| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.4/
|
|
The main goal of the 0.96 release is to cleanup and stabilise the
features from 0.95.
Incompatible changes:
- constraint names changed in some cases, this can effect manage.py
reset on old databases
- some names in manage.py changed
- backslash escaping is done more consistently
- ENABLE_PSYCO is gone
Important changes:
- merge of newforms
- URLconf takes normal callables
- new test framework
- passwords for users can be entered as normal text in the admin
interface, no need to hash manually
In addition: dropped py-setuptools dependency.
|
|
- Support gzip compression of XHTML pages using the correct MIME type.
- Deprecate WSGI_SCRIPT_NAME and scriptName in scgi_base.
- Update servers to default to an empty QUERY_STRING if not present in
the environ
- Update gzip.py: compresslevel -> compress_level
- Change intra-package imports into absolute imports.
- Add forceCookieOutput attribute to SessionService to force Set-Cookie
output for the current request.
- Add UNIX domain socket support to scgi, scgi_fork, scgi_app.
- Add flup.client package which contains various WSGI -> connector
client implentations.
- Change mime-type matching algorithm in GzipMiddleware.
- Add cookieAttributes to SessionService to make it easier to customize
the generated cookie's attributes.
Switch to use the common egg framework and mark as DESTDIR safe.
|
|
- without-x doesn't make sense, remove option
- depend on libiconv and libidn
- quarantine to prevent changes to the normal LOCALEDIR -- this is
a stupid, non-standard version of gettext for no good reason
- fix mremap on NetBSD
Upstream changes:
- various crashes fixed
- fix use after free
- fix large file support for FTP listenings
- automatic HTML detection
Submitted by Blair Sadewitz, consider switching to links, please.
|
|
|
|
|
|
Linux kernel emulation <= 2.0.38. Also ensure that /lib is in
LD_LIBRARY_PATH so that the opera binary can find /lib/libpthread.so.0
in ${EMULDIR} and not NetBSD's /usr/lib/libpthread.so.0.
Bump the PKGREVISION to 1.
|
|
2007-07-31 Gisle Aas
Release 5.807
Apply patch correction from CPAN RT #26152
More laxed t/live/validator test.
|
|
|
|
the necessary dependence on the "suse_gtk2" package.
|
|
|
|
Based on packaged by Edgar Fuss in PR 36683.
Updated to 0.09, fixed dependency and fix PLIST.
This subclass of Template Toolkit supports multilingual templates:
templates that contain text in several languages.
<t>
<en>Hello!</en>
<fr>Bonjour !</fr>
</t>
|
|
pkgsrc chagnes
o Add "coss" option which enable COSS (Cyclic Object storage system).
Noted by Chris Ross on pkgsrc-users.
Changes to squid-2.6.STABLE14 (15 Jul 2007)
- squid.conf.default cleanup to have options in their proper sections.
- documentation correction in the refresh_pattern ignore-auth option
- URI-escaping not uses the recommended upper-case hex codes
- refresh_pattern min-age 0 correted to really mean 0, and not 1 second
- Always use xisxxxx() Squid defined macros instead of ctype
functions.
- Kerberos SPNEGO/Negotiate helper for the negotiate scheme
- Database basic auth helper using Perl DBI to connect to most SQL DBs
- Solaris /dev/poll network I/O support
- configure fixes to make cross compilation somewhat easier
- Removed incorrect -a reference from http_port documentation
- Bug #1900: Double "squid -k shutdown" makes Squid restart again
- Bug #1968: Squid hangs occasionally when using DNS search paths
- Novell eDirectory digest auth helper (digest_edir_auth)
- Bug #1130: min-size option for cache_dir
- POP3 basic auth helper querying a POP3 server
- Cosmetic squid_ldap_auth fixes from Squid-3
- Bug #1085: Add no-wrap to cache manager HTML tables
- Automatically restart if number of available filedescriptors becomes
alarmingly low, preventing a situation where Squid would otherwise
permanently stop processing requests.
- Bug #2010: snmp_core.cc:828: warning: array subscript is above
array bounds
- Deal better with forwarding loops
|
|
So, bump PKGREVISION.
(I just forgot to commit.)
|
|
Bump PKGREVISION.
|
|
binaries and libraries.
Add dependencies on the base, gtk2 and x11 Linux modules, which provide
shared libraries needed by npviewer.bin.
Bump the PKGREVISION to 1.
|
|
custom code.
Adjust the installation commands to deal with different locations of the
extracted files from the RPMs.
|
|
"make emul-distinfo", thanks jlam!).
|
|
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.6/releasenotes/
|
|
|
|
firefox-bin-acroread* packages due to differences in how the
installed symlinks are managed.
|
|
XXX Doesn't work on x86_64 properly yet.
|
|
binary-only packages that require binary "emulation" on the native
operating system. Please see pkgsrc/mk/emulator/README for more
details.
* Teach the plist framework to automatically use any existing
PLIST.${EMUL_PLATFORM} as part of the default PLIST_SRC definition.
* Convert all of the binary-only packages in pkgsrc to use the
emulator framework. Most of them have been tested to install and
deinstall correctly. This involves the following cleanup actions:
* Remove use of custom PLIST code and use PLIST.${EMUL_PLATFORM}
more consistently.
* Simplify packages by using default INSTALL and DEINSTALL scripts
instead of custom INSTALL/DEINSTALL code.
* Remove "SUSE_COMPAT32" and "PKG_OPTIONS.suse" from pkgsrc.
Packages only need to state exactly which emulations they support,
and the framework handles any i386-on-x86_64 or sparc-on-sparc64
uses.
* Remove "USE_NATIVE_LINUX" from pkgsrc. The framework will
automatically detect when the package is installing on Linux.
Specific changes to packages include:
* Bump the PKGREVISIONs for all of the suse100* and suse91* packages
due to changes in the +INSTALL/+DEINSTALL scripts used in all
of the packages.
* Remove pkgsrc/emulators/suse_linux, which is unused by any
packages.
* cad/lc -- remove custom code to create the distinfo file for
all supported platforms; just use "emul-fetch" and "emul-distinfo"
instead.
* lang/Cg-compiler -- install the shared libraries under ${EMULDIR}
instead of ${PREFIX}/lib so that compiled programs will find
the shared libraries.
* mail/thunderbird-bin-nightly -- update to latest binary
distributions for supported platforms.
* multimedia/ns-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
* security/uvscan -- set LD_LIBRARY_PATH explicitly so that
it's not necessary to install library symlinks into
${EMULDIR}/usr/local/lib.
* www/firefox-bin-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
|
|
2007-07-17 Gisle Aas
Release 5.806
Added progress callback to LWP::UserAgent.
HTTP::Daemon didn't avoid content in responses to HEAD requests
Add support for HTTP Expect header to HTTP::Daemon (CPAN RT #27933)
Fix t/base/message.t so tests are skipped if Encode is not
installed. (CPAN RT #25286)
Add HTML::Tagset as a prerequisite to Makefile.PL
Do not clobber $_ in LWP::Protocol::nntp (CPAN RT #25132)
Fix lwp-download so it can download files with an "_" in the filename
(CPAN RT#26207)
Quiet complaints from HTML::HeadParser when dealing with undecoded
UTF-8 data. (CPAN RT#20274)
When both IO::Socket::SSL and Net::SSL are loaded, use the latter
(CPAN RT #26152)
Allows SSL to work much more reliably:
(CPAN RT #23372)
Allow text/vnd.wap.wml and application/vnd.oasis.opendocument.text
in content-type field in lwp-request (CPAN RT #26151)
Add default media type for XML in LWP::MediaTypes (CPAN RT #21093)
Added chunked test by Andreas J. Koenig
|
|
|
|
|
|
|
|
|
|
Fix two security issues:
http://drupal.org/node/162360
http://drupal.org/node/162361
|
|
Security fixes in this version:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.3/
|
|
|
|
Security fixes in this version:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/
|
|
Clarify RESTRICTED (due to trademark issues), and add a comment
questioning if we also need to set LICENSE.
|
|
- various possible NULL pointer references
- two cases were uninitialised memory is used or memory could be
corrupted. This might be exploitable to execute arbitrary code.
- possible mod_access by-pass by appending /
- a local DOS by broken FastCGI handlers
|
|
|
|
|
|
fix wrong libexif information;
fix coredump if the description file was in the wrong format;
move slowly to CSS
|
|
Version 7.16.4 (10 July 2007)
Daniel S (10 July 2007)
- Kees Cook notified us about a security flaw
(http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to
properly reject some outdated or not yet valid server certificates when
built with GnuTLS. Kees also provided the patch.
James H (5 July 2007)
- Gavrie Philipson provided a patch that will use a more specific error
message for an scp:// upload failure. If libssh2 has his matching
patch, then the error message return by the server will be used instead
of a more generic error.
Daniel S (1 July 2007)
- Thomas J. Moore provided a patch that introduces Kerberos5 support in
libcurl. This also makes the options change name to --krb (from --krb4) and
CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still
- Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5
proxy.
Daniel S (27 June 2007)
- James Housley: Add two new options for the SFTP/SCP/FILE protocols:
CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the
premissions for files and directories created on the remote
server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and
CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755
- I corrected the 10-at-a-time.c example and applied a patch for it by James
Bursa.
Daniel S (26 June 2007)
- Robert Iakobashvili re-arranged the internal hash code to work with a custom
hash function for different hashes, and also expanded the default size for
the socket hash table used in multi handles to greatly enhance speed when
very many connections are added and the socket API is used.
- James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory
listings as well
Daniel S (25 June 2007)
- Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
chunked encoding (that also lacks "Connection: close"). It now simply
assumes that the connection WILL be closed to signal the end, as that is how
RFC2616 section 4.4 point #5 says we should behave.
|
|
=== RELEASE 2.1pre29 ===
Sun Jul 8 01:05:08 MET DST 2007 mikulas:
Fixed bad redraw of X window when Expose event come for some area while
scrolling different area
Sat Jul 7 04:06:52 cet 2007 mikulas:
Accept drive letters without file: prefix in OS/2 and Win32
Sat Jul 7 03:50:27 cet 2007 mikulas:
Use _getcwd2 on OS/2 --- it returns path including the driver letter
Sat Jul 7 02:19:35 cet 2007 mikulas:
Set extension of downloaded or viewed files according to content-type,
not according to URL extension
Sun May 27 17:15:00 MET 2007 mikulas:
Fixed bad displaying of jpeg images on machines where memcpy operates in
different order
Sun May 27 14:06:41 MET DST 2007 mikulas:
Fixed crash on invalid jpeg files (found by Michael Scherer
<misc@zarb.org> with http://fusil.hachoir.org/)
Wed May 23 00:41:53 MET 2007 mikulas:
Do not send If-Modified-Since or Range in HTTP request if cached page
has an error code
Tue May 15 23:15:21 MET 2007 mikulas:
Fixed some quirks with download file handling --- when each terminal had
different CWD, downloaded files were not deleted
When getting EFBIG error (file size exceeded), continue download in
another file
Fri May 11 22:39:02 MET 2007 mikulas:
A possibility to pass HTTP or FTP URLs directly to external programs
(programs such as mpg321, ogg123, mplayer can play directly from the
network)
Thu May 10 23:07:47 cet 2007 mikulas:
Fixed inability to display images compressed on the fly by the server
(it is pointless to try to compress already compressed images, but some
servers do it anyway)
Wed May 9 00:32:17 CEST 2007 mikulas:
Escape Referer: correctly
Wed May 9 00:32:09 CEST 2007 mikulas:
Fixed bug that it couldn't be compiled without optimization without
javascript
Mon Apr 30 03:48:40 cet 2007 mikulas:
Blacklist FORPSI server --- do not send Range: to it
Mon Apr 16 01:49:07 MET DST 2007 mikulas:
Javascript was removed. The reason is that it is very buggy, Martin
Pergel doesn't have time to develop it and code is so messy that no one
else can understand it.
If you use links for special purposes (embedded devices, etc.), you can
bring javascript back by copying javascript files from previous release,
removing "dnl javascript" lines from configure.in, adding *.c and *.h
files to Makefile.am and re-running automake and autoconf.
Javascript hooks from main code were not removed --- they just won't be
maintained.
|
|
An issue when removing specially prepared torrent transfers was fixed.
A data leak issue when using canvas.createPattern was fixed.
An issue where data URIs could be used to display the wrong address in
the address bar was prevented.
The display of long domain names in auth dialogs was improved.
The Trustcenter class 3 G2 root certificate was added.
A problem with certificate import was fixed.
Toolbars can now use bold fonts again.
Tabs can be dragged between windows using the Windows panel again.
Several stability and performance fixes were made.
Shared memory is now disabled by default.
|
|
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from
Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an
element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
|
|
|
|
changes:
-fix memory leaks
-solve a Solaris compilation problem
-fix bug in the networking code
-updates the Spanish translation
|
|
changes:
-bugfixes
-Support searching UTF-8 strings
-translation updates
|
|
|
|
Fixes PR 35494.
|
|
changes: fix localisation issues
|
|
changes:
-name UA sent firefox compatible
-minor UI fixes
-bugfixes
-translation updates
|
|
distributed.
|
|
Suggested by Ondrej Tuma in PR 36369.
|
