last two years. From the git commit log:
2010-06-23
Create longest possible path first in mkdirs routine. radmind-1.14.0rc1
2010-05-28
Updated radmind man page with CRL documentation.
2010-05-28
[Patch 2930172]: Add support for CRLs
2010-02-03
Fix: check argument count when encountering a minus...
2010-01-28
[Bug 2927309]: ktcheck cores with recursive command...
2010-01-20
Fix: -r (use randfile) was being ignored.
2010-01-13
[Patch 2931438]: Change port back to standard on failur...
2009-12-15
node_create sometimes takes a NULL transcript name.
2009-12-06
[Bug 1816150]: Can't replace dir with file.
2009-11-19
Accidentally placed dns_sd check in the PAM if-block.
2009-11-19
Pull Wes's path repetition dectection patch from CVS.
2009-11-19
Add --with-pam.
2009-11-17
[Patch 2899332] Fix and document -p option to ra.sh.
2009-11-11
[Patch 2524867] Add -p option for ra.sh (for port).
2009-11-11
[Patch 2877346] Add a copy mode to lmerge.
2009-11-11
Fix: missing closing quotation mark in lcksum error...
2009-10-28
[Bug 2887658]: fsdiff prints multiple lines for changin...
2009-10-15
Fix: lcksum crashes when given a minus (-) line with...
2009-10-15
Accept 2845279: Updated rash manpage
2009-09-11
Quick fix for pam_conv struct compiler nagging.
2009-09-11
Fix empty prepath check in lapply and lcksum
2009-08-18
Exclude leftovers from autoconf and git when making...
2009-08-18
Do not track configure script.
2009-08-01
Eliminate old workaround for broken mkdir on old versio... origin
2009-02-23
Only use $USERNAME if $USERAUTH is enabled.
2009-01-29
Fix bug 2541171. Patch from bawood at umich dot edu.
2008-12-11
Proof-of-concept code using Apple's FSEvents API. Can...
As of the 1.2 release, the core Django framework includes a system, enabled by
default, for detecting and preventing cross-site request forgery (CSRF) attacks
against Django-powered applications. Previous Django releases provided
a different, optionally-enabled system for the same purpose.
The Django 1.2 CSRF protection system involves the generation of a random
token, inserted as a hidden field in outgoing forms. The same value is also
set in a cookie, and the cookie value and form value are compared on submission.
The provided template tag for inserting the CSRF token into forms --
{% csrf_token %} -- explicitly trusts the cookie value, and displays it as-is.
Thus, an attacker who is able to tamper with the value of the CSRF cookie can
cause arbitrary content to be inserted, unescaped, into the outgoing HTML of
the form, enabling cross-site scripting (XSS) attacks.
This issue was first reported via a public ticket in Django's Trac instance;
while being triaged it was then independently reported, with broader
description, by Jeff Balogh of Mozilla.
close PR#43791.
Changes to pkgsrc
* use INSTALL_SCRIPT from configure (patch-ab).
* update tclsh name, current its version in pkgsrc is 8.4.
CHANGES TO REMIND
* Version 3.1 Patch 9 - 2010-06-20
- MAJOR ENHANCEMENT: New "purge mode" to delete expired reminders. See
the PURGE MODE section of the remind man page.
- ENHANCEMENT: Support DURATION in TkRemind. Thanks to Marek Marczykowski.
- BUG FIX: Don't change the order of PS and PSFILE reminders. Bug found
by John McGowan.
- BUG FIX: "REM 1990-01-01 SATISFY 1" would yield a spurious parse error
in earlier versions of Remind.
- BUG FIX: Yom HaShoah is moved to Thursday if it would normally fall on
a Friday. Thanks to Jonathan Kamens for pointing this out.
* Version 3.1 Patch 8 - 2010-03-09
- ENHANCEMENT: Include some useful scripts in contrib/
- ENHANCEMENT: Add the $T, $Td, $Tm, $Tw, $Ty, $U, $Ud, $Um, $Uw, $Uy
special variables to make reminder files less wordy. See man page
for details.
- MINOR ENHANCEMENT: Set an icon photo window manager resource on TkRemind.
- POLICY CHANGE: Discourage use of Remind on MS Windows or Apple Mac OS X.
- BUG FIX: Ignore msgprefix() and msgsuffix() on RUN-type reminders.
- BUG FIX: Adjust Remind and Rem2PS so that SHADE specials don't obliterate
earlier MOON specials.
- BUG FIX: Fix bug in SCHED calculations if Remind is started in the middle
of a SCHED interval.
* Message-ID searches on Google Groups work again
* Add-ons preferences button for Lightning should work now
* Security fixes:
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-60 XSS using SJOW scripted function
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
* Several fixes to improve stability.
* Several fixes to the user interface.
* Several security fixes:
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
