curses.buildlink2.mk. This was wrong because we _really_ do want to
express that we want _n_curses when we include the buildlink2.mk file.
We should have a better way to say that the NetBSD curses doesn't
quite work well enough. In fact, it's far better to depend on ncurses
by default, and exceptionally note when it's okay to use NetBSD curses
for specific packages. We will look into this again in the future.
Changes in release sitecopy 0.13.4, 29 July 2003
* Fix ~/.sitecopy directory permissions check on some platforms.
* Fix included getopt build on some platforms.
* Updated Italian translation (Cristian Rigamonti).
* neon updates:
- add support for Kerberos authentication over HTTP ("GSS-Negotiate").
- fix compatibility with OpenSSL 0.9.6.
Changes in release sitecopy 0.13.3, 30 June 2003
* 'ls' parsing tweaks in FTP fetch mode.
* Better error handling for corrupt site storage files.
* Update to neon 0.24.
Changes in release sitecopy 0.13.2, 17 June 2003
* Fixes for FTP synch mode (Paul J. Mantyla, David Madore and others).
Changes in release sitecopy 0.13.1, 15 June 2003
* Fixes for FTP fetch mode:
- corruption of downloaded files
- handling of empty lines in responses
* Drop support for non-XML storage files produced by sitecopy-0.7.0 and earlier.
* Fixes for SSL certificate caching.
* Fix build using included libintl.
* Fix fn_escape() build with some compilers.
Changes in release sitecopy 0.13.0, 10 May 2003
* Really fix use of non-ASCII filenames:
- drop 'charset' config option - this should no longer be used
- filenames should be preserved exactly regardless of character set
* Support WebDAV over SSL again: user is prompted to verify the server
certificate on first access.
* Enable use of bundled expat.
* Add Italian translation from Cristian Rigamonti.
* Fix segfault if SSL is requested but not supported.
* Fix build on AIX (Takeshi NISHIMATSU), FreeBSD.
Changes in release sitecopy 0.12.1, 19 February 2003
* Fix corruption of uploaded files in FTP mode (Jonathan Paisley)
* Fix build when included libintl is used (Nathan Hand).
* Fix bogus "XML parser received non-8-bit data" error.
* Fix make install (Juergen Daubert).
* Disable use of bundled expat pending build fix.
- Support mod_perl version 1 and 2 (1.99) (Michael Legart)
- Send status code 500 on errors, 404 on file not found and
make IE show our own errorpage. (Thomas L. Kjeldsen)
- Bugfix for directories named "0" (Andreas Plesner Jacobsen)
- Added "selection mode". Select images with checkboxes and
get a list of filenames. (Peter Andreasen)
- Fix to let the module work with perl 5.005 (Aaron)
- Do not allow scaling pictures to sizes above their
original size (Aaron)
- Added GalleryUseFileDate option to make A::G show
the files timestamps instead of using the EXIF value (Dennis Haney)
- Remember display size when turning Slideshow off (Hans Joergensen)
- Nice new layout (Thomas Kjaer)
- New option GalleryEXIFMode to control the way EXIF
info is displayed. See docs for details (Michael Legart)
- Support for the FNumber EXIF value (Thomas Corell)
- Added GalleryRootText option to allow changing the name of
the root element in the menu (Christopher Knight)
- Use Image::Imlib2 instead of Inline::C (Andreas Plesner Jacobsen)
- New option GalleryMaxThumbnailsPerPage to limit the number
of thumbnails displayed per page. Disabled by default
and requires templates update. (Michael Legart)
- Bugfix for the GalleryThumbnailSize option. Both height and
width max sizes are now obeyed. (David Gee)
Changes:
* resolve symlinks before opening a file [#60860 ]
* don't insert the "<meta http-equiv="Content-Type" content="text/html;
charset=..." line when using the Quick Start dialog [#61500 ]
* fix CTRL-C behavior [#62624]
* fix message window handling
* fix script action error output handling
* honour the "Do not load the modified version from disk." setting in the
dirty file dialog
1.4
o Added AuthPGGroupQuery.
o AuthPGGroupQuery doesn't require AuthPGGroupTable.
o Database access errors in verifying group permission leave log messages.
o AuthPGQuery works with AuthPGVirtual.
o Fixed a bug in AuthPGCookie.
1.3
o Fix a security problem.
(See http://cert.uni-stuttgart.de/advisories/apache_auth.php for details.)
squid 2.5.3nb4 package.
Changes to squid-2.5.STABLE4 (15 Sep 2003):
- Lithuanian error messages added to the distribution
- Bug #660: segfauld if more than one custom deny_info line
- cache_dir disd documentation cleanup
- check open of /dev/null to avoid 100% CPU loop in badly
configured chroot environments
- documentation update on uri_whitespace to refer to the correct RFC
- Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
- Bug #683: external_acl does not wait for ident lookups to complete
- aufs: Fix a minor use-after-free problem which could cause the
count of opening filedescriptors to grow larger than it should
- Syntax changes to make GCC-3.3 accept Squid without complaints
- Warning if CARP server defined in incorrect load factor order
- neighbor_type_domain documentation update
- http_header_access now works when using cache peers
- high_memory_warning now uses sbrk as fallback mechanism on
platforms where neither mallinfo or mstats are available.
- hosts_file now handles comments at the end of lines correcly
- storeCheckCachable() Stats corrected for release_request and
wrong_content_length.
- cachePeerPingsSent MIB type corrected
- unused minimum_retry_timeout directive removed
- Bug #702: ERR_TO_BIG spanish translation
- Bug #705: Memory leak on deny_info TCP_RESET
- Code cleanup to fix compile error in httpHeaderDelById
- Bug #699: Host header now forwarded exactly where it was in the
original request to work around certain broken firewalls or
load balancers which fail if this header is too far into the
request headers.
- Bug #704: Memory leak on reply_body_max_size
- Bug #686: requests denied due to http_reply_access are now
logged with TCP_DENIED (instead of TCP_MISS, etc).
- Bug #708: ie_refresh now sends no-cache to have the reload
request propagate properly in cache meshes
- Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
- Bug #709: cbdata.c:186: "c->valid" assertion due to peer
digest not found
- Bug #710: round-robin cache_dir selection incorrectly
compares max-size.
- Statistics corrections in HTTP header statitics
- QUICKSTART cleanups
- Bug #715: statCounter.syscalls.disk counters treated
inconsistently. Now increment the counters in AUFS
functions and for unlinkd.
- Improvements to the (experimental) COSS storage scheme.
- Bug #721: User name field in access.log sometimes blank
- Bug #94: assertion failed: http.c: "-1 == cfd ||
FD_SOCKET == fd_table[cfd].type"
- Bug #716: assertion failed: client_side.c:1478: "size > 0"
- Bug #732: aufs calculates number of threads and limits wrongly
- Bug #663: Username not logged into access.log in case of /407
- Bug #267: Form POSTing troubles with NTLM authentication
and occationally in differen other error conditions.
- Bug #736: ICP dynamic timeout algorithm ignores multicast.
- Bug #733: No explicit error message when ncsa_auth can't access
passwd file
- Bug #267, #757: POST with NTLM stops after persistent connection
timeout
- Bug #742: Wrong status code on access denials if delay_access
is used. Most notably 407 instead of 403 could be returned.
- Bug #763: segfault if using ntlm in http_reply_access
- Bug #638: assertion error if using proxy_auth in delay_access
- Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
- The issue of reply_body_max_size limiting the size of error
messages no longer applies.
- external_acl_type concurrency= option renamed to children= to
prepare for Squid-3 upgrades. Old syntax still accepted for the
duration of the Squid-2.5 release.
- number of filedescriptors rounded down to an even multiple of 64
to work around issues in certain libc implementations.
- winbind helpers less noisy in cache.log on restarts/shutdown.
- Squid now automatically restarts helpers if too many of them
have crashed.
Changes since 2.2.4rc1:
[mdj] SECURITY: Add dereferer to strip off session information from links to
the outside of the Horde system to protect against session hijacking.
[jan] Fix a bug with importing vCard 2.1 data.
[jan] Add Arabic (Syria) translation (Platinum Development Team
<devteam@platinum-sy.net>).
added python23-pth support
Many changes and fixes.
See ChangeLog for a complete list.
Important:
* WARNING: Removed the deprecated pycurl.init() and pycurl.multi_init()
names - use pycurl.Curl() and pycurl.CurlMulti() instead.
* WARNING: Removed the deprecated Curl.cleanup() and CurlMulti.cleanup()
methods - use Curl.close() and CurlMulti.close() instead.
- Fixed crash in Dump() function.
- Removed warning from reset() method.
- Moved <area> and <map> tags into the :html3 group. Hope this removes
undefined CGI::Area errors.
- Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
reporting of compile-time errors.
- Fixed potential deadlock between web server and CGI.pm when aborting
a read due to POST_MAX (reported by Antti Lankila).
- Fixed issue with tag-generating function not incorporating content when
first variable undef.
- Fixed cross-site scripting bug reported by obscure.
- Fixed Dump() function to return correctly formed XHTML - bug reported by
Ralph Siemsen.
- Fix to be P3P compliant submitted from MPREWITT.
- Added CGI->r() API for mod_perl1/mod_perl2.
- Fixed bug in redirect() that was corrupting cookies.
- Minor fix to behavior of reset() button to make it consistent with
submit() button (first time this has been changed in 9 years).
- Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
- Patch from Steve Hay to make CGI::Carp's error messages appear on MSIE
browsers.
- Added Yair Lenga's patch for non-urlencoded postings.
- Added Stas Bekman's patches for mod_perl 2 compatibility.
- Fixed uninitialized escape behavior submitted by William Campbell.
- Fixed tied behavior so that you can pass arguments to tie()
- Fixed incorrect generation of URLs when the path_info contains + and other
odd characters.
- Fixed redirect(-cookies=>$cookie) problem.
- Fixed tag generation bug that affects -javascript passed to start_html().
USE_GCC2 or USE_GCC3 where appropriate.
the functionality of the old gcc.buildlink2.mk has been rolled into
compiler.mk now, which is automatically used.
more changes to come later...
This version of Apache is principally a security and bug fix release.
Of particular note is that 1.3.28 addresses and fixes the following
issues: CAN-2003-0460 (cve.mitre.org) (rotatelogs bug), VU#379828
(infinite loop potential), and file descriptor leakage .
external_acl_type concurrency= renamed to children=
synopsis To lessen confusion in later upgrades to Squid-3 the
external_acl_type concurrency= option has been renamed to
children= to match Squid-3 usage. This is done because
concurrency= has a completely different meaning in
squid-3. Squid-2.5 still accepts the old syntax to keep
compatibility within the Squid-2.5 release, but it is recommended
to start using the new syntax unless you need to be able to
easily downgrade to a earlier Squid-2.5 release.
severity Cosmetic
date 2003-09-02 07:02
versions Squid-2.5.STABLE3 and earlier
platforms All
workaround Make sure to read the Squid-3 releasenotes very carefully when
upgrading.
Assertion error or segmentation fault if using proxy_auth in delay_access
synopsis If proxy_auth acl type is used in delay_access then Squid may
abort with an assertion error or segmentation fault. Notice: This
patch may change some error conditions to be logged with
TCP_DENIED rather than TCP_MISS.
severity Medium
date 2003-09-01 20:01
bugzilla #638, #756
versions Squid-2.5
platforms All
workaround Don't use proxy_auth acl types in delay_access
Segmentation fault if proxy_auth with ntlm used in http_reply_access
synopsis In configurations where authentication is enforced in http_access
and then reused in http_reply_access to further control access
levels Squid may segfault if the ntlm authentication scheme is
used.
severity Medium
date 2003-09-01 20:01
bugzilla #763
versions Squid-2.5
platforms All
workaround Don't use proxy_type acls in http_reply_access or disable the use
of the ntlm authentication scheme (disabled by default)
code 407 instead of 403 for authenticated traffic-shaped user
synopsis delay_access can disturb Squids logics on when to request a new
login from the user. Most notably if delay_access ends up in a
proxy_auth acl then any access denials will require a new login
but the opposite may also happen.
severity Medium
date 2003-08-31 09:31
bugzilla #742
versions Squid-2.5 and earlier
platforms All
workaround make sure delay_access always ends up in the same class of ACL as
http_access does on the same request.
Form POSTing troubles with NTLM authentication or other error responses
synopsis Large POST/PUT requests may fail with a "Connection reset" error
in the browser in situations where Squid immediately responds
with an error page. This is most notable when using NTLM
authentication but may also occur in a few other situations
severity Medium
date 2003-08-28 22:28
bugzilla #267, #757
versions Squid-2.5 and earlier
platforms All
workaround Allow POST/PUT without requiring authentication if you are using
NTLM authentication.
No explicit error message when ncsa_auth (squid user) can't access passwd file
synopsis ncsa_auth just exists if it can not read the supplied password
file, instead of reporting an error.
severity Minor
date 2003-08-20 12:20
bugzilla #733
versions Squid-2.5 and earlier
platforms All
workaround If ncsa_auth exits for no apparent reason, verify that the given
ncsa password file is readable by the cache_effective_user.
forwarded_for off has no effect
synopsis The patch for Bug #92 (squid-2.5.STABLE3-mem_cfd.patch) broke the
forwarded_for directive.
severity Minor
date 2003-08-18 17:18
bugzilla #750
versions Squid-2.5.STABLE3 snapshots 2003-08-07 to 2003-08-18
platforms All
workaround Use anonymization via http_header_access to delete the
X-Forwarded-For header from forwarded requests. This is probably
preferred in any case.
following note to the Makefile:
# DON'T make this package depend on the www/neon package until neon
# becomes stable; keep it using its internal copy of neon as with
# www/sitecopy. This package has in the past bounced back and forth
# between using external and internal neon because neon moves faster
# than cadaver, and does so incompatibly.
Changes in release 0.24.1:
* Add support for "GSS-Negotiate" Kerberos authentication scheme (from
Risko Gergely and Burjan Gabor).
* Disable Nagle to improve performance of small requests (thanks to
Jim Whitehead and Teng Xu).
* Fix compatibility with OpenSSL 0.9.6 (broken in 0.24.0).
* Fix prototype mismatch in ne_207.c.
* Define ssize_t from ne_request.h for Win32.
* Prevent segfault on zlib initialization failures.
* ne_sock_init does not fail if PRNG could not be seeded.
* Fix segfault in cookies code (Markus Mueller).
* Documentation updates.
Changes in release 0.24.0:
* Major changes to XML interface:
- have the start-element callback either accept, decline, abort,
or return a state integer.
- remove 'struct ne_xml_elm'; callbacks are passed {nspace, name}
strings along with a state integer.
- dropped "collect", "strip-leading-whitespace" modes
- push responsibility for accumulating cdata onto caller; drop 'cdata'
argument from end-element callback.
- don't abort if no handler accepts a particular element, just ignore
that branch of the tree.
- dropped support for libxml 1.x and expat < 1.95.0.
- guarantee that start_element callback is not passed attrs=NULL
- add ne_xml_doc_encoding() to retrieve encoding of parsed XML document.
* Major changes to SSL interface:
- rewrite of interfaces for handling server and client certificates;
ne_ssl.h: many new functions available.
- only PKCS#12-encoded client certs are supported.
- changes to most names of SSL-related functions operating on an
ne_session, e.g. ne_ssl_load_cert->ne_ssl_trust_cert.
- client cert provider callback is passed the set of acceptable CA
names sent by the server
- the entire chain of certs presented by server is now accessible
* Remove unused ne_register_progress() from socket layer.
* Changes to resolver interface: ne_addr_first and _next return const;
ne_addr_print renamed to ne_iaddr_print; ne_iaddr_make and ne_iaddr_free
have been added.
* ne_request_create() now duplicates the method string passed in.
* ne_redirect_location() will now return NULL in some cases.
* Split socket creation to ne_sock_create() from ne_sock_connect:
- should report connect() error messages properly on Win32.
* Fix several memory leaks in error handling paths.
* Add a pkg-config file, neon.pc.in.
Notable changes:
* Apache now internally handles image dispatch which enables use of
all Apache caching possibilities
* Support the EXIF Orientation key for automatic rotate
* Directory comments
* New GallerySortBy option to allow sort by time, size etc.
* Set width/height on thumbnail images for better performance
* InlineDir is no longer configurable using PerlSetVar
* Write to the error log if unable to open files in the cache
* Added slideshow feature
* Moved the cache to one single directory outside the webscope
* Allow user to customize the "No info found" message
Some people have been reporting problems with Apache segfaulting
when displaying images from certain cameras (eg. the Canon G2).
The problem can be solved by using Image::Info 1.11 or earlier.
