| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
GNU extension. Depend on GNU coreutils and hardcode the path to
GNU sort.
|
|
changes: translation updates
|
|
changes:
-bugfixes
-translation updates
|
|
changes:
* Fixes a uninitialized value bug
-some dbus related changes not relevant for the pkg yet
-fix for 64bit issue
-manpage update
|
|
Just one change:
- Fixed an issue with playing Windows Media content
|
|
- Fixed an issue with playing Windows Media content
|
|
|
|
0.9.6
------
- Plugins were creatd in toolbar even if they were asked not to in pop up
windows, fixed.
- Fixed Window Orphan and New Window popups so that they don't display
menubars and other uwanted contents.
- Implemented ContentHandler so that we dont see Mozilla's ugly File picker
which did not work for save even! - Now we display our own file picker and
then redirect for mozilla download for those users who opt to use Mozilla's
own MIME info/downloading or direct to user's own downloader.
0.9.5
-----
- Plugin compile was broken, fixed.
- Changed a plugin function (skipstone_load_url) to (skipstone_load_url_cb)
to distinguish from skipstone's internal message.
- Distribution cleanups.
XXX We really should make this package compile with recent firefox/seamonkey
versions, otherwise it will soon become unusable (with mozilla no longer
being maintained). I had a patch to make it compile with Firefox 1.0.x,
but it no longer works for Firefox 1.5.x.
|
|
|
|
|
|
A WikiWikiWeb is a collaborative hypertext environment, with an
emphasis on easy access to and modification of information. MoinMoin
is a Python WikiClone that allows you to easily set up your own wiki,
only requiring a Python installation.
|
|
Changes:
* Improved stability
* Several security fixes (see below)
* A bug was introduced in SeaMonkey 1.0.2 that sometimes caused the URL bar to
stop working properly when switching tabs. This has been fixed. (Bug 332874)
* If you have more bookmarks on your personal toolbar than there is space for,
the ">>" overflow icon will now display more reliably (Bug 338803)
* If you choose to update SeaMonkey when it notifies you that an update is
available, the update page will load in a more useful browser window (with
navigation buttons and toolbars) (Bug 334903)
Security fixes:
MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-49 Heap buffer overwrite on malformed VCard
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference
For a detailed ChangeLog, see:
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.3/changelog.html
|
|
No changes besides the apache version update.
|
|
Changes with Apache 1.3.37
*) SECURITY: CVE-2006-3747 (cve.mitre.org)
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
written out of bounds. Reported by Mark Dowd of McAfee.
[Mark Cox]
|
|
has been re-generated.
|
|
(Don't bump because this must have never been built since 1.5.0.5 update.)
|
|
security problems with 1.5.0.4. No functional changes at all in the
package -- this is purely a security update.
See CERT advisory TA06-208A (last revised July 27) for details.
|
|
when installing a binary package. Problem pointed out by Lubomir Sedlacik
in private e-mail.
Bump package revision because of this fix.
|
|
|
|
to version 2.0.59. Changes since *2.0.58:
- SECURITY: CVE-2006-3747 (cve.mitre.org)
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
written out of bounds. Reported by Mark Dowd of McAfee.
|
|
to fetch the file. This completes the renaming described in revision
1.1799 of bsd.pkg.mk.
|
|
If ${FILESDIR}/getsite.sh exists, then use it to determine the fetch
URL for each of the distfiles for the package. Otherwise, use
SITE_<file> and MASTER_SITES, in order, to determine the URL for each
distfile.
If the script path differs from ${FILESDIR}/getsite.sh, then set
DYNAMIC_SITE_SCRIPT to the full path to that script.
Remove the need to set DYNAMIC_MASTER_SITES explicitly in the package
Makefile for:
graphics/ns-cult3d
wm/sawfish-themes
www/apache-tomcat55
www/jakarta-tomcat4
www/jakarta-tomcat5
|
|
- Improvements to product stability
- Several security fixes:
MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined
"new Object()"
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference
|
|
* Changes unknown
|
|
changes:
-bugfixes
-documentation improvements
-Added a gconf key to disable DBUS if necessary
|
|
- Fix display problem with comment preview.
- Add afrikaans language support.
|
|
Fixes PR 34060.
Changes unknown.
|
|
pkgsrc release engineering team.
- Keep current directory with DEINSTALL and INSTALL script.
- remove extra processing with POST-DEINSTALL action from DEINSTALL script.
- Suggest use of additional graphic package.
- Add APACHE_GROUP to BUILD_DEFS.
- install ${GEEKLOG_EXAMPLESDIR}/createdb.php with INSTALL_SCRIPT.
Bump PKGREVISION.
|
|
is controlled properly
Fix by Takahiro Kambe in private mail.
Bump to nb1.
|
|
|
|
Version 1.2.15 (same as ap-jk)
|
|
into Makefile.common to be used by upcoming ap2-jk package. Bump package
revision
|
|
since they always need a C compiler, even when the source code is
completely in C++.
For some other packages, stated in the comment that a C compiler is
really not needed.
|
|
Compared with previous gzipped version, no change.
Fixes bulk build, because it will be able to download the file again :)
|
|
2006-04-28 Gisle Aas
Release 3.54
Yaakov Belch discovered yet another issue with <script> parsing.
Enabling of 'empty_element_tags' got the parser confused
if it found such a tag for elements that are normally parsed
in literal mode. Of these <script src="..."/> is the only
one likely to be found in documents.
<http://rt.cpan.org//Ticket/Display.html?id=18965>
2006-04-27 Gisle Aas
Release 3.53
When ignore_element was enabled it got confused if the
corresponding tags did not nest properly; the end tag
was treated it as if it was a start tag.
Found and fixed by Yaakov Belch
<http://rt.cpan.org/Ticket/Display.html?id=18936>
2006-04-26 Gisle Aas
Release 3.52
Make sure the 'start_document' fires exactly once for
each document parsed. For earlier releases it did not
fire at all for empty documents and could fire multiple
times if parse was called with empty chunks.
Documentation tweaks and typo fixes.
2006-03-22 Gisle Aas
Release 3.51
Named entities outside the Latin-1 range are now only expanded
when properly terminated with ";". This makes HTML::Parser
compatible with Firefox/Konqueror/MSIE when it comes to how these
entities are expanded in attribute values. Firefox does expand
unterminated non-Latin-1 entities in plain text, so here
HTML::Parser only stays compatible with Konqueror/MSIE.
Fixes <http://rt.cpan.org/Ticket/Display.html?id=17962>.
Fixed some documentation typos spotted by william at knowmad.com.
<http://rt.cpan.org/Ticket/Display.html?id=18062>
|
|
1.81 2006-05-23
- Don't unconditionally try to require packages in Apache::Session::Flex
(Dave Rolsky).
|
|
Changes with Apache 1.3.36
*) Reverted SVN rev #396294 due to unwanted regression.
The new feature introduced in 1.3.35 (Allow usage of the
"Include" configuration directive within previously "Include"d
files) has been removed in the meantime.
(http://svn.apache.org/viewcvs?rev=396294&view=rev)
Changes with Apache 1.3.35
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) core: Allow usage of the "Include" configuration directive within
previously "Include"d files. [Colm MacCarthaigh]
*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti [Mark Cox]
*) mod_cgi: Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
|
|
* Honor PKG_SYSCONFDIR, VARBASE, and PKGMANDIR.
Bump the PKGREVISION to 1.
|
|
had actually been ignoring LTCONFIG_OVERRIDE anyway and just using
the default LIBTOOL_OVERRIDE to replace libtool scripts in packages.
This just formalizes the fact that LTCONFIG_OVERRIDE is not used
meaningfully by pkgsrc.
|
|
processing from mk/fetch/*.mk.
|
|
Ride the previous nb bump
|
|
Fix for CVE-2006-3011
Include our own pear.sh from the tarball but slightly hacked to get around
memory isses on installation.
|
|
JAlbum is now fitted with a small web server that allows you to instantly
share your albums with friends. This means no more publishing.
|
|
version: 0.18
date: Wed Mar 8 02:06:47 PST 2006
changes:
- Made Test.Base stuff its own module. Now Jemplate relies on that module.
- Christian Hansen added a simple daemon for running tests.
- Cees Hek added all hash virtual methods (except `import` which caused
major grief)
- Cees monkeyed around in the Stash lookup code
- Yann K implemented the `replace` filter
- Ingy made `foo.bar()` always call a method `bar`.
- Ingy completely refactored Test.Base and then proceeded to refactor the
Jemplate test suite in kind.
- gugod pulled over some uri escaping code from Kwiki
- chansen tweaked the daemon to honor caching rules
- Cory Bennett fixed some bug having to do with a Javascript String object.
- Cees fixed the defaults for the `indent` and `truncate` filters.
- Stephen Howard reported that Jemplate was not localising the stash for
the INCLUDE directive, and he even supplied a patch, but Ingy had
already made the fix.
- Ingy played with the Stash lookup code and hopefully got it just perfect.
- Ingy added support for the DEFAULT directive.
- Lots more tests in this release.
|
|
It fixes cross-site-scripting security problem.
Geeklog 1.4.0sr5
JPCERT/CC informed us about a possible XSS in the comment handling that we're
fixing with this release.
|
|
|
|
|
|
Major changes compared to Horde 3.1.1 are:
* Security Fixes
- Closed XSS problems in dereferrer (IE only), help viewer and problem
reporting screen.
- Removed unused image proxy code from dereferrer.
* Bugfixes and improvements
- Added configuration option to disable GET-based sessions.
- Added Oracle and generic SQL upgrade scripts.
- Improved default charset support.
- Improved API and RPC interface.
- Fixed the preference cache.
The full list of changes (from version 3.1.1) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.231&r2=1.515.2.252&ty=h
|
|
|
|
NO_CONFIGURE.
|
