Age | Commit message (Collapse) | Author | Files | Lines |
|
- Fixed start up failure when mm save handler is used and there is multiple
SAPIs are working at the same time. (Yasuo)
- Fixed a buffer overflow in the RFC-1867 file upload code (Stefan)
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
[...]
"If you are running PHP 4.0.3 or above one way to workaround these bugs is
to disable the fileupload support within your php.ini (file_uploads = Off).
If you are running php as module keep in mind to restart the webserver.
Anyway you should better install the fixed or a properly patched version to
be safe."
|
|
Makefile.module, as it might indirectly include bsd.buildlink.mk which
relies on being able to check whether USE_BUILDLINK_ONLY is defined or not.
|
|
Relevant changes from version 2.8.6 include:
*) Fixed potential buffer overflow in DBM and SHMHT session
cache if very very large certificate chains are used.
*) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete
"head -1" and "tail -1" constructs with sed variants in scripts.
|
|
the EAPI patches from modssl-2.8.7-1.3.23. Also, link against the MM
Shared Memory library (devel/libmm) to provide shared memory support in
Apache/EAPI. For example, this allows mod_ssl to use a high-performance
RAM-based session cache instead of a disk-based one.
|
|
|
|
ones on the various CPAN sites. Since he's the software author, we
assume his is the definitive file.
|
|
echo the message, too.
|
|
that was lost in the previous commit.
"${apache_start}" is the subcommand sent to apachectl to control how
httpd is started. It's value may be overridden in:
@PKG_SYSCONFDIR@/apache_start.conf
/etc/rc.conf
/etc/rc.conf.d/apache,
in order of increasing precedence. Its possible values are "start"
and "startssl", and defaults to "start".
|
|
since version 5.0 can be found under this URL:
http://www.opera.com/pressreleases/en/2002/02/20020226.html
|
|
|
|
Apache module for streaming mp3 and other audio files.
|
|
|
|
From DESCR:
Mod_Layout creates a framework for doing design. Whether you need a
simple copyright or ad banner attached to every page, or need to have
something more challenging such a custom look and feel for a site that
employs an array of technologies (Java Servlets, mod_perl, PHP, CGI's,
static HTML, etc...), Mod_Layout creates a framework for such an
environment. By allowing you to cache static components and build sites
in pieces, it gives you the tools for creating large custom portal sites.
|
|
|
|
Check setproctitle in the configure script and remove the define
in patch-ba.
|
|
|
|
|
|
Small, fast and customizable WWW client
|
|
2.4STABLE3:
- htcp_port 0 now properly disables htcp
- Fixed problem with certain non-anonymous ftp:// style URL's
- SNMP bugfixes including several memory leaks
|
|
The only difference is removal of mistakely left debug message.
|
|
|
|
- Corrected the MacHTTP log format, which didn't work in 5.2.
- All the BARSTYLEs redrawn, and two new BARSTYLEs added, adapted from
an idea by Dave Holle. (You will have to move the new graphics into your
IMAGEDIR in order to use them.)
|
|
Fixes several known bugs, as well as a cross-site scripting vulnerability
(discovered by Flavio Veloso of Magnux Software), that could allow
malicious HTML tags to be injected in the reports generated by the Webalizer.
This release also includes several new and updated language files. All users
are encouraged to upgrade as soon as possible.
|
|
|
|
same from all 3 master sites. Updating distinfo
|
|
- replace a hack adding fd_mask definition in autoconf.h with re-writing
configure script. It cause to run configure twice and result "no fd_mask".
- Incorporate three official patches from
http://www.squid-cache.org/Versions/v2/2.4/bugs/.
o SNMP memory leaks
synopsis
The SNMP implementation in Squid had several memory leaks
possibly causing an denial of service.
workaround
Disable the SNMP port if enabled by using "snmp_port 0" in
squid.conf. Or if you only use SNMP for MRTG data
collection running on the same host then use
"snmp_incoming_address 127.0.0.1" to limit reachability
of the SNMP port to only localhost or some other trusted
network.
o Coredump on certain ftp:// style URL's
synopsis
If certain constructed ftp:// style URL's are received then
squid crashes, causing a denial of service and maybe even
remote execution of code.
workaround
Deny forwarding of non-anonymous FTP URLs by inserting
the following rules at the top of squid.conf, prior to
any http_access allow lines.
acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
http_access deny non_anonymous_ftp
o "htcp_port 0" fails to disable the HTCP port
synopsis
"htcp_port 0" fails to completely disable the HTCP port as
documented in squid.conf, instead HTCP will be listening on
a random port number.
|
|
Summary of changes:
- removal of USE_GTEXINFO
- addition of mk/texinfo.mk
- inclusion of this file in package Makefiles requiring it
- `install-info' substituted by `${INSTALL_INFO}' in PLISTs
- tuning of mk/bsd.pkg.mk:
removal of USE_GTEXINFO
INSTALL_INFO added to PLIST_SUBST
`${INSTALL_INFO}' replace `install-info' in target rules
print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info'
- a couple of new patch files added for a handful of packages
- setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it
- devel/cssc marked requiring texinfo 4.0
- a couple of packages Makefiles were tuned with respect of INFO_FILES and
makeinfo command usage
See -newly added by this commit- section 10.24 of Packages.txt for
further information.
|
|
|
|
rmdir -> ${RMDIR}
rm -> ${RM} (${RM} added to PLIST_SUBST)
chmod -> ${CHMOD}
chown -> ${CHOWN}
|
|
|
|
* added a --emacs command-line option to produce output intended
for parsing by Emacs
* added errors for references to non-existent IDs in attributes
such as the headers attribute of the td element
|
|
|
|
5.2 (13-Feb-02)
- You can now plot the lower levels of hierarchical reports on the pie
charts by using the new CHARTEXPAND family of commands.
- Added MACHTTP to the list of built-in log formats that analog recognises
automatically.
- Recognises ; as well as & as query-string separator.
- The rules for generating "organisations" from numerical addresses have
changed.
- Filenames given on the command line are now relative to the current
directory, not the analog directory.
- Ignores completely blank lines at the top of a logfile.
- Makefiles for Microsoft Visual C++ can be found in the new
src/build directory. Makefiles for other platforms have moved
out of the source tree into there too.
- You can now refer to kilobytes as kibibytes by editing your language file.
- Revised versions of Japanese language files.
- Revised the Licence.
- Advertised new donations page.
|
|
support making it render NetBSD's homepage correctly (!) and other goodies
like remembering where the scroll bar was when you go back...
|
|
Tue Feb 12 13:00:01 2002 Shugo Maeda <shugo@modruby.net>
* version 0.9.7 released.
Tue Feb 12 12:59:21 2002 Shugo Maeda <shugo@modruby.net>
* lib/aapche/ruby-run.rb (handler): return DECLINED for OPTIONS
requests.
* lib/aapche/eruby-run.rb (handler): ditto.
* lib/aapche/erb-run.rb (handler): ditto.
* lib/aapche/ruby-debug.rb (handler): ditto.
* lib/aapche/rd2html.rb (handler): ditto.
|
|
- Fix a typo in the wrapzap script.
- Add/adjust more ad patterns.
|
|
config file doesn't fail.
|
|
From release mail:
NEWS
- a few bugfixes
- Mozilla 0.9.8 compatibility
|
|
See the release notes for detail.
http://www.mozilla.org/releases/mozilla0.9.8/
|
|
pathnames
|
|
into the equivalent INSTALL_*. This is fallout from the change in
revision 1.915 that removed ${MAKE_ENV} from the environment for a
recursive make.
|
|
|
|
Make the print-PLIST target output ${MKDIR} also.
|
|
|
|
|
|
Apache
submitted by Jarkko Torppa per PR pkg/14522
|
|
|
|
HTML documents
such a pkg was submitted in PR pkg/13042, but the URL it refers to
is invalid
|
|
Noted by Stoned Elipot <seb@netbsd.org> in private email.
|
|
|