| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
is the same anyway, use ftp download only as a workaround.
|
|
PR pkg/29896.
|
|
This is a bug fix release.
Fixed bugs are follows:
* Fix for a potential buffer overflow vulnerability when loading
a hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Fix a crash in mail when stopping a search and then searching again
* Other stability and security fixes
MFSA 2005-59 Command-line handling on Linux allows shell execution
MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
MFSA 2005-57 IDN heap overrun using soft-hyphens
|
|
While at it, add a buildlink3.mk file.
Bump PKGREVISION.
|
|
links-gui.
|
|
without bumping the version.
|
|
|
|
NO_BUILD, USE_LIBTOOL.
|
|
|
|
|
|
regenerating the distinfo file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Fix for a potential buffer overflow vulnerability when loading a hostname
with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed by the
shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that
uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Fix a crash in mail when stopping a search and then searching again
- Other stability and security fixes
|
|
package now, and this header file is only directly used by apr itself,
hidden from httpd. (Clarifies bug 36750 that I have on file with Apache
Bugzilla.)
|
|
diff between 1.31 and 1.3101 is minimal, yet it fixes important issues
people have been reporting on e.g. the rt-users mailing list.
1.1301 August 23, 2005
- One last fix for CGIHandler. If you provided your own out_method it
was ignoring it and using its own. Reported by David Glasser.
|
|
|
|
pointed out by Geert Hendrickx and discussed further on tech-kern@
|
|
|
|
we need to make sure we clean up .orig files before the copy is done.
|
|
version 1.0.6 include:
* Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Other stability and security fixes
Approved by taya.
|
|
|
|
Three new official patches are added.
o 2005-09-19 15:50 (Cosmetic) --with-maxfd=N configure option to override
max filedescriptors test
o 2005-09-16 21:58 (Minor) invalid host is processed as IP 255.255.255.255
in dst acl
o 2005-09-16 21:49 (Cosmetic) Odd results when pipeline_prefetch is combined
with NTLM authentication
One official patch was updated.
o 2005-09-20 12:29 (Major) FATAL: Incorrect scheme in auth header
|
|
- Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed
by the shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script
that uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Other stability and security fixes
|
|
Changes include:
* Advertisement banner removed
* Security: Fixed Secunia Advisory 16645, drag-and-drop vulnerability,
must-revalidate HTTPS handling, cookie comment encoding
* Browser JavaScript on by default
* Multiple stability issues
|
|
thus leaving the package dangling if apache2 were to be removed or upgraded.
Change to using apache2/buildlink3.mk, like the other ap2-* modules do,
and bump PKGREVISION for the implicit DEPENDS change.
|
|
Update www/kazehakase from 0.2.9 to 0.3.0.
Changes from 0.2.9 to 0.3.0:
* Added feed bookmark action (Kouhei Sutou)
* Fixed some crash bugs.
(I have been running this since Sept. 10. Sorry for the
delay in updating.)
|
|
registration out of the installation step and into the INSTALL script.
Also, remove the registration commands from the PLIST as well. Putting
them into the INSTALL script allows for the same commands to be run
in the same way, so that there are fewer differences between installing
from source and installing from a binary package. Also, this makes
these packages pass CHECK_FILES=yes. Bump the PKGREVISION of firefox,
firefox-gtk1, mozilla, and mozilla-gtk2.
Also, include bsd.pkg.mk from the package Makefiles, not from within
Makefile.common. This is a style issue and allows for appending to
variables originally defined in Makefile.common from the package
Makefile.
|
|
no longer correct since update to libevent 1.x; it now uses libtool and
generates a shlib.
Remove the offending bl3 line, and bump all dependents' PKGREVISIONs, since
the binary pkg changes for any OS that doesn't have a sufficient builtin
libevent version (or the package has requested a non-builtin version).
|
|
Bump PKGREVISION.
|
|
- Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require"
was not enforced in per-location context if "SSLVerifyClient optional"
was configured in the global virtual host configuration.
Sync apache with the latest ap-ssl.
|
|
- pkgsrc update:
o s/SQUID_BACKEND/SQUID_BACKENDS/ as suggested by pkglint.
o Fix leaving ${PREFIX}/etc/squid/msntauth.conf.default out of PLIST.
o IP Filter related patches are incorporated to squid.
- Add/update official patches:
o 2005-09-15 11:15 (Major) FATAL: Incorrect scheme in auth header
o 2005-09-15 09:56 (Medium) Odd results on pipelined CONNECT requests
o 2005-09-13 23:59 (Minor) Transparent proxy problem with IP Filter
o 2005-09-11 01:53 (Medium) Clients bypassing delay pools by faking a cache
hit
o 2005-09-11 01:42 (Cosmetic) Allow leaving core dumps on Linux
o 2005-09-11 01:21 (Cosmetic) enums can not be assumed to be signed ints
o 2005-09-11 01:21 (Cosmetic) Incorrect store dir selection debug message on
objects >2G
o 2005-09-11 00:57 (Minor) LDAP helpers does not work with TLS (-Z option)
|
|
lanb/ruby/{module.mk,rubyversion.mk} change and I think the
distfile of this package should be under ruby subdirectory, too.
|
|
|
|
it separately
|
|
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900. Fixes runtime usage on NetBSD 2.1. New Versions:
- firefox-1.0.6nb2
- firefox-gtk1-1.0.6nb2
- mozilla-1.7.11nb1
- mozilla-gtk2-1.7.11nb1
- thunderbird-1.0.6nb1
- thunderbird-gtk1-1.0.6nb1
|
|
this is a major update (from 0.6.4), too much to list
|
|
Thank you, Bruce, for previously maintaining these.
|
|
packages. Thank you Bruce for helping with pkgsrc.
|
|
Took some time to do this release, and the fixes are numerous, an
upgrade is highly recommended. Major changes include an increased
header limit, which fixes inter-operation with some versions of lynx;
a fix for a crash when trying to access user pages of people who do
not actually exist (ie, /~badusername).
On the new features front, the -U option now accepts usernames too,
not just user ids.
|
|
CGI-FormBuilder-2.13nb3
|
|
|
|
(shared with ap-php) into the php package Makefile.
|
