platforms. It doesn't do javascript, but who cares about web2.0 anyway ?
Sub-projects are :
- hubbub : HTML parser
- libcss : CSS parser and selection engine
- libnsbmp : BMP/ICO decoding library
- libnsgif : GIF decoding library
- libparserutils : utility library for parser building
- libwapcaplet : string internment library
Currently SIGBUS'es on sparc64 in libcss, being worked on with upstream.
Loosely based on a submission from Anthony J Bentley, reworked by myself.
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
The new plugin sandboxing code is disabled because :
- it only supports binary blobs plugins we don't have
- it is an horrible maze of #ifdef linux-apple-win32 coming straight
from an old version of chromium. Future versions should have better BSD
support..
tested by several on ports@, thanks!
libtool. Backport upstream svn r3779 + r3872 to correctly build with
xulrunner 1.9.2, and use ports libtool which does a way better job at
linking gecko.so than gnu libtool. This needs r1.120 of build/libtool.
but gecko-mediaplayer eated it^Wis its successor, so let's just drop
this abandoned upstream cruft. Its developer works on gecko-mediaplayer
anyway - so you should use it instead..
agreed/prodded by jasper@ dcoppa@ ajacoutot@ Gleydon Soares (MAINTAINER)
While here, install plugins in lib/mozilla/plugins which are new also
used/looked by firefox and friends, instead of the 'non-standard' (ie
openbsd-only hack) lib/mozilla-plugins. Mark SHARED_ONLY.
corresponding libs from SHARED_LIBS/PLIST. Bump minor and PKGNAME.
Bring in a pair of patches from xulrunner, and add a DIRECTORY variable
as done in xulrunner that is subst'ed in config/autoconf.mk.in.
sthen@ likes.
for unregister.sh in all the new ghc libraries (which leads to bogus
registered ghc packages after updates).
You can use the command
ghc-pkg check
to check ghcs internal package list. If it reports missing files
for some package (like hashed-storage-0.4.11), you can forcibly
unregister it by running (as root) something like
ghc-pkg unregister hashed-storage-0.4.11
ok dcoppa@
adding them to the PLIST. First, /var/run/* is cleaned upon reboot and
second /var/tmp/havp/ has a chance to get wiped out being in a temporary
dir.
ok giovanni@ (maintainer)
- update to 0.5.8
- backport upstream svn r3871 to let it build with latest gtk+2
- switch to xulrunner 1.9.x (breaks gecko backend while here)
- don't try to create a dbus server socket in a non-existent dir
It is still badly broken, as upstream doesn't seem to care about
shipping working stuff... but at least it builds and packages.
A CCK content field which lets you add a complete link to your content
types; including URL, title, and optionally a target attribute. The
link module is a one-stop content link "field" type for CCK.
ok landry@
- use SUBST_CMD instead of perl -pi -e
- use ${LOCALBASE}/${TRUEPREFIX}/${X11BASE} instead of the handpatched
_XXX_ ones
- harmonize default systemwide plugins/extensions search path to
lib/mozilla/{plugins,extensions} as done in other mozilla ports
- use SUBST_CMD instead of perl -pi -e
- use ${LOCALBASE}/${TRUEPREFIX}/${X11BASE} instead of the handpatched
_XXX_ ones
- harmonize default systemwide plugins/extensions search path to
lib/mozilla/{plugins,extensions} as done in other mozilla ports, but
keep lib/mozilla-plugins added to MOZ_PLUGIN_PATH atm.
harmonize default search paths for systemwide mozilla extensions and
plugins to ${LOCALBASE}/lib/mozilla/{plugins,extensions}. The
install.rdf files take care anyway of telling with which mozapp an xpi
extension is compatible.
it breaks loading png icons through gdk_pixbuf_new_from_file as gtk is
linked with systemwide png. This went unnoticed so far as firefox always
shipped a fallback xpm icon, but this is not the case anymore, so now
gtk_window_set_icon_list() is not called anymore, and the window manager
shows the default icon for firefox windows in taskbar/tasklists..
So add graphics/netpbm as a build dependency, do the necessary netpbm
magic in do-install to create the default.xpm from mozicon128.png, and
patch widget/src/gtk2/nsWindow.cpp to not try to load png icons.
While here fix icon path in desktop file, and add a comment about why we
don't use systemwide png.
www/firefox36 mostly by martynas@ and naddy@.
Note that the java plugin from devel/jdk currently doesn't work with this
version of firefox, in the meantime users really needed it will have to
use www/firefox35.
ok naddy@
The rules module allows site administrators to define conditionally
executed actions based on occurring events (known as reactive or ECA
rules).
ok landry@
Those days, the trend is to write/use minimal browsers that work in a
terminal. vteplugin takes the opposite direction and allows you to use
terminals in your npapi-compatible-bloated-web-browser, ie any
gecko/webkit web browser. It uses XEmbed to bundle a vte window in a
browser tab.
The Node Relationships module provides methods to complete two way
relationships between content types enhancing the features of node
reference fields by adding 'Node reference extras' and 'Automatic
back references'.
ok espie@ and landry@
This module provides an API to render an iframe within a modal dialog
based on the jQuery UI Dialog plugin. You should not install this module
unless another module requires you to, or you wish to use it for your
own custom modules.
ok espie@ and landry
A wrapper module around the jQuery UI effects library that lets module
developers add swooshy, swishy effects to their code. This is a utility
module that won't do anything on its own. See README.txt for how your
module can use it to add jQuery UI effects to your pages.
ok landry@ and espie@
Check uri instead of physical path for directory redirect.
Should fix alias handling for "/foo" => "/var/www/";
http://example.com/foo should result in a redirect to
http://example.com/foo/
Mollify is a web file manager for publishing and managing files
hosted in a web server of your choice. Different users can have
access to different files and with different permissions.
"This is a bug fix release to correct some issues with 2.9. If you are
using postgres DO NOT install Views 2.9. Install 2.10 instead. If you
are not experiencing these issues with 2.9 then you do not need to
update."
ok espie@
The CategoryTree extension provides a dynamic view of the wiki's category
structure as a tree. It uses AJAX to load parts of the tree on demand.
ok landry@
3.5/thunderbird 3 codebase. See for details:
http://www.seamonkey-project.org/releases/seamonkey2.0.4/
Backing up your profile before upgrading is recommended..
Update also largely based on www/firefox35 port.
Tested on i386/amd64/sparc64/powerpc by myself and on alpha by naddy@
ok naddy@
trouble for autoconf 2.62+; remove this workaround which now causes
the build to fail. No bump as the package doesn't change from the
version which last built successfully.
Build failure noticed by naddy@. 'make it so' jasper@, Brad ok.
MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
MFSA 2010-16 Crashes with evidence of memory corruption
The Puppet Dashboard is a Puppet web interface that provides node
management and reporting tools. Nodes can be exported in YAML format,
allowing the dashboard to be used as an external node classification
tool.
ok bernd@
installed, needed for the admin interface. ok ajacoutot@
- install blank sample logfiles, rather than make them a copy of
the sample index.html
- unbreak sample rc.local lines in MESSAGE-main (foo-bar isn't
a valid shell variable, foo_bar is)
all found by Rod Whitworth, thanks!
MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-01 Crashes with evidence of memory corruption
Also fix some corrupted $OpenBSD keywords, pointed out by sthen@
ok sthen@
breaking cd /usr/ports && SUBDIR=some/path make something for
category makefiles. While there, also put spaces around += uniformously.
okay naddy@, jasper@
and show how to check. This should change sometime, but the
fix is fiddly and for now we should let people know. Committing
now to make sure something is in pre-4.7.
Discussed with pval, this diff ok jasper@ landry@
http://www.vupen.com/english/advisories/2010/0090
(thanks fgsch@ for the link/notice)
Update to cherokee-0.99.39.
Remove debug FLAVOR and use ifdef DEBUG.
Add rrdtool to run_depends.
Byte-compile python modules so that they are registered in the PLIST.
Be careful as cherokee is not started using ${PREFIX}/sbin/cherokee, not
cherokee-guardian anymore.
Fernando Quintero (maintainer) ok
MESSAGE tweak and ok sthen@, ok jasper@
The purpose of the templating engine is to provide web application
developers, who need to separate program code and design (HTML code) of
their web application projects, with a templating tool that can be
easily used by cooperating webdesigners who have no programming skills.
Templating language provided by the engine is inspired by Perl
templating module HTML::Template. Templates created for HTML::Template
can be used with this engine in case they do not violate character case
rules of htmltmpl.
This package includes easydoc, a module which uses the templating engine
to generate HTML documentation from docstrings embedded in source files
of Python modules.
(needed by GNOME Development Monitor which I'm currently working on)
This extension works with MediaWiki instances setup behind HTTP
authentication. It pulls usernames from $_SERVER['PHP_AUTH_USER'].
The extension will then either log the user on to MediaWiki if the
user name exists in the database or create a new user if it does not.
"ok with me" jasper@, "yeah hell import it" landry@
Community-ID is an OpenID implementation in PHP which is OpenID 2.0
compliant. Users can keep track of their trusted sites and manage them.
For Community-ID administrators statistics are available to track
registration of new users, authorized users per day or the number of
trusted sites. Administrators can set the site in maintenance mode or
send emails to all registered users.
StatusNet (formerly Laconica) is a Free and Open Source microblogging
platform. It helps people in a community, company or group to exchange
short (140 character) messages over the Web. Users can choose which
people to "follow" and receive only their friends' or colleagues' status
messages. It provides a similar service to sites like Twitter, Jaiku,
Yammer, and Plurk.
not hooking it up to the builds yet, as it will need some more tweaking
to set up.
"This release contains a couple new features, including additional weekly
overtime policy types and accrual milestone rollover limits, as well as
several bugfixes."
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption
Net::SFTP::Foreign is a Perl client for the SFTP protocol version 3 as
defined in the SSH File Transfer Protocol IETF draft.
It uses any compatible ssh command installed on the system (for
instance, OpenSSH ssh) to establish the secure connection to the remote
server.
It is a lightweight alternative to p5-Net-SFTP.
WWW::IndexParser is a module that uses LWP to fetch a URL from a web
server. It then attempts to parse this page as if it were an auto
generated index page. It returns an array of WWW::IndexParser::Entry
objects, one per entry in the directory index that it has found. Each
Entry has a set of methods: filename(), time(), size(), and others if
supported by the autoindex generated: type() and size_units().
i386 and amd64 supported.
Chromium is an open-source browser project that aims
to build a safer, faster, and more stable way for all
Internet users to experience the web. http://www.chromium.org/
This is version 4.0.251.0 with a tarball already including hundreds
of patches by myself, Sprewell, Ben Laurie and others from the original
FreeBSD effort. See homepage for more details and known issue:
http://sightly.net/peter/openbsd/chromium/
(right now, there are i386 & amd64 -current packages there that can
be pkg_add'ed, links to the FreeBSD page for more info, etc)
The patches are being cleaned up and sent upstream in chunks, the
goal will be to have a clean tarball eventually. I _just_ got this
working earlier this week so it may crash and burn (especially on
amd64 as some parts do not appear 64-bit clean), let me know.
"commit it and let's work on it in-tree" espie@, robert@ & others
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption
This is a minimal screen scraping interface to the Drupal admin pages.
Its primary purpose (at the moment) is to provide a means to automate
drupal core upgrades.
Most of the methods in this class depend on English strings from the
pages' value fields, because WWW::Mechanize doesn't use id fields as
selectors. Thus, this module will most likely not work for sites with
a backend set to any non-English language.
ok jasper@ and landry@
