Commit Graph

52 Commits

Author SHA1 Message Date
naddy
ae76d3ea1f SIZE 2005-01-05 17:21:50 +00:00
alek
5364a42ec5 Add WANTLIB markers 2004-12-11 13:29:20 +00:00
alek
b068d3d2f4 - Kill DEINSTALL
- Replace INSTALL with @samples
- Remove @extra
- Bump PKGNAME

looks ok sturm@
2004-11-28 17:07:43 +00:00
espie
b893ad5d98 new style conflicts 2004-09-18 13:06:43 +00:00
espie
e44839e34b new plists.
comment out netscape-dynmotif, since we don't have the required motif lib.
2004-09-15 18:49:48 +00:00
xsa
604140b5ba more @extra fun ... 2004-04-13 21:27:01 +00:00
naddy
112339c1d4 remove WWW lines 2003-12-15 21:54:59 +00:00
pvalchev
1192f33af7 mark chipmunk & analog as conflicting; pt. out by wcobb
chipmunk has the 'analog' utility and there are problems with
renaming it, thus no good way of solving this conflict otherwise
2003-11-18 00:20:31 +00:00
sturm
e77d2a5175 license markers and some corrections 2003-10-18 19:44:41 +00:00
naddy
69107b5263 update to 5.32; from Stoyan Zhekov <zhware@saku2.com> 2003-06-22 21:29:24 +00:00
naddy
73b0998d3c No regression tests available. 2002-10-29 01:30:41 +00:00
mpech
a8924e572b Remove Oleg Safiullin from MAINTAINERS.
form@ ok
2002-09-01 18:49:00 +00:00
form
cb18d56d3a update to 5.24 2002-06-26 04:07:16 +00:00
form
d57fd5fdbc Upgrade to 5.23 (form interface security fix). 2002-05-15 02:14:19 +00:00
espie
d900d189e1 Bump NEED_VERSION 2002-03-21 21:25:50 +00:00
form
f77f85dd37 upgrade to 5.22
SECURITY ADVISORY                                      20th March 2002
----------------------------------------------------------------------
Program: analog
Versions: all versions prior to 5.22
Operating systems: all
----------------------------------------------------------------------
Yuji Takahashi discovered a bug in analog which allows a cross-site
scripting type attack.

It is easy for an attacker to insert arbitrary strings into any web
server logfile. If these strings are then analysed by analog, they can
appear in the report. By this means an attacker can introduce
arbitrary Javascript code, for example, into an analog report produced
by someone else and read by a third person. Analog already attempted
to encode unsafe characters to avoid this type of attack, but the
conversion was incomplete.

Although it is not known that this bug has been exploited, it is easy
to exploit, and all users are advised to upgrade to version 5.22 of
analog immediately. The URL for analog is http://www.analog.cx/
I apologise for the inconvenience.

Thank you to Yuji Takahashi, Motonobu Takahashi and Takayuki Matsuki
for their help with this bug.

                                                        Stephen Turner
                                         analog-author@lists.isite.net
2002-03-20 13:09:29 +00:00
form
c8e6ea89c9 upgrade to 5.21 2002-03-01 10:07:25 +00:00
form
b21de6366f upgrade to 5.1 2001-11-22 11:10:39 +00:00
form
9bd965814b upgrade to 5.03 2001-08-13 03:44:39 +00:00
form
bf1c914d7a upgrade to 5.02
http://www.reverse.net/analog/ -> http://redmoon.reverse.net/analog/
There seems to be a problem with analog.cx's website, so
put mirrors ahead and temporarily change HOMEPAGE.

Thanks to Jeff Bachtel <Jeff.Bachtel@isc.tamu.edu>
2001-07-03 02:24:13 +00:00
form
39d8f16d44 upgrade to 5.01 2001-05-20 05:56:36 +00:00
form
8c3046a465 move COMMENT to Makefile 2001-03-29 09:52:20 +00:00
form
311a300952 Missed in last commit. 2001-02-27 03:48:50 +00:00
form
0079eab07b Use SYSCONFDIR instead of hardcoded /etc; naddy@ 2001-02-27 03:46:23 +00:00
form
3ffad06f7c Update to 4.16.
Fixed buffer overflow.

>SECURITY ADVISORY                                   13th February 2001
>----------------------------------------------------------------------
>Program: analog
>Versions: all versions except 4.16 and 4.90beta3
>Operating systems: all
>----------------------------------------------------------------------
>There is a buffer overflow bug in all versions of analog released
>prior to today. A malicious user could use an ALIAS command to
>construct very long strings which were not checked for length.
>
>This bug is particularly dangerous if the form interface (which allows
>unknown users to run the program via a CGI script) has been installed.
>
>This bug was discovered by the program author, and there is no known
>exploit. However, users are advised to upgrade to one of the two safe
>versions immediately, especially if they have installed the form
>interface. The URL is http://www.analog.cx/
>
>I apologise for the inconvenience.
>                                                        Stephen Turner
2001-02-25 08:04:05 +00:00
form
64e82fecfa fix PLIST 2001-01-27 10:26:38 +00:00
form
e6b3c0df6c upgrade to 4.14 2001-01-23 11:37:44 +00:00
form
cf210ccbab Upgrade to 4.13 2000-12-22 10:55:03 +00:00
naddy
abfa9851a8 If HOMEPAGE is defined in Makefile, reference it in DESCR, too.
authorized by espie@

Fix a few minor cosmetic issues along the way.
2000-12-21 21:20:34 +00:00
form
9e65d3c443 add full name to MAINTAINER 2000-10-09 06:50:25 +00:00
form
1c122d39ff fix compiling; turan@
add HOMEPAGE
2000-06-16 03:32:24 +00:00
form
bf7a0796c3 remove FAKE=yes 2000-06-15 05:37:11 +00:00
form
e6d76ad7f4 upgrade to 4.11
install examples
2000-05-31 18:48:37 +00:00
form
663876fb09 upgrade to 4.1 2000-04-01 17:23:54 +00:00
form
ecdca085b0 Upgrade 4.04. 2000-03-22 10:37:15 +00:00
form
4d5be7f9d8 Upgrade to 4.03.
Fake.
PERMIT_*
2000-03-20 11:04:48 +00:00
turan
3c4165d831 again 2000-03-03 12:43:46 +00:00
turan
03325804f1 broken, installs files automatically in /etc 2000-03-03 11:25:05 +00:00
form
124cb55ce6 update to 4.02 2000-02-16 20:10:32 +00:00
espie
4420842031 All the Makefiles cvs missed first time around... 2000-02-16 10:52:08 +00:00
form
32e033aaa8 Update to 4.01. 1999-12-20 03:04:44 +00:00
form
eb18dd76ca add missing patch 1999-12-13 17:30:30 +00:00
form
663f31d987 update to 4.0 1999-12-13 17:26:55 +00:00
form
75847d18a5 update to 3.32 1999-09-16 14:09:25 +00:00
form
ad72b49b62 Update to 3.31. 1999-07-05 19:35:57 +00:00
espie
7856893b06 Lots of crisper comments... 1999-04-20 16:07:56 +00:00
brad
edfc222a46 - change email addresses, form@ to ports@
- remove unnecessary comments
1999-04-09 04:11:45 +00:00
marc
3e45db1680 add sha1 and rmd160 checksum to the existing md5 sums for all files;
Porters: please make sure you use bsd.port.mk 1.75 or later when
updating ports.  That version of the makefile adds all sums.  Previous
versions of the makefile will still work for people installing ports.
1999-03-04 05:55:44 +00:00
fgsch
1d37567787 Update to 3.11. Change master sites. 1999-02-24 06:07:26 +00:00
form
7c4ea1f82d update to 3.1 1998-11-10 05:06:35 +00:00