknown colors to white for background colors and
black for foreground colors. This should make documents that use
non-standard color names still appear readable.
- The HTML parser now allows BODY to auto-close HEAD and visa-versa.
BUG FIXES
- HTMLDOC could crash when checking if a URL is already cached.
- HTMLDOC didn't adjust the top margin when changing the
page header if the comment didn't appear at the top of a page.
- HTMLDOC didn't initialize the right number of TOC headings.
- When using a logo image in the header, the header was
placed too low on the page.
- "make install" didn't work in the fonts directory.
- "€" didn't work, while "€" did: the
character name table was not sorted properly...
- Links didn't always point to the right page in PDF output.
- XRX comment output could crash HTMLDOC.
- Fixed-width columns in tables could be resized by HTMLDOC.
- When writing PostScript commands, some printers reset
their duplexing state when a new setpagedevice command
is received; we now cache the current duplex state and
change it only as needed.
- The MEDIA SIZE comment didn't adjust the printable
size for the current landscape setting.
- HTMLDOC placed the header one line too high.
- When continuing a chapter onto the next page, H3 and
higher headings would be indented the wrong amount.
- HTMLDOC wouldn't compile using GCC under HP-UX due to
a badly "fixed" system header file (vmtypes.h).
- Generating a book without a table-of-contents would
produce a bad PDF file.
- The Xerox XRX comments used the wrong units for the
media size, points instead of millimeters.
- IMG elements with links that use the ALIGN attribute
didn't get the links.
- Header and footer comments would interfere with the
top and bottom margin settings.
- Fixed a bug in the htmlReadFile() function which
caused user-provided title pages not to be displayed
in PS or PDF output.
- The table-of-contents would inherit the last media
settings in the document, but use the initial settings
when formatting.
* New config variable: annotate_options
* Make annotate work under mod_perl
* Output address only if it's set
* Fix annotate HTML output
* Escape file names in directory listings
* Mention cvs < 1.11 '-l' bug
Changes :
- Added URI::QueryParam module. It contains some
extra methods to manipulate the query form key/value pairs.
- Added support for the sip: and sips: URI scheme.
Contributed by Ryan Kereliuk <ryker@ryker.org>.
- use_buildlink2
- use perl5 module
BINS 1.1.17
---------
- new parameter feedbackMail to add a link "Send Feedback" in the
pages (only used in the joi templates for now).
- new parameter treePreview to add a the thumbnail album in the tree
page (only used in the joi templates for now).
- new parameters backgroundImage & excludeBackgroundImage to use an
image as a wallpaper (only used in the joi templates for now).
- joi templates have been updated, using above features.
(templates and patch by Joachim Kohlhammer).
- Russian translation has been updated.
(thanks to Andrei Emeltchenko).
BINS 1.1.16
-----------
- static elements (icons, css, javascript, etc.) can now be used by
the templates, by using a static subdir in the templates directory
(see the joi templates).
- joi templates has been added. It uses icons, css and javascript. See
http://album.sautret.org/300_lieux/500_Paris/index.html for an example
applied on some of the sub-albums of my main album. You can use it
with the templateStyle parameter in the binsrc or album.xml, or with
the -s command line parameter (see bins(1) man page).
(templates and patch by Joachim Kohlhammer).
- new parameter homeURL has been added to link your home page to the
Leave button of the joi template.
- javaScriptPreloadImage parameter has been renamed to
javaScriptPreloadThumbs. New javaScriptPreloadImage parameter can be
used to add some javascript code in image pages to preload the next
image of the same size when current one is loaded, to speed up the
album browsing.
(patch from David Panofsky).
- added Russian translation.
(thanks to Andrei Emeltchenko).
- Mandrake 9.0 and NetBSD packages are now available. Check the
download page.
(mdk rpm by C<E9>dric Thevenet, NetBSD package by dmcmahill @ netbsd.org)
- install.sh script can now install BINS in specified directories. For
example, to install it in /opt/bins, use the following command :
PREFIX=/opt/bins install.sh
extension Makefile fragments, because they really don't have anything to
do with the buildlink[12] frameworks. Change all the Makefiles that use
application.buildlink.mk and extension.buildlink.mk to use application.mk
and extension.mk instead.
* Copy the real libtool, not the libtool buildlink2 wrapper, to
${PREFIX}/share/httpd/build. This fixes pkg/18349 by YAMAMOTO Takashi
<yamt@mwd.biglobe.ne.jp>.
Newclient suite version 7.0, now including AIM and ICQ clients etc. It is run
under Linux emulation on NetBSD.
At the moment, this package is only for NetBSD-*-i386 and Linux-*-i[3-6]86.
Emacs-w3m, a simple interface program of w3m, which works on Emacs.
w3m itself is a good program for WWW. Emacs-w3m provides an interface of w3m
on Emacs so that users can use Emacs's editing environment for WWW access.
This benefits multibyte language users.
Changes:
This version includes two bugfixes in the Javascript support, the X icon
name is now set, an associations bug was fixed, along with an occasional
paste bug, a Euro entity was added, and parsing \xab numbers in Javascript
is now supported, along with other features.
Bug Fixes:
Correct some invalid HTML in the message files. Fix some memory leaks, free
some unfreed memory, check some pointers, close some files. Don't send the
extra arguments to POST requests that WWWOFFLE uses internally. Removed
segmentation fault potential when password not used in config file. Another
fix for the cookie problem. Warn if running as root. Try both IPv6 and IPv4
socket binding (IPv6 may not accept IPv4). Potential bug fix for page
corruption. Potential fix for IPv6 configuration on Solaris.
New Features:
Add an option to have case-insensitive matching for URL-SPEC path and args.
Added the option to only fetch images on the same host (automatic fetching).
Allow URL-SPECs to contain an '=' sign embedded in them (long time bug fix).
The monitor options page now accepts ranges of hours or days (e.g. '1-5n').
[Note: The change to IPv6 binding to not require IPv4-mapped addresses was
already present in the package as "patch-ac".]
[Note: TODO: Have the package create a user, and let the "rc.d" script run
wwwoffle as that user.]
Also, reorder ${MASTER_SITES} to comply with the request on the download
page, and work around an install target corner case for the benefit of bulk
build machines (only applies for hosts on which wwwoffle has never run).
generalise the linker flags used to export symbols by setting them on
a per-OS basis.
> many packages force -Wl,-export-dynamic which is not portable outside GNU ld
> and cause problems e.g. on Solaris. some of these packages use if
> conditionals either only for NetBSD or except SunOS, but the state is not
> coherent and it may complicate later when support for new OS is added to
> pkgsrc (e.g. ongoing work on HP-UX support).
>
> jlam proposed the following framework in discussion on tech-pkg:
>
> http://mail-index.netbsd.org/tech-pkg/2002/06/21/0009.html
>
> now, ${EXPORT_SYMBOLS_LDFLAGS} is used instead of directly defining
> -Wl,-export-dynamic which is set in appropriate defs.*.mk to reasonable
> values. packages should be converted to this framework by:
>
> 1) replacing LDFLAGS+= -Wl,-export-dynamic and LIBS+= -export-dynamic with:
>
> LDFLAGS+= ${EXPORT_SYMBOLS_LDFLAGS}
>
> 2) for use in patchfiles, add this variable to MAKE_ENV if needed:
>
> MAKE_ENV+= EXPORT_SYMBOLS_LDFLAGS=${EXPORT_SYMBOLS_LDFLAGS}
>
> 3) replace occurances of -Wl,-export-dynamic and -export-dynamic in patch
> files with:
>
> $(EXPORT_SYMBOLS_LDFLAGS)
- Applied OpenSSL ASN.1 patch
- New Certum CA root certificate and updated old roots
- Fixed problem with untrusted HTML content being inserted into
Directory listings (buffer overrun)
BINS 1.1.15
-----------
- New parameter linkInsteadOfCopy has been added, to create a link to
the image in the destination directory instead of copying it, when
it's possible.
Patch from Vincent Bernat.
- Correct a bug that crashed bins with Perl 5.8.0
Patch from Marty Leisner
- Include links for movie files (avi, mpeg and mov) in the navigation
bar of albums ("In this album" upper left box).
Patch from Vincent Cautaer.
- Scale method (to created scaled pictures and thumbnails) can now be
chose with the new scaleMethod parameter. It can be either scale or
sample. sample is faster, scale is better.
Idea from Mark W. Eichin.
- Don't perform rotation on files matching the regexp defined by the
new noRotation parameter (default to _Orig suffix). This can be used
in conjunction with scaleIfSameSize=0 and a scaled size of 100%x100%
to keep original pictures in your album.
Patch from Vincent Cautaer.
- Correct a bad behavior with some little pictures when scaled sizes
uses mixed pixels and percentages.
Patch from Vincent Cautaer.
- jpegtran can now be used with image names containing spaces.
Patch from Vincent Bernat.
- Define $verbose earlier to avoid warning.
Patch from Vincent Bernat.
- Chop local encoding to avoid carrier return.
Patch from Vincent Bernat.
- A sample album.xml file is provided in the doc directory. Take a
look at it to see how you can customize a album.
- New Feature: HTML::Template will combine HTML_TEMPLATE_ROOT
environment variable and path option if both are
available. (Jesse Erlbaum)
- New Feature: __counter__ variable now available when
loop_context_vars is set (Simran Gambhir)
- New Feature: The default attribute allows you to specify
defaults for <tmpl_var> tags.
- Bug Fix: fixed parser to reject <tmpl_var>s with no names.
(crazyinsomniac)
- Doc Fix: fixed documentation to correctly describe the
interaction of case_sensitive and loop_context_vars.
(Peter Claus Lamprecht)
- Doc Fix: updated mailing-list information to reflect move from
vm.com to sourceforge.net
* SECURITY: [CAN-2002-0661] Close a very significant security hole that
applies only to the Win32, OS2 and Netware platforms. Unix was not
affected, Cygwin may be affected. Certain URIs will bypass security
and allow users to invoke or access any file depending on the system
configuration. Without upgrading, a single .conf change will close
the vulnerability. Add the following directive in the global server
httpd.conf context before any other Alias or Redirect directives;
RedirectMatch 400 "\\\.\."
Reported by Auriemma Luigi <bugtest@sitoverde.com>.
[Brad Nicholes]
* SECURITY: Close a path-revealing exposure in multiview type
map negotiation (such as the default error documents) where the
module would report the full path of the typemapped .var file when
multiple documents or no documents could be served based on the mime
negotiation. Reported by Auriemma Luigi <bugtest@sitoverde.com>.
[CAN-2002-0654] [William Rowe]
* SECURITY: Close a path-revealing exposure in cgi/cgid when we
fail to invoke a script. The modules would report "couldn't create
child process /path-to-script/script.pl" revealing the full path
of the script. Reported by Jim Race <jrace@qualys.com>.
[CAN-2002-0654] [Bill Stoddard]
* More bug fixes (see the CHANGES file)
* Improved application and layout performance
* Improved stability
* Improved Web site compatibility
* Improved CSS, DOM and HTML standards support
* Distinct window icons for the different Mozilla applications (artwork contributed by Grayrest).
* Mozilla can now trigger MS DUN when started without a connection.
* Fullscreen mode for Mozilla on Linux (press F11).
* Browser tabs now close left to right (they used to close right to left).
* The tab bar now has a button for creating new tabs.
* All Search entry points now use your default search engine.
* Download Manager has been enabled as the default download view (with many improvements)
* Autocomplete in the location bar has more intelligent completion.
* The Linux File Picker has improved filtering and a new directory button.
* File extensions more accurately handled in downloads and we save the correct files when saving complete Web pages
* Drag and drop support has been greatly improved.
* View selection source: Context clicking on a selection now lets you view the HTML source for the selected area.
* Page info displays more page info with improved General and Media tab content.
* New button in prefs for making Mozilla the system default browser on MS Windows
* MathML is now enabled for Mozilla on Macintosh (it was already available on Windows and Linux).
* Mozilla now takes advantage of Quartz rendering for users of Mac OS X 10.1.5
* Better Bi-Di Arabic and Hebrew support including improved layout of Arabic pages on Linux and other platforms without their own Arabic shaping support.
* We have new layout performance enhancements targeted at DHTML.
* Mozilla now has support for the display of XBM images.
* Image and plug-in blocking for Mail & News
* Mozilla allows you to view HTML mail messages as plain text.
* You can now quote the current message in a Mail compose window with Quote Original under the options menu.
* The JavaScript Debugger has gone through a major development cycle. It now sports a palette of nine views which can be rearranged within the main window or docked in separate floating windows. It is also possible to create user-defined views and commands directly with JavaScript. More details are available in the FAQ, newsgroup, or IRC channel.
* Chatzilla has improved tab completion and can now join channels with Japanese names.
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
jaco at scrogneugneu.org.
Changes since 1.1.10 are:
- Some image files and directories can now be excluded by setting some
regexp to excludeFiles and excludeDirs new parameters. excludeDirs is
set to ^CVS$ in default config, and thus, CVS subdirs aren't processed
by bins now.
- HTML generation performances have been increased by using the
blind_cache parameter of HTML::Template.
Thanks to Mark Eichin for this one.
- Corrected a bug that wrongly set width and height of thumbnails and
prevented Internet Explorer (at least version 5) to display them.
- Changed the image template so that Internet Explorer can display the
title tooltip on the prev/next thumbnails (when thumbPrevNext is 1).
- bins now process .thm (THuMbnail) files. Accroding to Mark Eichin,
Canon cameras that do movies generate mvi*.thm files which are really
small JPEGs with exif data.
- It is now possible to use the <sizes> parameter in picture
description files to have different scaled images number and scaled
sizes for pictures in the same album (for example, one can have three
scaled pictures, small, medium and big, for most of the images of an
album, and a fourth one, huge, for big panoramas). Some other
parameters, such as titleOnThumbnail, defaultSize or
thumbnailBackground, can now also be used on a per image basis.
- A bug introduced in 1.1.10 version that caused scaleIfSameSize
parameter to be always 1 has been corrected.
Thanks to Mark Eichin for pointing out the problem
and to Dan (mcmahill @ mtl.mit.edu) and Kamil Iskra for the correction path.
- jpegtran can now be used even if it cannot handle the same file in
input and output (this is the case for the jpegtran shipped with most
GNU/Linux distribution, except Debian).
Patch from Kamil Iskra.
- Corrected encoding problem on creation date.
- Sorting order for directories and/or pictures can now be reversed,
using the -r command line option or the reverseOrder parameter.
Patch from Christian Hoenig for the -r option.
- A bug on automatic rotation of destination image when -o was used
has been corrected (width and height were inversed).
- French translation has been corrected.
- Some javascript code is now added in thumbnails pages to preload
thumbnails of the next page when current one is loaded, to speed up
the album browsing. This can be deactivated with the new
javaScriptPreloadImages parameter.
- Generated HTML code is now cleaned up to reduce the size of pages
and thus, speed up browsing. This reduces the size of HTML BINS files
by about 30%. This uses the HTML::Clean(3) library (new
dependency). This can be deactivated with the new compactHTML
parameter.
- Use of the jpegtran program is now deactivated in default config
(some versions fail to perform rotation correctly). A new parameter
rotateWithJpegtran has been added. Set it to 1 in binsrc to continue
to use jpegtran.
- Added some non breakable spaces in HTML code.
- Strip . (dots) in small size names when creating file names (this
caused problem with italian i18n). You may have to delete all your
generated HTML files before running bins on a old italian album to
clean it up.
- Some minor bugs have been corrected.
- French translation has been corrected.
o allow -X mode to work for "/"
o work on systems without MADV_SEQUENTIAL
o make a local cut-down copy of "queue.h" (fixes linux & solaris
support at the very least)
o portability fixes for pre-ipv6 socket api systems (eg, solaris 7)
o portability fixes for missing _PATH_DEFPATH, LOG_FTP and __progname
o better documentation on virtual host support
Restore perl-5.004 and perl-5.005 compatibility.
Direct support for some new schemes urn:, urn:isbn:,
urn:oid:, rtsp:, and rtspu:. The rtsp support was
contributed by Matt Selsky <selsky@columbia.edu>.
The host for URI::file was not unescaped.
* Added basic --verify mode, to check whether the remote copy of a
site using safe mode has been modified outside sitecopy's control.
* Added Norwegian Nynorsk translation, nn.po (Karl Ove Hufthammer
<huftis@bigfoot.com>)
* Added 'http tolerant' option, to skip OPTIONS check in WebDAV mode.
And many fixes & updates.
that has some support for tables and frames, builds against openmotif, and
is also IPv6 capable! The name stands for "mbone" Mosaic, but that part
probably doesn't even work (yet).
[For real this time -- previous try misspelled the name of the directory.]
* escape blanks and other non-7bit graphic characters in startfile and similar
addresses to guard against interpreting the address as multiple lines
during a GET, etc (report by Ulf Harnhammar <ulfh@Update.UU.SE>) -TD
Bug Fixes:
Discard POST/PUT requests that have negative content-lengths. Make the
CanonicaliseHost() function robust to bad IP addresses. Fix some memory leaks,
free some unfreed memory. Don't give socket error using '-f' option. Fix
compilation on Cygwin. Fix IPv6 compilation on Solaris 9. Bug fix for v2.7c
Cookie change. Don't replace '//' in a URL path with '/'.
- Recognises Netscape 7 browser. Also better diagnosis of Windows
operating systems for Netscape and Mozilla browsers.
- New version of IIS How-To.
- Later UNCOMPRESS commands now correctly override earlier ones.
- SEARCHCHARCONVERT can now be turned on for multibyte character sets,
though it's not recommended.
- French report descriptions files.
- New versions of Polish and alternative Swedish language files.
- East Timor country code is now .tl.
Rearrange several bits of the rrdtool build mechanism so that we're not
cheating quite as much. The end result is that rrdtool now compiles on
both ELF and a.out.
Closes pkg/14606 from Tim Preston <tim at flibble dot org>
M. Bishop (wwwoffle's author/maintainer). With this, if IPv6-mapped IPv6
addresses are enabled, attempting to bind the wildcard address for both
protocols is not a fatal error.
partially revert Makefile, v1.32, so platforms without openssl-0.9.6e
in base will be able to find libssl.so.300 and libcrypto.so.300 for
binaries linked against libwwwwwl.so. Bump pkgrevision to reflect the
change in dependencies on platforms without openssl-0.9.6e in base.
changes since bozohttpd 5.12:
o support .mp3 files (type audio/mpeg)
o use stat() to find out if something is a directory, for -X mode
changes since bozohttpd 5.11:
o constification
o fixes & enhancements for directory index mode (-X)
squidGuard is a combined filter, redirector and access controller plugin
for Squid. It can be used to:
* limit the web access for some users to a list of accepted/well known web
servers and/or URLs only.
* block access to some listed or blacklisted web servers and/or URLs
for some users.
* block access to URLs matching a list of regular expressions or words
for some users.
* enforce the use of domainnames/prohibit the use of IP address in URLs.
* redirect blocked URLs to an "intelligent" CGI based info page.
* redirect unregistered user to a registration form.
* redirect popular downloads like Netscape, MSIE etc. to local copies.
* redirect banners to an empty GIF.
* have different access rules based on time of day, day of the week, date etc.
* have different rules for different user groups.
* and much more..
Changes in release 0.21.3:
* Fix segfault if using proxy server with SSL session and server
certificate verification fails.
* Fix leak of proxy hostname once per session (if a proxy is used).
* Add --with-libs configure argument; e.g. --with-libs=/usr/local picks
up any support libraries in /usr/local/{lib,include}
Changes in release 0.21.2:
* Fix 'make install' for VPATH builds.
* Use $(mandir) for installing man pages (Rodney Dawes).
* Follow some simple (yet illegal) relativeURI redirects.
* Always build ne_compress.obj in Win32 build (Branko Èibej).
* Fix decompression logic bug (Justin Erenkrantz <jerenkrantz@apache.org>)
(could give a decompress failure for particular responses)
* Fix ne_proppatch() to submit lock tokens for available locks.
* More optimisation of ne_sock_readline.
Changes in release 0.21.1:
* Don't include default SSL port in Host request header, which can
help interoperability with misbehaving servers (thanks to Rodney Dawes
<dobey@ximian.com>).
* Don't give a "truncated response" error from ne_decompress_destroy if
the acceptance function returns non-zero.
* Fix for Win32 build (Sander Striker <striker@apache.org>).
* Fix for cookie name/value being free()d (thanks to Dan Mullen).
* Optimisation of ne_sock_readline.
Changes in release 0.21.0:
* Socket layer implements read buffering; efficiency and performance
improvement. Based on work by Jeff Johnson <jbj@redhat.com>
* Cleanup of socket interface:
- renamed everything, s/sock_/ne_sock_/, s/SOCK_/NE_SOCK_/
- removed unused and inappropriate interfaces.
- renaming done by Olof Oberg <mill@pedgr571.sn.umu.se>
- see src/ChangeLog for the gory details.
* Fix typoed 'ne_destroy_fn' typedef (Olof Oberg).
* Support OpenSSL/ENGINE branch.
* Bogus ne_utf8_encode/decode functions removed.
* ne_base64() moved to ne_string.[ch].
* ne_token drops 'quotes' parameter; ne_qtoken added.
* ne_buffer_create_sized renamed to ne_buffer_ncreate.
* ne_xml_get_attr takes extra arguments and can resolve namespaces.
* ne_accept_response function type takes const ne_status pointer.
* Drop support for automatically following redirects:
- ne_redirect_register just takes a session pointer
- ne_redirect_location returns an ne_uri pointer
* configure changes: --with-ssl and --with-socks no longer take a directory
argument. To use SOCKS or SSL libraries/headers in non-system locations,
use ./configure CPPFLAGS=-I/... LDFLAGS=-L/...
* Reference documentation included for most of ne_alloc.h and ne_string.h,
and parts of ne_session.h and ne_request.h.
- see installed man pages, HTML documentation.
Changes in release 0.20.0:
* Major changes to DAV lock handling interface (ne_locks.h):
- struct ne_lock uses a full URI structure to identify locked resource
- ne_lock() requires that owner/token fields are malloc-allocated (or NULL)
on entry
- introduce a "lock store" type, ne_lock_store, to replace the lock session;
accessor functions all renamed to ne_lockstore_*.
- ne_lock_iterate replaced with a first/next "cursor"-style interface
- If: headers use an absoluteURI (RFC2518 compliance fix).
- fix for handling shared locks on DAV servers which return many active locks
in the LOCK response (thanks to Keith Wannamaker)
* Moved URI/path manipulation functions under ne_* namespace (ne_uri.h):
- path handling functions renamed to ne_path_*
- URI structure handling to ne_uri_*; struct uri becomes ne_uri.
- ne_uri_parse doesn't take a 'defaults' parameter any more
- if URI port is unspecified, ne_uri_parse sets port to 0 not -1.
- added ne_uri_unparse and ne_uri_defaultport functions.
* New 'ne_fill_server_uri' function to initialize a URI structure with
the server details for a given session (useful with locks interface).
* ne_decompress_{reader,destroy} are defined as passthrough-functions
if zlib support is not enabled.
* API change: ne_ssl_provide_fn returns void not int.
* Added NE_SSL_FAILMASK for verify failure sanity check.
* Removed return codes NE_SERVERAUTH and and NE_AUTHPROXY; correct
documentation, NE_PROXYAUTH is given for proxy auth failure.
* Require zlib >= 1.1.4 to avoid possible vulnerability in earlier versions.
See http://www.gzip.org/zlib/advisory-2002-03-11.txt for more details.
(version check can be skipped by passing --with-force-zlib to configure)
* New 'ne_ssl_readable_dname' function to create a human-readable string
from an X509 distinguished name.
* Fix support for newer versions of libxml2 (thanks to Jon Trowbridge
<trow@gnu.org>).
* Fix corruption of reason_phrase in status object returned by
ne_propset_status.
* More lenient handling of whitespace in response headers.
* ne_content_type_handler will give a charset of "ISO-8859-1" if no charset
parameter is specified for a text/* media type (as per RFC2616).
* Miscellaneous cleanups and fixes (Jeff Johnson <jbj@redhat.com>).
Changes in release 0.19.4:
* Support bundled build of expat 1.95.x (Branko Èibej).
Update submitted by Joel Wilsson <joelw@unix.se> in PR 17812.
PTHREAD_OPTS. This allows us to ignore the "require" inherited from the
glib/buildlink.mk file, which was originally causing "require native" to
be used for mozilla and was causing build problems on platforms without
native pthreads.
comes from devel/glib/buildlink. devel/glib requires a pthread library but
www/mozilla optionally wants a native pthread library. Checking for
PTHREAD_TYPE != "native" will work, but we may want to consider expanding
the capabilities of pthread.buildlink.mk to cover this scenario.
size and in the correct format, it is not re-encoded (losing quality)
anymore but just copied.
Problem noted by Jeff McMahill. Andrew Brown and Jaromir Dolecek helped
me with perl.
Bump PKGREVISION.
Give Apache a user and group by default, not only with suexec.
The variables for this have changed from APACHE_SUEXEC_USER and
APACHE_SUEXEC_GROUP to APACHE_USER and APACHE_GROUP.
Mention 'Apache' in COMMENT.
Use variables for the version number instead of copying it around.
Bump PKGREVISION.
For apache{,6}:
Change paths to /var/httpd instead of /var/spool/httpd.
Honour STRIPFLAG.
Add --without-confadjust as configure argument.
Enable the 'define' module.
For apache:
Enable proxy module on NOPIC platforms.
Some of these changes are based on pkg/17469 by Greg A. Woods, some on
comments by Johnny Lam.
Reviewed by Johnny Lam.
Changes since 5.10:
o more man page fixes from Thomas Klausner
o de-K&R C-ification
o fix Date: header for daemon mode
o fix core dump when asking for /cgi-bin/ when CGI isn't configured
o use a valid Server: header
hard coding /etc/bins.
install a default binsrc as an example which can be copied to
${PKG_SYSCONFDIR}/bins/binsrc and/or ~/.bins/binsrc
bump PKGREVISION to bins-1.1.10nb1
"file" is in "path"'s allocation. This fixes a bug where the server task
would randomly try to acces a file as a directory, and fail. Bump
PKGREVISION, as this was a fairly serious bug.
* Fix diffs between tags
* Fix duplicate accesskeys and id's in the "front" page
* Fix typo in JavaScript download window parameter
* Include query string in JavaScript download links in order to unbreak
downloads from non-default CVS roots
* Don't display @ForbiddenFiles in directory listings; also make sure their
logs are not accessible via direct URLs
* Fix dir sort order breakage when there are rogue files in the repository
dir and the sort order is not by file name
* Add -f; avoid reading ~/.cvsrc
Bug Fixes:
Install two DLLs for the Win32 version. Don't crash for HTTP servers that send
headers prefixed with whitespace. Make the "edit selected entry" option work.
Don't write uncompressed data to the cache with a header saying it is
compressed. Be more lenient in detecting spiders that cannot make requests.
The wwwoffle-tools programs now handle dir names as if they had http:// in
front. Disallow wwwoffle requests for protocols that WWWOFFLE does not
handle. Use the command line config filename in error messages. Fix to allow
compilation on SGI IRIX. Handle XHTML style tags when modifying HTML. Updated
setuid/setgid code. Some memory leaks removed and potential crashes removed
due to using lint).
New Features:
Split up Set-Cookie headers since browsers can't handle them.
Don't request deflated data since WWWOFFLE and servers don't agree on format.
Added a form on the monitor options page to stop monitoring a URL.
The confirm-requests option now asks for confirmation for page reloads.
Documentation:
Update FAQ to reference privoxy as well as JunkBuster.
Describe how to modify htdig templates to work with WWWOFFLE.
1) Linking a shared library against a static "socks{4,5}" library
does not have the desired effect of eliminating the dependency on
"socks" (not as it does for binaries).
2) No package linked against "libwww" seems to actually utilize
"socks".
Also bump the PKGREVISION and buildlink DEPENDS to the current level,
and liberalize the (formal) dependency on "openssl", for the benefit
of pre-NetBSD-1.5 systems. From now on, we can have no more issues
with "openssl" or "socks{4,5}" versions, as only the libwwwssl.*
shared libraries carry a run-time dependency on "openssl", but no
package links against them, and no "libwww" shared libraries can carry
a run-time dependency on any "socks" libraries. [Previous versions, of
course, may have had issues -- see PR 17010, which this is a partial
fix for.]
