2.4STABLE3:
- htcp_port 0 now properly disables htcp
- Fixed problem with certain non-anonymous ftp:// style URL's
- SNMP bugfixes including several memory leaks
- Corrected the MacHTTP log format, which didn't work in 5.2.
- All the BARSTYLEs redrawn, and two new BARSTYLEs added, adapted from
an idea by Dave Holle. (You will have to move the new graphics into your
IMAGEDIR in order to use them.)
Fixes several known bugs, as well as a cross-site scripting vulnerability
(discovered by Flavio Veloso of Magnux Software), that could allow
malicious HTML tags to be injected in the reports generated by the Webalizer.
This release also includes several new and updated language files. All users
are encouraged to upgrade as soon as possible.
- replace a hack adding fd_mask definition in autoconf.h with re-writing
configure script. It cause to run configure twice and result "no fd_mask".
- Incorporate three official patches from
http://www.squid-cache.org/Versions/v2/2.4/bugs/.
o SNMP memory leaks
synopsis
The SNMP implementation in Squid had several memory leaks
possibly causing an denial of service.
workaround
Disable the SNMP port if enabled by using "snmp_port 0" in
squid.conf. Or if you only use SNMP for MRTG data
collection running on the same host then use
"snmp_incoming_address 127.0.0.1" to limit reachability
of the SNMP port to only localhost or some other trusted
network.
o Coredump on certain ftp:// style URL's
synopsis
If certain constructed ftp:// style URL's are received then
squid crashes, causing a denial of service and maybe even
remote execution of code.
workaround
Deny forwarding of non-anonymous FTP URLs by inserting
the following rules at the top of squid.conf, prior to
any http_access allow lines.
acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
http_access deny non_anonymous_ftp
o "htcp_port 0" fails to disable the HTCP port
synopsis
"htcp_port 0" fails to completely disable the HTCP port as
documented in squid.conf, instead HTCP will be listening on
a random port number.
Summary of changes:
- removal of USE_GTEXINFO
- addition of mk/texinfo.mk
- inclusion of this file in package Makefiles requiring it
- `install-info' substituted by `${INSTALL_INFO}' in PLISTs
- tuning of mk/bsd.pkg.mk:
removal of USE_GTEXINFO
INSTALL_INFO added to PLIST_SUBST
`${INSTALL_INFO}' replace `install-info' in target rules
print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info'
- a couple of new patch files added for a handful of packages
- setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it
- devel/cssc marked requiring texinfo 4.0
- a couple of packages Makefiles were tuned with respect of INFO_FILES and
makeinfo command usage
See -newly added by this commit- section 10.24 of Packages.txt for
further information.
* added a --emacs command-line option to produce output intended
for parsing by Emacs
* added errors for references to non-existent IDs in attributes
such as the headers attribute of the td element
5.2 (13-Feb-02)
- You can now plot the lower levels of hierarchical reports on the pie
charts by using the new CHARTEXPAND family of commands.
- Added MACHTTP to the list of built-in log formats that analog recognises
automatically.
- Recognises ; as well as & as query-string separator.
- The rules for generating "organisations" from numerical addresses have
changed.
- Filenames given on the command line are now relative to the current
directory, not the analog directory.
- Ignores completely blank lines at the top of a logfile.
- Makefiles for Microsoft Visual C++ can be found in the new
src/build directory. Makefiles for other platforms have moved
out of the source tree into there too.
- You can now refer to kilobytes as kibibytes by editing your language file.
- Revised versions of Japanese language files.
- Revised the Licence.
- Advertised new donations page.
"has been released. The 2.0 release is a massive upgrade of the Horde Application Framework. Many components have been added or streamlined. Inter-application support is much more robust, a generic MIME_Viewer framework is included, a new preferences system supports global or application scope for preferences, and more!"
*) Upgraded to Apache 1.3.23
*) Fixed a subtle indexing bug in SHMCB. Each sub-cache used an
indexing structure that (correctly) used index values (and ranges)
as "unsigned int", but the meta-structure in the header had these
ranged as "unsigned char".
*) Perform the SHMCB remove operation under mutual exclusion
to prevent a inter-process synchronization problem.
*) Made sure that mod_ssl does not segfault in case of
SCOREBOARD_SIZE < 1024.
*) Merged in the SDBM patch from Uwe Ohse which fixes a problem with
sdbms .dir file, which arrises when a second .dir block is needed
for the first time. read() returns 0 in that case, and the library
forgot to initialize that new block. A related problem is that the
calculation of db->maxbno is wrong. It just appends 4096*BYTESIZ
bits, which is not enough except for small databases (.dir
basically doubles everytime it's too small).
The main new features in 1.3.23 (compared to 1.3.22) are:
* HTTP/1.1 support for mod_proxy.
* Other mod_proxy improvements.
* The new 'FileETag' directive to allow one to build the
format of the ETag via runtime directives.
* Addition of a 'filter callback' function to enable modules to
intercept the output byte stream for dynamic page caching.
The following bugs were found in Apache 1.3.22 and have been fixed in
Apache 1.3.23:
* Fix incorrect "Content-Length" header in the 416 response.
* Revert mod_negotation's handling of path_info and query_args
to the 1.3.20 behavior (PRs: 8628, 8582, 8538).
* Prevent an Apache module from being loaded or added twice due
to duplicate LoadModule or AddModule directives.
