- see http://www.seamonkey-project.org/releases/seamonkey2.16/
- fixes MFSA 2013-21->28
- provides a builtin pdf viewer (pdf.js)
- remove patch-mozilla_toolkit_system_gnome_nsGIOService_cpp (#805202), firefox
now properly links with gio instead of dlopening it
- remove patch-mozilla_toolkit_xre_nsXREDirProvider_cpp and
patch-mozilla_xpcom_io_nsAppFileLocationProvider_cpp, merged upstream (#803955)
- see http://www.mozilla.org/en-US/firefox/19.0/releasenotes/
- fixes MFSA 2013-21->28
- provides a builtin pdf viewer (pdf.js)
- remove patch-toolkit_system_gnome_nsGIOService_cpp (#805202), firefox
now properly links with gio instead of dlopening it
- remove patch-toolkit_xre_nsXREDirProvider_cpp and
patch-xpcom_io_nsAppFileLocationProvider_cpp, merged upstream (#803955)
https://www.djangoproject.com/weblog/2013/feb/19/security/
- Host header poisoning: an attacker could cause Django to generate
and display URLs that link to arbitrary domains.
- Formset denial-of-service: an attacker can abuse Django's tracking
of the number of forms in a formset to cause a denial-of-service attack.
- XML attacks: Django's serialization framework was vulnerable to
attacks via XML entity expansion and external references.
- Data leakage via admin history log: Django's admin interface could
expose supposedly-hidden information via its history log.
'JavaScript related stability issues' for a well known social
network site (bug #831626).
While here remove patch for #830303, commited upstream in
mozilla-release just after 18.0.1.
gconf_ping() will try to shutdown gconfd, but since installing pkg is
done as root, there is not gconfd nor dbus that can be started when
DISPLAY isn't set and an annoying warning is issued.
discussed with espie@
phpVirtualBox is an open source, AJAX implementation of the VirtualBox
user interface written in PHP. As a modern web interface, it allows you
to access and control remote VirtualBox instances.
<...>
ok jasper@ sthen@
- server-side request forgery vulnerability and remote port scanning
using pingbacks
(http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html)
- cross-site scripting via shortcodes and post content
- cross-site scripting vulnerability in the external library Plupload
ok merdely@
mod_jk is a DSO module for Apache2. It connects Apache to Tomcat.
mod_jk can be configured to off-load SSL processing to Apache, serve
static content for webapps and load balance multiple Tomcat servers.
ok kurt@
tweaks & ok sthen@
Fix handling of If-Modified-Since if If-None-Match is present (don't
return 412 for date parsing errors); follow current draft for HTTP/1.1,
which tells us to ignore If-Modified-Since if we have matching etags.
ok sthen@
#ifdef'd headers to be used and dpb was junking it thus breaking the build;
fix by improving detection for backtrace_symbol_fd / libexecinfo and
explicitly using it.
Changes since 2.3.3:
Version 2.3.5
- Fix an issue when creating the redirector report. Sarg was not
creating the unsorted file as expected. That regression was
introduced in sarg 2.3.4.
Version 2.3.4
- Fix an error occuring when serveral user's ID contain at least
two consecutive non alphanumeric characters. In that case, the
mangled file name is not unique. Thanks to Fabiola and Pecha for
reporting this bug.
- Remove a warning about the redirector file that can't be deleted
when it is not created.
ok ajacoutot@
- add an rc script
- fix incompatibility with pcre 8.3+, patch from Debian
- distfiles are now on sourceforge
- drop maintainer; no response to emails
ok abieber@
* Save gid option with --save-session option
* Added --gid option
* Use 64 bits random bytes as GID
* Fixed BitfieldMan::getOffsetCompletedLength overflow on 32-bit systems
* Changed console readout, making it more compact
* Compact readout when more than 1 simultaneous downloads are going on
* Console color output
* Logger: Simplified console output and change level format in log
Ok benoit@
out of date and subject to serious security vulnerabilities, updating
it causes a lot of ports churn for little benefit, and nobody has
offered to maintain it.
OK ajacoutot@, jcs@, jasper@
- see http://www.seamonkey-project.org/releases/seamonkey2.15/
- fixes MFSA 2013-01 -> 20
- build with clang on i386/amd64 and with gcc 4.6 on powerpc. Required
since upstream dropped support for gcc < 4.4.
- don't build against systemwide jpeg anymore since it now needs its
internal libjpeg-turbo.
- add a stub method to sydney_audio_sndio.c in post-patch.
- add patch-mozilla_toolkit_mozapps_installer_packager_mk to fix a tar
vs $(TAR) usage (bug #815793)
- remove patch-ipc_chromium_src_base_atomicops_h, not needed anymore
- remove enigmail genxpi patch, and to a SUBST_VARS dance with an
XPCOM_ABI variable for the consistent naming of the new internal
libsuprocess ipc lib.
- add an enigmail patch to link with -shared
- see http://www.mozilla.org/en-US/firefox/18.0/releasenotes/
- fixes MFSA 2013-14 -> 20
- build with clang on i386/amd64 and with gcc 4.6 on powerpc. Required
since upstream dropped support for gcc < 4.4.
- don't build against systemwide jpeg anymore since it now needs its
internal libjpeg-turbo.
- add a stub method to sydney_audio_sndio.c in post-patch. Cant add it
to the file in cvs directly otherwise it breaks other mozillas
- remove patch-ipc_chromium_src_base_atomicops_h, not needed anymore
ok sthen@
Changes since 2.6
* Fixed a bug that horizontal line <hr> was not displayed when
terminal was set to utf-8
* Fixed bad palette in framebuffer on TGA on Alpha
* Fixed a bug that \001 was displayed instead of a non-breaking space
when converting to ascii
* Support IPv6
Support multiple addresses (try to connect to all of them)
* Fix memory leak in ftp
* Fixed incorrect display when aspect ratio was changed
while multiple windows were open
* Fixed a bug that blocked URLs didn't work if proxy was used
* Support extended coordinates in xterm mouse reporting,
avoid previous limit 222 on maximum possible coordinate
* Use enter to scale image
* PMshell driver was hacked to support also Win32 api
* HTTPS proxy
ok ajacoutot@
in www/squid as of 2012/11/26 plus a REVISION bump. The newer version works
well in most cases, but is less portable and seems to have problems with
certain configurations. ok ajacoutot.
New features/improvements:
- Update translations.
- Update browsers list.
- Add example of nginx setup.
- Add some patches from debian package.
- Rename domain name into documentation to awstats.org
- Can allow urls with awredir without using md5 key parameter.
- Usage of databasebreak option possible with awstats_buildstaticpages.
- Add rel=nofollow on links.
- Add option AddLinkToExternalCGIWrapper to add link to a wrapper script
into each title of Dolibarr reports. This can be used to add a wrapper
to download data into a CSV file for example.
Fixes:
- Security fix into awredir.pl
- Fix: Case of uk in googlechart api.
- Fix: Compatibility with recent perl version.
ok ajacoutot@ kirby@
to libusb1 but missed that the LIB_DEPENDS also needed to change; as a result
libusb-compat was stripped from the package dependency list (because libusb
was no longer used) but this broke the dependency chain to libusb1 so packaging
failed. pointed out by landry@
Capybara helps you test Rails and Rack applications by simulating how a
real user would interact with your app. It is agnostic about the driver
running your tests and comes with Rack::Test and Selenium support built
in. WebKit is supported through an external gem.
OK sthen@
no_ldap' block
- squid optionally uses atomic ops if available, however in the code
it requires 4 byte operations, whereas configure only tests for int.
change configure test which may give hppa a chance to build; breakage
reported by landry
