* An element on GIT_CEILING_DIRECTORIES list that does not name the
real path to a directory (i.e. a symbolic link) could have caused
the GIT_DIR discovery logic to escape the ceiling.
* Command line completion for "tcsh" emitted an unwanted space
after completing a single directory name.
* Command line completion leaked an unnecessary error message while
looking for possible matches with paths in <tree-ish>.
* "git archive" did not record uncompressed size in the header when
streaming a zip archive, which confused some implementations of unzip.
* When users spelled "cc:" in lowercase in the fake "header" in the
trailer part, "git send-email" failed to pick up the addresses from
there. As e-mail headers field names are case insensitive, this
script should follow suit and treat "cc:" and "Cc:" the same way.
based on PR 47495 by Brad Lanam, some small fixes by me.
di is a disk information utility, displaying everything (and more)
that your df command does. It features the ability to display your
disk usage in whatever format you prefer. It also checks the user
and group quotas, so that the user sees the space available for
their use, not the system wide disk space.
==============================
Release Notes for Samba 3.6.12
January 30, 2013
==============================
This is a security release in order to address
CVE-2013-0213 (Clickjacking issue in SWAT) and
CVE-2013-0214 (Potential XSRF in SWAT).
o CVE-2013-0213:
All current released versions of Samba are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings.
In order to be vulnerable, SWAT must have been installed and enabled
either as a standalone server launched from inetd or xinetd, or as a
CGI plugin to Apache. If SWAT has not been installed or enabled (which
is the default install state for Samba) this advisory can be ignored.
o CVE-2013-0214:
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to manipulate
SWAT.
In order to be vulnerable, the attacker needs to know the victim's password.
Additionally SWAT must have been installed and enabled either as a standalone
server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
not been installed or enabled (which is the default install state for Samba)
this advisory can be ignored.
Changes since 3.6.11:
--------------------
o Kai Blin <kai@samba.org>
* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
==============================
Release Notes for Samba 3.5.21
January 30, 2013
==============================
This is a security release in order to address
CVE-2013-0213 (Clickjacking issue in SWAT) and
CVE-2013-0214 (Potential XSRF in SWAT).
o CVE-2013-0213:
All current released versions of Samba are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings.
In order to be vulnerable, SWAT must have been installed and enabled
either as a standalone server launched from inetd or xinetd, or as a
CGI plugin to Apache. If SWAT has not been installed or enabled (which
is the default install state for Samba) this advisory can be ignored.
o CVE-2013-0214:
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to manipulate
SWAT.
In order to be vulnerable, the attacker needs to know the victim's password.
Additionally SWAT must have been installed and enabled either as a standalone
server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
not been installed or enabled (which is the default install state for Samba)
this advisory can be ignored.
Changes since 3.5.20:
---------------------
o Kai Blin <kai@samba.org>
* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
Import 3.2 version of cvsps as devel/cvsps3.
From README,
The 3.x versions have changed significantly. In 2012, CVS use is declining
swiftly (GNU CVS hasn't been updated since 2004) and the original use case
for this tool - browsing change sets in a live CVS repository - is obsolete.
The 3.x versions are more focused on the --fast-export mode.
Changes
Changed to way the search results for multiple projects can be
linked together. A project is now no longer identified by the
tag files name but via new option EXTERNAL_SEARCH_ID giving a
bit more flexibility.
Disabled the disk cache for member data. Allows removing quite
some complexity in doxygen and is not really needed now that
64bit systems with >4GB RAM are becoming more common. Let me
know if you think you benefit from this caching.
id 691607: Using $relpath$ in a custom footer could lead to
ambiguities when followed by a name that could also be a marker,
like 'search'. Now $relpath^ should be used instead. $relpath$
is still supported for backward compatibility.
New features
You can now use EXTENSION_MAPPING on files without any extension
using no_extension as placeholder (thanks to Jason Majors for
the patch).
To make navindex section inside a layout file that links to a
specific URL you can use usergroup with the url attribute.
To make navindex section without any link inside a layout file
you can use usergroup with special title [none].
And lots of bugfixes.
0.28.2:
This stable release in the 0.28 series contains fixes for 64 bit
Windows, clang, and PowerPC on MacOS and OpenBSD.
0.28.0:
A new major release 0.28.0 of the pixman rendering library is now
available. Highlights of this release:
* Support for sRGB coded images [Antti Lankila]
* New API for fast glyph rendering [Soren Sandmann]
* Faster bilinear scaling on iwMMX, Loongson and MMX [Matt Turner]
* More fast paths in the MIPS DSPr2 backend [Nemanja Lukic]
* Faster scaling in general and on SSE2 in particular [Siarhei
Siamashka]
Khaled Hosny (1):
Allow Alt R to be used for next group again
Mathieu Boespflug (1):
Add altwin:swap_alt_win option.
Michal Nazarewicz (1):
Remove redundant definition in pl(dvp).
Parag Nemade (3):
Correct the eurosign group to currencysign group
Align keymappings in Jhelum keymap with m17n pa-jhelum keymap
Add Rupee Sign default on some Indic xkb maps
Peter Hutterer (1):
=?UTF-8?q?rules:=20remove=20ml=20=E2=86=92=20in(mal)=20ma?=
=?UTF-8?q?pping?=
Sergey V. Udaltsov (22):
Added euro to Polish layout
Added Silesian
configuration for IBM 142 Italian variant
il(lyx) should have proper mapping of numeric keys
Added us(workman)
More polish on us(workman)
Cleanup for descriptions
added de(legacy)
A couple of missing chars in gr(polytonic), added on levels 3, 4
fixed comment
Fixed Congolese layout, 2 missing symbols
Removed invalid layout
Updated typography symbols
Using configure.ac
Added pl(colemak)
Bumping version before freese - 2.7.99
Forgot to remove the actual ad layout
Fixed 2 minor typos (thanks to Alex Shopov)
Missing hyphen
SunOpen -> XF86Open
Updated translations before release Preparing 2.8
Stephan Hilb (1):
Always use fake keycode bindings for level3 and level5
javier (8):
Update keycodes and geometry for Sun Keyboards
Update XKB symbols specific for Sun Keyboards
Fix compat for Japanese Sun keyboards
Update XKB rules specific for Sun Keyboards
Remove tuv layout for Sun Keyboards
Add Models and one option for Sun Keyboards
Add Sun keyboard layout variants
Add sun_type layout variants into base.extras
This release adds a "-event" option that can be used to filter which events are
printed. For example, to listen only for RandR events, use "xev -event randr".
The -event parameter can be specified multiple times. Please see the manual
page for the list of available event filters.
This release also contains a few code fixes.
Aaron Plattner (2):
Add a -event parameter to control the event mask
xev 1.2.1
Alan Coopersmith (2):
Fix clang warnings about converting size_t to int and back again
Use strncasecmp instead of a tolower loop & strncmp
7.98.18 hack base to catch up perl 5.16 changes, cpan modules ..
7.98.17 update modules: cpan modules, IM et.al (to be planned).
7.98.16 FML::Install is enhanced.
Fix CVE-2013-0333.
There is a vulnerability in the JSON code for Ruby on Rails which
allows attackers to bypass authentication systems, inject arbitrary
SQL, inject and execute arbitrary code, or perform a DoS attack on a
Rails application.
## Rails 3.0.20 (unreleased)
* Fix XML serialization of methods that return nil to not be
considered as YAML (GH #8853 and GH #492)
Fix CVE-2013-0333.
There is a vulnerability in the JSON code for Ruby on Rails which
allows attackers to bypass authentication systems, inject arbitrary
SQL, inject and execute arbitrary code, or perform a DoS attack on a
Rails application.
## Rails 3.0.20 (unreleased)
* Fix XML serialization of methods that return nil to not be
considered as YAML (GH #8853 and GH #492)
