(thanks to peter and sumikawa for help).
Mark forbidden due to another security bug (scanning a firewalled
or non-routable network from a hostile Web site with Javascript).
* Use CVS-Id as $PORTVERSION
* eldav.el (toplevel): require poem if non-mule XEmacs.
(eldav-insert-file-contents): Don't use coding-system-for-read
if it is not bound.
* eldav.el (fboundp): Don't use default-coding-system if it is not bound.
(eldav-write-region): Likewise for buffer-file-coding-system.
PR: 44038
Submitted by: Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
Do not share a profile between Netscape and Mozilla builds. Doing
this can lead to unpredictable results, some of which may include
loss of Search settings and preferences and unchecked growth of
the Bookmarks file (large enough to freeze your system). It is
best to create a new profile for each or manually copy (and change
the name [of]) an existing profile.
Warn users about this.
ports/japanese and ports/www. In their place, I add corresponding netscape7
ports, after repo copies. Now ports/www/netscape7 will no longer be a slave
port. Instead it is the master port for the others.
The French, German, and Japanese ports now have AIM, because I had trouble
getting them to work without it.
I add a security warning to all these ports, about the "forward referrer" bug
(Mozilla bug 145579).
Notable features:
* I'm building _all_ of the error page languages now
* I'm building a handful of the helper modules (the ones that don't
require ldap or samba to be installed)
* underscores in hostnames are enabled - every few weeks we squid people
get emails asking why someone can't get to some_user.geocities.com .
Bad geocities. :)
so to disable Chatzilla, list all the other default extensions.
The spell-checker is used by both the HTML editor and mail/news.
I haven't yet added a knob to disable the HTML editor, so the
spell-checker is always enabled too.
Submitted by: Ben Bucksch
Aaron Voisine submitted a port of this, but I like my version better
because it has a script to scavenge plugins, and because it saves
space by generating its packing list. I've given the maintainership
to Mr. Voisine.
PR: 43936 and 43937
News & Status page:
A security vulnerability has been confirmed to exist in
Apache Tomcat 4.0.x releases (including Tomcat 4.0.5),
which allows to use a specially crafted URL to return the
unprocessed source of a JSP page, or, under special
circumstances, a static resource which would otherwise have been
protected by security constraint, without the need for being
properly authenticated. This is based on a variant of the
exploit that was disclosed on
09/24/2002.
See:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.6/RELEASE-NOTES
The fix consists of 2 lines at the beginning of the program:
setuid(geteuid());
setgid(getegid());
Bumped PORTREVISION of Orion, Tomcat and JBoss ports.
PR: 40470, 43679
Submitted by: Ari Suutari <ari.suutari@syncrontech.com>
Reviewed by: audit
Approved by: Silence on -audit (since Sept 13, 2002)
