| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
php-* modules failed on Darwin because gcc was used to link them.
Thanks to John Klos for testing.
Bump PKGREVISION.
|
|
* Designed and implemented a dpi protocol library (libDpip.a in /dpip).
* Added a couple of new dpip commands.
* Fixed and uniformed the escaping of values inside dpip tags.
* Ported the bookmarks, download, file, https, ftp and hello plugins,
plus the dpid daemon and the rest of the source tree to use it.
* Improved the dpi buffer reception to handle split buffers (This was
required for handling arbitrary data streams with dpip).
* Fixed a serious bug with the FTP plugin that led to two downloads of the
same file when left-clicking a non-viewable file.
* Added MIME/type detection to the FTP plugin, and removed popen().
* Set the dpi daemon (dpid) not to exit when the downloads dpi is running.
* Improved the accuracy of the illegal-character error reporting for URLs.
* Added DOCTYPE parsing (for better bug-meter error messages).
* Added a check for malicious image sizes in IMG tags.
* Made the parser aware of buggy pages with multiple BODY and HTML elements.
* Fixed a bug in MIME content/type detection.
* Moved the cookies management into a dpi server: cookies.dpi.
* Added "./configure --disable-threaded-dns" (for some non reentrant BSDs).
|
|
changes:
-bugfixes
-added XulRunner support
|
|
2.08 Wed May 3 17:17:33 EDT 2006
- Implemented new rasterizer for grid mapping. Thanks to Roland
Schar for a tortuous example of span issues.
- Regular extraction and TREE mode are using the same
rasterizer now.
- Fixed HTML stripping for a header matching bug on single word
text in keep_html mode (thanks to Michael S. Muegel for
pointing the bug out)
2.07 Sun Feb 19 13:40:44 EST 2006
- Fixed subtable slicing bug
- Fixed hrow() attachment bug
- Added tests
|
|
and update to 0.6 which brings some UI fixes and improvents
|
|
to version 2.0.58. Change since Apache relase 2.0.55:
- Legal: Restored original years in copyright notices.
- mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. Apache#36410.
- core: Prevent read of unitialized memory in ap_rgetline_core.
Apache#39282.
- mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. Apache#11971.
- mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix.
- HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>.
- SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
Apache#37791.
- SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
- Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'.
- Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
- Default handler: Don't return output filter apr_status_t values.
Apache#31759.
- mod_speling: Stop crashing with certain non-file requests.
- keep the Content-Length header for a HEAD with no response body.
Apache#18757
- Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
- Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. Apache#38070.
- mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. Apache#27787.
- mod_cache: Correctly handle responses with a 301 status. Apache#37347.
- mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. Apache#37145.
- Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
- mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. Apache#34452.
- Document the ReceiveBufferSize change done in r157583.
- mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. Apache#37559.
- mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL.
- mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows.
- Write message to error log if AuthGroupFile cannot be opened.
Apache#37566.
- Add ReceiveBufferSize directive to control the TCP receive buffer.
- mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125.
- Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header.
- http_request.c: Add missing va_end call.
- Add httxt2dbm to support/ for creating RewriteMap DBM Files.
- support/check_forensic: Fix temp file usage
- Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets.
- mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
Apache#15242
- Added new module mod_version, which provides version dependent
configuration containers.
- Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
|
|
Zope 3.2.1
Bug fixes
- Fixed issue 573: @form.action(failure='name_of_method') didn't work.
- Fixed issue 568: Typo in basicskin css file.
- Fixed issue 560: Bug in default AddView class.
- Fixed issue 546: non-ASCII docstring cause
System Error in RootErrorReportingUtility.
- Fixed issue 544: VocabularyRegistryError missing import.
- Fixed issue 536: ErrorLogUtility has UnboundLocalError.
- zope.app.testing.functional.defineLayer
+ Use the method param instead of an hardcoded value for the
zcml filename
|
|
advertized version), so there's no reason to upgrade. :-)
Fixes a denial of service vulnerability (MFSA 2006-30).
|
|
XXX firefox-bin should share the mirror list
|
|
|
|
XXX why this has special MASTER_SITES setting? it should make use of
XXX list in mozilla-bin/Makefile.common
|
|
APC is the Alternative PHP Cache, which provides a way of boosting the
performance of PHP on heavily-loaded sites by allowing scripts to be cached
in a compiled state, so that the overhead of parsing and compiling can be
almost completely eliminated.
|
|
- Security fix for denial of service vulnerability reported in
Mozilla Foundation Security Advisory 2006-30
|
|
|
|
Kwiki-Wikiwyg is a Kwiki plugin that adds WYSIWYG editing capabilities
to a Kwiki. The underlying technology is Wikiwyg, a Javascript library
that can be easily integrated into any wiki or blog software. It
offers the user multiple ways to edit/view a piece of content:
* Wysiwyg mode - Simple, HTML, Design Mode editing.
* Wikitext mode - Standard, Wiki, Text Area editing.
* Preview mode - Display mode without saving changes.
Wikiwyg allows you to switch between modes, delegating some of the
processing to the server when necessary.
|
|
|
|
to rrdtools. Bump revision, since dependency list changed.
|
|
|
|
This Kwiki plugin can run a standalone HTTP server for the Kwiki under
the current working directory. It is helpful for debugging purposes
or for starting up a wiki site quickly. After installation, just run:
kwiki -start
and you can access the Kwiki site at http://localhost:8080/.
|
|
|
|
|
|
HTTP::Server::Simple::Static is a mixin class that adds a method to
serve static files with the correct Content-type MIME type headers.
|
|
|
|
HTTP::Server::Simple::Kwiki is a standalone webserver for Kwiki. This
means that you don't need to run it under a proper webserver. This
is intended mostly for debugging Kwiki, or for when you just want to
play with it without having to configure Apache.
|
|
include adding a new method to make it easier to create servers handling
non-standard HTTP verbs/actions.
|
|
A plugin for Kwiki that allows you to notify yourself by email when
some one updates a page. You can specify the To:, From: and
Subject: headers, but the email message body is not currently configurable.
|
|
|
|
|
|
Cherokee is a very fast, flexible and easy to configure Web Server. It
supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI,
TLS and SSL encrypted connections, Virtual hosts, Authentication, on the
fly encoding, Apache compatible log files, and much more.
|
|
ftp://ftp.horde.org/pub/ to a backup
|
|
directory.
|
|
possible code injection, affecting nested iframes.
See https://bugzilla.mozilla.org/show_bug.cgi?id=334515 and
http://www.securident.com/vuln/ff.txt
bump PKGREVISION
|
|
changes: bugfixes and documentation improvements
|
|
changes:
* Added 64bit library path for Firefox
to start script
* Added fix a timezone parsing problem
* Added a workaround for a problem caused
by installing the gconf schemes from
earlier Liferea version, which caused
a HTML view zoom level of 0.
|
|
From Akio OBATA via PR pkg/33368.
Changes:
Trac-0.9.5-ja-1 (Apr 19, 2006)
- Merge trac-0.9.5
- Update to current statement.
- README.trac-ja
- wiki-default/TracJa
Trac 0.9.5 (Apr 18, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
- Fixed wiki macro XSS vulnerability found by Mr. Kazuhiro Nishiyama
at InterAct. http://jvn.jp/jp/JVN%2384091359/index.html
- Smaller memory usage when accessing subversion history.
- Fixed issue with incorrectly generated urls when installed behind
a web proxy (#2531).
- Fixed bugs: #2531, #2777, #3020.
|
|
From Akio OBATA via PR pkg/33367.
Changes:
Trac 0.9.5 (Apr 18, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
- Fixed wiki macro XSS vulnerability found by Mr. Kazuhiro Nishiyama
at InterAct. http://jvn.jp/jp/JVN%2384091359/index.html
- Smaller memory usage when accessing subversion history.
- Fixed issue with incorrectly generated urls when installed behind
a web proxy (#2531).
- Fixed bugs: #2531, #2777, #3020.
Trac 0.9.4 (Feb 15, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.4
- Deletion of reports has been fixed.
- Various encoding issues with the timeline RSS feed have been fixed.
- Fixed a memory leak when syncing with the repository.
- Milestones in the roadmap are now ordered more intelligently.
- Fixed bugs: #1064, #1150, #2006, #2253, #2324, #2330, #2408, #2430,
#2431, #2459, #2544, #2459, #2481, #2485, #2536, #2544, #2553,
#2580, #2583, #2606, #2613, #2621, #2664, #2666, #2680, #2706,
#2707, #2735
|
|
Changes:
- Tracking session state problem reported (previously only restart
can reset session state).
- Paros startup problem when added server authentication into
authentication panel.
- Authentnciation entry reappear even after deleted (when proxy
reloads).
|
|
work differently now, so the @# prefix to comment the lines out no
longer works. (A plain '#' might work, though.)
|
|
way that using APACHE_MODULES+= (additive) in mk.conf can work correctly.
|
|
users of the Mozilla Suite are adviced to switch over to Firefox (www/firefox)
and Thunderbird (mail/thunderbird). For those who still like the Suite, there
is Seamonkey (pkgsrc/www/seamonkey), a community-driven project to continue the
Mozilla Suite.
For more information, see the Mozilla Suite 1.7.x Product Sunset Announcement:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
|
|
|
|
- stability fixes
- security fixes
- MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
- MFSA 2006-25 Privilege escalation through Print Preview
- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
- MFSA 2006-23 File stealing by changing input type
- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
- MFSA 2006-21 JavaScript execution in mail when forwarding in-line
- MFSA 2006-19 Cross-site scripting using .valueOf.call()
- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17 cross-site scripting through window.controllers
- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
parent
- MFSA 2006-14 Privilege escalation via XBL.method.eval
- MFSA 2006-13 Downloading executables with "Save Image As..."
- MFSA 2006-12 Secure-site spoof (requires security warning dialog)
- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10 JavaScript garbage-collection hazard audit
- MFSA 2006-09 Cross-site JavaScript injection using event handlers
- MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
- MFSA 2006-03 Long document title causes startup denial of Service
- MFSA 2006-01 JavaScript garbage-collection hazards
- additional patch to fix pr#33333
Shin'ichiro TAYA told me that i can do this update.
|
|
file does not exist
|
|
Change behaviour of APACHE_MODULES and DFLT_APACHE_MODULES
If you do not define APACHE_MODULES this change will not impact you, the
default behaviour of the package modules has not been changed.
The new functionality is as follows:
1) If you need to add an additional module to be installed with apache
you would use:
APACHE_MODULES+= spelling
This would include mod_spelling as a static module in addition to the
default modules installed.
2) If you need a highly customised version of apache and would like to
explicitly list which modules are installed by default you would use:
APACHE_MODULES= spelling access auth include env autoindex
This would install _only_ the listed modules as static modules with
apache.
If you use APACHE_MODULES= please read the apache documentation at:
http://httpd.apache.org/docs/2.0/
To determine which modules you will need to install to get the level
of functionality you require. By default when using APACHE_MODULES=
apache only includes with the following static modules:
core.c
prefork.c
http_core.c
mod_so.c
|
|
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
|
|
reference check. Fixes PR 33332.
|
|
- stability fixes
- security fixes
- MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
- MFSA 2006-25 Privilege escalation through Print Preview
- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
- MFSA 2006-23 File stealing by changing input type
- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
- MFSA 2006-21 JavaScript execution in mail when forwarding in-line
- MFSA 2006-19 Cross-site scripting using .valueOf.call()
- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17 cross-site scripting through window.controllers
- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
parent
- MFSA 2006-14 Privilege escalation via XBL.method.eval
- MFSA 2006-13 Downloading executables with "Save Image As..."
- MFSA 2006-12 Secure-site spoof (requires security warning dialog)
- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10 JavaScript garbage-collection hazard audit
- MFSA 2006-09 Cross-site JavaScript injection using event handlers
- MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
- MFSA 2006-03 Long document title causes startup denial of Service
- MFSA 2006-01 JavaScript garbage-collection hazards
|
|
works for me.
|
|
it produced empty *.so and the module couldn't be actually used
|
