Age | Commit message (Collapse) | Author | Files | Lines |
|
security fix for apache
Module Name: pkgsrc
Committed By: tron
Date: Mon Oct 25 08:44:16 UTC 2004
Modified Files:
pkgsrc/www/apache: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/apache/patches: patch-ap
Log Message:
Update "apache" package to version 1.3.32. Changes since version 1.3.31:
- mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
[michael teitler <michael.teitler cetelem.fr>,
Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
- mod_rewrite: Fix 0 bytes write into random memory position.
PR 31036. [André Malo]
- mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920. [Joe Orton]
- Trigger an error when a LoadModule directive attempts to
load a module which is built-in. This is a common error when
switching from a DSO build to a static build.
[Jeff Trawick, Geoffrey Young]
- Fix trivial bug in mod_log_forensic that caused the child
to seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
[Will Slater <Will Slater orbisuk.com>]
- Fix memory leak in the cache handling of mod_rewrite. PR 27862.
[chunyan sheng <shengperson yahoo.com>, André Malo]
- mod_rewrite no longer confuses the RewriteMap caches if
different maps defined in different virtual hosts use the
same map name. PR 26462. [André Malo]
- mod_setenvif: Remove "support" for Remote_User variable which
never worked at all. PR 25725. [André Malo]
- mod_usertrack: Escape the cookie name before pasting into the
regexp. [André Malo]
- Win32: Improve error reporting after a failed attempt to spawn a
piped log process or rewrite map process. [Jeff Trawick]
- SECURITY: CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid (negative)
Content-Length. [Mark Cox]
- Fix a bunch of cases where the return code of the regex compiler
was not checked properly. This affects mod_usertrack and
core. PR 28218. [André Malo]
- No longer breaks mod_dav, frontpage and others. Repair a patch
in 1.3.31 which prevented discarding the request body for requests
that will be keptalive but are not currently keptalive. PR 29237.
[Jim Jagielski, Rasmus Lerdorf]
- COMPATIBILITY: Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT.
It controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined during
compilation, UseCanonicalName Off will use the physical port number to
generate the canonical name. If not defined, it tries the current Port
value followed by the default port for the current scheme.
[Jim Jagielski]
---
Module Name: pkgsrc
Committed By: abs
Date: Fri Oct 29 13:48:31 UTC 2004
Modified Files:
pkgsrc/www/apache: Makefile distinfo
pkgsrc/www/apache/patches: patch-aa patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag patch-ah patch-ai patch-aj
patch-ak patch-am patch-ao
Removed Files:
pkgsrc/www/apache/patches: patch-al
Log Message:
Update apache to 1.3.33
The main security vulnerabilities addressed in 1.3.33 are:
* CAN-2004-0940 (cve.mitre.org)
Fix potential buffer overflow with escaped characters in SSI
tag string.
* CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid
(negative) Content-Length.
New features
* Win32: Improve error reporting after a failed attempt to
spawn a piped log process or rewrite map process.
* Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It
controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined
during compilation, UseCanonicalName Off will use the physical
port number to generate the canonical name. If not defined, it
tries the current Port value followed by the default port for
the current scheme.
The following bugs were found in Apache 1.3.31 (or earlier) and
have been fixed in Apache 1.3.33:
* mod_rewrite: Fix query string handling for proxied URLs.
PR 14518.
* mod_rewrite: Fix 0 bytes write into random memory position.
PR 31036.
* mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920.
* Fix trivial bug in mod_log_forensic that caused the child to
seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
* No longer breaks mod_dav, frontpage and others. Repair a
patch in 1.3.31 which prevented discarding the request body
for requests that will be keptalive but are not currently
keptalive. PR 29237.
---
Module Name: pkgsrc
Committed By: salo
Date: Mon Nov 15 19:13:41 UTC 2004
Modified Files:
pkgsrc/www/apache/patches: patch-ai
Log Message:
Revert rev 1.9, do not expand @INSTALL@, it's done in post-patch.
(hi abs!)
---
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 16 08:23:45 UTC 2004
Modified Files:
pkgsrc/www/apache: distinfo
Log Message:
Regen after "patch-ai" was changed. (hi salo!)
|
|
security fixes for mozilla and firefox
Module Name: pkgsrc
Committed By: grant
Date: Mon Oct 4 11:52:09 UTC 2004
Modified Files:
pkgsrc/www/mozilla: distinfo
Log Message:
bring across a patch in Firefox for using thread-safe resolver
library functions on NetBSD >=2.0F.
---
Module Name: pkgsrc
Committed By: grant
Date: Mon Oct 4 11:52:45 UTC 2004
Modified Files:
pkgsrc/www/mozilla/patches: patch-br
Log Message:
bring across a patch in Firefox for using thread-safe resolver
library functions on NetBSD >=2.0F.
---
Module Name: pkgsrc
Committed By: sekiya
Date: Mon Oct 25 13:02:15 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile.common distinfo
pkgsrc/www/mozilla/patches: patch-bt
Log Message:
Force gcc34 and use the right varargs macro for amd64. Mozilla
(and its derivatives) now appears to work properly on amd64.
Patches from Nicholas Joly.
---
Module Name: pkgsrc
Committed By: jmmv
Date: Mon Oct 25 18:06:26 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile Makefile.common PLIST
pkgsrc/www/mozilla-gtk2: Makefile PLIST
pkgsrc/www/mozilla/files: moz-install
Log Message:
Modify mozilla and mozilla-gtk2 to install several additional headers.
More specifically, this lets Mozilla NSS be used by other programs.
Also make the pkgconfig substitutions happen at post-build time, so
that the right rpaths are added to the mozilla-nspr.pc file (which is
filled in during the build).
Bump PKGREVISION to 1 for both packages. Ok'ed by taya@, the
maintainer.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Nov 12 02:11:22 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile distinfo
pkgsrc/www/mozilla-gtk2: Makefile
Added Files:
pkgsrc/www/mozilla/patches: patch-bj
Log Message:
Update mozilla and mozilla-gtk2 to 1.7.3nb2 with a security fix
from mozilla CVS.
---
Module Name: pkgsrc
Committed By: kristerw
Date: Mon Nov 1 18:07:24 UTC 2004
Modified Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-bt
Log Message:
Use __va_copy instead of va_copy for NetBSD. This is needed on gcc
3.4 since the build use -ansi that in turn makes gcc 3.4 modify its
predefined symbols in such a way that va_copy is not defined.
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Tue Nov 9 20:10:14 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
Update firefox and firefox-gtk2 to 1.0.
This is a bugfix release, to fix the problems reported in Preview
Releases, etc.
---
Module Name: pkgsrc
Committed By: taya
Date: Wed Nov 10 14:38:45 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST
Log Message:
- correct path of mirror site
- add some missing files to PLIST
---
Module Name: pkgsrc
Committed By: taya
Date: Wed Nov 10 14:40:24 UTC 2004
Modified Files:
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
add some missing files to PLIST
---
Module Name: pkgsrc
Committed By: taya
Date: Sat Nov 13 07:03:08 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST
Log Message:
remove typeahead extension that confilicts with buildin typeahead
component.
fix pkg/28164.
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: taya
Date: Sat Nov 13 08:57:54 UTC 2004
Modified Files:
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
remove typeahead extension
|
|
remove apache6 package
removed from -current because of too many vulnerabilities and no newer
version available (people are expected to switch to apache2).
|
|
security fix for apache2
Module Name: pkgsrc
Committed By: reed
Date: Sat Oct 2 15:47:03 UTC 2004
Modified Files:
pkgsrc/devel/apr: distinfo
pkgsrc/www/apache2: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/www/apache2/patches: patch-ab
Log Message:
Update apache to apache-2.0.52.
Also added comment to www/apache2/Makefile.common to remind to
update checksum in devel/apr also.
No actual devel/apr changes seen.
Also removed www/apache2/patches/patch-ab because it is identical to
fix for security in new version.
Changes with Apache 2.0.52
*) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
*) Fix the global mutex crash when the global mutex is never allocated
due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
*) Fix a segfault in the LDAP cache when it is configured switched
off. [Jess Holle <jessh ptc.com>]
*) SECURITY: CAN-2004-0811 (cve.mitre.org)
Fix merging of the Satisfy directive, which was applied to
the surrounding context and could allow access despite configured
authentication. PR 31315. [Rici Lake <rici ricilake.net>]
*) Fix the handling of URIs containing %2F when AllowEncodedSlashes
is enabled. Previously, such urls would still be rejected.
[Jeff Trawick, Bill Stoddard]
*) mod_mem_cache: Fixed race condition causing segfault because of memory being
freed twice, or reused after being freed.
[J. Clar, W. Stoddard, G. Ames]
*) Add -l option to rotatelogs to let it use local time rather than
UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
*) mod_log_config: Fix a bug which prevented request completion time
from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
processing. PR 29696. [Alois Treindl <alois astro.ch>]
---
Module Name: pkgsrc
Committed By: reed
Date: Sat Oct 2 16:38:38 UTC 2004
Modified Files:
pkgsrc/www/apache2: Makefile PLIST
Log Message:
Sort the share/httpd/manual entries in the PLIST.
Added 35 share/httpd/manual entries to PLIST. Most are .ko.euc-kr,
.ko, ja.euc-jp, and .ja files.
I don't know when these were added.
Bump PKGREVISION because now package has several more files.
|
|
PLIST fix for jakarta-tomcat
|
|
security fix for apache2
Module Name: pkgsrc
Committed By: reed
Date: Thu Sep 23 21:07:25 UTC 2004
Modified Files:
pkgsrc/www/apache2: Makefile
Added Files:
pkgsrc/www/apache2/patches: patch-ab
Log Message:
Add patch for Apache security issue.
2.0.51 had a regression where the Satisfy directive could take
effect for different directories (and could bypass some access
control).
This patch is direct from Apache.
Also bumped the package revision.
---
Module Name: pkgsrc
Committed By: grant
Date: Thu Sep 23 22:51:52 UTC 2004
Modified Files:
pkgsrc/www/apache2: distinfo
Log Message:
update checksum for patch-ab (hi, reed!)
|
|
security fix for firefox
Includes the following modifications:
Module Name: pkgsrc
Committed By: grant
Date: Mon Oct 4 09:11:30 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common distinfo
Log Message:
update to Firefox 0.10.1, bugfix for a security issue:
http://www.mozilla.org/press/mozilla-2004-10-01-02.html
To generate a diff of this commit:
cvs rdiff -r1.3 -r1.4 pkgsrc/www/firefox/Makefile-firefox.common
cvs rdiff -r1.16 -r1.17 pkgsrc/www/firefox/distinfo
---
Module Name: pkgsrc
Committed By: grant
Date: Mon Oct 4 09:15:29 UTC 2004
Modified Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-br
Log Message:
commit a patch for using thread-safe resolver library functions on
NetBSD >=2.0F - I've been running with it for months on -current
without any problems.
To generate a diff of this commit:
cvs rdiff -r1.17 -r1.18 pkgsrc/www/firefox/distinfo
cvs rdiff -r1.2 -r1.3 pkgsrc/www/firefox/patches/patch-br
---
Module Name: pkgsrc
Committed By: reed
Date: Sat Oct 16 20:08:48 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common
Log Message:
Use cp(1)'s -RL instead of -r, because coreutils's
cp -r copies symlinks as symlinks (which caused
files to be missing in install).
Hopefully, this is portable. I tested under NetBSD and with coreutils.
And I brought this up on tech-pkg in July.
To generate a diff of this commit:
cvs rdiff -r1.4 -r1.5 pkgsrc/www/firefox/Makefile-firefox.common
---
Module Name: pkgsrc
Committed By: reed
Date: Tue Oct 19 21:01:47 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common
Log Message:
Instead of non-portable cp -RL, use pax with -Lrw
to copy the extensions files.
On Solaris, cp doesn't know -L. (Reported by R. Quinn.)
Using pax was suggested by grant@.
To generate a diff of this commit:
cvs rdiff -r1.5 -r1.6 pkgsrc/www/firefox/Makefile-firefox.common
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Thu Oct 21 00:55:36 UTC 2004
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-cd
Log Message:
Only include <stdbool.h> if !defined(_cplusplus) in nptypes.h.
Fixes build on NetBSD/macppc and maybe others, tested by Peter Bex
on 2-0/macppc and i386/-current/2-0 by me, closes PR pkg/27033.
To generate a diff of this commit:
cvs rdiff -r1.18 -r1.19 pkgsrc/www/firefox/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/www/firefox/patches/patch-cd
---
Module Name: pkgsrc
Committed By: grant
Date: Sun Oct 24 05:41:25 UTC 2004
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-ce patch-cf
Log Message:
apply patch from mozilla CVS to fix bug id #260337 (installer missing
libnsl on Solaris), as well as another sh(1) portability fix.
https://bugzilla.mozilla.org/show_bug.cgi?id=260337
no PKGREVISION bump because this didn't build on Solaris without
libnsl.
To generate a diff of this commit:
cvs rdiff -r1.19 -r1.20 pkgsrc/www/firefox/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/www/firefox/patches/patch-ce \
pkgsrc/www/firefox/patches/patch-cf
|
|
Fixes build on pkgsrc-2004Q3 branch.
Thanks to Soren Jacobsen for pointing this one out.
|
|
security fix for ap-ssl
Modified Files:
pkgsrc/www/ap-ssl: Makefile distinfo
Log Message:
Update "ap-ssl" package to version 2.8.20. Changes since version 2.8.19:
- With OpenSSL 0.9.7, prevent session resumption during a
renegotiation to force the client to negotiate a new (and
acceptable to mod_ssl) cipher suite. Additionally, ensure
that a correct cipher suite has been negotiated afterwards
(CAN-2004-0885).
- Fixed more printf(3) style format string bugs (not security
related) which could crash the server if mod_ssl's trace
or debug log level is enabled.
To generate a diff of this commit:
cvs rdiff -r1.83 -r1.84 pkgsrc/www/ap-ssl/Makefile
cvs rdiff -r1.22 -r1.23 pkgsrc/www/ap-ssl/distinfo
|
|
security fix for squid
Modified Files:
pkgsrc/www/squid: Makefile distinfo
pkgsrc/www/squid/patches: patch-ag patch-an patch-bb
Removed Files:
pkgsrc/www/squid/patches: patch-ba
Log Message:
Update squid package to 2.5.7.
This includes security problem with SNMP support which enabled by default.
<http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities>
* pkgsrc changes:
- Don't use PKGNAME within DIST_SUBDIR. Instead, date based DIST_STAMP.
This change prevent extra DIST_SUBDIR change asked by kim@.
- Remove setproctitle(3) hack for dnsserver helper program since use of
dnsserver itself is problematic with huge size of squid process.
* Changes to squid-2.5.STABLE7 (11 Oct 2004)
- [Medium] No objects cached in ufs cache_dir type in some
configurations. Issue introduced in 2.5.STABLE6 by the patch for
Bug #676. (Bug #1011)
- [Minor] LDAP helpers update to correct LDAP connection management
and add support for literal password compare instead of binding
- [Minor] A large number of queued DNS lookups for the same domain
(Bug #852)
- [Cosmetic] request_header_max_size configuration partly ignored
(Bug #899)
- [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
- Bug #1012: [Cosmetic] HEAD requests may return stale information
(Bug #1012)
- [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
- [Minor] case insensitive authentication (Bug #431)
- [Cosmetic] Add delay pools information to active_requests. (Bug
#882)
- [Minor] Apparent memory leak in client_db (Bug #833)
- [Minor] NTLM authentication truncated causing failures. (Bug
#1016)
- [Cosmetic] Grammatical corrections in squid.conf.default
- [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
#1030)
- [Medium] Segfaults and other strange crashes when using heap
policies. (Bug #1009)
- [Minor] Supplementary group memberships not set (Bug #1021)
- [Cosmetic] ERR_TOO_BIG Portugese translation
- [Minor] external_acl does not handle newlines (Bug #1038)
- [Major] NTLM authentication denial of service when using msnt_auth
or fake_auth (Bug #1045)
- [Medium] Memory leaks when using NTLM authentication without
challenge reuse. (Bug #994)
- [Minor] Temporary NTLM memory leak with challenge reuse enabled
(Bug #910)
- [Minor] assertion failed: "n_ufs_dirs <=
Config.cacheSwap.n_configured". (Bug #1053)
- [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
- [Minor] acl time fails to parse multiple time specifications
(Bug #1060)
- [Minor] cachemgr config dumps mixed up Range and Request-Range
headers in http_header_access & replace directives. (Bug #1056)
- [Minor] Content-Disposition added as a well known header (Bug #961)
- [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
(Bug #1074)
- [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
- [Medium] New acl types to match arbitrary HTTP headers. In addition
the http_header_access & replace directivess now support arbitrary
headers and not only the well known ones. (Bug #961)
- [Cosmetic] ncsa_auth now accepts Window formatted password files
(Bug #1078)
- [Cosmetic] Support the --program-prefix/suffix options or other
configure program name transforms (Bug #1019)
- [Minor] Fix race condition in CONNECT and also handle aborts of
CONNECT requests in a more graceful manner. (Bug #859)
- [Minor] New balance_on_multiple_ip directive to work around certain
broken load balancers and optimized ipcache on reload requests
(Bug #1058)
- [Medium] New reply_header_max_size directive (Bug #874)
- [Minor] Suspected instability on aborted PUT/POST requests (Bug #1089)
- [Security] SNMP Denial of Service fix (CAN-2004-0918)
|
|
Security fix for apache
Modified Files:
pkgsrc/www/apache: Makefile distinfo
Added Files:
pkgsrc/www/apache/patches: patch-ap
Log Message:
Apply fix for security vulnerability in proxy module reported in
CAN-2004-0492. Bump package revision package of this.
|
|
- Remove patch-as and patch-ah as they are now outdated and included in the src
- ok'ed snj@, wiz@
- Thanks to epg@ for final check
This version of Apache is principally a bug fix release. Of particular note
is that 2.0.51 addresses five security vulnerabilities:
An input validation issue in IPv6 literal address parsing which can result
in a negative length parameter being passed to memcpy.
[CAN-2004-0786]
A buffer overflow in configuration file parsing could allow a local user to
gain the privileges of a httpd child if the server can be forced to parse a
carefully crafted .htaccess file.
[CAN-2004-0747]
A segfault in mod_ssl which can be triggered by a malicious remote server,
if proxying to SSL servers has been configured.
[CAN-2004-0751]
A potential infinite loop in mod_ssl which could be triggered given
particular timing of a connection abort.
[CAN-2004-0748]
A segfault in mod_dav_fs which can be remotely triggered by an indirect lock
refresh request.
[CAN-2004-0809]
For further details, see http://www.apache.org/dist/httpd/Announcement2.html
and http://apache.rmplc.co.uk/httpd/CHANGES_2.0.
|
|
|
|
See commit log for www/firefox/Makefile-firefox.common for more details.
Several security holes have been fixed. See the page below for details.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
|
|
when MOZ_GTK2 is set.
Add a way to specify a different mozilla.sh script.
|
|
from Release Notes:
---
Firefox is a fast, full-featured browser that makes browsing more
efficient than ever before. More information about Firefox is
available.
Firefox Preview Release (henceforth refered to as PR) is a Technology
Preview. While this software works well enough to be relied upon as
your primary browser in most cases, we make no guarantees of its
performance or stability. It is a pre-release product and should not
be relied upon for mission-critical tasks. See the License Agreement
for more information.
These release notes cover what's new, download and installation
instructions, known issues and frequently asked questions for the
Firefox PR release. Please read these notes and the bug filing
instructions before reporting any bugs to Bugzilla.
We want to hear your feedback about Firefox. Please join us in the
Firefox forums, hosted by MozillaZine.
What's New
Here's what's new in this release of Firefox:
* Live Bookmarks
You can now subscribe to and read RSS feeds in your
Bookmarks. When you visit a page that advertises a RSS feed by using a
<link> tag, a RSS icon will appear in the status bar. Click it to view
a list of feeds the page is offering. Click one to subscribe - this
adds a Bookmark Folder that contains all the recent posts from the
feed.
* Improved Find
Find is easier and more powerful now with our new Find
toolbar. The Find toolbar (which shows at the bottom of the browser
window) automatically highlights text in the page as you type and has
a useful highlight feature.
* Managing Annoyances and Protecting Security
You can now open blocked popups, and the Extension install
system now blocks all attempts to install software from sites other
than update.mozilla.org. Users can add other sites to a list that
allows them to offer software, but software is never automatically
installed. In addition to these steps, several other measures have
been taken to prevent phishing attacks and to highlight when a page is
being viewed over a secure connection.
* Better Bookmarks
Numerous improvements to bookmarks including more reliable
presentation of Site icons, and a split pane view in the Bookmarks
window.
* Strong Encryption For Passwords Available
Passwords saved with the Password Manager can now be more easily
encrypted with strong encryption by creating a "Master Password". If
you create a Master Password, you are prompted once per session to
enter the Master Password so that Password Manager can automatically
fill in site logins. A useful feature for people who share computers
with others and want improved security.
* Improved Compatibility for IE users
Undetectable document.all support for site compatibility and
improved compatibility for keyboard accelerators further smooth the
transition for IE users
* Better System Integration for GNOME users
You can now configure Firefox as your Default Browser on GNOME,
and Firefox will adhere to your GNOME settings for edit field key
bindings, etc.
* And a horde of other bug fixes...
See The Burning Edge's Bigger Picture for more details.
-----
Several security holes have been fixed. See the page bellow for
detail.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
|
|
Mozilla 1.7.3 is a security update to Mozilla 1.7 that fixes a several
security vulnerabilities.
#93 "Send page" heap overrun (258005)
#92 javascript clipboard access (257523)
#91 Privilege request confusion (253942)
#90 Buffer overflow when displaying VCard (257314)
#89 BMP integer overflow (255067)
#88 javascript: link dragging (250862)
#87 non-ascii hostname heap overrun (256316)
#86 Malicious POP3 server III (245066, 226669)
#85 Wrong file permissions after installing on Linux (231083, 235781)
#84 Wrong file permissions in linux archive (254303)
See the page bellow for detail
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
|
|
Its old, it doesn't compile on recent systems, no one objected on tech-pkg,
its gone.
|
|
|
|
to avoid type confliction. Hopefully fix build problems reported
by buld builds.
|
|
Mozilla 1.7.3 is a security update to Mozilla 1.7 that fixes a several
security vulnerabilities.
#93 "Send page" heap overrun (258005)
#92 javascript clipboard access (257523)
#91 Privilege request confusion (253942)
#90 Buffer overflow when displaying VCard (257314)
#89 BMP integer overflow (255067)
#88 javascript: link dragging (250862)
#87 non-ascii hostname heap overrun (256316)
#86 Malicious POP3 server III (245066, 226669)
#85 Wrong file permissions after installing on Linux (231083, 235781)
#84 Wrong file permissions in linux archive (254303)
See the page bellow for detail
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
|
|
tree for later use by the package's Makefile.
|
|
this should just be build dependency, not a full dependency. Bump the
PKGREVISION.
|
|
Apply patch from PR 25488 to enable choosing the log facility for thttpd.
Both based on patches from Michael Santos.
Bump PKGREVISION to 1.
|
|
|
|
|
|
installation issues still around
|
|
|
|
|
|
Pkgsrc guru's might want to review this package to make the installation a bit
more intelligent
|
|
|
|
work OK with Mozilla 1.7.2 on NetBSD/alpha.
|
|
seen in kristerw@'s bulk build.
Bump PKGREVISION.
|
|
Apache CVS tree.
CAN-2004-0748
http://issues.apache.org/bugzilla/show_bug.cgi?id=29964
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.124&r2=1.125
CAN-2004-0751
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.125&r2=1.126
|
|
will ship with pkgsrc-2004Q3).
|
|
Update to newer docs download file (updated docs
appear to be the man page, tidy.css, and quickref.html).
Also bump PKGREVISION.
This will close PR pkg/26867. Thank you, Mark E. Perkins.
|
|
firefox-gtk2.
|
|
otherwise the default is better (and the variable doesn't need to be set).
Remove a few cases where it was set unnecessarily.
|
|
|
|
* 2004-09-01 13:59 (Minor)
Squid does not recognise Content-Disposition header
* 2004-09-01 13:09 (Cosmetic)
cachemge config dumps mixed up Range and Request-Range headers
* 2004-09-01 12:25 (Minor)
acl time fails to parse multiple time specifications correctly
* 2004-08-28 22:46 (Minor)
Segfault in CvtBin / authenticateDigestHandleReply
* 2004-08-25 21:11 (Minor)
assertion failed: comm.c:430: "n_ufs_dirs <= Config.cacheSwap.n_configured"
* 2004-08-25 20:30 (Minor)
Temporary NTLM memory leak with challenge reuse enabled
* 2004-08-25 20:30 (Medium)
Memory leaks when using NTLM authentication without challenge reuse
Bump PKGREVISION.
|
|
|
|
==============
Epiphany 1.2.8
==============
Code changes
* Adapt to Mozilla API changes (Christian)
* Confirm before overwriting a file [#143501]
Bug fixes
* Fix compilation of nautilus view (Christian) [#148995]
* Fix some memory leaks (Jean-François Rameau)
* Really translate the program name (Christian) [#148948]
* Fix restoring the history window on resume (Christian)
* Fix new tab position (Christian)
* Fix a crash in content handler (Christian) [#149550]
* Fix context menu on links with namespaced tag (Mikael Brockman) [#150208]
==============
Epiphany 1.2.7
==============
Code changes
* Adapt to mozilla API changes (Christian)
* Use nsIDOMWindow2 to get the root event target on
mozilla >= 1.7rc3 (Christian)
Bug fixes
* Work around mozilla bug #246392 which causes reloads of framed pages to
go back to original URI (backported from HEAD) (Christian) [#115800]
* Escape markup in string in the duplicate bookmarks dialogue
and topics menu (Christian)
* Escape markup in strings in the NSS dialogues (Crispin Flowerday)
* Work aroung mozilla bug #246392 which causes reload of framed pages to go
back to initial frameset (Christian, Crispin Flowerday) [#115800]
* Don't show redirected and non-toplevel pages in history (Christian) [#142143]
* Allow importing of Epiphany bookmarks format too (Christian) [#144699]
* Fix crash with corrupted toolbars file (Christian) [#144698]
* Fix prefs persistence with non-existent or bogus initial values (Christian)
* Unescape mailto: addresses (Christian) [#144462]
* Fix filename encoding for print-to-file (Christian)
* Depend on libgnomeui >= 2.6.0 (Christian) [#145776]
* Make print and print setup go trough nsIPrintingPromptService (Christian,
backported from HEAD)
* Fix print-to-file filechooser modality (Christian) [#147628]
* Fix mem leaks in gtk NSS dialogues (Christian, ported from galeon)
* Gracefully handle failure to create downloads directory (Marco) [#146902]
* Fix single observer ownership and reference counting (Christian) [#146873,
#146461]
* Fix downloader crash on shutdown (Marco) [#141928]
* Fix build with old mozilla versions (1.4.x, 1.5) (Christian)
* Use nsACString instead of nsCString in a few places in EphyWrapper (Christian)
* Fix crash on screen size change after using fullscreen (Christian)
New translations
* he
Updated translations
* bg, ca, vi
|
|
Drivel 1.2.0 (The "Hero of Canton" release)
===========================================
* Improvements:
- Added a user manual (Todd).
* Fixes:
- Fixed the oft-reported "automaticall" typo (Todd).
- Synced eggtrayicon.* and recent-files/* with libegg to get the latest
improvements and bug-fixes (Todd).
* Translations:
- Updated Canadian English translation (Adam Weinberger).
- Updated Simplified Chinese translation (Funda Wang).
- Updated Portuguese translation (Duarte Loreto).
- Updated Swedish translation (Christian Rose).
- Updated Czech translation (Miloslav Trmac).
- Updated Dutch translation (Elros Cyriatan).
- Updated Spanish translation (Francisco Javier F. Serrador).
- Updated Albanian translation (Laurent Dhima).
- Updated Brazilian Portuguese translation (Estêvão Samuel Procópio).
Drivel 1.1.2 (The "Betas make bubbles!" release)
================================================
* Improvements:
- Replace the RSA's reference MD5 implementation with a free one.
- Add the GNOME Spinner to the network progress dialog.
- Make the standard error dialog conform to the HIG.
- Port the Network Progress and Insert Image dialogs to Glade.
- Gave the Insert Image and Insert Link dialogs a make-over and some
HIG-lovin'.
- Added a Cancel button to the new Network Progress dialog.
- Use unique names for user pictures, prevents re-downloading the
same image again and again.
- Add support for back-dating journal entries.
- Add tooltips for post options.
* Fixes:
- Prevent the network dialog from "blinking" on short transactions.
- Fix a crash that occured when the network dialog was closed manually.
- Double-clicking an entry in the history dialog opens it for editing.
- Prevent the user from selecting a row in the history list when it is
empty, fixes a crash.
- Fix a few strings to bring them into HIG 2.0 compliance.
* Translations:
- Updated Brazilian Portuguese translation (Raphael Higino and
Estêvão Samuel Procópio).
- Updated Czech translation (Miloslav Trmac).
- Updated Canadian English translation (Adam Weinberger).
- Updated British English translation (David Lodge).
- Updated Spanish translation (Francisco Javier F. Serrador).
Drivel 1.1.1 (The "I'm too hung-over to be creative" release)
=============================================================
* Improvements:
- RhythmBox support for the Music entry (Davyd Madeley).
- New and improved network layer which doesn't suck.
- Abstracted blog API, should make it easy to support multiple blog
systems in the future.
- Support for EggRecent.
- Added a "Drivel journal draft" mimetype.
- Redesigned the Friends dialog.
* Fixes:
- Plugged some memory leaks.
- Use the correct signal (enter_notify) for triggering the query_music
function.
- Lots of HIG-related spacing fixes.
* Translations:
- Updated Spanish translation (Francisco Javier F. Serrador).
- Updated Brazilian Portuguese translation (Raphael Higino).
- Updated Norwegian translation (Kjartan Maraas).
- Updated Albanian translation (Laurent Dhima).
- Updated Czech translation (Miloslav Trmac).
- Updated British English translation (David Lodge).
Drivel 1.1.0 (The "Happy birthday, Stephie!" release)
=====================================================
* Improvements:
- HTML syntax highlighting (Davyd Madeley and Grahame Bowland).
- Optional in-line spell checking support via GtkSpell.
- Undo/Redo support (Davyd Madeley).
- Support the new challenge/response LiveJournal authentication method.
- Per-account autosaves.
- Use LogJam's XML file format when saving/loading drafts (Davyd Madeley).
- The Insert Link dialog now replaces selected text with a hyper-linked
version of the text.
- Saves the filename of drafts so that the user isn't prompted each time she
presses "Save Draft" and add a "Save Draft as..." menu command.
- Autocomplete support for the Mood control (Davyd Madeley).
- Lots of HIG work on the menus, dialogs, and alerts.
* Fixes:
- Keybinding fixes.
- Resolve a couple of bugs in the History dialog (still requires GTK+ 2.4.4
or higher to work correctly) (Davyd Madeley).
- Correct the lj-lq tag in the poll creator (Grahame Bowland).
- Don't duplicate the protocol in the Insert Link dialog (gnome@nash.nu).
- Fixed the autosave feature.
- Resolved a network threading issue that prevented Drivel from working on
NetBSD, and possibly the other BSD variants as well.
- Protect proxy variables with mutex locks, should resolve some more
BSD-related threading issues.
- Use libcurl's unescape method rather than our own, fixes a NetBSD
character conversion problem.
- Fix C99-ism which was preventing successfull compilation on
GCC-2.95 (Julio M. Merino Vidal).
* Translations:
- Added Albanian translation (Laurent Dhima).
- Updated Czech translation (Miloslav Trmac).
- Updated Brazilian Portuguese translation (Raphael Higino).
- Updated British English translation (David Lodge).
|
|
|
|
I could not find any recent release notes or change log other than "People
continue to report examples where Tidy does not catch some ill-formed HTML
or, worse, generates ill-formed HTML. These cases have been significantly
reduced." (I didn't compare code with old release either.)
Patch-ab updated (same line patched).
|
|
|
|
patch provided by Ove Soerensen in PR 26792
changes compared to 2.7f:
wwwoffle 2.8c contains various fixes and new features. For example the
removal of some memory-leaks, fixes for race-conditions and it's noew
CSS aware and has support for chunked encoding.
|
|
http://svn.edgewall.com/repos/trac/tags/trac-0.7.1
Thanks, Holger Weiss <holger@jhweiss.de> (pkg/26735).
* Bugfixes for 0.7
* Fixes security hole in auth.py
* Experimental support for mod_python
* Improved MIME-types
* Fixed bugs: #93, #202, #307, #312, #342, #345, #350, #353, #355, #391,
#393, #401, #404, #406, #415, #417, #419, #420, #421, #422, #424,
#425, #428, #429, #432, #435, #437, #441, #442, #448, #451, #452,
#456, #457, #461, #463, #466, #467, #470, #, #497, #498, #502,
#504
|
|
changes;
Except from the usual bug-fixes and improvements, some new features snuck
in. One nifty feature is the save and open file dialogs remembering the
last directory opened. Also, a "start_page" option in the preferences so
that you may override the splash screen.
|
|
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
|