Problems fixed:
#32080 Specially crafted <base href> can lead to XSS exploit
#32032 TextEncode related resource information not saved correctly in db file
#32014 CVE-2010-1677: DoS when processing html messages with deep tag nesting
#32013 CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)
#26577 Changed semantic for unpack breaks UTF-8
#25486 Resource FieldStore causes .mhonarc.db to grow over bounds.
#25225 dir_create() fails to make temporary directories (PATCH)
#24247 iso2022jp.pl: unneeded ESC ( B remains in message body
#23198 Incorrect Setting Installation Directory
#20142 strip backslash in rfc822 From: field
#20074 extra space in subject
#18908 X-Subject data get split in separate lines
#18113 inconsistant thread slices w/ poor man's windowing
#17904 FieldOrder affects AddressModifyCode
#17860 incorrect nested HTML Tags for references
#17660 Threaded index resource ordering doesn't allow well formed XML output
#15433 relative attachmentdir is relative to current working dir, not outdir
#14747 major (10X) memory savings possible in some situations
#13853 creation of archive with attachments writes over symlinks
- Pull in libblkid for Linux in order to successfully build
- Fix PLIST.Linux: lib/hal -> libexec
- Remove Linux-only libusb buildlink. This version of hal fails to use libusb,
since it isn't version 2.0 (this does look a little like a mistake though).
- The CSR support is absent because libusb isn't available. Remove from
PLIST.Linux
- Other minor additions and edits to PLIST.Linux
- Buildlink in gperf explicitly, to reliably build the keymap support
- Make sure .../etc/udev/rules.d exists before trying to install to it
The libblkid library is used to identify block devices (disks) as to their
content (e.g. filesystem type) as well as extracting additional information
such as filesystem labels/volume names, unique identifiers/serial numbers, etc.
A common use is to allow use of LABEL= and UUID= tags instead of hard-coding
specific block device names into configuration files.
From util-linux-ng.
The UUID library is used to generate unique identifiers for objects
that may be accessible beyond the local system. This library
generates UUIDs compatible with those created by the Open Software
Foundation (OSF) Distributed Computing Environment (DCE) utility
uuidgen.
The UUIDs generated by this library can be reasonably expected to be
unique within a system, and unique across all systems. They could
be used, for instance, to generate unique HTTP cookies across multiple
web servers without communication between the servers, and without fear
of a name clash.
From util-linux-ng.
* Security fix for ASP.NET (XSP / mod_mono) source code disclosure
(CVE-2010-4225)
* Backport ParallelFx improvements from master (jlaval)
* Fix state check for short-circuiting with SupportRecursion in
ReaderWriterLockSlim #655361 (jlaval)
* Increment Count even on single-processor in SpinWait.
Fix#624849. (jlaval)
* Update ThreadLocal to use default(T) for initialization with
parameterless ctor. Fix#658689. (jlaval)
This release has essentially security fixes, covering the following
CVEs:
CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206
CVE-2010-1791 CVE-2010-3812 CVE-2010-3813
(plus 2 patches from upstream which fix crashes)
* Add fix for VAX floating point handling (Bug #53682), r307192 from
PHP's repositry. (It is in PHP 5.2.17 but not in 5.3.5).
06 Jan 2011, PHP 5.3.5
- Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus)
* tag: Do not include tagbase in rss/atom category tags. (Giuseppe Bilotta)
* tag: Improve display of tags with a slash in their names.
(Giuseppe Bilotta)
* Fix redirect to use a full url. Was broken (in theory) by baseurl
changes in last release.
* Fix `<base>` output by cgi to have a full url again, broken by last
release.
* Fix permalinks to recentchanges items and comments, broken by last
release.
* Export three cgi env vars needed for CGI->url to work. Fixed
openid breakage from last release.
* Removed `IkiWiki::misctemplate()` function. Any plugins using
it should use `IkiWiki::cgitemplate()` instead.
