MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption
Net::SFTP::Foreign is a Perl client for the SFTP protocol version 3 as
defined in the SSH File Transfer Protocol IETF draft.
It uses any compatible ssh command installed on the system (for
instance, OpenSSH ssh) to establish the secure connection to the remote
server.
It is a lightweight alternative to p5-Net-SFTP.
WWW::IndexParser is a module that uses LWP to fetch a URL from a web
server. It then attempts to parse this page as if it were an auto
generated index page. It returns an array of WWW::IndexParser::Entry
objects, one per entry in the directory index that it has found. Each
Entry has a set of methods: filename(), time(), size(), and others if
supported by the autoindex generated: type() and size_units().
i386 and amd64 supported.
Chromium is an open-source browser project that aims
to build a safer, faster, and more stable way for all
Internet users to experience the web. http://www.chromium.org/
This is version 4.0.251.0 with a tarball already including hundreds
of patches by myself, Sprewell, Ben Laurie and others from the original
FreeBSD effort. See homepage for more details and known issue:
http://sightly.net/peter/openbsd/chromium/
(right now, there are i386 & amd64 -current packages there that can
be pkg_add'ed, links to the FreeBSD page for more info, etc)
The patches are being cleaned up and sent upstream in chunks, the
goal will be to have a clean tarball eventually. I _just_ got this
working earlier this week so it may crash and burn (especially on
amd64 as some parts do not appear 64-bit clean), let me know.
"commit it and let's work on it in-tree" espie@, robert@ & others
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption
This is a minimal screen scraping interface to the Drupal admin pages.
Its primary purpose (at the moment) is to provide a means to automate
drupal core upgrades.
Most of the methods in this class depend on English strings from the
pages' value fields, because WWW::Mechanize doesn't use id fields as
selectors. Thus, this module will most likely not work for sites with
a backend set to any non-English language.
ok jasper@ and landry@
Markdown is a text-to-HTML conversion tool for web writers. Markdown
allows you to write using an easy-to-read, easy-to-write plain text
format, then convert it to structurally valid XHTML (or HTML).
PHP-Markdown is a port to PHP of the original Markdown program by John
Gruber.
as for security/nss:
SHA1_Update conflicts with openssl which may be dynamically loaded
at runtime via libcups or libgssapi so causing a crash due to using
the wrong binding. So rename here to avoid conflict.
ok jasper@ sthen@
Provides German translation of drupal6.
If you install this module prior to configuring drupal, thanks
to autolocale, the installation itself will be available in German!
ok sthen@ and landry@
Change the content type of your posts while editing them.
This module is extremely simple and *only* changes the node
type in the database column. That is all. It does not convert
any CCK fields or change other things about the node.
Only use it when you know *exactly* what you're doing!
ok espie@ and jasper@ ports-wise
Please note:
Users upgrading from a prior release should review Blogsum/Config.pm.dist
for new settings to merge with their local Blogsum/Config.pm.
pretty fucking awesome merdely@
From http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/:
2.8.6 fixes two security problems that can be exploited by registered,
logged in users who have posting privileges. If you have untrusted
authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by
Benjamin Flesch. The second problem, discovered by Dawid Golunski, is
an issue with sanitizing uploaded file names that can be exploited in
certain Apache configurations. Thanks to Benjamin and Dawid for finding
and reporting these.
This module strips scripting constructs out of HTML, leaving as much
non-scripting markup in place as possible. This allows web applications
to display HTML originating from an untrusted source without
introducing XSS (cross site scripting) vulnerabilities.
Change the content type of your posts while editing them.
This module is extremely simple and *only* changes the node
type in the database column. That is all. It does not convert
any CCK fields or change other things about the node.
Only use it when you know *exactly* what you're doing!
ok espie@ and jasper@ ports-wise
SabreDAV allows you to easily add WebDAV support to a PHP application.
It is meant to cover the entire standard, and attempts to allow integration
using an easy to understand API.
with comments from ajacoutot@
This LDAP integration module allows users to authenticate against a
configurable Lightweight Directory Access Protocol directory. This
is useful for organizations which have an existing organizational
directory with usernames and passwords, and want Drupal to be able
to authenticate against it.
ok'd-portswise by landry@ and sthen@, tested in production by me.
surf is a minimalistic web browser using webkit, in the spirit of
dwm/suckless.org softwares. It supports the Xembedded protocol which
makes it possible to embed it into another application. Furthermore
one can point surf to another URI by setting its XProperties.
Based on a submission from Tobias Ulmer some times ago on ports@, thanks!
WARNING: if you use both, update both. Especially if you use cck
node/user refs from a view, since that's broken with cck 2.5.
packages have an annotation to prevent this (@incompatibility) but it's
not yet implemented... ;-/
Acquia Marina is an advanced fixed-width theme, supporting 1, 2 or
3-column layouts with 15 collapsible block regions. It has an optional
drop-down primary links menu and advanced theme settings to customize
without coding. Icons for core and Views blocks are included.
It is cross-browser tested (in IE6/7, Opera, Safari, and Firefox)
and has a high attention to detail.
A plain textarea editor aiming to facilitate code writing for Drupal.
* Editor interface and functionality are completely
customizable through administration pages.
* It supports role based editor interfaces.
* It's possible to create image or text buttons.
* Buttons can be customized to generate code snippets,
html tags, bbcode tags etc.
This module integrates PHPMailer with Drupal, both as native
drupal_mail() wrapper, and as part of the Mime Mail module,
allowing you to send mail directly by SMTP (optionally with
authentication/encryption). Avoids sending mail with PHP's
mail() function (which needs /bin/sh in the chroot jail).
The TracNav macro implements a fully customizable navigation bar
for the Trac wiki engine.
The contents of the navigation bar is a wiki page itself and can
be edited like any other wiki page through the web interface. The
navigation bar supports hierarchical ordering of topics.
The design of TracNav mimics the design of the TracGuideToc that
was originally supplied with Trac. The drawback of TracGuideToc is
that it is not customizable without editing its source code and
that it does not support hierarchical ordering.
So, moodle needs a database, fine. No need to put flavors around it.
package-specs have ALTERNATIVES, so you can just depend on any of mysql and
postgresql, and you don't need a flavor for that...
things) do not run out of the box without the confelements.
We will merge confelements into the main gstreamer-plugins-good
package so that everything works out of the box.
compile, nor instructions on how to compile it, we can't update to
0.5.8, but at least we can backport gtk-entry code and callers from it.
This is ugly^Whackish^Whorrible, but at least it really works again.
While here, drop MAINTAINERship, i don't want to be responsible for that
pile of crap anymore.
bump major to be on the safe side, add commented-out entries for
gstreamer LIB/RUN_DEPENDS for the day we enable HTML5 video support.
midori/devhelp are happy with it..
Cntlm is an http proxy server, written in pure C, that allows you to
authenticate via the proprietary NTLM protocol, so you can use web
sites and web proxies that require NTLM/NTLMv2 authorization.
It was designed from scratch to be easy to use and easier to maintain,
and works inside or outside of the OpenBSD httpd chroot with no changes.
suggestions from and ok phessler@
for perl. It is not intended as a replacement for the
fully-featured LWP module. Instead, it is intended for use in
situations where it is desirable to install the minimal number of
modules to achieve HTTP support, or where LWP is not a good
candidate due to CPU overhead, such as slower processors.
HTTP::Lite is also significantly faster than LWP.
ok phessler@
including XSS (prefs, MIME viewer) and preventing overwriting of webserver-
accessible files (image form fields, e.g. with Turba). For more information
see http://lists.horde.org/archives/announce/2009/000512.html.
Thanks Vijay Sankar, Michiel van Baak and Daniel Levai for testing/feedback.
database tables, and see any discrepancy between what currently exists
and what is described (great tool for cleaning up after updates or
debugging existing problems).
note: this version of opera has font issue on OpenBSD, there are missing
MathML characters and some fonts, like Farsi(?), cannot be displayed at all.
I looked at it, but have no clue what to do about it.
Security Enhancements and Fixes in PHP 5.2.11:
* Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
* Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
* Added missing sanity checks around exif processing. (Ilia)
* Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
- reallow components to not have a label, use the key field for reference instead.
- "quizz-like" behavior: compare submissions against a default submission (only works for select fields so far)
Provides a simple, quick means of serializing perl memory structures
(including object data!) into a format that PHP can deserialize()
and access, and vice versa.
