Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Compile with version 2.8.18 of "mod_ssl" instead with the (reported to
be vulnerable) version 2.8.17. Bump package revision because of this.
|
|
Compile with version 2.8.18 of "mod_ssl" instead with the (reported to
be vulnerable) version 2.8.17. Bump package revision because of this.
|
|
updated mod_ssl to 2.8.18.
*) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
if the Subject-DN in the client certificate exceeds 6KB in length.
(CVE CAN-2004-0488).
|
|
updated mod_ssl to 2.8.18.
*) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
if the Subject-DN in the client certificate exceeds 6KB in length.
(CVE CAN-2004-0488).
|
|
Update ap-ssl package (mod_ssl) to 2.8.17.
Upgraded to Apache 1.3.31.
|
|
Update ap-ssl package (mod_ssl) to 2.8.17.
Upgraded to Apache 1.3.31.
|
|
Update apache package to 1.3.31.
Regenerate patch-aa to obtain correct offsets so this works with
Linux 'patch'.
|
|
Regenerate patch-aa to obtain correct offsets so this works with
Linux 'patch'.
|
|
define BUILDLINK_PKGBASE.
|
|
Update apache package to 1.3.31.
* CAN-2003-0987 (cve.mitre.org)
* CAN-2003-0020 (cve.mitre.org)
* CAN-2004-0174 (cve.mitre.org)
* CAN-2003-0993 (cve.mitre.org)
|
|
Update apache package to 1.3.31.
* CAN-2003-0987 (cve.mitre.org)
* CAN-2003-0020 (cve.mitre.org)
* CAN-2004-0174 (cve.mitre.org)
* CAN-2003-0993 (cve.mitre.org)
|
|
Requested by xtraeme in ticket pkgsrc-24.
"Update neon to 0.24.5
Changes in release 0.24.5:
* SECURITY (CVE CAN-2004-0179): Fix format string vulnerabilities in
XML/207 response handling, reported by greuff@void.at.
* Performance fix: avoid seeding the SSL PRNG if not creating an SSL socket.
* ne_ssl_readable_dname() is now defined to return UTF-8 strings.
* Fix case where gssapi/gssapi_generic.h was included but not present.
* Fix ne_utils.c build on platforms where zlib does "#define const".
* Fix use of ne_proppatch_operation with some C++ compilers.
* Update libtool for fix to --enable-shared on Darwin.
* BeOS: check for gethostbyname in -lbind (David Reid)."
|
|
Requested by taca in ticket pkgsrc-16 (and 12, I think).
"Add three patches to resolve security issue:
SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
The three patches are from Apache cvs.
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/
Also bump PKGREVISION too."
|
|
Buildlink files: RECOMMENDED version changed to current version.
|
|
|
|
|
|
* Disable apache, perl, ruby, java, and C# bindings.
* Don't pass -Wall to cc.
|
|
including:
*) SECURITY: CAN-2004-0174 (cve.mitre.org)
Fix starvation issue on listening sockets where a short-lived
connection on a rarely-accessed listening socket will cause a
child to hold the accept mutex and block out new connections until
another connection arrives on that rarely-accessed listening socket.
With Apache 2.x there is no performance concern about enabling the
logic for platforms which don't need it, so it is enabled everywhere
except for Win32. [Jeff Trawick]
*) SECURITY: CAN-2004-0113 (cve.mitre.org)
mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
PR 27106. [Joe Orton]
*) SECURITY: CAN-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog. Unescaped
errorlogs are still possible using the compile time switch
"-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, Andr<E9> Malo]
Complete changelog is at http://www.apache.org/dist/httpd/CHANGES_2.0
Package changes include:
buildlink depends increased for apache2 (but not for apr).
apr package version changes, but APR_VERSION stays same.
more files installed and added to PLIST.
share/httpd/manual/search/manual-index.cgi removed from PLIST.
Also removing share/httpd/htdocs and share/httpd directories
removed from PLIST because already handled by MAKE_DIRS.
(I think this should use OWN_DIRS.)
(jlam@ said he would like this update done during freeze.)
|
|
|
|
|
|
|
|
|
|
gets built.
Should fix hubertf's bulk build.
|
|
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
|
|
|
|
non-NetBSD platforms
|
|
|
|
to i386.
|
|
disapprove.
|
|
revision because of this.
|
|
|
|
and using NS_PREFERRED which can be defined in /etc/mk.conf.
This was broken in rev 1.16, when the include of ../navigator/Makefile.common
was removed, which included before mk/bsd.prefs.mk.
|
|
|
|
|
|
|
|
|
|
Changes:
Version 0.8.0 [Feb 08, 2004]
- * Added a right-mouse-button popup for images!
Patch: Frank de Lange, Eric Gaudet, Jorge Arellano
- * Made main document window grab focus on startup, fullwindow,
and after open url (BUG#330)
* Set Ctrl-U to focus the location entry,
Ctrl-R to reload, and Ctrl-H to hide controls.
Patches: Johan Hovold, Jorge Arellano, Stephan Goetter
- * Added a missing handler for broken-connection condition.
Patch: Jorge Arellano, Phil Pennock
- * Introduced a new way of handling dillo plugins! Now the
communications and managing is done by a daemon: dpid.
This comes with a lot of advantages described in Dpid.txt.
Patch: Programming: Ferdi Franceschini; Design: Jorge Arellano
- * Wrote documentation for dpid (Dpid.txt).
* Removed a memory leak in Get_line().
Patches: Jorge Arellano, Ferdi Franceschini
- * Developed a plugin for downloads. It uses wget and can handle several
connections at the same time.
* Developed stress tests for both dpid and the downloads dpi.
Patches: Ferdi Franceschini
- * Adapted dpi.c to manage plugins through dpid.
* Improved the incoming dpi-stream processing to accept images from a dpi.
* Added/updated lots of dpi-related comments.
* Updated the dpi1 spec.
* Removed the forced end-to-end reload that was set upon dpis. Now,
dpi-generated pages can be cached.
* Made dillo able to handle multiple plugins (still lacks a dynamic API)
... etc, etc.
|
|
Fixes:
- Fixed bug 599388: Search engines are not detected if domain is IP
address.
- Fixed bug 711758.
- Fixed bug 812681: bad case for ENV expansion in awstats.conf.
- Fixed bug 813908: Incomplete documentation
- Fixed bug 816267: onedigit dayofmonth breaks syslog regex
- Fixed bug 817287,830458: wrong regexp in Read_DNS_Cache subroutine
- Fixed bug 817388: lib/referer_spam.pm & lib/robots.pm
- Fixed bug 818704: Warning in IPv6 plugin when no reverse DNS
- Fixed bug 841877: regex bug for parsing log lines
- Fixed bug 846365: relative path not working for DirData.
- Fixed value for ValueSMTPCodes if not defined in config file.
- Fixed pb when country code is not same than lang code (example:
estonian has lang code 'et' and country code 'ee').
- Replaced Kb/visits to Kb/mails for mail log analysis.
- Remove some warnings that appears when running perl -W
- Other minor bugs (814970,823064,823323,831438,836315).
- Fixed bug in counting hits for miscellanous and clusters chart when
a temporary flush was done on disk during a long update.
- ExtraSections now works on all records whatever is the status code.
- Click on "Summary" now returns to top of page even with rawlog plugin.
- Fix in log parsing that should reduce dropped records to only records
that match a dropping criteria (SkipFiles, Skip..., Only...).
- Click on "Summary" now returns to top of page even with rawlog plugin.
- Fixed AmigaVoyager detection.
- Fixed bug in SkipHosts filter for mail log files.
- Fixed not working link for search keywords/keyphrase in menu with FireBird.
- Fixed pb in loading plugins with mod_perl2.
- Fixed not found relative DirData path with some Perl/OS versions.
- Fixed error in awstats_updateall.pl when current directory, while running
it, is where awstats.pl is stored.
New features/improvements:
- Increased speed by 10 to 20%.
- Added a Worms report (Added LevelForWormsDetection and
ShowWormsStats parameter).
- Added report for "not viewed" traffic in Summary report.
- Monthly history report has been extracted from the Summary report.
- Some changes to make AWStats to be XML compliant ready.
Need to set the new parameter BuildReportFormat to 'xml' in config file.
Added also the BuildHistoryFormat parameter (Even if only 'text' is
supported for the moment).
- A lot of part of codes have been rewritten to make code more easy to
understand and reduce unknown bugs.
- The link to whois informations for a host, provided by hostinfo plugin,
has been replaced by an internal 'whois' showing in a popup window full
whois informations whatever is the TLD of IP or host name.
- A new search engine database to allow several "match id" for same
search engine. Example: All google ip referer id are recognised.
- Can use UA and HOST fields to build personalized ExtraSection reports.
- Added support for AND conditions in personalized ExtraSection config.
- Support for right to left languages. Added 'he' language.
- Added LevelForSearchEnginesDetection parameter to choose between 2 possible
levels of detection for search engines (like LevelForRobotsDetection).
Also, added LevelForFileTypesDetection parameter (2 possible levels).
- Added percent column for file types.
- The robot chart now shows details between hits on robots.txt file and
other hits.
- Count of keywords/keyphrases does not increment counter for hits made
on images from a google cached page.
- Added patch 857319: Allow several IPs and IP ranges in
AllowAccessFromWebToFollowingIPAddresses parameter.
- Added experimental graphapplet plugin (graph are built by applet).
- Webmin module updated to 1.210 to integrate all new parameters.
- Better setup error messages for newbie.
- Reports look better on Mozilla browsers.
- Added decodeUTFkeys plugin to AWStats to show correctly (in language
charset) keywords/keyphrases strings even if they were UTF8 coded by
the referer search engine.
- Added/updated a lot of os, browser and country icons.
- Added Hebrew and Galician language.
- configure.pl: A new script to configure AWStats and Apache and
build a simple config file.
- awstats_buildstaticpages.pl: The -date option has been replaced
by the -buildate=%YY%MM%DD option so you can choose your own date format.
- awstats_buildstaticpages.pl: Added the -configdir option.
- awstats_exportlib.pl: Changes to be compatible with new AWStats databases.
- logresolvemerge.pl: can use several threads for reverse DNS lookup
with Perl 5.8.
- maillogconvert.pl: Allow to process qmail log preprocessed by
tai64nlocal tool.
- maillogconvert.pl: Added support for MDaemon mail server log files.
Other/Documentation:
- A httpd.conf sample to configure AWStats is provided.
- Added example for analyzing awredir.pl hits by ExtraSections.
- Updated database:
wget is known as a "grabber" browser, no more as a robots.
netcaptor and apt-get added in browser database.
asmx and aspx added in mime.pm file.
Microsoft URL Control added in robot list.
- Documentation seriously updated.
- FAQ updated.
|
|
- stop modifying httpd.conf with apxs.
- honor PKG_SYSCONFVAR.
Bump PKGREVISION.
|
|
|
|
|
|
Rasputin (rasputin at idoru dot mine dot nu).
Ruby bindings for the FastCGI system.
This is merged version matz's C version(fcgi.so) and
Eli's pure ruby version(fastcgi.rb).
|
|
incompatible with newer versions of gettext-lib. Detect gettext-lib
version and work around bug when necessary.
|
|
|
|
|
|
Rasputin (rasputin at idoru dot mine dot nu).
- stop modifying httpd.conf with apxs.
- install HTML document, too.
- honor PKG_SYSCONFVAR.
Since changes from 0.9.7 are to many, please look into ChangeLog file.
|
|
|
|
|
|
firefox-bin-nightly.
|