| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
message changes. The browsers database was also updated.
Bump PKGREVISION.
|
|
|
|
While going through the tree, fix some more packages which had similiar
issues with too strict conflicts, bump the revisions of those.
|
|
|
|
- fixed critical upload issue, see SA-2006-007
- fixed taxonomy XSS issue, see SA-2006-008
- fixed a variety of small bugs.
|
|
mail/thunderbird-gtk1 to 1.5.0.4, and www/seamonkey, www/seamonkey-gtk1
and www/seamonkey-bin to 1.0.2 (salo has already updated www/firefox-bin).
Note that thunderbird skipped one release number (again) to stay on par
with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in SeaMonkey 1.0.2:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
|
|
|
|
|
|
|
|
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
|
|
|
|
|
|
Changes:
Fixes for security issues:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
|
|
include:
* Nearly full support for PHP 5.1.x.
* Many bugfixes and code cleanups.
* The shared memory functions, session handler and content cache are
disabled by default now. They are only used by a small amount of
users and they could allow local users to fill up the memory if they
aren't secured properly.
|
|
usage.
|
|
Changes:
* Quanta Plus
o another round of VPL fixes.
o don't crash when viewing remote files in VPL
o silently ignore files from a project view that do not exist
anymore
o show a correct error message if a file does not exist
o make the img and script tags standard compliant
o don't loose important spaces when applying source indentation
o add input button to the Forms toolbar
|
|
packages. Convert LDAP-based applications to depend on openldap-client, and
bump PKGREVISION for those that depend on it by default.
|
|
3.2.12
======
New
- Use newest external library for HTTP handling.
- enable/disable spider to POST forms in options panel to avoid
generating unwanted traffic (default to enable). This is requested
by many users.
- Decrease the number of possible combinations crawled by spider on
forms with multiple SELECT/OPTIONS. This make crawling less
resource consuming and lower chance to affect application being scanned.
- Minor UI changes.
Fix
- Fallback database library to previous version as in Paros 3.2.10
because of a problem with hsqldb where some byte combination may
consume 100% cpu time.
- Increase width of method display in history to cater for other
longer method names.
- Default file scans may display incorrect HTTP message body if the
original message is a POST request.
3.2.11
======
New
- Revamp History log panel.
- Added "tag..." in right-click pop-up window for History log panel. This
help to quickly identify a HTTP message in History display.
- Concurrent delete of multiple URL's in the site hierarchy (sf.net request
ID 1472300).
- Use of newest db library.
Fix
- For POST request, if the body contain binary parameters of certain pattern,
it may be unable to issue a re-send because URLDecode failed to decode
properly.
|
|
This release is almost the same as 2.5.13nb1 except:
- documentation change; most of them are release name.
- one debug level change.
|
|
ok'ed minskim@
|
|
GNU/Linux.
Bump PKGREVISION.
|
|
infinite loop on certain invalid HTML (CVE-2004-1617)
bump PKGREVISION
|
|
Java plugin from the "sun-jre15" package (Java 5.0).
|
|
|
|
For a full list of changes see: http://drupal.org/drupal-4.7.0
In short:
- Updated Documentation for All Modules
- Auto-complete Fields(AJAX)
- Added Mass Comment Operations
- Easier to Make Menu Items
- RSS Feed Settings
- Better Search Index
- New Forms API
|
|
|
|
|
|
Bump PKGREVISION
|
|
And add new option: dillo-ssl
The openssl buildlink3.mk is only used when that is enabled.
The package didn't use openssl and the https was disabled in the
code. The new option which is off by default can be used to
enable ssl. Note that is experimental for dillo and does not
appear to work very good.
No change to default package except on systems where it had an
un-needed dependency on openssl package -- so bump PKGREVISION
for that.
|
|
|
|
for over a year now.
|
|
Fix pkglint warnings
|
|
------------------------
- fixed critical SQL issue, see SA-2006-005
|
|
it will live with other "check" targets run after package installation.
Get rid of SHLIB_HANDLING, whose meaning had mutated over the years
from one thing to another. Currently, it is used to basically note
whether the system's "ldd" command can be usefully run on the package's
binaries and libraries. Rename this variable to CHECK_SHLIBS_SUPPORTED
for more clarity.
CHECK_SHLIBS is now a variable set exclusively by the user in /etc/mk.conf
to note whether the check for missing run-time search paths is performed
after a package is installed. It defaults to "no" unless PKG_DEVELOPER
is set.
|
|
-update to 2.14.1.1
changes:
-minor UI improvements
-bugfixes
-documentation updates
|
|
- site moved to sourceforge
- index_tree tag added. Look at TAG: index_tree in sarg.conf file
default is file - old format.
- realtime report added. sarg -r option
Look at these tags ion sarg.conf file:
TAG: realtime_refresh_time num sec
TAG: realtime_access_log_lines num
TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
TAG: realtime_unauthenticated_records: ignore|show
- garbage in topuser report with unitialized variable.
Thanks to Craig Brockmeier <craig@ppco.com>
- memory leaks caused by a wrong variable size
Fixed by Klaus Singvogel <kssingvo@suse.de>. Thanks.
- ignoring users with '.' in password file.
Thanks to Emerson Valdir Pellis <webmaster@marisol.com.br>
- error with "resolve_ip" with "user_authentication yes"
Fixed by Grigory Trenin <gtrenin@gmail.com>. Thanks.
- long url causing fault. Thanks to Vassily Andin <vasya@avitalight.com>
- hanging on a log file containing space.
Thanks to Fabio Lo Votrico <fabio@link.it>
- bug fixed in squidguard report module
- squidguard_ignore_date on|off tag added to sarg.conf file
You can ignore the squidguard log record date if outisde of
date range in squid access.log file.
- alternate squidguard log added using -L option on sarg command line.
Thanks to Dave Karlson <dkarlson@r9esd.k12.or.us>
- fixed malloc withou free.
- datafile-url ip|name added to sarg.conf file - saves ip address or name
in url when using datafile tag. Thanks to Calvin Muller <calvin@siryn.co.za>
- wronk link point in Generated by sarg-2..
Thanks to Markus Hoffmann <ipcop@mh-lantech.de>
- Russian_UFT-8 language added by Alex Deiter <tiamat@komi.mts.ru>
- dansguardian_report_limit missing in sarg.conf file.
- ntlm domain+user format added.
- index date sort fixed by Olivier JAVAUX. Thanks
- Improve broken record detection
Thanks to Artem Korneev <akorneev@intelsysus.com>
- sort open failed causing an empty topuser report
- sarg losslessly size optimized images
Thanks to Tonda Mí¿ek <tonda.misek@post.cz> and Luigi Gangitano.
- sarg calling sort without quoting filenames Thanks to Luigi Gangitano.
- download_report_limit tag added.
Thanks to Leonardo Rodrigues <leonardo@solutti.com.br>
- logo css class defined but never used.
Thanks to Roger Favero <favero@sparkenergy.it>
- verdana.ttf font removed to avoid patent infringement issues.
Now sarg uses a GPL FreeSans font from http://savannah.gnu.org
- ISA report with wrong date in date/time report. Thanks to Richard Berndt
- connect records ignored when using emulate_http_log on in squid.conf file.
Thanks to Dusan Woletz
- bug that prevents the correct usage of switch -d <date1-date2> when using
an "emulate_httpd_log on" logfile and some performance improvements
added. Thanks to Filippo Grassilli
- Spanish language fixed by José Luis Hernández López. Thanks.
- url variable size changed to acomodate big urls with coded symbols and some
minor changes in util.c file.
Thanks to Oleg <xsov@mail.ru>
- download suffixes improved by Oleg <xsov@mail.ru>. Thanks.
Now sarg uses these suffixes:
7z,ace,arj,avi,bat,bin,bz2,bzip,cab,com,cpio,dll,doc,dot,exe,gz,iso,
lha,lzh,mdb,mov,mp3,mpeg,mpg,mso,nrg,ogg,ppt,rar,rtf,shs,src,sys,tar,
tgz,vcd,vob,wma,wmv,zip
- DansGuardian report added. Thanks to Adolfas Kupliauskas for the access.log
- Slovak language added by Dusan Woletz Thank you
- wrong usertab user on topuser report. Thanks to Marcos Favoretto
- ntlm_user_format added to sarg.conf. Now you can choose the following formats
for the username on reports: user|domainname+user Suggested by Roger Favero
- exclude_users ignored in some situations.
- Fixes by Sapon Oleg from Russia:
. there are two equal lines about Evren Yurtesen in CONTRIBUTORS file.
. Internationalisation of SARG user graph added, using iconv function,
which is presented only in Linux, so I add required #ifdef and other
stuff to clean compile code on other platforms.
. Fixed two issues:
- '?' symbol problems for apache and other cgi-supporting web server which
doesn't support '?' symbol in links (all of them interprete this like
parameter to cgi script);
- some good optimization to all three similar cicles in these files by
reducing false checks in 'if ...' strings.
. Fixes segfault, produced by inproper use of strncpy functions, look
- strncpy doesn't copy leading '\0' symbol!
. Just localisation support for repday report.
. Support usertab IP->USERNAME change in siteuser report.
. Just proper Russian koi8 localisation.
- Greek language by Antonis Maglaras <vegos@magla.gr> Thank you.
- time period added to -t option. Now you can use -t HH-HH, HH:MM-HH:MM
- support to isa proxy 2004 log added.
Thanks to William da Rocha Lima <wrochal@linuxit.com.br>
- French language fixed by Alexey Znamerovskiy <alexz@everys.com> Thanks
- internal LC_ALL=C removed to avoid errors on Solaris.
Thanks to Hraska, Frantisek <frantisek.hraska@hupro.sk>
- non authenticated records removed from Topuser report.
Thanks to Brian <brian@reginachristianschool.org>
- Compilation error on FreeBSD > 5 - log.c:645: error: `RLIMIT_OFILE' undeclared
- Sarg abbreviation values improved.
- fixed: some changes to avoid segmentation fault.
- fixed: some changes to avoid compilation errors on freeBSD.
- fixed: exclude_hosts not excluding correctly.
- exclude hosts not excluding correctly. Thanks to Oleg
- download report showing jpeg files.
- support to Microsoft isa proxy log files added.
Thanks to Trankov Vladislav <vtrankov@kb-obibank.ru>
- fixed: error when using relative paths in -o and -w options. Just
absolute paths can be used now. Thanks to Andreas Grosse <andi@majestyk.de>
- fixed: segfault fix in vrfydir() in util.c
Prevent buffer overflow in subs(); replace one constant with sizeof()
in my_lltoa(). vrfydir(): fix segfault if sub-directory "images" is
not exists function builddia() don't check the parameters. Result:
segmentation fault in some cases.
Thanks to Stas Degteff stas_degteff@users.sourceforge.net for the fixes.
- fixed: wrond date period in squidguard_log when using european date format.
Thanks to Guenther Mair <gunnyst@users.sourceforge.net>
- ulimit tag added on sarg.conf to avoid "Too many open files" error.
Thanks to Paulo Pires <paulo.pires@vodafone.pt>
- squidguard parse logs method changed.
Thanks to Joao Mendes <jmendes@credibom.pt>
Thanks to Guenther Mair <gunnyst@users.sourceforge.net>
- wrong results in -v option.
- fixed: error when using -u (include user)
Thanks to Bochkarev Vladimi <bochkarev@expocentr.ru>
- export LC_ALL=C will be issued before sort to avoid high cpu usage
- grepday with invalid font path.
Thanks to Marcelo Ricardo Leitner <mrl@conectiva.com.br>
- -v option added to display Sarg version on console
- Segmenation fault caused by an unclosed file. Thanks to Pustovalov Leonid
- SquidGuard log formats added. Thanks to Kolotov Alexandr
- time field added to topsites report
Thanks to Miles Roper <mroper@westcoastdhb.org.nz>
- fixtime function with wrong definition, changed to long long
Thanks to Valery from Russia
- Solaris 9 compiling error: error: conflicting types for 'my_mkdir'
Thanks to Brad Larden <Brad.Larden@alphawest.com.au>
- segfaults if the denied report is disabled in sarg.conf.
Thanks to Filippo Carletti <filippo.carletti@nethesis.it>
- reading performance improved by Francesco Perrillo <fperillo@totalfax.it>
Thanks
- Russian sarg-php translation added.
Thanks to Michael Stepanenko <mistic@ecolines.ru>
- configure error with no gd installed.
- graph with no text when using --enable-sysconfdir
- graph day incorrect when using dd/mm/yy date format
- show_sarg_logo yes|no added
- site_user_time_date with wrong patch.
Thanks to Ricardo R. Hoffmann <hoffmann@uninet.com.br>
- Internal/External css implemented
- User authentication access (htaccess) implemented
- large file support added
- Report limits implemented
- Download report implemented
- Sarg logo by Osamu Matsuzaki <matsu_o@robata.org> added.
- Internal mkdir added to easy port to various plataform.
- long url now show only accessed site and module name.
- now you can add a user report url to a flat file to be blocked
by some Squid acl.
Request by Francesco Collini <collini@colliniconsulting.it>
- remove temporary files, if already exist, to avoid conflits with a
previous sarg process.. Thanks to Renato Leon <rl_sita@hotmail.com>
- squidGuard improved
- now only records with the same period from access.log
will be in squidGuard report.
- squidGuard limit report
- now you can save some urls in squidGuard db using
sarg-squidguard PHP utility.
bug fixed: fault caused by rewinddir after closedir.
Thanks to Lucas Bocchi <challado@ibocchi.com.br>
and to Freek
Fixed: - missing </body> tags in all HTML pages
- missing </html> tag in some HTML pages
- missing DOCTYPE in all HTML pages
- grammar in man page
- URL Links to SourceForge http://sarg.sourceforge.net/
Added: - Included more detailed information in man the page
Thanks to Billy Newsom of U.S.
To Do: - There are still major validation problems in the HTML generated
fixed: - link error to denied site in squidGuard report
- resolve name error in squidGuard report
- some fixes to HPUX. Thanks to Miles Roper <mroper@westcoastdhb.org.nz>
- index_sort_order tag don't work correctly.
- too many open files fixed.
Thanks to Francesco Perrillo <fperillo@totalfax.it>
- Ukrainian_windows1251 included in sarg.conf file
- exclude_string don´t work correctly.
Thanks to Modric Kristijan <Kristijan.Modric@pliva.hr>
|
|
MESSAGE_SUBST properly. No package should be setting MESSAGE anyway.
|
|
|
|
ftp://ftp.NetBSD.org/pub/pkgsrc/misc/kristerw/pkgstat/i386-3.0/20060501.1050/broken.html
|
|
|
|
* 2006-05-13 13:16 (Minor) On some systems POSIX AIO functions are in libaio
* 2006-05-14 15:41 (Medium) Memory leak in header processing related to external_acl or custom log formats
* 2006-05-14 15:41 (Major) memory leak in ident processing
* 2006-05-14 15:41 (Medium) Memleak in HTCP client code
* 2006-05-14 15:41 (Minor) Mime icons are not displayed when viewing ftp sites when
* 2006-05-14 15:41 (Cosmetic) SQUIDHOSTNAMELEN issues
* 2006-05-14 15:41 (Cosmetic) Current release is STABLE13, not 12..
Bump PKGREVISION.
|
|
(hi phone! :-)
changes since bozohttpd 20050410:
o make directory indexing mode not look so ugly
o build a text version of the manual page
o make "make clean" work properly
|
|
|
|
Major changes since 6.4:
- Fixed CVE-2006-2237.
- All geoip plugins support the PurePerl version.
- Possible use of vhost in extra section.
- Support IPv6 in AllowAccessFromWebToFollowingIPAddresses parameter.
- Added svn family to browsers detection.
- RSS catcher/readers in robot database.
- LogFormat=2 can now change its value dynamically if logformat change.
- More new features and bug fixes.
|
|
Based on PR pkg/33458 from david l goodrich.
I won't bump PKGREVISION since this is very trivial change and I'll commit
another changes soon.
|
|
Bump pkgrevision.
Reported by Jaromir Dolecek.
|
|
|
|
of quanta.
|
|
|
