Upstream changes:
1.16 Sun Nov 4 17:23:03 2012
- XSUB: use PERL_NO_GET_CONTEXT (see perlguts)
(see [rt.cpan.org #80312])
1.15 Sun Sep 23 10:43:14 2012
- perl 5.11.0 or later: Install to 'site' instead of 'perl'
(see [rt.cpan.org #79801])
- Allow for case where host is *, and IO::Socket::INET6 is installed, but IPv6 doesn't really work.
- Add missing child_init_hook in Fork server (so Fork can be more parallel with PreFork in some respects)
- Change BOUND_SOCKETS passing to use ; as a separator rather than a \n
2.005 Jun 12 2012
NOTE: ipv now defaults to *
- Change the default of ipv from 4 to *. This means if a host of * (default), or a named host is used, any available IPv4 OR IPv6 address will be used.
- Allow for explicit close_client_stdout call
- Add dispatch methods and app setup to HTTP
- Allow for exec_fork_hook in HTTP
- Make sure errors in HTTP use correct logging mechanisms (and do not die un-needed)
- Fix 500 call in PSGI
- Fix send_header
2.004 Jun 08 2012
NOTE: Version 2.005 will change the default ipv value to * meaning it will attempt to bind IPv4 and IPv6 if they are available if you pass a hostname
- Add Net::Server::Proto->get_addr_info which can more reliably resolve domain information.
- Use that information to figure out an appropriate host to bind to for tests
- Make get_addr_info less reliant on magic values of sysctl net.ipv6.bindv6only
- Allow all tests to function in IPv6 only environments
- Fix broken number of tests in test suite
- Add warnings about changes to the default value of ipv coming in 2.005
2.003 Jun 06 2012
- Make the logging system pluggable
- Added net-server server executor for writing easier one line servers
- Sys::Syslog and Log::Log4perl are now moved out to their own module subsystems
- Added full apache style HTTP log formatting for the HTTP server
- Allow for ipv to be specified as part of host, or proto, or passed via $ENV{'IPV'}
- Add apache style access logging (access_log_file and access_log_format) to HTTP
- Allow HTTP header parsing to not untaint the headers (thanks Miko O'Sullivan)
- Fix missing legacy NS_unix_path call (missing since 2.000)
- Fix a bug in MultiType that prevented calling server_type HTTP
Source Sans is a set of monospaced OpenType fonts that have been
designed to work well coding environments. This family of fonts is
a complementary design to the Source Sans family.
This package provides OpenType fonts only.
Source Sans is a set of monospaced OpenType fonts that have been
designed to work well coding environments. This family of fonts is
a complementary design to the Source Sans family.
This package provides OpenType fonts only.
GRIG 0.8.0:
- Frequency entry via keypad (thanks to Alessandro Zummo).
- Arrow LEFT/RIGHT will change the frequency with the smallest step. This can
be used for tuning using external devices like the Powermate.
* Support for VFO->MEM and MEM->VFO function.
- Support on/off rig functions.
- Added an extra gigahertz digit in lcd display
- Added antenna control
- French l10n
- Fixed crash that occurs when mouse is clicked between MHz and kHz digits.
Reported as Ubuntu bug 517816.
- Requires Gtk+ 2.12 and Hamlib 1.2.8
Changelog:
Fixed in Thunderbird 16.0.2
MFSA 2012-90 Fixes for Location object issues
MFSA 2012-67 Installer will launch incorrect executable following new installation
# SECURITY FIXES
* for CVE-2012-3482:
NTLM: fetchmail mistook an error message that the server sent in response to
an NTLM request for protocol exchange, tried to decode it, and crashed while
reading from a bad memory location.
Also, with a carefully crafted NTLM challenge packet sent from the server, it
would be possible that fetchmail conveyed confidential data not meant for the
server through the NTLM response packet.
Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort
NTLM authentication in case of error.
See fetchmail-SA-2012-02.txt for further details.
Reported by J. Porter Clark.
* for CVE-2011-3389:
SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure
against a certain kind of attack against cipher block chaining initialization
vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).
Whether this creates an exploitable situation, depends on the server and the
negotiated ciphers.
As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
NOTE that this can cause connections to certain non-conforming servers to
fail, in which case you can set the environment variable
FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting
fetchmail to re-instate the compatibility option at the expense of security.
Reported by Apple Product Security.
For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>.
See fetchmail-SA-2012-01.txt for further details.
# BUG FIX
* The Server certificate: message in verbose mode now appears on stdout like the
remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
* The GSSAPI-related autoconf code now matches gssapi.c better, and uses
a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
# CHANGES
* On systems where SSLv2_client_method isn't defined in OpenSSL (such as
newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
reference it (to fix the build) and if configured, print a run-time error
that the OS does not support SSLv2. Fixes Debian Bug #622054,
but note that that bug report has a more thorough patch that does away with
SSLv2 altogether.
* The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
was dropped). The Creative Commons address was updated.
* The Python-related Makefile.am parts were simplified to avoid an automake
1.11.X bug around noinst_PYTHON, Automake Bug #10995.
* Configuring fetchmail without SSL now triggers a configure warning,
and asks the user to consider running configure --with-ssl.
# WORKAROUNDS
* Some servers, notably Zimbra, return A1234 987 FETCH () in response to
a header request, in the face of message corruption. fetchmail now treats
these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
* Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed."
without any header in response to a header request for meeting reminder
messages (with a "meeting.ics" attachment). fetchmail now treats these as
transient errors. Report by John Connett, Patch by Sunil Shetye.
# TRANSLATION UPDATES
* [cs] Czech, by Petr Pisar
* [de] German
* [fr] French, by Frédéric Marchal
* [ja] Japanese, by Takeshi Hamasaki
* [pl] Polish, by Jakub Bogusz
* [sv] Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you!
* [vi] Vietnamese, by Trần Ngọc Quân
Security Fixes:
* PNG: Fix for CVE-2012-3438. The Magick_png_malloc function in
coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper
variable type for the allocation size, which might allow remote
attackers to cause a denial of service (crash) via a crafted PNG
file that triggers incorrect memory allocation.
* Automake (derived): Fix for CVE-2012-3386: The "make distcheck"
rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants
world-writable permissions to the extraction directory, which
introduces a race condition that allows local users to execute
arbitrary code via unspecified vectors.
Bug fixes:
* PNG: Reading sub-8-bit palette images is fixed (images looked
stretched).
* SVG: Fixed bug which allowed MVG and SVG files with long vector
paths to crash the software.
* SVG: Ignore XML headers rather than rendering them as text.
* MVG/SVG/WMF/-draw: It is now possible to draw a plain ','
character.
* WMF: Fixed a bug which caused wrong centered-text placement.
* import: Return status was inverted.
* configure: Don't force that liblzma is used just because libtiff
is used.
New Features:
* The configure script now supports a --enable-quantum-library-names
option to enable that shared library name includes quantum depth
to allow shared libraries with different quantum depths to
co-exist in same directory (only one can be used for development).
* JNX: Support is added for reading the Garmin proprietary Image
Format.
* BMP: Support an alpha channel in uncompressed 32-bit BMP.
Feature improvements:
* -lat: The adaptive threshold algorithm is replaced with a new
algorithm which scales linearly (rather than quadratically) with
area size.
* Tests: Test suite is re-written to use TAP-based tests.
* GIF: Reader tries to be better at detecting and reporting
failures.
Performance Improvements:
* -lat: Adaptive threshold is much faster with large area sizes.
Windows Delegate Updates:
* Dcraw 9.16 is now included in the build (with JPEG and JPEG2000
support).
* Libxml2 is updated to the 2.9.0 release.
* Libtiff is updated to the 4.0.3 release.
* Lcms2 is updated to the 2.4 release.
* Libpng is updated to the 1.5.13 release.
Behavior Changes:
* Loading modules is only supported for the modules build.
Previously any build using shared libraries could load modules.
* Bundled libltdl is now configured as 'installable' rather than
'convenience'.
* -enhance: Only filter based on color channels (ignore opacity).
* BrowseDelegate: Web browser (for viewing help information) now
defaults to 'xdg-open', but if it is not found, then configure
will search for firefox, google-chrome, mozilla (in that order).
a) lang/see support was removed (see below)
b) lang/spidermonkey and wip/spidermonkey185 aren't recognized
ELinks 0.12pre6
---------------
Security fix:
* bug 1124, CVE-2012-4545: Do not delegate GSSAPI credentials in HTTP
Negotiate or GSS-Negotiate authentication. Reported by Marko Myllynen.
(ELinks 0.12pre1 was the first release that supported GSSAPI; earlier
releases are not vulnerable.)
Fixed crashes and hangs:
* critical bug 943: Don't let user JavaScripts call any methods of
``elinks.action'' in tabs that do not have the focus. If a tab was
closed with ``elinks.action.tab_close'' while it had pop-up windows,
ELinks could crash; as a precaution, don't allow other actions
either. (ELinks 0.12pre1 was the first release that supported
``elinks.action''.)
* critical bug 1083: Avoid an infinite loop when trying to decompress
malformed data. Caused by the bug 1068 fix in ELinks 0.12pre3.
* Fix a possible crash or information disclosure on big-endian 64-bit
systems using HTTP Negotiate or GSS-Negotiate authentication.
Incompatibilities:
* Dropped support for SEE. (ELinks 0.12pre1 was the first release
that supported SEE.)
* Guile 2.0.0 (released on 2011-02-16) changed its license to
LGPLv3-or-later, which is not compatible with the GPLv2 that covers
ELinks. Also, Guile has deprecated many of the functions that
ELinks calls.
Other changes:
* major bug 764: Correctly initialize options on big-endian 64-bit
systems.
* bug 983: Give preference to the Content-Type specified in the HTTP
header over that specified via the HTML meta tag.
* bug 1084: Allow option names containing '+' and '*' in the option
manager.
* bug 1112: Map most numeric character references € ... Ÿ
to graphical characters also when the output charset is UTF-8.
(ELinks 0.12pre1 was the first release that supported UTF-8 as the
terminal charset, and ELinks 0.12pre5 was the first release that
supported UTF-8 as the dump charset.)
* minor bug 1113: Fix a small memory leak if a mailcap file is malformed.
* minor bug 1114: Decode SGML entities and NCRs only once in link/@title
and other attributes.
* build: Fix several warnings reported by GCC 4.7.1. Harmless at
runtime but could break the build if configured --enable-debug.
(This version does not fix all such warnings.)
This library is intended to encapsulate the IRC protocol at a quite low level.
It provides an event-driven IRC client framework. It has a fairly thorough
support for the basic IRC protocol, CTCP and DCC connections.
Collection.
hgtools builds on the setuptools_hg plugin for setuptools. hgtools provides
classes for inspecting and working with repositories in the Mercurial version
control system.
hgtools provides a plugin for setuptools that enables setuptools to find files
under the Mercurial version control system.
The classes provided by hgtools are designed to work natively with the
Mercurial Python libraries (in process) or fall back to using the command-line
program hg(1) if available. The command-line support is especially useful
inside virtualenvs that don't have access to a system-wide installed Mercurial
lib (i.e. when the virtualenv was created with --no-site-packages).
Changelog:
Viewnior 1.3 released
New features:
Wallpaper support for LXDE
Hebrew translation
Fixes:
Wallpaper fix for XFCE
Minor fixes
Viewnior 1.2 released
New features:
Improved menu interface
Wallpaper support for Gnome 2, Gnome 3, XFCE and FluxBox
--fullscreen argument to start in Fullscreen mode
GConf independent
Fixes:
Drop images with right click
Save 'Auto resize' option between sessions
* Maintenance release
-- Version 3.21.57
Escape aborts clean start
* Modified default key handler to prevent "escaping" out of
main dialog when no other key has been pressed.
TLF arq
* Restored use of gmfsk_autosend file for TLF.
- requested by new TLF maintainer, Tom Beierlein, DL1JBE
--- Version 3.21.58
Escape aborts
* correction to commit d925c85c5d218d5e
----------------------------------------------------------------------
