| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
packages up to date.
|
|
# problem with WWW/Library/Implementation
MAKE_JOBS_SAFE= no
|
|
|
|
Changes to squid-2.6.STABLE13 (11 May 2007)
- Make sure reply headers gets sent even if there is no body available
yet, fixing RealMedia streaming over HTTP issues.
- Undo an accidental name change of storeUnregisterAbort.
- Kill an ancient malplaced storeUnregisterAbort call from ftp.c
- Bug #1814: SSL memory leak on persistent SSL connections
- Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
- Cosmetic fix: added missing newline in WCCPv2 configuration dump.
- Ukrainan error messages
- Convert various error pages from DOS to UNIX text format
- Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
- Clarify the max-conn=n cache_peer option syntax slightly
- Bug #1892: COSS segfault on shutdown
- Windows port: fix undefined ECONNABORTED
- Make refreshIsCachable handle ETag as a cache validator, not
only last-modified
- in_port_t is not portable, use unsigned short instead
- Fix fs / auth / snmp dependencies
- Portability: statfs() may reqire #include <sys/statfs.h>
|
|
pkgsrc, in preparation for gnome1-libs removal(*).
There was no feedback for keeping these packages after my
HEADS UP mail to pkgsrc-users a week ago.
(*) More to come before that can happen, though.
|
|
|
|
|
|
firefox-gtk1-2.0.0.3nb1 now, as discussed with gdt on tech-pkg.
|
|
firefox-bin-2.0.0.3 now, as discussed with gdt on tech-pkg.
|
|
firefox-2.0.0.3nb1 now, as discussed with gdt on tech-pkg.
|
|
and change notes). Firefox 1.5.0.x will be maintained in www/firefox15*,
as discussed on tech-pkg.
|
|
|
|
|
|
2007-05-09 (2.8.6rel.5 fix from 2.8.7dev.5)
* correct loop-limit in print_crawl_to_fd(), which broke
"lynx -crawl -dump" from 2.8.6dev.9 changes (Mandriva #29785) -TD
|
|
Pointed out by Geert Hendrickx on tech-pkg@
|
|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* XSS in phpinfo() (MOPB-8 by Stefan Esser)
|
|
Bump package revision.
|
|
pick up the new dependencies properly
|
|
|
|
Trac-0.10.4-ja-1 (Mar 5, 2007)
* Merge trac-0.10.4
* Fixes miss typing.
* wiki-default/CamelCase
* wiki-default/TracQuery
* Update to current statement.
* README.trac-ja
* wiki-default/TracJa
Trac 0.10.4 (Apr 20, 2007)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.4
Trac 0.10.4 is a bug fix release. The following list contains only a
few highlights:
* Repository cache improvements. The new syncing scheme is incompatible with
the previous one and requires a database schema upgrade in order to prevent
the old and the new codebase to be mixed. A repository resync is not needed,
though. The 0.10.4 scheme is compatible with the 0.11 one.
(#3837, #4043 and #4586)
* Fix a possible freeze under heavy load (#4465)
The complete list of closed tickets can be found here:
http://trac.edgewall.org/query?status=closed&milestone=0.10.4
|
|
|
|
URI::Fetch is a smart client for fetching HTTP pages, notably syndication
feeds (RSS, Atom, and others), in an intelligent, bandwidth- and time-saving
way.
|
|
|
|
Pkgsrc changes:
- Suffix changed from the default (.tar.gz) to .tgz.
- Marked the package as supporting installation to DESTDIR.
Changes since version 3.0302:
=============================
VERSION 3.0501
Bugfix release to repair a memory leak and a few "other" field edge
cases.
VERSION 3.05
Just a short time after 3.04, several new features evolved very quickly:
Fieldset support
A new "fieldsets" option to "new()" and a "fieldset" option to the
"field()" method can be used to organize your form into sections.
Currently works with the built-in "<table>" and new "<div>" renderer
only, but template support is in the works.
Div rendering
In addition to the builtin "<table>" rendering module, a new "Div"
rendering template has been included as well. If you select this, you
get a table-free form which you can manipulate using stylesheets:
$form->new(template => {type => 'div'});
This provides a couple additional benefits, like separate divs for every
submit button.
Additional classes
A couple additional CSS classes were added, wrapping around the fields
as a unit for better styling. The "<form>" tag now gets a ".fb_form"
style as well.
Fixed HTML::Template support
A couple bugs were introduced in 3.04 that have been fixed, and more
tests added.
VERSION 3.04
In addition to the below features, a new Catalyst FormBuilder plugin is
available on CPAN, "Catalyst::Plugin::FormBuilder".
New $form->prepare() method
You can now use "$form->prepare()" to get back an expanded hashref just
before "$form->render()" is called. This allows you to use FormBuilder
with Catalyst or other frameworks more easily, where the rendering is
done elsewhere:
my %expansion = $form->prepare;
This could be passed directly to, say, Template Toolkit without having
to use FormBuilder's Template Toolkit support.
New "inflate" option to field()
This is used the convert fields on the fly into objects or other values.
For example, you could convert a "date" field into a DateTime object.
Nice patch from Mark Hedges, check it out.
Turkish messages
Thanks to Recai Oktas.
Added "missing" property for fields
This can be queried in templates. To see if a field is missing
altogether, you can check "field.missing" or "missing-field" depending
on your template engine of choice.
Removal of custom "puke" and "belch"
FormBuilder now uses "Carp" and @CARP_NOT to handle its errors. As such,
you will probably notice some differences in error output. The benefit
is that setting "debug" will give you a stack trace on fatal errors.
CGI::FormBuilder::Template::Builtin
Moved the "render_builtin()" method to the above module, to unify the
rendering schemes.
New FORMBUILDER_DEBUG environment variable
Setting this has the same effect as using the "debug" option.
Removal of excess documentation
Removed all the stub docs from "Field::*" and "Messages::*" to make CPAN
happy.
|
|
Pkgsrc changes:
- Marked the package as supporting installation to DESTDIR.
Changes since version 2.7:
==========================
2.9 Mon Jan 29 15:54:03 EST 2007
- New Feature: the new force_untaint option makes sure you do not
pass tainted values to param(). [Sven Neuhaus]
- New Feature: Added ESCAPE=NONE as a synonym for ESCAPE=0. Fixed
both to work with default_escape. [cpan@punch.net]
- Bug Fix: DEFAULT didn't work with URL and JS escaping.
- Bug Fix: Long-standing bug where variables set in a loop weren't
available inside inner loops under global_vars if the variable
wasn't actually used in the outer loop. (Thanks to Richard Fein
for help debugging the fix.)
- Doc Fix: Changed references to CVS in the docs to Subversion now that
the switch is complete.
- Test Fix: At long last, the work from the Phalanx project has
been merged! The tests are now more complete and easier to work
on. Thanks Phalanx guys!
2.8 Wed Dec 21 18:37:39 EST 2005
- New Feature: the new default_escape option allows you to apply
escaping to all variables in a template. [Alex Kapranoff]
- Bug Fix: ESCAPE wasn't working on variables containing code-refs.
- Bug Fix: Changed HTML::Template to help sub-classes by called
_new_from_loop() via ref($self) rather than hard-coding the package
name. [Mark Stosberg]
- Bug Fix: Including more than one <tmpl_else> tag in <tmpl_unless> or
<tmpl_unless> now dies with an error message, instead of silently ignoring
one of the clauses. [Mitar and Mark Stosberg]
- Bug Fix: Fixed HTML::Template to re-evaluate conditions to handle
<tmpl_else>. This bug could cause HTML::Template to take both
branches of a conditional if a code-ref parameter returned a
different value when called a second time. [Emanuele Zeppieri]
|
|
Changes:
* Ruby 1.8.6 compatibility
* Stop swallowing errors during rake test
|
|
different numbering in creating HTML files on different platforms.
|
|
The first official production quality version. See ChangeLog
for the complete list of changes.
http://mongrel.rubyforge.org/releases/ChangeLog
|
|
|
|
(also close PR 30724)
This module strips HTML-like markup from text.
It is written in XS, and thus about five times quicker than using
regular expressions for the same task.
|
|
|
|
Changes between 1.2.21 and 1.2.22
Native
Refactor line endings logging to make it correct for all platforms and webservers. (mturk)
Added command line windows make files. (mturk)
Allow fail_on_status directive to be multi line. (mturk)
42076: Fix name of new option from ForwardCertChain to ForwardSSLCertChain as documented. (rjung)
Docs: Fix a couple of typos, change format of a few tables, fix links to news pages. (rjung)
Fix correct URL for TC 6 examples in new IIS rewrite.properties configuration example file. (rjung)
Add svn properties to several files. (rjung)
Add TC 6 examples to uriworkermap.properties in config examples. (rjung)
Allow multiple status codes for fail_on_status directive. The status codes can be delimited by space or comma characters. (mturk)
IIS. Added pcre like regular expressions for url rewrite rules. (mturk)
41922: Apache 1.3. Enable JkEnvVar. (mturk)
Apache. Add --enable-flock configure parameter for explicit compilation of faster flock() system calls for OS supporting those calls. By default the fcntl system call for locking will be used that is a little bit slower but it can work on NFS mounted volumes as well. (mturk)
41562: Add Debug logging for read from client in ISAPI Redirector. Contributed by Tim Whittington. (mturk)
Apache. Add ForwardSSLCertChain JkOption. Contributed by Patrik Schnellmann. (mturk)
IIS. Do not forbid access to web-inf or meta-inf if there is no mapped worker. This allows to have resource with those names that are outside mapped contexts. (mturk)
Apache. Use process id for creating shared memory name and delete shared memory and shared memory lock files on exit. (mturk)
IIS. Fix Keep-Alive regression introduced in 1.2.21. (mturk)
Delete unused check for empty init_map during startup. (rjung)
41770: Fix startup error if no JkWorkersFile is used. (rjung)
Use JK_TRUE/JK_FALSE instead of OK/!OK as return values in init_jk(). (rjung)
Minor adjustments to apache startup log messages (when to use STDERR, remove deprecated NOERRNO flag, shm warning and warnings for usage of default files). (rjung)
Replace APR precompiler directive by httpd mpm_query to detect MPM threading. Add a debug log message about auto-detected pool size. (rjung)
Make MMN check easier to understand and a little more precise (for new ap_get_server_banner()/ap_get_server_description()). We use the new API only for Apache httpd 2.3. This way our binaries are not tightly coupled to a minor 2.0 version, and we don't use ap_get_server_banner() any way. (rjung)
Use the full description string ap_get_server_description() instead of the truncated info from ap_get_server_banner(), because this info gets used internally (status worker display and ajp14 backend communication) and is not send back to the normal user. (rjung)
41757: Document the "--enable-prefork" flag of configure. (rjung)
Enhance log messages for failures when parsing attribute maps. (rjung)
Correct log message during worker initialization, in case remote host could not be resolved. We logged the default host name "localhost" instead of the configured one. (rjung)
41770: Fix the second part of the bug: local_worker and local_worker_only is missing from the list of deprecated attributes (and not supported either), so prevents the web server from startup. (rjung)
Changes between 1.2.20 and 1.2.21
Native
CVE-2007-0774 : A denial of service and critical remote code execution vulnerability. Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes. Reported by ZDI (www.zerodayintiative.com). Please note this issue only affected versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server Connector and not previous versions. Tomcat 5.5.20 and Tomcat 4.1.34 included a vulnerable version in their source packages. Other versions of Tomcat were not affected.
Check the worker. parameters and don't start if the parameter is not a valid one. (jfclere)
41439: Allow session IDs to get stripped off URLs of static content in Apache by adding JkStripSession directive (configurable per vhost). (mturk)
Change semantics of empty defaults for JkEnvVar variables. Until 1.2.19: not allowed. In 1.2.20: send variables as empty strings, if neither set to non empty in config, nor during runtime. Starting with 1.2.21: If config has no second argument only send variable if set (even when set to empty string) during runtime. Allows good combination with condition attribute in tomcat access log. (rjung)
41610: Fix incorrect detection of missing Content-Length header leading to duplicate headers. Contributed by Boris Maras. (rjung)
Better build support for SunONE (Netscape/iPlanet) webservers. (jim)
Add warning if duplicate map keys are read and are not allowed, e.g. when parsing uriworkermap.properties. (rjung)
Don't concat worker names, if uriworkermap.properties has a duplicate pattern, instead overwrite the worker. (rjung)
Log deprecation message even in duplication case. (rjung)
uriworkermap.properties: Fix off-by-one problem when deleting URL mapping during reloading of uriworkermap.properties. (rjung)
41439: Allow session IDs to get stripped off URLs of static content in IIS (configurable). (rjung)
41333: Refactoring isapi_plugin configuration reading. (rjung)
41332: Add some more errno logging and unify the format. (rjung)
JkStatus: Improved logging by adding status worker name to messages. Added messages to the recover worker action. (rjung)
JkStatus: Refactoring searching for workers and sub workers. (rjung)
41318: Add configuration to make status worker user name checks case insensitive. (rjung)
JkStatus: Add estimated time until next global maintenance to other mime types and adopt jkstatus ant task. (rjung)
JkStatus: Show estimated time until next global maintenance. Change displayed time until next recovery to a min/max pair. (rjung)
JkStatus: Allow a user of a read/write status worker to switch it to and from read_only mode temporarily. (rjung)
JkStatus: Do not show read/write commands in a read_only status worker. (rjung)
JkStatus: Allow lb sub workers in error state to be marked for recovery administratively from the status worker. (rjung)
Load Balancer: Do not try to recover multiple times in parallel. Use additional runtime states "PROBE" and "FORCED". (rjung)
JkStatus: Improve data synchronization between different processes. (rjung)
41381: Fix segfault in feature fail_on_status (wrong order of log arguments). Patch by Juri Haberland. (rjung)
Use correct windows line endings for log file on WIN32 platform. (rjung)
Changes between 1.2.19 and 1.2.20
Native
JkStatus Ant Task documentation page. (pero/rjung)
JkStatus Ant Tasks: Add new tasks for update and reset. (pero)
JkStatus Ant Tasks: Update for new xml status format. (pero)
Allow integer and string values when setting enumeration/boolean attributes via status worker update action. (rjung)
Docs: New reference guide page for status worker. (rjung)
Docs: Renaming the config dir to reference and using the title Reference Guide in the docs. (rjung)
Added retry_on_status for workers directive. (mturk)
Status Worker: Add directive to make property prefix and good/bad rule configurable. (rjung)
Status Worker: Omit lb members when att=nosw. (rjung)
Status Worker: New command cmd=version for a short version output. (rjung)
Status Worker: New output stype mime=prop produces property lists. (rjung)
Apache: Fix incorrect handling of JkEnvVar when Vars are set multiple times. (rjung)
Renamed jvm_route to route. Deprecated jvm_route, but still use it as fallback when parsing the worker configuration. (rjung)
IIS: Make uriworkermap file reload check interval configurable. (mturk)
Apache: Make uriworkermap file reload check interval configurable. (rjung)
Status Worker: Add directives for customizing the XML output (ns, xmlns, doctype). (mturk)
Docs: New page with description of uriworkermap. (rjung)
Docs: Added short description of max_packet_size to worker reference. (rjung)
Status Worker: All functions accessible also for xml and txt mime types (list, show, update, reset). (rjung)
Status Worker: New global health indicators for load balancers named bad (error, recovering or stopped), degraded (busy or disabled) and good (the rest, active and OK or N/A). (rjung)
Status Worker: New edit page, to change one attribute for all members of a load balancer. (rjung)
Status Worker: Standard logging for status worker. (rjung)
Status Worker: code refactoring. (rjung)
Status Worker: New attribute user (list) denies access, if the request user in the sense of remote_user is not in this list. Empty list = no deny (rjung)
Status Worker: New attribute read_only disables the parts of the status worker, that change states and configurations. (rjung)
36121: Don't change main uri when mod_jk serves included uri. (markt)
Apache VHosts: Merge JkOptions +base - -base + +vhost - -vhost. (rjung)
Apache Docs: Adding requirements, context information, default values and inheritance rules to the Apache config documentation. (rjung)
Status Worker: Add source type to status worker, remove the redundant "context" column in the map listing (context=uri). (rjung)
uriworkermap: On reload of the file, all old entries from the previous file version get deleted, before the new ones are being read. (rjung)
Keep normal maps and exclusion maps internally separate. Don't treat them as the same when adding a rule. (rjung)
Status Worker: Display mapping rules also for non-lb workers and in global view. (rjung)
Apache VHosts: Use the vhost log files instead of the main log. (rjung)
Apache VHosts: Allow individual timestamp formats by refactoring the formatting method. (rjung)
Apache VHosts: Adding all missing config items to the virtual host level. Don't overwrite the settings from the global server, but inherit them in case they are not set in the virtual host. (rjung)
Apache: remove unnecessary function names from log messages. (rjung)
Apache: add a default log file location and a message, if the default gets used. (rjung)
Apache: add missing JK_IS_DEBUG_LEVEL() (rjung)
Apache VHosts: Allow JkWorkersFile, JKWorkerProperty, JkShmFile and JkShmFileSize only in global virtual server. (rjung)
Add some more jk_close_socket() and reduce log level for some info messages. (rjung)
Load Balancer: Added the Sessions strategy. Contributed by Takayuki Kaneko. (rjung)
Docs: Minor enhancements and syncing with more recent versions. (rjung)
40997: Separate uri mappings from their '!' counterpart when checking for duplicates in uriworkermap reloading. (rjung)
40877: Make sure the shared memory is reset on attach for multiple web server child processes. (mturk)
IIS: Added shm_size property to be able to deal with over 64 workers configurations. (mturk)
IIS: Increase default thread count to 250, so its the same as Apache Httpd default configuration. (mturk)
40966: Fix socket descriptor checks on windows. (mturk)
40965: Initialize missing service parameters. (mturk)
40938: Fix releasing of rewrite map. Thanks to Chris Adams for spotting that. (mturk)
Apache: Added +FlushHeader JkOptions. (mturk)
Added explicit flush when AJP body packet size is zero. (mturk)
40856: Fixing case sensitivity bug in URL mapping. (rjung)
40793: Documentation: Improvements to Apache HowTo provided by Paul Charles Leddy. (markt)
40774: Fixing wrong recursion termination. This one restricted the "reference" feature unintentionally to 20 workers. (rjung)
40716: Adding "reference" feature to IIS and Netscape. (rjung)
Documentation: Corrected SetEnvIf syntax in JK_WORKER_NAME example. (rjung)
Documentation: Added forgotten STATE and ACTIVATION notes for load balancer logging in Apache. (rjung)
Apache: Use instdso.sh instead libtool: libtool does not work on HP-UX for example. (jfclere)
|
|
Tomcat 5.5.23 (fhanik)
Catalina
41608 Make log levels consistent when Servlet.service() throws an exception. (markt)
41666 Correct handling of boundary conditions for If-Unmodified-Since and If-Modified-Since headers. Patch provided by Suzuki Yuichiro. (markt)
41674 Fix error messages when parsing context.xml that incorrectly referred to web.xml. (markt)
41739 Correct handling of servlets with a load-on-startup value of zero. These are now the first servlets to be started. (markt)
Coyote
Requests with multiple content-length headers are now rejected. (markt)
Tomcat 5.5.22 (fhanik)
General
Fix regression in build that prevented connectors from building. (markt)
Tomcat 5.5.21 (fhanik)
Catalina
41401: StandardService.getConnectorNames() return array of Connector JMX objectnames. (pero)
29727: If env-entry values in web.xml are changed then ensure new values are applied when context is reloaded. (markt)
34956: Ensure request and response objects passed to a RequestDispatcher meet the requirements of SRV.8.2 and SRV.14.2.5.1. This is disabled by default. The Java option -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true is required to enable this test. (markt)
36274: When including static content with the DefaultServlet also treat content types ending in xml as text. (markt)
36976: Don't use CATALINA_OPTS when stopping Tomcat. This allows options for starting and stopping to be set on JAVA_OPTS and options for starting only to be set on CATALINA_OPTS. Without this fix, some startup options (eg the port for remote JMX) would cause stop to fail. Based on a fix suggested by Michael Vorburger. (markt)
37070: Update mbean name documentation to include the StandardWrapper. (markt)
37356: Ensure sessions time out correctly. This has been fixed by removing the accessCount feature by default. This feature prevents the session from timing out whilst requests that last longer than the session time out are being processed. This feature is enabled by setting the Java option -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true The feature is now implemented with synchronization which addresses the thread safety issues associated with the original bug report. (markt)
37439: Update documentation for Engine component to add the requirement that the name must be unique. (markt)
37458: Add syncs to the WebappClassloader to address rare issues when multiple threads attempt to load the same class concurrently. (markt)
37509: Do not remove whitespace from the end of values defined in logging.properties files. (markt)
38198: Add reference to Context documentation from Host documentation that explains how Context name is obtained from the Context filename. (markt)
39088: Prevent infinte loops when an exception is thrown that returns itself for getRootCause(). Based on a patch by Wouter Zelle. (markt)
39436: Correct MIME type for SVG. (markt)
39627: JULI no longer ignores a ".level=XXX" directive in logging.properties. Patch provided by Roger Keays and Richard Fearn. (markt)
39724: Removing the last valve from a pipeline did not return the pipeline to the original state. Patch provided by David Gagon. (markt)
40367: Update JK auto configuration documentation to clarify that workers.properties must also exist. (markt)
40524: HttpServletRequest.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT for certificate authentication as per the spec. Note that web.xml continues to use CLIENT-CERT to specify the certificate authentication should be used. (markt)
40526: Add support for JPDA_OPTS to catalina.bat and add a JPDA_SUSPEND environment variable to both startup scripts. Patch provided by Kurt Roy. (markt)
40528: Add missing message localisations as provided by Ben Clifford. (markt)
40585: Fix parameterised constructor for o.a.juli.FileHandler so parameters have an effect. (markt)
40625: Stop CGIServlet swallowing the root cause of an exception. Patch provided by Takayoshi Kimura. (markt)
40723: Correct table creation example in JavaDoc for JDBCAccessLogValve. (markt)
40802: Add jsp-api.jar to fileset in catalina-tasks.xml as provided by Daniel Santos. (pero)
40817: Correct problem where CGI scripts in the root of the ROOT context threw a StringIndexOutOfBoundsException. (markt)
Set the SCRIPT_FILENAME environment variable required by PHP when using the CGIServlet to execute PHP. (markt)
40823: Update context doc to clarify use of ROOT.xml, multi-level context paths and to further discourage use of server.xml (markt)
40844: Add additional syncs to JDBCRealm to resolve NPE when two users try to authenticate using DIGEST authentication at the same time. (markt)
40860: Log exceptions and other problems during parameter processing. (markt)
40901: Encode directory listing output. Based on a patch provided by Chris Halstead. (markt)
40929: Correct JavaDoc for StandardCalssLoader. (markt)
41008: Allow POST to be used for indexed queries with CGI Servlet. Patch provided by Chris Halstead. (markt)
41020: Improve error message when custom error report Valve fails to load. Also remove requirement that custom error report Valves extend ValveBase. (markt)
41217: Set secure attribute on SSO cookie when cookie is created during a secure request. Patch provided by Chris Halstead. (markt)
Ensure Accept-Language headers conform to RFC 2616. Ignore them if they do not. (markt)
Make provided instances of RequestDispatcher thread safe. (markt)
Fix formatting of CGI variable SCRIPT_NAME. (markt)
34643: Improved documentation for per-user / per-session clientAuth usage in SSL Authenticator. Docs provided by jack and Ralf Hauser. (yoavs)
40668: Update release notes and readme files specific to v5.5.20 to notify users of missing MailSessionFactory in distribution, suggest workarounds, and link to relevant Bugzilla issue. (yoavs)
37977: adapt BUILDING.txt and net build.xml for SVN. Patch by Christopher Sahnwaldt. (yoavs)
39055: Link to sample workaround code for using JSR160 JMX monitoring with a local firewall. Thanks to George Lindholm for the patch. (yoavs)
39476: add xml declaration to most build.xml files, as suggested by Gregory S. Hoerner Sr. (yoavs)
40326: stop using File#deleteOnExit in DefaultServlet to avoid JVM memory leak, as suggested by quartz. (yoavs)
40192: update setup.html notes regarding Windows tray icon. (yoavs)
40177: add more warnings to documentation about RequestDumperValve character encoding. (yoavs)
39255: NPE in AuthenticatorBase when logging level is set to DEBUG and no prinicpal found. (yoavs)
41437: Make log messages and loglevel consistent during Context start. Patch provided by Suzuki Yuichiro. (markt)
Coyote
38332: Add backlog attribute to ChannelSocket as provided by Takayoshi Kimura. (pero)
Backport packetSize feature from Tomcat 6.0.x at standard coyote AJP Jk handler. (pero)
40771: Fix implementation of SavedRequestInputFilter.doRead() so POST data may be read using a Valve or Filter. Patch provided by Michael Dufel. (markt)
41017: Restore behaviour of MessageBytes.setString(null). (remm/markt)
41057: Modify StringCache to add a configurable upper bound to the length of cached strings. (remm/markt)
38774: Check javax.net.ssl.keyStorePassword system property as a secondary source for keystore password in JSSESocketFactory, as suggested by Ted X. Toth. (yoavs)
39402: Modify existing Vary HTTP header, rather than overwrite it, if it exists when using GZip compression. Patch by Matthew Cooke. (yoavs)
40241: Catch Exceptions instead of Throwables in Default and SSI servlets. Also improve relevant logging while we're at it. (yoavs)
40133: Better error message when context name is not available on startup, as suggested by Andreas Plesner Jacobsen. (yoavs)
Jasper
39975: don't have static Log references to prevent classloader leaks. (yoavs)
40104: When displaying JSP source after an exception, handle included files. (markt)
40797: This was a regression as a result of the fix for 33407. TLD validation was failing as a result of the use of the escape character (0x1b) as a temporary replacement for \$. An alternative character (0xe000) from the unicode private use range is now used. (markt)
41057: Make jsp:plugin output XHTML compliant. (markt)
41327: Show full URI for a 404. Patch provided by Vijay. (markt)
41265: Allow JspServlet checkInterval init parameter to be explicitly set to the stated default value of zero by removing the code that resets it to 300 if explicitly specified as zero. (markt)
Display the JSP source when a compilation error occurs and display the correct line number rather than start of a scriptlet block. (markt)
Webapps
34952: Clarify that the Windows Installer always installs a Windows service. (markt)
35968: Make environment entry properties input a text area. Patch provided by Tristan Marly. (markt)
37588: Fix creation of JNDI Realm in admin application. Patch provided by Terry Zhou. (markt)
38048: Fix memory leak assoaciated with use of expression language in JSPs. Patch provided by Taras Tielkes. (markt)
39572: Improvements to CompressionFilter example provided by Eric Hedstrom. (markt)
40507: Update host-manager and servlet-examples web-apps to use the servlet 2.4 xsd. Patch provided by Chris Halstead. (markt)
40581: Add information on the use of a symbloic link as the docBase for a Context to the Context documentation. (markt)
40633: Remove references to the DefaultContext from the documentation. (markt)
40677: Update SSL documentation to indicate that PKCS11 keystores may be used. (markt)
40714: Admin webapp no longer requires a username for a DataSource since it is not required in all cases. (markt)
40720: Fix exception in admin webapp when adding a group to a user. (markt)
40874: Correct log4j configuration in documentation webapp. Patch provided by Franck Borel. (markt)
40999: Add trust store configuration for SSL connectors to the admin webapp. (markt)
41051: Add information on keystore aliases and case sensitivity to SSL HOW-TO. (markt)
41182: Update the Jasper documentation for the classpath attribute. (markt)
41493: Fix handling of APR connectors in Admin webapp. (markt)
41512: Version number was not inserted in release notes. (markt)
40257: Update Manager webapp howto on remote deployment to reflect need for explicit path in one specific use-case. Thanks to Venkatesh Jayaraman. (yoavs)
40160: add reference to the Filter proposed in this Bugzilla item to the WebdavServlet. While at it, give the WebdavServlet some long-overdue TLC by cleaning up some of the old data structures in favor of modern (but still JDK 1.4-compliant) interfaces. (yoavs)
Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
Cluster
Add clustered SSO code and backport feature from Tomcat 6.0.x, submitted by Fabien Carrion (pero)
Add better recovery at FastAsyncQueueSender. Made the startegy more robust for temporary connection problems (pero)
|
|
Patch provided by David H. Gutteridge in PR 35240.
Ok by tnn@, no affect HP-UX.
|
|
|
|
|
|
Most important changes are:
- fix a crash for files with an mtime of 0
- fix cpu hog in certain requests
- added mod_extforward module
- reduced default PATH_MAX to 255
|
|
Do not work yet, but that will help people to test and fix COMPAT_LINUX32.
|
|
|
|
Based on patch provided in PR 36156.
0.27
* 0.26 release apparently didn't get to cpan correctly
0.26
* Supports multi-line encoded values in query_sting (like foo%0Abar) -- Dobrica Pavlinusic
* Fixes to URI unescaping to behave like apache does
0.24
* Hopefully deal with an odd case where a poorly behaved Internet Explorer could crash the server.
Thanks to the Catalyst project.
0.23
Fix a release-engineering messup. Thanks to ANDK
0.22 Wed Oct 18 23:36:34 EDT 2006
* Query string processing improvements
0.21 Wed Oct 18 23:31:42 EDT 2006
[rt.cpan.org #21727] [PATCH] Support for Perl 5.004
-- Sebastien Aperghis-Tramoni
0.20
Require POSIX only if we need it, rather than "use" it all the time
[cpan #17533] - Brad Bowman
0.19
Catch and ignore SIGPIPE, so broken pipes from the client don't cause
Standalone to drop all the way back to the shell.
|
|
|
|
Newer versions are in gtkhtml314.
|
|
the 3.8 branch.
|
|
See http://www.opera.com/docs/changelogs/linux/920/
to see changes for this release.
|
|
|
|
|
|
Version 7.16.2 (11 April 2007)
Yang Tse (10 April 2007)
- Ravi Pratap provided some fixes for HTTP pipelining
- configure script will ignore --enable-sspi option for non-native Windows.
Daniel S (9 April 2007)
- Nick Zitzmann did ssh.c cleanups
Daniel S (3 April 2007)
- Rob Jones fixed better #ifdef'ing for a bunch of #include lines.
Daniel S (2 April 2007)
- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The
accepted commands are as follows:
chgrp (gid) (path)
Changes the group ID of the file or directory at (path) to (gid). (gid)
must be a number.
chmod (perms) (path)
Changes the permissions of the file or directory at (path) to
(perms). (perms) must be a number in the format used by the chmod Unix
command.
chown (uid) (path)
Changes the user ID of the file or directory at (path) to (uid). (uid)
must be a number.
ln (source) (dest)
Creates a symbolic link at (dest) that points to the file located at
(source).
mkdir (path)
Creates a new directory at (path).
rename (source) (dest)
Moves the file or directory at (source) to (dest).
rm (path)
Deletes the file located at (path).
rmdir (path)
Deletes the directory located at (path). This command will raise an error
if the directory is not empty.
symlink (source) (dest)
Same as ln.
Daniel S (1 April 2007)
- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many
easy handles are added to a multi handle, by avoiding the looping over all
the handles to find which one to remove.
- Matt Kraai provided a patch that makes curl build on QNX 6 fine again.
Daniel S (31 March 2007)
- Fixed several minor issues detected by the coverity.com scanner.
- "Pixel" fixed a problem that appeared when you used -f with user+password
embedded in the URL.
Dan F (29 March 2007)
- Don't tear down the ftp connection if the maximum filesize was exceeded
and added tests 290 and 291 to check.
- Added ftps upload and SSL required tests 401 and 402.
- Send an EOF message before closing an SCP channel, as recommended by
RFC4254. Enable libssh2 tracing when ssh debugging is turned on.
Yang Tse (27 March 2007)
- Internal function Curl_select() renamed to Curl_socket_ready()
New Internal wrapper function Curl_select() around select (2), it
uses poll() when a fine poll() is available, so now libcurl can be
built without select() support at all if a fine poll() is available.
Daniel S (25 March 2007)
- Daniel Johnson fixed multi code to traverse the easy handle list properly.
A left-over bug from the February 21 fix.
Dan F (23 March 2007)
- Added --pubkey option to curl and made --key also work for SCP/SFTP,
plus made --pass work on an SSH private key as well.
- Changed the test harness to attempt to gracefully shut down servers
before resorting to the kill -9 hammer.
- Added test harness infrastructure to support scp/sftp tests, using
OpenSSH as the server.
- Fixed a memory leak when specifying a proxy with a file: URL.
Yang Tse (20 March 2007)
- Fixed: When a signal was caught awaiting for an event using Curl_select()
or Curl_poll() with a non-zero timeout both functions would restart the
specified timeout. This could even lead to the extreme case that if a
signal arrived with a frecuency lower to the specified timeout neither
function would ever exit.
Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in
Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR
defined both functions will return as soon as a signal is caught. Use it
at your own risk, all calls to these functions in the library should be
revisited and checked before fully supporting this feature.
Yang Tse (19 March 2007)
- Bryan Henderson fixed the progress function so that it can get called more
frequently allowing same calling frecuency for the client progress callback.
Dan F (15 March 2007)
- Various memory leaks plugged and NULL pointer fixes made in the ssh code.
Daniel (15 March 2007)
- Nick made the curl tool accept globbing ranges that only is one number, i.e
you can now use [1-1] without curl complaining.
Daniel (10 March 2007)
- Eygene Ryabinkin:
The problem is the following: when we're calling Curl_done and it decides to
keep the connection opened ('left intact'), then the caller is not notified
that the connection was done via the NULLifying of the pointer, so some easy
handle is keeping the pointer to this connection.
Later ConnectionExists can select such connection for reuse even if we're
not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
false and we can reuse this connection for another easy handle. But thus the
connection will be shared between two easy handles if the handle that wants
to take the ownership is not the same as was not notified of the connection
was done in Curl_done. And when some of these easy handles will get their
connection really freed the another one will still keep the pointer.
My fix was rather trivial: I just added the NULLification to the 'else'
branch in the Curl_done. My tests with Git and ElectricFence showed no
problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
so it was a considerable amount of Curl's work.
Dan F (9 March 2007)
- Updated the test harness to add a new "crypto" feature check and updated the
appropriate test case to use it. For now, this is treated the same as the
"SSL" feature because curl doesn't list it separately.
Daniel (9 March 2007)
- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.
- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
machine type too.
- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
upload a file it couldn't open. Bug #1676581
(http://curl.haxx.se/bug/view.cgi?id=1676581)
Dan F (9 March 2007)
- Updated the test harness to check for protocol support before running each
test, fixing KNOWN_BUGS #11.
Dan F (7 March 2007)
- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
harness. It is very limited as it supports only ftps:// URLs with
--ftp-ssl-control specified, which implicitly encrypts the control
channel but not the data channels. That allows stunnel to be used with
an unmodified ftp server in exactly the same way that the test https
server is set up.
Dan F (7 March 2007)
- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
unencrypted data connections.
Dan F (6 March 2007)
- Fixed a couple of improper pointer uses detected by valgrind in test
cases 181 & 216.
Daniel (2 March 2007)
- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
makefiles that are included in the source release archives, generated from
the Makefile.vc6 files by the maketgz script. I also modified the root
Makefile to have a VC variable that defaults to vc6 but can be overridden to
allow it to be used for vc8 as well. Like this:
nmake VC=vc8 vc
Daniel (27 February 2007)
- Hang Kin Lau found and fixed: When I use libcurl to connect to an https
server through a proxy and have the remote https server port set using the
CURLOPT_PORT option, protocol gets reset to http from https after the first
request.
User defined URL was modified internally by libcurl and subsequent reuse of
the easy handle may lead to connection using a different protocol (if not
originally http).
I found that libcurl hardcoded the protocol to "http" when it tries to
regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
follows and it's working fine so far
Daniel (25 February 2007)
- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
the multi interface. Note that it still does a part of the connection in a
blocking manner.
Daniel (23 February 2007)
- Added warning outputs if the command line uses more than one of the options
-v, --trace and --trace-ascii, since it could really confuse the user.
Clarified this fact in the man page.
Daniel (21 February 2007)
- Ravi Pratap provided work on libcurl making pipelining more robust and
fixing some bugs:
o Don't mix GET and POST requests in a pipeline
o Fix the order in which requests are dispatched from the pipeline
o Fixed several curl bugs with pipelining when the server is returning
chunked encoding:
* Added states to chunked parsing for final CRLF
* Rewind buffer after parsing chunk with data remaining
* Moved chunked header initializing to a spot just before receiving
headers
Daniel (20 February 2007)
- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
line option.
Daniel (19 February 2007)
- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.
- Shmulik Regev found a memory leak in re-used HTTPS connections, at least
when the multi interface was used.
- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
5).
Daniel (18 February 2007)
- Jeff Pohlmeyer identified two problems: first a rather obscure problem with
the multi interface and connection re-use that could make a
curl_multi_remove_handle() ruin a pointer in another handle.
The second problem was less of an actual problem but more of minor quirk:
the re-using of connections wasn't properly checking if the connection was
marked for closure.
Daniel (16 February 2007)
- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
CURLOPT_RANGE back to no range on an easy handle when using FTP.
Dan F (14 February 2007)
- Fixed curl-config --libs so it doesn't list unnecessary libraries (and
therefore introduce unnecessary dependencies) when it's not needed.
Also, don't bother adding a library path of /usr/lib
Daniel (13 February 2007)
- The default password for anonymous FTP connections is now changed to be
"ftp@example.com".
- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
gmtime_r() like the older VC versions. He also made use of some machine-
specific defines to differentiate the "OS" define.
Daniel (12 February 2007)
- Rob Crittenden added support for NSS (Network Security Service) for the
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
This is the fourth supported library for TLS/SSL that libcurl supports!
- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
to the debug callback.
- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
internal decoding of content or transfer encoded content. This may be
preferable in cases where you use libcurl for proxy purposes or similar. The
command line tool got a --raw option to disable both at once.
- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
define set to hold the exact date and time of when the tarball was built, as
a human readable string using the UTC time zone.
- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
that has an easy handle present in the "closure" list pending closure.
Daniel (6 February 2007)
- Regular file downloads wiht SFTP and SCP are now done using the non-blocking
API of libssh2, if the libssh2 headers seem to support them. This will make
SCP and SFTP much more responsive and better libcurl citizens when used with
the multi interface etc.
Daniel (5 February 2007)
- Michael Wallner added support for CURLOPT_TIMEOUT_MS and
CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
millisecond resolution. The only restriction to that is the alarm()
(sometimes) used to abort name resolves as that uses full seconds. I fixed
the FTP response timeout part of the patch.
Internally we now count and keep the timeouts in milliseconds but it also
means we multiply set timeouts with 1000. The effect of this is that no
timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
equals 24.86 days. We probably couldn't before either since the code did
*1000 on the timeout values on several places already.
Daniel (3 February 2007)
- Yang Tse fixed the cookie expiry date in several test cases that started to
fail since they used "1 feb 2007"...
- Manfred Schwarb reported that socks5 support was broken and help us pinpoint
the problem. The code now tries harder to use httproxy and proxy where
apppropriate, as not all proxies are HTTP...
|
|
www/firefox.
|
|
=== RELEASE 2.1pre28 ===
Wed Apr 11 01:39:36 cet 2007 mikulas:
Fixed a bug in decompression and javascript document.write introduced in
previous release (compressed data were displayed after document.write)
(BTW. because the javascript interpreter has bugs, Martin Pergel has not
time for it and the code is so messy that it couldn't be understand by
anyone else, javascript will likely be removed in next release)
=== RELEASE 2.1pre27 ===
Sat Apr 7 02:43:28 CEST 2007 mikulas:
Terminal resize, window title and clipboard support for Cygwin
Clipboard supports non-ascii characters badly, it is a limitation in
Cygwin
Wed Apr 4 23:19:00 MET 2007 Carles Pina i Estany <carles@pina.cat>:
Add more top-level domains
Sat Mar 31 03:02:40 CEST 2007 student:
win32.c file removed because in each new version of windows it doesn't
work. Don't even try to fix it unless you have computers with Windows
NT, Window 2000, Windows XP and Windows Vista side by side.
(new Cygwin emulates xterm-like mouse on the console, so it's not needed
for mouse)
Cygwin sometimes doesn't send SIGWINCH, it is its bug, so I didn't try
to fix it in links. Press twice Alt-Enter if links doesn't notify window
size change
Sun Mar 25 22:26:41 MET 2007 mikulas:
Fixed bad behaviour of scrollbars on very large documents due to integer
overflow
Wed Mar 21 22:15:25 MET 2007 mikulas:
Support for zlib, gzip and bzip2 files
Wed Mar 21 04:37:42 MET 2007 mikulas:
Limit image scaling to prevent allocation overflow
Tue Feb 6 00:23:43 MET 2007 mikulas:
Allow quotation marks in Refresh URL parameter --- fixes Google Picasa
|
|
Changes since 2.2a2 [2007/01/14]:
- Improved default color assignment (courtesy of David Nolan).
- Allow configuring a custom set of colors (courtesy of David Nolan).
- Updated RRDs::fetch usage for newer RRDtool versions (courtesy of
John Milton)
|
