| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
changes:
* Use less memory for desktop background
* Make authentication work for the external connect-to-server dialog
* Fix leaks
* Redraw less in the list view when deleting
|
|
changes:
* Lock the drive when requesting media
* Unlock the drive after it is used
* Fix compilation on non-Linux systems
* Fix compilation warnings on Solaris
* Avoid symbolic link loops in mapping-daemon
|
|
|
|
Bump BOOTSTRAP_VERSION.
|
|
|
|
Databases are incompatible, so make it a separate pkg.
(XXX to convert a database, one needs both versions at the same time,
which isn't supported by the pkgs. Since arx is just a single binary,
one can easily be copied away... this is not for greenhorns anyway.)
|
|
changes:
* Fixed accessibility crash
* Use less memory for desktop background image
* translation updates
|
|
bug fixes only
|
|
|
|
|
|
* Bug fixes?
|
|
|
|
|
|
|
|
disable the i386 MMX statements for gcc-2.95. Approved by kristerw.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
which are not in the mirror list any longer, and ftp2, which is
unresponsive for quite some time now.
|
|
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
|
|
* Add one more offcial patch:
- 2005-04-05 23:05 (Cosmetic) should syslog to daemon facility not local4
* One patch updated, so update DIST_SUBDIR through DIST_STAMP change.
* Add aufs to --enable-storeio configuration.
TODO: use <bsd.options.mk> frame work and allow to use
--enable-pf-transparent which is mutual exclusive parameter
with --enable-ipf-transparent.
|
|
|
|
|
|
|
|
and let it worry about whether libiconv is built-in or not. Remove
all references to libiconv from builtin.mk.
The logic in builtin.mk was broken and unnecessary, leading to a
build failure on at least some Linux systems (such as Debian woody
without any gettext packages installed).
|
|
|
|
|
|
|
|
|
|
* Fixed bug (introduced in 1.4) when Header was not present.
|
|
|
|
Okayed by jmmv@.
|
|
|
|
opera8-8.0, silc-toolkit-0.9.14.
- tunesbrowser-0.2.0 [pkg/29644].
|
|
|
|
NOTE: currently without IPv6 support, until there is an updated KAME patch
for it.
Changes:
Changes since 1.11.19:
**********************
SERVER SECURITY FIXES
* Thanks to a report from Alen Zukich, several minor
security issues have been addressed. One was a buffer overflow that is
potentially serious but which may not be exploitable, assigned CAN-2005-0753
by the Common Vulnerabilities and Exposures Project
<http://www.cve.mitre.org>. Other fixes resulting from Alen's report include
repair of an arbitrary free with no known exploit and several plugged memory
leaks and potentially freed NULL pointers which may have been exploitable for
a denial of service attack.
* Thanks to a report from Craig Monson, minor
potential vulnerabilities in the contributed Perl scripts have been fixed.
The confirmed vulnerability could allow the execution of arbitrary code on
the CVS server, but only if a user already had commit access and if one of
the contrib scripts was installed improperly, a condition which should have
been quickly visible to any administrator. The complete description of the
problem is here: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>. If
you were making use of any of the contributed trigger scripts on a CVS
server, you should probably still replace them with the new versions, to be
on the safe side.
Unfortunately, our fix is incomplete. Taint-checking has been enabled in all
the contributed Perl scripts intended to be run as trigger scripts, but no
attempt has been made to ensure that they still run in taint mode. You will
most likely have to tweak the scripts in some way to make them run. Please
send any patches you find necessary back to <bug-cvs@gnu.org> so that we may
again ship fully enabled scripts in the future.
You should also make sure that any home-grown Perl scripts that you might
have installed as CVS triggers also have taint-checking enabled. This can be
done by adding `-T' on the scripts' #! lines. Please try running
`perldoc perlsec' if you would like more information on general Perl security
and taint-checking.
BUG FIXES
* Thanks to a report and a patch from Georg Scwharz
CVS now builds without error on IRIX 5.3
DEVELOPER ISSUES
* We've standardized on Automake 1.9.5 to get some at new features that make
our jobs easier. See the HACKING file for more on using the autotools with
CVS.
|
|
Noted by schmonz@.
|
|
|
|
Do not try to remove share/desktop-directories in deinstall.
Bump PKGREVISION.
|
|
by kdelibs3 anyway, no actual change in dependencies, so no PKGREVISION
bump. Adapt comment in PLIST.
|
|
|
|
by kdelibs3 anyway, no actual change in dependencies, so no PKGREVISION
bump. Adapt comment in PLIST.
|
|
managed directories. Bump PKGREVISION to 2.
|
|
|
