| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
And avoid to use -0 option of xargs(1).
|
|
for the list of changes.
|
|
by pkglint.
|
|
Changes with Apache 2.0.63
*) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
to /Device/Nul as the server is starting up, mirroring unix MPM's.
PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe]
*) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
by recreating the bucket allocator each time the trans pool is cleared.
PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>]
Changes with Apache 2.0.62 (not released)
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox, Joe Orton]
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) Introduce the ProxyFtpDirCharset directive, allowing the administrator
to identify a default, or specific servers or paths which list their
contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
*) log.c: Ensure Win32 resurrects its lost robust logger processes.
[William Rowe]
*) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
shutdown of the server when the MaxClients is higher then 257,
in a more responsive manner [Mladen Turk, William Rowe]
*) Add explicit charset to the output of various modules to work around
possible cross-site scripting flaws affecting web browsers that do not
derive the response character set as required by RFC2616. One of these
reported by SecurityReason [Joe Orton]
*) http_protocol: Escape request method in 405 error reporting.
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings. [Jeff Trawick]
*) http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR 44014 [Victor Stinner <victor.stinner inl.fr>]
|
|
|
|
|
|
there, not in post-patch.
There's no need to use xargs -0: Solaris doesn't know that option, POSIX
doesn't require it, and all the filenames are sane anyway.
|
|
(As discussed in September 2007 on tech-pkg.)
|
|
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
error and the behavior of NetBSD on 64-bit machines. All three bugs
(including the Linux documentation problem) have been reported upstream
and will be fixed there.
|
|
|
|
=== RELEASE 2.1pre32 ===
Thu Dec 13 04:44:01 MET 2007 mikulas:
Do not display links to alternate stylesheets
Tue Dec 11 06:37:56 MET 2007 mikulas:
Use Content-Disposition as a suggestion for downloaded file name
Sun Dec 9 04:52:37 MET 2007 mikulas:
Fixed write to freed memory resulting in misbehavior of radio buttons
and a possible crash
Wed Dec 5 23:26:55 MET 2007 mikulas:
Make it run without Cygwin environment (only with Cygwin DLLs)
Workaround for flaws in Cygwin Unix emulation:
SIGWINCH is sometimes lost
Signal handlers write to a pipe and it should wake select() up,
sometimes, it doesn't
exec("command.com") crashes Windows 98 when some sockets are
open
Wed Dec 5 18:05:00 MET 2007 mikulas:
Do not search for compressed-file extension (.gz, .bz2) in URLs
containing '?', '&' or ';' --- they are likely scripts and they should
provide information about compression in the header.
Tue Dec 4 04:09:51 MET 2007 mikulas:
When the document was truncated to zero size on reload and no data were
received, links didn't invalidate formatted document cache
Wed Nov 7 00:20:12 MET 2007 mikulas:
Accept capital 'X' as a hex number mark in html entities
Fri Nov 2 19:53:01 MET 2007 mikulas:
Do not print links to stylesheet to the document
Fri Nov 2 19:52:22 MET 2007 mikulas:
Slightly improve parsing of ftp --- when the line contains "<DIR>", we
can assume that it is a directory
Tue Oct 30 21:22:27 cet 2007 mikulas:
Previous release didn't compile on OS/2 due to missing SIGCONT
|
|
Bump PKGREVISION reflecting PLIST change.
|
|
|
|
|
|
Changes to squid-2.6.STABLE18 (10 Jan 2008)
- Fix 2 assertion failures related to the fix for SQUID-2007:2
- GPL license cleanup to GPLv2 or later. One file in edir_digest_auth
was GPLv2 only, now replaced with a GPLv2 or later licensed vesion.
- Minor cleanups to make certain 64-bit platforms happier
- Several Digest authentication bugs fixed wich was causing random
authenitcation popups or failures.
- --with-valgrind-debug updated for valgrind-3.3.0.
|
|
|
|
|
|
sorry, no changelog available
|
|
no entries in the changelog, presumably just a version bump
for the gnome-2.20.3 release
pkgsrc note: installation os developer docs was fixed
|
|
change: a minor bugfix
|
|
This release fixes security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcement:
SA-2008-005 - Drupal core - Cross site request forgery
SA-2008-006 - Drupal core - Cross site scripting (UTF8)
SA-2008-007 - Drupal core - Cross site scripting (register_globals)
In addition to this security vulnerability, the following bugs have been fixed since the 5.5 release:
173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files
179164 by Heine: sort modules by name on the module admin page
199640 by webernet: (usability) add option to select no taxonomy term in multiselect forms, not to rely on browser trickery
199084 by chx: better conformance with ISO date formats in our xmlrpc code
173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: document support in url() and l() and proper active class support for .
89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll editing.
64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since it is a count() query.
200338 by m3avrck and quicksketch: fix transparent GIF resizing
194652 by Heine: specify explicit accept-charset for forms to avoid browser guessing
182410 by greggles: HTTP Basic authentication username and password was parsed in drupal_http_request() but then not used in the request
- Patch 201894 by David Rothstein: fixed typo in user output.
180126 by mmoreno, drewish and scor: add realpath() call to file_save_data(), so Windows will create temporary files properly
115689 by chx: new content types should not overwrite old ones. Backport by Pancho.
203727 by Arancaytar. More effectively use hook API.
204855 by webernet. Add missing * in documentation.
168315 by schuyler1d: previous active database name was not consistently returned in db_set_active()
- Patch 199955 by saxofaan: file_upload_max_size() returns results in bytes, not in mega bytes.
194579 patch by pwolanin: clear filter cache when allowed HTML tags configuration changes in an input format
#166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages.
58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN on editing.
Partial backport of 112715 to fix 124641.
Changes from 5.4 -> 5.5
Fixed missing missing brackets in a query in the user module.
Fixed taxonomy feed bug introduced by SA-2007-031
|
|
* Fixed privilege escalation in the Horde API.
* Improved XSS filtering.
* Fixed locked portal blocks.
* Further improved webroot detection.
* Updated Japanese translation.
|
|
o Changes from 3.0.4
* Update translations.
* If you are using the fullscreenmode.js script, you can now pass
in a minimal=1 argument in the URL to make a page start out in
the minimal mode.
* Fix problems with non-savepoint capable connections (such as SQL
connections) involved in folder_delete, folder_publish of
folder_rename actions.
* Hiding page history, page navigation, and busy icon (spinner) in
print CSS. This relates to 7402 and 7433.
* Fix persistant translation service creation code. This corrects
broken translations on initial Zope start. This fixes 7470.
* Visual editor improvements:
o Style whitelist and class blacklist now work when there is
only one entry in the list.
o Span tags with no attributes after filtering are removed.
* Make the content rule configuration page fully
translatable. This fixes 6886.
* Update the object-not-found error page to search for
alternatives within the navigation root instead of the entire
site.
* Fix translation for default item in display content menu for
situations. This fixes 7281.
* Fix absolute_url() for content rules add views, content rules
traversal adapters, portlet add views, portlet assignment
mappings and portlet assignments.
* Fix handling of RSS feeds which do not include an update
timestamp for feed entries. This fixes 7515.
* Change KSS saveField to not require value explicitply but take
it from the request if not specifies. This makes it possible to
use saveField-kssSubmitForm: currentForm(); which is needed for
multi-valued form variables.
* Fix handling of the portal type criteria for collections. This
fixes 7467.
* Update the delete-confirmation page for objects that are
references elsewhere to order all referencing items in
alphabetical order.
* Fix handling of types where allow_discussion is set as a class
attribute which could lead to an AttributeError when changing
the discussion settings. This fixes 761.
* Extend the Archetypes widget API to inform widgets when
processing the form in the validation phase. This fixes 760.
* Correct zope.i18n.translate calls in Archetypes: should use the
request, not the instance itself as the context. This fixes
translation problems seen in Plone 3.0.4.
* Do not create an empty <ul> in the personal actions bar if there
are no items in it. This fixes an XHTML syntax error.
* Fix the languages method of the language selector to include the
native language name.
* Fix invalid context argument passed into the translation
machinery in the workflow state vocabulary. This fixes 7492.
* Fix potential acquisition problem in five.localsitemanager when
assigning values to the utilities registry of the component
registry.
* Raise a ValueError when the Zope3 translation utilities get
passed in an invalid context argument. Translations in Zope3
work against the request alone and while the keyword is called
context it was too easily confused with a contentish context.
o Updated packages
* Archetypes 1.5.5
* ATContentTypes 1.2.4
* CMFPlone 3.0.5
* GenericSetup 1.3.3
* kupu 1.4.7
* PlacelessTranslationService 1.4.8
* PloneTranslations 3.0.10
* archetypes.kss 1.2.5
* plone.app.contentmenu 1.0.5
* plone.app.contentrules 1.0.5
* plone.app.i18n 1.0.1
* plone.app.kss 1.2.5
* plone.app.linkintegrity 1.0.4
* plone.app.portlets 1.0.5
* plone.app.redirector 1.0.5
* plone.app.vocabulary 1.0.2
* plone.app.layout 1.0.5
* plone.contentrules 1.0.5
* five.localsitemanager 0.3
|
|
|
|
|
|
|
|
|
|
|
|
*) Change: now the ngx_http_userid_module adds start time microseconds
to the cookie field contains a pid value.
*) Change: now the uname(2) is used on Linux instead of procfs.
Thanks to Ilya Novikov.
*) Feature: the "If-Range" request header line support.
Thanks to Alexander V. Inyukhin.
*) Bugfix: in HTTPS mode requests might fail with the "bad write retry"
error; bug appeared in 0.5.13.
*) Bugfix: the STARTTLS in SMTP mode did not work.
Thanks to Oleg Motienko.
*) Bugfix: large_client_header_buffers did not freed before going to
keep-alive state.
Thanks to Olexander Shtepa.
*) Bugfix: the "limit_rate" directive did not allow to use full
throughput, even if limit value was very high.
*) Bugfix: the $status variable was equal to 0 if a proxied server
returned response in HTTP/0.9 version.
*) Bugfix: if the "?" character was in a "error_page" directive, then
it was escaped in a proxied request; bug appeared in 0.5.32.
|
|
to list here; one may check the log at <http://repo.or.cz/w/elinks.git>
(see the elinks-0.11 branch). There should be a 0.11.4 release out
fairly soon.
While here, add two patches (from debian maintainer): one to ensure that
its gettext doesn't look for files in ../po/, and the other to disable
transparency by default.
Bump revision.
|
|
|
|
|
|
|
|
*) Change: now the full request line instead of URI only is written to
error_log.
*) Feature: Cygwin compatibility.
Thanks to Vladimir Kutakov.
*) Feature: the "merge_slashes" directive.
*) Feature: the "gzip_vary" directive.
*) Feature: the "server_tokens" directive.
*) Feature: the "access_log" directive may be used inside the
"limit_except" block.
*) Bugfix: if the $server_protocol was used in FastCGI parameters and a
request line length was near to the "client_header_buffer_size"
directive value, then nginx issued an alert "fastcgi: the request
record is too big".
*) Bugfix: if a plain text HTTP/0.9 version request was made to HTTPS
server, then nginx returned usual response.
*) Bugfix: URL double escaping in a redirect of the "msie_refresh"
directive; bug appeared in 0.5.28.
*) Bugfix: a segmentation fault might occur in worker process if
subrequests were used.
*) Bugfix: the big responses may be transferred truncated if SSL and
gzip were used.
*) Bugfix: compatibility with mget.
*) Bugfix: nginx did not unescape URI in the "include" SSI command.
*) Bugfix: the segmentation fault was occurred on start or while
reconfiguration if variable was used in the "charset" or
"source_charset" directives.
*) Bugfix: nginx returned the 400 response on requests like
"GET http://www.domain.com HTTP/1.0".
Thanks to James Oakley.
*) Bugfix: a segmentation fault occurred in worker process if
$date_local and $date_gmt were used outside the
ngx_http_ssi_filter_module.
*) Bugfix: a segmentation fault might occur in worker process if debug
log was enabled.
Thanks to Andrei Nigmatulin.
*) Bugfix: ngx_http_memcached_module did not set
$upstream_response_time.
Thanks to Maxim Dounin.
*) Bugfix: a worker process may got caught in an endless loop, if the
memcached was used.
|
|
|
|
- Remove -quiet option from CONFIGURE_ARGS. This cause verbose output
but it prevent detect errors.
- use INSTALLATION_DIRS.
- Use ../zope/Makefile.common. and common files from ../zope/files.
- Don't install unused runzope.bat.in template file.
- take maintainership.
- Add missing sitecustomize.py{,c} in PLIST.
Bump PKGREVISION.
|
|
- Remove -quiet option from CONFIGURE_ARGS. This cause verbose output
but it prevent detect errors.
- use INSTALLATION_DIRS.
- Use ../zope/Makefile.common. and common files from ../zope/files.
- Don't install unused runzope.bat.in template file.
- take maintainership.
Bump PKGREVISION.
|
|
This is a bugfix release that tries to fix three issues:
- The reappearing of already downloaded items
(caused by an incorrect cache handling)
- The continuous growth of the sqlite DB file
(caused by comments not being removed along with their parent items).
- The general performance problem with search folders.
|
|
|
|
|
|
- Complete zope33 (Zope 3.3.x) related names.
|
|
No compiler necessary.
|
|
|
|
|
|
|
|
Improved fix for MOPB-02-2007.
Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
Fixed integer overlow in str[c]spn().
Fixed regression in glob when open_basedir is on introduced by 41655 fix.
Fixed money_format() not to accept multiple %i or %n tokens.
Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.
Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).
Fixed bug 43010 (Fixed regression in imagearc with two equivelent angles).
Fixed bug 41765 (Recode crashes/does not work on amd64).
Fixed bug 41630 (segfault when an invalid color index is present in the image data).
Fixed bug 41628 (PHP settings leak between Virtual Hosts in Apache 1.3).
Fixed bug 38798 (OpenSSL init corrected in php5 but not in php4).
|
|
|
