| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
You do not need nspluginwrapper if the ABI of the plugin and browser are the
same, such as running a 32 bit Linux firefox and flash plugin under NetBSD.
|
|
affected packages.
|
|
Security fix for CVE-2007-1862 sensitive information disclosure
http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
http://issues.apache.org/bugzilla/attachment.cgi?id=20065
|
|
Changes since 2.2a3 [2007/03/17]:
- Fixed support for SHIFT graph command.
- Updated RRDs::fetch usage again (courtesy of Andy Mayhew).
- Saving dashboards could generate bad index entries (reported by Fabien
Wernli).
- Added "Invisible" color (suggested by John Rouillard).
- Dashboard style display for templates broke custom time display of
templates (reported by Mark Noworolski).
- Two typos caused forms to use POST instead of GET (courtesy of Fabien
Wernli).
- The graph editor no longer allowed stacking CDEFs or VDEFs (reported by
John Rouillard).
|
|
w3m 0.5.2 - 2007-05-31
* security fix
- fix format string vulnerability.
* new features
- support gtk2 with w3m-img.
- new option for LiveHTTPHeaders-like logs.
- new option to fontify <del>, <s>, <ins>, and so on.
* other bug fixes
- avoid errors in "configure" and "make".
- '\n' handling in attributes' values of HTML tags.
|
|
Aleksej Saushev in private mail.
Bump PKGREVISION.
|
|
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-12 Crashes with evidence of memory corruption
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.2/changelog.html
|
|
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-13 Persistent Autocomplete Denial of Service
MFSA 2007-12 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.12.html
Note: Firefox 1.5.0.x will be maintained with security and stability updates
until June 2007. All users are strongly encouraged to upgrade to Firefox 2.
|
|
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-13 Persistent Autocomplete Denial of Service
MFSA 2007-12 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.4/releasenotes/
|
|
which causes nbsed on Solaris to create a file of unlimited size. Fixed
by appending a newline.
|
|
pkg-build-options.mk procedure.
|
|
Apache version. The apr buildlink3.mk files take care of this now.
|
|
sets BUILDLINK_INCDIRS.apr, remove custom CPPFLAGS. Use -e for the
SUBST_SED expression to mollify pkglint. Add APACHE_USER and VARBASE
to BUILD_DEFS. Don't try to remove lib/httpd on deinstall, as it
belongs to Apache. Bump PKGREVISION.
|
|
databases/zope-mysql
lang/py-extclass
textproc/py-dtml
www/py-pcgi
www/py-zpublisher
www/zope
No objection from pkgsrc-users.
cVS: ----------------------------------------------------------------------
|
|
Bump package revision because of this new feature.
|
|
It fixes an Important vulnerability.
Changes between 1.2.22 and 1.2.23
Native
Change the default value of JkOptions to ForwardURICompatUnparsed. The
old default value was ForwardURICompat. This should make URL
interpretation between Apache httpd and Tomcat consistent (prevent
double decoding problems). (rjung)
|
|
|
|
MimeTeX, licensed under the gpl, lets you easily embed LaTeX math in your html
pages. It parses a LaTeX math expression and immediately emits the corresponding
gif image, rather than the usual TeX dvi. And mimeTeX is an entirely separate
little program that doesn't use TeX or its fonts in any way. It's just one cgi
that you put in your site's cgi-bin/ directory, with no other dependencies. So
mimeTeX is very easy to install. And it's equally easy to use. Just place an
html <img> tag in your document wherever you want to see the corresponding LaTeX
expression.
|
|
|
|
The Mechanize library is used for automating interaction with
websites. Mechanize automatically stores and sends cookies, follows
redirects, can follow links, and submit forms. Form fields can be
populated and submitted. Mechanize also keeps track of the sites that
you have visited as a history.
|
|
|
|
CGI::Application::Plugin::ValidateRM helps to validate web forms when
using the CGI::Application framework and the Data::FormValidator module.
|
|
CGI::Application::Plugin::DBH adds easy access to a DBI database handle
to your CGI::Application modules. Lazy loading is used to prevent a
database connection from being made if the "dbh" method is not called
during the request. In other words, the database connection is not
created until it is actually needed.
|
|
1.06 - October 13th, 2005
Distinguish between selects with and without the multiple attribute set
(Alexander Hartmaier)
Added warnings to PREREQ_PM
1.05 - December 19th, 2004
Added new tests in 19_extra.t (Vsevolod (Simon) Ilyushchenko)
as part of Phalanx
Make it clearer that doesn't have a CGI.pm dependency.
|
|
|
|
Quanta Plus
* Autocompletion for member variables.
* Fix directory creation in some ftp servers.
* Fix crash when dropping a document template on an Untitled empty
document.
|
|
|
|
security vulnerabilities.
|
|
|
|
|
|
Bump revision.
|
|
pkgsrc's change: improving our README file.
Geeklog 1.4.1
New Features
* Support for Microsoft SQL Server. Starting with this release, Geeklog can
now also be installed on Microsoft SQL Server, so it's no longer restricted
to just MySQL. The MS SQL support was developed by Randy Kolenko. Thanks,
Randy!
Please note that any third-party plugins will have to offer support for MS
SQL before they can be installed on Microsoft SQL Server. The bundled
plugins (Calendar, Links, Polls, Spam-X, Static Pages) have already been
updated accordingly.
* Calendar plugin. The formerly built-in calendar and events have now been
moved into a separate plugin. This complements the move of the polls and
links sections into plugins in Geeklog 1.4.0 and makes Geeklog more modular
as you can now easily disable or replace functionality that you don't need
for your site.
* Multi-language support. It is now possible to build truly multi-linugal
sites with Geeklog where not only the navigation but also the content of
the site changes with the language.
* Ships with FCKeditor 2.3.1, which once again includes a file manager for
uploading images.
* A function for mass-deletion of old or inactive users. The list
automatically searches for users that have never logged in, only used the
site for a very short time or have not been online since a very long time.
The time span can be varied, and found users can be selectively deleted.
Security
In the light of the security issues discovered in Geeklog 1.4.0 and earlier
versions, the Geeklog source code has undergone a code review. We have
identified and addressed several minor issues and introduced new measures to
enhance security in this release. As a welcome side effect, the code reviews
have also uncovered a few bugs and inconsistencies that we also fixed in this
release.
Spam Protection
With this release we are finally removing support for the discontinued
MT-Blacklist. In its place, we are now using a system called Spam Link
Verification (SLV) run by Russ Jones at www.linksleeve.org. SLV could be
described as a community-driven, automatically updated blacklist. See the
documentation of the Spam-X plugin for details.
|
|
Version 1.0.4 (released 10-Apr-2007)
* fix some markup bugs in query views (issue #266)
* fix loginfo-handler's support for CVS 1.12.9 (issues #151, #257)
* make viewvc-install able to run from an arbitrary location
* update viewvc-install's output for readability
* fix bug writing commits to non-MyISAM databases (issue #262)
* allow long paths in generated tarballs (issue #12)
* fix bug interpreting EZT substitute patterns
* fix broken markup view disablement
* fix broken directory view link generation in directory log view
* fix Windows-specific viewvc-install bugs
* fix broke query result links for Subversion deleted items (issue #296)
* fix some output XHTML validation buglets
* fix database query cache staleness problems (issue #180)
|
|
|
|
packages up to date.
|
|
# problem with WWW/Library/Implementation
MAKE_JOBS_SAFE= no
|
|
|
|
Changes to squid-2.6.STABLE13 (11 May 2007)
- Make sure reply headers gets sent even if there is no body available
yet, fixing RealMedia streaming over HTTP issues.
- Undo an accidental name change of storeUnregisterAbort.
- Kill an ancient malplaced storeUnregisterAbort call from ftp.c
- Bug #1814: SSL memory leak on persistent SSL connections
- Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
- Cosmetic fix: added missing newline in WCCPv2 configuration dump.
- Ukrainan error messages
- Convert various error pages from DOS to UNIX text format
- Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
- Clarify the max-conn=n cache_peer option syntax slightly
- Bug #1892: COSS segfault on shutdown
- Windows port: fix undefined ECONNABORTED
- Make refreshIsCachable handle ETag as a cache validator, not
only last-modified
- in_port_t is not portable, use unsigned short instead
- Fix fs / auth / snmp dependencies
- Portability: statfs() may reqire #include <sys/statfs.h>
|
|
pkgsrc, in preparation for gnome1-libs removal(*).
There was no feedback for keeping these packages after my
HEADS UP mail to pkgsrc-users a week ago.
(*) More to come before that can happen, though.
|
|
|
|
|
|
firefox-gtk1-2.0.0.3nb1 now, as discussed with gdt on tech-pkg.
|
|
firefox-bin-2.0.0.3 now, as discussed with gdt on tech-pkg.
|
|
firefox-2.0.0.3nb1 now, as discussed with gdt on tech-pkg.
|
|
and change notes). Firefox 1.5.0.x will be maintained in www/firefox15*,
as discussed on tech-pkg.
|
|
|
|
|
|
2007-05-09 (2.8.6rel.5 fix from 2.8.7dev.5)
* correct loop-limit in print_crawl_to_fd(), which broke
"lynx -crawl -dump" from 2.8.6dev.9 changes (Mandriva #29785) -TD
|
|
Pointed out by Geert Hendrickx on tech-pkg@
|
|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* XSS in phpinfo() (MOPB-8 by Stefan Esser)
|
