* SA-CORE-2009-003 - Local file inclusion on Windows
In addition to this security vulnerability, the following bugs have been fixed since the 6.9 release:
* - Patch #298722 by pwolanin: _menu_translate returns FALSE before to_arg is available. Drupal.org upgrade blocker.
* #310863 by bangpound, dboulet, catch, lee20: Locale variable results in locale module install, so skip adding empty variable when not needed.
* #275796 by Gribnif, Damien Tournoud, Dave Reid, vaish: module_list() should set its static variable to NULL instead of unset()-ing it, so it does not retain its value
* #328110 by marcingy, swentel, Damien Tournoud, pwolanin, David_Rothstein: the link argument is passed by reference to menu_link_save(), so avoid overwriting local variables in menu_enable().
* #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag.
* #220559 by eMPee584, Desbeers, Damien Tournoud: only ever add the active class to links in l() and theme_links(), if the language was set and is the current language or if the language was not set on the link
* #365183 by Eaton: node_feed() did not use the same API functions as node_view() did, so custom fields were missing from the output
* #356721 by c960657, Dave Reid: remove static caching of the clean URLs setting in url() to help automated tests; the setting is cached through variable_get(), which however allows altering of the setting
* #290282 by kratib, jvandyk, ainigma32: Only track/limit the recursive invocations of actions_do(), instead of tracking/limiting them all.
* #320395 by qutoz, swentel: Set node format to 0 in node_submit() if the body was turned off to avoid a minor notice.
* #359918 by Dave Reid: database.inc documents the 'unique key' key, while it should be 'unique keys'
* #152098 by hunthunthunt, mgifford, Dave Reid: add 'for' attribute to 'label' tags on checkboxes and radio buttons, even if the 'label' wraps the element - accessibility best practice
* #314286 backport of some of #229129 by assimonds: disbaled checkboxes did not receive their values properly from the default value set
* #243524 by christefano, chx: our phpinfo page was very limited; give all info possible instead
* #203323 by JirkaRybka, robertgarrigos, lilou, thePanz, c960657, sun: move the LANGUAGE_* constants to bootstrap.inc and remove several defined() checks on them now that they are always defined
* #276174 by nbz, John Morahan, slightly modified: do not escape username more then once at multiple places in blog.module
* #310768 by bob_hirnlego, cdale: missing primary table and field specification in db_rewrite_sql() when called from taxonomy_overview_terms()
* #363262 by catch, chx: in Drupal 6, the url_alias table introduced a language column, but did not extend its index to that; though queries are formed on src and language
* #326210 by AlexisWilke, grendzy, jhedstrom: Take the menu item in its first submission and menu_nodeapi() by reference, so that any modifications of the item in the saving process will carry over to other submit handlers; making itpossible to write modules extending menu item manipulation
* - Patch #383318 by mr.baileys: incorrect memory shortage warning when memory limit is unlimited.
* #337162 by midkemia and ainigma32: keep the Drupal 5 menu items descriptions when upgrading to Drupal 6
* - Patch #381438 by drumm: do not use page cache for drupal.sh requests.
* #109588 by fago, cdale: use the existing user account objects instead of arg() checks, as well as fix use of where it should be
* #296082 by jandd, stefanor, nigel: avoid table aliasing in UPDATE query in system_update_6001() since PostreSQL does not support that
* #376408 by ajevans85, pwolanin: Prevent an empty anchor tag and parenthesis appearing in the output for the search index in search_nodeapi()
* #383724 by Heine, bjaspan: SA-CORE-2009-003
* SA-CORE-2009-004 Drupal core - Local file inclusion on Windows
In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release:
* #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url()
* #360038 by sun. Documentation improvement.
* #179244 by tangent: line break filter operates on object element.
* #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag.
Integrate the PKG_PATH logic for tightly with the find_archive logic:
- remember initial current working directory from the time PKG_PATH is
processed, it will be used as reference for all relative entries
- remove now redundant fchdir dance in pkg_add
- pass down to find_archive if this is a top-level package (e.g.
requested on the command line) or not; the location of top-level
packages is searched for packages first and for URLs or path names the
PKG_PATH itself is not processed (e.g. pkg_add foo/bar not look into
PKG_PATH for bar). This addresses PR 33884 in a different way.
- document the rules for finding packages more explicitly
- allow specifying PKG_PATH in pkg_install.conf as well; environment
takes precendence.
- remove PKG_PATH related logic in pkg_info(1), it doesn't deal with
PKG_PATH anyway
- remove PKG_PATH, PKG_TMPDIR and TMPDIR description in pkg_info(1),
they are no longer used
2.8.2 2009/02/17
Request a signature with an "i=" tag if signing for subdomains and
a keylist entry matches. Previously this only occurred when
using an explicit domain list. Problem noted by
S. Moonesamy of Eland Systems.
Fixes in and around dkim_socket_cleanup(). Problem noted by
S. Moonesamy of Eland Systems.
LIBDKIM: When logging a d2i_PUBKEY_bio() or EVP_PKEY_get1_RSA()
failure, also log the selector and domain involved so manual
diagnostics are possible.
LIBDKIM/LIBAR: Feature request #SF2380508: Add new test for
WITHOUT_LIBSM which removes references to libsm's sm_strl*()
functions, so that libdkim and libar can stand on their own
on systems which provide the strl*() functions. Requested by
Frederik Pettai.
LIBDKIM: Report DKIM_STAT_NOSIG if the caller commands that all
signatures should be ignored.
LIBDKIM: Plug a memory leak caused when responding to a malloc()
failure.
LIBDKIM: New signature error code DKIM_SIGERROR_KEYDECODE, used if
d2i_PUBKEY_BIO() or EVP_PKEY_get1_RSA fails in
dkim_sig_process().
LIBAR: Make reference to the "_res" structure more thread-safe.
BUILD: Make use of conf_dkim_filter_ENVDEF since site.config.m4.dist
refers to it. Problem noted by S. Moonesamy of Eland Systems.
* Improved SANE scanner support.
* Support for digital CD audio playback.
* Improved cookies management in Wininet.
* Support for building stand-alone 16-bit modules.
* Many fixes to the regression tests on Windows.
* Various bug fixes.
so that it can be executed by a standard shell
(the section is question is windows specific, so just remove it)
This should fix PR pkg/40765 by Joern Clausen
installation (cf. patch-ar). However, MacOS X does not have clock_gettime().
This patch therefore ensures that for that functionality the MacOS X specific
code is used.
0.1.8
------------------------------------------------------------------------
Updated to libraw 0.6.13:
- Bugfixes in RIFF reading code. .
Updated to libraw 0.6.12:
- Hasselblad V96C support.
Updated to libraw 0.6.11:
- Fixed serious bug in loading metadata from external JPG file.
Updated to libraw 0.6.10:
- Support for loading White Balance data from Sony ARW files edited with Sony IDC software.
Updated to libraw 0.6.9:
- Better support for Samsung S85.
- Fixed possible integer overflow in wavelet denoising code.
Updated to libraw 0.6.8:
- Changes in QuickTake 100 files processing.
Updated to libraw 0.6.7:
-Added support for Samsung S85.
-Changes in external jpeg (metadata) processing.
Updated to libraw 0.6.6:
-Changes in Panasonic FZ50 processing code.
Updated to libraw 0.6.5:
-Fixed file descriptor and buffer memory leak when thumbnail extractor is called,
but library object is not properly initialized.
-Fixes in Imacon files unpacking.
-Fixes in Hasselblad .fff files unpacking.
Fix PPM color preview extraction.
Changes in 1.4.9-stable:
o event_add would not return error for some backends; from Dean
McNamee
o Clear the timer cache on entering the event loop; reported by
Victor Chang
o Only bind the socket on connect when a local address has been
provided; reported by Alejo Sanchez
o Allow setting of local port for evhttp connections to support
millions of connections from a single system; from Richard Jones.
o Clear the timer cache when leaving the event loop; reported by
Robin Haberkorn
o Fix a typo in setting the global event base; reported by lance.
o Fix a memory leak when reading multi-line headers
o Fix a memory leak by not running explicit close detection for
server connections
Changes between 0.1.5 and 0.1.6:
--------------------------------
* fixed a parsing bug due to outdated spec in ISO 639 language descriptor
* fixed the use of uninitialized data when section_syntax_indicator=0
* fixed a parsing bug in the EBU teletext descriptor decoder
* fixed the declaration of dvbpsi_DecodeTeletextDr
* new example tool for checking an MPEG-2 TS file
* fixed EIT discontinuities
* new cat support
* new PDC support descriptor 0x69
Changes between 0.1.4 and 0.1.5:
--------------------------------
* Windows CE port
* src/tables/eit*: EIT decoder (no generator yet)
* src/tables/sdt*: SDT generator
* 0x4d/0x4e (EIT) descriptors decoders
* 0x52 (stream identifier) descriptor decoder
* 0x55 (dvb parental rating) descriptor decoder
* 0x56 (EBU teletext) descriptor decoder
* fixed a segfault in the subtitles descriptor decoder
* correctly handle duplicate packets
* correctly handle TS packets containing multiple PSI sections
Changes between 0.1.3 and 0.1.4:
--------------------------------
* 0x59 (dvb subtitles) descriptor decoder
* memory leak fix
* fixed an unitialiazed pointer
libXi 1.2.1.
Fixes a potential memory overflow in XGetDeviceControl.
Alan Coopersmith (1):
Add README with pointers to mailing list, bugzilla & git repos
Paulo Cesar Pereira de Andrade (1):
Return NULL on error, and match LockDisplay with UnlockDisplay.
Peter Hutterer (3):
XGetDeviceControl: Add a missing break leading to wrong length calculation.
XGetDeviceControl: size the libXi structs, not the wire structs (#20293)
libXi 1.2.1
This is GStreamer Good Plug-ins 0.10.14, "Disaffected Affectation"
Changes since 0.10.13:
* Add autodetect source elements
* Improvements in RTP payload/depayload and RTSP
* Support float input in wav, and require depth == width
* Support inverted RGB video in avi
* Compilation fixes and smarter format selection in V4L2 support
* Use libv4l when available
* Don't install static plugin libraries any more
* Matroska muxing: Add Dirac, fix AAC
* Improve qtdemux segment handling
* Add presets to equalizer
* OS/X video and audio output improvements
* Rework Pulseaudio audio output
* Support basic and digest auth in souphttpsrc
* Use libsoup-gnome instead of libsoup when available
* DV demuxer fixes
* New IIR and FIR base classes and echo filter in audiofx plugin
* Improved spectrum analysis plugin
* 8 bit greyscale support in v4l2src and videocrop
* New aspectratiocrop element
* Many other bug fixes and improvements
Bugs fixed since 0.10.13:
* 561502 : Not-negociated error in udpsrc
* 522183 : add preset suport to gstequalizer
* 523813 : [autodetect] add autovideosrc and autoaudiosrc
* 557709 : goom should have license headers in all source files
* 560155 : segfault when trying to set tag to NULL with avimux
* 527951 : [new element] aspectratiocrop
* 529379 : RTSP seeks when pipeline is in STATE_PAUSED
* 532409 : RTP payload/depayloader for G.729
* 537539 : [pulse] Rhythmbox starts using 100% of CPU time when puls...
* 537540 : [pulse] Causes a deadlock when the pulseserver dies
* 537543 : [pulse] sink/src should have " volume " property (was GstMi...
* 545033 : [v4l2src] Add support for camera specific formats
* 552140 : [soup] use libsoup-gnome for proxy configuration if avail...
* 556019 : Add the ability to make souphttpsrc act as a live source
* 556484 : Implement getcaps in rtpL16pay
* 556641 : rtpL16depay doesn't support multichannel audio
* 556802 : Misspelled messages
* 556955 : [videocrop] fails to renegotiate
* 556986 : pulsesink deadlocks when raising an error
* 557260 : [equalizer] Calculates coefficients for every buffer
* 557293 : Argument type mismatch on Windows
* 557294 : cross mingw32 gcc: getaddrinfo is not in ws2_32.dll befor...
* 557710 : Memory leak related to matroskamux's request pads
* 558427 : rtpmpapay/depay are too wide
* 558638 : Compiler error on v4l2
* 558711 : gst-plugins-good-0.10.11 compile fails
* 559288 : [qtdemux] deadly embrace!
* 559545 : rtspsrc could not receive data from RTSP server because o...
* 559547 : Seek bugs when playing rtsp video in m.youtube.com
* 560641 : rtp mp4 payloader doesn't flush the last frame upon EOS
* 560756 : New Plugin: JPEG RTP Payloader
* 561625 : Rtspsrc set segment's last_stop incorrectly
* 561775 : souphttpsrc patch to support basic and digest authentication
* 561802 : DLNA specific HTTP header missing
* 561990 : qtdemux build fails on mingw due to missing definition of...
* 562434 : [wavenc] Add support for a-law and mu-law encoded wav files
* 562572 : multiudpsink handles errors in _render() too aggressively
* 563414 : Fix for SunAudioMixer plugin
* 563504 : add libv4l2 support to v4l2 gst plugin - required for mos...
* 563509 : [rtp_data_test] Complains about negotiation errors with m...
* 563510 : [videocrop] 1x1 unit test fails
* 564437 : rtpjpegdepay was unable to handle frame dimensions greate...
* 564948 : Fix and clean up osxaudio
* 565850 : mov files can contain xvid, fmp4 and ac3 tracks
* 566616 : v4l2src: b/w support
* 566843 : [pulse] Terminating an audio stream hangs the application
* 567577 : [audiofx] Add generic IIR/FIR audio filter elements
* 567642 : spectrum element has undocumented arbitrary limitation on...
* 567746 : fix for 547227 created a ref loop
* 567794 : [PATCH] Rework pulse plugin
* 567800 : Mp4 created by Avidemux don't play.
* 567853 : osxaudiosrc does not build on 10.4
* 567874 : [audiofx] Echo/Reverb filter
* 567955 : [spectrum] Need compensation for rounding errors
* 567992 : [videocrop] wrong mouse navigation commands while cropping
* 568395 : [audiofx] Rename audioreverb to audioecho
* 568780 : elements/videocrop check fails
* 568809 : Patch needed for building gst-plugins-good 0.10.13 on Sol...
* 569820 : In some cases v4l2src element does not return correct norm
* 570343 : equalizer bands != specified parameters
* 570435 : Read Title element of Matroska files
* 571038 : [osxvideosink] build fail
* 571150 : aspectratiocrop : Memory leak
* 571153 : [pulsemixer] compiler warnings (on ARM)
* 571204 : [pulsesink] PA assertion failure triggers abort
* 570581 : osxvideosink: non-embedded mode is badly broken and shoul...
* 341752 : [rtspsrc] 500 Internal Server Error response with tagessc...
* 420658 : gconfaudiosink is not behaving normally
* 558554 : [avidemux] avidemux not recognizing certain uncompressed ...
* 561580 : GStreamer does not play a specific WAV file
* 563056 : " rtpjpegdepay ! jpegdec " doesnt works
* 565441 : Smoke encoder doesn't set caps correctly
* 567952 : videocrop: add b/w support
New in 3.0.4:
* gperf is now licensed under the GPL version 3 or newer.
* The generated C code gives less warnings with gcc-4.2.x in c99 or gnu99 mode.
which made the small calendar display only nonsense,
ride on recent update
And again: Please test the pkgs at least a little bit before
committing an update.
(Please give the pkgs you commit a least a minimal testing. Since
sqlite3-tcl is needed to run the sqlite selftests the least I'd expect
is to build that as well.)
Evolution Exchange 2.24.5 2009-02-25
------------------------------------
Bug Fixes:
#545455 : Check for the correct href of the message before accessing
it. (Milan Crha)
Evolution 2.24.5 2009-02-25
---------------------------
Updated Translations:
Wouter Bolsterlee (nl)
Bug Fixes:
#333716 : Do not store incomplete or broken files in a cache. (Milan
Crha)
#529037 : Disconnect signals on ESource-s too, not only on ECal-s.
(Milan Crha)
#559027 : Do not set date for 'None' value. (Milan Crha)
#559719 : Use it's own/unique name for the property on the 'epl'
and free the widget only if it wasn't freed yet. (Milan Crha)
#559719 : Use it's own/unique name for the property on the 'epl'
and free the widget only if it wasn't freed yet. (Milan Crha)
#561465 : Expand 'Attendee' column instead of the last. (Milan
Crha)
#564229 : Do not use uninitialized variable. (Milan Crha)
#564229 : Initialize the EPluginUI registry during class initialization,
so that it's sure to be there when we need it. (Matthew Barnes)
#567089 : Do not crash when no From set yet. (Milan Crha)
#569700 : Stop reading from a network when operation was canceled.
(Milan Crha)
#569986 : bar rendering. (Srinivasa Ragavan)
#572399 : Do not read from invalid iterator after call of row
changed. (Milan Crha)
#572543 : Always look for alternative apps for application/octet-stream.
(Milan Crha)
#572975 : Destroy file chooser dialog early enough to not have
hidden any other windows below it. (Milan Crha)
GtkHTML-3.24.5 2009-02-25
-------------------------
Bug Fixes:
#569365 : Do not draw a cursor without a window. (Milan Crha)
#570276 : Change Word Wrap accelerator to CtrlK, since CtrlBackspace
doesn't work apparently. (Matthew Barnes)
#571621 : Replace a g_assert() with g_return_if_fail(). (Matthew
Barnes)
Evolution-Data-Server 2.24.5 2009-02-25
---------------------------------------
Bug Fixes:
#477535 : Randomly mail status changes were not getting stored in
server. Fixed the issue by unsetting correct flags. (Sankar P)
#567008 : Avoiding the clearing of the uids in the spool summary
if forceindex is true. (Jeff Cai)
