This release fixes security vulnerabilities and also changes APIs. Sites are urged to upgrade immediately after reading the security announcement:
* SA-2008-026 - Drupal core - Drupal core - Access bypass
In addition to this security vulnerability, the following bugs have been fixed since the 6.0 release:
* #228120 by jvandyk: typo in documentation in comment.tpl.php
* #226480 by gpk: fix wording on when node access rebuild button is displayed in node_configure()
* #229817 by mcarrera: l() attributes were not properly specified in theme.inc's theme_username()
* #234403 by alienbrain: PHP.net documents we should use CRLF in mail headers, so do that
* #226555 by jvandyk, Rok Zlender: fix notice level error in xmlrpc.inc
* #204415 by chx: actually use 'administer content types' permission for node type editing instead of 'administer nodes'
* #234699 by hass: theme_link() did not mark frontpage links active properly
* #237717 by hass: missing t() in system_clear_cache_submit()
* #232037 by pwolanin: (performance) block regions should only be populated when called for, not in all cases (fixes performance expectation on 403/404 pages)
* #226728 by chx: (performance) temporary cache table entries were not flushed, causing cache_menu and cache_form to grow big
* #231587 by pwolanin, killes: (performance) use two level cache in menus, instead of storing very large amounts of data multiple times
* #239196 by jvandyk and myself: missing status check on nodes in search indexing counter
* rolling back #234403 by Bevan and damz: we should keep using LF in mail headers, without CR, CRLF causes problems
* #238564 by scor: two missing t() calls in update.module
* #241629 by solotandem: dblog module left one more row in, when cleaning up in cron
* #244597 by kbahey: remove cruft from user_login(), that added extra message to the form was never used or displayed
MediaTomb is an open source (GPL) UPnP MediaServer with a nice web
user interface, it allows you to stream your digital media through
your home network and listen to/watch it on a variety of UPnP
compatible devices.
MediaTomb implements the UPnP MediaServer V 1.0 specification that can
be found on http://www.upnp.org/. The current implementation focuses
on parts that are required by the specification, however we look into
extending the functionality to cover the optional parts of the spec as
well.
MediaTomb should work with any UPnP compliant MediaRenderer, please
tell the authors if you experience difficulties with particular
models, also take a look at the Supported Devices list for more
information.
With thanks to Jared Macneill for the patches to make this compile on
NetBSD.
Oh, and works very nicely with my Archos 605 (not in the Supported Devices
list).
Changelog:
* Version 1.2 (released 2008-03-17) hilights:
- See 1.1.1dev and 1.1dev (Jabber module rewrite, Jabber groupchats, better
(and more secure) file format for user data, ForkDaemon mode).
- Yahoo! support in this release will hopefully still work next month.
* Development version 1.1.1dev (released 2007-11-24) hilights:
- Mostly internal changes (resolved some GPL issues, changed some parts of the
IM API).
- Support for Jabber chatrooms and an XML console.
- Support for named AIM chatrooms.
* Development version 1.1dev (released 2007-02-19) hilights:
- Many new features, enhancements, bugfixes, for example:
- Rewritten Jabber module.
- Improved file format for storing user configuration.
- ForkDaemon mode: Daemon mode without the stability problems.
be used in a shared library). Applications linked against "libx264" can now
actually be started without crashing immediately because the symbol
"_x264_deblock_h_luma_altivec" couldn't be found.
Bump package revision because of this fix.
and WITHOUT_STATGRAB.
+ Convert to use PLIST_VARS instead of manually passing "@comment "
to the plist module.
Bump the PKGREVISION to 3 for the options changes.
2.5 years of various changes and improvements.
pkgsrc changes:
Use libtool to provide a shared library; fixes wip/kdewebdev4 on amd64.
Generate API documentation from the provided files using doxygen.
Standardize path to installed documentation.
Both patches changed. I made new patches to support being able
to install to program_prefix. (I supplied these upstream too.)
From change log:
2008-02-24 Antonio Diaz
* Version 0.9 released.
* signal.c (sighup_handler): Return 0 if no error.
* Arg_parser updated to 1.1.
2007-08-18 Antonio Diaz
* Version 0.8 released.
* check.sh: Testsuite exits unsuccesfully in case of error.
* ed.1: Fixed some minor problems in the manual page.
* ed.texinfo: Added 21kB of legalese (fdl.texinfo).
2007-07-18 Antonio Diaz
* Version 0.7 released.
* buf.c (dec_addr): Now returns correct address when wrapping.
2007-06-29 Antonio Diaz
* Version 0.6 released.
* License updated to GPL version 3 or later.
* signal.c (sigwinch_handler, set_signal):
Fixed two minor compatibility problems.
* main_loop.c (main_loop):
Fixed an infinite loop when reading an empty script.
2007-03-09 Antonio Diaz
* Version 0.5 released.
* main_loop.c (next_addr): '%' reimplemented as it was in ed 0.2.
2007-01-15 Antonio Diaz
* Version 0.4 released.
* Fixed some minor problems in the testsuite.
2006-11-11 Antonio Diaz
* Version 0.3 released.
* buf.c (open_sbuf):
Fixed symlink vulnerability using standard function `tmpfile'.
* signal.c: Fixed signal handling for SIGINT.
* main_loop.c (exec_command): Fixed `c' and `i' commands with address 0.
* The pause mode has been removed.
* main.c: Added new options `--loose-exit-status' and `--verbose'.
* carg_parser.c: New argument parser that replaces `getopt_long'.
* `configure' and `Makefile.in' have been replaced.
* Removed recursive make for testsuite.
* Created directory `doc'.
* Removed all pre ISO C89 code.
* Removed all global variables.
* ed.texinfo: Added to the manual the changes from Andrew and some mine.
PLIST_VARS is the list of names corresponding to automatic variables
generated by plist.mk to simplify having conditionally-present entries
in the PLIST. If "var" is listed in PLIST_VARS, then the automatic
variable is named PLIST.var. If PLIST.var is defined, then in the PLIST
generation, the ${PLIST.var} symbol is replaced with the empty string,
or "@comment " otherwise.
Changelog:
0.80 Sun Apr 6 17:25:01 CEST 2008
Test fixes
- Completely disable the utf8 test. It was causing perl to panic on some OS's.
0.79_01 Wed Feb 27 03:04:54 PST 2008
Bug fixes
- Let's try the IO layer copying again, this time with the test
fixed for 5.10.
0.78 Wed Feb 27 01:59:09 PST 2008
Bug fixes
* Whoops, the version of Test::Builder::Tester got moved backwards.
0.77 Wed Feb 27 01:55:55 PST 2008
Bug fixes
- "use Test::Builder::Module" no longer sets exported_to() or does
any other importing.
- Fix the $TODO finding code so it can find $TODO without the benefit
of exported_to(), which is often wrong.
- Turn off the filehandle locale stuff for the moment, there's a
problem on 5.10. We'll try it again next release.
Doc improvements
- Improve the Test::Builder SYNOPSIS to use Test::Builder::Module
rather than write it's own import().
0.76_02 Sun Feb 24 13:12:55 PST 2008
Bug fixes
* The default test output filehandles will NOT use utf8.
They will now copy the IO layers from STDOUT and STDERR.
This means if :utf8 is on then it will honor it and not
warn about wide characters.
0.76_01 Sat Feb 23 20:44:32 PST 2008
Bug fixes
* Test::Builder no longer uses a __DIE__ handler. This resolves a number
of problems with exit codes being swallowed or other module's handlers
being interfered with. [rt.cpan.org 25294]
- Allow maybe_regex() to detect blessed regexes. [bleadperl @32880]
- The default test output filehandles will now use utf8.
[rt.cpan.org 21091]
Test fixes
- Remove the signature test. Adds no security and just generates
failures.
0.75 Sat Feb 23 19:03:38 PST 2008
Incompatibilities
* The minimum version is now 5.6.0.
Bug fixes
- Turns out require_ok() had the same bug as use_ok() in a BEGIN block.
- ok() was not honoring exported_to() when looking for $TODO as it
should be.
Test fixes
* is_deeply_with_threads.t will not run unless AUTHOR_TESTING is set.
This is because it tickles intermittent threading bugs in many perls
and causes a lot of bug reports about which I can do nothing.
Misc
- Ran through perlcritic and did some cleaning.
mostly improvements in speed of execution (usually up by around factor 10)
and memory use (the same factor down). Please see <http://samba.rsync.org/>
or ${WRKSRC}/CHANGES for more detailed information.
Changes between 3.0.0 and 3.0.1:
- New flag "c" for itemizing non-regular files.
- Fix crash when running rsyncd without --config-file= .
- Fix crash when backing up a directory which has default ACLs.
- Fixed the working of --fake-super with --link-dest and --xattrs.
- Fixed a hang when combining --dry-run with --remove-source-files.
- Fixed a bug with --iconv preventing gobbled file names from causing
transfer failures.
- Fixed the use of the --protect-args (-s) option when talking to a daemon.
- Fixed the --ignore-existing symlink problems.
- Avoid setting the mtime on a directory that already has the right one.
- Improved the daemon-exclude handling.
- Fixed a glitch in the itemizing of permissions with the -E option.
- Various other bugfixes.
- Fixed a couple minor bugs in the included popt library.
- Fixed a stat() call that should have been do_stat() for 64-bit
functionality.
- Changed the file-glob code to do a more memory efficient directory scan.
Approved-by: tron
* Changes in Wget 1.11.1.
** Interrupted downloads no longer result in renaming the file
(regression in 1.11 over 1.10.2).
** Progress bar now displays correctly in non-English locales (and a
related assertion failure was fixed).
** Wget no longer issues a GET request over HTTP for files it should
know it's not going to download (regression in 1.11 over 1.10.2).
** Added option --auth-no-challenge, to support broken pre-1.11
authentication-before-server-challenge, which turns out to still be
useful for some limited cases.
** Documentation of accept/reject lists in the manual's "Types of
Files" section now explains various aspects of their behavior that may
be surprising, and notes that they may change in the future.
** Documentation of --no-parents now explains how a trailing slash, or
lack thereof, in the specified URL, will affect behavior.
1.34 Mon Dec 10 00:30:39 CST 2007
========================================
[FIXES]
Many fixes to make the test suite more portable.
1.32 Tue Oct 30 12:02:17 CDT 2007
========================================
[ENHANCEMENTS]
Added dump methods to mirror mech-dump:
* $mech->dump_images()
* $mech->dump_links()
* $mech->dump_forms()
* $mech->dump_all()
Sanity checks in the WWW::Mechanize::Image constructor. Every Image
must have a "url" and "tag" field passed in to it.
1.31_02 Thu Oct 25 11:48:29 CDT 2007
========================================
[ENHANCEMENTS]
Added class, class_regex, id and id_regex limiters to find_link()
and find_all_links(). Thanks to Adriano Ferreira.
1.31_01 Mon Sep 17 23:38:03 CDT 2007
========================================
[FIXES]
Mech tests now pass even if your DNS server gives A records for
anything (like OpenDNS). Thanks, Miyagawa!
Searching for the <base href> is now case-inensitive. A better
solution would be to actually parse the HTML.
[ENHANCEMENTS]
mech-dump now handles --user and --password arguments for sites
that require authentication.
CGI::Ajax is an object-oriented module that provides a unique
mechanism for using perl code asynchronously from javascript-
enhanced HTML pages. CGI::Ajax unburdens the user from having to
write extensive javascript, except for associating an exported
method with a document-defined event (such as onClick, onKeyUp,
etc). CGI::Ajax also mixes well with HTML containing more complex
javascript.
This version fixes a bug in the white/blacklist file processor that
was incorrectly matching domains when wildcards were used. Thanks
to Tom for reporting this one.
