Commit Graph

860 Commits

Author SHA1 Message Date
peter
3591c8a318 enable p5-Apache-ASP 2002-03-22 15:28:10 +00:00
peter
3d84d50d69 Initial import of Apache::ASP 2.31
"Apache::ASP provides an Active Server Pages port to the Apache Web
Server with Perl scripting only, and enables developing of dynamic
web applications with session management and embedded perl code."
2002-03-22 08:49:29 +00:00
espie
d900d189e1 Bump NEED_VERSION 2002-03-21 21:25:50 +00:00
brad
39748ff848 upgrade to Squid 2.5.PRE5 2002-03-21 21:17:54 +00:00
espie
5b37289c23 md5->distinfo 2002-03-21 19:59:18 +00:00
brad
df3237cd16 These ports are only useable on i386. 2002-03-21 14:21:30 +00:00
form
f77f85dd37 upgrade to 5.22
SECURITY ADVISORY                                      20th March 2002
----------------------------------------------------------------------
Program: analog
Versions: all versions prior to 5.22
Operating systems: all
----------------------------------------------------------------------
Yuji Takahashi discovered a bug in analog which allows a cross-site
scripting type attack.

It is easy for an attacker to insert arbitrary strings into any web
server logfile. If these strings are then analysed by analog, they can
appear in the report. By this means an attacker can introduce
arbitrary Javascript code, for example, into an analog report produced
by someone else and read by a third person. Analog already attempted
to encode unsafe characters to avoid this type of attack, but the
conversion was incomplete.

Although it is not known that this bug has been exploited, it is easy
to exploit, and all users are advised to upgrade to version 5.22 of
analog immediately. The URL for analog is http://www.analog.cx/
I apologise for the inconvenience.

Thank you to Yuji Takahashi, Motonobu Takahashi and Takayuki Matsuki
for their help with this bug.

                                                        Stephen Turner
                                         analog-author@lists.isite.net
2002-03-20 13:09:29 +00:00
couderc
216311823b Update comment, thanks jcs@ 2002-03-20 11:43:52 +00:00
brad
670c14f805 remove section which disables optimization, our compiler does not seem to have this bug. also fixes build on powerpc. 2002-03-19 15:20:07 +00:00
couderc
f8df742085 Add dillo 2002-03-18 14:39:23 +00:00
couderc
2c898eca3f Initial import of www/dillo
--
Dillo is a graphical web browser that's completely written in C,
very fast, small in code and binary. It basically depends on GTK+,
and renders a good subset of HTML, frames are managed same as lynx,
no jvm, no javascript.
2002-03-18 14:31:20 +00:00
espie
694ee2b937 Move konqueror-embedded files out of the way, so that no conflict is left. 2002-03-18 04:11:20 +00:00
espie
bacf19755d Fix (forgot to run update-patches) 2002-03-18 03:24:34 +00:00
brad
a1fd9c6a8f Enable these modules on alpha, powerpc and sparc64. 2002-03-17 05:04:36 +00:00
brad
ffb48943d1 Enable these modules on alpha, powerpc and sparc64. 2002-03-17 04:55:03 +00:00
espie
3a34c2326a Fix https 2002-03-17 00:57:53 +00:00
brad
f774579827 It's a bit unusual when I see in the Squid log that I'm supposedly running
i386-unknown-freebsd3.5 when I'm actually on a powerpc-unknown-openbsd3.0
system, turns out there is a stale auto-generated autoconf.h in the
distfile.
2002-03-16 19:05:26 +00:00
brad
10c5d0f6cd enable SEPARATE_BUILD 2002-03-16 18:18:30 +00:00
espie
58801953c6 +konqueror-embedded 2002-03-15 23:11:19 +00:00
espie
092ce92a3f snapshot of konqueror-embedded. Lean and mean.
Todo: fix things that don't work, like https. Look at core dumps.
Remove conflict with kdebase by renaming stuff.
2002-03-15 22:22:38 +00:00
danh
ba4c9ffd1e change strcat -> strlcat, strcpy -> strlcpy, sprintf -> snprintf 2002-03-15 20:50:04 +00:00
danh
572ea22601 mark BROKEN; security hole, contains buffer overflow 2002-03-15 17:43:14 +00:00
reinhard
079c738705 *) update to jserv 3.2.4 (sync with jakarta-tomcat 3.2.4)
*) mark BROKEN:
HANDLER THREAD PROBLEM: java.net.SocketException: Resource temporarily unavailable: Resource temporarily unavailable
java.net.SocketException: Resource temporarily unavailable: Resource temporarily unavailable
        at java.net.SocketInputStream.socketRead(Native Method)
        at java.net.SocketInputStream.read(SocketInputStream.java:90)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
        at org.apache.tomcat.service.connector.AJP12RequestAdapter.readNextRequest(Ajp12ConnectionHandler.java:233)
        at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:147)
        at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
        at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
        at java.lang.Thread.run(Thread.java:484)
2002-03-12 13:04:31 +00:00
reinhard
d8b5eee351 update to jakarta-tomcat 3.2.4 2002-03-12 12:57:28 +00:00
matt
cc4b42317d add zope-cmf 2002-03-12 02:57:43 +00:00
matt
e91d90caea add zope-cmf-1.2 2002-03-12 02:55:18 +00:00
naddy
a629aca91d fix distfile fetching for m17n flavor 2002-03-11 23:00:24 +00:00
naddy
5d4f4c933b Update to 0.3 and m17n-20020311. 2002-03-11 18:36:42 +00:00
naddy
5732519f3c Rename setpgrp() macro to avoid clash with function prototype.
This makes the m17n flavor build again.
2002-03-10 15:20:05 +00:00
brad
e710bfd4c3 add powerpc support, mostly related to ELF. 2002-03-10 07:44:43 +00:00
brad
dc1d731a87 drop the ampersand in the example 2002-03-09 18:11:16 +00:00
avsm
13141e0740 upgrade to php-4.1.2
closes a security issue in multipart form handling (buffer overflow)

temporarily disable the freetds flavour, since the m4 patch cannot
seem to be regenerated
2002-03-03 12:13:29 +00:00
form
c8e6ea89c9 upgrade to 5.21 2002-03-01 10:07:25 +00:00
brad
db7d8cd8ce - fix CONFIGURE_ARGS option to enable removal policies (heap)
- enable diskd
2002-03-01 04:36:29 +00:00
couderc
eb2180b8dd update maintainer 2002-02-28 20:06:27 +00:00
naddy
0190479afb Ping-pong. File descriptor sharing across rfork() is safely available
again, so re-enable asynchronous DNS lookups.
2002-02-27 18:43:34 +00:00
brad
53bf90fee3 security fixes
PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code.
- broken boundary check
- arbitrary heap overflow
--
Ok'd by: maintainer
2002-02-27 16:31:59 +00:00
naddy
d8c69489f7 +reportmagic 2002-02-27 01:02:58 +00:00
naddy
b2aa01ab84 Import reportmagic 2.13l; submitted by Sam Smith <s@msmith.net>.
This program is an add-on for Analog, which produces nice looking
reports from the analysis of your logfiles. It does not require
Analog to be installed, merely the output from analog to be available
2002-02-27 01:01:57 +00:00
brad
2a4d9f706b - rearrange
- pass in PKGNAME so the errors and icons notice/install messages do not
have some unexpected spaces
2002-02-21 21:03:52 +00:00
brad
ad5edec476 checksums changed for 2.5.PRE4, minor fix. 2002-02-21 16:53:07 +00:00
brad
108bbec985 use uid/gid of squid:squid instead of nobody:nogroup 2002-02-20 20:31:26 +00:00
brad
53133d4b10 upgrade to Squid 2.5.PRE4
- The port now runs as uid/gid of nobody:nobody instead of www:www
- This needs some testing, especially the transparent proxy support for PF
2002-02-20 01:17:03 +00:00
matt
788a7dead7 -zope-zpt 2002-02-15 19:58:47 +00:00
matt
f1c13aaf01 ZPT is part of Zope 2.5+ 2002-02-15 19:58:17 +00:00
matt
ce5fec9266 zope 2.5.0 2002-02-15 19:55:56 +00:00
matt
fa5b2ea85c Update Python dependencies. 2002-02-15 19:53:42 +00:00
reinhard
3e4a0c8dfd update to jakarta-tomcat 4.0.2 2002-02-15 09:31:03 +00:00
jakob
ebdbc335a8 transproxy is used with pf, not ipfilter; nick@wanadoo.be 2002-02-11 13:38:27 +00:00
naddy
dd6229bd08 Update to 2.22:
- Introduces support for streaming Ogg Vorbis files.
- Minor clean-ups.

Submitted by maintainer Nikolay Sturm <nikolay.sturm@desy.de>.
2002-02-07 12:21:39 +00:00