| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
to fix the build of one of the helper scripts.
Bump the package revision because the binary package would have been
incomplete previously.
|
|
Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke
the workaround for the old hash collision attack, which breaks mod_perl's
t/perl/hash_attack.t. Patch from rt.cpan.org 83916 improves the fix
previously applied as revision 1455340.
On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has
disappeared. Patch to update mod_perl accordingly from rt.cpan.org 83921.
Restore build with Perl 5.8.1, 5.8.2 etc: take care to use
$Config{useithreads} rather than $Config{usethreads}, and supply definitions
of Newx and Newxz as necessary.
On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value"
warning is generated for the buffer being autovivified. This is because
the sv_setpvn() that's meant to vivify the buffer doesn't perform set
magic; the warning is generated by the immediately following SvPV_force().
Patch to fix this from rt.cpan.org 83922.
Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
keys). This resolves rt.perl.org 116863, from where the patch was taken.
use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to
generate HTTP code 404 even if the requested filename contains newlines
Remove all uses of deprecated core perl symbols.
Add branch release tag to 'make tag' target
|
|
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
|
|
|
|
The problem is mensioned in PR pkg/47734.
* Disable WebRTC support on DragonFly.
* Add dependency to libv4l on supported platforms.
|
|
* Works with openjdk7-1.7.21.
* Tested on NetBSD/amd64 current, and DragonFly/i386 3.2.2.
|
|
* Wrong, noexistrent file is removed and DragonFly's install
try to overwrite it and failed.
|
|
For potential changes.
Now they are same.
|
|
|
|
Pointed out by wiz@, thank you.
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
|
|
|
|
|
|
in CVE-2013-1862.
|
|
Upstream changes:
0.23 2013-05-17T00:16:48Z
- fixed guts(), clone() and replace_with() to properly handle XML::LibXML::Dtd nodes
- guts() now includes the Dtd node in the returned document (unless it were implicitly created)
- clone() calls createInternalSubset() on the new document
- replace_with() calls createInternalSubset() if the replacement is a XML::LibXML::Dtd (can't import Dtd node)
(cafe01)
0.22 2013-05-13T00:04:09Z
- improved guts(), calling nonBlankChildNodes() instead of childNodes()
- improved HTML::TreeBuilder::LibXML::Node documentation
(cafe01)
0.21 2013-05-12T19:12:53Z
- fixed guts(),
- now returning nodes from <head> and <body> instead of just <body>
- now returning text and comment nodes instead of just element nodes
- returned nodes now belong to the same document
- fixed to_HTML to render valid html, not xml
(cafe01)
0.20 2013-05-10T20:44:16Z
- improved replace_with() on document node.
- fixed push_content() and unshift_content() to work with document mode.
(cafe01)
0.19 2013-05-10T01:03:58Z
- fixed replace_with() and parent(),
to avoid calling appendChild() on a Document node, which is not supported by XML::LibXML.
(cafe01)
0.18 2013-05-09T20:49:04Z
- implemented all node methods needed for Web::Query::LibXML to work
- clone_list
- detach
- delete_content
- content_list
- replace_with
- push_content
- unshift_content
- postinsert
- preinsert
- disembowel (HTML::TreeBuilder::LibXML)
(cafe01)
- modified parse_file() to read file content, then call parse_content()
- thats because parse_content() will detect (heuristically) when the parser will add implict <html><body> tags, so guts() can work properly.
(cafe01)
0.18 2013-05-09T01:27:46Z
- implemented matches(), parent(), guts() node method
(Carlos Fernando Avila Gratz)
|
|
Upstream changes:
2013-05-09 Release 3.71
Gisle Aas (1):
Transform ':' in headers to '-' [RT#80524]
_______________________________________________________________________________
2013-03-28 Release 3.70
François Perrad (1):
Fix for cross-compiling with Buildroot
Gisle Aas (1):
Comment typo fix
Yves Orton (1):
Fix Issue #3 / RT #84144: HTML::Entities::decode_entities() needs
to call SV_CHECK_THINKFIRST() before checking READONLY flag
|
|
|
|
|
|
|
|
* Depend on xulrunner17 instead of xulrunner.
|
|
|
|
|
|
|
|
New in version 0.4.11
==============================
* Build fixes with cmake 2.8.10+
* Quick release without built binaries / files (Address Bug #184)
New in version 0.4.10
==============================
* Fix http chunk encoded PAC that was broken in previous release
* Add HTTP client unit test
* Fix more coding style issues
New in version 0.4.9
==============================
* CVE-2012-4504 Fixed buffer overflow when downloading PAC
* Fix infinit loop uppon network errors
New in version 0.4.8
==============================
* Only support standalone mozjs185 as mozilla js engine.
xulrunner being part of the now lightning fast moving firefox
is impossible to be tracked as a dependency and it is not
supported by Mozilla to be used in this scenario.
* Support building with javascritpcoregtk 1.5
(got split out of webkitgtk).
* Support sending multiple results.
* Issues fixed:
- #166: Libproxy does not parse NO_PROXY correct when the line
contains spaces
- #164: If gconf's value is an empty list, pxgconf will make
/usr/bin/proxy wait forever
- #60: use lib js for embedded solutions
- #160: strdup and gethostbyname not declared on OSX 10.7
- #168: .pc file should be installed under OSX as well.
- #170: Also check for "Transfer-Encoding: chunked".
- #171: mozjs pacrunner: Fix parameters of dnsResolve_()
- #172: Allow to forcibly build pacrunner as module (-DBIPR={ON,OFF})
- #173: Libproxy doesn't build with gcc 4.7
- #147: Use ${CMAKE_DL_LIBS} instead of assuming libdl is correct.
- #176: python bindings: guard the destructor.
- #177: Speed up importing of libproxy in python.
- #179: CMAKE 2.8.8 does not define PKG_CONFIG_FOUND
New in version 0.4.7
==============================
* Support/require xulrunner 2.0+
* Support linking againgst libwebkit-gtk3 (-DWITH_WEBKIT3=ON)
* Port to gsettings for gnome3. (-DWITH_GNOME3=ON[default])
* Issues closed:
- #149: always test for the right python noarch module path
- #155: Cannot compile with Firefox 4
- #156: libproxy should build against webkitgtk-3.0
- #158: Won't compile w/ xulrunner 2.0 final
- #159: libproxy fails with autoconfiguration "http://proxy.domain.com"
- #131: GSettings-based GNOME plugin
- #150: SUSE sysconfig/proxy config support
New in version 0.4.6
==============================
* Fixed a crash in the URL parser
* Fixed build issues with Visual Studio
* Updated the INSTALL file
* Install Python binding in prefix path if site-packages exists
* Fixed compilation with Visual Studio
New in version 0.4.5
===============================
* C# bindings are installable (-DWITH_DOTNET=ON)
* C# bindings installation path can be changed using -DGAC_DIR=
* Internal libmodman build fixed
* Installation dirs are now all relative to CMAKE_INSTALL_PREFIX
* Fixed test while using --as-needed linker flag
* Fixed generation of libproxy-1.0.pc
* Basic support for Mingw added (not yet 100% functional)
* Ruby binding implemented (not yet in the build system)
* Fixed modules not being found caused by relative LIBEXEC_INSTALL_DIR
* Fixed bug with builtin plugins (Issue 133)
* Vala bindings installation path can be changed using -DVAPI_DIR=
* Python bindings installation path can be changed using -DPYTHON_SITEPKG_DIR=
* Perl bindings can be installed in vendor directory (-DPERL_VENDORARCH=ON)
* Perl bindings installation path can be change using -DPX_PERL_ARCH=
* Unit test now builds on OSX
New in version 0.4.4
===============================
* Add support for optionally building using a system libmodman
* Rework build system to be cleaner
* Fix two major build system bugs: 127, 128
New in version 0.4.3
===============================
* Test can now be out-compiled using BUILD_TESTING=OFF
* Fixed python binding not handling NULL pointer
* Pyhton binding now support Python version 3
* Rewrote URL parser to comply with unit test
* Username and password are now URL encoded
* Scheme comparison is now non-case sensitive
* Fixed deadlock using WebKit has PAC runner
* Fixed OS X compilation of Perl bindings
New in version 0.4.2
===============================
* Fixed python binding that failed on missing px_free symbole
* Workaround cmake bug with dynamic libraries in non-standard folders
New in version 0.4.1
===============================
* Perl bindings have been integrated into the CMake Build System
* Vala bindings are installed if -DWITH_VALA=yes is passed to cmake
* All extensions can be disabled using WITH_*=OFF cmake options
* socks5:// and socks4:// can now be returned
* Many bugfixes
New in version 0.4.0
===============================
* C++ rewrite
* Small API change (px_proxy_factory_get_proxy() can now return NULL)
* SOVERSION bump
* libmodman is now a seperate library
* Migrate to cmake
* Windows support (config_w32reg, ignore_hostname; VC++ support)
* MacOSX support (config_macosx, ignore_hostname)
* Built-in modules support
* Support for chunked encoding
* Move to hidden visibility by default
* KDE's KConfig symantics are fully supported
* Removeal of all PX_* env variables (no longer needed)
* Symbol based detection of relevant pacrunner
* Reworked config_gnome to not suck (its *much* faster)
* Many other things I can't remember
|
|
|
|
* OPTIONS for DAV: header
* PUT, GET with byte comparison
* MKCOL
* DELETE (collections, non-collections)
* COPY, MOVE using combinations of:
- overwrite t/f
- destination exists/doesn't exist
- collection/non-collection
* Property manipulation and querying:
- set, delete, replace properties
- persist dead props across COPY
- namespace handling
* Locking
- attempts to modify locked resource (as lock owner, not owner)
- shared/exclusive locks, lock discovery
|
|
* Allocate ClientInfo::hash.key using malloc() instead of new char[]
* Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
* Use case-insensitive comparison for HTTP header names in *_header_access
* Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
* Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
* Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes squid, part2
* Port from 2.6: external acl %ACL and %DATA tags
* Log an ERROR instead of halting on unknown cache_dir types
* Add missing piece omitted from rev.9677
* Remove origin_tries limiter on forwarding
* Fixed leaking configurable SSL error details.
* Fix memory error with Kerberos authentication
* Avoid !closing assertions when helpers call comm_read [during reconfigure].
* Avoid Comm::Connection leaks when helpers are reconfigured or otherwise closed.
* find-alive.pl: Replaced HttpReq entry (already covered by the guessing code) with HttpHeaderEntry entry
* Docs: Polish [http::]>h and [http::]>ha descriptions to emphasize their pre-cache scope
* Polish: show file path on Bungled lines
|
|
a much better job of maintaining this package anyway.
|
|
|
|
This is example site data for contao31 package.
|
|
This is various improved version from Contao 3.0. Please refer changes to
<https://contao.org/en/news/contao-3_1_0.html>.
|
|
|
|
* Sync with seamonkey 2.18beta4.
|
|
* Use common files for www/firefox.
SeaMonkey-specific changes
Basic Private Browsing support has been added (experimental for now).
Added support for safe browsing which blocks potentially malicious websites reported as attack sites (malware) or web forgeries (phishing).
Information like preview text, subject and sender can be shown in new mail notifications now.
See the changes page for minor changes.
Mozilla platform changes
CSS -moz-user-select:none selection has been changed to improve compatibility with -webkit-user-select:none (bug 816298).
Applied graphics-related performance improvements (bug 809821).
Removed E4X support from SpiderMonkey.
Added support for the <main> element.
Implemented scoped stylesheets.
Fixed some function keys not working when pressed (bug 833719).
Fixed several stability issues.
|
|
* Remove reference to devel/xulrunner.
* Move some common files for firefox/xulrunner-21.0.
* Move patches from devel/sulrunner.
* Take MAINTAINERship.
|
|
Upstream changelog is too long, please visit:
http://docs.moodle.org/dev/Moodle_2.5_release_notes
|
|
Upstream changes:
MediaWiki 1.20.6 [edit]
This is a security and maintenance release of the MediaWiki 1.20 branch.
Changes since 1.20.5 [edit]
(bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process.
(bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session cookies
(bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20.
(bug 31044) Make ResourceLoader behave in read-only mode
|
|
1.0.6
=====
* Model views now support default sorting order
* Model type/column formatters now accept additional view parameter
* is_visible for administrative views
* Model views have after_model_change method that can be overridden
* In model views, get_query was split into get_count_query and get_query
* Bootstrap 2.3.1
* Bulk deletes go through delete_model
* Flask-Admin no longer uses floating navigation bar
* Translations: French, Persian (Farsi), Chinese (Simplified/Traditional),
Chech
* Bug fixes
|
|
This version include a new album interface display mode named list-view.
Icon view can be switched to a flat item list, where items can be sorted
by properties columns as in a simple file manager. Columns can be
customized to show file, image, metadata, or digiKam properties.
|
|
bugfixes.
|
|
Changelog:
Tomcat 7.0.40 Released 2013-05-09
The Apache Tomcat Project is proud to announce the release of version 7.0.40 of Apache Tomcat. This release contains a security fix and a number of bug fixes and improvements compared to version 7.0.39. The notable changes include:
A fix for CVE-2013-2071 (bug 54178) an information disclosure issue.
Various fixes to stop Tomcat attempting to parse text that looks like an EL expression in a JSP document as an EL expression when EL expressions are either not permitted or not enabled.
Improved handling and reporting if a ConcurrentModificationException occurs while checking for memory leaks when a web application is being stopped.
|
|
* Sync with firefox-17.0.6
|
|
* Reset PKGREVISION.
|
|
This is related to PR pkg/47801.
But devel/xulrunner is broken now.
|
|
* SYnc with firefox-21.0
|
|
* This release of firefox is built with internal xulrunner.
Because separated (system) xulrunner has prefs and chrome load problem.
* gnome option is broken in libnkmozgnomevfs.so build.
Changelog:
NEW
The Social API now supports multiple providers
NEW
Enhanced three-state UI for Do Not Track (DNT)
NEW
Firefox will suggest how to improve your application startup time if needed
NEW
Preliminary implementation of Firefox Health Report
CHANGED
Ability to restore removed thumbnails on New Tab Page
CHANGED
CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298)
CHANGED
Graphics related performance improvements (bug 809821)
CHANGED
Removed E4X support from Spidermonkey
DEVELOPER
Implemented Remote Profiling
DEVELOPER
Integrated add-on SDK loader and API libraries into Firefox
HTML5
Added support for <main> element
HTML5
Implemented scoped stylesheets
HTML5
Added support for window.crypto.getRandomValues
FIXED
Some function keys may not work when pressed (833719)
FIXED
Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627)
FIXED
21.0: Security fixes can be found here
Fixed in Firefox 21
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
|
|
* Fix test suite to not fail when XML::Twig is not installed. Closes:
#707436
* theme: Now <TMPL_IF THEME_$NAME> can be used in all templates
when a theme is enabled.
* notifyemail: Fix bug that caused duplicate emails to be sent when
site was rebuilt.
* bzr: bzr rm no longer has a --force option, remove
|
|
Changelog:
Version 1.1.20 (released 24-Apr-2013)
* fix tab-to-space handling regression in markup view
* fix regression in root lookup handling (issue #526)
Version 1.1.19 (released 22-Apr-2013)
* improve root lookup performance (issue #523)
* new 'max_filesize_kbytes' config option and handling (issue #524)
* tarball generation improvements:
- preserve Subversion symlinks in generated tarballs (issue #487)
- reduce memory usage of tarball generation logic
- fix double compression of generated tarballs (issue #525)
* file content handling improvements:
- expanded support for encoding detection and transcoding (issue #11)
- fix tab-to-space conversion bugs in markup, annotate, and diff views
- fix handling of trailing whitespace in diff view
* add support for timestamp display in ISO8601 format (issue #46)
Version 1.1.18 (released 28-Feb-2013)
* fix exception raised by BDB-backed SVN repositories (issue #519)
* hide revision-less files when rcsparse is in use
* include branchpoints in branch views using rcsparse (issue #347)
* miscellaneous cvsdb improvements:
- add --port option to make-database (issue #521)
- explicitly name columns in queries (issue #522)
- update MySQL syntax to avoid discontinued "TYPE=" terms
|
|
Important: Session fixation CVE-2013-2067
FORM authentication associates the most recent request requiring
authentication with the current session. By repeatedly sending
a request for an authenticated resource while the victim is
completing the login form, an attacker could inject a request
that would be executed using the victim's credentials.
Note that the option to change session ID on authentication was
added in Tomcat 6.0.21. In earlier 6.0.x releases, prevention of
session fixation was an application responsibility.
This vulnerability represents a bug in Tomcat's session fixation
protection that was added in 6.0.21. Hence, only versions 6.0.21
onwards are listed as vulnerable.
This was fixed in revision 1417891.
This issue was identified by the Tomcat security team on
15 Oct 2012 and made public on 10 May 2013.
Affects: 6.0.21-6.0.36
Important: Denial of service CVE-2012-3544
When processing a request submitted using the chunked transfer
encoding, Tomcat ignored but did not limit any extensions that
were included. This allows a client to perform a limited DOS
by streaming an unlimited amount of data to the server.
This was fixed in revision 1476592.
This issue was reported to the Tomcat security team on
10 November 2011 and made public on 10 May 2013.
Affects: 6.0.0-6.0.36
ChangeLog:
++++++++++
Catalina
fix 52055: Ensure that filters are recycled. (markt/kkolinko)
fix 52184: Reduce log level for invalid cookies. (markt)
fix 53481: Added support for SSLHonorCipherOrder to allow the
server to impose its cipher order on the client. Based on
a patch provided by Marcel Å ebek. (schultz)
fix 54044: Correct bug in timestamp cache used by logging
(including the access log valve) that meant entries could
be made with an earlier timestamp than the true timestamp. (markt)
fix In FormAuthenticator: If it is configured to change
Session IDs, do the change before displaying the login
form. (kkolinko)
fix 54054: Do not share shell environment variables between
multiple instances of the CGI servlet. (markt)
fix 54087: Correctly handle (ignore) invalid If-Modified-Since
header rather than throwing an exception. (markt/kkolinko)
fix 54220: Ensure the ErrorReportValve only generates an error
report if the error flag on the response has been set. (markt)
fix Fix memory leak of servlet instances when running with
a SecurityManager and either init() or destroy() methods
fail or the servlet is a SingleThreadModel one, and of
filter instances if their destroy() method fails with an
Error. (kkolinko)
fix 54382: Fix NPE when SSI processing is enabled and an empty
SSI directive is present. (markt)
fix 54483: Correct one of the Spanish translations. Based on
a suggestion from adinamita. (kkolinko)
update 54527: Synchronize conf/web.xml mime mapping with Tomcat 7. (markt)
Coyote
fix 54248: Ensure that byte order marks are swallowed when
using a Reader to read a request body with a BOM for those
encodings that require byte order marks. (markt)
fix 54324: Allow APR connector to disable TLS compression
if OpenSSL supports it. (schultz)
fix 54456: Ensure that if a client aborts a request when
sending a chunked request body that this is communicated
correctly to the client reading the request body. (markt)
update Update the native component of the APR/native connector
to 1.1.27 and make that version the recommended minimum
version. (kkolinko)
Jasper
fix 54615: Tomcat 6 doesn't build against ecj 4.x (kkolinko)
Cluster
fix 54045: Make sure getMembers() returns available member
when TcpFailureDetector works in static cluster. (kfujino)
Web applications
update 22278: Add a commented out sample configuration of
RemoteAddrValve to META-INF/context.xml files of the
Manager and Host Manager applications. (kkolinko)
fix 54080: Clarify documentation for initial value of
internalProxies attribute of RemoteIpValve. (schultz/kkolinko)
fix 54198: Clarify that HttpServletResponse.sendError(int)
results in an HTML response by default. (markt)
fix 54207: Correct JNDI factory package name in Javadoc for
org.apache.naming.java.javaURLContextFactory. (markt)
Other
update Add sample Apache Commons Daemon JSVC wrapper script
bin/daemon.sh that can be used with /etc/init.d. (kkolinko)
update In the build configuration: introduce property
"tomcat.output" that is used to specify location of the
build output directory. This simplifies configuration if
someone wants to move the output directory elsewhere
(e.g. out of the source tree). (kkolinko)
fix 54390: Use 'java_home' on Mac OS X to auto-detect
JAVA_HOME. (schultz)
update 54601: Change catalina.sh to consistently use
LOGGING_MANAGER variable to configure logging, instead
of modifying JAVA_OPTS one. (kkolinko)
update 54890: Update to Apache Commons Daemon 1.0.15. (mturk)
|
