* [NEW] Custom keybound prompts (keybinding = :cmd,key)
* [NEW] Custom uri handling (custom_uri)
* [NEW] Setting to disable proxy at startup (http_proxy_disable)
* [NEW] Setting to cache HTTPS certificates and present warnings when
certificates change to help prevent MITM attacks (warn_cert_changes)
* [NEW] Tab number and proxy enabled notifications (statusbar_elems)
* [NEW] Setting to change default stylesheet used for the userstyle
and userstyle_global commands (usersytle)
* [NEW] Both userstyle and userstyle_global commands may take an
optional argument to a user-specified stylesheet
* [NEW] Setting to change the style of the statusbar to switch between
the page URL and title (statusbar_style)
* Runtime settings are unsettable with ':set setting ='
* Fix some display bugs with the statusbar
* HTML escape text before displaying with about:set, <file> now shows
correctly
* Fix unsetting the statusbar color when opening the command prompt
And a lot of others.
Tested on amd64.
Ok kili@ aja@
minor SHLIB bump
introduce SOGOLIBDIR variable to be used in PLIST, update hint from README:
Upgrade SOGo from < 1.3.16
=======================================
New password schemes were introduced. You may want to set the
userPasswordAlgorithm default, i.e.:
$ defaults write sogod userPasswordAlgorithm ssha
* checking: Catch any errors initializing the MIME database.
* checking: Fix writing temporary files.
* checking: Properly handle URLs with user/password information.
And others.
Delete --no-compile to build pyc and add devel/desktop-file-utils
Tested on i386.
Ok Amit Kulkarni (maintainer) aja@
* Fixes an issue where a theme's page templates were sometimes not detected.
* Addresses problems with some category permalink structures.
* Better handling for plugins or themes loading JavaScript incorrectly.
* Adds early support for uploading images on iOS 6 devices.
* Allows for a technique commonly used by plugins to detect a
network-wide activation.
* Better compatibility with servers running certain versions of PHP
(5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which
had caused warnings or in some cases prevented emails from being sent.
* Privilege Escalation/XSS. Critical. Administrators and editors in
multisite were accidentally allowed to use unfiltered_html for 3.4.0.
And others, tested on i386 and amd64.
Ok merdely@ (maintainer) aja@
Bacula-Web is a web based tool written in PHP that provides a
summarized view of the bacula backup infrastructure. It obtain this
information from the bacula catalog's database.
This tool provides you informations on the last day jobs status, media
and pool usage, catalog size usage, etc.
ok jasper@
If the proxy server is running on the same subnet as the clients, the
return traffic from the proxy will go directly back to them without
ever hitting the firewall, which means the states will never get updated
and may fill-up your pflog(4) with blocked attempts. To circumvent this
the "no state" option needs to be specified for the route-to rule.
ok Brad, intput/ok sthen@ (maintainer)
"Desc: Input passed via the parameter 'sortby' is not properly
sanitised before being returned to the user or used in SQL queries.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code. The param 'num' is vulnerable to a XSS issue
where the attacker can execute arbitrary HTML and script code in
a user's browser session in context of an affected site."
Security issues require admin login.
Don't redirect errors to /dev/null and don't return true(1)
unconditionally. Instead, don't check for the existence of index.theme.
This will allow us to catch errors that may be happening because of a
missing dependency in the chain.
Some hidden issues may appear, in which case please contact me.
discussed with and ok blind jasper@
here is the new port and the new stuff:
* Fix a bug where not the entire saved cert wouldn't be checked
* Add an include_config setting to load additional configuration
settings
* Add option to display when a download completes
* Rewrite mutex implementation to work around some bogus buggy mutex
implementation messages
* Make bunch of settings work in runtime vs start-of-day
* Add option to select search engine when used the first time
* Add ctrl-enter to prefix www. and postfix .com
* Add stop keybinding
* Fix a bunch of tiny bugs and general code improvement
OK sthen@
Fixes some bugs and a security issue (SA49330).
Many improvements and new features.
Now the MySQL user needs also the LOCK permission.
ok jasper@ on a previous diff
turnaround projects like screen-scraping.
Original diff against py-beutifoulsup from wen heping, converted to
a stand alone port after some discussion in ports@.
This program allows to see in real-time (top-like) or from the start of
the server, stats for get, set, delete, increment, decrement, evictions,
reclaimed, cas command, as well as server stats (network, items, server
version) with googlecharts and server internal configuration. You can go
further to see each server slabs, occupation, memory wasted and items (key
& value). Another part can execute commands on any memcached server: get,
set, delete, flush_all, as well as execute any commands (like stats) with
telnet.
Racktables is a web-based database for datacenter and server room asset
management. It helps document hardware assets, network addresses, space in
racks, networks configuration and more.
if the SingletonLock file is available and valid.
The problem is that when chrome crashes one of the destructors fail to
remove the lockfile and then when you start chrome again, it will
try to communicate with the old PID of the chromium main process, because
the SingletonLock file will point to `hostname`-PID_of_old_chromium and
since that process is not running anymore, startup will fail.
- install tar.gz source, and patch node-gyp to use it rather than
attempting to download from the 'net when building a native extension,
from Aaron Bieber (maintainer).
- set V=1 in node-gyp to avoid hiding compiler command lines
(from me, ok jasper).
repoze.lru is a LRU (least recently used) cache implementation. Keys and
values that are not used frequently will be evicted from the cache
faster than keys and values that are used frequently.
ok rpoinel@
- See http://www.seamonkey-project.org/releases/seamonkey2.9/
- add patch-suite_installer_Makefile_in to avoid installing the SDk
(corollary of Tb's patch-mail_installer_Makefile_in)
- use MOZ_DEBUG_FLAGS="-Os" on ppc as done in Tb to avoid a
relocation overflow when linking libxul on ppc (reminded by aja@)
- see http://www.mozilla.org/en-US/firefox/12.0/releasenotes/ for details
- two patches moved (patch-widget_src_xpwidgets_nsPrintSettingsImpl_cpp
and patch-widget_src_gtk2_Makefile_in)
- add two new patches for bug #691898 (patch-js_src_jsapi_cpp and
/patch-js_src_jsprvtd_h)
- add patch-gfx_thebes_gfxPlatform_cpp to workaround regression
introduced in bug #715658, which prevents one from building against
systemwide cairo.
- patch-extensions_auth_nsAuthGSSAPI_cpp from bug #667325 got merged
- patch-js_src_js-config_h_in and patch-js_src_jscpucfg_h from #714312 got
merged
- patch-ipc_chromium_src_base_dir_reader_posix_ -from #714315 got merged
ok jasper@
I also added myself as maintainer (in addition to jim@), as
done for some of the previous updates (where i forgot to
mention it in the commit message).
Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It's a
pre-fork worker model ported from Ruby's Unicorn project. The Gunicorn
server is broadly compatible with various web frameworks, simply
implemented, light on server resource usage, and fairly speedy.
ok rpointel@
igal2 (the successor of igal) is a quick and easy program for placing
your images online with just one command-line. It generates a pretty
good-looking set of W3-compliant static HTML slides even with its
default settings. The slide show preloads the next image with JavaScript
- ideal for slower links.
ok sthen@
* Fixed assertion failure if Chunked encoding along with
Content-Length is used.
* Fixed clang and gcc-4.7 warning and errors.
* Fixed the bug that aria2 cannot read line longer than 4096 bytes
from the file specified by --input-file option.
While here USE_GROFF is not needed.
OK rpointel@ (maintainer), aja@
#911194 Unable to automatically insert auto_increment values
#911297 Incorrect displaying of HTML text in in-line edition mode
#918163 Fieldnames don´t appear on csv export with selected rows
#918363 The Server Information box does not include Chive Version
#911136 Security vulnerability fix
(fix committed in http://bazaar.launchpad.net/~fusonic/chive/1.0/revision/417,
bug report is hidden - missing html escaping in table names etc)
- 3.0.4 was generating bogus 'delete' commands in some cases;
I noticed this when trying to use memcache as a session storage
backend with Roundcube webmail - this update fixes this.
SlowHTTPTest is a highly configurable tool that simulates some
Application Layer Denial of Service attacks.
It implements most common low-bandwidth Application Layer DoS attacks,
such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist
timer exploit) by draining concurrent connections pool, as well as Apache
Range Header attack by causing very significant memory and CPU usage on the
server.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP
protocol, by design, requires requests to be completely received by the
server before they are processed. If an HTTP request is not complete, or if
the transfer rate is very low, the server keeps its resources busy waiting
for the rest of the data. If the server keeps too many resources busy, this
creates a denial of service. This tool is sending partial HTTP requests,
trying to get denial of service from target HTTP server.
Slow Read DoS attack aims the same resources as slowloris and slow POST,
but instead of prolonging the request, it sends legitimate HTTP request and
reads the response slowly.
- Buffer overflow when pasting too long text from clipboard to dialog
boxes (not remotely exploitable)
- A write out of allocated memory in the graphics renderer
(potentially exploitable)
- An infinite loop when parsing invalid usemap specification in text and
graphics mode (can cause browser lockup, but not otherwise exploitable)
- Accesses out of memory in the xbm decoder (potentially exploitable)
Also drop dip.c patch to resolve crashes with libpng 1.5, upstream
appears to have fixed this separately in the update to 2.5.
Thanks jasper@ for additional testing.
Using Catalyst::Plugin::FormValidator is not recommended as the module
takes over the global $c->form method, rather than being applicable in
only part of your Catalyst application. Furthermore,
Data::FormValidator itself is not recommended for use.
from Andreas Voegele
