| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security fix for firefox
Patch supplied by submitter, equals to:
Module Name: pkgsrc
Committed By: taya
Date: Sun Feb 27 13:20:43 UTC 2005
Log Message:
Update firefox to 1.0.1.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
|
|
security fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.139
- pkgsrc/www/squid/distinfo 1.86
Module Name: pkgsrc
Committed By: taca
Date: Sun Mar 6 13:30:49 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid to 2.5.9nb1.
* 2005-03-04 22:48 (Cosmetic Security)
Unexpected access control results on configuration errors
* 2005-03-04 11:55 (Minor)
Links in FTP listings without / fails due to missing BASE HREF
* 2005-03-04 11:55 (Minor)
Fails to parse the EPLF FTP directory format
* 2005-03-03 02:26 (Minor Security)
Race condition related to Set-Cookie header
|
|
update squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.137-1.138
- pkgsrc/www/squid/distinfo 1.84-1.85
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 28 16:59:08 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid to 2.5.8nb3, adding recent five official patches.
* 2005-02-23 00:11 (Medium) Should not automatically retry request on 403
and other server errors
* 2005-02-21 17:02 (Minor) fqdn lookups with spaces may confuse redirectors
* 2005-02-21 03:38 (Cosmetic) Display FTP URLs in decoded format to allow
for sane display of national characters etc
* 2005-02-21 02:58 (Minor) Peer related memory leaks on "squid -k
reconfigure"
* 2005-02-21 01:38 (Cosmetic) Doesn't work specifying the AR variable to
configure
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 1 11:16:58 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid package to 2.5.9 (2.5.STABLE9).
There is no runtime change from 2.5.8nb3.
- Fix for a wrong configure warning on Solaris 9 x86 when enabling ARP
ACl support: The effective host type is i386-pc-solaris2.9.
- Documentation update for squid 2.5.STALBE9.
|
|
security fix for curl
Apply a manual patch that fixes a buffer overflow in the NTLM
authentication code. See http://www.securityfocus.com/archive/1/391042
for more information.
|
|
update distribution patches for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.136
- pkgsrc/www/squid/distinfo 1.82
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 21 00:05:32 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update to squid-2.5.8nb2;
Add new two patches:
* 2005-02-20 19:11 (Cosmetic) GCC4 warnings
* 2005-02-20 10:47 (Minor) Relax header parsing slightly again to work
around broken web servers
Reflect update of one patch:
* 2005-02-20 11:03 (Cosmetic) Cross-platform format fixes
Update DIST_SUBDIR.
|
|
DoS fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.135
- pkgsrc/www/squid/PLIST 1.16
- pkgsrc/www/squid/distinfo 1.81
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 17 15:04:12 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile PLIST distinfo
Log Message:
Update squid package to 2.5.8nb1.
Apply four official fixes.
* 2005-02-15 02:14 (Cosmetic) FTP URL cleanups
* 2005-02-15 01:07 (Cosmetic) Allow high characters in generated FTP and
Gopher directory listings
* 2005-02-15 00:03 (Cosmetic) Cross-platform format fixes
* 2005-02-13 05:58 (Major) Assertion failure on certain odd DNS responses
Fixes PR pkg/29412 from Mike M. Volokhov.
|
|
security fix for awstats
Revisions pulled up:
- pkgsrc/www/awstats/Makefile 1.15
- pkgsrc/www/awstats/distinfo 1.9
- pkgsrc/www/awstats/patches/patch-aa 1.1
- pkgsrc/www/awstats/patches/patch-ab 1.1
Module Name: pkgsrc
Committed By: minskim
Date: Tue Feb 15 15:55:25 UTC 2005
Modified Files:
pkgsrc/www/awstats: Makefile distinfo
Added Files:
pkgsrc/www/awstats/patches: patch-aa patch-ab
Log Message:
Security fix for http://www.securityfocus.com/archive/1/390368.
Patches from awstats CVS.
Bump PKGREVISION.
|
|
distfile fix for awstats
Revisions pulled up:
- pkgsrc/www/awstats/Makefile 1.14
- pkgsrc/www/awstats/distinfo 1.8
Module Name: pkgsrc
Committed By: minskim
Date: Sun Feb 13 15:29:15 UTC 2005
Modified Files:
pkgsrc/www/awstats: Makefile distinfo
Log Message:
Bump PKGREVISION due to distfile change.
This fixes PR pkg/29210.
|
|
update squid
Revisions pulled up:
pkgsrc/www/squid/Makefile 1.134
pkgsrc/www/squid/distinfo 1.80
pkgsrc/www/squid/patches/patch-al 1.6
pkgsrc/www/squid/patches/patch-cd 1.5
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 11 14:47:18 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
pkgsrc/www/squid/patches: patch-al patch-cd
Log Message:
Update squid package to 2.5.8 (squid-2.5.STABLE8).
Most of these changes are already included in previous squid-2.5.7nb12.
But last one is really new one.
Changes to squid-2.5.STABLE8 (11 Feb 2005)
- [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
#1096)
- [Cosmetic] Document -v (protocol version) option to LDAP helpers
- [Minor] The new req_header and resp_header acls segfaults
immediately on parse of squid.conf (Bug #961)
- [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
(Bug #1118)
- [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
- [Minor] Squid fails to close TCP connection after blank HTTP
response (Bug #1116)
- [Minor security] Random error messages in response to malformed
host name (Bug #1143)
- [Minor] PURGE should not be able to delete internal objects
(Bug #1112)
- [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
#1121)
- [Minor] cachemgr vm_objects segfault (Bug #1149)
- [Minor security] Confusing results on empty acl declarations (Bug
#1166)
- [Minor] Don't close all "other" filedescriptors on startup (Bug
#1177)
- [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
#1183)
- [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
- [Medium security] Denial of service with forged WCCP messages
(Bug #1190)
- [Minor] DNS related memory leak on certain malformed DNS responses
(Bug #1197)
- [Minor] Internal DNS sometimes truncates host names in reverse
(PTR) lookups (Bug #1136)
- [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
- [Security] Harden Squid agains HTTP request smuggling attacks
- [Minor] Icon URLs fails in non-anonymous FTP directory listings is
short_icon_urls is on (Bug #1203)
- [Security] Harden Squid agains HTTP response splitting attacks
(Bug #1200)
- [Medium security] Buffer overflow in WCCP recvfrom() call
(Bug #1217)
- [Security] Properly handle oversized reply headers (Bug #1216)
- [Minor] LDAP helpers search fixed to properly ask for no attributes
- [Minor] A sporadic segmentation fault when using ntlm authentication
fixed (Bug #1127)
- [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
- [Medium] Persistent connection mismatch on failed PUT/POST request
(Bug #1122)
- [Minor] WCCP easily disturbed by forged packets (Bug #1225)
- [Minor] Password management in ftp:// gatewaying improved (Bug #1226
- [Major] HTTP reply data corruption in certain situations involving
reply headers split over multiple packets (Bug #1233)
|
|
security fix for apache2
Revisions pulled up:
- pkgsrc/devel/apr/Makefile 1.31
- pkgsrc/devel/apr/distinfo 1.11
- pkgsrc/www/apache2/Makefile 1.66 (merged by hand)
- pkgsrc/www/apache2/Makefile.common 1.13
- pkgsrc/www/apache2/PLIST 1.27
- pkgsrc/www/apache2/distinfo 1.36 (merged by hand)
- pkgsrc/www/apache2/patches/patch-aa 1.14
- pkgsrc/www/apache2/patches/patch-as removed
- pkgsrc/www/apache2/patches/patch-at removed
Module Name: pkgsrc
Committed By: tron
Date: Wed Feb 9 14:52:12 UTC 2005
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update "apr" package to version 0.9.6.2.0.53. Changes since
version 0.9.5.2.0.52:
- Add apr_threadattr_stacksize_set() for overriding the default
stack size for threads created by apr_thread_create().
- Add an RPM spec file.
- Add a build script to create a solaris package.
---
Module Name: pkgsrc
Committed By: tron
Date: Wed Feb 9 14:57:52 UTC 2005
Modified Files:
pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo
pkgsrc/www/apache2/patches: patch-aa
Removed Files:
pkgsrc/www/apache2/patches: patch-as patch-at
Log Message:
Update "apache2" package to version 2.0.53. Changes since version 2.0.52:
- Fix --with-apr=/usr and/or --with-apr-util=/usr. Bug report 29740.
[Max Bowsher <maxb ukf.net>]
- mod_proxy: Fix ProxyRemoteMatch directive. Bug report 33170.
[Rici Lake <rici ricilake.net>]
- mod_proxy: Respect errors reported by pre_connection hooks.
[Jeff Trawick]
- --with-module can now take more than one module to be statically
linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
If the <modtype>-subdirectory doesn't exist it will be created and
populated with a standard Makefile.in. [Erik Abele]
- Fix the RPM spec file so that an RPM build now works. An RPM
build now requires system installations of APR and APR-util.
Remove some arbitrary moving around of binaries - the RPM now
maps to the ASF build of httpd.
[Graham Leggett]
- mod_dumpio, an I/O logging/dumping module, added to the
modules/expermimental subdirectory. [Jim Jagielski]
- mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
library handles special characters. Bug report 24437.
[Jess Holle]
- Win32 MPM: Correct typo in debugging output. [William Rowe]
- conf: Remove AddDefaultCharset from the default configuration because
setting a site-wide default does more harm than good.
Bug report 23421. [Roy Fielding]
- Add charset to example CGI scripts. [Roy Fielding]
- mod_ssl: fail quickly if SSL connection is aborted rather than
making many doomed ap_pass_brigade calls.
Bug report 32699. [Joe Orton]
- Remove compiled-in upper limit on LimitRequestFieldSize.
[Bill Stoddard]
- Start keeping track of time-taken-to-process-request again for
mod_status if ExtendedStatus is enabled. [Jim Jagielski]
- mod_proxy: Handle client-aborted connections correctly.
Bug report 32443. [Janne Hietamäki, Joe Orton]
- Fix handling of files >2Gb on all platforms (or builds) where
apr_off_t is larger than apr_size_t.
Bug report 28898. [Joe Orton]
- mod_include: Fix bug which could truncate variable expansions
of N*64 characters by one byte. Bug report 32985. [Joe Orton]
- Correct handling of certain bucket types in ap_save_brigade, fixing
possible segfaults in mod_cgi with #include virtual.
Bug report 31247. [Joe Orton]
- Allow for the use of --with-module=foo:bar where the ./modules/foo
directory is local only. Assumes, of course, that the required
files are in ./modules/foo, but makes it easier to statically
build/log "external" modules. [Jim Jagielski]
- Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
ldap authorization only modules have access to the util_ldap
user cache without having to require ldap authentication as well.
Bug report 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
- mod_auth_ldap: Added the directive "Requires ldap-attribute" that
allows the module to only authorize a user if the attribute value
specified matches the value of the user object. Bug report 31913
[Ryan Morgan <rmorgan pobox.com>]
- SECURITY: CAN-2004-0942 (cve.mitre.org)
Fix for memory consumption DoS in handling of MIME folded request
headers. [Joe Orton]
- SECURITY: CAN-2004-0885 (cve.mitre.org)
mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
bypassed during an SSL renegotiation. Bug report 31505.
[Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
- mod_ssl: Fail at startup rather than segfault at runtime if a
client cert is configured with an encrypted private key.
Bug report 24030. [Joe Orton]
- apxs: fix handling of -Wc/-Wl and "-o mod_foo.so".
Bug report 31448 [Joe Orton]
- mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
[Jeff Trawick]
- mod_cache: CacheDisable will only disable the URLs it was meant to
disable, not all caching. Bug report 31128.
[Edward Rudd <eddie omegaware.com>, Paul Querna]
- mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
cache responses. [Justin Erenkrantz]
- mod_rewrite: Handle per-location rules when r->filename is unset.
Previously this would segfault or simply not match as expected,
depending on the platform. [Jeff Trawick]
- mod_rewrite: Fix 0 bytes write into random memory position.
Bug report 31036. [André Malo]
- mod_disk_cache: Do not store aborted content. Bug report 21492.
[Rüdiger Plüm <r.pluem t-online.de>]
- mod_disk_cache: Correctly store cached content type.
Bug report 30278.
[Rüdiger Plüm <r.pluem t-online.de>]
- mod_ldap: prevent the possiblity of an infinite loop in the LDAP
statistics display. Bug report 29216. [Graham Leggett]
- mod_ldap: fix a bogus error message to tell the user which file
is causing a potential problem with the LDAP shared memory cache.
Bug report 31431 [Graham Leggett]
- mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
- Fix the re-linking issue when purging elements from the LDAP cache
Bug report 24801. [Jess Holle <jessh ptc.com>]
- mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
- Fix Expires handling in mod_cache. [Justin Erenkrantz]
- Alter mod_expires to run at a different filter priority to allow
proper Expires storage by mod_cache. [Justin Erenkrantz]
|
|
security fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.133
- pkgsrc/www/squid/distinfo 1.79
Module Name: pkgsrc
Committed By: taca
Date: Sun Feb 6 08:08:03 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid package to 2.5.7nb12.
Adding several official patches which fix security and critical problem.
o 2005-02-06 00:57 (Cosmetic)
Improve password handling in FTP gatewaying of ftp://user@host URLs
o 2005-02-04 11:41 (Minor) WCCP easily disturbed by forged packets
o 2005-02-04 00:33 (Medium)
Persistent connection trouble on failed PUT/POST requests
o 2005-02-04 00:12 (Major) Segmentation fault on failed PUT/POST request
o 2005-02-03 23:27 (Minor)
Sporadic segmentation fault when using ntlm authentication
o 2005-02-03 23:17 (Minor)
LDAP helpers sends slightly malformed search requests
o 2005-01-31 22:50 (Security issue)
Correct handling of oversized reply headers
|
|
security fix for dillo
Revisions pulled up:
- pkgsrc/www/dillo/Makefile 1.23-1.24
- pkgsrc/www/dillo/PLIST 1.10
- pkgsrc/www/dillo/distinfo 1.20-1.21
- pkgsrc/www/dillo/patches/patch-aa 1.5
- pkgsrc/www/dillo/patches/patch-ac 1.6
Module Name: pkgsrc
Committed By: jmmv
Date: Tue Jan 4 14:09:17 UTC 2005
Modified Files:
pkgsrc/www/dillo: Makefile PLIST distinfo
Added Files:
pkgsrc/www/dillo/patches: patch-aa
Log Message:
Properly handle the dpidrc configuration file. Bump PKGREVISION to 1.
Closes PR pkg/28854 by Alexander Becher.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Jan 10 21:54:36 UTC 2005
Modified Files:
pkgsrc/www/dillo: Makefile distinfo
Added Files:
pkgsrc/www/dillo/patches: patch-ac
Log Message:
Patch for recent security issue - bump to nb2
http://secunia.com/advisories/13760/
|
|
distfiles fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.131-1.132
- pkgsrc/www/squid/distinfo 1.77-1.78
Module Name: pkgsrc
Committed By: taca
Date: Tue Feb 1 01:31:10 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid package to squid-2.5.7nb11.
squid-2.5.STABLE7-response_splitting.patch was updated, so update distinfo
and DIST_SUBDIR. It seems that a patch to one more file was added.
* 2005-01-31 01:50 (Security issue)
Strengthen Squid from HTTP response splitting cache pollution attack
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Feb 1 10:22:20 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Fix file name of a patch file which squid people fix its typo.
Noted by salo@ first and PR pkg/29181 later.
|
|
security fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.130
- pkgsrc/www/squid/distinfo 1.76
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 29 00:51:42 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Apply a new official patch which contains security problem.
* 2005-01-28 23:16 (Security issue) Buffer overflow in WCCP recvfrom() call
Bump PKG_REVISION and now squid-2.5.7nb10.
|
|
distfile fix for awstats
Revisions pulled up:
- pkgsrc/www/awstats/Makefile 1.13
- pkgsrc/www/awstats/distinfo 1.7
Module Name: pkgsrc
Committed By: minskim
Date: Wed Jan 26 15:55:41 UTC 2005
Modified Files:
pkgsrc/www/awstats: Makefile distinfo
Log Message:
Distfile changed without bumping the version number. Noted by adrianp@.
diff(1) shows that some default values have been changed.
Set DIST_SUBDIR and bump PKGREVISION.
|
|
security fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.129
- pkgsrc/www/squid/distinfo 1.75
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 26 15:29:03 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update new and disabled official patches. The new patch includes
security fix.
o 2005-01-21 12:10 (Minor)
Disable Path-MTU discovery on intercepted requests
o 2005-01-21 12:43 (Security issue)
Strengthen Squid from HTTP response splitting cache pollution attack
Bump package revision.
|
|
security fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.125-1.128
- pkgsrc/www/squid/distinfo 1.73-1.74
Module Name: pkgsrc
Committed By: taca
Date: Sun Jan 16 15:46:25 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Set PKG_USERS and PKG_GROUPS with SQUID_USER and SQUID_GROUP.
Now squid's user and group are handled by bsd.pkg.install.mk properly.
Thanks much to Volker Wiegand at t-online dot de noted this problem
by private mail.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: kim
Date: Wed Jan 19 00:19:27 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Record SQUID_USER and SQUID_GROUP in BUILD_DEFS.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 19 14:56:55 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Apply three official patch including a minor security problem.
o 2005-01-17 04:29 (Minor Secuity issue) Sanity check usernames
in squid_ldap_auth
o 2005-01-17 02:52 (Minor) FQDN names truncated on compressed DNS
responses
o 2005-01-17 02:52 (Minor) Internal DNS memory leak on malformed
responses
Bump package revision; squid-2.5.7nb7.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jan 21 13:41:27 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update new official patched.
o 2005-01-21 12:43 (Security issue)
Strengthen Squid from HTTP response splitting cache pollution attack
o 2005-01-21 12:10 (Minor)
Icons fails to load on non-anonymous FTP when using
short_icons_url directive
o 2005-01-21 12:10 (Minor)
FTP data connection fails on some FTP servers when requesting
directory without a trailing slash
One patch has problem to apply and hold to apply
o 2005-01-21 12:10 (Minor) Disable Path-MTU discovery on intercepted
requests
Bump package revision.
|
|
security fix for awstats
Module Name: pkgsrc
Committed By: minskim
Date: Wed Dec 29 10:22:27 UTC 2004
Modified Files:
pkgsrc/www/awstats: Makefile PLIST distinfo
Log Message:
Update awstats to 6.2 and take maintainership.
Changes:
- awstats_updateall.pl: Added -excludeconf option
- Allow plugins to add entry in menu.
- Allow plugins to add charts with its own way to compile data
inside the update process.
- Added the geoip_region_maxmind and geoip_city_maxmind plugins.
- maillogconvert.pl: Support postfix 2.1 that change its log
format using NOQUEUE string instead of a number for mails that
are rejected before being queued.
- Little speed improvments.
- Counts javascript disabled browsers (A new MiscTracker feature).
- When a direct access to last line is successfull, awstats is
directly in mode "NewLine". No need to find a more recent record
for this. This means the NotSortedRecordTolerance works even
between end and start of updates.
- You can use a particular not used field in your log file to build
a personalized report with the ExtraSection feature. Just use
a personalized log format and use the tag %extraX (where X is
a number) to name field you want to use, then, in ExtraSection
parmaters, you can use extraX to tell wich info to use to extract
data for building the chart.
- Support method "put" when analyzing ftp log files.
- Added a bold style around current day/month in label of charts.
- Bug fixes and documentation improvements.
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Jan 18 13:37:26 UTC 2005
Modified Files:
pkgsrc/www/awstats: Makefile PLIST distinfo
Log Message:
Update awstats to 6.3.
Changes:
New features/improvements:
- Added the geoip_isp_maxmind and geoip_org_maxmind plugin.
- Details firefox versions.
Fixes:
- The geoip_city_maxmind plugin was sometimes bind and towns with
space in names are reported correctly.
- Removed an unknown security hole.
- Removed an other unknown security hole (found by iDEFENSE).
- Restart of apache works correctly on debian.
Other/Documentation:
- Updated documentation
- Updated language files
---
Module Name: pkgsrc
Committed By: minskim
Date: Wed Jan 19 12:49:33 UTC 2005
Modified Files:
pkgsrc/www/awstats: Makefile PLIST
Log Message:
Correct PLIST and file permission. Noted by salo@.
Bump PKGREVISION.
|
|
security fix for squid
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 13 16:19:10 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Add three official fixes.
o 2005-01-12 17:21 (Security issue) Denial of service with forged WCCP messages
o 2005-01-12 17:19 (Security issue) buffer overflow bug in gopherToHTML()
o 2005-01-08 03:13 (Medium) fakeauth_auth memory leak and NULL pointer access
Bump package revision.
|
|
runtime fix for horde
Module Name: pkgsrc
Committed By: bouyer
Date: Mon Jan 10 16:25:27 UTC 2005
Modified Files:
pkgsrc/www/horde: Makefile
Log Message:
Horde has a run-time dependancy on ../../sysutils/pear-Log
|
|
security fix for squid
Module Name: pkgsrc
Committed By: taca
Date: Fri Dec 31 13:31:37 UTC 2004
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Add two official fix.
* 2004-12-28 12:55 (Minor) Don't close "other" filedescriptors on
startup
* 2004-12-27 18:54 (Minor Security) Confusing results on empty acl
* declarations
Bump package revision.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 1 15:57:42 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update DIST_STAMP to change DIST_SUBDIR because of some patches
were changed their size.
|
|
security fix for opera7
Module Name: pkgsrc
Committed By: tron
Date: Wed Dec 29 23:19:34 UTC 2004
Modified Files:
pkgsrc/www/opera7: Makefile distinfo
Log Message:
Update "opera" package to version 7.54u1 (as 7.54pl1). Changes since
version 7.54:
- Tightened origin check for frames, fixing issue reported in Secunia
Advisory 13253. A side effect of this is that documents not passing
the origin check will open in a new page.
- Fixed issue reported by Marc Schönefeld: intrusive JavaScript or
Java applet could exploit Sun Java vulnerability to retrieve
logged-in user's username and install directory.
- Fixed LiveConnect class access security issue reported by Jouko
Pynnönen.
- Fixed download issue reported by Andreas Sandblad, Secunia
Research, described in Secunia Advisory 12981: periods and
non-breaking spaces in content-type header type could obscure file
type.
- Improved support for the "must-revalidate" cache directive.
|
|
security fix for mozilla-bin
Module Name: pkgsrc
Committed By: tron
Date: Tue Dec 21 10:03:45 UTC 2004
Modified Files:
pkgsrc/www/mozilla-bin: Makefile distinfo
Log Message:
Update "mozilla-bin" package to version 1.7.5. Changes since version 1.7.3:
- NPRuntime support. NPRuntime is an extension to the Netscape Plugin API that
was developed in cooperation with Apple, Opera, and a group of plugin
vendors. http://www.mozilla.org/projects/plugins/npruntime.html
- Added undetectable document.all support, and support for exposing elements
by their ID in the global scope for greater IE compatibility when viewing
pages that don't request standards compliant behaviour.
https://bugzilla.mozilla.org/show_bug.cgi?id=248549 and
https://bugzilla.mozilla.org/show_bug.cgi?id=256932.
- Fix for http://secunia.com/advisories/12956/
Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.
|
|
module directory has changed (eg. "darwin-2level" vs.
"darwin-thread-multi-2level").
binary packages of perl modules need to be distinguishable between
being built against threaded perl and unthreaded perl, so bump the
PKGREVISION of all perl module packages and introduce
BUILDLINK_RECOMMENDED for perl as perl>=5.8.5nb5 so the correct
dependencies are registered and the binary packages are distinct.
addresses PR pkg/28619 from H. Todd Fujinaka.
|
|
in last revision.
|
|
- Added Palm OS and Symbian OS to the Operating System Report.
- ISO 8601 extended date format available in language files.
- Another style sheet from James Reeves added to the examples directory.
- Analog is now distributed under the GNU General Public License.
- Fix problems building unzip.c on some platforms.
- Fix invalid XHTML output in non-European languages.
- The DNSTIMEOUT command is now off by default, because it breaks DNS lookups
on many platforms.
- Recognises Firebird and Firefox as browsers.
- msnbot recognised as a robot in the default configuration.
- Patches for Mac.
- New Makefiles for Windows and RISC OS.
- Corrections to Finnish and Japanese language files.
- Reads zip and bzip2 logfiles without the need for an UNCOMPRESS command.
- Automatically strips ;params section from URLs (for example, jsessionid's).
- Recognises Windows Server 2003 in the Operating System Report.
- First user-contributed style sheets added to examples/css directory.
- Computer-readable output style now forces English output.
- More corrections to XML output style.
- Patches for OpenVMS and RISC OS.
- Basque language files.
- Country code .cs, formerly Czechoslovakia, is now Serbia and Montenegro.
(Changed in English, French and German domains files, and removed from other
domains files).
- Corrections to Swedish and Ukrainian language files, and to German domains
files.
- Internal Search reports now work properly on case-insensitive file systems.
- Various bug fixes and improvements to XHTML and XML output styles.
- New command CSSPREFIX to add a prefix to the CSS class names used in the
XHTML output.
- XML DTD distributed with the program.
- Language files for Simplified Chinese.
- This is the first beta test for version 6.
- Output code completely rewritten, to permit more output formats.
- New output formats XHTML and XML. (Thanks to Per Jessen for XML, and to
Jeremy Wadsack for help with XHTML).
- XHTML is now the default output style.
- The barcharts are now made from png's not gif's by default.
- New command LOGOURL.
|
|
their permission to SHAREOWN:SHAREGRP is enough.
|
|
header file #includes <dlfcn.h>, so we need to include
dlopen.buildlink3.mk so that dlfcn.h can be found by packages which
use httpd/os.h.
XXX this is not entirely correct, but works around the problem
XXX sufficiently. the problem is that Darwin (7.7.x) has dlopen() and
XXX friends but does not provide prototypes in dlfcn.h (or anywhere else).
|
|
|
|
these packages will pick up -lpthread on NetBSD 1.6.x when linking
applications.
|
|
|
|
don't install LICENCE (this package is distributed under standard PHP
licence) nor NOTICE file
PKGREVISION not bumped, since package version as such changed
|
|
|
|
http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
- Changes backported from apache CVS HEAD:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.110&r2=1.111
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c?r1=1.128&r2=1.129
|
|
Maybe, fix build problem on NetBSD 1.6.2, too.
|
|
to update
|
|
(needs to replace sh bang line of an auxiliary script.)
|
|
- Added the %F modifier to *printf to render a non-locale-aware representation
of a float with the . as decimal separator. (Derick)
- Fixed a bug in addslashes() handling of the '\0' character. (Ilia)
- Backported Marcus' foreach() speedup patch from PHP 5.x. (Derick)
- Fixed potential problems with unserializing invalid serialize data. (Marcus)
- Fixed bug #31034 (Problem with non-existing iconv header file). (Derick)
- Fixed bug #31024 (Crash in fgetcsv() with negative length). (Ilia)
- Fixed bug #31019 (Logic error mssql library checking). (Frank)
- Fixed bug #30995 (snmp extension does not build with net-snmp 5.2). (Ilia)
- Fixed bug #30990 (allow popen() on *NIX to accept 'b' flag). (Ilia)
- Fixed bug #30826 (Certain reference relations cannot be unserialized
properly). (Ilia)
- Fixed bug #30750 (Meaningful error message when upload directory is not
accessible). (Ilia)
- Fixed bug #30739 (imagefill does not set back alphablending mode). (Pierre)
- Fixed bug #30672 (Problem handling exif data in jpeg images at unusual
places). (Marcus)
- Fixed bug #30658 (Ensure that temporary files created by GD are removed).
(Ilia)
- Fixed bug #30654 (oci8 persistent connection is deleted from hash
if there was exclusive connection with the same credentials). (Tony)
- Fixed bug #30613 (Prevent infinite recursion in url redirection). (Ilia)
- Fixed bug #30587 (array_multisort doesn't separate zvals before
changing them). (Tony)
- Fixed bug #30475 (curl_getinfo() may crash in some situations). (Ilia)
- Fixed bug #30442 (segfault when parsing ?getvariable[][ ). (Tony)
- Fixed bug #30388 (rename across filesystems loses ownership and
permission info). (Tony)
- Fixed bug #30282 (segfault when using unknown/unsupported
session.save_handler and/or session.serialize_handler). (Tony)
- Fixed bug #30281 (Prevent non-wbmp images from being detected as such).
(Ilia)
- Fixed bug #30276 (Possible crash in ctype_digit on large numbers). (Ilia)
- Fixed bug #30229 (imagerectangle and imagefilledrectangle do work well
with alpha channel, corners are drawn twice). (Pierre)
- Fixed bug #30224 (Sybase date strings are sometimes not null terminated).
(Ilia)
- Fixed bug #30133 (get_current_user() crashes on Windows). (Edin)
- Fixed bug #30057 (did not detect IPV6 on FreeBSD 4.1). (Wez)
- Fixed bug #30027 (Possible crash inside ftp_get()).
(cfield at affinitysolutions dot com)
- Fixed bug #29805 (HTTP Authentication Issues). (Uwe Schindler)
- Fixed bug #29418 (double free when openssl_csr_new fails).
(Kamesh Jayachandran).
- Fixed bug #28598 (Lost support for MS Symbol fonts). (Pierre)
- Fixed bug #28325 (Circular references not properly serialized). (Moriyoshi)
- Fixed bug #28228 (NULL decimal separator is not being handled correctly).
(Ilia)
- Fixed bug #27469 (serialize() objects of incomplete class). (Dmitry)
|
|
|
|
Changes since 1.02:
[ENHANCEMENTS]
* $mech->get() now accepts a WWW::Mechanize::Link object.
* $mech->stack_depth(n) lets you set the depth of the mech
object's page stack. This way, if you have a Mech that does
lots of stuff and never/rarely goes back(), you won't be eating
up memory. Thanks to BooK and Chi-Fung. (RT #5362)
[FIXES]
* Fixed tests that fail under LWP >= 5.800.
* Added a workaround for LWP::UserAgent->clone() when ->{proxy}
is undef. (RT #6443)
* The Referer was getting passed as a URI object sometimes,
and that caused sadness. Eugene Haimov supplied a workaround.
(RT #6372)
[DOCUMENTATION]
* Added Ian Langworth's listmod and John Beppu's photobucket
uploader programs to WWW::Mechanize::Examples.
* Minor doc tweak for find_link()
* Finally added a value() func. Thanks to Spoon,
who even now, months after his passing, is still contributing
to Mechanize.
|
|
|
|
* Apply official three patches.
- 2004-12-08 01:03 (Minor) cachemgr vm_objects segfault
- 2004-12-08 00:47 (Minor) httpd_accel_port 0 (virtual) not working correctly
- 2004-12-07 23:45 (Cosmetic / Minor Security issue) Random error messages
in response to malformed host name
* use VARBASE for data directory.
* better handling data directory and user and group for squid with
bsd.pkg.install.mk.
|
|
2.4.3. Also closes PR# 27592.
|
|
- Lots of documentation/bugfix/feature improvements, see CHANGES for full
details
- Closes PR# 27592 opened by carl (at) rollcage2.bl.echidna.id.au which
suggested the update. Thanks Carl.
CVS ----------------------------------------------------------------------
|
|
is necessary to avoid being subject to e.g. open_basedir or safe_mode settings
|
|
|
|
some extra docs and tests
|
|
Changes:
* Quanta Plus
o don't crash after editing a cell of a newly inserted row/column
in the table editor
o show the right index of the main cell in case of merged rows in a
table
o don't crash on column removal form a table
o read the tables correctly also if the doctype definition is wrong
(for example HTML tables inside XHTML)
o fix node tree corruption while parsing scripts inside a tag
o don't crash when deleting a file using the context menu
o disable Proceed button in the upload dialog once the upload is
started. Fixes various problems like non-responding Quanta after
upload and possibly the bug described in
o don't try to add a newly created action to a non-existent All toolbar
o don't crash on exit if the user removed an action
o enable full copy/paste from documentation and preview. Until now it
worked only with the mouse through the selection.
o improvement: recognize one-line PHP comments starting with #
* KFileReplace
o hide columns that are not useful (but confusing) when doing search
only
|
|
XXX May be apache2 package's LOCALBASE/share/httpd/build/config_vars.mk
definition of LIBTOOL needs to be adjusted instead of doing this.
|
|
creates its own compiler wrapper script. This "meta_ccld" script
isn't recognized by the installed libtool script as a compiler, and
libtool gets confused as to which compiler tag to use. Rather than
inserting "--tag=CC" into the Makefiles, we patch the configure script
to not make the wrapper script, and instead, to simply append the
appropriate pthreads CFLAGS to the normal CFLAGS variable subsituted
into Makefiles. This fixes PR pkg/28485.
|
