- Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
(Scott)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
(Stas)
- A large number of not security related bug fixes
- Reverted bug fix#49521 (PDO fetchObject sets values before calling
constructor). (Felipe)
- Updated timezone database to version 2010.5. (Derick)
- Upgraded bundled PCRE to version 8.02. (Ilia)
- Rewrote var_export() to use smart_str rather than output buffering, prevents
data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
- Fixed a possible interruption array leak in strrchr(). Reported by
Péter Veres. (CVE-2010-2484) (Felipe)
- Fixed a possible interruption array leak in strchr(), strstr(), substr(),
chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe)
- Fixed a possible memory corruption in substr_replace() (Dmitry)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan
Esser (Ilia)
- Reset error state in PDO::beginTransaction() reset error state. (Ilia)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed handling of session variable serialization on certain prefix
characters. Reported by Stefan Esser (Ilia)
- Fixed a possible arbitrary memory access inside sqlite extension. Reported
by Mateusz Kocielski. (Ilia)
- Fixed a crash when calling an inexistent method of a class that inherits
PDOStatement if instantiated directly instead of doing by the PDO methods.
(Felipe)
- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
bit)). (Adam)
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
(Johannes)
- Fixed bug #52237 (Crash when passing the reference of the property of a
non-object). (Dmitry)
- Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't
be set). (Felipe)
- Fixed bug #52162 (custom request header variables with numbers are removed).
(Sriram Natarajan)
- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe)
- Fixed bug #52061 (memory_limit above 2G). (Felipe)
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned
from function). (Dmitry)
- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at
debian dot org, Kalle)
- Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick)
- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).
(Ilia, Felipe)
- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle,
coreystup at gmail dot com)
- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with
constant array). (Felipe)
- Fixed bug #51905 (ReflectionParameter fails if default value is an array
with an access to self::). (Felipe)
- Fixed bug #51822 (Segfault with strange __destruct() for static class
variables). (Dmitry)
- Fixed bug #51671 (imagefill does not work correctly for small images).
(Pierre)
- Fixed bug #51670 (getColumnMeta causes segfault when re-executing query
after calling nextRowset). (Pierrick)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
(Pierre)
- Fixed bug #51617 (PDO PGSQL still broken against PostGreSQL < 7.4).
(Felipe, wdierkes at 5dollarwhitebox dot org)
- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
(Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
literal). (cbandy at jbandy dot com)
- Fixed bug #51607 (pg_copy_from does not allow schema in the tablename
argument). (cbandy at jbandy dot com)
- Fixed bug #51604 (newline in end of header is shown in start of message).
(Daniel Egeberg)
- Fixed bug #51562 (query timeout in mssql can not be changed per query).
(ejsmont dot artur at gmail dot com)
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory
issues). (Dmitry)
- Fixed bug #51532 (Wrong prototype for SplFileObject::fscanf()). (Etienne)
- Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
- Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains
timezone). (Adam)
- Fixed bug #51374 (Wrongly initialized object properties). (Etienne)
- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is
on). (Ilia, j dot jeising at gmail dot com)
- Fixed bug #51273 (Faultstring property does not exist when the faultstring is
empty) (Ilia, dennis at transip dot nl)
- Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
- Fixed bug #51263 (imagettftext and rotated text uses wrong baseline)
(cschneid at cschneid dot com, Takeshi Abe)
- Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com)
- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia,
alexr at oplot dot com)
- Fixed bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that
includes '-'). (Adam, solar at azrael dot ws).
- Fixed bug #51190 (ftp_put() returns false when transfer was successful).
(Ilia)
- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio).
(Sriram Natarajan)
- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when
an invalid option is provided). (Ilia)
- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre)
- Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
- Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris
Jones)
- Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4).
(Raphael Geissert)
- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called
if defined in WSDL). (mephius at gmail dot com)
- Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable
endpoints). (Justin Dearing)
- Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not
include file and line in trace). (Felipe)
- Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe)
- Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne)
- Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe)
- Fixed bug #49267 (Linking fails for iconv). (Moriyosh)
- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob)
- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken).
(Adam, patch from hiroaki dot kawai at gmail dot com).
- Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus)
- Fixed bug #33210 (getimagesize() fails to detect width/height on certain
JPEGs). (Ilia)
- Fixed bug #23229 (syslog() truncates messages). (Adam)
Tahoe-LAFS is a Free Software/Open Source decentralized data store.
It distributes your filesystem across multiple servers, and even if
some of the servers fail or are taken over by an attacker, the entire
filesystem continues to work correctly and to preserve your privacy
and security.
An alternate base32 encoder (not RFC 3548 compliant).
The rationale for base-32 encoding in RFC 3548 [1] is as written therein: "The
Base 32 encoding is designed to represent arbitrary sequences of octets in a
form that needs to be case insensitive but need not be humanly readable.".
The rationale for our encoding is different -- it is to represent arbitrary
sequences of octets in a form that is as convenient as possible for human
users to manipulate. In particular, z-base-32 was created in order to serve
the Mnet project [3], where 30-octet cryptographic values are encoded into
URIs for humans to manipulate. Anticipated uses of these URIs include cut-
and-paste, text editing (e.g. in HTML files), manual transcription via a
keyboard, manual transcription via pen-and-paper, vocal transcription over
phone or radio, etc.
The desiderata for such an encoding are:
* minimizing transcription errors -- e.g. the well-known problem of confusing
`0' with `O'
* embedding into other structures -- e.g. search engines, structured or
marked-up text, file systems, command shells
* brevity -- Shorter URLs are better than longer ones.
* ergonomics -- Human users (especially non-technical ones) should find the
URIs as easy and pleasant as possible. The uglier the URI looks, the worse.
The argparse module provides an easy, declarative interface for
creating command line tools, which knows how to:
* parse the arguments and flags from sys.argv
* convert arg strings into objects for your program
* format and print informative help messages
* and much more...
If your source tree is coming from darcs (i.e. it is in a darcs
repository), this tool will determine the most recent release tag,
count the patches that have been applied since then, and compute a
version number to be written into _version.py.
0.6.27
some build fixes
0.6.26
This is mostly a bugfix release but also fixes a low risk security issue and
adds a couple of minor new features.
* Fix CVE-2010-2244 (Ludwig Nussel)
* Support for Gtk+ 3 and Gtk+ Introspection
* Native systemd socket activation support
* Add systemd service files
* Add various resource control options, for traffic rate limiting as well as
cache size and D-Bus client object limits.
* i18n updates
* Minor other updates
A fast erasure codec which can be used with the command-line, C,
Python, or Haskell.
Fast, portable, programmable erasure coding a.k.a. "forward error
correction": the generation of redundant blocks of information such
that if some blocks are lost then the original data can be recovered
from the remaining blocks. The zfec package includes command-line
tools, C API, Python API, and Haskell API.
A collection of mature utilities for Python programmers.
These are a few data structures, classes and functions which we've
needed over many years of Python programming and which seem to be of
general use to other Python programmers. Many of the modules that have
existed in pyutil over the years have subsequently been obsoleted by
new features added to the Python language or its standard library,
thus showing that we're not alone in wanting tools like these.
Suppport conditional PLIST inclusion of the expected egg file, because
python2.4 distutils does not create them but later versions do. (Note
that PRINT_PLIST_AWK production is not working, probably due to order
of substitution.)
Earlier patch reviewed by wiz@.
- Now allow more than one plugin to control the compose form submit action.
- When sorting by received date, the received date is now shown on the
message list.
- Explicitly disable browser caching for left_main and right_main pages
(#2983134).
- Fix error with SpamCop reporting plugin not being able to send report as
emails (#1795310).
- Fix typo in SpamCop plugin.
- Reduced default time security tokens stay valid from 30 days to 2 days
(reduces chances of session data growing too large)
- Several speed enhancements for recent fixes regarding the display of
encoded subjects, including a fix for messages with invalid subject
encoding (includes #2987016 amongst several other issues reported via
mailing list, etc.) (Many thanks to Zdenek Pytela for the untiring help
diagnosing and testing.)
- Fixed minor vulnerability in Mail Fetch plugin.
[CVE-2010-1637/TEHTRI-SA-2010-009]
- Now properly quote personal part of encoded addresses when replying.
- Now fill in default subject when forwarding as attachment (#2936541).
- Implement header folding that doesn't add extraneous spaces so unfolding
is less ambiguous (#1951776).
- Fixed issues caused by use of PostgreSQL keyword "user" in SquirrelMail's
default preferences database schema (#2943483).
- Fixed attachment filename decoding problems (#2994865).
- Now default search criteria to the TO header when searching the sent folder.
- Fixed literal processing of 8-bit usernames/passwords during login.
[CVE-2010-2813]
fixes to get png, jpeg, and ffmpeg support.
* Changes in VICE 2.2
======================
** General
----------
- On autostart, do not change true drive emulation (TDE) anymore by
default. The old behaviour can be switched on again by specifiying
-autostart-handle-tde on the command line.
There is one drawback of this behaviour: If TDE is switched on, an
image attached must fit to the drive type set. For example, when you
attach a .D81, you must have the drive type set to 1581, or the
autostart will fail.
- Added automatic Warp mode during autostart. If this resource is enabled then
VICE automatically enables the warp mode and then loads a file. After
loading the warp mode is disabled again and then the program is started.
- Autostarting a PRG file can now be done in three different ways:
* "Virtual FS": This mode mounts the directory where the file resides as a
virtual filesystem on drive #8 and then loads the PRG via virtual drive
traps. This was the only way of autostarting in previous VICE versions
and is still the default.
* "Inject to RAM": The PRG file is loaded from VICE directly into the RAM of
the emulated machine. Then the memory setup of a Basic LOAD is simulated
and the program is run. This is the fastest mode available but may lack
compatibility as no actual load operation was performed in the emulator.
However, no drive setup is altered during the operation.
* "Diskimage": VICE creates a temporary new disk image and copies the
contents of the PRG file onto it. Then this image is mounted in drive #8
and the program is loaded from there. If TDE is enabled then the load
operation is most compatible. The disk image stays attached until a new
image is mounted.
- Improved PAL emulation is now available for Unix/Xaw XVideo mode, and
AmigaOS. Only the YUV packed modes work, the planar modes still use the
old code paths, though.
- Sound core has been reworked to enable lower latency of operation.
Approximately 50 ms latency values are now routinely reached, and some
people have reported that as low as 30 ms still works for them.
- New SDL port. See ReadmeSDL.txt for details.
- New win64 ports, both amd64/x64 and ia64 are supported (msvc compile only).
- New SDL based armle, mipsle, ppcbe and shle QNX 6.x ports.
- New SDL based M68k and sparc SunOS ports.
- New SDL based Syllable port.
- New SDL based Dingoo port.
- Remote monitor (in other words: TCP/IP interface to VICE monitor) added.
- Fixed non-6502/6510 CPU handling in monitor.
** C64/C128 changes
-------------------
- ReSID's resampler has been optimized with MMX assembly. Some long-standing
bugs in resample-interpolate mode were also fixed.
- ReSID-FP has been optimized, too. It clocks the analog parts at half the
rate now, which saves CPU during filter emulation especially for 6581 modes.
- Added SFX Sound Sampler and SFX Sound Expander emulation.
- Added EasyFlash cartridge emulation.
- Added paddle emulation.
- Added lightpen/lightgun emulation, currently only available for the following
ports: SDL, GTK+, cocoa, win32/win64 and msdos.
- Added support for the following userport joystick adapters: CGA/Protovision,
DXS/HIT, PET (normally only used on the PET/CBM2), Hummer (normally only
used on the C64DTV) and OEM (normally only used on the VIC20).
** C128 changes
---------------
- Added RAM banks 2 and 3 support.
- Improved the VDC emulation.
- Stereo SID $D7xx range support.
** VIC20 changes
----------------
- New cycle exact emulation core. Handles accesses to unconnected
address space and in-line graphics data changes correctly.
(fixes "Impossiblator 3" and others)
- Improved VIC emulation (in-line color/reverse mode changes on half-chars).
- Cartridge handling rewritten.
- Added Mega-Cart cartridge emulation.
- Added Final Expansion cartridge emulation.
- Default memory configuration changed from full to unexpanded.
- Added paddle emulation.
- Added lightpen/lightgun emulation, currently only available for the following
ports: SDL, GTK+, cocoa, win32/win64 and msdos.
- Corrected the joystick support, since the VIC20 can only have one joystick
attached on the joystick port.
- Added support for the following userport joystick adapters: CGA/Protovision
(normally only used on the C64/C128), PET (normally only used on the
PET/CBM2), Hummer (normally only used on the C64DTV) and OEM.
** PLUS4 changes
----------------
- Added Digibooster SID Cart add-on emulation.
- Added SID Cart joystick port emulation.
- Fixed bug in tape recording.
- Improved graphics handling.
** C64DTV changes
-----------------
- Replaced old DTVSID emulation with ReSID-DTV.
- Minor bug fixes and emulation improvements.
- Added support for the following userport joystick adapters: CGA/Protovision
(normally only used on the C64/C128), PET (normally only used for the PET),
Hummer and OEM (normally only used on the VIC20).
** PET changes
--------------
- Corrected the joystick support, since the only way a PET can use a joystick
is by a userport joystick adapter, the following userport joystick adapters
are currently supported: CGA/Protovision (normally only used on the
C64/C128), PET, Hummer (normally only used on the C64DTV) and OEM (normally
only used on the VIC20).
** CBM2 changes
---------------
- Corrected the joystick support, since the only way a CBM2 can use a joystick
is by a userport joystick adapter, the following userport joystick adapters
are currently supported: CGA/Protovision (normally only used on the
C64/C128), PET, Hummer (normally only used on the C64DTV) and OEM (normally
only used on the VIC20).
** Unix changes
---------------
- Rudimentary PulseAudio sound driver has been added.
- Added support for dynamic loading of FFMPEG libraries.
- Added support for dynamic loading of OpenCBM and Lame library
* Changes in VICE 2.1
======================
** General
----------
- The VICEplus project has been joined with VICE. Thus, x64dtv is now
part of VICE.
- We can be contacted via IRC: #vice-dev on freenode
- Added a more accurate ReSID engine using floating point math (ReSID-FP).
- Added support for the USB HardSID.
- PAL emulation has been rewritten and optimized.
- Fixed the ACIA 6551 emulation. (x64/x128/xcbm2/xpet/xplus4)
- Monitor commands help text is now translated too
(in ports where translation is available at all)
- Monitor IO command now displays IO area even if it is currently
banked out.
- GCR file handling (.G64) issues an error message if the .G64 does not
have the expected outline. Before, VICE just silently ignored such
files.
- IRQ handling fix
** C64/C128 changes
-------------------
- Fixed the digimax sound generation.
- Added the RR clockport disable functionality at $DF00.0. Allows
to disable the RRnet.
- Improved REU compatibility and timing.
** C64 changes
--------------
- Added isepic cartridge emulation.
- Added Double Quick Brown Box cartridge emulation.
** VIC20 changes
----------------
- Improved the sound emulation.
- Fixed the lowest note bug.
- Improved VIC emulation (exact in-line color/reverse mode changes).
** C64DTV changes
-----------------
- New emulator.
** Unix changes
---------------
- XRandR fullscreen implemented
- Command line option `-fullscreen' is supposed to do something
useful.
- Vsync code imported from win32 (based on openGL extension).
see also doc/openGLsync-howto.txt.
- Vidmode (fullscreen support) is broken and therefore marked as
deprecated. It will be removed in the next release if no-one takes
responsibility to fix the broken code and is willing to maintain the
code.
- PAL Emulation (new implementation, improved speed) should be usable
again (it was broken on certain display depths).
- Log messages are always english.
- Only x11 keymaps will be installed when doing a 'make install'.
- MIDI cartridge emulation for x128, x64 and xvic.
* Changes in VICE 2.0
======================
** General
----------
- VICE development has moved to public services:
http://sf.net/projects/vice-emu
You can read the latest development in the Subversion
repository, file bug reports, and similar things.
Check it out!
- New Openserver 5.x, Openserver 6.x and Unixware ports.
- New AROS64 port.
- New QNX 4.x port.
- New HPUX (HPPA and IA64) ports.
- New SkyOS port.
- New Atari Mint port.
- New Solaris Express aka OpenSolaris aka Solaris 11 port.
** C64/C128 changes
-------------------
- Improved $01 behaviour with regards to unused bit fall-off.
- New experimental NEOS and Amiga mouse support.
- Added a working RTC to the emulation of the IDE64 cartridge.
- New more precise PAL emulation, works only with double size
and double scan.
- Added support for the Action Replay 4 and StarDos cartridges.
- Improved REU compatibility
- Fixed CPU timing bug introduced in 1.22 (demo "Borderless").
- Fixed bugs in the CIA emulation (demo "So-phisticated",
W. Lorenz testsuite).
- Fixed various bugs in VIC-II emulation: Sprite x-positioning,
Latch X/Y, video mode changes, DEN bit handling, raster IRQ,
NTSC sprites and sprites in full/debugging border mode (list
of fixed demos/games too long to mention here).
- RESTORE key is handled differently now, fixing an NMI bug
because the NMI was asserted too long before.
** VIC20 changes
----------------
- Added unconnected c-bus floating byte support.
- New more precise PAL emulation, works only with double size
and double scan.
** PET changes
--------------
- Added support for toggling CB2 sound output line.
** PLUS4 changes
----------------
- New more precise PAL emulation, works only with double size
and double scan.
** Drive changes
----------------
- Fixed block allocation and interleave.
** Unix changes
---------------
- Broken DGA1/DGA2 code removed
- XRandR fullscreen implemented for all (but CRTC/VDC) videochips.
- XRandR/Fullscreen can now toggle the Statusbar/Menu
- Fixed unix mouse for single sized display.
- Fixed mouse grab and xaw menu popup.
- After a CPU jam user can select to resume emulation without
reset.
** Miscellaneous changes
------------------------
- Added support for more 3rd party basic extenders to petcat.
- Extended BMP saving to support 24bit.
- Fixed the joystick code of all emulators to handle state changes
on both joysticks at the same time.
- New monitor commands and features.
- New memmap feature which allows tracking of memory accesses,
activated by the configure option --enable-memmap.
- Fixed bug in ffmpeg/FFV1 driver. Should be really lossless now.
