last two years. From the git commit log:
2010-06-23
Create longest possible path first in mkdirs routine. radmind-1.14.0rc1
2010-05-28
Updated radmind man page with CRL documentation.
2010-05-28
[Patch 2930172]: Add support for CRLs
2010-02-03
Fix: check argument count when encountering a minus...
2010-01-28
[Bug 2927309]: ktcheck cores with recursive command...
2010-01-20
Fix: -r (use randfile) was being ignored.
2010-01-13
[Patch 2931438]: Change port back to standard on failur...
2009-12-15
node_create sometimes takes a NULL transcript name.
2009-12-06
[Bug 1816150]: Can't replace dir with file.
2009-11-19
Accidentally placed dns_sd check in the PAM if-block.
2009-11-19
Pull Wes's path repetition dectection patch from CVS.
2009-11-19
Add --with-pam.
2009-11-17
[Patch 2899332] Fix and document -p option to ra.sh.
2009-11-11
[Patch 2524867] Add -p option for ra.sh (for port).
2009-11-11
[Patch 2877346] Add a copy mode to lmerge.
2009-11-11
Fix: missing closing quotation mark in lcksum error...
2009-10-28
[Bug 2887658]: fsdiff prints multiple lines for changin...
2009-10-15
Fix: lcksum crashes when given a minus (-) line with...
2009-10-15
Accept 2845279: Updated rash manpage
2009-09-11
Quick fix for pam_conv struct compiler nagging.
2009-09-11
Fix empty prepath check in lapply and lcksum
2009-08-18
Exclude leftovers from autoconf and git when making...
2009-08-18
Do not track configure script.
2009-08-01
Eliminate old workaround for broken mkdir on old versio... origin
2009-02-23
Only use $USERNAME if $USERAUTH is enabled.
2009-01-29
Fix bug 2541171. Patch from bawood at umich dot edu.
2008-12-11
Proof-of-concept code using Apple's FSEvents API. Can...
As of the 1.2 release, the core Django framework includes a system, enabled by
default, for detecting and preventing cross-site request forgery (CSRF) attacks
against Django-powered applications. Previous Django releases provided
a different, optionally-enabled system for the same purpose.
The Django 1.2 CSRF protection system involves the generation of a random
token, inserted as a hidden field in outgoing forms. The same value is also
set in a cookie, and the cookie value and form value are compared on submission.
The provided template tag for inserting the CSRF token into forms --
{% csrf_token %} -- explicitly trusts the cookie value, and displays it as-is.
Thus, an attacker who is able to tamper with the value of the CSRF cookie can
cause arbitrary content to be inserted, unescaped, into the outgoing HTML of
the form, enabling cross-site scripting (XSS) attacks.
This issue was first reported via a public ticket in Django's Trac instance;
while being triaged it was then independently reported, with broader
description, by Jeff Balogh of Mozilla.
close PR#43791.
Changes to pkgsrc
* use INSTALL_SCRIPT from configure (patch-ab).
* update tclsh name, current its version in pkgsrc is 8.4.
CHANGES TO REMIND
* Version 3.1 Patch 9 - 2010-06-20
- MAJOR ENHANCEMENT: New "purge mode" to delete expired reminders. See
the PURGE MODE section of the remind man page.
- ENHANCEMENT: Support DURATION in TkRemind. Thanks to Marek Marczykowski.
- BUG FIX: Don't change the order of PS and PSFILE reminders. Bug found
by John McGowan.
- BUG FIX: "REM 1990-01-01 SATISFY 1" would yield a spurious parse error
in earlier versions of Remind.
- BUG FIX: Yom HaShoah is moved to Thursday if it would normally fall on
a Friday. Thanks to Jonathan Kamens for pointing this out.
* Version 3.1 Patch 8 - 2010-03-09
- ENHANCEMENT: Include some useful scripts in contrib/
- ENHANCEMENT: Add the $T, $Td, $Tm, $Tw, $Ty, $U, $Ud, $Um, $Uw, $Uy
special variables to make reminder files less wordy. See man page
for details.
- MINOR ENHANCEMENT: Set an icon photo window manager resource on TkRemind.
- POLICY CHANGE: Discourage use of Remind on MS Windows or Apple Mac OS X.
- BUG FIX: Ignore msgprefix() and msgsuffix() on RUN-type reminders.
- BUG FIX: Adjust Remind and Rem2PS so that SHADE specials don't obliterate
earlier MOON specials.
- BUG FIX: Fix bug in SCHED calculations if Remind is started in the middle
of a SCHED interval.
* Message-ID searches on Google Groups work again
* Add-ons preferences button for Lightning should work now
* Security fixes:
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-60 XSS using SJOW scripted function
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
* Several fixes to improve stability.
* Several fixes to the user interface.
* Several security fixes:
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
pkgsrc changes:
- adjust dependencies according to upstream's META.yml
Upstream changes:
0.27 Wed, 16 Jun 2010 20:39:59 UTC
Added class for Yahoo! access token refresh request (thanks Marc Mims)
0.26 Wed, 16 Jun 2010 19:59:04 UTC
Message::encode no longer tries fix potential 'double-encoding' (in any
case it appeared to be doing it wrong). Now it just complains if you
try to pass in undecoded strings. (thanks Daisuke Maki and KATOU Akira)
0.25 Sun, 21 Mar 2010 03:50:40 UTC
Gah, $VERSION lameness
0.24 Sun, 21 Mar 2010 03:39:40 UTC
Fix test breakage in 0.23
0.23 Thu, 18 Mar 2010 17:23:36 UTC
Removed UNIVERSAL::require dependency
Net::OAuth->request constructor now dies if module fails to load
(thanks Mike Schleif)
Fixed https://rt.cpan.org/Ticket/Display.html?id=55635 Incorrect
dependencies (thanks Jens Rehsack)
Replaced die() with croak()
pkgsrc changes:
- imported and added recommended dependency to Math::Random::MT
- moved List::MoreUtils to run dependencies
Upstream changes:
0.06 Tue Aug 31 15:37:15 JST 2010
* added a parameter 'provider' passed to Crypt::Random.
now you can avoid annoying device lock to set the value for example
to 'udevrandom' (means /dev/urandom), 'rand' etc.
math/p5-Math-Random-MT.
The Mersenne Twister is a pseudorandom number generator developed by
Makoto Matsumoto and Takuji Nishimura. It is described in their paper at
<URL:http://www.math.keio.ac.jp/~nisimura/random/doc/mt.ps>.
pkgsrc changes:
- add informational dependency to core module Digest::MD5
Upstream changes:
Authen-SASL 2.15 -- Wed Jun 2 13:47:41 CDT 2010
* Makes sure that user callbacks are called [Yann Kerherve]
Authen-SASL 2.1401 -- Mon Mar 29 14:22:54 CDT 2010
* Add META.yml to release
