| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Packages Collection.
Compass is a Sass-based Stylesheet Framework that streamlines the
creation and maintainance of CSS. It allows you to mix and match
any of the following CSS frameworks: Compass Core, Blueprint, YUI,
960. Other frameworks can be added relatively easily. It integrates
simply with technologies like Rails, Merb, etc.
|
|
|
|
|
|
Previous version SEGV'd on startup, this one doesn't.
It still doesn't show any web pages though ...
|
|
|
|
|
|
|
|
Also fix broken DESTDIR support.
Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
|
|
|
|
From Matthias Pfaller.
|
|
|
|
Upstream changes:
Version 3.48
[BUG FIXES]
1. <optgroup> default values are now properly escaped.
Thanks to #raleigh.pm and Mark Stosberg. (RT#49606)
2. The change to exception handling in CGI::Carp introduced in 3.47 has been
reverted for now. It caused regressions reported in RT#49630.
Thanks to mkanat for the report.
[DOCUMENTATION]
1. Documentation for upload() has been overhauled, thanks to Mark Stosberg.
2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith.
3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770)
[INTERNALS]
1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
|
|
Upstream changes:
0.13 2009-10-24 04:48:03 PDT
- Re-release 0.12 without changes for reindexing by CPAN/PAUSE.
0.12 2009-10-18 19:10:00 BST
- Fixup copyright information
|
|
Upstream changes:
2009-10-06 Release 5.833
Gisle Aas (5):
Deal with cookies that expire far into the future [RT#50147]
Deal with cookies that expire at or before epoch [RT#49467]
Pass separate type for https to LWP::ConnCache [RT#48899]
Improved handling of the User-Agent header [RT#48461]
HTTP::Cookies add_cookie_header previous Cookies [RT#46106]
Andreas J. Koenig (1):
Improve diagnostics from LWP::UserAgent::mirror [RT#48869]
Slaven Rezic (1):
mirror should die in case X-Died is set [RT#48236]
Ville Skytt"a (1):
Increase default Net::HTTP max line length to 8k.
|
|
Upstream changes:
2009-10-22 Release 3.63
Gisle Aas (2):
Take more care to prepare the char range for encode_entities [RT#50170]
decode_entities confused by trailing incomplete entity
|
|
pkgsrc changes:
- Adjusting license definition
Upstream changes:
+ t/05-null.t
! XS.xs lib/URI/Escape/XS.pm
Addressed:
#45392: First invocation of encodeURIComponentIDN loses the path
#49375: decodeURIComponent() influences references from a regexp
#45855: Problems with undef
http://rt.cpan.org/Public/Bug/Display.html?id=45392
http://rt.cpan.org/Public/Bug/Display.html?id=49375
http://rt.cpan.org/Public/Bug/Display.html?id=45855
|
|
Upstream changes:
0.25 2009-10-22 21:40:00 BST
- Fix bug where old unrelated $@ values would result in an error.
0.24 2009-10-18 19:10:00 BST
- Fixup copyright information
0.23 2009-10-06 17:40:39
- Move actions out of TestApp into a Root controller as
this is now deprecated.
|
|
pkgsrc changes:
- Adjust license definition
Upstream changes:
0.11 2009-10-18 18:30:00 BST
- Fixup copyright info
|
|
* inline: Fix raw mode. Closes: #552114
|
|
pkgsrc changes:
- Adjusting license definition
- Adjusting dependencies
- Using pkgsrc built-in Module::Install support
Upstream changes:
0.18 09 Oct 2009
- Port to new session confic key.
|
|
pkgsrc changes:
- Adding license definition
- Adjusting dependencies
Upstream changes:
0.13 18 Oct 2009
- Fixup copyright ino
0.12 16 Oct 2009
- Port to new session config key
|
|
pkgsrc changes:
- Adjusting dependencies
Upstream changes:
0.11 Fri Oct 16 15:04:07 CEST 2009
- Convert to new session config key.
|
|
pkgsrc changes:
- Adding license definition
- Adjusting dependency information
Upstream changes:
0.05
- Port to new session config key.
- Port to Moose.
|
|
pkgsrc changes:
- Adjusting dependencies
Upstream changes:
0.17 2009-10-18
- Fixup copyright information
0.16 2009-10-16
- Use session config handling from Catalyst::Plugin::Session 0.27.
0.15 2009-10-06
- Fix the httponly option again (Closes RT##50249).
- Make tests not warn with latest version of Catalyst.
- Prefer session configuration to be in the 'Plugin::Session'
config key, but provide backwards compatibility for the
deprecated 'session' key.
|
|
Upstream changes:
0.27 2009-10-08
- Release 0.26_01 as stable without further changes.
0.26_01 2009-10-06
- Move actions out of the root application class in tests as this
is deprecated.
- Change configuration key to 'Plugin::Session' by default. The
old 'session' key is still supported, but will issue a warning
in a future release.
|
|
pkgsrc changes:
- keep bundled Module::Install
Upstream changes:
5.8001 06 Oct 2009
- Tutorial
- Fix RT #46760
- Fix RT #46618
- Fix cat-install script URL
- Fix typos
- Replace reference to deprecated CatalystX::ListFramework::Builder
with Catalyst::Plugin::AutoCRUD
- Other
- Lots of updates thanks to t0m
- Update development process / core team docs
- Cookbook fixes WRT authorization
- Better description of application setup process
- Fix some links
- Normalise spacing
|
|
Upstream changes:
1.21 2009-10-18 18:33:33
- The Restarter code cause stack traces for certain types of errors to
grow longer and longer with every restart. (Dave Rolsky)
- Fixed an issue with the Restarter in Win32 where @INC didn't get
passed along when restarting.
|
|
* Update Japanese translation files.
|
|
* edittemplate: Allow template page name to be specified using anything
legal for a wikilink (including eg, leading slashes).
* edittemplate: Work around bug #551499 in CGI::FormBuilder.
* Fix a bug introduced in the last version that caused ikiwiki
to skip all files if a sourcedir of "./" was specified.
* Support CFLAGS when building wrapper.
* meta: Gather permalink info on scan pass so it is available
to inline when using a template that does not include page content.
|
|
This switches to the gnome-2.28 release branch.
|
|
found in TYPO3 core.
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
2009-10-22 Oliver Hader <oliver@typo3.org>
* Release of TYPO3 4.2.10
2009-10-22 Ernesto Baschny <ernst@cron-it.de>
* Security Issue #11664: Updated RemoveXSS code to the latest knowledge in this area (thanks to Jigal van Hemert)
* Fixed bug #11586: Potential SQL injection in frontend editing (thanks to Oliver Klee)
* Fixed bug #12309: It was possible to gain access to the Install Tool by only knowing the md5 hash of the password.
* Fixed bug #12310: Encryption key can be recalculated when using normal mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
* Fixed bug #12090: Filenames should be escaped with escapeshellarg before passing them to imagemagick (thanks to Oliver Klee)
* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset (thanks to Oliver Klee)
* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to Oliver Klee)
* Fixed bug #12306: XSS vulnerability in module dispatcher
* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)
* Fixed bug #12308: XSS vulnerability in "DB > Full search" functionality
* Fixed bug #10501: XSS vulnerability in the install tool (thanks to Oliver Klee)
2009-10-21 Rupert Germann <rupi@gmx.li>
* Fixed bug #12280: Error Message while creating empty Folders (thanks to Daniel Schmitzer)
* Fixed bug #12300 (Follow-up to 11995): Output compression breaks prompt for keyboard input in CLI scripts
2009-10-21 Steffen Kamper <info@sk-typo3.de>
* Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan Osipov)
2009-10-15 Rupert Germann <rupi@gmx.li>
* Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db in functions which depend on an existing resultset (thanks to Felix Oertel)
2009-10-11 Rupert Germann <rupi@gmx.li>
* Fixed bug #10971: Fatal error in impexp module: Call to a member function includeLLFile() on a non-object (thanks to Andre Steiling)
2009-10-10 Rupert Germann <rupi@gmx.li>
* Fixed bug #12129 (follow-up to bug #11986): Translation update broken with activated output compression (thanks to Steffen Gebert)
2009-09-29 Oliver Hader <oliver@typo3.org>
* Fixed bug #11433: touch(): Utime failed in install tool (thanks to Steffen Gebert)
|
|
* Update Italian translation files.
|
|
|
|
- Support for aggregates and query expression in the ORM
- Suport for unamanged models and proxy models
- Support for deffered fields
- Mark individual fields as editable in the admin; support for custom
actions
- Better support for Last-Modified/ETag
- Improved GIS support
- {% for %} now has an {% empty %} to simplify handling empty lists
- Various smaller improvements
|
|
- various bugfixes
- remove publisher and middleware packages
- better support for UNIX domain sockets
|
|
|
|
- various changes to prepare for Python 3
|
|
|
|
* Added support framework for multiple types of dependencies, including
dependncies that are only affected by page precence or link changes.
* Rebuild wikis on upgrade to this version to get improved dependency
info.
* pagecount, calendar, postsparkline, progress: Use a presence dependency,
which makes these directives much less expensive to use, since page
edits will no longer trigger an unnecessary update.
* map: Use a presence dependency unless show= is specified.
This makes maps efficient enough that they can be used on sidebars!
* inline: Use a presence dependency in quick mode.
* brokenlinks: Use a link dependency.
This makes it much more efficient, only updating when really necessary.
* orphans, pagestats: Use a combination of presence and link dependencies.
This makes them more efficient. It also fixes a longstanding bug,
where if only a small set of pages were considered by orphans/pagestats,
changes to links on other pages failed to cause an update.
* linkmap: Use a combination of presence and link dependencies.
This makes the map be regenerated much less frequently in many cases,
so larger maps are more practical to use now.
* Plugins providing PageSpec `match_*` functions should pass additional
influence information when creating result objects. This allows correctly
handling many more complicated dependencies.
* API change: `pagespec_match_list` has completly changed its interface.
The old interface will be removed soon, and a warning will be printed
if any plugins try to use it.
* Transitive dependencies are now correctly supported.
* ikiwiki-calendar: New command automates creation of archive pages
using the calendar plugin.
* calendar: Fix midnight rebuild trigger of calendars with explicit
month/year.
* calendar: Fix bug in next/previous year/month links, which sometimes
linked to an archive page from the wrong year, or were missing.
* git: --getctime will now follow renames back to the original creation
of a file.
* calendar: Fix CSS for year calendar to match the plugin documentation.
* Added minimal default CSS for calendar plugin, just highlighting the
current day.
* inline: Optimize generation of archives, etc by not getting inlined page
content if the template does not use it.
|
|
Bump PKGREVISION.
Introduction:
=============
This patch fixes one buffer overflow problem in sgLog.c when overlong URLs
are requested. SquidGuard will then go into emergency mode were no blocking
occurs. This is not required in this situation.
The URLs must be build with a overlong sequence of slashes (/).
ATTENTION: While squidGuard will no longer go into emergeny mode when one
overlong URL is passed to it, it is possible to use the overlong URL to
bypass the filter. This vulnerability is not fixed by this patch!
You can check if this vulnerability is actually exploited on your system
by checking the logfile squidGuard.log for the following warning (provided
you have not used the option --with-nolog=yes with configure before compiling
squidguard):
Warning: Possible bypass attempt. Found multiple slashes where only one is expected:
|
|
* Update Dutch and Latvian translation files.
|
|
|
|
ChangeLog:
Mon 28 Sep 15:01:03 BST 2009 - Release 0.78
Require Moose for the tests (RT#50066).
|
|
Requested by Joel Carnat in PR 42163.
------------------------------------------------------------------------
r61 | roseg | 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) | 13 lines
Release 2.4.5
Stable release 2.4.5
Enhancements:
- log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin)
- kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail!
Bug fixes:
- fixed parantheses problems in need_rewrite (thanks to SBR)
- added call to free_headers in http.c (thanks to SBR)
- fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro)
------------------------------------------------------------------------
r60 | roseg | 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) | 18 lines
Release 2.4.4
Stable release 2.4.4
Enhancements:
- added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4
- added support for BPROPFIND in xHTTP 4
- on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin)
Bug fixes:
- save and restore errno value in cur_time() (thanks to Albert)
- fixed problem in timer thread (thanks to Albert)
- added shutdown for failed socket connection (thanks to Albert)
- fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe)
- increased MAXBUF to default 4096
- increased T_RSA default to 30 minutes
- fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro)
------------------------------------------------------------------------
r59 | roseg | 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) | 11 lines
Release 2.4.3
Stable release 2.4.3
Enhancements:
Bug fixes:
- fixed problem in session access time updating (thanks to Piotr Jakubowski)
- fixed problem in session removal (thanks to Doriam Mori)
- fixed problem in Redirect logging (thanks to Albert)
------------------------------------------------------------------------
r58 | roseg | 2008-04-24 16:31:28 +0200 (Thu, 24 Apr 2008) | 13 lines
Release 2.4.2
Stable release 2.4.2
Enhancements:
Bug fixes:
- fixed problem with session TTL -1 (thanks to Scott Royston for pointing it out)
- fixed problem with back-end killing on failed connect
- fixed a small problem in the poundctl XML output (thanks to johnlr for the fix)
- added hints in call to getaddrinfo() (for Solaris 10 support)
- fixed redirection problem (missing slash in Location/Content-location)
------------------------------------------------------------------------
r57 | roseg | 2008-04-05 11:45:41 +0200 (Sat, 05 Apr 2008) | 12 lines
Release 2.4.1
Stable release 2.4.1
Enhancements:
- added cache control for errors (thanks to Pavel Merdin for the suggestion)
Bug fixes:
- fixed problem with double slash in header rewriting (thanks to Cédric P.)
- remove sched_policy to avoid problems on systems with poor support for it
- fixed memory corruption problem with HAport
------------------------------------------------------------------------
r56 | roseg | 2008-02-11 12:53:51 +0100 (Mon, 11 Feb 2008) | 4 lines
Release 2.4
Stable release 2.4
------------------------------------------------------------------------
r55 | roseg | 2007-12-27 12:54:32 +0100 (Thu, 27 Dec 2007) | 7 lines
Release 2.4f
Enhancements:
Bug fixes:
- fixed back-end enable/disable (priority computing)
------------------------------------------------------------------------
r54 | roseg | 2007-11-29 18:16:36 +0100 (Thu, 29 Nov 2007) | 12 lines
Enhancements:
- added PARM session type. Old PARM is now URL
- allow AddHeader for HTTP listeners as well
- allow -1 for session (all types) TTL. Will hash the key to a fixed value
- Redirect takes an optional code parameter (301, 302/default or 307)
- new config param to allow printing the SSL certificate in a single line
- new config param to control the maximal size of the input line
- added better error messages for SSL loading problems
Bug fixes:
- if the same cookie is defined more than once use LAST definition
------------------------------------------------------------------------
r53 | roseg | 2007-08-15 18:26:58 +0200 (Wed, 15 Aug 2007) | 10 lines
Release 2.4d
Enhancements:
- moved to GPLv3
- now using lh_hash for the session tables
Bug fixes:
- allow case-sensitive matching for URLs
- fixed memory leak in DNS searches
------------------------------------------------------------------------
r52 | roseg | 2007-07-04 15:29:27 +0200 (Wed, 04 Jul 2007) | 10 lines
Release 2.4c
Enhancements:
- added XML output for poundctl
- added more detailed error messages
Bug fixes:
- fixed problems with extra-long lines
- fixed problems with chunked encoding
------------------------------------------------------------------------
r51 | roseg | 2007-05-18 10:35:02 +0200 (Fri, 18 May 2007) | 11 lines
Release 2.4b
Enhancements:
- cleaned resurrection code
- added RR threads scheduling
Bug fixes:
- fixed problem long lines (thanks to Rune Saetre)
- fixed pcreposix autoconf for systems that also require pcre
- fixed problem with IP session handling
------------------------------------------------------------------------
r49 | roseg | 2007-04-30 15:01:17 +0200 (Mon, 30 Apr 2007) | 11 lines
Release 2.4a
Enhancements:
- added display of configuration switches
- added grace period for shutdown (based on an idea from Rune Saetre)
- added support for IPv6 (but host caching was removed)
Bug fixes:
- fixed test for owner/group (BSD portability)
- fixed problem with premature opening of control socket
|
|
repo for details.
|
|
|
|
|
|
This is a Java plugin for NPR compatible browsers.
Tested with www/firefox, works on at least some of the applets found here:
http://java.sun.com/applets/jdk/1.4/index.html
(but also crashes on some ...)
|
|
Fix a regular expression used by the form validation code to not trigger
pathologoical performance cases for certain inputs.
|
|
|
