| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixing http://secunia.com/advisories/42355/.
-------
v3.3.11
-------
[mms] SECURITY: Fix XSS when viewing details of a vCard (Bug #9357).
[jan] Fix exporting recurrence exceptions to vCalendar 1.0.
[jan] Skip event status synchronization with Outlook, which is broken.
[jan] Don't send SIF data to recent Funambol clients, unless requested.
[jan] Log all queries and errors by the history library.
|
|
* Fix searching DataTree elements (groups) if backend charset is different
from interface charset
* Fix accessing IMAP ACLs that contain non-alphanumeric characters
* Avoid fatal errors when using DateTime with not properly configured PHP 5.3+
* Fix importing recurrence exceptions from vCalendar 1.0.
* Fix preferences management regression
* Fix conversion of all-day events and certain yearly recurring events for
Funambol clients.
* Fix memcache cache regression.
* Fix SyncML page sometimes deleting more anchors than selected.
|
|
Bump PKGREVISION to relax dependency on database libraries.
|
|
converters/php-mbstring
databases/php-mysqli
net/php-soap
textproc/php-dom
textproc/php-xsl
time/php-calendar
No functional change should be done.
|
|
No functional change.
|
|
templates and target for the configuration and included both the in PLIST.
Use this chance and properly move the templates into a separate location
as the config directory needs special permissions. Bump revision.
|
|
|
|
vulnerability.
Changes since version 3.3.3 are not found on the web site for some
reason (while changes before 3.3.3 are).
|
|
|
|
|
|
* SECURITY: Fix unescaped output in the tag cloud block
* SECURITY: Fix unvalidated Horde_Image driver name
* Restore backwards compatibility with older Kronolith and Whups
releases
* Fix problems with SQL Shares and PostgreSQL
* Support Mozilla Sunbird snooze properties
The full list of changes (from version 3.3.2) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.492&r2=1.515.2.503&ty=h
|
|
PKGREVISION++
|
|
------
v3.3.2
------
[mms] Fix prototypejs regression on IE (Bug #6590).
------
v3.3.1
------
[cjh] SECURITY: Add another check to the XSS filter.
[jan] Add script to import preferences from SquirrelMail database.
[cjh] Allow the password file Auth driver to require a specific group.
[cjh] Use YYYY-MM-DDTHH:MM:SS for Alarm date queries (Bug #7580).
[jan] Add XPath wrapper to Horde_DOM library.
[cjh] Don't use executeMultiple in the SQL Share driver when we might
reset the connection in between queries (Bug #7542).
[jan] Fix database XML schema to create all lock table fields (Bug #7433).
[jan] Fix showing two sidebars after saving the display preference group for
the first time (Bug #7475).
[jan] Fix sharing with LDAP groups (Bug #6883).
[jan] Add javascript event handler for access keys.
[cjh] Remove UNSIGNED from PostgreSQL scripts.
[cjh] Call preference hooks in the scope of the preference
(vlukashov (at) parallels (dot) com, Bug #7445).
[jan] Fix resuming synchronization session on server farms
(adrieder@sbox.tugraz.at, Bug #7394).
[jan] Fix synchronization of tasks with many items (adrieder@sbox.tugraz.at,
Bug #7395).
[mms] Upgrade prototype.js to v1.6.0.3.
[jwm] Fix regression: SOAP wsdl/disco shouldn't require authorization.
|
|
----
v3.3
----
[jan] Fix synchronization issues with Blackberry clients (bug 6949).
[mms] Fix setting the horde user when using application authentication with
realms (bug 6749).
[jan] Fix user name conversion with user hooks in the permissions interfaces
(bug 6371).
[jan] Provide all settings for the read server in split SQL configuration
(Request #7024).
[jan] Improve HTML to text filter.
[mjr] Hierarchical SQL Share driver now correctly removes all children when
removing a share (Bug: 7347).
[mjr] Fix an issue with various date/time fields in horde form that was causing
erroneous validation errors.
[cjh] Sign parameters to go.php with an HMAC based on a new secret key
configuration value, to prevent using go.php as an open referrer.
[cjh] Make logout tokens only valid for a configurable length of time.
--------
v3.3-RC1
--------
[mms] Fix garbage collection handling on SQL session handler backends.
[mjr] Change MDB2 sequence names to 'id' in SQL share driver (bug 7240).
[cjh] When a URL is supplied for pass-through after logging in, go to that URL
in mobile browsers instead of going to the mobile portal (bug 6332).
[mms] Memcache session handler no longer writes data with a lifetime.
[cjh] Add DIMP to the horde LDAP OIDs and hordePerson objectclass (bug 7243).
[mms] Update FCKeditor to v2.6.3.
[jan] Use global mailer configuration when sending alarm emails
(adrieder@sbox.tugraz.at, bug 7058).
[jan] Reset background colors when resetting the category form (bug 7226).
[jan] Improve Funambol contacts support (Requests #7099, #7100).
[jan] Correctly parse GEO tags in vCard 2.1 data (bug 6563).
[jan] Remove Horde portal link from application menus (bug 7221).
[cjh] Create a driver for signups, allowing backends other than DataTree
(Duck <duck@obala.net>, Request #7161).
[jan] Fix displaying images with the image form field.
[mjr] Fix issue with hierarchical SQL share driver that caused permissons to
erroneously be denied when the share contained group permissions and was
instantiated by a listShares call.
[mjr] Fix issue with hierarchical SQL share driver that caused any child shares
to be orphaned when the parent share was moved in the hierarchy.
[mjr] Fix issue with SQL share drivers that was causing permission checks to
fail under certain conditions by no longer explicitly storing owner
permissions in the Perms backend.
[cjh] Fix overwriting a variable in the tableset_html VarRenderer
(Paul Roy <proy@corom.ca>, bug 7120).
[mms] Fix MIME encoding when using the ISO-2022-JP charset (bug 1621).
[jan] Fix SQL Share driver not using the correct database when using different
databases in Horde applications (bug 6997).
[cjh] Fix SQL portability in Share_sql driver (bug 7084).
[jan] Fix synchronizing large amounts of data split across several SyncML
messages.
[jan] Add Basque translation (Euskal Herriko Unibertsitatea EHU/UPV
<xabier.arrieta@ehu.es>).
[cjh] Fix Horde_Lock::getLockInfo (duck@obala.net, Bub #7046).
[cjh] Fix SQL portability in Group_sql driver (bug 7075).
[jan] Fix PAM authentication driver, but also mark it as deprecated (bug 6982).
[mjr] Fix issue with native SQL Share driver that caused filtering shares by
attributes to fail.
[jan] Fix synchronization of event alarms with Funambol clients (bug 7003).
[jan] Correctly detect Funambol clients on Blackberry devices (bug 6995).
[mjr] Remove all user application permissions and group memberships from storage
when removing the user from the system (Bug: 6999)
[cjh] Call the postauthenticate hook in Auth::setAuth(), and allow the
postauthenticate hook to cause setAuth() to fail. Allows postauthenticate
to fire on any event, including transparent authentication, that could
result in a user being successfully logged in.
[jan] Improve attribute support and charset conversion in vCard viewer.
[jan] Show photos in vCard object if provided with an URL.
[mjr] Remove permissions from storage also when removing a share.
[jan] Add Horde_Form fields for string arrays and PGP and S/MIME keys.
[jan] Only show Add Permission icons in permissions interface where adding
them is possible.
[mjr] Fix issue in Horde_Image that was causing erratic results when cropping
images.
[jan] Fix validation of phone fields marked as required (bug 6948).
[mms] Fix quoting periods in display part of e-mail address (bug 6899).
[mms] Fix error checking when parsing an undisclosed recipients mail header
and using an older version of PEAR::Mail (bug 6930).
[jan] Return to portal after editing or deleting blocks directly from there.
|
|
[jan] SECURITY: Fix unescaped output in the MIME attachment linking.
[jan] SECURITY: Add another check to the XSS filter.
|
|
PKGREVISION++
|
|
* Escape item names in the object browser.
* Select db before queries in MySQL SessionHandler.
* Format messages sent through MIME_Mail in flowed text format.
* Fixes for SQL shares with split read/write databases, and various fixes for hierarchical shares.
* Workaround broken IE behavior when downloading files with 8-bit filenames.
* Fix storing of unlocked preferences set by hooks.
* Allow Horde memcache driver to use UNIX sockets.
* Fix parsing of addresses in headers when the RFC 2047-encoded personal part of the address contains address list delimiters.
* Fix generation of unique keys in configuration for machines too fast for microtime().
* Added group driver for Kolab.
* Added IMAP based preferences driver for Kolab.
* Fix missing timestamp variable in Horde SQL cache driver.
* Fix over-zealous preference caching when preferences are requested for a different user.
* Fix issue in Horde_Image that caused errors when performing certain image operations immediately after an image had been cropped when using the ImageMagick driver.
The full list of changes (from version 3.2) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.392&r2=1.515.2.413&ty=h
|
|
enhancements:
* Stable synchronization support through integrated SyncML server.
* A new Alarm system that can send email alarms, generate popup or inline
notifications, and play sounds for events in any Horde application.
* Support for separate read and write databases, and improved useability
when the database is unavailable.
* Improved performance, through caching and native SQL drivers for shares,
groups, and permissions; faster DataTree queries, and smarter use of
session data.
* The administrator can disable users' ability to change permissions on
their Shares.
* Two slick new themes, Tango Blue and Silver Surfer.
* WCAG 1.0 Priority 2/Section 508 accessibility guidelines compliance.
* Full Kolab webclient support.
* Improved JavaScript code including more caching, JSON support, new
spell checking and color picking widgets, replacing htmlarea with xinha,
and dynamic portal updates.
* Help is now searchable and has a tree view for easy organization and
exploration of help topics.
* Wider memcache support and easier memcache configuration, including
connection pooling and multiple memcache servers.
* A more complete WebDAV server.
* "Drop-in" configuration support for applications through
config/registry.d/.
* Many additional hooks, for performing actions on preference value
changes, and after loading an application.
* and much, much more.
|
|
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
|
|
Major changes compared to Horde 3.1.6 are:
* Fix arbitrary file inclusion through abuse of the theme preference.
|
|
* Fixed privilege escalation in the Horde API.
* Improved XSS filtering.
* Fixed locked portal blocks.
* Further improved webroot detection.
* Updated Japanese translation.
|
|
v3.1.5
------
[cjh] Fix identity javascript when some fields are disabled
(veikko@immonen@otaverkko.fi, Bug 5595).
[cjh] Disable the Turkish locale if using PHP 5 (see
http://bugs.php.net/bug.php?id=35050).
[jan] Improved webroot detection (Request 4126).
[jan] Fix selecting the language on the login screen (Bug 5098).
[jan] Fix searching for single quotes in email headers (qa@cpanel.net, Bug
4854).
[jan] Fix portal layouts with more than one horizontally expanded block per
row.
|
|
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|
|
------
v3.1.4
------
[jan] SECURITY: Correctly quote file names in cleanup script for temporary
files.
[jan] Fix RPC authentication on CGI SAPIs.
[jan] Detect unencrypted PGP messages.
----------
v3.1.4-RC1
----------
[jan] SECURITY: Fix an XSS vulnerability in the language selection.
[jan] Complete Cyrus virtual domain support in cyrsql driver (Vilius Sumskas
<vilius@lnk.lt>, Request #4967).
[jan] Add option whether to strip domains from usernames in the account block
(Request #4955).
[jan] Fix email lists not being validated under certain conditions (Bug #4834).
[cjh] Add a REST-ful preferences interface.
[cjh] Faster DataTree-to-SQL History migration script
(josh@endries.org, Request #4732).
[cjh] Improved automatic webroot detection (Ben Klang, Request #4126).
[cjh] Rewrite and fix the OCI8 SessionHandler (Bug #3452).
[cjh] Allow signup hooks to override the user_name and password fields
(thomas@gelf.net, Request #2904).
[cjh] Fix creation of mailbox quotas by the Auth_cyrus driver
(pascal@vmfacility.fr, Bug #4678).
[cjh] Add "Save and Finish" to the share edit window (webmgr@muskingum.edu,
Request #4307).
[cjh] Let mailto: and anchor (#) links through Horde::externalUrl (Bug #3079).
[cjh] Add smbclient version of the SMB Auth class (larry@wimble.biz,
Request #4338).
[cjh] Remove problematic "data descriptor" segment from generated ZIP files
(reitsma@denison.edu, Bug #4670).
[cjh] Strip accesskeys from menu tooltips when only showing icons (Bug #4667).
[jan] Fix saving files in the root directory of an SQL VFS backend (Bug #4652,
Ben Klang <ben@alkaloid.net>).
[jan] Fix displaying all maintenance tasks to be confirmed at once (Bug #4377).
[cjh] Fix return format of DataTree_null::getByAttributes()
(thomas.jarosch@intra2net.com, Bug #4651).
[jan] Support departments in vCard's ORG properties (martin@matuska.org,
Request #4285).
[cjh] Rename Auth_sasl backend to Auth_peclsasl to avoid conflicts with PEAR's
Auth_SASL (Bug #4547).
[cjh] Implement handling of vTimezones in iCalendar data
(Carl Thompson <lists-horde@carlthompson.net>, Bug #4399).
[cjh] keybindings.js now works with Safari/KHTML.
[jan] Avoid recursive folder creation when sharing Kolab folders
(michael.sheldon@credativ.de, Bug #4325).
[jan] Add Kolab specific account block driver to support special Kolab users
(mzizka@hotmail.com, Request: #4119).
[mms] Only dim below the last signature line of input text in the dimsignature
Text_Filter driver.
|
|
Bump PKGREVISON
|
|
Major changes compared to Horde 3.1.2 are:
* Security Fixes
- Closed an XSS problem in index.php and improved protection against
phishing attempts.
* Bugfixes and improvements
- Added Kolab group ACL support.
- Improved import of date and time fields.
- Fixed synchronization support.
- Updated Catalan, German and Slovenian translations.
The full list of changes (from version 3.1.2) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.252&r2=1.515.2.261&ty=h
|
|
|
|
Major changes compared to Horde 3.1.1 are:
* Security Fixes
- Closed XSS problems in dereferrer (IE only), help viewer and problem
reporting screen.
- Removed unused image proxy code from dereferrer.
* Bugfixes and improvements
- Added configuration option to disable GET-based sessions.
- Added Oracle and generic SQL upgrade scripts.
- Improved default charset support.
- Improved API and RPC interface.
- Fixed the preference cache.
The full list of changes (from version 3.1.1) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.231&r2=1.515.2.252&ty=h
|
|
|
|
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
|
|
|
|
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
From the CHANGES:
> Changes in this release:
> * Fixed a potential XSS vulnerability.
|
|
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
|
|
|
|
need it).
|
|
in php any more.
While here, change -* to -[0-9]* for the pear-Log dependancy.
|
|
|
|
Changes in this release:
* Fixed two XSS vulnerabilities.
* Updated German and Traditional Chinese translations.
|
|
|
|
|
|
|
|
|
|
|
|
- Fix bug with pear-Log DEPENDS statement
|
|
|
|
* Fixed potential XSS vulnerability in the help window
* Restored compatibility with PHP 4.1
* Fixed charset of Latvian translation
|
|
leave the DEPENDS in a form which allows PHP 5.x to match, since it should
work just as well
|
|
instead of once with three, since Solaris' install -d doesn't handle that.
|
