| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
This module is a sub class of Template::Stash, automatically escape
all HTML strings using HTML::Entities to avoid XSS vulnerability.
|
|
|
|
|
|
All the details of the changes can be found here: http://drupal.org/node/280583
The main reason for this update is to fix a known security issue:
http://drupal.org/node/280571
|
|
All the details of the changes can be found here: http://drupal.org/node/280586
The main reason for this update is to fix a known security issue:
http://drupal.org/node/280571
|
|
mkdir.sh as expected e.g. by www/ap2-fcgid. Bump revision.
|
|
Bump revision.
|
|
the exceptions can conditionalize the statement. Fixes build on
NetBSD/amd64.
|
|
PKGREVISION++
|
|
|
|
|
|
* Don't wrap root plugins to system locations, keep them private
* Fix support for Acrobat Reader 8 (focus problems)
* Fix support for mozplugger (in full-debug mode)
* Fix support for WebKit
* Fix crashes with Flash Player 9 Update 3 (9.0.115)
* Fix build with Intel compiler
* Add support for IBM XLC compiler
* Improve error handling during RPC initialization (possible memory leak
on error)
* Improve error handling in NPP_WriteReady() and NPP_Write()
|
|
Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
MFSA 2008-20 Crash in JavaScript garbage collector
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.10/
|
|
|
|
Trac-0.10.5-ja-1 (Jun 23, 2008)
* Merge trac-0.10.5
* Update to current statement.
* COPYING.trac-ja
* README.trac-ja
* wiki-default/TracJa
Trac 0.10.5 (Jun 23, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.5
Trac 0.10.5 contains two security fixes and a couple of bug fixes.
The following list contains only a few highlights:
* Fixes a cross-site redirection vulnerability in the quickjump function
reported by Russ McRee.
* Fixes a wiki engine XSS vulnerability found by Nathan Collins.
* Added PostgreSQL 8.3 support.
* Fixes FineGrainedPermissions for scoped repositories.
* Fixes problem with repository syncing raising exceptions.
The complete list of closed tickets can be found here:
http://trac.edgewall.org/query?status=closed&milestone=0.10.5
|
|
very minor update.
Trac 0.10.5 (Jun 23, 2008)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.5
Trac 0.10.5 contains two security fixes and a couple of bug fixes.
The following list contains only a few highlights:
* Fixes a cross-site redirection vulnerability in the quickjump function
reported by Russ McRee.
* Fixes a wiki engine XSS vulnerability found by Nathan Collins.
* Added PostgreSQL 8.3 support.
* Fixes FineGrainedPermissions for scoped repositories.
* Fixes problem with repository syncing raising exceptions.
The complete list of closed tickets can be found here:
http://trac.edgewall.org/query?status=closed&milestone=0.10.5
|
|
|
|
Part of patch-af has been fixed upstream.
Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
|
|
on curl.
|
|
two security fixes:
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
Changes to squid-2.6.STABLE21 (27 June 2008)
- Bug #2350: Bugs in Linux kernel capabilities code
- Bug #2241: weights not applied properly in round-robin peer
selection
- Off by one error in DNS label decompression could cause valid DNS
messages to be rejected
- logformat docs contain extra whitespace
- Reject ridiculously large ASN.1 lengths
- Fix SNMP reporting of counters with a value > 0xFF80000
- Correct spelling of WCCPv2 dst_port_hash to match the source
- Plug some "squid -k reconfigure" memory leaks. Mostly SSL related.
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
- Bug #2376: Round-Robin becomes unbalanced when a peer dies and comes
back
- Bug #2387: The calculation of the number of hash buckets need to
account for the memory size, not only disk size
- Bug #2393: DNS requests retried indefinitely at full speed on failed
TCP connection
- Bug #2393: DNS retransmit queue could get hold up
- Correct socket syscalls statistics in commResetFD()
|
|
|
|
|
|
|
|
This is a new major release of the popular Firefox browser from Mozilla.
Based on Gecko 1.9, it brings improvements in the areas of performance,
stability, rendering correctness, security, usability and more.
Release notes: http://www.mozilla.com/en-US/firefox/3.0/releasenotes/
|
|
Significant changes from 0.11.3 (some where already present in pkgsrc,
as we used the 0.11.4 release candidate tarballs):
* critical bug 755: fix crashes due to dangling pointers to struct
form_state
* critical bugs 613, 714, 961: "assertion list_empty(form_controls)
failed"
* critical bug 945: don't crash if a Lua script calls e.g. error(nil)
* critical bug 1003: don't crash if a smart URI rewrite template gets
too few parameters
* critical bug 1016: avoid JSFunctionSpec for better compatibility
across versions of SpiderMonkey
* critical bugs 674, 956: don't reuse pointers to SpiderMonkey objects
that may have been collected as garbage. This fix causes bug 954.
* CVE-2007-2027: check if the program path contains "src/" before using
../po files
* important Debian bug 380347: prevent a buffer overflow in entity_cache
and a possible subsequent crash
* major bug 788: don't read STRLEN n_a, which isn't initialized by POPpx
of Perl v5.8.8 and later
* fix query parsing in file: URIs for local CGI (was broken in 0.11.3)
* bug 691: don't look up bogus IPv4 addresses based on characters of a
hostname
* bug 712: GnuTLS works on https://www-s.uiuc.edu/
* fix active and passive FTP over IPv6
* bug 938: elinks -remote no longer needs a controlling tty
* bug 939: fix FSP directory listing (some compiler options left it
empty)
* bug 978: Python's webbrowser.open_new_tab(URL) works since now
* bug 1012: compile with -fno-strict-overflow or -fwrapv if available
* bug 1014: fix incompatible pointer type in Perl_sys_init3 call
* minor bug 54, Debian bug 338402: don't force the terminal to 8 bits
with no parity, and don't disable XON/XOFF flow control either
* minor bug 951 in user SMJS: garbage-collect SMJS objects on File ->
Flush all caches to work around their holding cache entries busy
* minor bug 396: never show empty filename in the what-to-do dialog
* minor bug 461: ensure contrast in blank areas, to keep the cursor
visible
* minor bug 928: properly display no-break spaces in a UTF-8 document if
the terminal uses some other charset
* minor bug 987: English spelling and grammar corrections
* minor bug 1000: preserve any query and fragment when converting a file
name to a file:// URL
* minor: don't assume sizeof(int)==4 in bittorrent
* trivial bug 947: document.html.wrap_nbsp also affects text in tables
* trivial bug 997: fix unlikely stack corruption in active FTP
* build bug 1002: fix "comparison is always true due to limited range of
data type" warning on PowerPC and s390
* build bug 950: fix "config/install-sh: No such file or directory" on
SunOS
* build bug 936: fix errors about undefined off_t (autoheader
incompatibility)
* build bug 959: test in configure whether -lX11 works
* build: update SpiderMonkey configure check Debian compatibility
* build: use $(CPPFLAGS) rather than $(AM_CFLAGS)
* build: disable GCC 4.2 warning about builtin_modules
* build: move debian/ to contrib/debian/
* minor build bug 989: AsciiDoc 8.2.2 compatibility
* minor build bug 960: fix errors in loadmsgcat.c if mmap() exists but
munmap() doesn't
|
|
changes:
-minor bugfixes
-Changes DB schema to better handle comments during
item and subscription deletion. This makes the cache
version incompatible to 1.4.15
-Update of French translation
|
|
|
|
Small as a mouse, fast as a cheetah and available for free.
NetSurf is a web browser for RISC OS and UNIX-like platforms.
Whether you want to check your webmail, read the news or post to
discussion forums, NetSurf is your lightweight gateway to the
world wide web. Actively developed, NetSurf is continually evolving
and improving.
|
|
+SUBDIR+= p5-HTTP-Async
+SUBDIR+= p5-HTTP-Body
+SUBDIR+= p5-HTTP-Request-AsCGI
|
|
Provides a convenient way of setting up an CGI enviroment from a
HTTP::Request.
|
|
Although using the conventional LWP::UserAgent is fast and easy it
does have some drawbacks - the code execution blocks until the
request has been completed and it is only possible to process one
request at a time. HTTP::Async attempts to address these limitations.
It gives you a 'Async' object that you can add requests to, and
then get the requests off as they finish. The actual sending and
receiving of the requests is abstracted. As soon as you add a
request it is transmitted, if there are too many requests in progress
at the moment they are queued. There is no concept of starting or
stopping - it runs continuously.
Whilst it is waiting to receive data it returns control to the code
that called it meaning that you can carry out processing whilst
fetching data from the network. All without forking or threading
- it is actually done using select lists.
|
|
HTTP::Body parses chunks of HTTP POST data and supports
application/octet-stream, application/x-www-form-urlencoded, and
multipart/form-data.
Chunked bodies are supported by not passing a length value to new().
It is currently used by Catalyst to parse POST bodies.
|
|
CGI::Simple provides a relatively lightweight drop in replacement
for CGI.pm. It shares an identical OO interface to CGI.pm for
parameter parsing, file upload, cookie handling and header generation.
|
|
|
|
Template::Timer provides inline timings of the template processing
througout your code. It's an overridden version of Template::Context
that wraps the process() and include() methods.
|
|
individual Makefile files and out of Makefile.common.
|
|
2008-06-16 Gisle Aas <gisle@ActiveState.com>
Release 1.37
Gisle Aas (1):
Support ";" delimiter in $u->query_form
Jan Dubois (1):
We get different test result when www.perl.com doesn't resolve.
Kenichi Ishigaki (1):
URI::Heuristic didn't work for generic country code [RT#35156]
|
|
(I guess it is probably not needed in this case, but the changes
to ignore it for the slang option alone are much more effort).
Addresses PR 38284 by Daniel Horecki.
|
|
|
|
This class works just like LWP::UserAgent (and is based on it, by
being a subclass of it), except that when you use it to get a web page
but run into a possibly-temporary error (like a DNS lookup timeout),
it'll wait a few seconds and retry a few times.
It also adds some methods for controlling exactly what errors are
considered retry-worthy and how many times to wait and for how many
seconds, but normally you needn't bother about these, as the default
settings are relatively sane.
|
|
|
|
scripts and other scripts which output RSS. Other than most other RSS
libraries for Python, this one handles escaping of input and is supposed
to be extensible.
|
|
|
|
Some new features of Zope 2.11:
* ZODB 3.8 with blob support (binary large objects)
* Zope 3.4 integration
* transactional Mailhost implementation
* lots of minor improvements and fixes
For more information on what is new in this release, see the CHANGES.txt
files for the release:
http://www.zope.org/Products/Zope/2.11.0/CHANGES.txt
|
|
It would be last 2.6 stable release.
Changes to squid-2.6.STABLE20 (25 Apr 2008)
- Bug #2263: Custom log formats fail to log file sizes >2GB properly
on 32-bit platforms
- Fix stripping NT domain in squid_ldap_group
- Bug #2278: Cache-Control: max-stale=0 forwarded wrongly as max-stale
(without delta)
- Bug #2283: Fails to parse chunked encoding using chunk extensions
- Bug #420: Deal properly with empty list HTTP header members
- Windows Server 2008 support
- Bug #1886: tcp_outgoing_address acl doesn't work with indirect
source address (follow-x-forwarded-for)
- Bug #2296: Stuck in 100% CPU when fetching an corrupt peer digest
- Add support for the resolv.conf domain directive, and also
automatically derived default domain
- minimum_icp_query_timeout directive
- Bug #2329: Range header ignored on HIT
|
|
|
|
|
|
|
