MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-01 Crashes with evidence of memory corruption
Also fix some corrupted $OpenBSD keywords, pointed out by sthen@
ok sthen@
breaking cd /usr/ports && SUBDIR=some/path make something for
category makefiles. While there, also put spaces around += uniformously.
okay naddy@, jasper@
and show how to check. This should change sometime, but the
fix is fiddly and for now we should let people know. Committing
now to make sure something is in pre-4.7.
Discussed with pval, this diff ok jasper@ landry@
http://www.vupen.com/english/advisories/2010/0090
(thanks fgsch@ for the link/notice)
Update to cherokee-0.99.39.
Remove debug FLAVOR and use ifdef DEBUG.
Add rrdtool to run_depends.
Byte-compile python modules so that they are registered in the PLIST.
Be careful as cherokee is not started using ${PREFIX}/sbin/cherokee, not
cherokee-guardian anymore.
Fernando Quintero (maintainer) ok
MESSAGE tweak and ok sthen@, ok jasper@
The purpose of the templating engine is to provide web application
developers, who need to separate program code and design (HTML code) of
their web application projects, with a templating tool that can be
easily used by cooperating webdesigners who have no programming skills.
Templating language provided by the engine is inspired by Perl
templating module HTML::Template. Templates created for HTML::Template
can be used with this engine in case they do not violate character case
rules of htmltmpl.
This package includes easydoc, a module which uses the templating engine
to generate HTML documentation from docstrings embedded in source files
of Python modules.
(needed by GNOME Development Monitor which I'm currently working on)
This extension works with MediaWiki instances setup behind HTTP
authentication. It pulls usernames from $_SERVER['PHP_AUTH_USER'].
The extension will then either log the user on to MediaWiki if the
user name exists in the database or create a new user if it does not.
"ok with me" jasper@, "yeah hell import it" landry@
Community-ID is an OpenID implementation in PHP which is OpenID 2.0
compliant. Users can keep track of their trusted sites and manage them.
For Community-ID administrators statistics are available to track
registration of new users, authorized users per day or the number of
trusted sites. Administrators can set the site in maintenance mode or
send emails to all registered users.
StatusNet (formerly Laconica) is a Free and Open Source microblogging
platform. It helps people in a community, company or group to exchange
short (140 character) messages over the Web. Users can choose which
people to "follow" and receive only their friends' or colleagues' status
messages. It provides a similar service to sites like Twitter, Jaiku,
Yammer, and Plurk.
not hooking it up to the builds yet, as it will need some more tweaking
to set up.
"This release contains a couple new features, including additional weekly
overtime policy types and accrual milestone rollover limits, as well as
several bugfixes."
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption
Net::SFTP::Foreign is a Perl client for the SFTP protocol version 3 as
defined in the SSH File Transfer Protocol IETF draft.
It uses any compatible ssh command installed on the system (for
instance, OpenSSH ssh) to establish the secure connection to the remote
server.
It is a lightweight alternative to p5-Net-SFTP.
WWW::IndexParser is a module that uses LWP to fetch a URL from a web
server. It then attempts to parse this page as if it were an auto
generated index page. It returns an array of WWW::IndexParser::Entry
objects, one per entry in the directory index that it has found. Each
Entry has a set of methods: filename(), time(), size(), and others if
supported by the autoindex generated: type() and size_units().
i386 and amd64 supported.
Chromium is an open-source browser project that aims
to build a safer, faster, and more stable way for all
Internet users to experience the web. http://www.chromium.org/
This is version 4.0.251.0 with a tarball already including hundreds
of patches by myself, Sprewell, Ben Laurie and others from the original
FreeBSD effort. See homepage for more details and known issue:
http://sightly.net/peter/openbsd/chromium/
(right now, there are i386 & amd64 -current packages there that can
be pkg_add'ed, links to the FreeBSD page for more info, etc)
The patches are being cleaned up and sent upstream in chunks, the
goal will be to have a clean tarball eventually. I _just_ got this
working earlier this week so it may crash and burn (especially on
amd64 as some parts do not appear 64-bit clean), let me know.
"commit it and let's work on it in-tree" espie@, robert@ & others
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption
