| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
"Cross-site scripting (XSS) vulnerability in ht://dig allows remote
attackers to execute arbitrary web script or HTML via the config
parameter, which is not properly sanitized before it is displayed
in an error message."
Patch from Debian. Bump PKGREVISION.
|
|
the build. Closes PR pkg/28646 by pancake@phreaker.net.
Changes:
- Solve ERROR_ vs LOG_ conflicts
- Add cache code into HSML (sepharad)
- Remove silly code in Date Format
- Hsml code fragmented into language modules: c, perl, brainfuck and python
modules
|
|
|
|
- Let the used user and group be customized through SCREWS_USER and
SCREW_GROUPS.
- Fix usage of PKG_USERS, which broke the build as seen in bulk build logs.
- Fix handling of configuration file (stale files could be left before in
${PREFIX}/etc).
- Honour VARBASE.
- Do not hardcode /usr/pkg in patches.
- Fix the "hsml" module so that it can find the lua library (missing rpaths).
Bump PKGREVISION to 3 due to all the previous changes.
Most of this brokenness was present since the package was first imported.
(Oh man, I hate packages reinventing the wheel when it comes to the build
infrastructure... I'm sure it's still not clean enough.)
|
|
(after dependencies are handled).
|
|
of the guile-gtk package. Closes PR 28563 by Andreas Hallmann.
Bump PKGREVISION.
|
|
|
|
|
|
some systems.
Since the manpages are distributed as ... manpages, install them as
(...drum roll please...) manpages!
Also fix permissions by using BSD_INSTALL_* macros.
|
|
Bump PKGREVISION.
|
|
- Include desktop-file-utils/desktopdb.mk to handle the mime types defined
in the desktop file properly.
- Depend on pkg-config, needed at build time.
- Use xdg-dirs, not gnome2-dirs. The former is enough.
- Sort dependencies.
- Regenerate the PLIST so that it's sorted and to avoid lots of files that
shouldn't be there (handled automatically by mimedb.mk and desktopdb.mk).
- Bump PKGREVISION to 1.
|
|
|
|
|
|
Scheme. (Wiliki is engineer in Hawaiian).
|
|
|
|
Remove DEPENDS line for ruby16 based pacakge.
|
|
to package name patterns.
Bump PKGREVISION.
|
|
fighting chance on a few other platforms. Addresses PR pkg/26932.
|
|
* 2005-03-04 22:48 (Cosmetic Security)
Unexpected access control results on configuration errors
* 2005-03-04 11:55 (Minor)
Links in FTP listings without / fails due to missing BASE HREF
* 2005-03-04 11:55 (Minor)
Fails to parse the EPLF FTP directory format
* 2005-03-03 02:26 (Minor Security)
Race condition related to Set-Cookie header
|
|
|
|
Version 7.13.1 (4 March 2005)
Daniel (4 March 2005)
- Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
the cookie "engine" without having to provide an empty or non-existing file.
- Rene Rebe fixed a -# crash when more data than expected was retrieved.
Daniel (22 February 2005)
- NTLM and ftp-krb4 buffer overflow fixed, as reported here:
http://www.securityfocus.com/archive/1/391042 and the CAN report here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
If these security guys were serious, we'd been notified in advance and we
could've saved a few of you a little surprise, but now we weren't.
Daniel (19 February 2005)
- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
Daniel (18 February 2005)
- Mike Dobbs reported a mingw build failure due to the lack of
BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
configure when mingw is used.
Daniel (17 February 2005)
- David in bug report #1124588 found and fixed a socket leak when libcurl
didn't close the socket properly when returning error due to failing
localbind
Daniel (16 February 2005)
- Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back
a list of types from which it picks NTLM, it needs to either continue
sending its data if it keeps the connection alive, or not send the data but
close the connection. Then do the first step in the NTLM auth. libcurl
didn't send the data nor close the connection but simply read the
response-body and then sent the first negotiation step. Which then failed
miserably of course. The fixed version forces a connection if there is more
than 2000 bytes left to send.
Daniel (14 February 2005)
- The configure script didn't check for ENGINE_load_builtin_engines() so it
was never used.
Daniel (11 February 2005)
- Removed all uses of strftime() since it uses the localised version of the
week day names and month names and servers don't like that.
Daniel (10 February 2005)
- Now the test script disables valgrind-testing when the test suite runs if
libcurl is built shared. Otherwise valgrind only tests the shell that runs
the wrapper-script named 'curl' that is a front-end to curl in this case.
This should also fix the huge amount of reports of false positives when
valgrind has identified leaks in (ba)sh and not in curl and people report
that as curl bugs. Bug report #1116672 is one example.
Also, the valgrind report parser has been adapted to check that at least one
of the sources in a stack strace is one of (lib)curl's source files or
otherwise it will not consider the problem to concern (lib)curl.
- Marty Kuhrt streamlined the VMS build.
Daniel (9 February 2005)
- David Byron fixed his SSL problems, initially mentioned here:
http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
SSL_pending() as we should.
- Converted lots of FTP code to a statemachine, so that the multi interface
doesn't block while communicating commands-responses with an FTP server.
I've added a comment like BLOCKING in the code on all spots I could find
where we still have blocking operations. When we change curl_easy_perform()
to use the multi interface, we'll also be able to simplify the code since
there will only be one "internal interface".
While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the
new CURLE_LOGIN_DENIED. The first one is now access denied to a function,
like changing directory or retrieving a file, while the second means that we
were denied login.
The CVS tag 'before_ftp_statemachine' was set just before this went in, in
case of future need.
- Gisle made the DICT code send CRLF and not just LF as the spec says so.
Daniel (8 February 2005)
- Gisle fixed problems when libcurl runs out of memory, and worked on making
sure the proper error code is returned for those occations.
Daniel (7 February 2005)
- Maruko pointed out a problem with inflate decompressing exactly 64K
contents.
Daniel (5 February 2005)
- Eric Vergnaud found a use of an uninitialised variable in the ftp when doing
PORT on ipv6-enabled hosts.
- David Byron pointed out we could use BUFSIZE to read data (in
lib/transfer.c) instead of using BUFSIZE -1.
|
|
- Whitespace police
- PLIST sorting and fixing
- Fix postgresql support to now extend to 8.0 as noted in PR# 29590 by
jaapb (at) kerguelen.org, thanks for the PR.
> Major changes compared to the Horde version 3.0.3-RC1 are:
> * Added support for clearing user preferences to LDAP driver.
> * Minor bug fixes and improvements.
>
> Major changes compared to the Horde version 3.0.2 are:
> * Improved layout of wrapping menus in Gecko and KHTML based browsers.
> * Fixed some session handler issues.
> * Fixed caching in the Version Control library, used by Chora.
> * Fixed updating of IMAP folder trees when (un)subscribing IMAP folders.
> * Improved performance of DataTree library, used by IMP's message history.
> * Changed log level of logins and logouts.
> * Updated German and Japanese translations.
> * Minor bug and layout fixes.
>
|
|
|
|
reported by Sebastian Prause on tech-pkg.
|
|
editors/emacs was updated to 21.4a. Noted by Kibum Han on tech-pkg@.
|
|
|
|
|
|
There is no runtime change from 2.5.8nb3.
- Fix for a wrong configure warning on Solaris 9 x86 when enabling ARP
ACl support: The effective host type is i386-pc-solaris2.9.
- Documentation update for squid 2.5.STALBE9.
|
|
Previously rc.d/apache was updated to run stop & start for restart.
'/etc/rc.d/apache restart' then picked up startssl if apache was not
running, but if apache was running it has a large chance of the
start running before the stop completes, leaving no httpd running.
Instead, add a restartssl option to apachectl, and use it.
|
|
* 2005-02-23 00:11 (Medium) Should not automatically retry request on 403
and other server errors
* 2005-02-21 17:02 (Minor) fqdn lookups with spaces may confuse redirectors
* 2005-02-21 03:38 (Cosmetic) Display FTP URLs in decoded format to allow for
sane display of national characters etc
* 2005-02-21 02:58 (Minor) Peer related memory leaks on "squid -k reconfigure"
* 2005-02-21 01:38 (Cosmetic) Doesn't work specifying the AR variable to
configure
|
|
0.19 2005-02-15
- Add support for Apache::RequestRec as header_object by checking
header_object for err_headers_out and headers_out methods.
0.18 2004-06-30
- Made the password & lock_password parameters default to undef.
|
|
switch to use gtk1.
|
|
remove www/firefox-gtk2.
|
|
|
|
|
|
1.09 Fri Feb 25 17:49:00 EST 2005
- Tables can now be selected by table tag attributes
- lineage() method now returns row and column information, as
well as depth and count, for each ancestor (potential
backwards incompatability, entries are now 4 element arrays
now rather than 2)
- header matching and column retention enhancements
- header retention
- old-style procedures deprecated in prepration for them to
become methods
- various bug fixes
|
|
* Realese 3.04 -- just a rebundling; no actual code changes
[sic]
|
|
And switched to use gtk2.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
|
|
for www/firefox.
- deal with Linux binaries having a different directory structure than
others on the MASTER_SITES.
- undo some brain damage when MOZILLA_USE_LINUX is defined.
|
|
1.12 Thu Feb 24 23:38:44 CST 2005
[FIXES]
* Fixed RT #9026: hang in t/local/back.t under Windows XP.
Thanks Andrew Savige. It also should no longer complain
about being unable to clean up a temp file.
1.11_01 Mon Feb 14 00:12:48 CST 2005
[THINGS THAT MAY BREAK YOUR CODE]
* Removed deprecated _parse_html() method.
[FIXES]
* Was incorrectly looking for INPUT tags TYPE="SUBMIT" as images.
Thanks to Abe Timmerman.
[ENHANCEMENTS]
* Calling $mech->set_fields() with no current form now dies.
Thanks to Julien Beasley.
|
|
* Fix crash when closing window while filepicker is up [#156816]
* Use gnome_vfs_url_show() for Send To [#162532]
* Set selection mode to BROWSE in topics selector [#162331]
* We don't need to implement nsIBrowserHistory
* Don't focus the close-tab button on click [#119461]
* Don't store more than 5 hidden popups [Adam Hooper, #160863]
* Fix a mem leak [#164302]
* Really make confirm-overwrite dialogue have a parent window [#164189]
* Rename EphyTab's "visible" property to not clash with GtkWidget property
* Default typeaheadfindsea to on [#157435]
* Switch to fullscreen toolbar also in lockdown fullscreen mode [#165256]
* Disable DownloadLinkAs and SetAsBackground if saving to disk is disabled
* Don't crash if we need to open an orphan non-chrome window [part of #165445]
* Some sparse fixes
* Ungrab the pointer when moving tab between notebooks [#165797]
* Don't weak ref the shell when it's finalised already [#165542]
* Don't show the menubar with F10 in lockdown mode [#165550]
* Don't disable print preview if print setup is locked down [#165552]
* Adapt to mozilla API changes
* Implement nsIWebProgressListener [#165328]
* Fix window destruction [#165992]
|
|
* Fix large memory leak [Kjartan Maraas]
* Use xmlSAX2 API instead of deprecated SAXv1 API (bug #164808) [Rodney Dawes]
* Use gnome-common in autogen.sh [Rodney Dawes]
* Return NULL at end of non-void function (bug #165455) [Chris Lahey]
* Use g_print instead of g_warning (bug #163071) [Pawel Sawek]
* Miscellaneous bug fixes (bug #151005) [Kjartan Maraas]
* Miscellaneous bug fixes [Peter Williams]
* Miscellaneous bug fixes (bugs #143502, #156582, #157328, #157330, #160704)
[Padraig O'Briain]
|
|
Wed Feb 23 19:46:01 MET 2005 mikulas:
Correct implementation of non-aggressive cache (i.e. allow more keywords
in Cache-Control
Wed Feb 23 18:36:52 MET 2005 mikulas:
Allow typing only characters valid in current character set into form
fields on web
Wed Feb 23 16:31:56 MET 2005 Serge Winitzki <serge at cosmos dot phy dot tufts dot edu>:
Updated Russian translation
Wed Feb 23 16:25:41 MET 2005 mikulas:
Allow cookies without a value
Mon Feb 14 13:15:00 MET 2005 user:
When server returns cookie values as "deleted", delete it
Tue Feb 1 18:22:11 MET 2005 user:
Fixed non-working find next/previous in view menu
Thu Jan 27 19:09:46 CET 2005 mikulas:
Fixed wrong prototypes causing compilation problem on MacOS X and some
other systems
Thu Jan 27 16:28:35 MET 2005 mikulas:
Fixed configure failure on Solaris
Thu Jan 27 00:23:09 CET 2005 Brain
javascript: set form action
|
|
> v3.2 (Dec-29-2004)
> * Some options were missing in apache 1.3x part of the code.
>
> * There was a syntax error in TLS related code. Thanks for many of you
> who pointed it out.
>
> * Don't try to re-initialize TLS. Thanks to Volker for pointing it out.
>
> * if the ldap header files and libaries are no in ldap base directory,
> they can be specified with --with-ldap-includes and
> --with-ldap-libraries respectively.
>
> v 3.3 (Dec-30-2004)
> * some tls code was outside
|
|
|
|
Bump PKGREVISION.
|
|
does. This allows us to use dynamic PLISTs for Perl modules that are
built using Module::Build. Bump the PKGREVISION of p5-Module-Build
to 1.
* Drop the use of PERL5_USES_MODULE_BUILD and introduce a new variable
PERL5_MODULE_TYPE that is either "MakeMaker" or "Module::Build" that
names the framework used to build/install the module.
* Split out the variables set in perl5/buildlink3.mk that are also used
by perl5/module.mk into a new file perl5/vars.mk. Move some PERL5_*
variable definitions from pkgsrc/mk/bsd.pkg.use.mk into perl5/vars.mk.
This just centralizes the common PERL5_* definitions into a single
file location.
* Convert the known packages that use Module::Build to set
PERL5_MODULE_TYPE and PERL5_PACKLIST:
devel/p5-Class-Container
devel/p5-Exception-Class
devel/p5-Log-Dispatch
devel/p5-Array-Compare
textproc/p5-Pod-Coverage
www/p5-Apache-Session-Wrapper
www/p5-MasonX-Request-WithApacheSession
|
|
|
|
|
