| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
include:
* Nearly full support for PHP 5.1.x.
* Many bugfixes and code cleanups.
* The shared memory functions, session handler and content cache are
disabled by default now. They are only used by a small amount of
users and they could allow local users to fill up the memory if they
aren't secured properly.
|
|
usage.
|
|
Changes:
* Quanta Plus
o another round of VPL fixes.
o don't crash when viewing remote files in VPL
o silently ignore files from a project view that do not exist
anymore
o show a correct error message if a file does not exist
o make the img and script tags standard compliant
o don't loose important spaces when applying source indentation
o add input button to the Forms toolbar
|
|
packages. Convert LDAP-based applications to depend on openldap-client, and
bump PKGREVISION for those that depend on it by default.
|
|
3.2.12
======
New
- Use newest external library for HTTP handling.
- enable/disable spider to POST forms in options panel to avoid
generating unwanted traffic (default to enable). This is requested
by many users.
- Decrease the number of possible combinations crawled by spider on
forms with multiple SELECT/OPTIONS. This make crawling less
resource consuming and lower chance to affect application being scanned.
- Minor UI changes.
Fix
- Fallback database library to previous version as in Paros 3.2.10
because of a problem with hsqldb where some byte combination may
consume 100% cpu time.
- Increase width of method display in history to cater for other
longer method names.
- Default file scans may display incorrect HTTP message body if the
original message is a POST request.
3.2.11
======
New
- Revamp History log panel.
- Added "tag..." in right-click pop-up window for History log panel. This
help to quickly identify a HTTP message in History display.
- Concurrent delete of multiple URL's in the site hierarchy (sf.net request
ID 1472300).
- Use of newest db library.
Fix
- For POST request, if the body contain binary parameters of certain pattern,
it may be unable to issue a re-send because URLDecode failed to decode
properly.
|
|
This release is almost the same as 2.5.13nb1 except:
- documentation change; most of them are release name.
- one debug level change.
|
|
ok'ed minskim@
|
|
GNU/Linux.
Bump PKGREVISION.
|
|
infinite loop on certain invalid HTML (CVE-2004-1617)
bump PKGREVISION
|
|
Java plugin from the "sun-jre15" package (Java 5.0).
|
|
|
|
For a full list of changes see: http://drupal.org/drupal-4.7.0
In short:
- Updated Documentation for All Modules
- Auto-complete Fields(AJAX)
- Added Mass Comment Operations
- Easier to Make Menu Items
- RSS Feed Settings
- Better Search Index
- New Forms API
|
|
|
|
|
|
Bump PKGREVISION
|
|
And add new option: dillo-ssl
The openssl buildlink3.mk is only used when that is enabled.
The package didn't use openssl and the https was disabled in the
code. The new option which is off by default can be used to
enable ssl. Note that is experimental for dillo and does not
appear to work very good.
No change to default package except on systems where it had an
un-needed dependency on openssl package -- so bump PKGREVISION
for that.
|
|
|
|
for over a year now.
|
|
Fix pkglint warnings
|
|
------------------------
- fixed critical SQL issue, see SA-2006-005
|
|
it will live with other "check" targets run after package installation.
Get rid of SHLIB_HANDLING, whose meaning had mutated over the years
from one thing to another. Currently, it is used to basically note
whether the system's "ldd" command can be usefully run on the package's
binaries and libraries. Rename this variable to CHECK_SHLIBS_SUPPORTED
for more clarity.
CHECK_SHLIBS is now a variable set exclusively by the user in /etc/mk.conf
to note whether the check for missing run-time search paths is performed
after a package is installed. It defaults to "no" unless PKG_DEVELOPER
is set.
|
|
-update to 2.14.1.1
changes:
-minor UI improvements
-bugfixes
-documentation updates
|
|
- site moved to sourceforge
- index_tree tag added. Look at TAG: index_tree in sarg.conf file
default is file - old format.
- realtime report added. sarg -r option
Look at these tags ion sarg.conf file:
TAG: realtime_refresh_time num sec
TAG: realtime_access_log_lines num
TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
TAG: realtime_unauthenticated_records: ignore|show
- garbage in topuser report with unitialized variable.
Thanks to Craig Brockmeier <craig@ppco.com>
- memory leaks caused by a wrong variable size
Fixed by Klaus Singvogel <kssingvo@suse.de>. Thanks.
- ignoring users with '.' in password file.
Thanks to Emerson Valdir Pellis <webmaster@marisol.com.br>
- error with "resolve_ip" with "user_authentication yes"
Fixed by Grigory Trenin <gtrenin@gmail.com>. Thanks.
- long url causing fault. Thanks to Vassily Andin <vasya@avitalight.com>
- hanging on a log file containing space.
Thanks to Fabio Lo Votrico <fabio@link.it>
- bug fixed in squidguard report module
- squidguard_ignore_date on|off tag added to sarg.conf file
You can ignore the squidguard log record date if outisde of
date range in squid access.log file.
- alternate squidguard log added using -L option on sarg command line.
Thanks to Dave Karlson <dkarlson@r9esd.k12.or.us>
- fixed malloc withou free.
- datafile-url ip|name added to sarg.conf file - saves ip address or name
in url when using datafile tag. Thanks to Calvin Muller <calvin@siryn.co.za>
- wronk link point in Generated by sarg-2..
Thanks to Markus Hoffmann <ipcop@mh-lantech.de>
- Russian_UFT-8 language added by Alex Deiter <tiamat@komi.mts.ru>
- dansguardian_report_limit missing in sarg.conf file.
- ntlm domain+user format added.
- index date sort fixed by Olivier JAVAUX. Thanks
- Improve broken record detection
Thanks to Artem Korneev <akorneev@intelsysus.com>
- sort open failed causing an empty topuser report
- sarg losslessly size optimized images
Thanks to Tonda Mí¿ek <tonda.misek@post.cz> and Luigi Gangitano.
- sarg calling sort without quoting filenames Thanks to Luigi Gangitano.
- download_report_limit tag added.
Thanks to Leonardo Rodrigues <leonardo@solutti.com.br>
- logo css class defined but never used.
Thanks to Roger Favero <favero@sparkenergy.it>
- verdana.ttf font removed to avoid patent infringement issues.
Now sarg uses a GPL FreeSans font from http://savannah.gnu.org
- ISA report with wrong date in date/time report. Thanks to Richard Berndt
- connect records ignored when using emulate_http_log on in squid.conf file.
Thanks to Dusan Woletz
- bug that prevents the correct usage of switch -d <date1-date2> when using
an "emulate_httpd_log on" logfile and some performance improvements
added. Thanks to Filippo Grassilli
- Spanish language fixed by José Luis Hernández López. Thanks.
- url variable size changed to acomodate big urls with coded symbols and some
minor changes in util.c file.
Thanks to Oleg <xsov@mail.ru>
- download suffixes improved by Oleg <xsov@mail.ru>. Thanks.
Now sarg uses these suffixes:
7z,ace,arj,avi,bat,bin,bz2,bzip,cab,com,cpio,dll,doc,dot,exe,gz,iso,
lha,lzh,mdb,mov,mp3,mpeg,mpg,mso,nrg,ogg,ppt,rar,rtf,shs,src,sys,tar,
tgz,vcd,vob,wma,wmv,zip
- DansGuardian report added. Thanks to Adolfas Kupliauskas for the access.log
- Slovak language added by Dusan Woletz Thank you
- wrong usertab user on topuser report. Thanks to Marcos Favoretto
- ntlm_user_format added to sarg.conf. Now you can choose the following formats
for the username on reports: user|domainname+user Suggested by Roger Favero
- exclude_users ignored in some situations.
- Fixes by Sapon Oleg from Russia:
. there are two equal lines about Evren Yurtesen in CONTRIBUTORS file.
. Internationalisation of SARG user graph added, using iconv function,
which is presented only in Linux, so I add required #ifdef and other
stuff to clean compile code on other platforms.
. Fixed two issues:
- '?' symbol problems for apache and other cgi-supporting web server which
doesn't support '?' symbol in links (all of them interprete this like
parameter to cgi script);
- some good optimization to all three similar cicles in these files by
reducing false checks in 'if ...' strings.
. Fixes segfault, produced by inproper use of strncpy functions, look
- strncpy doesn't copy leading '\0' symbol!
. Just localisation support for repday report.
. Support usertab IP->USERNAME change in siteuser report.
. Just proper Russian koi8 localisation.
- Greek language by Antonis Maglaras <vegos@magla.gr> Thank you.
- time period added to -t option. Now you can use -t HH-HH, HH:MM-HH:MM
- support to isa proxy 2004 log added.
Thanks to William da Rocha Lima <wrochal@linuxit.com.br>
- French language fixed by Alexey Znamerovskiy <alexz@everys.com> Thanks
- internal LC_ALL=C removed to avoid errors on Solaris.
Thanks to Hraska, Frantisek <frantisek.hraska@hupro.sk>
- non authenticated records removed from Topuser report.
Thanks to Brian <brian@reginachristianschool.org>
- Compilation error on FreeBSD > 5 - log.c:645: error: `RLIMIT_OFILE' undeclared
- Sarg abbreviation values improved.
- fixed: some changes to avoid segmentation fault.
- fixed: some changes to avoid compilation errors on freeBSD.
- fixed: exclude_hosts not excluding correctly.
- exclude hosts not excluding correctly. Thanks to Oleg
- download report showing jpeg files.
- support to Microsoft isa proxy log files added.
Thanks to Trankov Vladislav <vtrankov@kb-obibank.ru>
- fixed: error when using relative paths in -o and -w options. Just
absolute paths can be used now. Thanks to Andreas Grosse <andi@majestyk.de>
- fixed: segfault fix in vrfydir() in util.c
Prevent buffer overflow in subs(); replace one constant with sizeof()
in my_lltoa(). vrfydir(): fix segfault if sub-directory "images" is
not exists function builddia() don't check the parameters. Result:
segmentation fault in some cases.
Thanks to Stas Degteff stas_degteff@users.sourceforge.net for the fixes.
- fixed: wrond date period in squidguard_log when using european date format.
Thanks to Guenther Mair <gunnyst@users.sourceforge.net>
- ulimit tag added on sarg.conf to avoid "Too many open files" error.
Thanks to Paulo Pires <paulo.pires@vodafone.pt>
- squidguard parse logs method changed.
Thanks to Joao Mendes <jmendes@credibom.pt>
Thanks to Guenther Mair <gunnyst@users.sourceforge.net>
- wrong results in -v option.
- fixed: error when using -u (include user)
Thanks to Bochkarev Vladimi <bochkarev@expocentr.ru>
- export LC_ALL=C will be issued before sort to avoid high cpu usage
- grepday with invalid font path.
Thanks to Marcelo Ricardo Leitner <mrl@conectiva.com.br>
- -v option added to display Sarg version on console
- Segmenation fault caused by an unclosed file. Thanks to Pustovalov Leonid
- SquidGuard log formats added. Thanks to Kolotov Alexandr
- time field added to topsites report
Thanks to Miles Roper <mroper@westcoastdhb.org.nz>
- fixtime function with wrong definition, changed to long long
Thanks to Valery from Russia
- Solaris 9 compiling error: error: conflicting types for 'my_mkdir'
Thanks to Brad Larden <Brad.Larden@alphawest.com.au>
- segfaults if the denied report is disabled in sarg.conf.
Thanks to Filippo Carletti <filippo.carletti@nethesis.it>
- reading performance improved by Francesco Perrillo <fperillo@totalfax.it>
Thanks
- Russian sarg-php translation added.
Thanks to Michael Stepanenko <mistic@ecolines.ru>
- configure error with no gd installed.
- graph with no text when using --enable-sysconfdir
- graph day incorrect when using dd/mm/yy date format
- show_sarg_logo yes|no added
- site_user_time_date with wrong patch.
Thanks to Ricardo R. Hoffmann <hoffmann@uninet.com.br>
- Internal/External css implemented
- User authentication access (htaccess) implemented
- large file support added
- Report limits implemented
- Download report implemented
- Sarg logo by Osamu Matsuzaki <matsu_o@robata.org> added.
- Internal mkdir added to easy port to various plataform.
- long url now show only accessed site and module name.
- now you can add a user report url to a flat file to be blocked
by some Squid acl.
Request by Francesco Collini <collini@colliniconsulting.it>
- remove temporary files, if already exist, to avoid conflits with a
previous sarg process.. Thanks to Renato Leon <rl_sita@hotmail.com>
- squidGuard improved
- now only records with the same period from access.log
will be in squidGuard report.
- squidGuard limit report
- now you can save some urls in squidGuard db using
sarg-squidguard PHP utility.
bug fixed: fault caused by rewinddir after closedir.
Thanks to Lucas Bocchi <challado@ibocchi.com.br>
and to Freek
Fixed: - missing </body> tags in all HTML pages
- missing </html> tag in some HTML pages
- missing DOCTYPE in all HTML pages
- grammar in man page
- URL Links to SourceForge http://sarg.sourceforge.net/
Added: - Included more detailed information in man the page
Thanks to Billy Newsom of U.S.
To Do: - There are still major validation problems in the HTML generated
fixed: - link error to denied site in squidGuard report
- resolve name error in squidGuard report
- some fixes to HPUX. Thanks to Miles Roper <mroper@westcoastdhb.org.nz>
- index_sort_order tag don't work correctly.
- too many open files fixed.
Thanks to Francesco Perrillo <fperillo@totalfax.it>
- Ukrainian_windows1251 included in sarg.conf file
- exclude_string don´t work correctly.
Thanks to Modric Kristijan <Kristijan.Modric@pliva.hr>
|
|
MESSAGE_SUBST properly. No package should be setting MESSAGE anyway.
|
|
|
|
ftp://ftp.NetBSD.org/pub/pkgsrc/misc/kristerw/pkgstat/i386-3.0/20060501.1050/broken.html
|
|
|
|
* 2006-05-13 13:16 (Minor) On some systems POSIX AIO functions are in libaio
* 2006-05-14 15:41 (Medium) Memory leak in header processing related to external_acl or custom log formats
* 2006-05-14 15:41 (Major) memory leak in ident processing
* 2006-05-14 15:41 (Medium) Memleak in HTCP client code
* 2006-05-14 15:41 (Minor) Mime icons are not displayed when viewing ftp sites when
* 2006-05-14 15:41 (Cosmetic) SQUIDHOSTNAMELEN issues
* 2006-05-14 15:41 (Cosmetic) Current release is STABLE13, not 12..
Bump PKGREVISION.
|
|
(hi phone! :-)
changes since bozohttpd 20050410:
o make directory indexing mode not look so ugly
o build a text version of the manual page
o make "make clean" work properly
|
|
|
|
Major changes since 6.4:
- Fixed CVE-2006-2237.
- All geoip plugins support the PurePerl version.
- Possible use of vhost in extra section.
- Support IPv6 in AllowAccessFromWebToFollowingIPAddresses parameter.
- Added svn family to browsers detection.
- RSS catcher/readers in robot database.
- LogFormat=2 can now change its value dynamically if logformat change.
- More new features and bug fixes.
|
|
Based on PR pkg/33458 from david l goodrich.
I won't bump PKGREVISION since this is very trivial change and I'll commit
another changes soon.
|
|
Bump pkgrevision.
Reported by Jaromir Dolecek.
|
|
|
|
of quanta.
|
|
|
|
An Apache module designed to provide Kerberos authentication to the
Apache web server. Using the Basic Auth mechanism, it retrieves a
username/password pair from the browser and checks them against a
Kerberos server as set up by your particular organization. The module
also supports the Negotiate authentication method, which performs full
Kerberos authentication based on ticket exchanges, and does not require
users to insert their passwords to the browser.
|
|
Library for enabling GSSAPI authentication in LWP
|
|
0.05dev to 0.05.1dev:
+ Compatibiliy with newer Tk versions, especially 804.027 and above
+ Documentation bugfix for how to install it locally
+ Address change in the license
|
|
|
|
|
|
|
|
|
|
php-* modules failed on Darwin because gcc was used to link them.
Thanks to John Klos for testing.
Bump PKGREVISION.
|
|
* Designed and implemented a dpi protocol library (libDpip.a in /dpip).
* Added a couple of new dpip commands.
* Fixed and uniformed the escaping of values inside dpip tags.
* Ported the bookmarks, download, file, https, ftp and hello plugins,
plus the dpid daemon and the rest of the source tree to use it.
* Improved the dpi buffer reception to handle split buffers (This was
required for handling arbitrary data streams with dpip).
* Fixed a serious bug with the FTP plugin that led to two downloads of the
same file when left-clicking a non-viewable file.
* Added MIME/type detection to the FTP plugin, and removed popen().
* Set the dpi daemon (dpid) not to exit when the downloads dpi is running.
* Improved the accuracy of the illegal-character error reporting for URLs.
* Added DOCTYPE parsing (for better bug-meter error messages).
* Added a check for malicious image sizes in IMG tags.
* Made the parser aware of buggy pages with multiple BODY and HTML elements.
* Fixed a bug in MIME content/type detection.
* Moved the cookies management into a dpi server: cookies.dpi.
* Added "./configure --disable-threaded-dns" (for some non reentrant BSDs).
|
|
changes:
-bugfixes
-added XulRunner support
|
|
2.08 Wed May 3 17:17:33 EDT 2006
- Implemented new rasterizer for grid mapping. Thanks to Roland
Schar for a tortuous example of span issues.
- Regular extraction and TREE mode are using the same
rasterizer now.
- Fixed HTML stripping for a header matching bug on single word
text in keep_html mode (thanks to Michael S. Muegel for
pointing the bug out)
2.07 Sun Feb 19 13:40:44 EST 2006
- Fixed subtable slicing bug
- Fixed hrow() attachment bug
- Added tests
|
|
and update to 0.6 which brings some UI fixes and improvents
|
|
to version 2.0.58. Change since Apache relase 2.0.55:
- Legal: Restored original years in copyright notices.
- mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. Apache#36410.
- core: Prevent read of unitialized memory in ap_rgetline_core.
Apache#39282.
- mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. Apache#11971.
- mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix.
- HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>.
- SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
Apache#37791.
- SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
- Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'.
- Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
- Default handler: Don't return output filter apr_status_t values.
Apache#31759.
- mod_speling: Stop crashing with certain non-file requests.
- keep the Content-Length header for a HEAD with no response body.
Apache#18757
- Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
- Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. Apache#38070.
- mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. Apache#27787.
- mod_cache: Correctly handle responses with a 301 status. Apache#37347.
- mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. Apache#37145.
- Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
- mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. Apache#34452.
- Document the ReceiveBufferSize change done in r157583.
- mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. Apache#37559.
- mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL.
- mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows.
- Write message to error log if AuthGroupFile cannot be opened.
Apache#37566.
- Add ReceiveBufferSize directive to control the TCP receive buffer.
- mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125.
- Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header.
- http_request.c: Add missing va_end call.
- Add httxt2dbm to support/ for creating RewriteMap DBM Files.
- support/check_forensic: Fix temp file usage
- Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets.
- mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
Apache#15242
- Added new module mod_version, which provides version dependent
configuration containers.
- Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
|
|
Zope 3.2.1
Bug fixes
- Fixed issue 573: @form.action(failure='name_of_method') didn't work.
- Fixed issue 568: Typo in basicskin css file.
- Fixed issue 560: Bug in default AddView class.
- Fixed issue 546: non-ASCII docstring cause
System Error in RootErrorReportingUtility.
- Fixed issue 544: VocabularyRegistryError missing import.
- Fixed issue 536: ErrorLogUtility has UnboundLocalError.
- zope.app.testing.functional.defineLayer
+ Use the method param instead of an hardcoded value for the
zcml filename
|
