| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.
This package tracks 2.4.x release.
|
|
|
|
builds on several contributed code bases (nWidgets, Burstlib, f(m)),
which is why we refer to it sometimes as a "unified" toolkit. Dojo
aims to solve some long-standing historical problems with DHTML
which prevented mass adoption of dynamic web application development.
|
|
in case certificates are not installed reported by David Holland
|
|
|
|
This is API incompatible to pkgsrc/www/librest, and can coexist.
|
|
=== RELEASE 2.6 ===
Sat Apr 7 03:54:41 CEST 2012 mikulas:
Fixed reads and writes out of memory in the xbm decoder
It may have security implications
Mon Apr 2 05:34:15 CEST 2012 mikulas:
Fixed character set in the window title in X11
Fri Mar 30 05:10:32 CEST 2012 mikulas:
Check EINTR after each syscall to work around non-working SA_RESTART
on some old Unices
Wed Mar 28 22:11:23 CEST 2012 mikulas:
Fixed access out of allocated memory in the graphics renderer.
It may have security implications --- although just two characters
('-' and 0) were written to the unallocated area.
Tue Mar 27 21:49:38 CEST 2012 mikulas:
Fixed an infinite loop in usemap when invalid html tag was processed
Sun Mar 25 04:46:43 CEST 2012 mikulas:
Fixed a crash if the user runs links with pipe on stdin
Sun Mar 25 02:42:11 MET 2012 mikulas:
Fixed inefficiency when moving or dragging mouse over big documents
Sat Mar 24 01:26:05 CET 2012 mikulas:
Fixed inefficiency when displaying documents with long lines
Wed Mar 7 23:02:27 CET 2012 mikulas:
Fix copy and paste of Unicode characters to/from Xwindow
clipboard
Tue Feb 28 21:04:51 CET 2012 mikulas:
Fixed visual glitches in the select box in text-mode UTF-8
Sun Feb 26 18:31:17 MET 2012 mikulas:
Use key ' to move forward
Thu Feb 23 23:13:35 CET 2012 mikulas:
Fixed access out of memory when pasting too long string from
a clipboard
Thu Feb 23 00:52:09 CET 2012 mikulas:
The NSS encryption library can cause browser lockup. Add a warning.
The user should use OpenSSL instead of NSS.
Wed Feb 22 23:11:45 CET 2012 mikulas:
Fix for big endian Xserver
Tue Feb 21 03:03:33 MET 2012 mikulas:
Restrict textarea and input field width to screen size minus margins
Tue Feb 21 00:29:09 CET 2012 mikulas:
Fixed saving formatted document when UTF-8 is used
Sun Feb 19 22:24:20 MET 2012 mikulas:
Fixed a crash if the user selected "Frame at full-screen" in the menu
and there was no page displayed in the current frame
Mon Feb 13 19:35:07 MET 2012 mikulas:
Reload bookmarks if some other Links instance changes them
Mon Feb 13 18:37:41 MET 2012 mikulas:
Fixed some messages about decompression errors when http authentication
and compression was used at the same time
Sun Feb 12 18:32:26 MET 2012 mikulas:
Display filename and percentage in the download menu
Sun Feb 12 17:50:01 MET 2012 mikulas:
Fixed divide-by-zero crash in the download code
Sun Feb 12 15:22:12 MET 2012 mikulas:
Continue downloads to partially downloaded file
Tue Feb 7 07:13:49 MET 2012 mikulas:
Add information about versions of libraries
Tue Feb 7 00:39:28 cet 2012 mikulas:
Fixed visual glitches in the list editor
Sun Feb 5 20:35:43 cet 2012 mikulas:
Fixed integer overflows if file cache has more than 2GB
Mon Jan 23 21:54:19 MET 2012 mikulas:
Don't compact <br> tags inside <pre> (fixes line numbers in
source code viewer on github)
Mon Jan 23 03:23:07 CET 2012 mikulas:
Support non-english keyboard in the Xwindow driver
Sun Jan 15 01:42:59 cet 2012 mikulas:
When opening a new window, copy html options from the existing session
Sat Jan 14 22:59:53 cet 2012 mikulas:
Support #! translation according to Google specification
Thu Jan 5 02:43:42 CET 2012 mikulas:
Fixed reading of a freed memory if the user deletes a user program
while a query box with user programs is displayed
Fri Dec 30 15:34:11 MET 2011 mikulas:
Allow the user to set local IP address
Thu Dec 29 18:41:51 MET 2011 mikulas:
Allow the user to change colors
|
|
${PLIST.eggfile} from PLISTs and support code from lang/python.
|
|
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
|
|
course unless fixed. As far as anyone has been able to figure out so
far, this is actually an older version of devel/SOPE.
|
|
|
|
** Add NetBSD and DragonFly uname etc.
* Readd enigmail distfile
|
|
Update Japanese, Latvian, Romanian and Slovak language files.
|
|
(fix CVE-2011-4858)
Tomcat 5.5.35 (jim)
Catalina
* Make configuration issues for security related Valves and Filters
result in the failure of the valve or filter rather than just a
warning message. (markt)
* Ensure changes to the configuration of the RemoteHostValve and the
RemoteAddrValve via JMX are thread-safe. (markt)
* In RequestFilterValve (RemoteAddrValve, RemoteHostValve): refactor
value matching logic into separate method and expose this new method
isAllowed through JMX. (kkolinko)
* Improve performance of parameter processing for GET and POST requests.
Also add an option to limit the maximum number of parameters processed
per request. This defaults to 10000. Excessive parameters are ignored.
Note that FailedRequestFilter can be used to reject the request if
some parameters were ignored. (markt/kkolinko)
* New filter FailedRequestFilter that will reject a request if there
were errors during HTTP parameter parsing. (kkolinko)
* 52384: Do not fail with parameter parsing when debug logging is
enabled. (kkolinko, jim)
* Do not flag extra '&' characters in parameters as parse errors.
(kkolinko, jim)
* Slightly improve performance of UDecoder.convert(). Align %2f handling
between implementations. (kkolinko)
* 52225: Fix ClassCastException when adding an alias for an existing
host via JMX. (kkolinko)
* Do not throw an IllegalArgumentException from a parseParameters() call
when a chunked POST request is too large, but treat it like an IO
error. (kkolinko)
* Add SetCharacterEncodingFilter (similar to the one contained in the
examples web application) to the org.apache.catalina.filters package
so it is available for all web applications. (kkolinko)
General
* Update Eclipse compiler to 3.7 and switch to using ecj.jar. (markt)
Coyote
* Improve multi-byte character handling in all connectors. (rjung)
Jasper
* 52335: Only handle <\% and not \% as escaped in template text. (markt)
Webapps
* 52049: Improve setup instructions for running as a Windows service:
correct information on how a JRE is identified and selected.
(kkolinko)
* 52172: Update Tomcat build instructions. Includes changes proposed by
bmargulies. (kkolinko)
* 52243: Improve windows service documentation to clarify how to include
# and/or ; in the value of an environment variable that is passed to
the service. (markt)
Other
* 52059: Ensure Windows registry keys are removed when using the
un-install option of the Windows installer. (markt)
|
|
* Patches are borrowed from deve/xulrunner
|
|
* Add LDFLAGS.FreeBSD like DragonFly.
|
|
=== Changes since 1.17.2 ===
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as padleft.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Fix security problem of https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/.
2012-03-28 a1b80e1 [RELEASE] Release of TYPO3 4.6.7 (TYPO3 v4 Release Team)
2012-03-28 892bbbc #22748 [SECURITY] Missing escaping for sys_notes (Georg Ringer)
2012-03-28 351084b #25246 [!!!][SECURITY] XSS in filelink element (Georg Ringer)
2012-03-28 5943c54 #29060 [SECURITY] Information disclosure showing DB name (Georg Ringer)
2012-03-28 42cb07b #29397 [SECURITY] XSS in show item (Christian Kuhn)
2012-03-28 8448714 #24474 [SECURITY] Missing escaping in scheduler (Georg Ringer)
2012-03-28 a5e14b2 #30940 [SECURITY] XSS in BE file list (Christian Kuhn)
2012-03-28 7451b95 #30188 [SECURITY] XSS possibility in RemoveXSS (Andreas Wolf)
2012-03-28 5491a24 #29536 [SECURITY] XSS in be_layouts (Georg Ringer)
2012-03-28 a6a9206 #30969 [SECURITY] XSS for extension meta data in About module (Oliver Klee)
2012-03-28 d6f9c2a [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-03-28 f4ae450 #35260 [BUGFIX] Missing column in t3lib_TCEmain::getPreviousLocalizedRecordUid (Francois Suter)
2012-03-25 ddad96b #34771 [TASK] Add missing sql_free_result in alt_doc.php (Wouter Wolters)
2012-03-24 cb92327 #35176 [BUGFIX] Tooltips for items in groupfields are not moved (Jigal van Hemert)
2012-03-23 fa992c7 #35160 [TASK] Code clean-up in t3lib_PageRenderer (Oliver Hader)
2012-03-23 2a968b2 #33791 [BUGFIX] Blank page after Save+Close in page settings (Stefan Galinski)
2012-03-18 b5d1b80 #32756 Revert "[BUGFIX] showAccessRestrictedPages doesn't replace links to restricted subpages" (Helmut Hummel)
2012-03-17 bc18ac6 #30847 [BUGFIX] Fix baseurl handling of IE with RTE htmlArea in FE and realurl (Stanislas Rolland)
2012-03-16 de9937b #34662 [BUGFIX] Fatal error 't3lib_lock' does not exist (Oliver Hader)
|
|
Fix security problem of https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/.
2012-03-28 c8acf67 [RELEASE] Release of TYPO3 4.5.14 (TYPO3 v4 Release Team)
2012-03-28 1d769c4 #22748 [SECURITY] Missing escaping for sys_notes (Georg Ringer)
2012-03-28 b128c41 #30969 [SECURITY] XSS for extension meta data in About module (Oliver Klee)
2012-03-28 4dc50cb #29397 [SECURITY] XSS in show item (Christian Kuhn)
2012-03-28 7b4e3cb #24474 [SECURITY] Missing escaping in scheduler (Georg Ringer)
2012-03-28 d9065bd #30940 [SECURITY] XSS in BE file list (Christian Kuhn)
2012-03-28 0b925b6 #30188 [SECURITY] XSS possibility in RemoveXSS (Andreas Wolf)
2012-03-28 e8ceb36 #25246 [!!!][SECURITY] XSS in filelink element (Georg Ringer)
2012-03-28 fa6a103 #29536 [SECURITY] XSS in be_layouts (Georg Ringer)
2012-03-28 784ffda #29060 [SECURITY] Information disclosure showing DB name (Georg Ringer)
2012-03-28 a4d4c22 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-03-28 45472a9 #35260 [BUGFIX] Missing column in t3lib_TCEmain::getPreviousLocalizedRecordUid (Francois Suter)
2012-03-26 7689dca #35158 [TASK] Clean-up PHPdoc comments in t3lib_PageRenderer (Kai Vogel)
2012-03-26 afdbb20 #35159 [BUGFIX] Instance properties are defined statically (Kai Vogel)
2012-03-25 0c5402a #34771 [TASK] Add missing sql_free_result in alt_doc.php (Wouter Wolters)
2012-03-25 c828d02 #35176 [BUGFIX] Tooltips for items in groupfields are not moved (Jigal van Hemert)
2012-03-24 0b32e02 #33791 [BUGFIX] Blank page after Save+Close in page settings (Stefan Galinski)
2012-03-23 35153e9 #35160 [TASK] Code clean-up in t3lib_PageRenderer (Oliver Hader)
2012-03-22 c59bd15 #35148 [BUGFIX] Non-static methods in t3lib_cache are called statically (Steffen M«äller)
2012-03-22 7059684 #30050 [BUGFIX] t3lib_div should contain only static methods (Jigal van Hemert)
2012-03-18 8ae8604 #32756 Revert "[BUGFIX] showAccessRestrictedPages doesn't replace links to restricted subpages" (Helmut Hummel)
2012-03-17 f25023e #30847 [BUGFIX] Fix baseurl handling of IE with RTE htmlArea in FE and realurl (Stanislas Rolland)
2012-03-16 56ef45d #34662 [BUGFIX] Fatal error 't3lib_lock' does not exist (Oliver Hader)
|
|
Release notes
Release date: 2012-03-27
Opera 11.62 is a recommended upgrade offering security and stability enhancements.
Changes since Opera 11.61
User interface
Fixed
* Find in page (Ctrl + F) uses last used Find inline type
* Address field focus lost on restart when installing extensions with a
toolbar button
* Submit data-security-warning locks page with two warning dialogs where
only one can be closed
* No window control buttons on the menu bar when disabling the close button
on tabs
* Inefficient loading order of resources
* PDF and SVG options offered in GTK print dialog but not supported
* Opera clipboard incompatible with Synergy/VNC/rdesktop/VMware/VirtualBOX
* Sluggish file dialog in GTK
* No GTK toolkit support under FreeBSD 9
Improved
* Updated tr/hu/cs language strings
Display and scripting
Fixed
* Some progressive JPEGs aren't decoded properly
* Crash when inspecting a UserJSEvent object in Dragonfly
* Facebook chat scrolling problems
* Text cursor position lost when clicking to focus on a search match inside
a textarea
* Error message when sending mail at centrum.cz
* IDNs starting with number are shown with punycode in address bar
* Crash when posting message to extension background process
Mail, news, chat
Fixed
* Selected message not consistent on layout switching
* Last selected message is forgotten through a restart
* Scrolling or switching view is slow when there are messages with many
addressees
* Occasional crash when navigating message list
Network
Fixed
* Support Ctrl+F5 and Shift+F5 for unconditional reload of web page (bypass
cache)
* URL Turbo mode header reduction generates invalid HTTP messages
Presto 2.10 rendering engine
Encoding improvements
* Changed multi-byte encodings to be non-greedy when encountering invalid
byte sequences, which is more compatible with other implementations
Security
Fixed
* Fixed an issue where small windows could be used to trick users into
executing downloads, as reported by Jordi Chancel; see our advisory:
http://www.opera.com/support/kb/view/1010/
* Fixed an issue where overlapping content could trick users into executing
downloads, as reported by Jordi Chancel; see our advisory:
http://www.opera.com/support/kb/view/1011/
* Fixed a printing issue which could allow data leaks to other system users,
or allow them to corrupt data, as reported by Christof Meerwald; see our
advisory:
http://www.opera.com/support/kb/view/1015/
* Fixed an issue where history.state could leak the state data from cross
domain pages; see our advisory:
http://www.opera.com/support/kb/view/1012/
* Fixed an issue which could allow web page dialogs to display the wrong
address in the address field; see our advisory:
http://www.opera.com/support/kb/view/1013/
* Fixed an issue where carefully timed reloads and redirects could spoof the
address field, as reported by Jordi Chancel; see our advisory:
http://www.opera.com/support/kb/view/1014/
|
|
|
|
|
|
For example, fix build on DragonFly 3.0.1.
See https://bugzilla.mozilla.org/show_bug.cgi?id=621446
|
|
Requested by Moritz Wilhelmy on IRC.
Vulnerabilities fixed:
* CVE-2011-2191
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee
before 1.2.99 allows remote attackers to hijack the authentication of
administrators for requests that insert cross-site scripting (XSS) sequences,
as demonstrated by a crafted nickname field to vserver/apply.
* CVE-2011-2190
The generate_admin_password function in Cherokee before 1.2.99 uses time and
PID values for seeding of a random number generator, which makes it easier
for local users to determine admin passwords via a brute-force attack.
New features (excerpt):
* Caching policies support
* Custom header can be defined inside rules
* Improved Index Page
* Kqueue is now used by default on MacOS X and *BSD
* New option to disable the use of SSLv2
* Wild cards are now supported in dirlist fields
* Redirection entries can be reordered
* ${vserver_name_req} in logger 'Custom'
* Cherokee-admin can be shut down from within
* TLS/SSL supports the 'IP per VServer' workaround now
* Virtual Server complex match support (OR rules)
* Redirection error handler has a 'default' option now
* New ${root_domain} macro in Advanced Virtual Hosting
* Failover load balancing plug-in
* cherokee-admin-launcher tool
* Information Source name resolution pre-caching
* Gzip and Default is configurable now (#1054)
* ${http_host}, ${http_referrer}, and ${http_user_agent} (#896)
* Much better OPTIONS support
* Documentation improvements
* Information Sources can be reordered now (*CGI handlers)
* X-Sendfile and X-Accel-Redirect support in the proxy
* Shared memory implementation (no longer SysV) (#537)
* Logger custom. New macro: ${http_cookie}
* Virtual Host regex group replacement (^ parameters)
* --with-cgiroot in configure
* -i / --disable-iocache param in cherokee-admin
* 'Server Info' extended to support accepts and timeouts
* cherokee-admin-launcher accepts SIGHUP now
* CTK_COOKIE security enhancement
* Enhanced pre-saving validations
* Interpreter env. vars can embedded $VARs evaluation
* QA bench can be run without installing Cherokee first
* OS tuning documentation
* Regex against full header match
* Nick name match is optional on VServers (#1075)
* Front-Line Cache (beta)
* Cherokee Distribution (beta)
* CHEROKEE_TRACE special "from=<ip>" support
* SSL/TLS Wizard
* SSI recursive includes
* "UNIX socket in a abstract namespace" support
* Adds SHA512 support to the MySQL validator
* HSTS (HTTP Strict Transport Security) support
|
|
* Update "used by" in comments.
|
|
Please switch to contao211 (or contao210).
|
|
Please switch to contao211 (or contao210).
|
|
Please switch to contao211 (or contao210).
|
|
|
|
Since 2.0 RC 1
----------------
bugfix: Uploading files fom CKEditor.
bugfix: Some data was not save creating a company.
bugfix: Error produced from documents tab - New Presentation.
bugfix: Problems with task dates in some views.
bugfix: Fatal error when you post a comment on a task page.
bugfix: Generation of task repetitions in new tasks.
bugfix: Do not let assign tasks (via drag & drop) to users that doesn't have permissions.
usability: Interface localization improvements.
system: Performance improvements.
Since 2.0 Beta 4
----------------
bugfix: Extracted files categorization
bugfix: When adding workspaces
bugfix: Breadcrumbs were not working fine all the time
bugfix: Being able to zip/unzip files
security: JS Injection Slimey Fix
system: .pdf and .docx files contents search
system: Improvement when creating a new user
system: Plugin update engine
system: Plugin manager console mode
system: Search in file revisions
system: Import/Export contacts available again
system: Import/Export events available again
system: Google Calendar Sync
system: Improvement on repeating events and tasks
system: Cache compatibility (i.e.: with APC)
usability: Completing a task closes its timeslots
usability: Task progress bar working along the timeslots
usability: Being able to change permissions in workspaces when editing
Since 2.0 Beta 3
----------------
bugfix: Several changes in the permissions system
bugfix: Invalid sql queries fixed
bugfix: Issues with archived and trashed objects solved
bugfix: Issues with sharing table solved
bugfix: Improved IE7 and IE9 compatibility
bugfix: Several timeslots issues solved
bugfix: IMAP issue solved at Emails module
bugfix: Solved issue with templates
bugfix: Added missing tooltips at calendar
bugfix: Issue when completing repetitive task solved
bugfix: Solved some issues with the Search engine
bugfix: Solved issue with timezone autodetection
buffix: Solved 'dimension dnx' error creating a workspace
usability: Permission control in member forms
usability: Disabling a user feature
usability: Resfresh overview panel after quick add
usability: Langs update/improvement
usability: Drag & Drop feature added
usability: Quick add task added, and improved
usability: Slight improvement with notifications
usability: Avoid double click at Search button (which caused performance issues)
usability: Permissions by group feature added
usability: Simple billing feature added
system: Security Fixes
system: Mail compatibility improved for different email clients
system: Feng 2 API updated
system: General code cleanup
system: Widget Engine
system: Performance improvements in custom reports
system: Print calendar
system: Custom Properties
Since 2.0 Beta 2
----------------
bugfix: Fixed problem uncompressing files
bugfix: Loading indicator hidden
bugfix: Search in mail contents
bugfix: Mail reply js error
bugfix: Filter members associated with deleted objects
bugfix: Fixed permission error creating a contact
usability: Contact View Improvements
usability: Navigation Improvements
system: Permission system fixes
system: Performance issues solved. Using permission cache 'sharing table' for listing
system: Weblinks module migrated
Since 2.0 Beta 1
----------------
bugfix: Fixed problem with context trees when editing content objects
bugfix: Fixed template listing
bugfix: Fixed issues when instantiating templates with milestones
bugfix: Fixed issue deleting users from 'people' and 'users' dimension.
bugfix: Fixed 'core_dimensions' installer
bugfix: Z-Index fixed in object-picker and header
usability: Selected rows style in object picker
system: General code cleanup
Since 1.7
-----------
system: Plugin Support
system: Search Engine performance improved
system: Multiple Dimensions - 'Workspaces' and 'Tags' generalization
system: Database and Models structure changes - Each Content object identified by unique id
system: Email removed from core (Available as a plugin)
system: User Profile System
feature: PDF Quick View - View uploaded PDF's
usability: Default Theme improved
usability: Customizable User Interface
|
|
|
|
libmediawiki is a KDE C++ interface for MediaWiki based web service as
wikipedia.org
This library is used by kipi-plugins and digiKam.
|
|
changes:
-new: duplicate line and delete line
-Catalan translation
-bugfixes and minor improvements
|
|
change: minor D&D fix
(I know, 1.8 is out. I've tested and found it too sluggish.)
|
|
Fix "make package" on DragonFly/i386 3.0.1.
|
|
Otherwise only builds with native PAM.
|
|
Bump PKGREVISION.
|
|
Zope 3.3.1 is EOL and the package itself isn't maintained for long time.
Since newer Plone and Zope introduce their own install framework, it is
difficult to support it in pkgsrc unless someone create some framework.
|
|
|
|
Zope 2.9.12 is EOL and the package itself isn't maintained for long time.
Since newer Plone and Zope introduce their own install framework, it is
difficult to support it in pkgsrc unless someone create some framework.
|
|
Zope 2.10.13 is EOL and the package itself isn't maintained for long time.
Since newer Plone and Zope introduce their own install framework, it is
difficult to support it in pkgsrc unless someone create some framework.
|
|
Zope 2.11.8 is EOL and the package itself isn't maintained for long time.
Since newer Plone and Zope introduce their own install framework, it is
difficult to support it in pkgsrc unless someone create some framework.
|
|
Since newer Plone and Zope introduce their own install framework, it is
difficult to support it in pkgsrc unless someone create some framework.
|
|
Since newer Plone and Zope introduce their own install framework, it is
difficult to support it in pkgsrc unless someone create some framework.
|
|
zope
zope-ejsplitter
zope-jamailhost
zope210
zope211
zope29
zope3
|
|
|
