| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Packages Collection.
The Perl 5 module WWW::Mechanize::GZip tries to fetch a URL by
requesting gzip-compression from the webserver. If the response
contains a header with 'Content-Encoding: gzip', it decompresses
the response in order to get the original (uncompressed) content.
|
|
|
|
|
|
|
|
(CVE-2010-0308 is http://www.squid-cache.org/Advisories/SQUID-2010_1.txt.)
Changes to squid-2.7.STABLE9 (15 March 2010)
- 2.7.STABLE8 failed to compile with OpenSSL 0.9.8 on some systems
- failure to detect certain system libraries on some systems
resulting in compilation errors
Changes to squid-2.7.STABLE8 (10 March 2010)
- Bug #2458: reply_body_max_size incorrectly documented
- Bug #2858: Segment violation in HTCP
- Bug #2773: Segfault in RFC2069 Digest authantication
- 64-bit filesize issue in squidclient if trying to post a file > 2GB
- Improve %nn parser to better deal with certain odd %nn sequences
- Segmentation fault if failed to open cache.log
- Bug #2819: const correctness errors in dns_internal.c
- Handle DNS header-only packets as invalid. (CVE-2010-0308)
- Windows port: Updated mswin_ad_group native helper to version 2.1
- Cosmetic change to keep GCC happy
- Bug #2678 - storeurl_rewrite does not play nicely with vary
- Bug #2861 - only-if-cached request blocks if it collapsed into
another request
- Use libcap functions instead of raw kernel interface
- No need to sync the store on -k rotate, but instead it needs to be
done in reconfigure
- const correctness in OpenSSL initialization
- Rework the http digest auth parser
|
|
|
|
|
|
|
|
|
|
Update Danish and Dutch translation files.
|
|
* Fix possible XSS problem on frontend module.
* Fix preview problem when URL rewriting is enabled.
Bump PKGREVISION.
|
|
XSS problem on frontend module.
Bump PKGREVISION.
|
|
Due to several security issues found in the TYPO3 Core, there was a
combined release of TYPO3 4.1.14, 4.2.14, 4.3.4 and 4.4.1.
Find more details in the security bulletin:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012/
For full change please refer:
http://wiki.typo3.org/index.php/TYPO3_4.4.1#Changelog
|
|
* SourceFormat Enforcement
* Replace most USE_IPV6 with run-time support probing
* Translations: sync with 3.HEAD language updates
* Split-Stack enable DNS and http(s)_port sockets.
* Bug: --with-valgrind-debug failures ignored
* Fixed comm.cc:377: "fd_table[fd].halfClosedReader != NULL" assertion
* Kludge: try to detect system acinclude path, to fix libtool brokenness.
* Bug: search scope for digest_ldap_auth didn't work
* Update libtool autoconf macros to libtool2 style
* Correction documentation of QoS disable-preserve-miss
* Remove .so from SASL build checks
* Bug: AIX support: c only c++ style comments test case
* Bug: AIX support: check libm for log()
* Do not stop accepting just because we got COMM_NOMESSAGE.
* Bug: AIX support: uchar is already define (more)
* Bug: AIX support: uchar is already define
* Bug: crash handling NULL write callback
* Correct Joomla DB auth handling
* Fixed memory leak related to retried requests.
* Prevent memory leaks when cloning Range requests.
* Fixed memory leaks related to Range requests.
Changes 3.1.5:
* Bug: Fix context leak in HttpStateData::processReplyHeader
* Bug: raw-IPv6 address URL with append_domain broken
* Bug: does not send indirect X-Client-Ip in ICAP respmod
* Fix free memory corruption and off-by-on error when comparing SNMP OIDs
* Restart DNS retransmission count when restarting the query as an A lookup
* Bug: HTTP responses with no Date, L-M or Expires can now be cached
* Maintenance: Formater skip libltdl dirs
* SourceFormat Enforcement
* Bug: Fails to detect chunked encoding if not given in all lower case
* Port from 2.7: max_filedescriptor config option
* persistent_connection_after_error is meant to be on by default
* kFreeBSD does not have linux headers. Wrap properly.
* Maintenance: Use system MD5 instead of hard-coded python paths
* Bug: ICAP tokens not logged when using multiple access
* SourceFormat Enforcement
* OpenBSD: Fix build mem.cc warning: converting of negative value
|
|
- SECURITY: CVE-2010-1452 (cve.mitre.org)
mod_dav, mod_cache: Fix Handling of requests without a path segment.
PR: 49246 [Mark Drayton, Jeff Trawick]
- SECURITY: CVE-2010-2068 (cve.mitre.org)
mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection
for platforms Windows, Netware and OS2. PR: 49417. [Rainer Jung]
- core: Filter init functions are now run strictly once per request
before handler invocation. The init functions are no longer run
for connection filters. PR 49328. [Joe Orton]
- mod_filter: enable it to act on non-200 responses.
PR 48377 [Nick Kew]
- mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
title page only) when any mod_ldap directives were used in VirtualHost
context. [Eric Covener]
- mod_ssl: Fix segfault at startup if proxy client certs are shared
across multiple vhosts. PR 39915. [Joe Orton]
- mod_proxy_http: Log the port of the remote server in various messages.
PR 48812. [Igor Galić <i galic brainsware org>]
- apxs: Fix -A and -a options to ignore whitespace in httpd.conf
[Philip M. Gollucci]
- mod_dir: add FallbackResource directive, to enable admin to specify
an action to happen when a URL maps to no file, without resorting
to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
- mod_rewrite: Allow to set environment variables without explicitely
giving a value. [Rainer Jung]
|
|
While here, set LICENSE=mit.
1.7.4
-----
* Fix XSS bug (security issue) with not found handlers for
:class:`paste.urlparser.StaticURLParser` and
:class:`paste.urlmap.URLMap`. If you ask for a path with
``/--><script>...`` that will be inserted in the error page and can
execute Javascript. Reported by Tim Wintle.
* Replaced :func:`paste.util.mimeparse.desired_match`
1.7.3.1
-------
* Removed directory name from 404 errors in
:class:`paste.urlparser.StaticURLParser`.
* Fixed packaging to include Javascript and images for
:mod:`paste.evalexception`
1.7.3
-----
* I got a fever and the only prescription is more :mod:`paste.cowbell`!
* Fix :mod:`paste.httpserver` on Python 2.6.
* Fix :mod:`paste.auth.cookie`, which would insert newlines for long
cookies.
* :mod:`paste.util.mimeparse` parses a single ``*`` in Accept headers
(sent by IE 6).
* Fix some problems with the ``wdg_validate`` middleware.
* Improvements to :mod:`paste.auth.auth_tkt`: add httponly support,
don't always aggressively set cookies without the
``wildcard_cookie`` option. Also on logout, make cookies expire.
* In :class:`paste.proxy.Proxy` handle Content-Length of -1.
* In :mod:`paste.httpexceptions` avoid some unicode errors.
* In :mod:`paste.httpserver` handle ``.read()`` from 100 Continue
properly (because of a typo it was doing a readline).
* Update ``paste.util.mimeparse`` from `upstream
<http://code.google.com/p/mimeparse/>`_.
|
|
|
|
|
|
Pkgsrc changes:
- adjust dependencies
Upstream changes:
0.2006 Fri Jul 2 17:21:22 PDT 2010
- Fixed a bug in chunked response when Content-Length is 0. #8 (chiba)
- Documented --pid and --daemonize
0.2005 Fri Jul 2 17:02:16 PDT 2010
- Don't use lib 'lib'
- Documentation updates (miyagawa, grantm)
|
|
Pkgsrc changes:
- adjust dependencies
Upstream changes:
1.30 Wed Jun 9 12:23:48 CDT 2010
------------------------------------
[ENHANCEMENTS]
autolint used to only work on get_ok() calls. Now it works with
post_ok(), submit_form_ok(), follow_link_ok() and click_ok().
Added $mech->text_contains(), $mech->text_like() and $mech->text_unlike()
methods. These check the text of an HTML page separate from the
HTML markup. Thanks to Ashley Pond V.
1.28 Tue Apr 13 00:44:27 CDT 2010
------------------------------------
[FIXED]
t/put_ok.t finally passes.
1.26 Mon Apr 5 00:54:46 CDT 2010
------------------------------------
[FIXED]
Description of error in $mech->content_unlike() was wrong.
Now requires Test::LongString 0.12.
t/put_ok.t now passes, but with a handful of warnings. Help in figuring
out why would be appreciated.
[INTERNALS]
Hoisted common code out of get_ok, post_ok, etc.
[DOCUMENTATION]
Updated copyright and licensing information.
|
|
Pkgsrc changes:
- adjust dependencies
Upstream changes:
0.12 Wed Jul 7 15:54:05 PDT 2010
- Improved documents (markstos, haarg)
- Support httponly option (haarg)
|
|
Upstream changes:
0.9942 Fri Jul 23 23:42:43 PDT 2010
- Allow passing FCGI manager object to Handler::FCGI (confound)
- Call FCGI::Request::Finish() before pm_post_dispatch (confound)
- Moved response_cb() to Plack::Util (confound)
- re-enable WithLexicals now that PadWalker segfaults with 5.12 is fixed #98
|
|
Upstream changes:
0.30 2010-06-24
- Fix Makefile.PL's is_upgrading_needed() routine (RT #58771)
|
|
|
|
Substitute egg directory in PLIST to avoid hardcoded version.
Drop unnecessary statements that set defaults.
|
|
0.10.0 is from 2009; this package was at 0.3.0 (0.4.0 was released in
2005). Upstream does not provide changelogs or NEWS. This update
should be considered equivalent to removing the old package and
importing a new one.
|
|
changes:
-misc fixes, minor API extension
-allow to build against icu-4.4
-security fixes added (CVE-2010-1386, CVE-2010-1392, CVE-2010-1405,
CVE-2010-1407, CVE-2010-1416, CVE-2010-1417, CVE-2010-1665, CVE-2010-1418,
CVE-2010-1421, CVE-2010-1422, CVE-2010-1501, CVE-2010-1767, CVE-2010-1664,
CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762,
CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774)
|
|
* img: Add a margin around images displayed by this directive.
* comments: Added commentmoderation directive for easy linking to the
comment moderation queue.
* aggregate: Write timestamp next aggregation can happen to
.ikiwiki/aggregatetime, to allow for more sophisticated cron jobs.
* Add --changesetup mode that allows easily changing options in a
setup file.
* openid: Fix handling of utf-8 nicknames.
* Clarified what the filter hook should be passed: Only be the raw,
complete text of a page. Not a snippet, or data read in from an
unrelated file.
* template: Do not pass filled in template through filter hook.
Avoids causing breakage in po plugin.
* color, comments, conditional, cutpaste, more, sidebar, toggle: Also
avoid unnecessary calls to filter hook.
* po: needstranslation() pagespec can have a percent specified.
* Drop Cache-Control must-revalidate (Firefox 3.5.10 does not seem to have
the caching problem that was added to work around). Closes: #588623
* Made much more robust in cases where multiple source files produce
conflicting files/directories in the destdir.
* Updated French translation from Philippe Batailler. Closes: #589423
* po: Fix selflink display on tranlsated pages. (intrigeri)
* Avoid showing 'Add a comment' link at the bottom of the comment post form.
|
|
* Add missing PIST Guarani which I forgot to add.
* Update French, Croatian, Hungarian, Japanese, Dutch and Swedish
language files.
|
|
as extension.
Bump PKGREVISION.
|
|
|
|
MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-45 Multiple location bar spoofing vulnerabilities
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution
MFSA 2010-36 Use-after-free error in NodeIterator
MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
|
|
changes:
added the --proto and -proto-redir options
new configure option --enable-threaded-resolver
improve TELNET ability with libcurl
added support for PolarSSL
added support for FTP wildcard matching and downloads
added support for RTMP
added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT
|
|
Reported by Francois Tigeot.
|
|
No change information available, unfortunately.
|
|
to their respective category Make files.
|
|
|
|
Upstream changes:
1.45 Wed Jun 16 21:15:26 CEST 2010
- fix a bug where the handle woudl go away directly after a successful
connect (analyzed and patch by Maxim Dounin).
- due to popular demand, introduce the Redirect pseudo response header.
- document URL pseudo-header better.
- explain how to implement DNS caching.
|
|
Upstream changes:
0.12 2010-07-14
- Added Net::FastCGI::IO
|
|
Upstream changes:
0.9941 Thu Jul 8 18:17:30 PDT 2010
- Makes Lint not warn about ASCII-only strings with UTF8 flag because they're safe
|
|
* Added Guarani language files.
* Update Czech, Croatian, Latvian, Dutch and Slovenian language files.
|
|
discarded before.
* Don't handle templates/.htaccess as configuration file.
Bump PKGREVISION.
|
|
|
|
|
|
changes:
-Added identi.ca bookmarking support
-bugfixes
-translation updates
|
|
|
|
Upstream changes:
1.64 Thu Jul 1 10:41:00 CDT 2010
========================================
[THINGS THAT MAY BREAK YOUR CODE]
If you've been accessing $mech->{forms} or $mech->{form} values
directly, instead of going through the $mech->forms or $mech->current_form
accessors, respectively, then this version of Mech will break your
code.
[ENHANCEMENTS]
Parsing of forms has been delayed until they're actually needed.
If don't use forms on a page, you'll no longer waste time and memory
parsing them.
$mech->title now caches the title of the page after parsing the
page to find it.
mech-dump now takes a --cookie-file parameter for keeping cookies
between calls.
[DOCUMENTATION]
Typo fixes.
|
|
Upstream changes:
2010-07-09 Release 3.66
Gisle Aas (1):
Fix entity decoding in utf8_mode for the title header
|
|
This switches to the gnome-2.30 release branch.
|
