| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
server/reverse proxy and mail (IMAP/POP3) proxy.
|
|
Changes:
* Correct Broken Fix for session_fixation attacks
* Ensure that cookies handle array values correctly. Closes #9937 [queso]
|
|
Changes:
* Fix :cookie_only to correctly avoid session fixation attacks (CVE-2007-6077)
* Fix regression where the association would not construct new finder
SQL on sav e causing bogus queries for "WHERE owner_id = NULL" even
after owner was saved.
|
|
- new maintainer
- PKG_DESTDIR_SUPPORT
- ok by joerg
Changelog:
1.29 21 Aug 2007 - Documentation fix to performance hints section.
No functional changes.
1.28 18 Aug 2007 - Improved mod_perl2 handling (patch courtesy of Jeremy Nixon).
Added a ':no_subprocess_env' flag to suppress populating
the %ENV environment hash. Added a 'subprocess_env'
static class method to allow smooth co-existance of
ModPerl2 scripts that use ':no_subprocess_env' with ModPerl2
scripts that do not on the same server.
1.27 25 May 2007 - Added example of a command line 'wrapper' script and
of using environment variables as an alternate way
to test scripts via the command line. Added example
for use with FastCGI. Changed behavior for unsupported
HTTP methods. The module used to 'croak' for unsupported
methods, it now 'carp's instead and treats as a 'GET'
(behavior change at suggestion of Roman Mashirov to support
FastCGI better).
1.26 06 Apr 2007 - Added decoding of Javascript/EMCAScript style unicode
escaped (%uxxxx form) parameter data (both to the main
'param' method and to the 'url_decode'/'url_encode' methods)
at the suggestion of Michael Kröll (the core code for
this additional functionality is derived from CGI.pm).
Fixed META.yml problems introduced with 1.25.
Changed POD/POD Coverage tests to only execute if specifically requested
Added examples directory and scripts
1.25 20 Apr 2006 - Added 'allow_hybrid_post_get' class method. Tweaked file permissions.
Added regression tests for hybrid forms.
1.24 23 Sep 2005 - Added 'Carp' to install requirements. Extended build tests.
Fixed multi-part form decoding bug in handling of degenerate MIME
boundaries. Added fatal errors for mis-calling of param_mime
and param_filename methods.
1.23 18.Sep 2005 - Made Test::More optional in build tests. No functional changes.
1.22 13.Sep 2005 - Changed POD tests to be more friendly to CPANTS.
1.21 11.Sep 2005 - Fixed pod coverage test for compatibility with Perl 5.005.
1.20 11.Sep 2005 - Fixed issue causing mod_perl to issue
'Use of uninitialized value.' warnings.
Extended build tests.
1.19 10.Sep 2005 - Fixed POD Coverage test error.
1.18 08.Sep 2005 - Adjusted prerequiste modules lists. Tweaked code for 'strict'.
Extended regression tests to cover more of the code.
1.17 04 Sep 2005 - More tweaks to regression tests to work around MS-Windows
problems with binary file handles under Perl 5.6.1.
Added 'Build.PL' support back in. Added POD tests.
Minor documentation tweaks.
|
|
- new maintainer
- PKG_DESTDIR_SUPPORT
- ok by joerg
Changelog:
4.06 Wed Apr 12, 2006
(No code changes)
- Updated tests to work with status codes emitted before and after CGI.pm 3.16.
The requirement for CGI.pm 3.16 or newer has been relaxed, so any version
of CGI.pm will do. (Rhesa)
4.05 Wed Mar 1, 2006
(No code changes)
- Updated tests for redirects to check for 'Found', not 'Moved'.
This correctly matches the standard, and was changed in CGI.pm 3.16.
As a result, we now require CGI.pm 3.16 for consistent results.
|
|
fixes problem reported by reinhold ropper for php-gd
|
|
Changes since 0.9.5:
* Fix bug that causes problems with protected attributes and php 5.2
* Fix ttl bug in list_keys
|
|
immediately. For more details, please see the security announcement:
* SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled
In addition to this security vulnerability, the following bugs have been fixed since the 5.2 release:
* 178478 by scor: typo in text displyed when the DB is installed but not accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order comments by cid (ie. original submission order) instead of timestamp (ie. last editing time order) to avoid comments jumping around when being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in install system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited accounts so they are exempt from the spam protection we have for accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
|
|
MESSAGE accordingly and bump PKGREVISION for ap2-fastcgi only.
|
|
Remove patch -- make changes using SUBST_SED framework.
Add imagemagick as an option (not on by default).
Add perl:run for USE_TOOLS.
Add another script to REPLACE_PERL.
Get rid of most of post-install target and let the ikiwiki Makefile
do the installation.
Too many changes from CHANGELOG to list. Here are the most recent:
ikiwiki (2.15) unstable; urgency=low
* Add a new ikiwiki-makerepo program, that automates setting up a repo
and importing existing content for svn, git, and mercurial. This makes
the setup process much simpler.
* Reorganised git documentation.
* Actually install the ikiwiki-update-wikilist program.
* Improve workaround for perl bug #376329. Rather than double-encoding,
which has been reported to cause encoding problems (though I haven't
reproduced them), just catch a failure of markdown, and retry.
(The crazy perl bug magically disappears on the retry.)
Closes: #449379
* Add umask configuration option. Closes: #443329
-- Joey Hess <joeyh@debian.org> Sat, 01 Dec 2007 11:44:01 -0500
ikiwiki (2.14) unstable; urgency=high
* Let CC be used to control what compiler is used to build wrappers.
* Use 'cc' instead of gcc as the default compiler.
* Security fix: Ensure that there are no symlinks anywhere in the path
to the top of the srcdir. In certian unusual configurations, an attacker
who could commit to one of the parent directories of the srcdir could
use a symlink attack to cause ikiwiki to publish files elsewhere in the
filesystem. More details at <http://ikiwiki.info/security/#index29h2>
-- Joey Hess <joeyh@debian.org> Mon, 26 Nov 2007 15:26:06 -0500
|
|
Add apache SVN revision 574884 to fix garbage characters in Server header
http://issues.apache.org/bugzilla/show_bug.cgi?id=43334
When it hits, this issue can completely screw up returned pages if the
Server header gets embedded newlines
|
|
Security fixes in this version:
MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.7/
|
|
release was announced).
|
|
Changes to squid-2.6.STABLE17 (26 Nov 2007)
- Fix compile error with old GCC 2.x or other ANSI-C compilers before
C99
- Mention the login= cache_peer option in release notes
- Fix bad cache_peer example in squid.conf
- Bug #2086: Fix a compile-time memory corruption error causing cf_gen
to fail
- Bug #2048: Clarify high_memory_warning usage
- Reject DNS responses which result in no data
- Fix version number in configuration manual
- Move cache and request/reply_header_max_size to their proper
sections
- Bug #2088: sbrk statistics broken when process size >2GB
- Move logopen() much earlier to have fatal startup errors sent to the
proper syslog facility
- Fix HTTP/0.9 responses
- Correct bad example config for tos_outgoing_tos
- Fix grammar in description of mail_program squid.conf option
- Ignore Content-Length in chunked responses instead of rejecting the
response as invalid
- Documented that http_port no longer have a default
- Cleanup of cache digest documentation
- Make aufs store rebuilding back off a little if I/O load too high
- Bug #2100: Respect DNS ttl=0
- Update udp_(incoming|outgoing)_address documentation to reflect
current bahaviour.
- Update HTCP documentation
- Document the overlapping helper request format
- Change priority of proxy auth and extacl provided username in
login=*:pass
- pack header entries on cache updates
- Make squid_db_auth reopen the database connection on each query by
default
- Improve helper debug ouput, including the channel number
- Update cachePeerEntry MIB description to mention what is used as
index key
- Import squid_radius_auth for authenticating to RADIUS
|
|
|
|
|
|
|
|
This update fixes a bug introduced by the 2.0.0.10 update in the <canvas>
feature that affected some web pages and extensions.
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.11/releasenotes/
|
|
meant: I need Orbit.
|
|
|
|
|
|
|
|
now, so I decremented the PKGREVISION and I will revisit this later.
Sorry for any confusion.
|
|
GPM (which we do not support) and its lovely signal handler.
See my comment in main.c for more information. This fixes the extremely
annoying behavior I've been noticing on NetBSD-current where links seems to
send a SIGSTP to any jobs attempting to use its terminal after it received
a SIGSTP.
Bump rev.
|
|
changes:
-bugfixes
-translation updates
|
|
changes:
-bugfixes
-translation update
|
|
Security fixes in this version:
MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.10/releasenotes/
|
|
|
|
|
|
that just because the OS is Darwin we don't want aliases.
This adds an options.mk so that if users want to they can install the
aliases on Darwin.
No change in the defaults
|
|
|
|
At least "HEAD" causes problems on a case-insensitive filesystem because
it will be confused with "/usr/bin/head". Bump package revision.
|
|
PKGREVISION++
|
|
|
|
changes: bugfixes
|
|
|
|
|
|
Remove lib/httpd from PLIST, as apache claims it.
Upstream does not provide NEWS or ChangeLog, and the changes seem to
be various bugfixes.
|
|
Fix install permissions to silence checkperms
In brief:
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host Manager. Reported by Daiki Fukumori. (markt)
Fix NPE when a ResourceLink in context.xml tries to override an env-entry in web.xml. (markt)
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples. Reported by Toshiharu Sugiyama. (markt)
Add some additional mime-type mappings. (markt)
Ensure JARs in webapps are scanned for TLDs when the Tomcat installation path contains spaces. (markt)
Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
For all the details see:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
|
|
pkgsrc-users.
|
|
on tech-pkg. Thanks to various people for all the input.
|
|
v3.1.5
------
[cjh] Fix identity javascript when some fields are disabled
(veikko@immonen@otaverkko.fi, Bug 5595).
[cjh] Disable the Turkish locale if using PHP 5 (see
http://bugs.php.net/bug.php?id=35050).
[jan] Improved webroot detection (Request 4126).
[jan] Fix selecting the language on the login screen (Bug 5098).
[jan] Fix searching for single quotes in email headers (qa@cpanel.net, Bug
4854).
[jan] Fix portal layouts with more than one horizontally expanded block per
row.
|
|
Full changelog from 2.22 is too long to list here,
so only latest changes.
2.28 Mon 2005-08-08
- Updating date-picker man page to document -Label option required.
- Added code to make sure that javascript attributes get output on the span
code when displaying a read-only text element.
- Make sure the -onload/-onunload/-onbeforeunload code gets processed even
for a read-only form item.
- Updated the POD documentation to group select and radio -Type options
together for generate().
- Added setBodyAttribute() so you can define a custom attribute that doesn't
have a helper method and have it apply to the <body> tag. The attribute
must be a known html attribute to be applied.
- Used formProtect() to make sure that the input fields do not lose any
special user input like, ", &, etc.
- Added javascriptReadOnly to allow a read-only form to allow/disallow
javascript from being generated.
- Improved read-only output of hidden tags that have an array of values.
- Added qw() function to the form_methods.js file to make creating an array
from a space seperated string much easier, ala perl.
- Removed the -WidgetOptions hash and made what used to be the contents of
that hash be - (dash) prefixed. Internally, those arguments will be
converted back to the name that the Widgets method is expecting. Sorry
if this causes any problems. :)
- Tacked any onchange code for a calculator widget to my onchange code.
- formEncode()/formEncodeString() now can handle multiple sequences that you
want to ignore.
- Fixed datePicker validation code. Closes bug #1285443.
- calcDatePrev/Next now calls the onchange code if the date form field has
one defined. Closes bug #1286269.
|
|
Fixes a number of regressions introduced in 1.1.5. No details given.
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.6/
|
|
From Zafer Aydogan in PR 37342.
|
|
From Zafer Aydogan in PR 37340.
|
|
From Zafer Aydogan in PR 37341.
|
|
From Zafer Aydogan in PR 37339.
|
|
=== RELEASE 2.1pre31 ===
Sat Oct 27 02:52:07 CEST 2007 mikulas:
Some newer Linuxes unfortunatelly do not send SIGCONT when running
process is brougt to foreground with 'fg' command. So implement 0.5s
polling to test if we're on foreground.
Wed Oct 24 03:41:19 MET 2007 mikulas:
Do not request compression for files with .Z, .gz or .bz2 suffix
--- some servers will compress them again
Wed Oct 24 03:16:43 MET 2007 mikulas:
Support HTTP/0.9 (without header)
Mon Oct 22 18:35:16 MET 2007 mikulas:
In case of non-restartable connection, proceed with the connection
even if the server is on blacklist
Mon Oct 22 02:00:13 MET 2007 mikulas:
An option to disallow non-proxy connections (for anonymization via tor
or similar services)
Sat Oct 20 22:08:02 MET 2007 mikulas:
Turn off compression if the server closes the connection prematurely
Some servers errorneously send the size of uncompressed data
Sat Oct 13 18:19:45 MET 2007 mikulas:
An option to disable compression. Disable compression automatically for
a given server if links receives errorneous compressed data
Mon Sep 17 03:59:33 CEST 2007 mikulas:
Break ansi aliasing on ICC 10 with -ipo
Empty function call was not enough to break it
Fri Sep 7 00:00:29 MET 2007 mikulas:
When the connection dies after the last received byte, do not send
"Range:" header in retry request --- servers don't like "Range" pointing
after the last byte
|
