Age | Commit message (Collapse) | Author | Files | Lines |
|
possible code injection, affecting nested iframes.
See https://bugzilla.mozilla.org/show_bug.cgi?id=334515 and
http://www.securident.com/vuln/ff.txt
bump PKGREVISION
|
|
changes: bugfixes and documentation improvements
|
|
changes:
* Added 64bit library path for Firefox
to start script
* Added fix a timezone parsing problem
* Added a workaround for a problem caused
by installing the gconf schemes from
earlier Liferea version, which caused
a HTML view zoom level of 0.
|
|
From Akio OBATA via PR pkg/33368.
Changes:
Trac-0.9.5-ja-1 (Apr 19, 2006)
- Merge trac-0.9.5
- Update to current statement.
- README.trac-ja
- wiki-default/TracJa
Trac 0.9.5 (Apr 18, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
- Fixed wiki macro XSS vulnerability found by Mr. Kazuhiro Nishiyama
at InterAct. http://jvn.jp/jp/JVN%2384091359/index.html
- Smaller memory usage when accessing subversion history.
- Fixed issue with incorrectly generated urls when installed behind
a web proxy (#2531).
- Fixed bugs: #2531, #2777, #3020.
|
|
From Akio OBATA via PR pkg/33367.
Changes:
Trac 0.9.5 (Apr 18, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
- Fixed wiki macro XSS vulnerability found by Mr. Kazuhiro Nishiyama
at InterAct. http://jvn.jp/jp/JVN%2384091359/index.html
- Smaller memory usage when accessing subversion history.
- Fixed issue with incorrectly generated urls when installed behind
a web proxy (#2531).
- Fixed bugs: #2531, #2777, #3020.
Trac 0.9.4 (Feb 15, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.4
- Deletion of reports has been fixed.
- Various encoding issues with the timeline RSS feed have been fixed.
- Fixed a memory leak when syncing with the repository.
- Milestones in the roadmap are now ordered more intelligently.
- Fixed bugs: #1064, #1150, #2006, #2253, #2324, #2330, #2408, #2430,
#2431, #2459, #2544, #2459, #2481, #2485, #2536, #2544, #2553,
#2580, #2583, #2606, #2613, #2621, #2664, #2666, #2680, #2706,
#2707, #2735
|
|
Changes:
- Tracking session state problem reported (previously only restart
can reset session state).
- Paros startup problem when added server authentication into
authentication panel.
- Authentnciation entry reappear even after deleted (when proxy
reloads).
|
|
work differently now, so the @# prefix to comment the lines out no
longer works. (A plain '#' might work, though.)
|
|
way that using APACHE_MODULES+= (additive) in mk.conf can work correctly.
|
|
users of the Mozilla Suite are adviced to switch over to Firefox (www/firefox)
and Thunderbird (mail/thunderbird). For those who still like the Suite, there
is Seamonkey (pkgsrc/www/seamonkey), a community-driven project to continue the
Mozilla Suite.
For more information, see the Mozilla Suite 1.7.x Product Sunset Announcement:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
|
|
|
|
- stability fixes
- security fixes
- MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
- MFSA 2006-25 Privilege escalation through Print Preview
- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
- MFSA 2006-23 File stealing by changing input type
- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
- MFSA 2006-21 JavaScript execution in mail when forwarding in-line
- MFSA 2006-19 Cross-site scripting using .valueOf.call()
- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17 cross-site scripting through window.controllers
- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
parent
- MFSA 2006-14 Privilege escalation via XBL.method.eval
- MFSA 2006-13 Downloading executables with "Save Image As..."
- MFSA 2006-12 Secure-site spoof (requires security warning dialog)
- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10 JavaScript garbage-collection hazard audit
- MFSA 2006-09 Cross-site JavaScript injection using event handlers
- MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
- MFSA 2006-03 Long document title causes startup denial of Service
- MFSA 2006-01 JavaScript garbage-collection hazards
- additional patch to fix pr#33333
Shin'ichiro TAYA told me that i can do this update.
|
|
file does not exist
|
|
Change behaviour of APACHE_MODULES and DFLT_APACHE_MODULES
If you do not define APACHE_MODULES this change will not impact you, the
default behaviour of the package modules has not been changed.
The new functionality is as follows:
1) If you need to add an additional module to be installed with apache
you would use:
APACHE_MODULES+= spelling
This would include mod_spelling as a static module in addition to the
default modules installed.
2) If you need a highly customised version of apache and would like to
explicitly list which modules are installed by default you would use:
APACHE_MODULES= spelling access auth include env autoindex
This would install _only_ the listed modules as static modules with
apache.
If you use APACHE_MODULES= please read the apache documentation at:
http://httpd.apache.org/docs/2.0/
To determine which modules you will need to install to get the level
of functionality you require. By default when using APACHE_MODULES=
apache only includes with the following static modules:
core.c
prefork.c
http_core.c
mod_so.c
|
|
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
|
|
reference check. Fixes PR 33332.
|
|
- stability fixes
- security fixes
- MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
- MFSA 2006-25 Privilege escalation through Print Preview
- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
- MFSA 2006-23 File stealing by changing input type
- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
- MFSA 2006-21 JavaScript execution in mail when forwarding in-line
- MFSA 2006-19 Cross-site scripting using .valueOf.call()
- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17 cross-site scripting through window.controllers
- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
parent
- MFSA 2006-14 Privilege escalation via XBL.method.eval
- MFSA 2006-13 Downloading executables with "Save Image As..."
- MFSA 2006-12 Secure-site spoof (requires security warning dialog)
- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10 JavaScript garbage-collection hazard audit
- MFSA 2006-09 Cross-site JavaScript injection using event handlers
- MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
- MFSA 2006-03 Long document title causes startup denial of Service
- MFSA 2006-01 JavaScript garbage-collection hazards
|
|
works for me.
|
|
it produced empty *.so and the module couldn't be actually used
|
|
need them, for example RESTRICTED and SUBST_MESSAGE.*.
|
|
these any more.
|
|
While here, do pkglint cleanup.
Bump PKGREVISION.
|
|
URLs. This mimics the behaviour of other WWW browsers.
|
|
|
|
XXX: I'd expect mod_perl2 to make it possible to have Apache::Test as a
separate package, but that will do for now.
|
|
1.28 - February 22, 2006
- add need_imagemap() and have_imagemap() to check for mod_imap or
mod_imagemap (Colm MacCárthaigh)
- shortcuts like need_cgi() and need_php() no longer spit out bogus skip
messages (Geoffrey Young)
- Adjust Apache::TestConfig::untaint_path() to handle relative paths
that don't start with /. (Stas)
- If perlpath is longer than 62 chars, some shells on certain
platforms won't be able to run the shebang line, so when seeing a
long perlpath use the eval workaround (Mike Smith)
- Location of the pid file is now configurable via the command line
-t_pid_file option (Joe Orton)
- remove the mod_perl.pm entry from %INC after Apache::Test finishes
initializing itself. Because both mp1 and mp2 share the entry,
leaving it around means that Apache::Test might prevent later
modules from loading the real mod_perl module they're interested in,
leading to bad things (Geoffrey Young)
- use which("cover") to find the cover utility from Devel::Cover and
run it only if found. (Stas)
- Devel::Cover magic is now fully integrated. no more modperl_extra.pl
or extra.conf.in fiddling - 'make testcover' should be all you need
to do now (Geoffrey Young)
- Implemented a magic @NextAvailablePort@ to be used in config files
to automatically allocate the next available port (Stas)
- Adjust Apache::TestConfig::add_inc to add lib/ in separate call to
lib::->import at the very end of @INC manipulation to ensure it'll
be on top of @INC. For some reason lib has changed to add
directories in a different order than it did before. (Stas)
|
|
|
|
|
|
- Add more ad patterns.
- Add ADJSTEXT and ADHTMLTEXT zap classes.
Note: adds the STUBURL_ADJSTEXT and STUBURL_ADHTMLTEXT variables; users
should update to the latest adzap.conf as shown in the install message.
|
|
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries. From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
|
|
Original patch by Daniel Eggert in PR #33214
|
|
Remove some HTML output from the code that should be controlled only by
the templates (' ' when no navigation, extra '<br>' elements).
Add controls for directory separator in menus and the text labels for
the navigation elements.
|
|
|
|
Firefox 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-29 Spoofing with translucent windows (pkgsrc vulnid. 1818)
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented (vulnid. 1819)
MFSA 2006-25 Privilege escalation through Print Preview (vulnid. 1820)
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest (vulnid. 1821)
MFSA 2006-23 File stealing by changing input type (vulnid. 1822)
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability (vulnid. 1823)
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2) (vulnid. 1824)
For a detailed ChangeLog, see:
http://www.squarefree.com/burningedge/releases/1.5.0.2.html
|
|
Seamonkey 1.0.1 offers improved stability, and several security fixes:
MFSA 2006-29 Spoofing with translucent windows (pkgsrc vulnid. 1818)
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented (vulnid. 1819)
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview (vulnid. 1820)
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest (vulnid. 1821)
MFSA 2006-23 File stealing by changing input type (vulnid. 1822)
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability (vulnid. 1823)
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2) (vulnid. 1824)
For a detailed ChangeLog, see:
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.1/changelog.html
|
|
|
|
* Universal Binary support for Mac OS X which provides native support
for Macintosh with Intel Core processors. Firefox supports the
enhancements to performance introduced by the new MacIntel chipsets.
* Improvements to product stability.
* Several security fixes.
|
|
|
|
them between "not critical" and "less critical".
Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.
See:
http://secunia.com/advisories/19383/
http://secunia.com/advisories/19599/
Patches were extracted from CVS. I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why; I can confirm it fixes the issue).
While here, add PATCHDIR to the list of variables php5's Makefile.php
defines. That way, ap-php gets patched too...
|
|
|
|
USE_TOOLS+=msgfmt.
|
|
fix PR/33181.
|
|
|
|
|
|
that they look nicer.
|
|
changes: Bug fixes and updated translations
|
|
changes: minor bugfixes, translation updates
|
|
it under share/examples/wwwoffle like all other packages do.
Bump revision.
|
|
Bump revision.
|
|
but remove it on deinstall. Bump revision.
|
|
* added ability to specify which ip address spawn-fci listens on
(agkr@pobox.com)
* added mod_flv_streaming to streaming Flash Movies efficiently
* fixed handling of error codes returned by mod_dav_svn behing a
mod_proxy
* fixed error-messages in mod_auth and mod_fastcgi
* fixed re-enabling overloaded local fastcgi backends
* fixed handling of deleted files in linux-sendfile
* fixed compilation on BSD and MacOSX
* fixed $SERVER["socket"] on a already bound socket
* fixed local source retrieval on windows
(secunia)
* fixed hanging cgi if remote side is dieing while reading
from the pipe (sandy@meebo.com)
|