* SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled
In addition to this security vulnerability, the following bugs have been fixed since the 5.2 release:
* 178478 by scor: typo in text displyed when the DB is installed but not accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order comments by cid (ie. original submission order) instead of timestamp (ie. last editing time order) to avoid comments jumping around when being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in install system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited accounts so they are exempt from the spam protection we have for accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
Changes in 2.2.4 :
- Fix crash in fileview
- Added patch from Rafel Milecki to add file selection in the coldmilk webgui
- Added patch from Rafel Milecki to add a confirmation dialog when the user shutsdown KT in the default webgui
- Fixed bug which caused the set max rate menu in the system tray icon menu to fail in recent KDE versions
- Optimized SHA1HashGen a bit
- Use Qt int types to be sure size is correct
- Do not stop ONLY_SEED chunks, but let them finish
Changes in 2.2.3 :
- Fix datacheck of 4GB+ files on 32 bit systems
- Prioritise at least 1 % of multimedia files instead of 1 chunk
- Fix crashes caused by SIGXFSZ (BUG: 149747)
- Make sure body tag is OK in 404 and 500 error defines in webgui (BUG: 150023)
- Fix bug which allows clients to trick KT in enabling PEX on private torrents
- If do not use KDE proxy is enabled and no alternative proxy is set, make sure we use no proxy at all for HTTP tracker connections. (BUG: 150284)
- Removed slashes which prevent opening torrents to work in ktshell
- Fix broken preexsting file check, which can result in files being deleted when the user deselects them and they already exist. (
BUG: 150563)
- When stop all and start all is pressed, make sure that start and stop buttons are updated properly (BUG: 149549)
- Make URL of tracker selectable in tracker tab
- Fix issue with speed calculating, causing the displayed speed to grow enormously
- Updated Peer ID list with more clients
- Fix crash when trying to download an empty link with the RSS plugin (BUG: 150879)
- Fix crash at exit when the RSS plugin was loaded
- Make TrayHoverPopup dissapear faster (BUG: 148243)
- Sort IP addresses by their actual value and not by their string representation (BUG: 150328)
- Added patch from Jaak Ristioja, which updates the FileView in a separate thread.
- Make sure only the files of a torrent are moved when the data directory is changed.
- Make sure window is not hidden when hidden_on_exit is true and the system tray icon is not enabled
- Added patch from Stefan Monov to hide the menubar (BUG: 151450)
- Fix crash at exit (BUG: 149827)
- Added patch from The_Kernel, which allows you to change file priorities in the webgui
- Backported fix for refresh bug from KDE4 version
- Added option to limit the number of outgoing connection setups, so that people can limit the number of TCP connections in SYN_SENT state, should their router not be able to handle to much
- Replaced TOS setting by DSCP setting
- Added several patches from Rafael Mileki which fix and improve some things in the webgui
- Change buttons in recreate popup to Recreate and Do Not Recreate (BUG: 151805)
- Added patch from Lukasz Fibinger which adds a filter bar to search for torrents
- Make sure that day and month names are not translated in HTTP headers.
Changes in 2.2.2 :
- Several minor bugfixes
version 20071205.
Fix the bug where multiple targets appeared as one. With huge thanks to
Greg Oster for his work in squashing this one.
Module Name: src
Committed By: oster
Date: Tue Dec 4 16:25:37 UTC 2007
Modified Files:
src/dist/iscsi/src: disk.c
Log Message:
Set "lun = sess->d" early on (but not too early), and allow multiple
targets to now work correctly. XXX: This will need to be re-visited
at some point, and fixed properly.
Commit requested by: agc
To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 src/dist/iscsi/src/disk.c
Also, the initiator has been modified to attach to multiple targets,
again thanks to Greg Oster.
Module Name: src
Committed By: oster
Date: Tue Dec 4 16:22:39 UTC 2007
Modified Files:
src/share/examples/refuse/iscsi-initiator: iscsifs.c
Log Message:
Add a '-D' option to allow "Discovery" of the targets provided by a host.
Initial support for multiple targets from the same host.
Base 'MaxTargets' on a #define, rather than hard-coding.
Reviewed by: agc
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
