which is required to update www/p5-Plack-Middleware-ConsoleLogger.
There are a lot of XSS, a security hole typically found in web
applications, caused by incorrect (or lack of) JavaScript
escaping. This module is aimed to provide a secure JavaScript escaping
to avoid XSS with JavaScript values.
as executables rather than loadable modules
This might cause that the pkg doesn't build on as many platforms as
it did before, but it has a chance to work now.
bump PKGREV
DragonFly and FreeBSD don't build libdes with Kerberos IV. Likely the
modification of removing -ldes and adding -lcrypt could have been done
entirely with changing LDFLAGS, but conservately sed subsitition was used
in order to avoid changing library linking order and possibly breaking
other platforms.
DragonFly and FreeBSD don't build libdes with Kerberos IV, and at least
DragonFly doesn't have heriod support. Sed substition within the Makefile
was required due to requirements conflicts between platforms.
The majority of these patches were inspired from FreeBSD's ports. FreeBSD,
along with at least Debian, have removed Kerberos4 due to secuity concerns.
From: http://web.mit.edu/kerberos/krb4-end-of-life.html :
"Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit
attacks which require far less effort than an exhaustive search of the DES
key space. These flaws make Kerberos 4 cross-realm authentication an
unacceptable security risk and raise serious questions about the security of
the entire Kerberos 4 protocol.
The known insecurity of DES, combined with the recently discovered protocol
flaws, make it extremely inadvisable to rely on the security of version 4 of
the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove
support for Kerberos version 4 from the MIT implementation of Kerberos."
This end-of-life announcement is dated 19 October 2006. I think it's a
good question to ask why this package and the packages that depend on it
are still in pkgsrc.
2010-05-18: playgmd/gmdldmf.c: Remove a nested function
2011-03-19: compat/stuff.*: strupr is actually implemented on some systems
2011-03-19: configure.ac */*: -lm is not required on all platforms
2011-03-19: * */*: AC_STRUCT_DIRENT_D_TYPE; not all platforms has dirent.d_type
2011-03-19: config.guess, config.sub, install-sh: update to more recent versions (used the ones present in automake-1.11 in ubuntu 10.10)
2011-03-19: configure.ac Makefile.in: Only link to pthread if on OS-X / CoreAudio
2011-03-19: Support getcwd() for retrieving current working directory
2011-03-20: Added support for SDL audio
2011-03-20: cpiface/cpilinks.c: crash-bug when resizing window while link viewer was active
2011-03-20: devpcoreaudio devpsdl: gettimer() didn't work as expected (needed by cpitrack.c)
2011-06-01: play*/*: Some of the players didn't have volatile on the "timer" lock
2011-06-08: playwav/wavplay.c: Race condition that caused some audio artifacts (some parts could be replayed randomly)
2011-06-19: playmp2/charset.c: Detection of glibc bug 4936 alrways returned true (thanks to Jindrich Makovicka)
2011-07-11: devw/dwmixfa*: 8087 fpu version is now able to compile in PIC mode without use of text-rels.
2011-07-13: devw/dwmixfa: Added support for proper C verion of the FPU mixer (Thanks to Jindřich Makovička)
2011-07-13: devw/dwmixfa: 8087_asm_emu code made some annoying clicking sounds
2011-09-05: configure.ac: AC_LINK_IFELSE for ADPLUG could fail if "ld --as-needed" was used
2011-09-18: devp/devpalsa: newer versions of libalsa does not need plughw syntax, and in some cases works better without
2011-09-18: configure.ac: removed a warning visible when using autoconf >= 2.68
2011-09-30: devp/devpcoreaudio.c: Didn't compile
2011-10-21: playgmd/gmdl*.c: Removed a nested function (GCC on OS-X dislikes them)
2011-11-03: playgmi/gmitimitidy.c: Updated against ubuntu 11.10 configfile structure, closing ticket #3
2011-11-03: dev/mixclip.c: wav and sid files would crash on non-x86 platforms (optimization for assembler mixer in lookup-tables were fixed for 32bit pointers)
2011-11-04: playwav/wavpplay.c: pause on wave files caused crash. Also did some minor cleanups in pause-handling in other file-plugins aswell
2011-11-05: boot/psetting.c: ocp.ini upgrade code could crash due memmove moved too much memory
2011-11-06: VERSION 0.1.21
Release 8.20 21-Oct-2011
------------------------
The main change in this release is the inclusion of Zoltan Herczeg's
just-in-time compiler support, which can be accessed by building PCRE with
--enable-jit. Large performance benefits can be had in many situations. 8.20
also fixes an unfortunate bug that was introduced in 8.13 as well as tidying up
a number of infelicities and differences from Perl.
signing-party (1.1.4-1) unstable; urgency=low
.
[ Thijs Kinkhorst ]
* caff:
+ Correct path of ~/.caffrc in informational messages (Closes: #582603).
+ Be more verbose on unexpected key ID (Closes: #645792).
* gpg-key2ps:
+ Apply patch from Uwe Kleine-König to deal with latin1 characters
(Closes: #596377).
.
[ Franck Joncourt ]
* gpg-mailkeys:
+ Correct path of ~/.gpg-mailkeysrc and ~/.signature in manpage.
+ Add new environment variable SENDMAIL_ARGS to allow user to pass
arguments to sendmail (closes: #599409).
* caff:
+ Refactor import of own key and import for keys to sign from keyrings.
+ Also automatically import keys to sign from the user's normal gpg
keyrings.
+ Use --no-auto-check-trustdb when importing keys from files or
the user's normal gpg keyrings (closes: #539643).
.
[ Peter Palfrader ]
* caff:
+ manpage: Refer to all of /usr/share/doc/signing-party/caff/ and not
just to /usr/share/doc/signing-party/caff/caffrc.sample
(closes: #568052).
+ Fix horrible &function calls used because of broken prototypes.
+ Even if all keys to sign were found in the user's normal gpg
keyrings we still need to import them (again) from any keyrings
passed with --key-files - the keys there might be newer, containing
new subkeys (for encryption), uids (for signing) or revocations.
+ Make importing of keys to be signed from the normal gpg optional
(--keys-from-gnupg).
+ refactor copying of command line options into global config variable.
+ Create the mail files in ~/.caff/keys even if mail is not sent
(closes: #590666).
Gaupol 0.19.2
=============
* Allow preview of unsaved documents (#661242)
* Use subtitles from selected range if applicable in the Transform
Positions dialog (#663158)
* Fix mplayer preview command to work if gaupol was started as a
background process (with &) from a terminal window (#660035)
* Fix TypeError when speech recognition stopped in the middle of a
subtitle
* Fix IndexError when speech recognition finished with no speech
detected (#659411)
* Fix UnicodeDecodeError when reading configuration file (#661123)
* Rename manifest directory in source tarball to avoid clashes with
MANIFEST file on case-insensitive filesystems
PAM helper program. OpenPAM didn't check this, so it could be
tricked into reading arbitrary config files, allowing privilege
escalation.
Standard squid installations don't install the PAM helper SUID, but
depending on local needs, an administrator might choose to do so.
approved by pkg maintainer
bump PKGREV
=== RELEASE 2.4 ===
Sat Nov 19 01:21:25 MET 2011 mikulas:
Do not translate '\' to '/' in HTTP requests
Sat Nov 19 01:19:12 MET 2011 mikulas:
Do not test for existing strings when loading links history file
=> avoid quadratic-complexity on startup
Sat Nov 19 01:18:59 MET 2011 mikulas:
Fixed a possible memory leak on Windows
Wed Nov 16 17:59:49 MET 2011 mikulas:
Fixed a crash on systems that don't have strerror
Fri Nov 11 23:22:25 CEST 2011 mikulas:
Fixed a crash in Windows console code
Wed Oct 12 22:08:39 MET 2011 mikulas:
Fixed a possible crash if the user changes socks dns append string
while socks connection is in progress
Sun Sep 25 18:40:57 MET 2011 mikulas:
Do not send '#' in the url when downloading
Sun Sep 18 16:57:38 CEST 2011 mikulas:
Fixed crashes with libpng-1.5
Fri Sep 16 20:16:01 CEST 2011 mikulas:
Fixed bugs in the directfb driver
Fri Sep 16 18:40:41 CEST 2011 mikulas:
Workaround for icc optimization bug on framebuffer
Don't clear the whole framebuffer, clear just an used area
(fixes problems with Nvidia framebuffer)
Tue Sep 13 23:13:52 CEST 2011 mikulas:
Make it compile with OpenWatcom for Linux
Note: because of unimplemented "gethostbyname" function,
it requires installed "host" command to do name lookups
Tue Sep 13 03:53:06 cet 2011 mikulas:
Try to free internal caches when out of memory happens
Mon Sep 12 19:57:13 CEST 2011 mikulas:
Fixed a crash when cache is flushed while auth dialog is displayed
Sun Sep 11 02:02:09 MET 2011 mikulas:
Reduced memory consumption
Don't reformat plain text if window size changes
Releasing 0.9.17. -CG
Fixing return value of MHD_get_timeout if timeouts are not in use.
(#1914). -rboulton
Trying to fix accidental addition of a "Connection: close" footer
under certain (rare) circumstances. -CG
Small updates to the tutorial.
Releasing 0.9.16. -CG
shutdown(RDWR) fails on OS X after shutdown(RD), so only use
shutdown(WR) if we already closed the socket for reading (otherwise
OS X might not do shutdown (WR) at all). -CG
Force adding of 'Connection: close' to the header if we (for whatever
reason) are shutting down the socket for reading (see also
#1760). -CG
Treat EAGAIN the same way as EINTR (helps on W32). -LRN
Made sockets blocking again for non-Linux platforms as non-blocking
sockets cause problems (#1824) on Cygwin but offer better performance
on Linux (see change on August 11 2011). -CG/pross
Fixed problems with testcases on W32. -LRN
Fixed MHD_CONNECTION_OPTION_TIMEOUT for HTTPS (#1811). -CG
Changes from previous:
2.4 July 20th, 2011
No functional changes.
Fixed Perl 5.12 compatibility, thanks to Nicholas Bamber. (RT#67894)
Also, some other code-cleanup.
Changes from previous:
0.25 2011-08-17
- Add timeit() function to time individual behaviours.
0.24 2011-06-18
- Update dependencies to pick up multiple bug fixes, new behaviours,
in various Test:: libraries.
