| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Pkgsrc changes:
remove (now) unneeded build dependency.
Upstream changes:
4.014 Sat Nov 1 15:13:48 PST 2008
in Lite.pm v1.11, add test for characters not allowed by
rfc952 before the call to gethostbyname in sub new() for those
people that insist on using deprecated functionality :aton
and OS's that fail to notice calls to gethostbyname with
binary arguments.
4.013 Wed Oct 22 15:04:49 PDT 2008
In Lite.pm v1.10, add new no octal method for
improperly formatted ipV4 addresses
In Util.pm v1.22, eliminated dependance on PL_sawampersand
thanks to Mark Martinec <Mark.Martinec@ijs.si>
for spotting this and submitting a patch.
In Util.pm v1.22, force -noxs mode for Win32
In Util.pm v1.22, use autoconf to configure 'C' build
4.012 Thu Oct 16 19:35:33 PDT 2008
clear build bug for Win32 in Util.pm v 1.21
4.011 released Oct 6 13:10
4.010 Sat Sep 27 17:00:28 PDT 2008
in NetAddr::IP::Util v0.19
updated test for ENDIANess in siteconf
add test in inet_aton to detect overange IP dot quad values
missed by some broken Socket implementations
i.e. 256.1.1.1 would fail to return undef
NOTE: Versions 4.008 and 4.009 had limited release to tester only
and were not uploaded to CPAN. All of the v4.008, 4.009
changes are incorporated in v4.010
4.009 Tue Sep 2 19:09:57 PDT 2008
In NetAddr::IP::Lite v1.07,
in the off chance that NetAddr::IP::Lite objects are created
and the caller later loads NetAddr::IP and expects to use
those objects, let the AUTOLOAD routine find and redirect
NetAddr::IP::Lite method and subroutine calles to NetAddr::IP.
updated Lite/t/v4-wnew.t so that non-existent
domains are "really" not there
4.008 Sat Jun 7 14:01:55 PDT 2008
inherit method "new_from_aton" from NetAddr::IP::Lite
add related documentation
Inherited methods from Lite.pm updated as follows:
comparisons of the form <, >, <=, >=
10.0.0.0/24 {operator} 10.0.0.0/16
return now return the comparision of the cidr value
when the address portion is equal.
NOTE: this comparison returns the comparison of the NUMERIC
value of the CIDR. This produces the counter intuitive result
that /24 > /16. There is logic to this, really! For proper
operation of commands like "Compact" and "Coalesce", lists of
netaddr objects must sort in ascending order. However, this
conflicts with the requirement for larger netblocks to sort
FIRST so as to include smaller ones. This logic extends to
any requirement for a sort of netaddr objects. It should be
further noted that the mixing of netaddr objects with varying
IP addresses and CIDR allocations can lead to unexpected
results since the comparisons done first on the IP portion
and then on the CIDR portion. The documentation has been
updated appropriately.
Thanks to Peter DeVries for spotting this discrepancy
|
|
|
|
* Many changes for developers, and many fixes
* Added gettext support (thanks blackmoon)
* Added support to Windows Event Logging (lwel module) and smart
logging facility (smartlog module)
* CURL library bindings revamped to version 7.18.1 to help the
development of the hotmail plugin
* MacOSX startup script fixed, thanks nx2000car
* Too many fixes in plugins to be listed, thanks to all contributors
|
|
Pkgsrc changes:
o Convert some BUILD_DEPENDS to DEPENDS, in accordance with META.yml
o Update the dependency on p5-Mouse
Upstream changes:
0.21
- Fix a bug in Data::Visitor::Callback WRT returning non
reference values from callbacks (#38306).
- Refactor the visit_tied split
- Propagation of void context
0.20
- Split visit_tied into methods per each reftype, to make it possible to
return something that is an object but still doesn't get tied.
0.19
- Support multiple arguments to visit()
- use BUILDARGS for argument processing
- remove Data::Alias dep for now, it breaks on windows & aix with 5.8.8
|
|
|
|
2008.10.18 - 1.1.4
===================================
We had to withdraw 1.1.3 because of a serious flaw affecting the bug_report*
pages. This new release fixes that problem and a newly discovered security issue
.
- 0009704: [security] Remote Code Execution in manage_proj_page.php (giallu) - r
esolved.
- 0009691: [bugtracker] Failed to report issue.(Always APPLICATION ERROR #2800)
(jreese) - resolved.
- 0009690: [other] Wrong parameter count for session_set_cookie_params() (jreese
) - resolved.
- 0009693: [webpage] Generated HTML contains multiple hostnames when proxied (jr
eese) - resolved.
2008.10.09 - 1.1.3
===================================
In this release we fixed a couple of nasty bugs sneaked into 1.1.2, where sendin
g bugnotes email notifications would fail and browser caching was not functional
.
We also refined the implementation of form security tokens and closed a couple o
f security issues, an information disclosure (with no CVE) and a session hijacki
ng (CVE-2008-3102).
- 0009321: [security] Users can get title and status of issues that they don't h
ave access to. (vboctor) - resolved.
- 0009533: [security] Mantis should use secure sessions on https connections (jr
eese) - resolved.
- 0009286: [administration] stray "2" in manage_user_prune.php (vboctor) - resol
ved.
- 0009664: [authentication] Logout without unsetting session cookie (jreese) - r
esolved.
- 0009323: [bugtracker] Browser caching broken since 1.1.2 (jreese) - resolved.
- 0009470: [bugtracker] Tags filter not filling into text field when selecting f
rom list using Internet Explorer (jreese) - resolved.
- 0009493: [custom fields] Removing custom fields from project causes applicatio
n error 2800 (giallu) - resolved.
- 0009309: [email] Problems with e-mail notifications about bugnotes [PATCH] (gi
allu) - resolved.
- 0004678: [filters] Filter combos don't fill up on if switched to 'All Projects
' - closed.
- 0009430: [graphs] bug_graph_bystatus shows heading by_category (thraxisp) - re
solved.
- 0009431: [localization] no localization for usage of open, resolved, closed in
bug_graph_bystatus.php (thraxisp) - resolved.
- 0008882: [other] Gravatar causes annoying security popups on IE when using Man
tis over HTTPS/SSL (jreese) - resolved.
- 0009361: [other] php session fail created cause mantis app error. (jreese) - r
esolved.
- 0009560: [other] Wrong behaviour in Session API (session_save_path error messa
ge) (jreese) - resolved.
- 0009672: [other] Fixing form error by going back fails because of security tok
en (jreese) - resolved.
- 0009343: [scripting] form security token prevents changing relationship while
resolving bug (jreese) - resolved.
|
|
|
|
tweaks. See bundled changelog for full details.
|
|
|
|
Pkgsrc changes:
o Add USE_LANGUAGES=c
o Add dependency on p5-Digest-MD5
Upstream changes:
1.149 Sat Nov 1 12:31 2008
- added explicit BSD license; code is basically RFC4122 + patches
|
|
Ok'ed geert@
The invalid message address parsing bug is pretty important since it
allows a remote user to send broken mail headers and prevent the
recipient from accessing the mailbox afterwards, because the process
will always just crash trying to parse the header. This is assuming that
the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
doesn't affect versions older than v1.1.4.
+ dovecot -n and -a now prints some system information at the top.
+ More error/debug message logging improvements.
- pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS
commands in the same IP packet.
- Parsing an invalid message address like "From: (" caused an
assert-crash in v1.1.4 and v1.1.5.
- Folding whitespace wasn't handled correctly inside quoted-strings,
causing some messages to be parsed incorrectly.
- mbox: Fixed saving messages that begin with a valid From_-line.
|
|
No upstream change log, apparently minor changes.
Note that this module is no longer being developed or supported.
|
|
|
|
doesn't know about all dependencies of apr-util. Otherwise the final binary
wouldn't have the proper RPATHs.
Bump PKGREVISION.
|
|
Pkgsrc changes:
o Add new required dependencies.
Upstream changes:
0.202 2008-10-16
update App::Cmd::Tester to use IO::TieCombine
0.201 2008-10-14
fix typos in Tutorial.pod (thanks, HARTZELL!)
fix prereq for Sub::Exporter to ensure we have curry_method
0.200 2008-09-14
new super-concise ::Setup interface provided by Sub::Exporter
added plugin system
consult App::Cmd::Tutorial to see the new interface
your old code should still work!
|
|
|
|
IO::TieCombine - produce tied (and other) separate but combined variables.
|
|
Upstream changes:
0.48 Tue Aug 20 2008
- Cleaned up DESTROY method to not undef _fields (This was
my error, not the submitted patch)
Thanks to Dulaunoy Fabrice <fabrice@dulaunoy.com>
for showing me the error of my ways
|
|
|
|
|
|
|
|
|
|
Requested to import from wip/libao-nas by PR 39702.
Libao is a cross-platform audio library that allows programs to
output audio using a simple API on a wide variety of platforms.
This package provides an NAS plugin for libao's core.
|
|
Fixes PR 39716.
|
|
|
|
snmpd:
- SECURITY ISSUE: A bug in the getbulk handling code could let
anyone with even minimal access crash the agent.
|
|
|
|
|
|
|
|
RMagick 2.7.1
o Fix bug #22471, Magick::fonts can abend on 64-bit systems (bug report and
patch by James Le Cuirot)
o ImageList.new accepts a block which is passed on to Image::read when
reading the input images. The block is executed in the context of an
Image::Info object.
o Add support for the "user" image property.
o Define the Magick::FatalImageMagickError exception class, raised if
ImageMagick raises a fatal (unrecoverable) exception.
o Added feature #22618, Image#total_ink_density (request by F. Behrens)
|
|
|
|
after (years ago) one of eBay's many site changes.
|
|
Changes between 0.9.4 and 0.9.5:
--------------------------------
Security updates:
* Fixed buffer overflow in TiVo demuxer (SA-0809, CVE-2008-4686, CVE-2008-4654)
* Fixed libpng CVE-2008-3964 in Win32 and MacOS builds
Features:
* Closed Caption EIA 608/708 parsing enabled for libmpeg2
Various bugfixes:
* Fixed various potential crashes and memleaks
* Fixed issues with reading from files (especially non-local)
Windows port:
* Fix bug where interface was "eating" some media keys
* Fix some crashes in DirectShow access
Qt Interface:
* Fix bug when the resetting of preferences didn't reset the dialog states
* Right-click menu to select playlist columns reenabled
* Various fixed in playlist
Access:
* MMAP module is now deactivated by default
Translations:
* Update of Brazillian, Swedish translation
|
|
|
|
Changes:
0.10 Tue Oct 28 19:23:07 2008
* Require a recent Moose (which has the bugfix) for
t/500_moose_extends_mouse.t
* ouse.pm for perl -Mouse one-liners (thanks rjbs)
* Doc for init_arg => undef (thanks rjbs)
0.09 Sun Sep 28 22:37:13 2008
* Initial version of Mouse::Tiny, a one-file concatenation of the Mouse
classes for easy embedding
* Fixes caused by test failures (Carp not being loaded, Moose being
required in a test)
0.08 Sun Sep 28 12:46:07 2008
* ALL dependencies have been removed!
* Fixes for Class::Method::Modifiers being required for testing
0.07 Sun Sep 28 00:19:07 2008
* All runtime dependencies have been removed! The only change in
functionality (hopefully) is that the Sub::Exporter features can no
longer be used (we've backed down to regular Exporter). Scalar::Util is
required for "weaken" support, and Class::Method::Modifiers is required
for method modifier support, but only if you use these features!
Having Scalar::Util and MRO::Compat installed will provide only
performance increases.
* Tests and fixes for extending a Mouse class with Moose (nothingmuch)
* Support for adding method modifiers to a role, and composing them into
classes (we'll get true methods some day)
* Method modifiers now go through the metaclass instead of invoking
Class::Method::Modifiers directly
* Remove the deprecated before/after/around triggers
* Roles keywords 'requires' and 'excludes' now throw errors instead of
silently doing nothing (they aren't implemented yet)
|
|
|
|
News in 2.4.1
-------------
* Fix a crash when inserting images in the buffer
* Improvements to some of the lang files
* Updated translations
|
|
|
|
- [security] XSS in MSIE using NUL byte
- [security] XSS in a Designer component
|
|
|
|
- SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
- Allow for smax to be 0 for balancer members so that all idle
connections are able to be dropped should they exceed ttl.
Apache Bug #43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,
Jim Jagielski]
- mod_proxy_http: Don't trigger a retry by the client if a failure to
read the response line was the result of a timeout.
[Adam Woodworth <mirkperl gmail.com>]
- Support chroot on Unix-family platforms
Apache Bug #43596 [Dimitar Pashev <mitko banksoft-bg.com>]
- mod_ssl: implement dynamic mutex callbacks for the benefit of
OpenSSL. [Sander Temme]
- mod_proxy_balancer: Add 'bybusyness' load balance method.
[Joel Gluth <joelgluth yahoo.com.au>, Jim Jagielski]
- mod_authn_alias: Detect during startup when AuthDigestProvider
is configured to use an incompatible provider via AuthnProviderAlias.
Apache Bug #45196 [Eric Covener]
- mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be
used as a session path separator/delim Apache Bug #45158. [Jim Jagielski]
- mod_charset_lite: Avoid dropping error responses by handling meta buckets
correctly. Apache Bug #45687 [Dan Poirier <poirier pobox.com>]
- mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
avoid reusing pooled connections if the client connection is an initial
connection. Apache Bug #37770. [Ruediger Pluem]
- mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
Apache Bug #44799 [Christian Wenz <christian wenz.org>]
- mod_ssl: Rewrite shmcb to avoid memory alignment issues.
Apache Bug #42101. [Geoff Thorpe]
- mod_proxy: Add connectiontimeout parameter for proxy workers in order to
be able to set the timeout for connecting to the backend separately.
Apache Bug #45445. [Ruediger Pluem, rahul <rahul sun.com>]
- mod_dav_fs: Retrieve minimal system information about directory
entries when walking a DAV fs, resolving a performance degradation on
Windows. Apache Bug #45464. [Joe Orton, Jeff Trawick]
- mod_cgid: Pass along empty command line arguments from an ISINDEX
query that has consecutive '+' characters in the QUERY_STRING,
matching the behavior of mod_cgi.
[Eric Covener]
- mod_headers: Prevent Header edit from processing only the first header
of possibly multiple headers with the same name and deleting the
remaining ones. Apache Bug #45333. [Ruediger Pluem]
- mod_proxy_balancer: Move nonce field in the balancer manager page inside
the html form where it belongs. Apache Bug #45578. [Ruediger Pluem]
- mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
[Ruediger Pluem]
- mod_rewrite: Preserve the query string when [proxy,noescape].
Apache Bug #45247. [Tom Donovan]
pkgsrc related note:
The security fix for CVE-2008-2939 has already been integrated as patch
before this update.
|
|
No PKGREVISION bump because this package didn't build successfully (oops).
Noted by Kouichirou Hiratsuka.
|
|
|
|
|
|
|
|
|
|
|
|
Version 1.2.3 (released 2008-09-07) hilights:
* Fixed a security issue similar to the previous account overwrite/hijack bug.
|
|
|
|
|
