| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
following security issues:
- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
- MFSA 2008-18 Java socket connection to any local port via LiveConnect
- MFSA 2008-17 Privacy issue with SSL Client Authentication
- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
- MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
- MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
|
|
They have security problems and are not maintained.
Removal was announced on pkgsrc-users on March 13.
|
|
- Use INSTALLATION_DIRS.
|
|
3.0.16
* Fix for longstanding cache-full crash (Christian Seiler)
http://news.php.net/php.pecl.dev/4951 for the details
* Added optional shm unmap on a fatal signal feature (Lucas Nealan)
* Added PTHREAD_MUTEX_ADAPTIVE_NP option pthread locks (Paul Saab)
* Minor cleanups (Lucas Nealan)
* Added configure option to enable apc_cache_info('filehits') (Shire)
3.0.15
* Eliminate a per-request time() syscall (Rasmus)
* Added rfc1867 prefix, name, and freq ini options (Shire)
* Allow deletion of individual user cache entries via apc.php (Sara)
* Fix overzealous cleanup during RSHUTDOWN (Gopal)
* Fix memory alignment and locking issues (Gopal)
* Make apc_compile insert/replace entries (Shire)
* Make mixed inheritance recompile & cache afresh (Gopal)
* Make nostat mode search include_path for canonicalization (Gopal)
* ZTS & other compile fixes (Gopal, Edin, Shire)
|
|
|
|
This module takes a list of CSS files and concatenates them, making sure
to honor any valid @import statements included in the files.
Approved-by: cube
|
|
Major new features:
* quickly working standalone mode (similar to DesktopEdition)
* xapian index search (including attachments of supported mimetypes)
* WikiSynchronisation
* moin can receive email now
* wiki parser: easier link and transclusion markup (and new macro
markup)
* new parsers for: creole wiki markup, html (safe), diffs
* discussion pages
* inline comments
* hierarchical ACLs (see HelpOnAccessControlLists)
* new anti-spam feature: TextChas
* SisterSites support
* new xmlrpc methods, easier auth, multicall support
* Improved params for [[target|label|params]]:
* AdvancedSearch: make multiple categories/languages/mimetype selections
possible
* Added a configuration directive to only do one bind to the LDAP
server.
+ many bugfixes, including at least one XSS fix.
|
|
Fix a DOS under high load and some information leaks.
|
|
Sun Mar 9 19:24:26 GMT 2008 - surfraw 2.2.1
* New elvi:
+ lsm - Search the Linux Software Map.
+ sunonesearch - Search Sun's One Search (replaces sunsolve).
* Fixed elvi: cddb, cnn, debcontents, deblists, debpackages, freedb,
fsfdir, genpkg, and yubnub (thanks for the latter to Nathaniel Heinrichs).
* Removed elvis: sunsolve (replaced by sunonesearch).
* amazon, ebay, translate: expanded language/country list.
* Added new configuration variable SURFRAW_lang.
Elvi that support specifying language or country
will use this as a default. If used, it should be set
to an ISO 2-letter country code (eg uk, de, ca).
Thanks to Simon Ernst for the idea.
* Fixed quoting single quotes in URLs (thanks to Alexander
Becher for the patch).
|
|
|
|
|
|
urlgrabber is a pure python package that drastically simplifies
the fetching of files. It is designed to be used in programs that
need common (but not necessarily simple) url-fetching features.
It is extremely simple to drop into an existing program and provides
a clean interface to protocol-independant file-access. Best of all,
urlgrabber takes care of all those pesky file-fetching details,
and lets you focus on whatever it is that your program is written
to do!
|
|
Remove PostgreSQL 8.0 as choice.
|
|
3.0.8 is a stable release which includes many significant enhancements and
new features, and the usual squashed bugs. The most prominent new
features are the ability to "tag" headers and apply actions based on those
tags, making Privoxy much more flexibile, and Privoxy can now act as an
"intercepting" proxy.
|
|
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
Of note:
important: Data integrity CVE-2007-6286
important: Information disclosure CVE-2007-5461
low: Elevated privileges CVE-2007-5342
low: Session hi-jacking CVE-2007-5333
Are all fixed in this release.
|
|
e.g. match IRIX 5.x but not 6.x. Some of these may indeed apply to 6.x
too, but let's be conservative. PR pkg/38224.
|
|
- Revive support for system without NetBSD style rc/rc.d.
- Always pass command_args and squid_flags to squid command.
This should fix the PR pkg/38036 by Wolfgang Stukenbrock.
Bump PKGREVISION.
|
|
|
|
(suggested by Todd Kover in PR pkg/36144)
-propagate the krb dependency through bl3 if necessary
-bump PKGREVISION
|
|
changes: minor bugfixes
|
|
changes:
- Works with Firefox 1.5.x and xulrunner 1.8.x
- Compiles with xulrunner 1.9, but a lot of functionality is disabled due
to being no longer exposed by xulrunner (or not working)
- MyPortal
- User stylesheets
- Remembering passwords
- http authentication
- Support for external mailers which don't understand mailto: urls is
completely removed. Pretty much all modern mailers support them now.
|
|
see GIT history.
Made option elinks-fastmem the default, as it's significantly faster
and I don't trust their wrappers of malloc(), etc. al. anyway.
Version 0.12 supports boehm-gc, which will probably become the default.
If 0.12 isn't released fairly soon, I'll see about backporting support.
Also add elinks-html-highlight as a default, as there's really no
reason not to.
|
|
PKG_APACHE_ACCEPTED= apache2 apache22
like every other ap2-foo package.
|
|
Major changes compared to Horde 3.1.6 are:
* Fix arbitrary file inclusion through abuse of the theme preference.
|
|
because it doesn't care about the IP family.
|
|
(or any special char, with no ?.)
|
|
this Makefile.common.
|
|
these Makefiles include seamonkey-bin-nightly/Makefile.common which
just include seamonkey-bin/Makefile.common which already has user-destdir
support.
|
|
|
|
has already been altered to support user-destdir, so we just need to turn
it on in these packages.
|
|
|
|
* security fix: omit commits of all-forbidden files from query results
* security fix: disallow direct URL navigation to hidden CVSROOT folder
* security fix: strip forbidden paths from revision view
* security fix: don't traverse log history thru forbidden locations
* security fix: honor forbiddenness via diff view path parameters
* new 'forbiddenre' regexp-based path authorization feature
* fix root name conflict resolution inconsistencies (issue #287)
* fix an oversight in the CVS 1.12.9 loginfo-handler support
* fix RSS feed content type to be more specific (issue #306)
* fix entity escaping problems in RSS feed data (issue #238)
* fix bug in tarball generation for remote Subversion repositories
* fix query interface file-count-limiting logic
* fix query results plus/minus count to ignore forbidden files
* fix blame error caused by 'svn' unable to create runtime config dir
|
|
|
|
* 208700 by pwolanin. Fix bad backport of #194579. Modified to use Form API.
* 118569 by bevan: document how should one set RewriteBase, if under a VirtualDocumentRoot. Backport by Bart Jansens.
* Patch 115606 by Junyor, thesaint_02: added support for PHP 5.2's 'recoverable fatal errors'.
* 209409 by Heine, webernet, dww: more accurate register globals value checking
|
|
the right terminal library.
Bump the PKGREVISION of www/w3m and www/w3m-img to 2.
|
|
Bump the PKGREVISION to 5.
+ Add full DESTDIR support.
|
|
2008-02-29 Andy Lester
* Release 3.20 -- Added <div> to the list of p_closure_barriers.
|
|
http://trac.lighttpd.net/trac/attachment/ticket/1562/Fix-372-and-1562.patch
in order to fix CVE-2008-0983. Bump PKGREVISION
|
|
them at will.
|
|
=== RELEASE 2.1pre33 ===
Thu Jan 31 21:11:40 MET 2008 mikulas:
Fixed memory leak when there was an error in decompression
Thu Dec 27 23:37:03 MET 2007 mikulas:
Support few more keycodes on ANSI terminal (PAGE UP, PAGE DOWN and few
F* keys)
Wed Dec 26 03:43:35 cet 2007 mikulas:
Disable smb:// URLs on OS/2, fork+threads can cause crashes in EMX
Besides, there's no usable smb client program anyway
Tue Dec 25 01:44:28 MET 2007 mikulas (sponsored by Dondor Ltd.):
A .nsi file to make Windows installer with Nullsoft scriptable install
Mon Dec 24 01:44:11 MET 2007 mikulas:
Fixed a bug that strings with spaces could not be passed from command
line
Mon Dec 24 00:43:57 MET 2007 mikulas:
Socks 4A support (so that Links can be used with tor without
intermediate proxy)
Thu Dec 20 05:40:22 cet 2007 mikulas:
The previous Windows fix broke opening new windows on OS/2
|
|
per PR pkg/36144
(just compile-tested because I don't have a Kerberos installation)
|
|
include:
+ Add full DESTDIR support.
+ Split out package options into a separate options.mk file.
* Fix some cgi header processing
* Add simple Range: header processing
|
|
|
|
security/libssh2 package.
Changes:
o --data-urlencode
o CURLOPT_PROXY_TRANSFER_MODE
o --no-keepalive - now curl does connections with keep-alive enabled by
default
o --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
o --socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl)
o curl_easy_pause()
o CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA
o --keepalive-time
o curl --help output was re-ordered
This release includes the following bugfixes:
o curl-config --features and --protocols show the correct output when built
with NSS, and also when SCP, SFTP and libz are not available
o free problem in the curl tool for users with empty home dir
o curl.h version 7.17.1 problem when building C++ apps with MSVC
o SFTP and SCP use persistent connections
o segfault on bad URL
o variable wrapping when using absolutely huge send buffer sizes
o variable wrapping when using debug callback and the HTTP request wasn't sent
in one go
o SSL connections with NSS done with the multi-interface
o setting a share no longer activates cookies
o Negotiate now works on auth and proxy simultanouesly
o support HTTP Digest nonces up to 1023 letters
o resumed ftp upload no longer requires the read callback to return full
buffers
o no longer default-appends ;type= on FTP URLs thru proxies
o SSL session id caching
o POST with callback over proxy requiring NTLM or Digest
o Expect: 100-continue flaw on re-used connection with POSTs
o build fix for MSVC 9.0 (VS2008)
o Windows curl builds failed file truncation when retry downloading
o SSL session ID cache memory leak
o bad connection re-use check with environment variable-activated proxy use
o --libcurl now generates a return statement as well
o socklen_t is no longer used in the public includes
o time zone offsets from -1400 to +1400 are now accepted by the date parser
o allows more spaces in WWW/Proxy-Authenticate: headers
o curl-config --libs skips /usr/lib64
o range support for file:// transfers
o libcurl hang with huge POST request and request-body read from callback
o removed extra newlines from many error messages
o improved pipelining
o improved OOM handling for data url encoded HTTP POSTs when read from a file
o test suite could pick wrong tool(s) if more than one existed in the PATH
o curl_multi_fdset() failed to return socket while doing CONNECT over proxy
o curl_multi_remove_handle() on a handle that is in used for a pipeline now
break that pipeline
o CURLOPT_COOKIELIST memory leaks
o progress meter/callback during http proxy CONNECT requests
o auth for http proxy when the proxy closes connection after first response
|
|
Ok xtraeme@
|
|
|
|
to wait for testing not-finished releases.
Ok by jlam@.
|
|
that include this file - notably sunbird
|
|
when using binary packages.
Bump PKGREVISION
|
|
2.8.31: For Apache 1.3.41
2.8.30: Bug Fix
2.8.29: For Apache 1.3.39
|
