(bsdi) for i386 to revision 1 after adding scripts that apply tiny
binary patches that stop them from closing fd 0 before running
"netstat -in".
I finally got tired of the warnings from my kernel, so I made the
binaries stop doing it.
changes:
* ZPsycopgDA now support unicode strings and different backend
encodings.
* ZPsycopgDA accept query data as an extra parameter to execute()
(but still no way to give it extra data from inside a ZSQL
This is the code written to accompany Thomas Boutell's book "CGI
Programming in C & Perl". It provides a library of routines for use
in CGI programming, and unlike cgilib-0.5, this library handles the
"multipart/form-data" encoding required to use the FILE input control
type as defined in the HTML specification.
NOTE: It should be aware that there were a few developer visible changes
made from Thomas Boutell's original distribution when integrating it
with the NetBSD packages environment. They are:
1) Instead of being yet another source file which is used in building
the application, the package have been converted totally into a
library format. This library is linked using "-lcgic".
2) As a result of the first item, the developer no longer writes their
entry point under the function name of cgiMain(). Instead, the
user will provide their own main(), and will need to call cgiInit()
before any other cgic function is called.
changes:
This release addresses a vulnerability in mod_python 2.7.9 whereby a
specific query string processed by mod_python would cause the httpd
process to crash.
The previously released version 2.7.9 was supposed to correct this issue,
but is still vulnerable.
There are no other changes or improvements from the previous version in
this release.
If you are currently using mod_python 2.7.9 or earlier, it is highly
recommended that you upgrade to 2.7.10 as soon as possible.
1.3.16:
* Works with Mozilla 1.4 through 1.7, 1.8a1 and trunk
* Add thumbnailing to the Open dialogs
* Improved context menus
* Ensure URL's for frames and redirects don't get saved in the history
* Fix the spinner background with gradient themes
* Fix a crash when removing items in the personal data manager
* Fix reloading of framesets
* Make better use of gtk 2.4 API's
* lots of other bug fixes
1.3.15:
* Works with Mozilla 1.4 through 1.7rc2 and trunk
* Requires gtk+ 2.4
* Major download re-write:
o Much improved robustness; lots of crashes fixed
o Improved filename generation when saving pages
o Pages generated by a POST correctly saved
* Restored offline mode
* Restored ability to block cookie sites when removing cookies
* Improved layout of personal data manager
* Added context menu to links in page info dialog
* Added image save button to page info dialog
* Always show the menubar when F10 is pressed
* Use more stock icons from the current icon theme
* Implement user stylesheet support (put them in ~/.galeon/stylesheets)
version stays at 7.51 due to lack of test facility.
Changes since 7.51 (from the changelog for windows):
Security
Fixed a URI obfuscation weakness enabling impersonation of legitimate web
sites. Illegal characters in addresses will be stripped. This addresses
Security Focus Bugtraq ID #10517.
Solved frame injection vulnerability that allowed for spoofing (Secunia
Advisory SA11978).
Solved certificate verification problem.
Miscellaneous
Changed search.ini to ensure correct default dictionary and encyclopedia
searches. On how to protect customized files from being overwritten, see
Release Note.
Changed main toolbar. Now includes options Open, Save, Print, Find, Home,
Panels, Tile, and Cascade.
Various stability and rendering improvements.
"Show in" submenu for messages now has nested display of nested filters.
Corrected message reply behavior when View > Encoding is set to autodetect.
Fixed SSL renegotiation problem causing login trouble on certain secure sites.
Solved issue concerning JavaScript method "confirm()".
Various encoding-related improvements to accommodate Japanese language
version.
we also want the apxs rules from www/apache/module.mk, since the package's
own Makefile doesn't propagate LDFLAGS; include www/apache/module.mk
AFTER mk/apache.mk, so that the right Apache buildlink3.mk is still used
for the build
Version 3.1.3
Apache module that embeds the Python interpreter
As discussed on the mailing list, this package builds and runs for the
most part but fails if the web server has too many backends. Adding it
breaks nothing and does add functionality. I will file a PR to keep
track of the remaining issue.
the author Gergely Nagy in PR pkg/25318.
Changes:
* Thy 0.9.3 [Dead Gardens] -- 2004-06-30
Fixed a minor information leak in the virtual hosting code, noticed
by Jerome Magnin. Also fixed a couple of memory leaks and disabled
meta-data caching by default.
* Thy 0.9.2 [Re-connect] -- 2004-06-15
The major reason for this release is a discovery of a possible Denial
Of Service attack against Thy, one which can easily crash a Thy
process. However, this was just a NULL-dereference, which can not be
used to execute arbitrary code. And is fixed in this release.
Also, epoll support was disabled in this release.
* Thy 0.9.1 [Hurt] -- 2004-06-05
When Thy starts a helper process (such as the Authoriser or the
Worker), she will close and reopen the connection to syslog with a
different ID.
There is also a new option to limit how many bytes Thy will use for
mapping files into memory. When the limit is reached, no mmapping
will occur. This is only useful when using a Worker, since otherwise
files are not mapped to memory at all.
SRP authentication was implemented in this version.
One of the major new features in this release is the ability to
compile multiple event systems into Thy. In the past, Thy had to be
recompiled if one wanted to use epoll or kqueue instead of
select. Now, every possible event system is compiled in, and one can
select the appropriate one at run time. Thy will also try to select
the most appropriate one if none was explicitly specified.
Some smaller bugs were also fixed, as usual.
* Thy 0.9.0 [A Pirate I Was Meant To Be] -- 2004-04-25
This release features a way to make Thy interact better with web
cache software: the ability to set the max-age of resources and
expiry times.
The Linux version of the networking code was updated to be able to
serve files larger than 2Gb when Thy is compiled with Large File
Support (which is the default).
using information stored in a MySQL database.
Based on pkgwip package done by cube@, thanks a lot!
Package should support both Apache 1.x and 2.x, but only Apache 1.x
tested at the moment.
As soon as PLIST_SRC is defined the "default" PLIST files are not
added to PLIST_SRC. So 'PLIST' has to be explicitly listed in the
APACHE_DEFAULT_FILES == "yes" case.
- Add new build def APACHE_DEFAULT_FILES
Changes with Apache 2.0.50
*) SECURITY: CAN-2004-0493 (cve.mitre.org)
Close a denial of service vulnerability identified by Georgi
Guninski which could lead to memory exhaustion with certain
input data. [Jeff Trawick]
*) mod_cgi: Handle output on stderr during script execution on Unix
platforms; preventing deadlock when stderr output fills pipe buffer.
Also fixes case where stderr from nph- scripts could be lost.
PR 22030, 18348. [Joe Orton, Jeff Trawick]
*) mod_alias now emits a warning if it detects overlapping *Alias*
directives. [André Malo]
*) mod_rewrite no longer turns forward proxy requests into reverse proxy
requests. PR 28125 [ast domdv.de, André Malo]
*) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
exported on Win32 and Netware as well (minor MMN bump). PR 28523.
[Edward Rudd <eddie omegaware.com>, André Malo]
*) Restore the ability to disable the use of AcceptEx on Win9x systems
automatically (broken in 2.0.49). PR 28529. [André Malo]
*) <VirtualHost myhost> now applies to all IP addresses for myhost
instead of just the first one reported by the resolver. This
corrects a regression since 1.3. [Jeff Trawick]
*) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
against ServerRoot PR#26602 [Brad Nicholes]
*) SECURITY: CAN-2004-0488 (cve.mitre.org)
mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
(trusted) client certificate subject DN which exceeds 6K in length.
[Joe Orton]
*) mod_dav_fs: Fix MKCOL response for missing parent collections, which
caused issues for the Eclipse WebDAV extension.
PR 29034. [Joe Orton]
*) mod_deflate: Fix memory consumption (which was proportional to the
response size). PR 29318. [Joe Orton]
*) mod_ssl: Log the errors returned on failure to load or initialize
a crypto accelerator engine. [Joe Orton]
*) Allow RequestHeader directives to be conditional. PR 27951.
[Vincent Deffontaines <vincent gryzor.com>, André Malo]
*) Allow LimitRequestBody to be reset to unlimited. PR 29106
[André Malo]
*) Fix a bunch of cases where the return code of the regex compiler
was not checked properly. This affects: mod_setenvif, mod_usertrack,
mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
*) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
*) Remove 2Gb log file size restriction on some 32-bit platforms.
PR 13511. [Joe Orton]
*) mod_logio no longer removes the EOS bucket. PR 27928.
[Bojan Smojver <bojan rexursive.com>]
*) htpasswd no longer refuses to process files that contain empty
lines. [André Malo]
*) Regression from 1.3: At startup, suexec now will be checked for
availability, the setuid bit and user root. The works only if
httpd is compiled with the shipped APR version (0.9.5).
PR 28287. [André Malo]
*) Unix MPMs: Stop dropping connections when the file descriptor
is at least FD_SETSIZE. [Jeff Trawick]
*) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
*) mod_isapi: send_response_header() failed to copy status string's
last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
*) Fix a segfault when requests for shared memory fails and returns
NULL. Fix a segfault caused by a lack of bounds checking on the
cache. PR 24801. [Graham Leggett]
*) Throw an error message if an attempt is made to use the LDAPTrustedCA
or LDAPTrustedCAType directives in a VirtualHost. PR 26390
[Brad Nicholes]
*) Fix a potential segfault if the bind password in the LDAP cache
is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
*) Quotes cannot be used around require group and require dn
directives, update the documentation to reflect this. Also add
quotes around the dn and group within debug messages, to make it
more obvious why authentication is failing if quotes are used in
error. PR 19304. [Graham Leggett]
*) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
from escaping filters twice when the backslash character is used.
PR 24437. [Jess Holle <jessh ptc.com>]
*) Overhaul handling of LDAP error conditions, so that the util_ldap_*
functions leave the connections in a sane state after errors have
occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
27271 [Graham Leggett]
*) mod_ldap calls ldap_simple_bind_s() to validate the user
credentials. If the bind fails, the connection is left
in an unbound state. Make sure that the ldap connection
record is updated to show that the connection is no longer
bound. [Brad Nicholes]
*) Ensure that lines in the request which are too long are
properly terminated before logging.
[Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
*) Update the bind credentials for the cached LDAP connection to
reflect the last bind. This prevents util_ldap from creating
unnecessary connections rather than reusing cached connections.
[Brad Nicholes]
*) mod_isapi: GetServerVariable returned improperly terminated header
fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
[Jesse Pelton <jsp pkc.com>]
*) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
size. PR 20617. [Jesse Pelton <jsp pkc.com>]
*) mod_dav: Fix a problem that could cause crashes when manipulating
locks on some platforms. [Jeff Trawick]
*) mod_headers no longer crashes if an empty header value should
be added. [André Malo]
*) Fix segfault in mod_expires, which occured under certain
circumstances. PR 28047. [André Malo]
*) htpasswd: use apr_temp_dir_get() and general cleanup
[Guenter Knauf <eflash gmx.net>, Thom May]
*) mod_ssl: Fix memory leak in session cache handling. PR 26562
[Madhusudan Mathihalli]
*) mod_ssl: Fix potential segfaults when performing SSL shutdown from
a pool cleanup. PR 27945. [Joe Orton]
*) Add forensic logging module (mod_log_forensic).
[Ben Laurie]
*) logresolve: Allow size of log line buffer to be overridden at
build time (MAXLINE). PR 27793. [Jeff Trawick]
*) Fix the comment delimiter in htdbm so that it correctly parses the
username comment. Also add a terminate function to allow NetWare
to pause the output before the screen is destroyed.
[Guenter Knauf <eflash gmx.net>, Brad Nicholes]
*) Fix crash when Apache was started with no Listen directives.
[Michael Corcoran <mcorcoran warpsolutions.com>]
*) core_output_filter: Fix bug that could result in sending
garbage over the network when module handlers construct
bucket brigades containing multiple file buckets all referencing
the same open file descriptor. [Bojan Smojver]
*) Fix memory corruption problem with ap_custom_response() function.
The core per-dir config would later point to request pool data
that would be reused for different purposes on different requests.
[Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
*) Win32: Tweak worker thread accounting routines to eliminate
server hang when number of Listen directives in httpd.conf
is greater than or equal to the setting of ThreadsPerChild.
[Bill Stoddard]
This is security fix release, fixing several important security
issues. From the ChangeLog:
* Fixed strip_tags() to correctly handle '\0' characters.
* Improved stability during startup when memory_limit is used.
* Replace alloca() with emalloc() for better stack protection.
* Added missing safe_mode checks inside ftok and itpc.
* Fixed bug #28963 Fixed address allocation routine in IMAP extension.
* Fixed bug #28632 Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL.
Note: package update also includes extra patches from PHP CVS not
present in stock PHP 4.3.8 release - compilation fix for
mssql extension and Zend engine memory-use-after-free fix.
gcc version 3+.
. generally reduce diffs to Linux version
. retain compatibility with older ABI (AIX-like) thanks to useful comments
from Charles Hannum
Thanks to Matthew Green for the fruitful discussion. This should address
PR#23240 as far as mozilla is concerned.
