#911194 Unable to automatically insert auto_increment values
#911297 Incorrect displaying of HTML text in in-line edition mode
#918163 Fieldnames don´t appear on csv export with selected rows
#918363 The Server Information box does not include Chive Version
#911136 Security vulnerability fix
(fix committed in http://bazaar.launchpad.net/~fusonic/chive/1.0/revision/417,
bug report is hidden - missing html escaping in table names etc)
- 3.0.4 was generating bogus 'delete' commands in some cases;
I noticed this when trying to use memcache as a session storage
backend with Roundcube webmail - this update fixes this.
SlowHTTPTest is a highly configurable tool that simulates some
Application Layer Denial of Service attacks.
It implements most common low-bandwidth Application Layer DoS attacks,
such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist
timer exploit) by draining concurrent connections pool, as well as Apache
Range Header attack by causing very significant memory and CPU usage on the
server.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP
protocol, by design, requires requests to be completely received by the
server before they are processed. If an HTTP request is not complete, or if
the transfer rate is very low, the server keeps its resources busy waiting
for the rest of the data. If the server keeps too many resources busy, this
creates a denial of service. This tool is sending partial HTTP requests,
trying to get denial of service from target HTTP server.
Slow Read DoS attack aims the same resources as slowloris and slow POST,
but instead of prolonging the request, it sends legitimate HTTP request and
reads the response slowly.
- Buffer overflow when pasting too long text from clipboard to dialog
boxes (not remotely exploitable)
- A write out of allocated memory in the graphics renderer
(potentially exploitable)
- An infinite loop when parsing invalid usemap specification in text and
graphics mode (can cause browser lockup, but not otherwise exploitable)
- Accesses out of memory in the xbm decoder (potentially exploitable)
Also drop dip.c patch to resolve crashes with libpng 1.5, upstream
appears to have fixed this separately in the update to 2.5.
Thanks jasper@ for additional testing.
Using Catalyst::Plugin::FormValidator is not recommended as the module
takes over the global $c->form method, rather than being applicable in
only part of your Catalyst application. Furthermore,
Data::FormValidator itself is not recommended for use.
from Andreas Voegele
Catalyst::Plugin::Cache::Store::FastMmap is deprecated because
Cache::FastMmap no longer needs to be wrapped to store plain values.
from Andreas Voegele
Fixes Catalyst with Moose 1.24+, this has been broken in the tree for a
while.
This and the many related updates to follow are all from Andreas Voegele's
repo at https://github.com/voegelas/openbsd-mystuff, thanks Andreas, this must
have been a huge bunch of work. I have forked this at github/sthen/p5-ports-wip
and am removing things from there once committed, there are various additional
new perl ports there and it would be nice if people could help work through
what's left.
Plack::Test::ExternalServer allows your to run your Plack::Test tests
against an external server instead of just against a local application
through either mocked HTTP or a locally spawned server.
Plack::Middleware::ReverseProxy resets some HTTP headers, which were
changed by reverse-proxy. You can specify the reverse proxy address and
stop fake requests using the 'enable_if' directive in your app.psgi.
Adds a "COMPONENT" method to your Catalyst component base class that
reads the optional traits parameter from app and component config and
instantiates the component subclass with those traits using
"new_with_traits" in MooseX::Traits from MooseX::Traits::Pluggable.
Catalyst::Plugin::Cache::Store::FastMmap is deprecated because
Cache::FastMmap no longer needs to be wrapped to store plain values.
from Andreas Voegele's repo
Catalyst::Plugin::Cache::FileCache has been deprecated in favor of
Catalyst::Plugin::Cache, which can be configured to use a FileCache
backend.
from Andreas Voegele's repo
- disable static libs, shrinks package size by a factor 3
- now depends on geoclue for geolocation purposes (of course its up to
the browsers to enable the feature or not..)
- simplify Makefile/FLAVORS/SHARED_LIBS
- fold most of the PFRAGs to PLIST by using variables
- remove patch-Source_JavaScriptCore_runtime_JSValue_h, seems it was
added for sparc64 but now it breaks the build there, and noone has been
able to justify the addition of that patch. Without it, GtkLauncher
shows simple html websites on sparc64 and crashes as soon as some js is
involved, but thats not much different from before
- remove patch-Source_JavaScriptCore_wtf_text_StringHash_h &
patch-Source_JavaScriptCore_wtf_text_StringImpl_cpp, replaced by
patch-Source_JavaScriptCore_runtime_UString_h for mips64/sparc64
- add patch-Source_JavaScriptCore_wtf_NumberOfCores_cpp for #82585
tested on i386/amd64 by several, amd64 bulk build, ppc & sparc64 testing
by myself. mips64el in the works..
ok ajacoutot@
fcgi-cgi is a wrapper around CGI applications to support running them under
FastCGI for use with webservers such as nginx and lighttpd 2.x which do not
support running cgi scripts/binaries directly.
MESSAGE->README, mostly from Johan Huldtgren with tweaks by me
Readd missing '@comment no checksum' lines
Add config fragments for nginx, from Johan Huldtgren
- add rss.tpl & rss_item.tpl
- install the new 'bright' template
- copy navdirectory.tpl from 'bright' to other templates since it's
missing (also debian bug #645356)
- bump
- Fixes MFSA 2012-12->19
- see http://www.seamonkey-project.org/releases/seamonkey2.8/
- complete patchset for #691898, still fixes build on ppc (and hopefully
commited in firefox 14...)
- add patchset from #706955, workarounds #669050 (xpcshell hangs during
make install and chokes on CSPUtils.csm, threads related..)
- remove obsolete/commited patches
- Fixes MFSA 2012-12->19
- see http://www.mozilla.org/en-US/firefox/11.0/releasenotes/
- complete patchset for #691898, still fixes build on ppc (and hopefully
commited in firefox 14...)
- add patchset from #706955, workarounds #669050 (xpcshell hangs during
make install and chokes on CSPUtils.csm, threads related..)
- remove obsolete/commited patches
ownCloud gives you easy and universal access to all of your files.
It also provides a platform to easily view, sync and share your
contacts, calendars, bookmarks and files across all your devices.
ok robert@
- remove dep on gtar
- patch config.php-dist & update.php to use MODPHP_BIN
- fix perms in PLIST, use @owner www for dirs where tt-rss writes
- switch MESSAGE to README, and improve the latter
- provide an rc script for the daemon updating the feeds
ok ajacoutot@
- huge cleanup of README, use PKG_DBDIR pkg_add -B to hint people how to
properly install A::G and its deps in apache's chroot, instead of
manually copying the deps/modules.
- set EPOCH=0, since 1.0RC3 wasn't a proper version
- provide an apache-gallery.conf @sample in conf/modules.sample, as other
www ports do, instead of a VHost to copy/paste
- add UNMESSAGE telling how to completely disable/remove A::G
ok ajacoutot@