| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
PR-responsible person (such as I am ;) a little easier.
|
|
Fixes a TFTP packet buffer overflow vulnerability.
See http://curl.haxx.se/docs/adv_20060320.html for details.
Changes:
- added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD
Bugfixes:
- TFTP Packet Buffer Overflow Vulnerability
- properly detecting problems with sending the FTP command USER
- wrong error message shown when certificate verification failed
- multi-part formpost with multi interface crash
- the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
- "SSL: couldn't set callback" is now treated as a less serious problem
- Interix build fix
- fixed curl "hang" when out of file handles at start
- prevent FTP uploads to URLs with trailing slash
|
|
scripts prior to revision 1.43 of bsd.pkginstall.mk.
|
|
|
|
Watchout for shared directories
|
|
|
|
* small bug fixes
Note: even though we are in the middle of pkgsrc freeze I have to do this
as this new release uses the same filename as 6.3 and the old file is
no longer available. This was detected by the bulk build system as
invalid checksum.
|
|
${PKGMANDIR} entries -- no need to do it here.
|
|
|
|
pkginstall framework. In the case of libtool-base, avoid using
FILES_SUBST_SED where it isn't needed.
|
|
This release fixes a crash when using the file/directory selection dialog
and updates the Polish and Dutch translation
|
|
fixed bugs, including 4 security vulnerabilities.
1. http://drupal.org/sa-2006-001/advisory.txt
2. http://drupal.org/sa-2006-002/advisory.txt
3. http://drupal.org/sa-2006-003/advisory.txt
4. http://drupal.org/sa-2006-004/advisory.txt
For further details see: http://drupal.org/project/cvs/3060/?branch=DRUPAL-4-6
|
|
|
|
|
|
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
|
|
system to test, but this should be the 1.3 syntax for apxs -i).
|
|
|
|
already in our previous package. Here is changes from 2.5.12 (2.5.STABLE12):
Changes to squid-2.5.STABLE12 (12 Mar 2006)
- [Minor] Fails to compile on Solaris and some other platforms
with undefined reference to setenv (Bug #1435)
- [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
- [Minor] Squid ntlm_auth (not the Samba provided one) giving
odd results if --enable-ntlm-fail-open is used (Bug #1022)
- [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
(Bug #1472)
- [Minor] Squid crash when asyncio function counters url accessed
from Cachemgr CGI (Bug #1464)
- [Cosmetic] Linix compile warning about prctl called with too few
arguments (Bug #1483)
- [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
- [Minor] Some 206 responses logged incorrectly (Bug #1511)
- [Minor] Issues in processing ranges on objects >2GB (Bug #437)
- [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
- [Minor] Ident access lists don't work in delay_access statements
(Bug #1428)
- [Minor] Some clients support NTLM even if not initially negotiating
persistent connections (Bug #1447)
- [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
- [Medium] delay pools given too much bandwidht after "-k reconfigure"
(Bug #1481)
- [Cosmetic] New persistent_connection_after_error configuration
directive (Bug #1482)
- [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
#1484)
- [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
- [Cosmetic] Typo in ftp.c (Bug #1507)
- [Cosmetic] Error in FTP listings of files with -> in their name
(Bug #1508)
- [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
in cache.log (Bug #779)
- [Minor] Fails to process long host names (Bug #1434)
- [Cosmetic] Azerbaijani errors translation (Bug #1454)
- [Cosmetic] misleading error message message for bad/unresolveable
cache_peer name (Bug #1504)
- [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
(Bug #1506)
- [Major] connstate memory leak (Bug #1522)
|
|
Trac-0.9.4-ja-1 (Feb 16, 2006)
* Merge trac-0.9.4
* Update to current statement.
* README.trac-ja
* wiki-default/TracJa
Trac 0.9.4 (Feb 15, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.4
* Deletion of reports has been fixed.
* Various encoding issues with the timeline RSS feed have been fixed.
* Fixed a memory leak when syncing with the repository.
* Milestones in the roadmap are now ordered more intelligently.
* Fixed bugs: #1064, #1150, #2006, #2253, #2324, #2330, #2408, #2430,
#2431, #2459, #2544, #2459, #2481, #2485, #2536, #2544, #2553,
#2580, #2583, #2606, #2613, #2621, #2664, #2666, #2680, #2706,
#2707, #2735
|
|
o 2006-03-10 23:17 (Major) connstate memory leag
o 2006-03-10 23:17 (Cosmetic) confusing statistics on stateful helpers (NTLM auth)
o 2006-03-10 23:17 (Cosmetic) misleading error message message for bad/unresolveable cache_peer name
o 2006-03-10 23:17 (Cosmetic) Azerbaijani errors translation
o 2006-03-10 23:17 (Minor) Fails to process long host names
o 2006-03-10 23:17 (Cosmetic) With Squid-2.5 there is no more the DUPLICATE IP logging in cache.log
|
|
|
|
|
|
|
|
JAlbum 6.3 has just been released. This version has focus on important bug
fixes but there are also some new features as requested by you users.
Just see the JAlbum history page for a detailed list of improvements.
|
|
> Major changes compared to the Horde 3.1-RC3 version are:
> * Small bugfixes and improvements.
>
> Major changes compared to the Horde 3.0 versions are:
> * User changes:
> - Support for expiring and resetting of passwords.
> - Detection of "phishing" attempts in HTML MIME viewer.
> - Improved synchronization support.
> - "My Account Information" portal block.
> - Link to options of all applications from the sidebar menu.
> - Audio notifications.
> - Improved accessibility.
> - Improved support for right-to-left languages.
> - New themes: Idea and High Contrast.
> - New languages: Hebrew, Icelandic, Khmer.
> - Improved import of CSV data.
> - Dynamic table resorting.
> * Administrator changes:
> - Compatible with PHP 5.1.
> - Support for alternate login screens and redirection on logout.
> - Separate DB table for much improved performance of History library.
> - Improved caching.
> - Improved MS-SQL support.
> - Improved Kolab support.
> - Support for counting and listing of active sessions.
> - More flexible permissions for application features.
> - Support for fixed portal blocks.
> - Support for sending problem reports to ticket systems.
> * Developer changes:
> - Library additions: imtest driver for IMSP, REST driver for RPC, Samba
> driver for VFS, LDAP driver for Group, and Generic SMTP driver for SMS
> library.
> - Several new field types for Form library.
|
|
- Fix Autocomplete plugin mechanism, it was slowing down opening tabs and
windows!
- Default compile with mozilla 1.7+
- Pushing CTRL key with mouse 1 click opens link in a new window (same as
middle button clicking for people with two button mice)
|
|
---
version: 0.17
date: Tue Feb 28 22:44:04 PST 2006
changes:
- Fixed ajax callback bugs
- Fixed inserting result into a dom element in Safari
- Cory Bennett fixed Test.Harness on Konqueror
- Cory sorted keys in FOR i IN obj. This should give expected consistency to
users.
- Cees Hek implemented all the string functions. With tests!!
- Cees added the truncate filter.
- Yann Kerherv¡¦ changed the position of arguments in filters
- Yann fixed the indent and html filters and added repeat filter
- Yann adapted some tests from the TT test suite!
---
version: 0.16
date: Mon Feb 27 22:14:37 PST 2006
changes:
- Ingy added JSON and Ajax support into Jemplate.js
- Ingy got tests working on Mozilla, IE, Safari and Opera
- Ingy streamlined Makefiles and testing
- Ingy refactored documentation
- Cory Bennett JAVASCRIPT directive for inlining Javascript
- Cory added -nojs flag to `jemplate` command line tool
- Cory eliminated nasty eq/== hack
- Cory added support for foo.0 numeric indexing
- Cory added quoting support
- Cory got [% FOR i IN obj %] working to iterate over keys of object
- Cory fixed [% "$foo/$bar" %] for quoted strings
- Cory fixed concatenation
- Yann Kerherv¡¦ added filtering support
- Yann added these filters: collapse, html, html_break, html_entity,
html_line_break, html_para, indent, lcfirst, lower, null, trim, ucfirst,
upper, uri
- Ingy removed PERL and RAWPERL support
- Cory made test output display nicely
- Ingy made test index link to subtests
---
version: 0.15
date: Fri Feb 24 18:02:46 PST 2006
changes:
- Support SWITCH CASE and WRAPPER directives thanks to xantus and yann!
- Now the Stash really works, thanks to Miyagawa!
- Test.Base javascript runtime test framework!
- Support all the TT array primitives in JS!
|
|
IP and hostname information for backend servers that receive requests from
reverse proxies.
From DESCR:
mod_rpaf changes the remote address of the client visible to other Apache
modules when two conditions are satisfied. First condition is that the
remote client is actually a proxy that is defined in httpd.conf.
Secondly if there is an incoming X-Forwarded-For header and the proxy is
in it's list of known proxies it takes the last IP from the incoming
X-Forwarded-For header and changes the remote address of the client in
the request structure. It also takes the incoming X-Host header and
updates the virtualhost settings accordingly. For Apache2 mod_proxy it
takes the X-Forwared-Host header and updates the virtualhosts.
|
|
installation to go through on NetBSD/sparc64 (well, at least mine).
Failure reported by Joel Carnat.
|
|
libtasn1 had a shlib major bump.
Also update dependencies in bl3.mk files.
Addresses PR 32998 by Robert Elz.
|
|
* Longstanding bug in form_urldecode fixed
* Bug in FastCGI demo fixed
* Documentation formatting problems fixed
* Demonstration applications updated
Changes 3.2.2:
* Memory leak during restoration of CGI environments fixed
* New getDoubleValue and getIntegerValue methods added to allow caller to
determine if value was bounded
* Bug in getDoubleValue fixed
* Bug in parsing of cookie names fixed
Changes 3.2.1:
* Bug that caused multiple cookies to be output incorrectly fixed
* Better support added for Borland C++ Builder and HP aCC
* Bona fide support for FastCGI added
* Documentation fixes
Changes 3.2:
* License changed to the Lesser GNU General Public License
* HTTP header classes rewritten and refactored
* HTML output now more XML-compliant
* Documentation rewritten in Doxygen format
* Added a demo on cookie usage
|
|
|
|
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
|
|
- Reflect update of official patches and addition of missing one.
Added
o 2006-02-26 14:47 (Cosmetic) Added WebDAV REPORT method to know
HTTP methods list
Updated
o 2006-03-04 03:30 (Minor) Issues in processing ranges on objects >2GB
o 2006-03-04 03:39 (Minor) Some 206 responses logged incorrectly
- A few fixes checking by pkglint.
|
|
Version 7.15.2 (27 February 2005)
Daniel (22 February 2006)
- Lots of work and analysis by "xbx___" in bug #1431750
(http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two
different but related bugs:
1) Removing an easy handle from a multi handle before the transfer is done
could leave a connection in the connection cache for that handle that is
in a state that isn't suitable for re-use. A subsequent re-use could then
read from a NULL pointer and segfault.
2) When an easy handle was removed from the multi handle, there could be an
outstanding c-ares DNS name resolve request. When the response arrived,
it caused havoc since the connection struct it "belonged" to could've
been freed already.
Now Curl_done() is called when an easy handle is removed from a multi handle
pre-maturely (that is, before the transfer was complteted). Curl_done() also
makes sure to cancel all (if any) outstanding c-ares requests.
Daniel (21 February 2006)
- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy
type to the already provided type CURLPROXY_SOCKS4.
I added a --socks4 option that works like the current --socks5 option but
instead use the socks4 protocol.
Daniel (20 February 2006)
- Shmulik Regev fixed an issue with multi-pass authentication and compressed
content when libcurl didn't honor the internal ignorebody flag.
Daniel (18 February 2006)
- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate
code. It should however not be the cause of any troubles. He also fixed a
few similar problems in the HTTP test server code.
Daniel (17 February 2006)
- Shmulik Regev provided a fix for the DNS cache when using short life times,
as previously it could be holding on to old cached entries longer than
requested.
Daniel (11 February 2006)
- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options
that an app can use to let libcurl only connect to a remote host and then
extract the socket from libcurl. libcurl will then not attempt to do any
transfer at all after the connect is done.
- Kent Boortz improved the configure check for GnuTLS to properly set LIBS
instead of LDFLAGS.
Daniel (8 February 2006)
- Philippe Vaucher provided a brilliant piece of test code that show a problem
with re-used FTP connections. If the second request on the same connection
was set not to fetch a "body", libcurl could get confused and consider it an
attempt to use a dead connection and would go acting mighty strange.
Daniel (2 February 2006)
- Make --limit-rate [num] mean bytes. It used to be that but it broke in my
change done in November 2005.
Daniel (30 January 2006)
- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the
curl tool with --local-port. Plain and simply set the range of ports to bind
the local end of connections to. Implemented on to popular demand.
- Based on an error report by Philippe Vaucher, we no longer count a retried
connection setup as a follow-redirect. It turns out 1) this fails when a FTP
connection is re-setup and 2) it does make the max-redirs counter behave
wrong.
Daniel (24 January 2006)
- Michal Marek provided a patch for FTP that makes libcurl continue to try
PASV even after EPSV returned a positive response code, if libcurl failed to
connect to the port number the EPSV response said. Obviously some people are
going through protocol-sensitive firewalls (or similar) that don't
understand EPSV and then they don't allow the second connection unless PASV
was used. This also called for a minor fix of test case 238.
Daniel (20 January 2006)
- Duane Cathey was one of our friends who reported that curl -P [IP]
(CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
"native" IP while it works fine for ipv6-disabled builds!
In the process of fixing this, I removed the support for LPRT since I can't
think of many reasons to keep doing it and asking on the mailing list didn't
reveal anyone else that could either. The code that sends EPRT and PORT is
now also a lot simpler than before (IMHO).
Daniel (19 January 2006)
- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
(built ipv4-only) didn't work.
Daniel (18 January 2006)
- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
the configure script complained about a missing "missing" script if you ran
configure within a path whose name included one or more spaces. This is due
to a flaw in automake (1.9.6 and earlier). I've now worked around it by
including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
be used instead of the one automake ships with. This kludge needs to be
removed once we get an automake version with this problem corrected.
Possibly we'll then need to convert this into a kludge depending on what
automake version that is used and that is gonna be painful and I don't even
want to think about that now...!
Daniel (17 January 2006)
- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
the latest features and protocols that libcurl supports and has a minor fix
to better deal with the obscure case where someone has more than one libcurl
installed at the same time.
Daniel (16 January 2006)
- David Shaw finally removed all traces of Gopher and we are now officially
not supporting it. It hasn't been functioning for years anyway, so this is
just finally stating what already was true. And a cleanup at the same time.
- Bryan Henderson turned the 'initialized' variable for curl_global_init()
into a counter, and thus you can now do multiple curl_global_init() and you
are then supposed to do the same amount of calls to curl_global_cleanup().
Bryan has also updated the docs accordingly.
Daniel (13 January 2006)
- Andrew Benham fixed a race condition in the test suite that could cause the
test script to kill all processes in the current process group!
Daniel (12 January 2006)
- Michael Jahn:
Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
HTTP proxy.
Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would
previously overwrite internal memory and cause unpredicted behaviour!
Daniel (11 January 2006)
- I decided to document the "secret option" here now, as I've received *NO*
feedback at all on my mailing list requests from November 2005:
I'm looking for feedback and comments. I added some experimental code the
other day, that allows a libcurl user to select what method libcurl should
use to reach a file on a FTP(S) server.
This functionality is available in CVS code and in recent daily snapshots.
Let me explain...
The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
the command line tool) and you set it to a long (there are currenly no
defines for the argument values, just plain numericals). You can set three
different "methods" that do this:
1 multicwd - like today, curl will do a single CWD operation for each path
part in the given URL. For deep hierarchies this means very many
commands. This is how RFC1738 says it should be done. This is the
default.
2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
a full path to the server.
3 singlecwd - make one CWD with the full target directory and then operate
on the file "normally".
(With the command line tool you do --ftp-method [METHOD], where [METHOD] is
one of "multicwd", "nocwd" or "singlecwd".)
What feedback I'm interested in:
1 - Do they work at all? Do you find servers where one of these don't work?
2 - What would proper names for the option and its arguments be, if we
consider this feature good enough to get included and documented in
upcoming releases?
3 - Should we make libcurl able to "walk through" these options in case of
(path related) failures, or should it fail and let the user redo any
possible retries?
(This option is not documented in any man page just yet since I'm not sure
these names will be used or if the functionality will end up exactly like
this. And for the same reasons we have no test cases for these yet.)
Daniel (10 January 2006)
- When using a bad path over FTP, as in when libcurl couldn't CWD into all
given subdirs, libcurl would still "remember" the full path as if it is the
current directory libcurl is in so that the next curl_easy_perform() would
get really confused if it tried the same path again - as it would not issue
any CWD commands at all, assuming it is already in the "proper" dir.
Starting now, a failed CWD command sets a flag that prevents the path to be
"remembered" after returning.
Daniel (7 January 2006)
- Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP
proxy actually used a new connection and not sent the second request on the
first socket!
Daniel (6 January 2006)
- Alexander Lazic made the buildconf run the buildconf in the ares dir if that
is present instead of trying to mimic that script in curl's buildconf
script.
Daniel (3 January 2006)
- Andres Garcia made the TFTP test server build with mingw.
Daniel (16 December 2005)
- Jean Jacques Drouin pointed out that you could only have a user name or
password of 127 bytes or less embedded in a URL, where actually the code
uses a 255 byte buffer for it! Modified now to use the full buffer size.
Daniel (12 December 2005)
- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
|
|
This is a bug fix release, which addresses some security problems too.
The major points that this release corrects are:
* Prevent header injection by limiting each header to a single line.
* Possible XSS inside error reporting functionality.
* Missing safe_mode/open_basedir checks into cURL extension.
* Apache 2 regression with sub-request handling on non-Linux systems.
* key() and current() regression related to references.
This release also fixes about 30 other defects.
|
|
changes:
-translation and documentation updates
-fix for a "minor preference problem"
|
|
|
|
into the correct location.
|
|
Bump PKGREVISION.
|
|
|
|
|
|
* 2006-02-26 00:06 (Cosmetic) Error in FTP listings of files with -> in their name
* 2006-02-26 00:06 (Cosmetic) Harmless typo in ftp.c
* 2006-02-26 00:06 (Minor) Fails to compile on Fedora Core 5 test 2 x86_64
* 2006-02-26 00:06 (Cosmetic) Hangs at 100% CPU if /dev/null is not accessible
* 2006-02-26 00:06 (Cosmetic) New persistent_connection_after_error configuration directive
* 2006-02-26 00:06 (Medium) delay pools given too much bandwidht after "-k reconfigure"
* 2006-02-26 00:06 (Medium) 504 Gateway Time-out on FTP uploads
* 2006-02-26 00:06 (Minor) Some clients support NTLM even if not initially negotiating persiste
* 2006-02-26 00:06 (Minor) Ident access lists don't work in delay_access statements
* 2006-02-26 00:06 (Cosmetic) Segmentation fault on empty proxy_auth ACLs
* 2006-02-26 00:06 (Minor) Issues in processing ranges on objects >2GB
* 2006-02-26 14:36 (Minor) Some 206 responses logged incorrectly
|
|
|
|
1.18 Thu Feb 2 00:11:26 CST 2006
[TESTS]
* Makefile.PL now takes four new parms:
* --live/nolive turns on/off the live tests
* --local/nolocal turns on/off the local tests
* --mech-dump/nomech-dump installs/doesn't the mech-dump program
* --all turns on all tests and installs mech-dump
* Fixed some failures in tests. Non-existent URLs now have a
"." postpended to them, so if someone's got a search domain
with a wildcard (i.e. ignore.us) it'll ignore that. Also,
Google's second link is now a https:// link, which some Mechs
can't handle. Added a 'url_regex' which now makes it look at
the second non-https link. Thanks to Pete Krawczyk.
|
|
|
|
|
|
|
|
include unistd.h.
|
|
|
