Skip an interpreter check for a python script (as the
REPLACE_PERL is ignored because no python dependency yet).
(Add a TODO for later: add an option for reStructuredText
support to depend on python-docutils.)
Bump PKGREVISION.
Noticed in bulk builds. Fixed this during freeze so it will be
built by some bulk builders and available with the upcoming quarterly
branch packages. This is a leaf package.
Changes in v9.25:
Security
* Fixed an issue where plug-ins could be used to allow cross domain
scripting, as reported by David Bloom. Details will be disclosed
at a later date.
* Fixed an issue with TLS certificates that could be used to execute
arbitrary code, as reported by Alexander Klink (Cynops GmbH).
Details will be disclosed at a later date.
* Rich text editing can no longer be used to allow cross domain
scripting, as reported by David Bloom. See our advisory.
* Prevented bitmaps from revealing random data from memory, as
reported by Gynvael Coldwind. Details will be disclosed at a
later date.
Miscellaneous
* Fixed a problem where malformed BMP files could cause Opera to
temporarily freeze.
For pkgsrc use, put back opera-distinfo target (to easily re-generate
checksums for supported platforms)
Done during 2007Q4 freeze because the old distfile is no longer available.
New audio/video options
* H.264/HE-AAC codec support
Improved Performance
* Multi-core support
* Multi-threaded video decoding
* Image scaling
* Flash Player cache
* Flash Media Server buffering
Universal Reach
* Full screen mode for Linux
* Accessibility support for the plugin
* Mac Os X Leopard support
Fixed in this version:
* On Linux, modal dialogs displayed by Flash Player stay in front of browser windows but do not prevent interaction with the browser as they should. (191331)
* On certain SUSE 9.2 installations using the standalone player only, trying to Open a browser from the standalone player with SeaMonkey open will cause the player to hang. (193383)
* On Linux, networking operations in the standalone player are currently slow. (193158)
* On Linux, when the mouse is hovering over Flash content, keyboard input is not sent to the browser. (194265)
* Full-screen mode is not supported in the Opera Browser on Macintosh systems. (189140)
* Full-screen mode is now supported on Linux.
* The plugin version of Flash Player does not fire flash.events.Event.RENDER when wmode is set as transparent. (198515)
* Full-screen can be used when wmode is set (202290)
* Passing large amounts of XML through External Interface is significantly faster (206828)
* ExternalInterface now works with HTML objects that contain dots within the object name (199614)
There are three types Mozilla mirrors.
(http://www.mozilla.org/mirroring.html)
* mozilla-current
contains only the current version of Firefox and Thunderbird
* mozilla-release
contains Firefox, Thunderbird, and Sunbird releases
* mozilla-all
complete archive
Define following variables for mozilla master sites:
MASTER_SITE_MOZILLA_ALL = mozilla-all
MASTER_SITE_MOZILLA = mozilla-release
and change some packages to use appropriate variable.
Update contents of MASTER_SITE_MOZILLA with master and primary mirrors
taken from http://www.mozilla.org/mirrors.html and add some sample definitions.
- Change the order of including files in Makefile to use REPLACE_PYTHON
properly.
- Remove shebang line from a library file which would never be executed
directly.
pkgsrc changes:
- Honor squidGuard's name.
- Use PKGINSTALL frame work.
- More integration to squid; common configuration and logging directories.
Now depends on squid package.
- Switch to use db4; it might be selectable by option.
- Install some examples of configuration.
Todo:
- LDAP support option.
- Installing documents.
- DESTDIR support.
Release 1.3
2007-09-19 Included configurable logging. New configure option --nolog
suppress all runtime logmessages. Start and stop is still logged.
Default behaviour is now to log the non debug messages except
when the runtime option -d is supplied to squidGuard. May need
some more finetuning in later versions. (bug 11)
Made some slight changes to the outdated FAQ file.
2007-09-13 Modified auth code to work with and without ldap (choosing
subroutine rfc1738_unescape or sgFindUser in sg.y.in)
2007-08-20 Corrected include statement in sg.h.in.
2007-07-16 Added patch by Marc Clayton to include a progressbar to the
build of the database files (bug 6).
2007-07-01 Added patch by Eric Harrison to enable full sed compliance
to rewrite statements (bug 7).
2007-06-02 Corrected missing evaluation of configure parameters for
logdir, dbhome and config file (bug 11).
2007-05-25 Added patch from satish to block urls entries that include
hostnames (bug 4).
2007-05-20 Fixed broken regex evaluation (bug 12)
Fixed a compile problem on some systems (bug 10).
2007-05-10 Corrected an issue with the fix for the double
slash vulnerability (incorrectly found double
slashes) (bug 1).
Release 1.2.1
2007-04-10 Fixed multiple slash bypass vulnerabilty.
2007-03-17 Fixed some bugs in squidGuard-simple.cgi and added a
German version of it.
2007-03-16 Fixed encoding bypass vulnerabilty.
2007-03-16 Updated y.tab.c.bison and y.tab.h.bison to the recent
version.
2007-02-02 Fixed bug in user authentication.
2007-01-20 Fixed some typos which broke compilation on Sun Solaris
when using the Sun CC compiler.
2007-01-12 Corrected unproper evaluated if-clause, which broke the
BerkeleyDB 2 compatibility.
Fixed minor typo in samples/Makefile.in.
2006-12-29 Replaced the sleepycat links from the configure program with
the oracle links.
Corrected typo in Makefile.in.
2006-12-16 Removed a stupid bug from the Makefile in the docs directory.
2006-12-10 Removed references to squidguard.org in Makefile.in in the
Doc directory (squidguard.org is down).
Added ISSUES.txt file about known problem with the current
code (any information that is missing and should go in there
is gladly welcomed).
2006-06-17 Release now supports LDAP queries for authentication:
Added Chris Frey's ldap patches and fixes (03, 05, 06,
07 and 10; Patches from:
http://www.netdirect.ca/software/category.php?cat=SquidGuard).
The LDAP feature can be included during the configure run
by setting --with-ldap. Per default ldap support will not
be compiled in.
Added a fix provided by Francesco Ranieri to solve an issue
with the (un)escaping of the authentication "domain%5cusername".
Patch Release 1.2.0p3
2005-12-09 Modfied configure Skript to allow to specify the name of
the useraccount the squid cache is using.
Modified Makefile.in that during the installation the
necessary squidGuard directories are created if they are
not existing. Additionally a default configuration file
will be copied to the default location for squidGuard unless
an old one is found there.
Patch Release 1.2.0p2
2005-10-13 Added Adam Gorski's bugfix to correct a a null pointer access
bug in logging.
Added Chris Freys bugfix a bug where it won't search the url
db if the domain db is empty.
Added Chris Frey's buffer overflow checks (except for commenting
out the part from line 446 to 470 in sgDb.c).
(Patches from:
http://www.netdirect.ca/software/category.php?cat=SquidGuard)
Patch Release 1.2.0p1
2005-10-11 Added support for Berkeley DB 4.x
- Move some common parameter to Makefile.common; squid's user, group and
data directory.
- Add LOGDIR to Makefile.common.
These changes have no functional change but make it possible for
squidGuard package to share parameters.
MailHost is Zope-integrated feature to send mail from Web applications,
but can not send Japanese mail correctly.
This "jaMailHost" product will solve this problem.
This package is based on new zope's framework.
Plone is a ready-to-run content management system that is built on the
powerful and free Zope application server. Plone is easy to set up,
extremely flexible, and provides you with a system for managing web
content that is ideal for project groups, communities, web sites,
extranets and intranets.
Plone 3 runs on Zope 2.10.x and has many improved features from Plone 2.5.
1. Inline editing
2. Working Copy support
3. Link and reference integrity checking
4. Automatic locking and unlocking
5. Easy collaboration and sharing
6. Versioning, history and reverting content
7. Upgraded visual HTML editor
8. Powerful workflow capabilities
9. Flexible authentication back-end
10. Full-text indexing of Word and PDF documents
11. Collections
12. Presentation mode for content
13. Support for the search engine Sitemap protocol
14. Support for multiple mark-up formats
15. Wiki support
16. Automatic previous/next navigation
17. Rules engine for content
18. Auto-generated tables of contents
19. Portlets engine
20. Professional support, development, hosting & training
This package based on new zope's framework and finally replace
zope25-CMFPlone pacakge.
Plone is a ready-to-run content management system that is built on the
powerful and free Zope application server. Plone is easy to set up,
extremely flexible, and provides you with a system for managing web
content that is ideal for project groups, communities, web sites,
extranets and intranets.
Plone 2.5.5 runs on Zope 2.9.x.
Zope is an exciting new object-based, open source web application
platform. It allows you to build powerful and dynamic web applications
easily. Zope comes with source code and is friendly to developers as
well as users.
Zope 2.10.x is needed to run Plone 3.
Zope 2.9.8 (2007/07/05)
Bugs fixed
- updated to ZODB 3.6.3
- updated to Zope 3.2.3 codebase
- Collector #1306: Missing acquisition context on local roles screen.
- The REQUEST no longer accepts holds after it has been closed.
- Collector #2153: Supporting unquoted cookies with spaces.
- Collector #2295: Comments in PythonScripts could lead to syntax
errors
- Collector #2307: ObjectCopiedEvent not dispatched to sublocations.
- Fixed ZClass test breakage due to non-pickleability of
'zope.interface.Implements'
N.B.: updated 'zope.interface' package to Zope 3.2 branch;
should be pinned to a tag or a release before releasing
2.9.8).
- Collector #2260: fixed a bug in Examples.zexp
- Collector #2321: Skip trusted proxies when extracting the client IP
address from the request.
- Collector #2318: Allow override of zopectl's control socket in
zope.conf
- Collector #2316: correctly unpack DateTimeIndex dates when browsing the
index.
- Collector #1866: a 304 HTTP status should not have a content length.
- Collector #2300: delimit *all* HTTP Response headers with CRLF.
Zope 2.9.7 (2007/03/25)
Bugs fixed
- Protected various security mutators with a new postonly decorator.
The decorator limits method publishing to POST requests only, and
is a backport from Zope 2.11's requestmethod decorator factory.
- Collector #2298: webdav.Resource.COPY and webdav.Resource.MOVE did
not send the expected copy/move events.
- Collector #2296: Fixed import of ZClass products, broken by removal
of BBB support for pasting objects whose meta_type info was
permission-free.
- Collector #2294: Protected DOS-able ControlPanel methods with the
same 'requestmethod' wrapper.
- Collector #2294: Protected various security mutators with a new
'postonly' decorator. The decorator limits method publishing to
POST requests only, and is a backport from Zope 2.11's requestmethod
decorator factory.
- Collector #2288: @ and + should not be quoted when forming
request URLs in BaseRequest and HTTPRequest
- Undeprectated 'zLOG' package, which is going to remain a
backward-compatibility shim for the Python logger.
- Collector #2263: 'field2ulines' did not convert empty string
correctly.
- Reverted backward-incompatible fix for Collector #2191.
- added Python 2.4.4 as optimal Python version to 'configure'
Zope 2.9.6 (2006-11-22)
Bugs fixed
- Collector #2191: extended DateTime parser for better support
to the ISO8601 specification.
- Reworking of _cached_result in Shared.DC.ZRDB.DA.DA:
- fixed KeyError reported in Collector #2212
- fixed two memory leaks that occurred under high load
- fixed broken cache keys for people using the obscure
Shared.DC.ZRDB.DA.DA.connection_hook
- fixed incorrect cache ordering resulting in newer results
being dumped when the cache became too large.
- Collector #2237: 'make' doesn't tell you to run 'make inplace'
before running 'make instance'.
- Collector #2235: A number of ZCatalog methods were doing boolean
evaluation of objects that implemented __len__ instead of checking
them against None. Replaced a number of "if not obj" with
"if obj is None".
- Collector #2218: fixed wrong logger argument in OFS/Cache.py
- Collector #2205: fixed wrong logger argument in ZRDB/Connection.py
- Collector #2208: rewriting/setting the 'charset' part of the
content-type HTTP header will be done only for 'text/*'
- Collector #2206: Set PYTHONPATH to include existing PYTHONPATH
in skel/bin/zopectl.in and skel/bin/runzope.in
Zope 2.9.5 (2006/10/03)
Bugs fixed
- Call setDefaultSkin on new requests created as the result of
ConflictError retries.
- Collector #2189: Fix logging of errors during product refresh.
- Collector #2185: Log username for FCGI requests.
- Collector #2152: Fixed MailHost documentation; simple_send does not
process or validate its arguments in any way.
- Collector #2175: ZTUtils.make_hidden_input did not escape double-quotes.
- Collector #1907: Moved 'alt' property from File to Image.
- Collector #1983: Specifying session-resolution-seconds >= 1200 caused
Zope startup to fail.
- Collector #2169: webdav.Resource.COPY did not send ObjectClonedEvent.
- Updated Five to bugfix release 1.3.7.
- Collector #2157: Expose name of broken class in SystemError raised
from '__getstate__' of a broken instance.
- Usage of 'urljoin' in 'webdav.davcmds' could lead to wrongly
constructed urls.
- Collector #2155: Fix wrong parameter being passed to
logger's error() method, with tests.
- Collector #2178: Fix ZopeTestCase doctest support for layers
- included Zope 3.2.2
Fix bug whereby mod_wsgi daemon process could hang when a request with
content greater than UNIX socket buffer size, was directed at a WSGI
application resource handler which in turn returned a response, greater
than UNIX socket buffer size, without first consuming the request content.
- Drop POST from the allowed list; this mistake has been here since 2003,
but it doesn't really matter as POST on a Subversion repository is an
invalid operation anyway.
Changes:
* Fix :cookie_only to correctly avoid session fixation attacks (CVE-2007-6077)
* Fix regression where the association would not construct new finder
SQL on sav e causing bogus queries for "WHERE owner_id = NULL" even
after owner was saved.
- new maintainer
- PKG_DESTDIR_SUPPORT
- ok by joerg
Changelog:
1.29 21 Aug 2007 - Documentation fix to performance hints section.
No functional changes.
1.28 18 Aug 2007 - Improved mod_perl2 handling (patch courtesy of Jeremy Nixon).
Added a ':no_subprocess_env' flag to suppress populating
the %ENV environment hash. Added a 'subprocess_env'
static class method to allow smooth co-existance of
ModPerl2 scripts that use ':no_subprocess_env' with ModPerl2
scripts that do not on the same server.
1.27 25 May 2007 - Added example of a command line 'wrapper' script and
of using environment variables as an alternate way
to test scripts via the command line. Added example
for use with FastCGI. Changed behavior for unsupported
HTTP methods. The module used to 'croak' for unsupported
methods, it now 'carp's instead and treats as a 'GET'
(behavior change at suggestion of Roman Mashirov to support
FastCGI better).
1.26 06 Apr 2007 - Added decoding of Javascript/EMCAScript style unicode
escaped (%uxxxx form) parameter data (both to the main
'param' method and to the 'url_decode'/'url_encode' methods)
at the suggestion of Michael Kröll (the core code for
this additional functionality is derived from CGI.pm).
Fixed META.yml problems introduced with 1.25.
Changed POD/POD Coverage tests to only execute if specifically requested
Added examples directory and scripts
1.25 20 Apr 2006 - Added 'allow_hybrid_post_get' class method. Tweaked file permissions.
Added regression tests for hybrid forms.
1.24 23 Sep 2005 - Added 'Carp' to install requirements. Extended build tests.
Fixed multi-part form decoding bug in handling of degenerate MIME
boundaries. Added fatal errors for mis-calling of param_mime
and param_filename methods.
1.23 18.Sep 2005 - Made Test::More optional in build tests. No functional changes.
1.22 13.Sep 2005 - Changed POD tests to be more friendly to CPANTS.
1.21 11.Sep 2005 - Fixed pod coverage test for compatibility with Perl 5.005.
1.20 11.Sep 2005 - Fixed issue causing mod_perl to issue
'Use of uninitialized value.' warnings.
Extended build tests.
1.19 10.Sep 2005 - Fixed POD Coverage test error.
1.18 08.Sep 2005 - Adjusted prerequiste modules lists. Tweaked code for 'strict'.
Extended regression tests to cover more of the code.
1.17 04 Sep 2005 - More tweaks to regression tests to work around MS-Windows
problems with binary file handles under Perl 5.6.1.
Added 'Build.PL' support back in. Added POD tests.
Minor documentation tweaks.
- new maintainer
- PKG_DESTDIR_SUPPORT
- ok by joerg
Changelog:
4.06 Wed Apr 12, 2006
(No code changes)
- Updated tests to work with status codes emitted before and after CGI.pm 3.16.
The requirement for CGI.pm 3.16 or newer has been relaxed, so any version
of CGI.pm will do. (Rhesa)
4.05 Wed Mar 1, 2006
(No code changes)
- Updated tests for redirects to check for 'Found', not 'Moved'.
This correctly matches the standard, and was changed in CGI.pm 3.16.
As a result, we now require CGI.pm 3.16 for consistent results.
