OpenSSL: Fixed a use-after-free race condition in OpenSSL's read buffer.
Description:
A use-after-free race condition in OpenSSL's read buffer
was fixed that could cause connections to drop
(CVE-2010-5298).
Bump PKGREVISION.
This is a simple Flask extension that configures your Flask application to
redirect all incoming requests to https. Redirects only occur when app.debug is
False.
changes in sbcl-1.1.18 relative to sbcl-1.1.17:
* optimization: COERCE is now more effecient for more cases when the type is
known at compile-time.
(lp#1309815)
* bug fix: correctly inherit condition initforms. (lp#1300904)
* bug fix: properly pprint literal functions inside nested lists.
(lp#1300716)
* bug fix: more-correctly handle array-type unity (broken for ages, causing
compilation problems since 1.1.13.x due to smarter TYPEP type propagation,
reported by jasom in #lisp).
Changes from Ant 1.9.2 TO Ant 1.9.3
===================================
Fixed bugs:
-----------
* <parallel> swallowed the status code of nested <fail> tasks.
Bugzilla Report 55539.
* a race condition could make <fixcrlf> tasks of parallel builds to
interfere with each other.
Bugzilla Report 54393.
* <mail>'s mailport still didn't work properly when using smtps.
Bugzilla Report 49267.
* using attributes belonging to the if and unless namespaces
made macrodef fail.
Bugzilla Report 55885.
* Ant 1.8 exec task changes have slowed exec to a crawl
Bugzilla Report 54128.
* Apt is not available under JDK 1.8
Bugzilla Report 55922.
Other changes:
--------------
* Documentation fix for if/unless attributes. PR 55359.
* tar entries with long link names are now handled the same way as
entries with long names.
* Addition of 'skipNonTests' attribute to <junit> and <batchtest>
tasks to allow the tasks to skip classes that don't contain tests.
* <filterset> now supports a nested <propertyset> to specify filters.
Bugzilla Report 55794.
* <xslt>'s params can now be typed.
Bugzilla Report 21525.
* build of Mac OS X pkg installer
Bugzilla Report 55899.
- version: 1.35.0
date: 2014-05-02
new features:
- title: "Edit Book: Redesign the syntax highlighter to improve
performance for large documents and extended editing sessions."
tickets: [1314339]
- title: "Edit book: Make cursor movement smooth by not
highlighting matching tags while the cursor is moving. Only
match highlighting tags if the cursor stays still for a time."
- title: "Spellcheck dialog: Indicate whether a word is ignored
in the Misspelled column"
- title: "Spellcheck dialog: Pressing Ctrl+C on the words list
copies only selected words, regardless of current cell"
- title: "Add a copy to clipboard action to the context menu
for the spell check dialog"
- title: "Edit book: Fix save button incorrectly disabled after
a failed save"
tickets: [1313567]
bug fixes:
- title: "Edit Book: Fix an error when merging CSS stylesheets
that contain @charset rules"
- title: "Edit book: Fix extra invalid entries being generated
in the manifest when editing an AZW3 file that has no images."
- title: "Edit book: Fix a hang when editing an HTML or XML
file with text of the form <abc: (i.e. a tag name with a trailing
colon)."
tickets: [1314009]
- title: "Fix regression that prevented the ebook editor from
starting on linux systems with locale set to 'C'"
tickets: [1315064]
- title: "DOCX Input: Fix formatting of the generated Index
when the index is complex, i.e. with lots of references to the
same item, multiple level of sub-items, etc."
- title: "Smarten punctuation: Fix a double quote preceded by
a hyphen at the end of a sentence (before the start of the next
tag) being converted into an opening quote instead of closing
quote."
tickets: [1286477]
- title: "News download: Fix very long URLs for links to pages
causing errors on windows because of max path length restrictions."
tickets: [1313982]
- title: "Edit book: Fix saved search dialog causing high CPU
usage"
- title: "Edit book: Fix importing of Lithuanian dictionary
from OpenOffice, that does not specify a country code."
tickets: [1313315]
improved recipes:
- Ars Technica - Daily Mirror - Birmingham Evening Mail - NRC
- Next - Private Eye - NZZ
Changelog: From release notes for Oracle JDK 7u55
JavaFX Release Notes
JavaFX is now part of JDK. JDK 7u55 release includes JavaFX version 2.2.55.
New Features and Changes
The frequency of some security dialogs has been reduced on systems that run the same RIA multiple times.
See 8029649.
Using "*" in Caller-Allowable-Codebase Attribute.
If a stand-alone asterisk (*), or asterisk as part of a top level domain such as (*.org), is specified as the value for the Caller-Allowable-Codebase attribute, then calls from JavaScript code to the RIA will show a security warning. An option to remember the choice is also provided, and if the user selects the option to remember the choice to run the RIA, no further warning messages are shown for the same RIA, when run with JavaScript from the same source.
For more information, see JAR File Manifest Attributes for Security documentation.
See 8033707.
Disabling Sponsor Offers in the Java Installer
During the installation of Java, users may be presented with the option of downloading and installing sponsor offers, such as browser add-ons, or security software. With 7u55 and later releases of Java, sponsor offers can be bypassed entirely by using "SPONSORS=0" as an option, when installing Java via the command line:
Manually download the 32bit online installer for 7u55 to your local machine.
Click the Windows Start Button/Menu. From the available Menu choices, select the 'Search box' and enter the text "command" in it.
A list of matches will appear. Select 'Command Prompt' from the available Programs list.
Navigate to the folder containing the downloaded installer, e.g.:
cd c:\Users\<username>\Downloads
To start the installation, in the Command Prompt window type:
jre-7u55-windows-i586-iftw.exe SPONSORS=0
The option to disable sponsors will persist across all future updates and re-installs of Java.
Note that sponsor offers, and therefore this functionality, is only applicable to online 32bit JRE installers and Auto Update mechanisms for the Windows operating system.
Bug Fixes
Bug Id Category Sub-Category Description
JDK-7190349 client-libs 2d [macosx] Text (Label) is incorrectly drawn with a rotated g2d
JDK-8013569 client-libs 2d [macosx] JLabel preferred size incorrect on retina displays with non-default font size
JDK-6571600 client-libs java.awt JNI use results in UnsatisfiedLinkError looking for libmawt.so
JDK-8025588 client-libs java.awt [macosx] Frozen AppKit thread in 7u40
JDK-5049299 core-libs java.lang (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion
JDK-8020191 core-libs java.lang System.getProperty( " os.name " ) returns " Windows NT (unknown) " on Windows 8.1
JDK-8030822 core-libs java.time (tz) Support tzdata2013i
JDK-8019853 core-libs java.util.logging Break logging and AWT circular dependency
JDK-8026474 deploy deployment_toolkit deployJava.js versioncheck doesn't work in IE11
JDK-8028691 deploy plugin loading browser proxy via config script should not trigger JAR download
JDK-8029649 deploy plugin Reduce dialog frequency when app is run multiple times
JDK-8033705 deploy plugin Array out of bounds exception in PluginMain.performSSVValidation
JDK-8033779 deploy plugin JRE 7u51 Plugin Failing to Run Older JRE Version < 1.6.0
JDK-8029922 deploy webstart 32-bit only Java Web Start apps fail to run on 32- and 64-bit JRE configs
JDK-8031579 deploy webstart Spurious Missing Manifest Permissions Attribute Warning When Launching versioned Java Web Start app
JDK-8024830 hotspot compiler SEGV in org.apache.lucene.codecs.compressing.CompressingTermVectorsReader.get
JDK-8035618 other-libs corba:rmi-iiop Four api/org_omg/CORBA TCK tests fail under plugin only
Revision 1.6 / (download) - annotate - [select for diffs], Wed Apr 30 23:12:48 2014 UTC (35 hours, 33 minutes ago) by ryoon
Branch: MAIN
CVS Tags: HEAD
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
Update to 7.0.55
Changelog:
JavaFX Release Notes
JavaFX is now part of JDK. JDK 7u55 release includes JavaFX version 2.2.55.
New Features and Changes
The frequency of some security dialogs has been reduced on systems that run the same RIA multiple times.
See 8029649.
Using "*" in Caller-Allowable-Codebase Attribute.
If a stand-alone asterisk (*), or asterisk as part of a top level domain such as (*.org), is specified as the value for the Caller-Allowable-Codebase attribute, then calls from JavaScript code to the RIA will show a security warning. An option to remember the choice is also provided, and if the user selects the option to remember the choice to run the RIA, no further warning messages are shown for the same RIA, when run with JavaScript from the same source.
For more information, see JAR File Manifest Attributes for Security documentation.
See 8033707.
Disabling Sponsor Offers in the Java Installer
During the installation of Java, users may be presented with the option of downloading and installing sponsor offers, such as browser add-ons, or security software. With 7u55 and later releases of Java, sponsor offers can be bypassed entirely by using "SPONSORS=0" as an option, when installing Java via the command line:
Manually download the 32bit online installer for 7u55 to your local machine.
Click the Windows Start Button/Menu. From the available Menu choices, select the 'Search box' and enter the text "command" in it.
A list of matches will appear. Select 'Command Prompt' from the available Programs list.
Navigate to the folder containing the downloaded installer, e.g.:
cd c:\Users\<username>\Downloads
To start the installation, in the Command Prompt window type:
jre-7u55-windows-i586-iftw.exe SPONSORS=0
The option to disable sponsors will persist across all future updates and re-installs of Java.
Note that sponsor offers, and therefore this functionality, is only applicable to online 32bit JRE installers and Auto Update mechanisms for the Windows operating system.
Bug Fixes
Bug Id Category Sub-Category Description
JDK-7190349 client-libs 2d [macosx] Text (Label) is incorrectly drawn with a rotated g2d
JDK-8013569 client-libs 2d [macosx] JLabel preferred size incorrect on retina displays with non-default font size
JDK-6571600 client-libs java.awt JNI use results in UnsatisfiedLinkError looking for libmawt.so
JDK-8025588 client-libs java.awt [macosx] Frozen AppKit thread in 7u40
JDK-5049299 core-libs java.lang (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion
JDK-8020191 core-libs java.lang System.getProperty( " os.name " ) returns " Windows NT (unknown) " on Windows 8.1
JDK-8030822 core-libs java.time (tz) Support tzdata2013i
JDK-8019853 core-libs java.util.logging Break logging and AWT circular dependency
JDK-8026474 deploy deployment_toolkit deployJava.js versioncheck doesn't work in IE11
JDK-8028691 deploy plugin loading browser proxy via config script should not trigger JAR download
JDK-8029649 deploy plugin Reduce dialog frequency when app is run multiple times
JDK-8033705 deploy plugin Array out of bounds exception in PluginMain.performSSVValidation
JDK-8033779 deploy plugin JRE 7u51 Plugin Failing to Run Older JRE Version < 1.6.0
JDK-8029922 deploy webstart 32-bit only Java Web Start apps fail to run on 32- and 64-bit JRE configs
JDK-8031579 deploy webstart Spurious Missing Manifest Permissions Attribute Warning When Launching versioned Java Web Start app
JDK-8024830 hotspot compiler SEGV in org.apache.lucene.codecs.compressing.CompressingTermVectorsReader.get
JDK-8035618 other-libs corba:rmi-iiop Four api/org_omg/CORBA TCK tests fail under plugin only
pkgsrc changes:
- remove post-3.3.4 fix patches
- pull post-3.3.5 bug fixes
Changes from doc/en/ReleaseNote:
* Support Animation GIF on "show_picture" of OSC 5379.
(It works with https://bitbucket.org/arakiken/w3m/get/remoteimg.tar.gz)
* Add "add_frame" to OSC 5379.
* Bug fixes:
Fix compiler error on NetBSD/OpenBSD framebuffer. (enbugged at 3.3.4)
Fix the bug which sometimes disabled to show large sixel graphics sequence.
(enbugged at 3.3.4)
Output ^? instead of ^H on TERM=xterm by default in pressing backspace key.
Fix the bug which sometimes left X11 events untouched for a while.
Fix the bug of closing the input method window unexpectedly in pressing it.
":Percentage" after font names in ~/.mlterm/aafont works on cairo.
Upstream changes:
MediaWiki 1.22.6[edit | edit source]
This is a security release of the MediaWiki 1.22 branch.
Changes since 1.22.5[edit | edit source]
(bug 63251) SECURITY: Escape sortKey in pageInfo.
MediaWiki 1.22.5[edit | edit source]
This is a security and maintenance release of the MediaWiki 1.22 branch.
Changes since 1.22.4[edit | edit source]
(bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
(bug 62467) Set a title for the context during import on the cli.
Fix custom local MediaWiki:Helppage values.
mediawiki.js: Fix documentation breakage.
(bug 58153) Make MySQLi work with non standard port.
(bug 53887) Reintroduced a link to help pages in the default sidebar, that any sysop can customize by editing MediaWiki:Sidebar locally. The link now points to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done on your end, but remember to adjust MediaWiki:Sidebar for the needs of your wikis. Everyone can help with the shared documentation by translating: https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
(bug 53888) Corrected a regression in 1.22 which introduced red links on the login page. If you previously installed 1.22.x and have created a local page to make the red link blue, write its title as in MediaWiki:helplogin-url if you didn't already. Otherwise, you don't need to do anything, but you can translate the help page at https://www.mediawiki.org/wiki/Help:Logging_in
Upstream changes:
0.140001 2014-05-01 10:49:25CEST+0200 Europe/Amsterdam
[ BUG FIXES ]
* Bugfix for extracting multiple cookies within a request.
(Cymon, Russell Jenkins)
* Require minimum version of Plack to make sure we can add the Head
middleware. Not exactly a bug, but not a feature. (Sawyer X)
[ DOCUMENTATION ]
* Correct reference to HTTP::Server::Simple::PSGI. (Russell Jenkins)
0.140000 2014-04-28 23:14:31CEST+0200 Europe/Amsterdam
[ ENHANCEMENTS ]
* Replace Config role with better ConfigReader role.
(Mickey Nasriachi, Stefan Hornburg, Sawyer X)
* Move App-related attributes (engines) to App instead of config role.
(Mickey Nasriachi, Stefan Hornburg, Sawyer X)
* Untangle Runner-Server (removing Server entirely).
(Mickey Nasriachi, Stefan Hornburg, Sawyer X)
* Replace HTTP::Server::Simple::PSGI with HTTP::Server::PSGI.
(Mickey Nasriachi, Stefan Hornburg, Sawyer X)
* GH #527: Build request cookie objects from request headers, not env.
(Russell Jenkins)
* GH #569: Transform cookie using the HTTP_COOKIE header, per PSGI spec.
(Russell Jenkins)
* GH #559, #544: Use Plack middleware for HEAD request content removal.
(Russell Jenkins)
* GH #513, #483: Deserialize body content for DELETE requests.
(Russell Jenkins, Yanick Champoux, Sawyer X)
0.13 2014-04-13 19:19:44CEST+0200 Europe/Amsterdam
[ ENHANCEMENTS ]
* GH #562: Change YAML::Any to YAML (Steven Humphrey, Russell Jenkins).
[ BUG FIXES ]
* GH #524: Double encoding for YAML sessions.
* GH #557: Switch to using YAML::Old.
* GH #548: Deserializer test failure.
