| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
libtasn1 had a shlib major bump.
Also update dependencies in bl3.mk files.
Addresses PR 32998 by Robert Elz.
|
|
* Longstanding bug in form_urldecode fixed
* Bug in FastCGI demo fixed
* Documentation formatting problems fixed
* Demonstration applications updated
Changes 3.2.2:
* Memory leak during restoration of CGI environments fixed
* New getDoubleValue and getIntegerValue methods added to allow caller to
determine if value was bounded
* Bug in getDoubleValue fixed
* Bug in parsing of cookie names fixed
Changes 3.2.1:
* Bug that caused multiple cookies to be output incorrectly fixed
* Better support added for Borland C++ Builder and HP aCC
* Bona fide support for FastCGI added
* Documentation fixes
Changes 3.2:
* License changed to the Lesser GNU General Public License
* HTTP header classes rewritten and refactored
* HTML output now more XML-compliant
* Documentation rewritten in Doxygen format
* Added a demo on cookie usage
|
|
|
|
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
|
|
- Reflect update of official patches and addition of missing one.
Added
o 2006-02-26 14:47 (Cosmetic) Added WebDAV REPORT method to know
HTTP methods list
Updated
o 2006-03-04 03:30 (Minor) Issues in processing ranges on objects >2GB
o 2006-03-04 03:39 (Minor) Some 206 responses logged incorrectly
- A few fixes checking by pkglint.
|
|
Version 7.15.2 (27 February 2005)
Daniel (22 February 2006)
- Lots of work and analysis by "xbx___" in bug #1431750
(http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two
different but related bugs:
1) Removing an easy handle from a multi handle before the transfer is done
could leave a connection in the connection cache for that handle that is
in a state that isn't suitable for re-use. A subsequent re-use could then
read from a NULL pointer and segfault.
2) When an easy handle was removed from the multi handle, there could be an
outstanding c-ares DNS name resolve request. When the response arrived,
it caused havoc since the connection struct it "belonged" to could've
been freed already.
Now Curl_done() is called when an easy handle is removed from a multi handle
pre-maturely (that is, before the transfer was complteted). Curl_done() also
makes sure to cancel all (if any) outstanding c-ares requests.
Daniel (21 February 2006)
- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy
type to the already provided type CURLPROXY_SOCKS4.
I added a --socks4 option that works like the current --socks5 option but
instead use the socks4 protocol.
Daniel (20 February 2006)
- Shmulik Regev fixed an issue with multi-pass authentication and compressed
content when libcurl didn't honor the internal ignorebody flag.
Daniel (18 February 2006)
- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate
code. It should however not be the cause of any troubles. He also fixed a
few similar problems in the HTTP test server code.
Daniel (17 February 2006)
- Shmulik Regev provided a fix for the DNS cache when using short life times,
as previously it could be holding on to old cached entries longer than
requested.
Daniel (11 February 2006)
- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options
that an app can use to let libcurl only connect to a remote host and then
extract the socket from libcurl. libcurl will then not attempt to do any
transfer at all after the connect is done.
- Kent Boortz improved the configure check for GnuTLS to properly set LIBS
instead of LDFLAGS.
Daniel (8 February 2006)
- Philippe Vaucher provided a brilliant piece of test code that show a problem
with re-used FTP connections. If the second request on the same connection
was set not to fetch a "body", libcurl could get confused and consider it an
attempt to use a dead connection and would go acting mighty strange.
Daniel (2 February 2006)
- Make --limit-rate [num] mean bytes. It used to be that but it broke in my
change done in November 2005.
Daniel (30 January 2006)
- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the
curl tool with --local-port. Plain and simply set the range of ports to bind
the local end of connections to. Implemented on to popular demand.
- Based on an error report by Philippe Vaucher, we no longer count a retried
connection setup as a follow-redirect. It turns out 1) this fails when a FTP
connection is re-setup and 2) it does make the max-redirs counter behave
wrong.
Daniel (24 January 2006)
- Michal Marek provided a patch for FTP that makes libcurl continue to try
PASV even after EPSV returned a positive response code, if libcurl failed to
connect to the port number the EPSV response said. Obviously some people are
going through protocol-sensitive firewalls (or similar) that don't
understand EPSV and then they don't allow the second connection unless PASV
was used. This also called for a minor fix of test case 238.
Daniel (20 January 2006)
- Duane Cathey was one of our friends who reported that curl -P [IP]
(CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
"native" IP while it works fine for ipv6-disabled builds!
In the process of fixing this, I removed the support for LPRT since I can't
think of many reasons to keep doing it and asking on the mailing list didn't
reveal anyone else that could either. The code that sends EPRT and PORT is
now also a lot simpler than before (IMHO).
Daniel (19 January 2006)
- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
(built ipv4-only) didn't work.
Daniel (18 January 2006)
- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
the configure script complained about a missing "missing" script if you ran
configure within a path whose name included one or more spaces. This is due
to a flaw in automake (1.9.6 and earlier). I've now worked around it by
including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
be used instead of the one automake ships with. This kludge needs to be
removed once we get an automake version with this problem corrected.
Possibly we'll then need to convert this into a kludge depending on what
automake version that is used and that is gonna be painful and I don't even
want to think about that now...!
Daniel (17 January 2006)
- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
the latest features and protocols that libcurl supports and has a minor fix
to better deal with the obscure case where someone has more than one libcurl
installed at the same time.
Daniel (16 January 2006)
- David Shaw finally removed all traces of Gopher and we are now officially
not supporting it. It hasn't been functioning for years anyway, so this is
just finally stating what already was true. And a cleanup at the same time.
- Bryan Henderson turned the 'initialized' variable for curl_global_init()
into a counter, and thus you can now do multiple curl_global_init() and you
are then supposed to do the same amount of calls to curl_global_cleanup().
Bryan has also updated the docs accordingly.
Daniel (13 January 2006)
- Andrew Benham fixed a race condition in the test suite that could cause the
test script to kill all processes in the current process group!
Daniel (12 January 2006)
- Michael Jahn:
Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
HTTP proxy.
Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would
previously overwrite internal memory and cause unpredicted behaviour!
Daniel (11 January 2006)
- I decided to document the "secret option" here now, as I've received *NO*
feedback at all on my mailing list requests from November 2005:
I'm looking for feedback and comments. I added some experimental code the
other day, that allows a libcurl user to select what method libcurl should
use to reach a file on a FTP(S) server.
This functionality is available in CVS code and in recent daily snapshots.
Let me explain...
The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
the command line tool) and you set it to a long (there are currenly no
defines for the argument values, just plain numericals). You can set three
different "methods" that do this:
1 multicwd - like today, curl will do a single CWD operation for each path
part in the given URL. For deep hierarchies this means very many
commands. This is how RFC1738 says it should be done. This is the
default.
2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
a full path to the server.
3 singlecwd - make one CWD with the full target directory and then operate
on the file "normally".
(With the command line tool you do --ftp-method [METHOD], where [METHOD] is
one of "multicwd", "nocwd" or "singlecwd".)
What feedback I'm interested in:
1 - Do they work at all? Do you find servers where one of these don't work?
2 - What would proper names for the option and its arguments be, if we
consider this feature good enough to get included and documented in
upcoming releases?
3 - Should we make libcurl able to "walk through" these options in case of
(path related) failures, or should it fail and let the user redo any
possible retries?
(This option is not documented in any man page just yet since I'm not sure
these names will be used or if the functionality will end up exactly like
this. And for the same reasons we have no test cases for these yet.)
Daniel (10 January 2006)
- When using a bad path over FTP, as in when libcurl couldn't CWD into all
given subdirs, libcurl would still "remember" the full path as if it is the
current directory libcurl is in so that the next curl_easy_perform() would
get really confused if it tried the same path again - as it would not issue
any CWD commands at all, assuming it is already in the "proper" dir.
Starting now, a failed CWD command sets a flag that prevents the path to be
"remembered" after returning.
Daniel (7 January 2006)
- Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP
proxy actually used a new connection and not sent the second request on the
first socket!
Daniel (6 January 2006)
- Alexander Lazic made the buildconf run the buildconf in the ares dir if that
is present instead of trying to mimic that script in curl's buildconf
script.
Daniel (3 January 2006)
- Andres Garcia made the TFTP test server build with mingw.
Daniel (16 December 2005)
- Jean Jacques Drouin pointed out that you could only have a user name or
password of 127 bytes or less embedded in a URL, where actually the code
uses a 255 byte buffer for it! Modified now to use the full buffer size.
Daniel (12 December 2005)
- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
|
|
This is a bug fix release, which addresses some security problems too.
The major points that this release corrects are:
* Prevent header injection by limiting each header to a single line.
* Possible XSS inside error reporting functionality.
* Missing safe_mode/open_basedir checks into cURL extension.
* Apache 2 regression with sub-request handling on non-Linux systems.
* key() and current() regression related to references.
This release also fixes about 30 other defects.
|
|
changes:
-translation and documentation updates
-fix for a "minor preference problem"
|
|
|
|
into the correct location.
|
|
Bump PKGREVISION.
|
|
|
|
|
|
* 2006-02-26 00:06 (Cosmetic) Error in FTP listings of files with -> in their name
* 2006-02-26 00:06 (Cosmetic) Harmless typo in ftp.c
* 2006-02-26 00:06 (Minor) Fails to compile on Fedora Core 5 test 2 x86_64
* 2006-02-26 00:06 (Cosmetic) Hangs at 100% CPU if /dev/null is not accessible
* 2006-02-26 00:06 (Cosmetic) New persistent_connection_after_error configuration directive
* 2006-02-26 00:06 (Medium) delay pools given too much bandwidht after "-k reconfigure"
* 2006-02-26 00:06 (Medium) 504 Gateway Time-out on FTP uploads
* 2006-02-26 00:06 (Minor) Some clients support NTLM even if not initially negotiating persiste
* 2006-02-26 00:06 (Minor) Ident access lists don't work in delay_access statements
* 2006-02-26 00:06 (Cosmetic) Segmentation fault on empty proxy_auth ACLs
* 2006-02-26 00:06 (Minor) Issues in processing ranges on objects >2GB
* 2006-02-26 14:36 (Minor) Some 206 responses logged incorrectly
|
|
|
|
1.18 Thu Feb 2 00:11:26 CST 2006
[TESTS]
* Makefile.PL now takes four new parms:
* --live/nolive turns on/off the live tests
* --local/nolocal turns on/off the local tests
* --mech-dump/nomech-dump installs/doesn't the mech-dump program
* --all turns on all tests and installs mech-dump
* Fixed some failures in tests. Non-existent URLs now have a
"." postpended to them, so if someone's got a search domain
with a wildcard (i.e. ignore.us) it'll ignore that. Also,
Google's second link is now a https:// link, which some Mechs
can't handle. Added a 'url_regex' which now makes it look at
the second non-https link. Thanks to Pete Krawczyk.
|
|
|
|
|
|
|
|
include unistd.h.
|
|
|
|
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
|
|
|
|
Addresses CHECK_FILES build failure. Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
OPERA_DIR.
|
|
This release is a recommended security upgrade.
Changes since 8.51:
Display
* Fixed drop-down list problem affecting Bloglines subscription sorting.
Security
* Replaced expired certificates from TrustCenter.
* Solved status bar issue described in Secunia Advisory 17571.
* Implemented stricter handling of the Online Certificate Status Protocol (OCSP).
Miscellaneous
* Fixed problem with missing keypresses when switching between applications.
* Fixed GDI leak issue with favicons causing slowdowns and crashes.
* Fixed Gmail loading problem.
|
|
|
|
Changes in release 0.16.2:
* Fix over-eager move/rename algorithm when handling a
delete of one of a set of identical files.
* DAV: Fix ordering issues with --fetch.
* FTP: Retry after response timeouts for STOR commands.
* Update to neon 0.25.4.
Changes in release 0.16.1:
* FTP: Fix crash in FTP timeout handling.
* Improve error messages from LIST parser failure.
Changes in release 0.16.0:
* Fetch mode now fetches a single directory at a time:
- works with DAV servers which reject "Depth: infinity" PROPFIND
- works with FTP servers which reject the -R flag to LIST
- "exclude" and "ignore" patterns are now matched as expected
against remote files.
* In updates, delete files remotely before creating directories,
to allow the "replace a file with a directory" case to work.
* sftpdriver.c compile fix for older Unixes.
* Fix for German translation (Jens Seidel)
Changes in release 0.15.1:
* Updated Italian translation (Cristian Rigamonti).
* FTP: fix newline handling issues for ASCII file transfers.
* sitecopy.1: explain use of "http secure" (Reed Snellenberger)
* Update to neon 0.25.0:
- fix regressions in WebDAV path-escaping
Changes in release 0.15.0:
* Add SFTP support from Nobuyuki Tsuchimura using "protocol sftp".
* FTP: Ignore symlinks in fetch mode; fix some fetch mode error handling.
* DAV: fix use of remote root path which needed path-escaping.
* rsh/ssh: Filename quoting fixes (Nobuyuki Tsuchimura).
* Apply tempupload option to new files as well as changed files.
* In "sitecopy --flatlist" output, mark ignored items with "|ignored".
* Correct sitecopy.1 documentation: symlinks in the local site are
followed not ignored, by default.
* Add French translation of man page, by Nicolas Girard.
|
|
|
|
Changes with libapreq2-2.07 (released February 12, 2006)
- C API [joes]
SECURITY: CVE-2006-0042 (cve.mitre.org)
Eliminate potential quadratic behavior in apreq_parse_headers() and
apreq_parse_urlencoded().
- Perl API [Philip M. Gollucci]
Fix Apache2::Cookie->cookies() to comply with its documentation
- C API [Philip M. Gollucci]
Use the APREQ_DEFAULT_READ_LIMIT constant for the read_limit
- C API [Ville Skyttd, Dirk Nehring]
Add explicit cast in apreq_escape()/apreq_util.h to keep
C++ compilers happy.
- C API [joes]
Protect against arbitrary recursion depth in apreq_parse_multipart()
by adding a reasonable compile-time MAX_LEVEL limit.
- C API [joes]
Clean up end-of-file parsing for apreq_parse_multipart(),
conforming to rfc-2046 ' 5.1.1.
- Perl API [joes]
Move APR::Request::Param::Table and APR::Request::Cookie::Table
packages to APR::Request module.
- Perl XS [Steve Hay]
Fix compile problems on Win32 without PERL_IMPLICIT_SYS
related to link being an unresolved symbol.
- Perl API [joes]
APR::Request::Cookie::thaw() isn't a class method.
- C API [joes]
Fix off-by-one bug in the continuation-lines portion of the
header parser.
- Perl API [joes]
Move APR::Request::upload to APR::Request, where it belongs.
- Perl XS [Nikolay Ananiev]
Use MP_STATIC declarations to allow Cygwin builds.
- Perl API [joes]
encode()/decode() were busted with zero-length args. This caused
Apache2::Cookie::new() to segfault on cookie value of "".
- C API [joes]
Add apreq_charset_divine() and eliminate charset offset from return
value of apreq_decode(v).
- C API [joes]
Improve the cp1252-charset heuristics for apreq_decode(v).
- C API [Ralph Mattes]
Add explicit casts for apreq_param_charset_* to keep c++ compilers happy.
|
|
|
|
|
|
|
|
Jemplate is a templating framework for Javascript that is built over
Perl's Template Toolkit (TT2).
Jemplate parses TT2 templates using the TT2 Perl framework, but with a
twist. Instead of compiling the templates into Perl code, it compiles
them into Javascript. Jemplate then provides a Javascript runtime
module for processing the template code. Combined with JSON and
xmlHttpRequest, Jemplate provides a simple and powerful way to do Ajax
stuff.
|
|
|
|
Release 3.50
The 3.49 release didn't compile with VC++ because it mixed code
and declarations. Fixed by Steve Hay <steve.hay@uk.radan.com>.
|
|
|
|
changes:
-bugfixes
-UI improvements
-translation updates
|
|
From NEWS:
1.4.10 - 2005-02-08
* added docs for mod_dirlisting
* added fastcgi.map-extensions to mod_fastcgi
* fixed load balancing for mod_fastcgi
* fixed extra newline for syslog() in mod_accesslog
* fixed user-track cookie for IE in mod_usertrack
* fixed crash in digest handling in mod_auth
* fixed handling of 301 response-bodies from a mod_proxy backend
* fixed loading of base modules if server.modules is not set
* fixed broken cgi if mod_scgi is loaded
1.4.9 - 2006-01-14
* added server.core-files option (sandy <sandy@meebo.com>)
* added docs for mod_status
* added mod_evasive to limit the number of connections by IP (<w1zzard@techpowerup.com>)
* added the power-magnet to mod_cml
* added internal statistics to mod_fastcgi
* added server.statistics-url to get internal statistics from mod_status
* added support for conditional range-requests through If-Range
* added static building via scons
* fixed 100% cpu loops in mod_cgi ("sandy" <sjen@cs.stanford.edu>)
* fixed handling for secure-download.timeout (jamis@37signals.com)
* fixed IE bug in content-charset in the output of mod_dirlisting (sniper@php.net)
* fixed typos and language in the docs (ryan-2005@ryandesign.com)
* fixed assertion in mod_cgi on HEAD request is Content-Length (<sandy@meebo.com>)
* fixed handling if equal but duplicate If-Modified-Since request headers
* fixed endless loops in mod_fastcgi if backend is dead
* fixed Depth: 1 handling in PROPFIND requests on empty dirs
* fixed encoding of UTF8 encoded dirlistings (Jani Taskinen <sniper@iki.fi>)
* fixed initial bind to a unix-domain socket through server.bind
* fixed handling of lowercase filesystems
* fixed duplicate request headers cause by mod_setenv
|
|
|
|
HTML::Prototype::Useful adds some more useful features for AJAX development
based on the Prototype library, as HTML::Prototype is a straight port
of the ruby implementation.
|
