- Support for Visual C++ project files in winemaker.
- Improvements to the Esound driver.
- Many Direct3D code cleanups.
- Fixes to OLE clipboard handling.
- Various bug fixes.
Also set MAKE_JOBS_SAFE to allow for parallel builds.
Update third-party upload module from 2.0.8 to 2.0.9 and remove
needless extra patch.
Add support for third-party modules:
o Phusion Passenger(tm) 2.2.1
o mogilefs 1.0.1
<nginx development ChangeLog>
*) Feature: the first native Windows binary release.
*) Bugfix: in processing HEAD method while caching.
*) Bugfix: in processing the "If-Modified-Since", "If-Range", etc.
client request header lines while caching.
*) Bugfix: now the "Set-Cookie" and "P3P" header lines are hidden in
cacheable responses.
*) Bugfix: if nginx was built with the ngx_http_perl_module and with a
perl which supports threads, then during a master process exit the
message "panic: MUTEX_LOCK" might be issued.
*) Bugfix: nginx could not be built --without-http-cache; the bug had
appeared in 0.7.48.
*) Bugfix: nginx could not be built on platforms different from i386,
amd64, sparc, and ppc; the bug had appeared in 0.7.42.
</ChangeLog>
and marked as CVE-2009-583 and CVE-2009-584:
CVE-2009-583:
Multiple integer overflows in icc.c in the International Color
Consortium (ICC) Format library (aka icclib), as used in
Ghostscript 8.64 and earlier and Argyll Color Management
System (CMS) 1.0.3 and earlier, allow context-dependent
attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly execute arbitrary
code by using a device file for a translation request that
operates on a crafted image file and targets a certain "native
color space," related to an ICC profile in a (1) PostScript
or (2) PDF file with embedded images.
CVE-2009-584:
icc.c in the International Color Consortium (ICC) Format
library (aka icclib), as used in Ghostscript 8.64 and earlier
and Argyll Color Management System (CMS) 1.0.3 and earlier,
allows context-dependent attackers to cause a denial of
service (application crash) or possibly execute arbitrary code
by using a device file for processing a crafted image file
associated with large integer values for certain sizes, related
to an ICC profile in a (1) PostScript or (2) PDF file with
embedded images.
Security: CVE-2009-583
Security: CVE-2009-584
Approved by: portmgr (pav)
http://secunia.com/advisories/34746/ .
"Some vulnerabilities have been reported in Poppler which can be
exploited by malicious people to potentially compromise an
application using the library."
PR: 133838
Submitted by: Mark Foster <mark@foster.cc>
Approved by: portmgr (implicit)
