"This release closes a JSON XSS vulnerability, fixes a couple of
minor regressions introduced in 1.2.4, and backports a handful of
features and fixes from the 2.0 preview release.
All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5,
though it isn't strictly necessary if you aren't working with JSON.
For more information the JSON vulnerability, see CVE-2007-3227."
* Use the right config dir, allowing something else than /etc as side effect
* Reorder entries
* Bump package
jasper@ ok; maintainer is on holidays but jasper believes he'll be ok
with this, so commiting with his bless.
mplayerplug-in is a browser plugin that uses mplayer to play digital
media from websites.
This plug-in gives Mozilla the ability to play media from a website the
net without reading the source html and getting the url manually. Media
is played embedded in the page or in a separate window depending on how
the author of the webpage intended the media to be seen.
from Gleydson Soares <gsoares at trusted.com.br> (MAINTAINER)
feedback and ok steven@
Plagger is a pluggable RSS/Atom feed aggregator and remixer platform.
Everything is implemented as a small plugin and all you have to do is to
write a flow of aggregation, filters, syndication, publishing and
notification plugins into a config file (YAML).
ok jasper@
Squid 2.6. It's not the default in squid.conf but can be enabled, and
it's useful e.g. when you are using squid through dansguardian, in order
to keep/show the source address of the client in the logs (otherwise,
squid thinks that everything comes from dansguardian).
ok brad@
LWP::Authen::Wsse allows LWP to authenticate against servers that are
using the X-WSSE authentication scheme, as required by the Atom
Authentication API.
ok jasper@
"This release contains additional deprecation notices, security
fixes and some minor performance improvements. All users of 1.2.3
are advised to upgrade."
Major changes compared to the Turba H3 (2.1.4) version are:
* Fixed adding contacts to a new contact list.
* Updated Czech, Estonian, German, Polish, Simplified Chinese, and Spanish
translations.
* Small bugfixes and improvements.
The full list of changes (from version H3 (2.1.4)) can be viewed here:
http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.106&r2=1.181.2.113&ty=h
Tikiwiki (Tiki) is free, full-featured Content Management System (CMS).
With Tiki, you can create online applications, web sites, portals,
intra/extranets, and just about anything else. It features:
* Wikis (like Mediawiki)
* Forums (like phpBB)
* Blogs (like WordPress)
* Articles (like Digg)
* Image Gallery (like Flickr)
* Map Server (like Google Maps)
* Link Directory (like DMOZ)
* Translation and i18n (like Babel Fish)
* and much more... all unified
rewordings by and ok bernd@
CGI::SSI is meant to be used as an easy way to filter shtml through CGI
scripts in a loose imitation of Apache's mod_include. If you're using
Apache, you may want to use either mod_include or the Apache::SSI module
instead of CGI::SSI. Limitations in a CGI script's knowledge of how the
server behaves make some SSI directives impossible to imitate from a CGI
script.
ok merdely@
This module is a simple HTML parser. It is similar in concept to
HTML::Parser, but it differs from HTML::TreeBuilder in a couple of
important ways.
ok merdely@
FastCGI - a standards based protocol for communicating with
applications that generate dynamic content for web pages.
FastCGI provides a superset of CGI functionality, but a subset of the
functionality of programming for a particular web server API.
Nonetheless, the feature set is rich enough for programming virtually
any type of web application, but the result is generally more
scalable.
Original suggestion from Roland Philippsen
Advice from steve@ and mbalmer@
Help and ok, simon@
development and clean, pragmatic design.
Developed and used over two years by a fast-moving online-news
operation, Django was designed to handle two challenges: the intensive
deadlines of a newsroom and the stringent requirements of the
experienced Web developers who wrote it. It lets you build
high-performing, elegant Web applications quickly.
From Darrin Chandler (MAINTAINER)
Testing and help from Will Maier and myself
ok steven@
fixes various vulnerabilities:
CVE-2007-3847, CVE-2007-1863, CVE-2007-3304, CVE-2006-5752, CVE-2007-1862
more details can be found at:
http://www.apache.org/dist/httpd/CHANGES_2.2.6
ok merdely@
de-spam pkg_delete by @comment'ing /var/www/lib/php/modules
(this dir should probably move from php5/extensions,-main to php5/core).
ok maintainer (bsd at openbsd dot rutgers.edu), naddy@
Apache::Session::Generate::UUID extends Apache::Session to allow you to
create UUID based session ids. This module fits well with long-term
sessions, so better using RDBMS like MySQL for its storage.
feedback & ok merdely@
the ini file. package version not bumped as no plist_db conflicts or
package change (it just failed to build if safe mode was enabled in
/var/www/conf/php.ini).
checked pear modules and stuff.
"please build all the pear modules and stuff if it works
ok robert@"
nginx [engine x] is a HTTP server and IMAP/POP3 proxy server.
The basic HTTP features:
* Handling of the static files, index files, and autoindexing
* Accelerated reverse proxying without caching, simple load
balancing and fault tolerance
* Accelerated support without caching of the remote FastCGI
servers, simple load balancing and fault tolerance
* Modular architecture, filters including gzipping, byte
ranges, chunked responses, and SSI-filter; Several subrequests
in one page handling in SSI-filter via FastCGI or proxy
running in parallel
* the SSL support
The IMAP/POP3 proxy server features:
* User redirection to IMAP/POP3 backend using an external HTTP
authentication server
* Plain text authentication (LOGIN, USER/PASS)
* SSL and STARTTLS support
ok and help steven@
This module aims to be a full implementation of a an object-oriented
interface to the Audioscrobbler WebService API (as available on
http://www.audioscrobbler.net/data/webservices/). The module fully
supports data caching and, thus, complies to the service's recommended
usage guides.
ok simon@
This is an Apache module that implements the SCGI protocol. The SCGI
protocol is a replacement for the Common Gateway Interface (CGI)
protocol. It is a standard for applications to interface with HTTP
servers. It is similar to FastCGI but is designed to be easier to
implement.
from Jeremy Evans, with tweaks by me
Although using the conventional LWP::UserAgent is fast and easy it does
have some drawbacks - the code execution blocks until the request has
been completed and it is only possible to process one request at a time.
HTTP::Async attempts to address these limitations.
WebGUI is a content management platform built to give average business
users the ability to build and maintain complex web sites. It is
modular, pluggable, and platform independent. It is designed to keep the
management of content in the hands of those who create content, rather
than take up the time of busy IT staff.
libapreq is a safe, standards-compliant, high-performance library used
for parsing HTTP cookies, query-strings and POST data. The original
version (libapreq-1.X) was designed by Lincoln Stein and Doug
MacEachern. The perl APIs Apache::Request and Apache::Cookie are the
lightweight mod_perl analogs of the CGI and CGI::Cookie perl modules.
HTML::TagFilter is a subclass of HTML::Parser with a single purpose:
it will remove unwanted html tags and attributes from a piece of text.
It can act in a more or less fine-grained way - you can specify
permitted tags, permitted attributes of each tag, and permitted values
for each attribute in as much detail as you like.
vtiger CRM is an enterprise-ready open source CRM software mainly for
small and medium businesses. vtiger CRM is built over proven, fast, and
reliable technologies and open source projects.
vtiger CRM leverages the benefits of open source software and adds more
value to the end-users by providing many enterprise features, such as
sales force automation , customer support & service , marketing
automation, inventory management, multiple database support, security
management, product customization, calendaring, e-mail integration,
add-ons, and others.
vtiger CRM also provides, enterprise grade business productivity
enhancement add-ons, customer portal , Outlook plug-in for Microsoft
Outlook users, Office plug-in for Microsoft Word users, and Thunderbird
extension for Thunderbird mail users. All these add-ons are part of the
vtiger CRM open source project in SourceForge.net.
ok jasper@
fixes many vulnerabilities just as usual. for more information
read http://www.php.net/releases/5_2_3.php
add a no_suhosin pseudo-flavor because horde has some problems
with the suhosin security patchset
Liferea is an aggregator for online news feeds. There are many other
news readers available, but these others are not available for Unix or
require many extra libraries to be installed. Liferea tries to fill this
gap by creating a fast, easy to use, easy to install news aggregator for
GTK/GNOME.
joint work with Wiktor Izdebski <vicviq at gmail.com>
ok martynas@
TurboGears brings together four major pieces to create an easy to
install, easy to use web megaframework. It covers everything from
front end (MochiKit JavaScript for the browser, Kid for templates
in Python) to the controllers (CherryPy) to the back end (SQLObject).
ok simon@, jasper@
Tntnet is a web application server for web applications written in C++.
You can write a Web-page with HTML and with special tags you embed
C++-code into the page for active contents. These pages, called
components are compiled into C++-classes with the ecpp-compilier
"ecppc", then compiled into objectcode and linked into a shared library.
This shared library is loaded by the webserver "tntnet" on request and
executed.
ok martynas@
A pluggable command-line frontend, including commands to setup
package file layouts.
It includes some built-in features:
- Create file layouts for packages. For instance, paste create
--template=basic_package MyPackage will create a setuptools-ready
file layout;
- Serving up web applications, with configuration based on paste.deploy.
ok jasper@ (who also suggested NO_REGRESS)
Paste Deployment is a system for finding and configuring WSGI
applications and servers. For WSGI application consumers it provides
a single, simple function (loadapp) for loading a WSGI application
from a configuration file or a Python Egg. For WSGI application
providers it only asks for a single, simple entry point to your
application, so that application users don't need to be exposed to
the implementation details of your application.
ok jasper@
Python Paste brings consistency to Python web development and web
application installation, providing tools for both developers and
system administrators.
ok jasper@
a user named "log"; from sarg bugtracker via freebsd
also, fix sprintf and rcs id; from maintainer Douglas Santos
thanks to aanriot@, who found some errors when i merged Douglas
Santos diff
ok aanriot@ and maintainer Douglas Santos
- tweak pkg/MESSAGE
- mirror the distfiles since the main server can be capricious sometimes
- use the apache-module framework; work done by simon@ (big thank to him)
"looks good" simon@
upgraded and didn't use mergemaster;
- remove lines, related to debug build and fd in README.OpenBSD;
help from sturm@, kurt@, espie@, naddy@
ok kurt@, sturm@
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.1.2
- be-BY, ca-AD, fr-FR, he-IL, ru-RU are gone;
- new el-GR, pt-BR language packs;
- WANTLIB for xenocara;
- use the combination of find(1) and install(1) to install the
{DATA,DIST}FILES, as suggested by kurt@;
- remove the two patches that are already upstream;
- fmt;
ok kurt@ naddy@
currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and
Solaris. It filters the actual content of pages based on many methods
including phrase matching, PICS filtering and URL filtering. It does not
purely filter based on a banned list of sites like lesser totally
commercial filters.
from Bartosz Ku??ma <i486@o2.pl>.
ok ajacoutot@
for Squid. It can be used to limit the web access for some users, block
access to URLs, redirect trafic, etc.
from Claudio Correa <correa@pucpcaldas.br>, thanks.
modular session management system across HTTP requests. Persistency is a
key feature for such applications as shopping carts,
login/authentication routines, and application that need to carry data
across HTTP requests. CGI::Session does that and many more.
from Jason Crawford <jasonrcrawford@gmail.com>
CherryPy allows developers to build web applications in much the
same way they would build any other object-oriented Python program.
This usually results in smaller source code developed in less time.
CherryPy is now more than three years old and it is has proven very
fast and stable. It is being used in production by many sites, from
the simplest ones to the most demanding ones.
can be used separately from the form generation. The validation
works on compound data structures, with all parts being nestable.
It is separate from HTTP or any other input mechanism.
