Version 2.7.2 (2009-06-25)
--------------------------
- Improved navigation skip links (#815)
- Fixed a few PHP 5.3 compatibility issues (#783, #785, #786)
- Fixed issue with wrong duplicate newsletter recipient warning (#769)
- Fixed issue with files with special characters not being downloadable (#816)
- Fixed issue with date calculation in "edit multiple" mode (#809)
- Fixed issue with revision date not being set in "edit multiple" mode (#793)
- Fixed issue with news pagination menu not showing (#760)
- Fixed issue with news author notifications not working (#806)
- Fixed issue with "checkCredentials" hook (#811)
- Fixed a few minor issues
that databases/php-pdo compiles and works as shared module on Mac OS X
after the package has been modified to use modules shipped with PHP instead
of (obsolete) PCRE versions
Changes in 1.4.2_19
The full internal version number for this update release is 1.4.2_19-b04 (where
"b" means "build"). The external version number is 1.4.2_19.
OlsonData 2008i
This release contains Olson time zone data version 2008i. For more information,
refer to Timezone Data Versions in the JRE Software .
Root Certificates Included
Root Certificates are included in this release. The following root
certificates have been added:
* Camerfirma root certificates
* T-systems root CA certificate (Deutsche Telekom Root CA 2)
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more
information, please see Sun Alerts 244986, 244987, 244988, 244990, 244991,
245246, 246266, 246346, 246386, and 246387.
Other bug fixes are listed in the following URL:
http://java.sun.com/j2se/1.4.2/ReleaseNotes.html#142_19
Changes in 1.4.2_18
The full internal version number for this update release is 1.4.2_18-b06 (where
"b" means "build"). The external version number is 1.4.2_18.
OlsonData 2008b
This release contains Olson time zone data version 2008b. For more information,
refer to 6679340 or to US DST Timezone Updater.
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more
information, please see Sun Alerts 238666, 238905, 238967, and 238968.
Other bug fixes are listed in the following URL:
http://java.sun.com/j2se/1.4.2/ReleaseNotes.html#142_18
OK'ed by wiz@
Pkgsrc changes:
o Explicitly mark dependency on openssl >= 0.9.7, should fix PR#41633
Upstream changes:
1.5.1
Example tools:
* ldns-signzone was broken in 1.5.0 for multiple keys, this
has been repaired
Build system:
* Removed a small erroneous output warning in
examples/configure and drill/configure
1.5.0
Bug fixes:
* fixed a possible memory overflow in the RR parser
* build flag fix for Sun Studio
* fixed a building race condition in the copying of header
files
* EDNS0 extended rcode; the correct assembled code number
is now printed (still in the EDNS0 field, though)
* ldns_pkt_rr no longer leaks memory (in fact, it no longer
copies anything all)
API addition:
* ldns_key now has support for 'external' data, in which
case the OpenSSL EVP structures are not used;
ldns_key_set_external_key() and ldns_key_external_key()
* added ldns_key_get_file_base_name() which creates a
'default' filename base string for key storage, of the
form "K<zone>+<algorithm>+<keytag>"
* the ldns_dnssec_* family of structures now have deep_free()
functions, which also free the ldns_rr's contained in them
* there is now an ldns_match_wildcard() function, which checks
whether a domain name matches a wildcard name
* ldns_sign_public has been split up; this resulted in the
addition of ldns_create_empty_rrsig() and
ldns_sign_public_buffer()
Examples:
* ldns-signzone can now automatically add DNSKEY records when
using an OpenSSL engine, as it already did when using key
files
* added new example tool: ldns-nsec3-hash
* ldns-dpa can now filter on specific query name and types
* ldnsd has fixes for the zone name, a fix for the return
value of recvfrom(), and an memory initialization fix
(Thanks to Colm MacCárthaigh for the patch)
* Fixed memory leaks in ldnsd
1.4.1
Bug fixes:
* fixed a build issue where ldns lib existence was done too early
* removed unnecessary check for pcap.h
* NSEC3 optout flag now correctly printed in string output
* inttypes.h moved to configured inclusion
* fixed NSEC3 type bitmaps for empty nonterminals and unsigned
delegations
API addition:
* for that last fix, we added a new function
ldns_dname_add_from() that can clone parts of a dname
- SCardGetStatusChange() works again. It was broken in some cases since
version 1.5.2
- detect buffer overflows if pcscd if used by a rogue client
- force access rights on /var/run/pcscd to be sure it can be used by a
libpcsclite client without privileges [SECURITY]
- create the PCSCLITE_EVENTS_DIR directory with the sticky bit so only
root or the owner of the event files can remove them
- if RFAddReader() fails with the libhal scheme then we try with the
(old) libusb scheme. This patch should allow proprietary drivers to
work even if pcsc-lite is compiled with libhal support.
- give a higher priority to a specific driver over the CCID Class
driver. This should allow proprietary drivers to be used instead of
libccid when possible
- some other minor improvements and bug corrections
1530 7.2.197 warning for uninitialized values of typebuf
2006 7.2.198 buffer used for termcap entry may be too small
1894 7.2.199 strange character in comment
10318 7.2.200 reading past string end when using menu bar or resizing window
14460 7.2.201 cannot copy/paste HTML to/from Firefox via the clipboard
1846 7.2.202 BufWipeout autocmd that edits another buffer causes problems
40481 7.2.203 using current window to work on hidden buffer has side effects
4407 7.2.204 (extra) Win32: Can't build with Visual Studio 2010 beta 1
2852 7.2.205 (extra) Win32: No support for High DPI awarenes
1485 7.2.206 Win32: Can't build netbeans interface with Visual Studio 2010
2237 7.2.207 using freed memory when ":redrawstatus" works recursively
2569 7.2.208 "set novice" gives an error message, it should be ignored
2532 7.2.209 for xxd setmode() is undefined on Cygwin
1896 7.2.210 warning for file changed outside of vim even after :checktime
1639 7.2.211 memory leak when expanding a series of file names
1727 7.2.212 (extra) warnings for redefining SIG macros
1521 7.2.213 warning for using vsprintf()
1983 7.2.214 crash with complete function for user command
8298 7.2.215 ml_get error when using ":vimgrep"
4822 7.2.216 two error messages have the same number E812
2020 7.2.217 running tests with valgrind doesn't work as advertised
1448 7.2.218 cannot build GTK with hangul_input feature
* Yahoo Protocol 16 support, including new HTTPS login method; this should
fix a number of login problems that have recently cropped up. (Sulabh
Mahajan, Mike "Maiku" Ruprecht)
* Only display the AIM "Unable to Retrieve Buddy List" message once per
connection. (Rob Taft)
* Blocking MSN users not on your buddy list no longer disconnects you.
* When performing operations on MSN, assume users are on the MSN/Passport
network if we don't get network ID's for them.
Security fixes in this version:
MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.17/
Security fixes in this version:
MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.22/releasenotes/
CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes".
bump PKGREVISION
