/var/www/pear and php modules go into /var/www/lib/php.
Everything else still lives outside the chroot
Also tidy up the pkg/INSTALL message while I'm here
Security bugfixes (surprise, surprise..):
Cross-site scripting vulnerabilities in the HTML filter were fixed.
A parsing bug was fixed where malformed address fields can cause
MHonArc to hang.
nsprpub/pr/src/misc/prnetdb.c: add OpenBSD to the list of OSes with getifaddrs()
nsprpub/pr/src/misc/prtime.c: OpenBSD's struct tm has two additional fields: tm_zone and tm_gmtoff.
ok pvalchev@
--
The HTML_Common package provides methods for HTML code display and
attributes handling.
1) Methods to set, remove, update HTML attributes.
2) Handles comments in HTML code.
3) Handles layout and tabs for nicer HTML code.
you can add/remove pear modules via pear.php.net
Note that some pear modules which were bundled with the old version of
this package are now separate ports (pear-Log especially)
- fixes two memory leaks, one serious
- quite some filter changes, upgraders beware!
- for details, see http://www.privoxy.org/announce.txt
from MAINTAINER
* tab browsing
* customizable mouse operations
* two-stroke keybinding
* undo for cursor moves
* background downloading
* data: URL support
* news:, nntp: newsgroup support
* folding lines for plain text
* listing of links
* setting default values for forms by pre_form
Also fix mimetypes typo; from J.A. Neitzel <jneitzel@bluemarble.net>.
--
cronolog is a simple filter program that reads log file entries from
standard input and writes each entry to the output file specified by a
filename template and the current date and time. When the expanded
filename changes, the current file is closed and a new one opened.
cronolog is intended to be used in conjunction with a web server, such
as Apache, to split the access log into daily or monthly logs.
WWW: http://www.cronolog.org
--
This version includes much improved character encoding support,
including support for Japanese, Chinese, UTF-8, and other encodings.
The flowed text conversion was improved.
There are security enhancements, mail address rewriting in message
bodies, and other new features and bugfixes.
Changelog: http://www.mhonarc.org/MHonArc/CHANGES
--
Changes:
PID and logfiles are handled correcty now, and more error messages
are produced when problems occur.
TCP tunnel capabilities were removed.
Further details on: http://tinyproxy.sourceforge.net/ChangeLog
brad@ ok
This version is NOT compatable with the older 1.0 series but since the
one port that uses the 1.0 series will be updated shortly this isn't much
of an issue.
ok todd@
--
SECURITY fix:
A cross-site scripting (XSS) vulnerability has been discovered for
all versions of MHonArc upto, and including, v2.5.13. A specially
crafted HTML mail message can introduce foreign scripting content
in archives, by-passing MHonArc's HTML script filtering.
brad@ ok
"Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> found another security
vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag
in img alt attribute, so malicious frame html may deceive you to
access your local files, cookies and so on."
--
This version fixes an URL CRLF Injection Vulnerability:
A CRLF injection vulnerability has been reported for Links that
may allow an attacker to include extra HTTP headers when viewing
web pages.
If Links is called from the command line, carriage return and line
feed (CRLF) characters may be included in the specified URL.
These characters are not escaped when the input is used to construct
a HTTP request.
URL: http://online.securityfocus.com/bid/5499/discussion/
espie@ brad@ ok
--
Perl module that provides an extension to HTML::Template
which allows expressions in the template syntax.
From: Jim Geovedi <jim@corebsd.or.id>
brad@ ok
submitted by Dan Weeks <danimal@danimal.org>
Privoxy is a web proxy with advanced filtering capabilities for protecting
privacy, filtering web page content, managing cookies, controlling access,
and removing ads, banners, pop-ups and other obnoxious Internet junk.
Privoxy has a very flexible configuration and can be customized to suit
individual needs and tastes. Privoxy has application for both stand-alone
systems and multi-user networks.
naddy@ OK
SECURITY: This fixes a vulnerability where w3m fails to escape HTML
tags in frame contents, so malicious frame HTML can deceive you and
access your local files, cookies and so on.
Submitted by Peter Galbavy <peter.galbavy@knowtion.net>.
This module is made for CGI scripting. It decodes the parameters
passed to the CGI. It does nothing more, so it's much smaller and
loads more quickly than CGI.pm.
A security vulnerability has been confirmed to exist in Apache Tomcat
4.0.x releases (including Tomcat 4.0.5), which allows to use a specially
crafted URL to return the unprocessed source of a JSP page, or, under
special circumstances, a static resource which would otherwise have been
protected by security constraint, without the need for being properly
authenticated. This is based on a variant of the exploit that was
disclosed on 09/24/2002.
The issue involves the security of the indexes of ZCatalog objects. A flaw
in the security settings of ZCatalog allows anonymous users to call arbitrary
methods of catalog indexes. The vulnerability also allows untrusted code to
do the same.
--
From: MAINTAINER
- include the domxml extension as a subpackage
- include some extra modules with PEAR which also disappeared
- only link against freetype1, not freetype2
from a buffer overflow.
- Pick up any plugins in lib/ns-plugins by default.
Issue pointed out by David Krause <openbsd@davidkrause.com>.
Principal changes ok kevlo@
Users are advised to install the www/flashplugin port for Flash support.
--
tinyproxy is a GPLed, lightweight HTTP/SSL proxy. Designed from the ground
up to be fast and yet small, it is an ideal solution for sites where a
full-featured HTTP proxy is required, but the system resources required to
run a more demanding HTTP proxy are unavailable. tinyproxy is fully compatible
with all existing web browsers, and has a number of useful features.
- patch for snmp to link with libdes
- stop libtool from helpfully mangling the ld.so hints file with
crap from the ports build directory by removing the finish_command
- MESSAGE file reflects phpxs command
- ltmain patch no longer needed
- move the php.ini extension lines to the end of the file
- introduce a new 'phpxs' command which enables/disables
modules from a shell without needing to manually edit php.ini
- libphp4.so now installs into the same module dir as the extensions
- php4-enable is now done by 'phpxs -s' so remove it
tested by wilfried@, feedback from naddy@
--
Nag is the Horde task list application. It stores todo items, things
due later this week, etc. It is very similar in functionality to
the Palm ToDo application.
--
Kronolith is the Horde calendar application. It provides a stable
and featureful individual calendar system for every Horde user, and
collaboration/scheduling features are starting to take shape. It
makes extensive use of the Horde Framework to provide integration
with other applications.
