If ${FILESDIR}/getsite.sh exists, then use it to determine the fetch
URL for each of the distfiles for the package. Otherwise, use
SITE_<file> and MASTER_SITES, in order, to determine the URL for each
distfile.
If the script path differs from ${FILESDIR}/getsite.sh, then set
DYNAMIC_SITE_SCRIPT to the full path to that script.
Remove the need to set DYNAMIC_MASTER_SITES explicitly in the package
Makefile for:
graphics/ns-cult3d
wm/sawfish-themes
www/apache-tomcat55
www/jakarta-tomcat4
www/jakarta-tomcat5
pkgsrc release engineering team.
- Keep current directory with DEINSTALL and INSTALL script.
- remove extra processing with POST-DEINSTALL action from DEINSTALL script.
- Suggest use of additional graphic package.
- Add APACHE_GROUP to BUILD_DEFS.
- install ${GEEKLOG_EXAMPLESDIR}/createdb.php with INSTALL_SCRIPT.
Bump PKGREVISION.
since they always need a C compiler, even when the source code is
completely in C++.
For some other packages, stated in the comment that a C compiler is
really not needed.
2006-04-28 Gisle Aas
Release 3.54
Yaakov Belch discovered yet another issue with <script> parsing.
Enabling of 'empty_element_tags' got the parser confused
if it found such a tag for elements that are normally parsed
in literal mode. Of these <script src="..."/> is the only
one likely to be found in documents.
<http://rt.cpan.org//Ticket/Display.html?id=18965>
2006-04-27 Gisle Aas
Release 3.53
When ignore_element was enabled it got confused if the
corresponding tags did not nest properly; the end tag
was treated it as if it was a start tag.
Found and fixed by Yaakov Belch
<http://rt.cpan.org/Ticket/Display.html?id=18936>
2006-04-26 Gisle Aas
Release 3.52
Make sure the 'start_document' fires exactly once for
each document parsed. For earlier releases it did not
fire at all for empty documents and could fire multiple
times if parse was called with empty chunks.
Documentation tweaks and typo fixes.
2006-03-22 Gisle Aas
Release 3.51
Named entities outside the Latin-1 range are now only expanded
when properly terminated with ";". This makes HTML::Parser
compatible with Firefox/Konqueror/MSIE when it comes to how these
entities are expanded in attribute values. Firefox does expand
unterminated non-Latin-1 entities in plain text, so here
HTML::Parser only stays compatible with Konqueror/MSIE.
Fixes <http://rt.cpan.org/Ticket/Display.html?id=17962>.
Fixed some documentation typos spotted by william at knowmad.com.
<http://rt.cpan.org/Ticket/Display.html?id=18062>
Changes with Apache 1.3.36
*) Reverted SVN rev #396294 due to unwanted regression.
The new feature introduced in 1.3.35 (Allow usage of the
"Include" configuration directive within previously "Include"d
files) has been removed in the meantime.
(http://svn.apache.org/viewcvs?rev=396294&view=rev)
Changes with Apache 1.3.35
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) core: Allow usage of the "Include" configuration directive within
previously "Include"d files. [Colm MacCarthaigh]
*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti [Mark Cox]
*) mod_cgi: Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
had actually been ignoring LTCONFIG_OVERRIDE anyway and just using
the default LIBTOOL_OVERRIDE to replace libtool scripts in packages.
This just formalizes the fact that LTCONFIG_OVERRIDE is not used
meaningfully by pkgsrc.
version: 0.18
date: Wed Mar 8 02:06:47 PST 2006
changes:
- Made Test.Base stuff its own module. Now Jemplate relies on that module.
- Christian Hansen added a simple daemon for running tests.
- Cees Hek added all hash virtual methods (except `import` which caused
major grief)
- Cees monkeyed around in the Stash lookup code
- Yann K implemented the `replace` filter
- Ingy made `foo.bar()` always call a method `bar`.
- Ingy completely refactored Test.Base and then proceeded to refactor the
Jemplate test suite in kind.
- gugod pulled over some uri escaping code from Kwiki
- chansen tweaked the daemon to honor caching rules
- Cory Bennett fixed some bug having to do with a Javascript String object.
- Cees fixed the defaults for the `indent` and `truncate` filters.
- Stephen Howard reported that Jemplate was not localising the stash for
the INCLUDE directive, and he even supplied a patch, but Ingy had
already made the fix.
- Ingy played with the Stash lookup code and hopefully got it just perfect.
- Ingy added support for the DEFAULT directive.
- Lots more tests in this release.
It fixes cross-site-scripting security problem.
Geeklog 1.4.0sr5
JPCERT/CC informed us about a possible XSS in the comment handling that we're
fixing with this release.
Major changes compared to Horde 3.1.1 are:
* Security Fixes
- Closed XSS problems in dereferrer (IE only), help viewer and problem
reporting screen.
- Removed unused image proxy code from dereferrer.
* Bugfixes and improvements
- Added configuration option to disable GET-based sessions.
- Added Oracle and generic SQL upgrade scripts.
- Improved default charset support.
- Improved API and RPC interface.
- Fixed the preference cache.
The full list of changes (from version 3.1.1) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.231&r2=1.515.2.252&ty=h
Pkgsrc changes:
- Introduced USE_LANGUAGES.
Relevant changes since version 3.19_01:
=======================================
[THINGS THAT MAY BREAK YOUR CODE]
* The store_declarations() method has been restored, but defaults
to true instead of false.
[THINGS THAT MAY BREAK YOUR CODE]
* The store_declarations() method has been removed.
* Non-closing HTML tags like <IMG> are now rendered as <IMG />.
* All values in tags are now double-quoted. Previously, all-numeric
values weren't quoted.
Pkgsrc changes:
- none
Relevant changes since version 3.11:
====================================
Version 3.20
1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl
headers_out->add() rather than headers_out->set().
2. Fixed problem identified by Andrei Voronkov in which start_form()
output was screwed up when initial argument begins with a dash and
subsequent arguments do not.
3. Quashed uninitialized variable warnings coming from script_name(),
url() and other functions that require access to the PATH_INFO
environment variable.
Version 3.19
1. Added patch from Stephen Frost that allows one to suppress use of the
temp file that is created during uploads.
2. Fixed problem noted by Martin Foster in which regular expression
meta-character terms in the path information were not quoted, causing
URL parsing to fail on URLs that contained metacharacters (such as +).
3. More fixes to the url() method.
4. Removed "hack to fix broken PATH_INFO in MSII".
Version 3.18
1. Doc typo fixes.
2. Patch from Steve Peters to default the document type to match the charset.
3. Fixed param() so that param(-name=>'foo',-values=>[]) sets the
parameter to empty list.
Version 3.17 Fri Feb 24 14:01:27 EST 2006
1. Added patch from Mike Hanafey which caused 0 arguments to
CGI::Cookie->new() to be treated as empty.
2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of
CGI::Carp not behaving correctly in an eval() context.
3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of
one session with another's variables.
4. Fixed upload failure on files that contain semicolons in their names.
Version 3.16 Wed Feb 8 13:29:11 EST 2006
1. header() -charset option now works even when the MIME type is not "text".
2. Fixed documentation for cookie() function and fastCGI.
3. Upload filehandles now only closed automatically on Windows systems.
4. Apache::Cookie compatibility fix from David Wheeler
5. CGI::Carp->fatalsToBrowser() does not work correctly with
mod_perl 2. No workaround is known.
6. Fixed text status code associated with 302 redirects. Should be "Found"
but was "Moved".
7. Fixed charset in start_html() and header() to be in synch.
Version 3.14 Tue Dec 6 17:12:03 EST 2005
1. Fixed broken scrolling_list() select attribute.
Version 3.14 Tue Dec 6 17:12:03 EST 2005
1. Fixed broken scrolling_list() select attribute.
Version 3.13
1. Removed extraneous empty "?" from end of self_url().
Version 3.12
1. Fixed virtual_port so that it works properly with https protocol.
2. Fixed documentation for upload_hook().
3. Added POSTDATA documentation.
4. Made upload_hook() work in function-oriented mode.
5. Fixed POST_MAX behavior so that it doesn't cause client to hang.
6. Disabled automatic tab indexes and added new -tabindex pragma to
turn automatic indexes back on.
7. The url() and self_url() methods now work better in the context of Apache
mod_rewrite. Be advised that path_info() may give you confusing results
when mod_rewrite is active because Apache calculates the path info
*after* rewriting. This is mostly worked around in url() and self_url(),
but you may notice some anomalies.
8. Removed empty (and non-validating) <div> from code emitted by end_form().
9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2
environment.
10. Setting $CGI::TMPDIRECTORY should now be effective.
none
Changes:
Trac-0.9.6-ja-1 (Jul 7, 2006)
* Merge trac-0.9.6
* Update to current statement.
* README.trac-ja
* wiki-default/TracJa
Trac 0.9.6 (Jul 6, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.6
* Fixed reStructuredText breach of privacy and denial of service
* vulnerability
found by Felix Wiemann.
* trac-post-commit-hook fixes.
* Fixed bugs: #2894, #3058, #3209#3325.
From PR pkg/33942 by Akio OBATA.
Changes:
* Fixed reStructuredText breach of privacy and denial of service
vulnerability found by Felix Wiemann.
* trac-post-commit-hook fixes.
* Fixed bugs: #2894, #3058, #3209#3325.
- Moved the binary from sbin to bin, since the manual page is also in
category 1.
- Replaced /var with ${VARBASE}.
- Sorted PLIST.
- Bumped PKGREVISION.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC
tree unless they're named something other than "libtool".
SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just
define it to the empty list and shlibtool-override will look for libtool
scripts.
