This release has several bugfixes, including a fix for an issue that may
have caused accrual policies to stop calculating accrued time for some
employees.
works around a dos vulnerability in rexml
similar diff from Jeremy Evans <openbsd at jeremyevans.net>
update run_depends so forward updates work properly
ok bernd@
(buzz word alert!)
Semi-automated, largely passive web application security audit tool,
optimized for an accurate and sensitive detection, and automatic
annotation, of potential problems and security-relevant design patterns
based on the observation of existing, user-initiated traffic in complex
web 2.0 environments.
Detects and prioritizes broad classes of security problems, such as
dynamic cross-site trust model considerations, script inclusion issues,
content serving problems, insufficient XSRF and XSS defenses, and much
more.
testing and ok kili@
This release contains a detailed printable timesheet as well asseveral
bugfixes, including one bug that in rare circumstances may have caused
timesheets to be calculated incorrectly.
TimeTrex is a complete web-based payroll and time management suite which
offers employee scheduling, attendance (timeclock, timesheet), job
costing, invoicing and payroll all in a tightly integrated package.
"looks good" to fkr@
it contains patches from Martynas Venckus:
- net-support.c: HTTP header only needs to be ASCII in the token
- xmlparse.c: Convert feed title to target charset, too. Should
probaly be in interface.c
- main.c, interface.h, interface.c: Add a signal handler for resizing
to work on many other ncurses implementations
- conversions.c: Determine output charset with nl_langinfo()
ok kili@
p5-Catalyst-Plugin-Cache-Store-FastMmap,
p5-Catalyst-Plugin-ConfigLoader-Environment,
p5-Catalyst-Plugin-LogWarnings, p5-Catalyst-Component-ACCEPT_CONTEXT,
p5-HTML-SBC and p5-XML-Atom-SimpleFeed to www/
This module provides a minimal API for generating Atom syndication feeds
quickly and easily. It supports all aspects of the Atom format, but it
has no provisions for generating feeds with extension elements.
Simple Blog Code is a simple markup language. You can use it for guest
books, blogs, wikis, boards and various other web applications. It
produces valid and semantic (X)HTML from input and is patterned on that
tiny usenet markups like *bold* and _underline_.
Models and Views don't usually have access to the request object, since
they probably don't really need it. Sometimes, however, having the
request context available outside of Controllers makes your application
cleaner. If that's the case, just use this module as a base class.
This plugin redirects perl's warn() warnings to a Catalyst log
($c->log->warn), allowing you to filter warnings, log warnings to a
database, Log4Perl, etc.
This store plugin is a bit of a wrapper for Cache::FastMmap.
As Cache::FastMmap can't store plain values by default, this module
ships with a subclass that will wrap all values in a scalar reference
before storing.
This plugin gives you access to a variety of systems for caching data.
It allows you to use a very simple configuration API, while maintaining
the possibility of flexibility when you need it later.
Cherokee is a very fast, flexible and easy to configure Web Server. It
supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI,
TLS and SSL encrypted connections, Virtual hosts, Authentication, on the
fly encoding, Load balancing, Apache compatible log files, and much
more.
based on a submission from Fernando Quintero (MAINTAINER)
testing, feedback and ok sthen@
- Fixes cross-site redirection in quickjump found by Russ McRee.
- Fixes wiki engine XSS found by Nathan Collins.
- Added PostgreSQL 8.3 support.
- Fixes FineGrainedPermissions for scoped repositories.
- Fixes problem with repository syncing raising exceptions.
ok Ben Lovett (MAINTAINER)
Darrin Chandler on ports@.
"Thanks to Toni Mueller for prodding, and to Simon Kuhnle for prodding,
testing, and the patch (I had the same diff just before lock but kept
forgetting after unlock)." -dwc
- since version 3, ff uses standard printing dialog from gtk+2. in
order to continue using cups for printing, you will need to install
cups subpackage of gtk+2. after an email from Giovanni Bechis
- ff3 may not render scaled images properly due to incompatibilities
between some of the x drivers and x server (this has been fixed in
the new xserver). document work-arounds for now. after an email
from Markus Bergkvist
Based on an original submission from James Turner (james at bsdgroup dot
org), who prodded me to take maintainership, Thanks !
Not linked to the build yet.
ok jdixon@ laurent@ 'import it!' robert@ espie@
(james at bsdgroup dot org), thanks !
Webkit is an open source web rendering engine.
All our previous patches have been integrated upstream.
Mark it BROKEN on sparc64 until
https://bugs.webkit.org/show_bug.cgi?id=19775 is fixed.
Not linked to the build yet, a little bit of testing is still needed
with latest libc/libm change.
Thanks to all who already tested !
ok jdixon@ laurent@ 'import it' robert@ espie@
when we decide it's stable enough
not linked to the builds yet.
this version has the following fixes:
- fix SQLITE_VERSION, NSS_VERSION
- we've got our own library versioning, so remove versions and let
dlopen do the job
- fix the ssl psm bug. you can't just cast a char* to an int* and
access through it
- fix arm Makefiles, to catch the right invokes/stubs
- fix arm, endianness issue (armel abi)
- strict alignment fixes for sparc64
- update to accept standard dictionaries location, so that
textproc/mozilla-dicts works again
- fix to include the right dlfcn.h
- remove eula
- printing fix, which kurt@ has tracked down, and helped fixing
tested by many, kili@, ian@, sthen@, jdixon@, reyk@, others...
the way to handle update has been suggested by pval@
the package name has been discussed w/ kurt@ and naddy@
ok kurt@ and naddy@
Apache::Reload is a Perl module that allows for dynamically re-loading
Perl modules into a persistent mod_perl environment without restarting
the server.
Using the PageCache plugin, you can cache the full output of different
pages so they are served to your visitors as fast as possible. This
method of caching is very useful for withstanding huge amounts of
request in a short time.
This plugin requires that you also load a Cache plugin. Please
reference the documentation for this module when choosing a cache
backend.
submitted by Jim Razmus
feedback from merdely@ and okan@
ok okan@
- patch-setup_py trick not needed anymore, now that python-2.5 is
default, and all dependencies got plists updated to include eggs
- switch to eggs.tg.org, to get this stable release
ok wcmaier@
prevents some risks that can occur if you install some third party modules,
or have very malicious users with high privileges.
- deletion of translated terms under cross site requests.
- session fixation attacks after installing 3rd party modules like workgroup
NG.
(other vulnerabilities are Drupal6 only).
patch-server_asobj_SoundGst_cpp from guilherme m. schroeder on ports@
patch-server_asobj_NetStreamGst_cpp from Deomid Ryabkov on gnash-dev
With help from kurt@ and brad@, thanks!
eZ Publish is a professional PHP application framework with advanced CMS
(content management system) functionality. As a CMS it's most notable
feature is its revolutionary, fully customizable and extendable content
model. This is also what makes it suitable as a platform for general PHP
development, allowing you to develop professional Internet applications fast.
Standard CMS functionality, like news publishing, e-commerce and forums is
already implemented and ready for you to use. Its stand-alone libraries can
be used for cross-platform, database independent PHP projects.
eZ Publish is database, platform and browser independent.
from (and tested by) Pierre-Emmanuel Andre via Denis Chatelain
(MAINTAINER) on ports@
discussed with mbalmer@ at c2k8 who was fine with the update as long as
someone tested it
Main features: customizable keybindings, basic HTML rendering, HTTP proxy
support, OPML import/export, themes, support for various versions of RSS,
Screen support. browser auto-detection, and more.
positive user feedback on ports@, ok ajacoutot@
HAVP (HTTP AntiVirus proxy) is an easily-configured non-caching
HTTP proxy which interfaces to an anti-virus scanner (ClamAV and
others) to prevent transfer of infected content (including HTML
and image files).
From maintainer Giovanni Bechis
it makes more sense to add devhelp as run_depends for gnome-session and
leave it to the user to install it manually for other packages
"if you're as happy as a pig in poop, commit it" jasper@
and bump; clamav used to pull in curl but it was removed some time ago,
resulting in broken dansguardian,-clamav packages. thanks to qgiovanni
at gmail dot com for pointing these out. update license marker while
there.
without the need to install LaTeX in httpds chroot.
From Mischa Diehm <md@msys.ch>, maintainer (a new porter, so give him the
drill he needs...)
Thanks to merdely to host the distfile and rerolling it as a gzipped tarball.
*) Bugfix: nginx did not process FastCGI response if header was at
the end of FastCGI record; bug appeared in 0.6.2. Thanks to
Sergey Serov.
*) bugfix: a segmentation fault might occur in worker process if a
file was deleted and the "open_file_cache_errors" directive was
off.
From Darrin Chandler (MAINTAINER)
ok bernd@
some good arguments against changing this.
"i trust you, so go ahead" jasper@
Note: this doesn't fix the questionable API_VERSION approach, it just
fixes the build.
is built by first unpacking the distfile so it can be patched.
Sprinkle a few SQL typecasts where needed to make Kronolith happy
again with PostgreSQL 8.3.x. Discussed with simon.
httpd(8) by adding chroot(2) support, disabled by default as expected
with this module.
Otherwise no user would be able to run his tests without the effort of
setting up a chroot(2) environment with Perl and everything else, and
obviously also running them as root.
To enable chroot set the APACHE_TEST_CHROOT environment variable or
start the tests with `./t/TEST -chroot 1'.
I'm also taking over maintainership.
Tested by and looks good to landry@
a local database, so no extra network traffic). Enabled by default,
disable with "GeoIP no" in .conf if you don't want it.
discussed with/ok mbalmer (maintainer)
in-tree include: various XSS, SQL injection, saves sensitive data
in PHP session, crafted POST allows users to read files accessible
by the web server.
thanks bsd at openbsd.rutgers.edu for feedback, ok ckuethe
It is designed to allow the programmer to express as much of the view
logic as desired in Python, and includes a pure Python XML expression
syntax named stan to facilitate this. However it also provides rich
support for designer-edited templates, using a very small XML
attribute language to provide bi-directional template manipulation
capability.
Nevow also includes Divmod Athena, a "two way web" implementation,
providing a two-way bridge between Python code on the server and
JavaScript code on the client. Modular portions of a page, known as
"athena fragments" in the server python and "athena widgets" in the
client javascript, can be individually developed and placed on any
Nevow-rendered page with a small template renderer. Athena abstracts
the intricacies of HTTP communication, session security, and
browser-specific bugs behind a simple remote-method-call interface,
where individual widgets or fragments can call remote methods on their
client or server peer with one method: "callRemote".
ok pyr@
users downloading this from official distribution sources.
(We are in compliance, but without an explanation, someone
might not notice this if they update it later).
Like Ruby on Rails, Merb is an MVC framework. Unlike Rails, Merb is
ORM-agnostic, JavaScript library agnostic, and template language
agnostic, preferring plugins that add in support for a particular
feature rather than trying to produce a monolithic library with
everything in the core. In fact, this is a guiding principle of the
project, which has led to third-party support for the ActiveRecord,
DataMapper, and Sequel ORMs.
Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.
NTLM Authorization Proxy Server is an http proxy server that allows
you to authenticate via the proprietary NTLM protocol, so you can
use web sites and web proxies that require NTLM authorization.
ok and help from sthen, merdely; 'schaweet' marco
HTML::SiteTear make a separated copy of a part of web site in local file
system. All linked files (HTML file, image file, javascript, cascading
style shieet) from a source HTML file will be copied under a new file.
from Girish Venkatachalam
feedback merdely@
ok merdely@, okan@
pQuery is a pragmatic attempt to port the jQuery JavaScript framework to
Perl. It is pragmatic in the sense that it switches certain JavaScript
idioms for Perl ones, in order to make the use of it concise. A primary
goal of jQuery is to "Find things and do things, concisely". pQuery has
the same goal.
from Girish Venkatachalam
ok merdely@, okan@
HTML::Copy copy a HTML file without breaking links in the file.
HTML::Copy will be useful to maintain web sites and to handle HTML
templates.
from Girish Venkatachalam
feedback & ok okan@, mederly@
This module removes unnecessary whitespace from JavaScript code. The
primary requirement developing this module is to not break working code:
if working JavaScript is in input then working JavaScript is output. It
is ok if the input has missing semi-colons, snips like '++ +' or '12
.toString()', for example.
from Girish Venkatachalam
ok merdely@, okan@
This module removes unnecessary whitespace from CSS. The primary
requirement developing this module is to not break working stylesheets:
if working CSS is in input then working CSS is output.
from Girish Venkatachalam
ok merdely@, okan@
- Maintenance update of XCache, also tested by myself.
from me:
- adjust for /var/www/conf/php5 symlinks
- add re2c as BUILD_DEPENDS, configure picks it up if installed
ok brad@ (maintainer)
where users are supposed to create symlinks to config file fragments
in ../php5.sample, otherwise the symlinks are destroyed when someone
updates php5/core.
ok brad, seems ok to landry.
This module improves non-ascii filename interoperability of Apache
(and mod_dav).
It seems many WebDAV clients send filename in its platform-local
encoding. But since mod_dav expects everything, even HTTP request line,
to be in UTF-8, this causes an interoperability problem.
This module adds following directives:
EncodingEngine, SetServerEncoding, AddClientEncoding,
DefaultClientEncoding, and NormalizeUsername.
- allow autogen passwords for new users
- put the names of roles more often on the rights page.
- extra hook for jquery_update, to avoid having to overwrite jquery
PEOPLE WHO TESTED drupal BEFORE:
You *must* disable extra modules and themes from a working drupal install
before the update, and reenable them afterwards.
If you forgot to,
- ln all the stuff in sites/all/modules and sites/all/themes to modules and themes
- check your site runs again, disable extra stuff
- remove the links and re-enable stuff.
okay naddy@
Typo is a lean weblogging engine powered by rails. It supports XMLRPC
posting, ping/trackback, comments, textile, markdown, categories, all
common exports, fulltext search and so on.
From maintainer Paul Irofti.
checkValidHTTPHeader assumes the whole header is ascii, while only
token should be
adapted from snownews, liferea reuses network support code
ok maintainer Wiktor Izdebski
