Trac-0.10.4-ja-1 (Mar 5, 2007)
* Merge trac-0.10.4
* Fixes miss typing.
* wiki-default/CamelCase
* wiki-default/TracQuery
* Update to current statement.
* README.trac-ja
* wiki-default/TracJa
Trac 0.10.4 (Apr 20, 2007)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.4
Trac 0.10.4 is a bug fix release. The following list contains only a
few highlights:
* Repository cache improvements. The new syncing scheme is incompatible with
the previous one and requires a database schema upgrade in order to prevent
the old and the new codebase to be mixed. A repository resync is not needed,
though. The 0.10.4 scheme is compatible with the 0.11 one.
(#3837, #4043 and #4586)
* Fix a possible freeze under heavy load (#4465)
The complete list of closed tickets can be found here:
http://trac.edgewall.org/query?status=closed&milestone=0.10.4
URI::Fetch is a smart client for fetching HTTP pages, notably syndication
feeds (RSS, Atom, and others), in an intelligent, bandwidth- and time-saving
way.
Pkgsrc changes:
- Suffix changed from the default (.tar.gz) to .tgz.
- Marked the package as supporting installation to DESTDIR.
Changes since version 3.0302:
=============================
VERSION 3.0501
Bugfix release to repair a memory leak and a few "other" field edge
cases.
VERSION 3.05
Just a short time after 3.04, several new features evolved very quickly:
Fieldset support
A new "fieldsets" option to "new()" and a "fieldset" option to the
"field()" method can be used to organize your form into sections.
Currently works with the built-in "<table>" and new "<div>" renderer
only, but template support is in the works.
Div rendering
In addition to the builtin "<table>" rendering module, a new "Div"
rendering template has been included as well. If you select this, you
get a table-free form which you can manipulate using stylesheets:
$form->new(template => {type => 'div'});
This provides a couple additional benefits, like separate divs for every
submit button.
Additional classes
A couple additional CSS classes were added, wrapping around the fields
as a unit for better styling. The "<form>" tag now gets a ".fb_form"
style as well.
Fixed HTML::Template support
A couple bugs were introduced in 3.04 that have been fixed, and more
tests added.
VERSION 3.04
In addition to the below features, a new Catalyst FormBuilder plugin is
available on CPAN, "Catalyst::Plugin::FormBuilder".
New $form->prepare() method
You can now use "$form->prepare()" to get back an expanded hashref just
before "$form->render()" is called. This allows you to use FormBuilder
with Catalyst or other frameworks more easily, where the rendering is
done elsewhere:
my %expansion = $form->prepare;
This could be passed directly to, say, Template Toolkit without having
to use FormBuilder's Template Toolkit support.
New "inflate" option to field()
This is used the convert fields on the fly into objects or other values.
For example, you could convert a "date" field into a DateTime object.
Nice patch from Mark Hedges, check it out.
Turkish messages
Thanks to Recai Oktas.
Added "missing" property for fields
This can be queried in templates. To see if a field is missing
altogether, you can check "field.missing" or "missing-field" depending
on your template engine of choice.
Removal of custom "puke" and "belch"
FormBuilder now uses "Carp" and @CARP_NOT to handle its errors. As such,
you will probably notice some differences in error output. The benefit
is that setting "debug" will give you a stack trace on fatal errors.
CGI::FormBuilder::Template::Builtin
Moved the "render_builtin()" method to the above module, to unify the
rendering schemes.
New FORMBUILDER_DEBUG environment variable
Setting this has the same effect as using the "debug" option.
Removal of excess documentation
Removed all the stub docs from "Field::*" and "Messages::*" to make CPAN
happy.
Pkgsrc changes:
- Marked the package as supporting installation to DESTDIR.
Changes since version 2.7:
==========================
2.9 Mon Jan 29 15:54:03 EST 2007
- New Feature: the new force_untaint option makes sure you do not
pass tainted values to param(). [Sven Neuhaus]
- New Feature: Added ESCAPE=NONE as a synonym for ESCAPE=0. Fixed
both to work with default_escape. [cpan@punch.net]
- Bug Fix: DEFAULT didn't work with URL and JS escaping.
- Bug Fix: Long-standing bug where variables set in a loop weren't
available inside inner loops under global_vars if the variable
wasn't actually used in the outer loop. (Thanks to Richard Fein
for help debugging the fix.)
- Doc Fix: Changed references to CVS in the docs to Subversion now that
the switch is complete.
- Test Fix: At long last, the work from the Phalanx project has
been merged! The tests are now more complete and easier to work
on. Thanks Phalanx guys!
2.8 Wed Dec 21 18:37:39 EST 2005
- New Feature: the new default_escape option allows you to apply
escaping to all variables in a template. [Alex Kapranoff]
- Bug Fix: ESCAPE wasn't working on variables containing code-refs.
- Bug Fix: Changed HTML::Template to help sub-classes by called
_new_from_loop() via ref($self) rather than hard-coding the package
name. [Mark Stosberg]
- Bug Fix: Including more than one <tmpl_else> tag in <tmpl_unless> or
<tmpl_unless> now dies with an error message, instead of silently ignoring
one of the clauses. [Mitar and Mark Stosberg]
- Bug Fix: Fixed HTML::Template to re-evaluate conditions to handle
<tmpl_else>. This bug could cause HTML::Template to take both
branches of a conditional if a code-ref parameter returned a
different value when called a second time. [Emanuele Zeppieri]
(also close PR 30724)
This module strips HTML-like markup from text.
It is written in XS, and thus about five times quicker than using
regular expressions for the same task.
Changes between 1.2.21 and 1.2.22
Native
Refactor line endings logging to make it correct for all platforms and webservers. (mturk)
Added command line windows make files. (mturk)
Allow fail_on_status directive to be multi line. (mturk)
42076: Fix name of new option from ForwardCertChain to ForwardSSLCertChain as documented. (rjung)
Docs: Fix a couple of typos, change format of a few tables, fix links to news pages. (rjung)
Fix correct URL for TC 6 examples in new IIS rewrite.properties configuration example file. (rjung)
Add svn properties to several files. (rjung)
Add TC 6 examples to uriworkermap.properties in config examples. (rjung)
Allow multiple status codes for fail_on_status directive. The status codes can be delimited by space or comma characters. (mturk)
IIS. Added pcre like regular expressions for url rewrite rules. (mturk)
41922: Apache 1.3. Enable JkEnvVar. (mturk)
Apache. Add --enable-flock configure parameter for explicit compilation of faster flock() system calls for OS supporting those calls. By default the fcntl system call for locking will be used that is a little bit slower but it can work on NFS mounted volumes as well. (mturk)
41562: Add Debug logging for read from client in ISAPI Redirector. Contributed by Tim Whittington. (mturk)
Apache. Add ForwardSSLCertChain JkOption. Contributed by Patrik Schnellmann. (mturk)
IIS. Do not forbid access to web-inf or meta-inf if there is no mapped worker. This allows to have resource with those names that are outside mapped contexts. (mturk)
Apache. Use process id for creating shared memory name and delete shared memory and shared memory lock files on exit. (mturk)
IIS. Fix Keep-Alive regression introduced in 1.2.21. (mturk)
Delete unused check for empty init_map during startup. (rjung)
41770: Fix startup error if no JkWorkersFile is used. (rjung)
Use JK_TRUE/JK_FALSE instead of OK/!OK as return values in init_jk(). (rjung)
Minor adjustments to apache startup log messages (when to use STDERR, remove deprecated NOERRNO flag, shm warning and warnings for usage of default files). (rjung)
Replace APR precompiler directive by httpd mpm_query to detect MPM threading. Add a debug log message about auto-detected pool size. (rjung)
Make MMN check easier to understand and a little more precise (for new ap_get_server_banner()/ap_get_server_description()). We use the new API only for Apache httpd 2.3. This way our binaries are not tightly coupled to a minor 2.0 version, and we don't use ap_get_server_banner() any way. (rjung)
Use the full description string ap_get_server_description() instead of the truncated info from ap_get_server_banner(), because this info gets used internally (status worker display and ajp14 backend communication) and is not send back to the normal user. (rjung)
41757: Document the "--enable-prefork" flag of configure. (rjung)
Enhance log messages for failures when parsing attribute maps. (rjung)
Correct log message during worker initialization, in case remote host could not be resolved. We logged the default host name "localhost" instead of the configured one. (rjung)
41770: Fix the second part of the bug: local_worker and local_worker_only is missing from the list of deprecated attributes (and not supported either), so prevents the web server from startup. (rjung)
Changes between 1.2.20 and 1.2.21
Native
CVE-2007-0774 : A denial of service and critical remote code execution vulnerability. Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes. Reported by ZDI (www.zerodayintiative.com). Please note this issue only affected versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server Connector and not previous versions. Tomcat 5.5.20 and Tomcat 4.1.34 included a vulnerable version in their source packages. Other versions of Tomcat were not affected.
Check the worker. parameters and don't start if the parameter is not a valid one. (jfclere)
41439: Allow session IDs to get stripped off URLs of static content in Apache by adding JkStripSession directive (configurable per vhost). (mturk)
Change semantics of empty defaults for JkEnvVar variables. Until 1.2.19: not allowed. In 1.2.20: send variables as empty strings, if neither set to non empty in config, nor during runtime. Starting with 1.2.21: If config has no second argument only send variable if set (even when set to empty string) during runtime. Allows good combination with condition attribute in tomcat access log. (rjung)
41610: Fix incorrect detection of missing Content-Length header leading to duplicate headers. Contributed by Boris Maras. (rjung)
Better build support for SunONE (Netscape/iPlanet) webservers. (jim)
Add warning if duplicate map keys are read and are not allowed, e.g. when parsing uriworkermap.properties. (rjung)
Don't concat worker names, if uriworkermap.properties has a duplicate pattern, instead overwrite the worker. (rjung)
Log deprecation message even in duplication case. (rjung)
uriworkermap.properties: Fix off-by-one problem when deleting URL mapping during reloading of uriworkermap.properties. (rjung)
41439: Allow session IDs to get stripped off URLs of static content in IIS (configurable). (rjung)
41333: Refactoring isapi_plugin configuration reading. (rjung)
41332: Add some more errno logging and unify the format. (rjung)
JkStatus: Improved logging by adding status worker name to messages. Added messages to the recover worker action. (rjung)
JkStatus: Refactoring searching for workers and sub workers. (rjung)
41318: Add configuration to make status worker user name checks case insensitive. (rjung)
JkStatus: Add estimated time until next global maintenance to other mime types and adopt jkstatus ant task. (rjung)
JkStatus: Show estimated time until next global maintenance. Change displayed time until next recovery to a min/max pair. (rjung)
JkStatus: Allow a user of a read/write status worker to switch it to and from read_only mode temporarily. (rjung)
JkStatus: Do not show read/write commands in a read_only status worker. (rjung)
JkStatus: Allow lb sub workers in error state to be marked for recovery administratively from the status worker. (rjung)
Load Balancer: Do not try to recover multiple times in parallel. Use additional runtime states "PROBE" and "FORCED". (rjung)
JkStatus: Improve data synchronization between different processes. (rjung)
41381: Fix segfault in feature fail_on_status (wrong order of log arguments). Patch by Juri Haberland. (rjung)
Use correct windows line endings for log file on WIN32 platform. (rjung)
Changes between 1.2.19 and 1.2.20
Native
JkStatus Ant Task documentation page. (pero/rjung)
JkStatus Ant Tasks: Add new tasks for update and reset. (pero)
JkStatus Ant Tasks: Update for new xml status format. (pero)
Allow integer and string values when setting enumeration/boolean attributes via status worker update action. (rjung)
Docs: New reference guide page for status worker. (rjung)
Docs: Renaming the config dir to reference and using the title Reference Guide in the docs. (rjung)
Added retry_on_status for workers directive. (mturk)
Status Worker: Add directive to make property prefix and good/bad rule configurable. (rjung)
Status Worker: Omit lb members when att=nosw. (rjung)
Status Worker: New command cmd=version for a short version output. (rjung)
Status Worker: New output stype mime=prop produces property lists. (rjung)
Apache: Fix incorrect handling of JkEnvVar when Vars are set multiple times. (rjung)
Renamed jvm_route to route. Deprecated jvm_route, but still use it as fallback when parsing the worker configuration. (rjung)
IIS: Make uriworkermap file reload check interval configurable. (mturk)
Apache: Make uriworkermap file reload check interval configurable. (rjung)
Status Worker: Add directives for customizing the XML output (ns, xmlns, doctype). (mturk)
Docs: New page with description of uriworkermap. (rjung)
Docs: Added short description of max_packet_size to worker reference. (rjung)
Status Worker: All functions accessible also for xml and txt mime types (list, show, update, reset). (rjung)
Status Worker: New global health indicators for load balancers named bad (error, recovering or stopped), degraded (busy or disabled) and good (the rest, active and OK or N/A). (rjung)
Status Worker: New edit page, to change one attribute for all members of a load balancer. (rjung)
Status Worker: Standard logging for status worker. (rjung)
Status Worker: code refactoring. (rjung)
Status Worker: New attribute user (list) denies access, if the request user in the sense of remote_user is not in this list. Empty list = no deny (rjung)
Status Worker: New attribute read_only disables the parts of the status worker, that change states and configurations. (rjung)
36121: Don't change main uri when mod_jk serves included uri. (markt)
Apache VHosts: Merge JkOptions +base - -base + +vhost - -vhost. (rjung)
Apache Docs: Adding requirements, context information, default values and inheritance rules to the Apache config documentation. (rjung)
Status Worker: Add source type to status worker, remove the redundant "context" column in the map listing (context=uri). (rjung)
uriworkermap: On reload of the file, all old entries from the previous file version get deleted, before the new ones are being read. (rjung)
Keep normal maps and exclusion maps internally separate. Don't treat them as the same when adding a rule. (rjung)
Status Worker: Display mapping rules also for non-lb workers and in global view. (rjung)
Apache VHosts: Use the vhost log files instead of the main log. (rjung)
Apache VHosts: Allow individual timestamp formats by refactoring the formatting method. (rjung)
Apache VHosts: Adding all missing config items to the virtual host level. Don't overwrite the settings from the global server, but inherit them in case they are not set in the virtual host. (rjung)
Apache: remove unnecessary function names from log messages. (rjung)
Apache: add a default log file location and a message, if the default gets used. (rjung)
Apache: add missing JK_IS_DEBUG_LEVEL() (rjung)
Apache VHosts: Allow JkWorkersFile, JKWorkerProperty, JkShmFile and JkShmFileSize only in global virtual server. (rjung)
Add some more jk_close_socket() and reduce log level for some info messages. (rjung)
Load Balancer: Added the Sessions strategy. Contributed by Takayuki Kaneko. (rjung)
Docs: Minor enhancements and syncing with more recent versions. (rjung)
40997: Separate uri mappings from their '!' counterpart when checking for duplicates in uriworkermap reloading. (rjung)
40877: Make sure the shared memory is reset on attach for multiple web server child processes. (mturk)
IIS: Added shm_size property to be able to deal with over 64 workers configurations. (mturk)
IIS: Increase default thread count to 250, so its the same as Apache Httpd default configuration. (mturk)
40966: Fix socket descriptor checks on windows. (mturk)
40965: Initialize missing service parameters. (mturk)
40938: Fix releasing of rewrite map. Thanks to Chris Adams for spotting that. (mturk)
Apache: Added +FlushHeader JkOptions. (mturk)
Added explicit flush when AJP body packet size is zero. (mturk)
40856: Fixing case sensitivity bug in URL mapping. (rjung)
40793: Documentation: Improvements to Apache HowTo provided by Paul Charles Leddy. (markt)
40774: Fixing wrong recursion termination. This one restricted the "reference" feature unintentionally to 20 workers. (rjung)
40716: Adding "reference" feature to IIS and Netscape. (rjung)
Documentation: Corrected SetEnvIf syntax in JK_WORKER_NAME example. (rjung)
Documentation: Added forgotten STATE and ACTIVATION notes for load balancer logging in Apache. (rjung)
Apache: Use instdso.sh instead libtool: libtool does not work on HP-UX for example. (jfclere)
Tomcat 5.5.23 (fhanik)
Catalina
41608 Make log levels consistent when Servlet.service() throws an exception. (markt)
41666 Correct handling of boundary conditions for If-Unmodified-Since and If-Modified-Since headers. Patch provided by Suzuki Yuichiro. (markt)
41674 Fix error messages when parsing context.xml that incorrectly referred to web.xml. (markt)
41739 Correct handling of servlets with a load-on-startup value of zero. These are now the first servlets to be started. (markt)
Coyote
Requests with multiple content-length headers are now rejected. (markt)
Tomcat 5.5.22 (fhanik)
General
Fix regression in build that prevented connectors from building. (markt)
Tomcat 5.5.21 (fhanik)
Catalina
41401: StandardService.getConnectorNames() return array of Connector JMX objectnames. (pero)
29727: If env-entry values in web.xml are changed then ensure new values are applied when context is reloaded. (markt)
34956: Ensure request and response objects passed to a RequestDispatcher meet the requirements of SRV.8.2 and SRV.14.2.5.1. This is disabled by default. The Java option -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true is required to enable this test. (markt)
36274: When including static content with the DefaultServlet also treat content types ending in xml as text. (markt)
36976: Don't use CATALINA_OPTS when stopping Tomcat. This allows options for starting and stopping to be set on JAVA_OPTS and options for starting only to be set on CATALINA_OPTS. Without this fix, some startup options (eg the port for remote JMX) would cause stop to fail. Based on a fix suggested by Michael Vorburger. (markt)
37070: Update mbean name documentation to include the StandardWrapper. (markt)
37356: Ensure sessions time out correctly. This has been fixed by removing the accessCount feature by default. This feature prevents the session from timing out whilst requests that last longer than the session time out are being processed. This feature is enabled by setting the Java option -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true The feature is now implemented with synchronization which addresses the thread safety issues associated with the original bug report. (markt)
37439: Update documentation for Engine component to add the requirement that the name must be unique. (markt)
37458: Add syncs to the WebappClassloader to address rare issues when multiple threads attempt to load the same class concurrently. (markt)
37509: Do not remove whitespace from the end of values defined in logging.properties files. (markt)
38198: Add reference to Context documentation from Host documentation that explains how Context name is obtained from the Context filename. (markt)
39088: Prevent infinte loops when an exception is thrown that returns itself for getRootCause(). Based on a patch by Wouter Zelle. (markt)
39436: Correct MIME type for SVG. (markt)
39627: JULI no longer ignores a ".level=XXX" directive in logging.properties. Patch provided by Roger Keays and Richard Fearn. (markt)
39724: Removing the last valve from a pipeline did not return the pipeline to the original state. Patch provided by David Gagon. (markt)
40367: Update JK auto configuration documentation to clarify that workers.properties must also exist. (markt)
40524: HttpServletRequest.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT for certificate authentication as per the spec. Note that web.xml continues to use CLIENT-CERT to specify the certificate authentication should be used. (markt)
40526: Add support for JPDA_OPTS to catalina.bat and add a JPDA_SUSPEND environment variable to both startup scripts. Patch provided by Kurt Roy. (markt)
40528: Add missing message localisations as provided by Ben Clifford. (markt)
40585: Fix parameterised constructor for o.a.juli.FileHandler so parameters have an effect. (markt)
40625: Stop CGIServlet swallowing the root cause of an exception. Patch provided by Takayoshi Kimura. (markt)
40723: Correct table creation example in JavaDoc for JDBCAccessLogValve. (markt)
40802: Add jsp-api.jar to fileset in catalina-tasks.xml as provided by Daniel Santos. (pero)
40817: Correct problem where CGI scripts in the root of the ROOT context threw a StringIndexOutOfBoundsException. (markt)
Set the SCRIPT_FILENAME environment variable required by PHP when using the CGIServlet to execute PHP. (markt)
40823: Update context doc to clarify use of ROOT.xml, multi-level context paths and to further discourage use of server.xml (markt)
40844: Add additional syncs to JDBCRealm to resolve NPE when two users try to authenticate using DIGEST authentication at the same time. (markt)
40860: Log exceptions and other problems during parameter processing. (markt)
40901: Encode directory listing output. Based on a patch provided by Chris Halstead. (markt)
40929: Correct JavaDoc for StandardCalssLoader. (markt)
41008: Allow POST to be used for indexed queries with CGI Servlet. Patch provided by Chris Halstead. (markt)
41020: Improve error message when custom error report Valve fails to load. Also remove requirement that custom error report Valves extend ValveBase. (markt)
41217: Set secure attribute on SSO cookie when cookie is created during a secure request. Patch provided by Chris Halstead. (markt)
Ensure Accept-Language headers conform to RFC 2616. Ignore them if they do not. (markt)
Make provided instances of RequestDispatcher thread safe. (markt)
Fix formatting of CGI variable SCRIPT_NAME. (markt)
34643: Improved documentation for per-user / per-session clientAuth usage in SSL Authenticator. Docs provided by jack and Ralf Hauser. (yoavs)
40668: Update release notes and readme files specific to v5.5.20 to notify users of missing MailSessionFactory in distribution, suggest workarounds, and link to relevant Bugzilla issue. (yoavs)
37977: adapt BUILDING.txt and net build.xml for SVN. Patch by Christopher Sahnwaldt. (yoavs)
39055: Link to sample workaround code for using JSR160 JMX monitoring with a local firewall. Thanks to George Lindholm for the patch. (yoavs)
39476: add xml declaration to most build.xml files, as suggested by Gregory S. Hoerner Sr. (yoavs)
40326: stop using File#deleteOnExit in DefaultServlet to avoid JVM memory leak, as suggested by quartz. (yoavs)
40192: update setup.html notes regarding Windows tray icon. (yoavs)
40177: add more warnings to documentation about RequestDumperValve character encoding. (yoavs)
39255: NPE in AuthenticatorBase when logging level is set to DEBUG and no prinicpal found. (yoavs)
41437: Make log messages and loglevel consistent during Context start. Patch provided by Suzuki Yuichiro. (markt)
Coyote
38332: Add backlog attribute to ChannelSocket as provided by Takayoshi Kimura. (pero)
Backport packetSize feature from Tomcat 6.0.x at standard coyote AJP Jk handler. (pero)
40771: Fix implementation of SavedRequestInputFilter.doRead() so POST data may be read using a Valve or Filter. Patch provided by Michael Dufel. (markt)
41017: Restore behaviour of MessageBytes.setString(null). (remm/markt)
41057: Modify StringCache to add a configurable upper bound to the length of cached strings. (remm/markt)
38774: Check javax.net.ssl.keyStorePassword system property as a secondary source for keystore password in JSSESocketFactory, as suggested by Ted X. Toth. (yoavs)
39402: Modify existing Vary HTTP header, rather than overwrite it, if it exists when using GZip compression. Patch by Matthew Cooke. (yoavs)
40241: Catch Exceptions instead of Throwables in Default and SSI servlets. Also improve relevant logging while we're at it. (yoavs)
40133: Better error message when context name is not available on startup, as suggested by Andreas Plesner Jacobsen. (yoavs)
Jasper
39975: don't have static Log references to prevent classloader leaks. (yoavs)
40104: When displaying JSP source after an exception, handle included files. (markt)
40797: This was a regression as a result of the fix for 33407. TLD validation was failing as a result of the use of the escape character (0x1b) as a temporary replacement for \$. An alternative character (0xe000) from the unicode private use range is now used. (markt)
41057: Make jsp:plugin output XHTML compliant. (markt)
41327: Show full URI for a 404. Patch provided by Vijay. (markt)
41265: Allow JspServlet checkInterval init parameter to be explicitly set to the stated default value of zero by removing the code that resets it to 300 if explicitly specified as zero. (markt)
Display the JSP source when a compilation error occurs and display the correct line number rather than start of a scriptlet block. (markt)
Webapps
34952: Clarify that the Windows Installer always installs a Windows service. (markt)
35968: Make environment entry properties input a text area. Patch provided by Tristan Marly. (markt)
37588: Fix creation of JNDI Realm in admin application. Patch provided by Terry Zhou. (markt)
38048: Fix memory leak assoaciated with use of expression language in JSPs. Patch provided by Taras Tielkes. (markt)
39572: Improvements to CompressionFilter example provided by Eric Hedstrom. (markt)
40507: Update host-manager and servlet-examples web-apps to use the servlet 2.4 xsd. Patch provided by Chris Halstead. (markt)
40581: Add information on the use of a symbloic link as the docBase for a Context to the Context documentation. (markt)
40633: Remove references to the DefaultContext from the documentation. (markt)
40677: Update SSL documentation to indicate that PKCS11 keystores may be used. (markt)
40714: Admin webapp no longer requires a username for a DataSource since it is not required in all cases. (markt)
40720: Fix exception in admin webapp when adding a group to a user. (markt)
40874: Correct log4j configuration in documentation webapp. Patch provided by Franck Borel. (markt)
40999: Add trust store configuration for SSL connectors to the admin webapp. (markt)
41051: Add information on keystore aliases and case sensitivity to SSL HOW-TO. (markt)
41182: Update the Jasper documentation for the classpath attribute. (markt)
41493: Fix handling of APR connectors in Admin webapp. (markt)
41512: Version number was not inserted in release notes. (markt)
40257: Update Manager webapp howto on remote deployment to reflect need for explicit path in one specific use-case. Thanks to Venkatesh Jayaraman. (yoavs)
40160: add reference to the Filter proposed in this Bugzilla item to the WebdavServlet. While at it, give the WebdavServlet some long-overdue TLC by cleaning up some of the old data structures in favor of modern (but still JDK 1.4-compliant) interfaces. (yoavs)
Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
Cluster
Add clustered SSO code and backport feature from Tomcat 6.0.x, submitted by Fabien Carrion (pero)
Add better recovery at FastAsyncQueueSender. Made the startegy more robust for temporary connection problems (pero)
Most important changes are:
- fix a crash for files with an mtime of 0
- fix cpu hog in certain requests
- added mod_extforward module
- reduced default PATH_MAX to 255
Based on patch provided in PR 36156.
0.27
* 0.26 release apparently didn't get to cpan correctly
0.26
* Supports multi-line encoded values in query_sting (like foo%0Abar) -- Dobrica Pavlinusic
* Fixes to URI unescaping to behave like apache does
0.24
* Hopefully deal with an odd case where a poorly behaved Internet Explorer could crash the server.
Thanks to the Catalyst project.
0.23
Fix a release-engineering messup. Thanks to ANDK
0.22 Wed Oct 18 23:36:34 EDT 2006
* Query string processing improvements
0.21 Wed Oct 18 23:31:42 EDT 2006
[rt.cpan.org #21727] [PATCH] Support for Perl 5.004
-- Sebastien Aperghis-Tramoni
0.20
Require POSIX only if we need it, rather than "use" it all the time
[cpan #17533] - Brad Bowman
0.19
Catch and ignore SIGPIPE, so broken pipes from the client don't cause
Standalone to drop all the way back to the shell.
Version 7.16.2 (11 April 2007)
Yang Tse (10 April 2007)
- Ravi Pratap provided some fixes for HTTP pipelining
- configure script will ignore --enable-sspi option for non-native Windows.
Daniel S (9 April 2007)
- Nick Zitzmann did ssh.c cleanups
Daniel S (3 April 2007)
- Rob Jones fixed better #ifdef'ing for a bunch of #include lines.
Daniel S (2 April 2007)
- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The
accepted commands are as follows:
chgrp (gid) (path)
Changes the group ID of the file or directory at (path) to (gid). (gid)
must be a number.
chmod (perms) (path)
Changes the permissions of the file or directory at (path) to
(perms). (perms) must be a number in the format used by the chmod Unix
command.
chown (uid) (path)
Changes the user ID of the file or directory at (path) to (uid). (uid)
must be a number.
ln (source) (dest)
Creates a symbolic link at (dest) that points to the file located at
(source).
mkdir (path)
Creates a new directory at (path).
rename (source) (dest)
Moves the file or directory at (source) to (dest).
rm (path)
Deletes the file located at (path).
rmdir (path)
Deletes the directory located at (path). This command will raise an error
if the directory is not empty.
symlink (source) (dest)
Same as ln.
Daniel S (1 April 2007)
- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many
easy handles are added to a multi handle, by avoiding the looping over all
the handles to find which one to remove.
- Matt Kraai provided a patch that makes curl build on QNX 6 fine again.
Daniel S (31 March 2007)
- Fixed several minor issues detected by the coverity.com scanner.
- "Pixel" fixed a problem that appeared when you used -f with user+password
embedded in the URL.
Dan F (29 March 2007)
- Don't tear down the ftp connection if the maximum filesize was exceeded
and added tests 290 and 291 to check.
- Added ftps upload and SSL required tests 401 and 402.
- Send an EOF message before closing an SCP channel, as recommended by
RFC4254. Enable libssh2 tracing when ssh debugging is turned on.
Yang Tse (27 March 2007)
- Internal function Curl_select() renamed to Curl_socket_ready()
New Internal wrapper function Curl_select() around select (2), it
uses poll() when a fine poll() is available, so now libcurl can be
built without select() support at all if a fine poll() is available.
Daniel S (25 March 2007)
- Daniel Johnson fixed multi code to traverse the easy handle list properly.
A left-over bug from the February 21 fix.
Dan F (23 March 2007)
- Added --pubkey option to curl and made --key also work for SCP/SFTP,
plus made --pass work on an SSH private key as well.
- Changed the test harness to attempt to gracefully shut down servers
before resorting to the kill -9 hammer.
- Added test harness infrastructure to support scp/sftp tests, using
OpenSSH as the server.
- Fixed a memory leak when specifying a proxy with a file: URL.
Yang Tse (20 March 2007)
- Fixed: When a signal was caught awaiting for an event using Curl_select()
or Curl_poll() with a non-zero timeout both functions would restart the
specified timeout. This could even lead to the extreme case that if a
signal arrived with a frecuency lower to the specified timeout neither
function would ever exit.
Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in
Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR
defined both functions will return as soon as a signal is caught. Use it
at your own risk, all calls to these functions in the library should be
revisited and checked before fully supporting this feature.
Yang Tse (19 March 2007)
- Bryan Henderson fixed the progress function so that it can get called more
frequently allowing same calling frecuency for the client progress callback.
Dan F (15 March 2007)
- Various memory leaks plugged and NULL pointer fixes made in the ssh code.
Daniel (15 March 2007)
- Nick made the curl tool accept globbing ranges that only is one number, i.e
you can now use [1-1] without curl complaining.
Daniel (10 March 2007)
- Eygene Ryabinkin:
The problem is the following: when we're calling Curl_done and it decides to
keep the connection opened ('left intact'), then the caller is not notified
that the connection was done via the NULLifying of the pointer, so some easy
handle is keeping the pointer to this connection.
Later ConnectionExists can select such connection for reuse even if we're
not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
false and we can reuse this connection for another easy handle. But thus the
connection will be shared between two easy handles if the handle that wants
to take the ownership is not the same as was not notified of the connection
was done in Curl_done. And when some of these easy handles will get their
connection really freed the another one will still keep the pointer.
My fix was rather trivial: I just added the NULLification to the 'else'
branch in the Curl_done. My tests with Git and ElectricFence showed no
problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
so it was a considerable amount of Curl's work.
Dan F (9 March 2007)
- Updated the test harness to add a new "crypto" feature check and updated the
appropriate test case to use it. For now, this is treated the same as the
"SSL" feature because curl doesn't list it separately.
Daniel (9 March 2007)
- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.
- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
machine type too.
- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
upload a file it couldn't open. Bug #1676581
(http://curl.haxx.se/bug/view.cgi?id=1676581)
Dan F (9 March 2007)
- Updated the test harness to check for protocol support before running each
test, fixing KNOWN_BUGS #11.
Dan F (7 March 2007)
- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
harness. It is very limited as it supports only ftps:// URLs with
--ftp-ssl-control specified, which implicitly encrypts the control
channel but not the data channels. That allows stunnel to be used with
an unmodified ftp server in exactly the same way that the test https
server is set up.
Dan F (7 March 2007)
- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
unencrypted data connections.
Dan F (6 March 2007)
- Fixed a couple of improper pointer uses detected by valgrind in test
cases 181 & 216.
Daniel (2 March 2007)
- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
makefiles that are included in the source release archives, generated from
the Makefile.vc6 files by the maketgz script. I also modified the root
Makefile to have a VC variable that defaults to vc6 but can be overridden to
allow it to be used for vc8 as well. Like this:
nmake VC=vc8 vc
Daniel (27 February 2007)
- Hang Kin Lau found and fixed: When I use libcurl to connect to an https
server through a proxy and have the remote https server port set using the
CURLOPT_PORT option, protocol gets reset to http from https after the first
request.
User defined URL was modified internally by libcurl and subsequent reuse of
the easy handle may lead to connection using a different protocol (if not
originally http).
I found that libcurl hardcoded the protocol to "http" when it tries to
regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
follows and it's working fine so far
Daniel (25 February 2007)
- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
the multi interface. Note that it still does a part of the connection in a
blocking manner.
Daniel (23 February 2007)
- Added warning outputs if the command line uses more than one of the options
-v, --trace and --trace-ascii, since it could really confuse the user.
Clarified this fact in the man page.
Daniel (21 February 2007)
- Ravi Pratap provided work on libcurl making pipelining more robust and
fixing some bugs:
o Don't mix GET and POST requests in a pipeline
o Fix the order in which requests are dispatched from the pipeline
o Fixed several curl bugs with pipelining when the server is returning
chunked encoding:
* Added states to chunked parsing for final CRLF
* Rewind buffer after parsing chunk with data remaining
* Moved chunked header initializing to a spot just before receiving
headers
Daniel (20 February 2007)
- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
line option.
Daniel (19 February 2007)
- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.
- Shmulik Regev found a memory leak in re-used HTTPS connections, at least
when the multi interface was used.
- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
5).
Daniel (18 February 2007)
- Jeff Pohlmeyer identified two problems: first a rather obscure problem with
the multi interface and connection re-use that could make a
curl_multi_remove_handle() ruin a pointer in another handle.
The second problem was less of an actual problem but more of minor quirk:
the re-using of connections wasn't properly checking if the connection was
marked for closure.
Daniel (16 February 2007)
- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
CURLOPT_RANGE back to no range on an easy handle when using FTP.
Dan F (14 February 2007)
- Fixed curl-config --libs so it doesn't list unnecessary libraries (and
therefore introduce unnecessary dependencies) when it's not needed.
Also, don't bother adding a library path of /usr/lib
Daniel (13 February 2007)
- The default password for anonymous FTP connections is now changed to be
"ftp@example.com".
- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
gmtime_r() like the older VC versions. He also made use of some machine-
specific defines to differentiate the "OS" define.
Daniel (12 February 2007)
- Rob Crittenden added support for NSS (Network Security Service) for the
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
This is the fourth supported library for TLS/SSL that libcurl supports!
- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
to the debug callback.
- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
internal decoding of content or transfer encoded content. This may be
preferable in cases where you use libcurl for proxy purposes or similar. The
command line tool got a --raw option to disable both at once.
- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
define set to hold the exact date and time of when the tarball was built, as
a human readable string using the UTC time zone.
- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
that has an easy handle present in the "closure" list pending closure.
Daniel (6 February 2007)
- Regular file downloads wiht SFTP and SCP are now done using the non-blocking
API of libssh2, if the libssh2 headers seem to support them. This will make
SCP and SFTP much more responsive and better libcurl citizens when used with
the multi interface etc.
Daniel (5 February 2007)
- Michael Wallner added support for CURLOPT_TIMEOUT_MS and
CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
millisecond resolution. The only restriction to that is the alarm()
(sometimes) used to abort name resolves as that uses full seconds. I fixed
the FTP response timeout part of the patch.
Internally we now count and keep the timeouts in milliseconds but it also
means we multiply set timeouts with 1000. The effect of this is that no
timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
equals 24.86 days. We probably couldn't before either since the code did
*1000 on the timeout values on several places already.
Daniel (3 February 2007)
- Yang Tse fixed the cookie expiry date in several test cases that started to
fail since they used "1 feb 2007"...
- Manfred Schwarb reported that socks5 support was broken and help us pinpoint
the problem. The code now tries harder to use httproxy and proxy where
apppropriate, as not all proxies are HTTP...
=== RELEASE 2.1pre28 ===
Wed Apr 11 01:39:36 cet 2007 mikulas:
Fixed a bug in decompression and javascript document.write introduced in
previous release (compressed data were displayed after document.write)
(BTW. because the javascript interpreter has bugs, Martin Pergel has not
time for it and the code is so messy that it couldn't be understand by
anyone else, javascript will likely be removed in next release)
=== RELEASE 2.1pre27 ===
Sat Apr 7 02:43:28 CEST 2007 mikulas:
Terminal resize, window title and clipboard support for Cygwin
Clipboard supports non-ascii characters badly, it is a limitation in
Cygwin
Wed Apr 4 23:19:00 MET 2007 Carles Pina i Estany <carles@pina.cat>:
Add more top-level domains
Sat Mar 31 03:02:40 CEST 2007 student:
win32.c file removed because in each new version of windows it doesn't
work. Don't even try to fix it unless you have computers with Windows
NT, Window 2000, Windows XP and Windows Vista side by side.
(new Cygwin emulates xterm-like mouse on the console, so it's not needed
for mouse)
Cygwin sometimes doesn't send SIGWINCH, it is its bug, so I didn't try
to fix it in links. Press twice Alt-Enter if links doesn't notify window
size change
Sun Mar 25 22:26:41 MET 2007 mikulas:
Fixed bad behaviour of scrollbars on very large documents due to integer
overflow
Wed Mar 21 22:15:25 MET 2007 mikulas:
Support for zlib, gzip and bzip2 files
Wed Mar 21 04:37:42 MET 2007 mikulas:
Limit image scaling to prevent allocation overflow
Tue Feb 6 00:23:43 MET 2007 mikulas:
Allow quotation marks in Refresh URL parameter --- fixes Google Picasa
Changes since 2.2a2 [2007/01/14]:
- Improved default color assignment (courtesy of David Nolan).
- Allow configuring a custom set of colors (courtesy of David Nolan).
- Updated RRDs::fetch usage for newer RRDtool versions (courtesy of
John Milton)
Changes from 0.18:
---
version: 0.20
date: Wed Nov 22 09:12:25 PST 2006
changes:
- Fix tests due to assumed file glob sorting. Thanks Cees.
- Fix tests where compile line numbers are off by one or two.
---
version: 0.19
date: Tue Nov 21 08:22:25 PST 2006
changes:
- Fixed setting a hash value. Reported by Theo Petersen. Thanks.
- David added ability to compile path names by passing directory to recurse
- Allow TT2 compile time options to be specified on command line.
- Create runtime code from CLI script.
- Allow Jemplate objects to be created with runtime configs.
- Port some TT2 runtime options.
- Better doc
- --runtime command prints the runtime JavaScript module
- --list lists the template names to be used
Ocsigen is a web programming framework for OCaml. It can be used as a web
server, serving static pages, but it is also possible to implement entire
web sites as OCaml modules.
WWW: http://www.ocsigen.org/
Drupal 5.1, 2007-01-29
----------------------
- fixed security issue (code execution), see SA-2007-005
- fixed a variety of small bugs.
Drupal 5.0, 2007-01-15
------------------------
- completely retooled the administration page
* /admin now contains an administration page which may be themed
* reorganised administration menu items by task and by module
* added a status report page with detailed PHP/MySQL/Drupal information
- added web-based installer which can:
* check installation and run-time requirements
* automatically generate the database configuration file
* install pre-made 'install profiles' or distributions
* import the database structure with automatic table prefixing
* be localized
- added new default Garland theme
- added color module to change some themes' color schemes
- included the jQuery JavaScript library 1.0.4 and converted all core JavaScript
to use it
- introduced the ability to alter mail sent from system
- module system:
* added .info files for module meta-data
* added support for module dependencies
* improved module installation screen
* moved core modules to their own directories
* added support for module uninstalling
- added support for different cache backends
- added support for a generic "sites/all" directory.
- usability:
* added support for auto-complete forms (AJAX) to user profiles.
* made it possible to instantly assign roles to newly created user accounts.
* improved configurability of the contact forms.
* reorganized the settings pages.
* made it easy to investigate popular search terms.
* added a 'select all' checkbox and a range select feature to administration
tables.
* simplified the 'break' tag to split teasers from body.
* use proper capitalization for titles, menu items and operations.
- integrated urlfilter.module into filter.module
- block system:
* extended the block visibility settings with a role specific setting.
* made it possible to customize all block titles.
- poll module:
* optionally allow people to inspect all votes.
* optionally allow people to cancel their vote.
- distributed authentication:
* added default server option.
- added default robots.txt to control crawlers.
- database API:
* added db_table_exists().
- blogapi module:
* 'blogapi new' and 'blogapi edit' nodeapi operations.
- user module:
* added hook_profile_alter().
* e-mail verification is made optional.
* added mass editing and filtering on admin/user/user.
- PHP Template engine:
* add the ability to look for a series of suggested templates.
* look for page templates based upon the path.
* look for block templates based upon the region, module, and delta.
- content system:
* made it easier for node access modules to work well with each other.
* added configurable content types.
* changed node rendering to work with structured arrays.
- performance:
* improved session handling: reduces database overhead.
* improved access checking: reduces database overhead.
* made it possible to do memcached based session management.
* omit sidebars when serving a '404 - Page not found': saves CPU cycles and
bandwidth.
* added an 'aggressive' caching policy.
* added a CSS aggregator and compressor (up to 40% faster page loads).
- removed the archive module.
- upgrade system:
* created space for update branches.
- forms API:
* made it possible to programmatically submit forms.
* improved api for multistep forms.
- theme system:
* split up and removed drupal.css.
* added nested lists generation.
* added a self-clearing block class.
No change on other platforms, so skipped PKGREVISION bump. Steve
has already fed the patches back to the author.
Currently the package hardcodes some search paths from /usr/pkg - I have
an sent a question to the author as to how he would best like to handle
those in his framework.
This is for PR #34808.
No ChangeLog found. Changes include: add ogg mime type, lowercase
some HTML, make it more portable, get directory details using dirent
instead of running "ls".
change:
This release introduces a changed internal item lookup handling that
changes linear list searches to two step hash map lookups. While this
might improve performance it also can introduce new instabilities.
nspluginwrapper is an Open Source compatibility plugin for Netscape
4 (NPAPI) plugins. It separates the execution environment of the
plugin from the browser, allowing a plugin compiled for one ABI to
be used in a browser compiled for another.
For example the linux 32bit Adobe Flash plugin can be used in a
native Firefox under Linux/x86_64, NetBSD and FreeBSD platforms.
To install the Linux flash player into a native Firefox browser:
- Also install multimedia/ns-flash and multimedia/libflashsupport
- Run "nspluginwrapper -i /usr/pkg/lib/netscape/plugins/libflashplayer.so"
- Run Firefox
This is working at least under NetBSD/i386 4.0_BETA with native and modular
x11.
Version 7.16.1 [requires libcurl-7.16.1 or better]
--------------
* Added constants for all libcurl (error) return codes. They
are named the same as the macro constants in curl.h but prefixed
with E_ instead of CURLE. Return codes for the multi API are
prefixed with M_ instead of CURLM.
* Added CURLOPT_FTP_SSL_CCC, CURLOPT_SSH_PUBLIC_KEYFILE,
CURLOPT_SSH_PRIVATE_KEYFILE, CURLOPT_SSH_AUTH_TYPES.
* Removed CLOSEPOLICY and friends since this option is now
deprecated in libcurl.
* Set the _use_datetime attribute on the CURLTransport class
to unbreak xmlrpc_curl.py on Python 2.5.
Version 7.16.0 [no public release]
--------------
* Added CURLOPT_SSL_SESSIONID_CACHE.
* Removed SOURCE_* options since they are no longer
supported by libcurl.
Version 7.15.5.1
----------------
* Added test for basic ftp usage (tests/test_ftp.py).
* Fix broken ssl mutex lock function when using
GNU TLS (Debian bug #380156, fix by Bastian Kleineidam)
Version 7.15.5
--------------
* Added CURLOPT_FTP_ALTERNATIVE_TO_USER,
CURLOPT_MAX_SEND_SPEED_LARGE,
and CURLOPT_MAX_RECV_SPEED_LARGE.
Version 7.15.4.2
----------------
* Use SSL locking callbacks, fixes random
crashes for multithreaded SSL connections
(patch by Jayne <corvine at gmail.com>).
Version 7.15.4.1
----------------
* Fixed compilation problem with C compilers
not allowing declarations in the middle of
code blocks (patch by
K.S.Sreeram <sreeram at tachyontech.net>).
* Fixed bug in curl_multi_fdset wrapping,
max_fd < 0 is not an error (patch by
K.S.Sreeram <sreeram at tachyontech.net>).
Version 7.15.4
--------------
* Added support for libcurl shares, patch from
Victor Lascurain <bittor at eleka.net>. See the
file tests/test_share.py for example usage.
* Added support for CURLINFO_FTP_ENTRY_PATH.
Version 7.15.2
--------------
* Added CURLOPT_CONNECT_ONLY, CURLINFO_LASTSOCKET,
CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE.
Version 7.15.1
--------------
2006-01-31 Kjetil Jacobsen <kjetilja>
* Fixed memory leak for getinfo calls that return a
list as result. Patch by Paul Pacheco.
Version 7.15.0
--------------
2005-10-18 Kjetil Jacobsen <kjetilja>
* Added CURLOPT_FTP_SKIP_PASV_IP.
Version 7.14.1
--------------
2005-09-05 Kjetil Jacobsen <kjetilja>
* Added CURLOPT_IGNORE_CONTENT_LENGTH, CURLOPT_COOKIELIST as
COOKIELIST and CURLINFO_COOKIELIST as INFO_COOKIELIST.
Version 7.14.0
--------------
2005-05-18 Kjetil Jacobsen <kjetilja>
* Added missing information returned from the info() method
in the high-level interface.
* Added the FORM_FILENAME option to the CURLFORM API
with HTTPPOST.
Version 7.13.2
--------------
2005-03-30 Kjetil Jacobsen <kjetilja>
* Unbreak tests/test_gtk.py and require pygtk >= 2.0.
2005-03-15 Kjetil Jacobsen <kjetilja>
* Cleaned up several of the examples.
2005-03-11 Kjetil Jacobsen <kjetilja>
* WARNING: multi.select() now requires the previously optional
timeout parameter. Updated the tests and examples to reflect
this change. If the timeout is not set, select could block
infinitely and cause problems for the internal timeout handling
in the multi stack. The problem was identified by
<unknownsoldier93 at yahoo.com>.
Version 7.13.1
--------------
2005-03-04 Kjetil Jacobsen <kjetilja>
* Use METH_NOARGS where appropriate.
2005-03-03 Kjetil Jacobsen <kjetilja>
* Added support for CURLFORM API with HTTPPOST: Supports a
a tuple with pairs of options and values instead of just
supporting string contents. See tests/test_post2.py
for example usage. Options are FORM_CONTENTS, FORM_FILE and
FORM_CONTENTTYPE, corresponding to the CURLFORM_* options,
and values are strings.
2005-02-13 Markus F.X.J. Oberhumer <mfx>
* Read callbacks (pycurl.READFUNCTION) can now return
pycurl.READFUNC_ABORT to immediately abort the current transfer.
* The INFILESIZE, MAXFILESIZE, POSTFIELDSIZE and RESUME_FROM
options now automatically use the largefile version to handle
files > 2GB.
* Added missing pycurl.PORT constant.
Version 7.13.0
--------------
2005-02-10 Kjetil Jacobsen <kjetilja>
* Added file_upload.py to examples, shows how to upload
a file.
* Added CURLOPT_IOCTLFUNCTION/DATA.
* Added options from libcurl 7.13.0: FTP_ACCOUNT, SOURCE_URL,
SOURCE_QUOTE.
* Obsoleted options: SOURCE_HOST, SOURCE_PATH, SOURCE_PORT,
PASV_HOST.
Version 7.12.3
--------------
2004-12-22 Markus F.X.J. Oberhumer <mfx>
* Added CURLINFO_NUM_CONNECTS and CURLINFO_SSL_ENGINES.
* Added some other missing constants.
* Updated pycurl.version_info() to return a 12-tuple
instead of a 9-tuple.
Version 7.12.2
--------------
2004-10-15 Kjetil Jacobsen <kjetilja>
* Added CURLOPT_FTPSSLAUTH (and CURLFTPAUTH_*).
* Added CURLINFO_OS_ERRNO.
2004-08-17 Kjetil Jacobsen <kjetilja>
* Use LONG_LONG instead of PY_LONG_LONG to make pycurl compile
on Python versions < 2.3 (fix from Domenico Andreoli
<cavok at libero.it>).
gitweb provides an easy to use and full-fledged web interface to
your Git repositories. It allows users to browse the contents of
all served projects, including the ability to inspect individual
files and their history for any of the available branches.
equivalent functionality in recent versions of tomcat and the JSP standard.
Mark them as BROKEN= to see if anyone is using them. They will go away soon.
go away -- I have real doubts that a version 1.1 jdk and the accompanying
swing are any use to anyone, but am not sure the newer stuff we have
supports all ports which are supported by lang/jdk.
------
v3.1.4
------
[jan] SECURITY: Correctly quote file names in cleanup script for temporary
files.
[jan] Fix RPC authentication on CGI SAPIs.
[jan] Detect unencrypted PGP messages.
----------
v3.1.4-RC1
----------
[jan] SECURITY: Fix an XSS vulnerability in the language selection.
[jan] Complete Cyrus virtual domain support in cyrsql driver (Vilius Sumskas
<vilius@lnk.lt>, Request #4967).
[jan] Add option whether to strip domains from usernames in the account block
(Request #4955).
[jan] Fix email lists not being validated under certain conditions (Bug #4834).
[cjh] Add a REST-ful preferences interface.
[cjh] Faster DataTree-to-SQL History migration script
(josh@endries.org, Request #4732).
[cjh] Improved automatic webroot detection (Ben Klang, Request #4126).
[cjh] Rewrite and fix the OCI8 SessionHandler (Bug #3452).
[cjh] Allow signup hooks to override the user_name and password fields
(thomas@gelf.net, Request #2904).
[cjh] Fix creation of mailbox quotas by the Auth_cyrus driver
(pascal@vmfacility.fr, Bug #4678).
[cjh] Add "Save and Finish" to the share edit window (webmgr@muskingum.edu,
Request #4307).
[cjh] Let mailto: and anchor (#) links through Horde::externalUrl (Bug #3079).
[cjh] Add smbclient version of the SMB Auth class (larry@wimble.biz,
Request #4338).
[cjh] Remove problematic "data descriptor" segment from generated ZIP files
(reitsma@denison.edu, Bug #4670).
[cjh] Strip accesskeys from menu tooltips when only showing icons (Bug #4667).
[jan] Fix saving files in the root directory of an SQL VFS backend (Bug #4652,
Ben Klang <ben@alkaloid.net>).
[jan] Fix displaying all maintenance tasks to be confirmed at once (Bug #4377).
[cjh] Fix return format of DataTree_null::getByAttributes()
(thomas.jarosch@intra2net.com, Bug #4651).
[jan] Support departments in vCard's ORG properties (martin@matuska.org,
Request #4285).
[cjh] Rename Auth_sasl backend to Auth_peclsasl to avoid conflicts with PEAR's
Auth_SASL (Bug #4547).
[cjh] Implement handling of vTimezones in iCalendar data
(Carl Thompson <lists-horde@carlthompson.net>, Bug #4399).
[cjh] keybindings.js now works with Safari/KHTML.
[jan] Avoid recursive folder creation when sharing Kolab folders
(michael.sheldon@credativ.de, Bug #4325).
[jan] Add Kolab specific account block driver to support special Kolab users
(mzizka@hotmail.com, Request: #4119).
[mms] Only dim below the last signature line of input text in the dimsignature
Text_Filter driver.
Changes to squid-2.6.STABLE11 (Mar 17 2007)
- Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
!conn->body.request"
- Handle garbage helper responses better in concurrent protocol format
- Fix kqueue when overflowing the changes queue
- Make sure the child worker process commits suicide if it could
not start up
- Don't log short responses at debug level 1
- Fix bswap16 & bwsap32 error on NetBSD
- Fix collapsed_forwarding for non-GET requests
Changes:
* Apply [5709] to stable.
* session_enabled? works with session :off.
* Performance: patch cgi/session to require digest/md5 once rather than per
#cre ate_new_id.
4.20 - Monday, December 4, 2006
* INTERNAL: No Changes since 4.20_1. Declaring stable.
4.20_1 - Friday, November 24, 2006
* FIX: -ip_match now works even when it's not the last import item. (RT#21779)
* FIX: In the PostgreSQL driver, a race condition is when storing is now worked around. (Mark Stosberg)
* FIX: Added important clarification and example to MySQL driver docs that the session column
needs to be defined as a primary key to avoid duplicate sessions. (Justin Simoni, Mark Stosberg)
* FIX: The default serializer now works correctly with certain data structures. (RT#?) (Matt LeBlanc)
* FIX: A documentation bug in find() was fixed (Matt LeBlanc)
* FIX: Documented how to declare a database handle to be used on demand, which was introduced
in 4.04. (Mark Stosberg)
* FIX: Connections made with SQLite now disconnect only when appropriate, instead of always.
This addresses a symptom seen as "attempt to prepare on inactive database handle"
(Jaldhar Vyas, Sherzod, Mark Stosberg)
* FIX: Args to the constructor for CGI::Session and the drivers are now always shallow
copied rather than used directly, to prevent modification.
(RT#21952, Franck Porcher, Sherzod, Mark Stosberg)
* FIX: The documentation for expire($param, $time) was made more explicit
(pjf, Mark Stosberg)
* NEW: Added recommended use of flush() to the Synopsis (Michael Renner, RT#22333)
* NEW: Added links to Japanese translations of the documentation (Makio Tsukamoto)
http://digit.que.ne.jp/work/index.cgi?Perldoc/ja
* INTERNAL: Update test to workaround YAML versions less than 0.58. (Matt LeBlanc)
* INTERNAL: param() code was refactored for clarity (Mark Stosberg, Ali ISIK, RT#21782)
* INTERNAL: new() and load() were refactored (Ali Isik)
* INTERNAL: renamed some environment variables used for testing (Ron Savage)
* INTERNAL: Multi key-value syntax of param() now always returns number of keys
successfully processed, 0 if no key/values were processed.
4.14 - Sunday, June 11, 2006
* NEW: The find() command now has better documentation. (Ron Savage, Matt LeBlanc)
* FIX: find() no longer changes the access or modified times (RT#18442) (Matt LeBlanc)
* FIX: param() called with two parameters now returns the value set, if any (RT#18912) (Matt LeBlanc)
* FIX: driver, serializer, and id generator names are now untainted (RT#18873) (Matt LeBlanc)
* INTERNAL: automatic flushing has been documented to be unreliable, although
it was recommended in the past. Automatic flushing can be affected adversely
in persistent environments and in some cases by third party software. There are
also some cases in which flushing happened automatically in 3.x, but quit working
with 4.x. See these tickets for details.
http://rt.cpan.org/Ticket/Display.html?id=17541http://rt.cpan.org/Ticket/Display.html?id=17299
4.13 - Wednesday, April 12, 2006
* FIX: Applied patch to fix cookie method (RT#18493,Nobuaki ITO)
* FIX: Berkeley DB 1.x exhibits a bug when used in conjunction with O_NOFOLLOW. Because of this,
we've removed it from the db_file driver. It will still attempt to stop symlinks but the
open itself has dropped the flag. (Matt LeBlanc)
* FIX: json and yaml db_file tests now check for the presence of DB_File. (Matt LeBlanc)
4.12 - Friday, April 7, 2006
* SECURITY: Fix possible SQL injection attack. (RT#18578, DMUEY)
4.11 - Friday, March 31, 2006
* FIX: Since 4.10, using name() as a class method was broken. This has
been fixed, and regression tests for both uses have been added. (Matt LeBlanc)
4.10 - Tuesday, March 28, 2006
* SECURITY: Hopefully this settles all of the problems with symlinks. Both the file
and db_file drivers now use O_NOFOLLOW with open when the file should exist and
O_EXCL|O_CREAT when creating the file. Tests added for symlinks. (Matt LeBlanc)
* SECURITY: sqlite driver no longer attempts to use /tmp/sessions.sqlt when no
Handle or DataSource is specified. This was a mistake from a security standpoint
as anyone on the machine would then be able to create and therefore insert data
into your sessions. (Matt LeBlanc)
* NEW: name is now an instance method (RT#17979) (Matt LeBlanc)
4.09 - Friday, March 16th, 2006
* SECURITY: Applying security patch from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555 (Julien Danjou)
4.08 - Thursday, March 15th, 2006
* FIX: DESTROY was sometimes wiping out exception handling. RT#18183, Matt LeBlanc.
* SECURITY: Resolve some issues in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555
- db_file and file now check for symlinks either explicitly or by using O_EXCL on sysopen
- file creation umask defaults to 660
* NEW: db_file and file drivers now accepts a UMask option. (Matt LeBlanc)
* INTERNAL: test suite clean up (Tyler MacDonald)
VERSION 3.0301
This is a bugfix release to repair these main items:
- optgroups bugfix for complex arrays
- removal of HTML::Entities support due to utf8 issues
- new es_ES Messages module with better translations
- a patch from Mark Hedges to enable plugin modules for mailresults()
The rest of the features remain the same as below.
VERSION 3.03
Subclassable Fields
Each field is now rendered by its own class, named for the field type.
For example, text fields are rendered by
"CGI::FormBuilder::Field::text". This allows you to create custom field
types and plugging them in by creating your own
"CGI::FormBuilder::Field::whatever_you_want" module. Thanks to Peter
Eichman for his contributions to this scheme.
Messages Localization
All messages are now handled in a similar way to field types: They are
delegated to "CGI::FormBuilder::Messages::locale" where "locale" is the
appropriate string such as "en_US" or "da_DK". A number of localizations
are included as part of the standard distribution.
There are two ways to use these messages: Either the 'auto' messages
mode or by specifying a specific locale:
my $form = CGI::FormBuilder->new(messages => 'auto'); # check client
my $form = CGI::FormBuilder->new(messages => ':da_DK'); # specified
You can create your own messages by copying "_example.pm" and modifying
it for your language. When using messages in this way, the HTTP Charset
is changed to "utf-8".
Select optgroup support
By using the "field()" option "optgroups", you can now cause select
fields to automatically generate optgroup tags:
$form->field(name => 'browser', options => \@opt, optgroups => 1);
See the documentation on "optgroups" for more details.
Data::FormValidator Support
Thanks to another great patch from Peter Eichman, "Data::FormValidator"
is supported as a validation option to "new()", just by passing it in as
an object. See the documentation on "validate" for more information.
Option sorting by LABELNAME or LABELNUM
You can now sort options by "LABELNAME" or "LABELNUM", similar to the
value-based sorting of "NAME" and "NUM". See the documentation for more
details.
XHTML Compliance
Generated code now validates against <http://validator.w3.org>. This
includes stuff like lowercase "get" and "post" methods, lowercase
"onchange" and "onsubmit" actions, and so on.
Version 3.27
1. Applied patch from Steve Taylor that allows checkbox_groups to be
disabled with a new -disabled=> option.
Version 3.26
1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
3. Added "~" as an unreserved character in escape().
4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
Version 3.25
1. Fixed the link to the Netscape frames page.
2. Added ability to specify an alternate stylesheet.
3. Add support for XForms POST submssion both as application/xml or as multipart/related
Version 3.24
1. In startform(), if request_uri() returns undef, then falls back
to self_url(). This should rarely happen except when run outside of
the CGI environment.
2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
Version 3.23
1. Typo in upload() persisted, now fixed for real. Thanks to
Emanuele Zeppieri for correct patch and regression test.
Version 3.22
1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
Version 3.21
1. Don't try to read data at all when POST > $POST_MAX.
2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019).
Changes since 1.0.6:
Bluefish 1.0.7 (05 November 2006)
---------------------------------
- Updated translations: French, Japanese.
- Adds datarootdir to all Makefile.in to avoid warnings with autoconf 2.60
- Fixes application/bluefish-project MIME type icon name
- Fixes Tcl highlighting
- Fixes a bug when trying to save a file with a new install and a file has
never been opened or a project is not open. Closes bug #360401.
- Fix a bug where Bluefish would crash when deleting multiple bookmarks.
- Fix a bookmark memory leak
- Fix a bug where the editor tab was incorrectly displayed when moving a
document to another window.
- README: more complete README
Trac-0.10.3.1-ja-1 (Mar 12, 2007)
* Merge trac-0.10.3.1
* Translate Messages into Japanese.
* trac/attachment.py
* trac/versioncontrol/web_ui/browser.py
* Fixes unified diff download error.
* trac/versioncontrol/web_ui/changeset.py
* Update to current statement.
* README.trac-ja
Trac 0.10.3.1 (March 8, 2007)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.3.1
Trac 0.10.3.1 is a security release:
* Always send "Content-Disposition: attachment" headers where potentially
unsafe (user provided) content is available for download. This behaviour
can be altered using the "render_unsafe_content" option in the
"attachment" and "browser" sections of trac.ini.
* Fixed XSS vulnerability in "download wiki page as text" in combination with
Microsoft IE. Reported by Yoshinori Oota, Business Architects Inc.
* Fix buffer under-read in URI parser (Laszlo Boszormenyi, CVE-2007-0157)
* Fix regression in handling of "attempt" argument passed to auth callbacks;
ensure the value only increments for each invocation of the callback
* Fix handling of "nextnonce" parameter in Digest authentication
Changes 0.26.2:
* Fix error reported for LOCK responses lacking a Lock-Token header.
* Use Libs.private in neon.pc for newer versions of pkg-config.
* Build fix for platforms without libintl.h.
* Build fixes for MinGW.
* Build fix for h_errno detection on HP-UX 10.
* Win32: enable debugging; build fixes with some SDKs.
Changes 0.26.1:
* Build fixes for Win32 (D.J. Heap) and OS X.
* Add Simplified Chinese translation
Changes in release 0.26.0:
* Added internationalization support:
* Added support for GnuTLS
* Changes and additions to URI support:
* Changed results callbacks for ne_lock_discover, PROPFIND interfaces:
* Added functions which give control over authentication protocol use:
* Added ne_unhook_* functions to remove hooks
* Added ne_set_session_flags()/ne_get_session_flags() functions:
* Added ne_set_request_flags()/ne_get_request_flags() functions:
* Change ne_md5.h interface to make struct ne_md5_ctx opaque:
* Fixed ne_get_range(), added ne_get_range64()
* Removed NE_FREE() macro from ne_alloc.h
* Added ne_strcasecmp(), ne_strncasecmp(), ne_tolower() functions
* Changed ne_sock_init()/ne_sock_exit() such that ne_sock_exit()
* Added "--enable-threadsafe-ssl=posix" configure flag, to enable
* The manual is now licensed under the GPL rather than the GFDL
Packaged by David Rankin and provided in PR 33248.
Kwiki plugin to archive pages using CVS.
(This package includes the http://www.kwiki.org/?PatchKwikiArchiveCvs patches
to make Kwiki::Archives::Cvs work with Kwiki::Revision.)
