Drupal 6.16, 2010-03-03
----------------------
- Fixed security issues (Installation cross site scripting, Open redirection,
Locale module cross site scripting, Blocked user session regeneration),
see SA-CORE-2010-001.
- Better support for updated jQuery versions.
- Reduced resource usage of update.module.
- Fixed several issues relating to support of install profiles and
distributions.
- Added a locking framework to avoid data corruption on long operations.
- Fixed a variety of other bugs.
sfxr's original purpose was to provide a simple means of getting
basic sound effects into a game for those people who were working
hard to get their entries done for the Ludum Dare gaming contest
within the 48 hours and didn't have time to spend looking for
suitable ways of doing this.
The idea was that they could just hit a few buttons in this
application and get some largely randomized effects that were custom
in the sense that the user could accept/reject each proposed sound.
pkgsrc changes:
- Upstream Makefile.PL says, minimum required rrdtool version is 1.2.x,
so adjust required version of databases/rrdtool
Upstream changes:
0.30 (02/21/2010)
(ms) [RT 53961] Worked around rrdtool-1.3.5 inaccuracy problem by
skipping certain tests for rrdtool <= 1.4.
0.29 (02/20/2010)
(ms) Added github repository link to Makefile.PL
(ms) Fixed documentation for fetch_next().
(ms) [RT 54544] Tom Regner added support for updatev().
0.28 (11/05/2009)
(ms) Applied patch by Lyle Brooks, adding optional step, start, and
end parameters to "draw".
0.27 (10/11/2009)
(ms) Slaven Rezic reported huge memory consumption by the test suite,
turned out to be fetch_start() call spanning several years.
Fixed by defining the end time as well as the start time.
0.26 (09/27/2009)
(ms) [RT 32601] Using prompt() instead of manually asking for input
in Makefile.PL (by Fabien Wernli)
(ms) [RT 32046] Calling setlocale() to fix error message check in
foreign locales (by Fabien Wernli)
(ms) Implemented graphv method. This works just like graph() but uses
rrdtool's graphv internally, giving access to additional
information using print_results() method (by Fabien Wernli)
(ms) Improved RRDs version testing (by Fabien Wernli).
pkgsrc changes:
- Adjust dependencies
Upstream changes:
0.08120 2010-02-24 08:58:00 (UTC)
- Make sure possibly overwritten deployment_statements methods in
schemas get called on $schema->deploy
- Fix count() with group_by aliased-function resultsets
- with_deferred_fk_checks() Oracle support
- Massive refactor and cleanup of primary key handling
- Fixed regression losing custom result_class (really this time)
(RT#54697)
- Fixed regression in DBIC SQLT::Parser failing with a classname
(as opposed to a schema object)
- Changes to Storage::DBI::Oracle to accomodate changes in latest
SQL::Translator (quote handling)
- Make sure deployment_statements is per-storage overridable
- Fix dbicadmin's (lack of) POD
Upstream changes:
# ----------------------------------------------------------
# 0.11005 2010-02-24
# ----------------------------------------------------------
* Fix Parser::DBI::Oracle reading too many tables (RT#49413)
* Fix Parser::MySQL tripping up on PRIMARY KEY ... USING (currently value is ignored) (RT#50468)
* Fix runaway debug trace (RT#52276)
* Fix Parser::PostgreSQL choking on commit; statements in DDL (#RT52277)
* Producer::Oracle now respects quote_field|table_names, and
no longer does name munging of reserved table names
* Producer::Oracle now correctly outputs databse-unique index names
Upstream changes:
2.10 Sat Feb 27 14:01:18 AUSEST 2010
* BUGFIX: Fatal and autodie no longer leak Carp functions
into the caller's namespace. Thanks to Schwern.
* TEST: Multi-arg open tests are really really skipped
under Windows now.
* DOCUMENTATION: Many more people are properly attributed
in the 'AUTHORS' file.
Upstream changes:
0.10, 2010-02-26
Fixed RT#55010: Removed Unicode BOM from Find.pm.
0.09, 2010-02-26
Fixed RT#38302: Fixed META.yml generation (thanks very much to
cpanservice for the help).
Upstream changes:
1.28 (2010/02/24)
* (ms) Fixed caller stack with Buffer composite appender
* (ms) Fixed 'local caller_depth' error in various places. First
localizing a variable and then increasing it is incorrect,
as this ignores previous settings. The correct way of
increasing the caller level is: 'local depth = depth + 1'.
* (ms) Added Log::Log4perl::Catalyst for use in Catalyst applications.
Upstream changes:
2010-02-15 0.71 - H.Merijn Brand <h.m.brand@xs4all.nl>
* Upped copyright to 2010
* Prevent double encoding: make Text::CSV_XS streams behave just
like perl would (thanks ikegami for the test cases)
* Text::CSV_XS->error_diag () in void context now warns instead of
doing nothing
* auto_diag also used for new () itself
subversion-base has been tested. (Anyone who would like to sign up to
functionality-test the other components is welcome to send me mail and
I'll record that in the Makefile.)
Version 1.6.9
(25 Jan 2010, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.9
User-visible changes:
* allow multiple external updates over ra_svn (issue #3487)
* fix a segmentation fault when using FSFS (r881905)
* support Berkeley DB 4.8 (r879688)
* various autoprop improvements (r880274, -5)
* improve usage of svn+ssh:// on Windows (issue #2580)
* teach 1.6.x to recognize 1.7 working copies (1.6.x-future-proof branch)
* update help text for 'svn update' and 'svn switch' (r886164, -97)
* make 'svnadmin load --parent-dir' create valid mergeinfo (r888979, -9081)
* tolerate relative merge source paths in mergeinfo (r889840)
* teach mod_dav_svn to support the Label header (issue #3519)
* fixed: svnsync leaves stale sync-locks on mirrors (r884842)
* fix applicability of 'svn resolve --accept=theirs-conflict' (r880525, -6)
* fixed: segfault in 'svn resolve' (r896522, -47)
* fix commit failure against an out-of-date mirror (r900797)
Developer-visible changes:
* update ruby bindings test expectation (r880162)
* don't allow rangelist and mergeinfo API to modify input args (r879093)
Version 1.6.8 (Not released, see changes for 1.6.9.)
Version 1.6.7 (Not released, see changes for 1.6.9.)
[ Note: All revision numbers for versions prior to 1.6.7 reference the
original repository on svn.collab.net. For more information see:
http://svn.apache.org/repos/asf/subversion/README ]
Version 1.6.6
(22 Oct 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.6
User-visible changes:
* fix crash during 'svn update' (r39673)
* respect Apache's ServerSignature directive (r40008, -21, -31)
* don't add a file with mixed line endings, and then abort (issue #2713)
* support Neon 0.29.
* fix a crash in 'svn rm --force' (r37953)
* handle tree conflicts involving replacements (issue #3486)
* allow non-threadsafe sqlite if APR has no threads (r39301)
* print newline before plaintext SSL cert / password prompts (r38982, r39302)
* improve merge performance with implicit subtree mergeinfo (issue #3443)
* fix "libsvn_ra_svn/marshal.c assertion failed (opt || cstr)" (issue #3485)
* make file externals work for binary files (issue #3368)
* perform MIME type matching case-insensitively (issue #3479)
* do not treat non-existent revisions as HEAD in 'svn export' (issue #3400)
* revert r36720's default MIME type change back to "text/plain" (issue #3508)
* improve "tree conflict already exists" error message (r38872)
* fix failure to commit replacement of a directory (issue #3281)
* fix mod_dav_svn parent dir links to preserve peg revisions (issue #3425)
Developer-visible changes:
* fix 2 failing tests in ruby bindings (r38886)
* do not require GNU grep for build (issue #3453)
* use '$SED' instead of 'sed' in build scripts (issue #3458)
* add svn.client.{log5,merge_peg3} to python bindings (r39635, -6, -7)
* include the time of a test run in tests.log (r39887)
New features in UnZip 6.0, released 20 April 2009:
* Support PKWARE ZIP64 extensions, allowing Zip archives and Zip
archive entries larger than 4 GiBytes and more than 65536 entries
within a single Zip archive. This support is currently only
available for Unix, OpenVMS and Win32/Win64.
* Support for bzip2 compression method.
* Support for UTF-8 encoded entry names, both through PKWARE's
"General Purpose Flags Bit 11" indicator and Info-ZIP's new "up"
unicode path extra field. (Currently, on Windows the UTF-8
handling is limited to the character subset contained in the
configured non-unicode "system code page".)
* Added "wrong implementation used" warning to error messages of
the MSDOS port when used under Win32, in an attempt to reduce
false bug reports.
* Fixed "Time of Creation/Time of Use" vulnerability when setting
attributes of extracted files, for Unix and Unix-like ports.
* Fixed memory leak when processing invalid deflated data.
* Fixed long-standing bug in unshrink (partial_clear), added
boundary checks against invalid compressed data.
* On Unix, keep inherited SGID attribute bit for extracted
directories unless restoration of owner/group id or SUID/SGID/Tacky
attributes was requested.
* On Unix, allow extracted filenames to contain embedded control
characters when explicitly requested by specifying the new command
line option "-^".
* On Unix, support restoration of symbolic link attributes.
* On Unix, support restoration of 32-bit UID/GID data using the
new "ux" IZUNIX3 extra field introduced with Zip 3.0.
* Support for ODS5 extended filename syntax on new OpenVMS systems.
* Support symbolic links zipped up on VMS.
* On VMS (only 8.x or better), support symbolic link creation.
* On VMS, support option to create converted text files in
Stream_LF format.
* New -D option to suppress restoration of timestamps for extracted
directory entries (on those ports that support setting of directory
timestamps). By specifying "-DD", this new option also allows
to suppress timestamp restoration for ALL extracted files on
all UnZip ports which support restoration of timestamps. On
VMS, the default behaviour is now to skip restoration of
directory timestamps; here, "--D" restores ALL timestamps,
"-D" restores none.
* On OS/2, Win32, and Unix, the (previously optional) feature
UNIXBACKUP to allow saving backup copies of overwritten files on
extraction is now enabled by default.
For the UnZip 6.0 release, we want to give special credit to Myles
Bennet, who started the job of supporting ZIP64 extensions and
Large-File (> 2GiB) and provided a first (alpha-state) port.
1623 7.2.368 (after 7.2.361) append line with Ruby interface doesn't work
1872 7.2.369 error message for :profile is not easy to understand
4352 7.2.370 (after 7.2.356) a redraw may cause folds to be closed
10029 7.2.371 build problems on Tandem NonStop
9674 7.2.372 (extra) cross-compiling GvimExt and xxd doesn't work.
2901 7.2.373 new messages from gcc 4.5 are not in 'errorformat'
4434 7.2.374 Ruby eval() doesn't understand Vim types
1794 7.2.375 ml_get errors when using ":bprevious" in a BufEnter autocmd
1577 7.2.376 ml_get error when using SiSU syntax
1983 7.2.377 (extra, after 7.2.372) small mistakes in Ming build file
2832 7.2.378 C function declaration indented too much
1758 7.2.379 'eventignore' is set to an invalid value inside ":doau"
3699 7.2.380 (after 7.2.363) Perl builds with 5.10.1 but not with 5.10.0
6835 7.2.381 no completion for :behave
1766 7.2.382 close cmdline window when 'bufhide' is "wipe" uses freed mem
3021 7.2.383 Vim doesn't build cleanly with MSVC 2010
1849 7.2.384 (extra) Vim doesn't build properly with MSVC 2010
2147 7.2.385 can't drag status line when in the command line window
* comments: Display number of comments in comment action link.
* Rebuild wikis on upgrade to this version to get the comment counts
added to existing pages.
* Loosen regexp, to allow empty quoted parameters in directives.
* Add force_overwrite setting to make setup automator overwrite existing
files/directories.
* Fix admin openid detection in setup automator, and avoid prompting
for a password.
* Add new --clean option; this makes ikiwiki remove all built
files in the destdir, as well as wrappers and the .ikiwiki directory.
Thanks to Taylor R Campbell for nudge to update, and a patch to do so.
Pkgsrc changes:
o Add LICENSE=modified-bsd setting
Upstream changes (also includes changes from the enclosing "ldns"):
1.6.4 2010-01-20
* Imported pyldns contribution by Zdenek Vasicek and Karel Slany.
Changed its configure and Makefile to fit into ldns.
Added its dname_* methods to the rdf_* class (as is the ldns API).
Changed swig destroy of ldns_buffer class to ldns_buffer_free.
Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
* Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
* Bugfix: handle escaped characters in TXT rdata.
* bug292: no longer crash on malformed domain names where a label is
on position 255, which was a buffer overflow by one.
* Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change),
which fixes resolv.conf reading badly terminated string buffers.
* Fix ldns_pkt_set_random_id to be more random, and a little faster,
it did not do value 0 statistically correctly.
* Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes,
for portability.
* bug295: nsec3-hash routine no longer case sensitive.
* bug298: drill failed nsec3 denial of existence proof.
1.6.3 2009-12-04
* Bugfix: allow for unknown resource records in zonefile with rdlen=0.
* Bugfix: also mark an RR as question if it comes from the wire
* Bugfix: NSEC3 bitmap contained NSEC
* Bugfix: Inherit class when creating signatures
1.6.2 2009-11-12
* Fix Makefile patch from Havard Eidnes, better install.sh usage.
* Fix parse error on SOA serial of 2910532839.
Fix print of ';' and readback of '\;' in names, also for '\\'.
Fix parse of '\(' and '\)' in names. Also for file read. Also '\.'
* Fix signature creation when TTLs are different for RRs in RRset.
* bug273: fix so EDNS rdata is included in pkt to wire conversion.
* bug274: fix use of c++ keyword 'class' for RR class in the code.
* bug275: fix memory leak of packet edns rdata.
* Fix timeout procedure for TCP and AXFR on Solaris.
* Fix occasional NSEC bitmap bogus
* Fix rr comparing (was in reversed order since 1.6.0)
* bug278: fix parsing HINFO rdata (and other cases).
* Fix previous owner name: also pick up if owner name is @.
* RFC5702: enabled sha2 functions by default. This requires
OpenSSL 0.9. 8 or higher. Reason for this default is the
root to be signed with RSASHA256.
* Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP,
very long lines
* Fix: Make ldns_dname_is_subdomain case insensitive.
* Fix ldns-verify-zone so that address records at zone NS set
are not considered glue (Or glue records fall below delegation)
* Fix LOC RR altitude printing.
* Feature: Added period (e.g. '3m6d') support at explicit TTLs.
* Feature: DNSKEY rrset by default signed with minimal signatures
but -A option for ldns-signzone to sign it with all keys.
This makes the DNSKEY responses smaller for signed domains.
1.6.1 2009-09-14
* --enable-gost : use the GOST algorithm (experimental).
* Added some missing options to drill manpage
* Some fixes to --without-ssl option
* Fixed quote parsing withing strings
* Bitmask fix in EDNS handling
* Fixed non-fqdn domain name completion for rdata field domain
names of length 1
* Fixed chain validation with SHA256 DS records
1.6.0
Additions:
* Addition of an ldns-config script which gives cflags and libs
values, for use in configure scripts for applications that use
use ldns. Can be disabled with ./configure --disable-ldns-config
* Added direct sha1, sha256, and sha512 support in ldns.
With these functions, all NSEC3 functionality can still be
used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
Steve Reid, and Aaron D. Gifford for the code.
* Added reading/writing support for the SPF Resource Record
* Base32 functions are now exported
Bugfixes:
* ldns_is_rrset did not go through the complete rrset, but
only compared the first two records. Thanks to Olafur
Gudmundsson for report and patch
* Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
thanks to Marius Rieder for finding an patching this.
* --without-ssl should now work. Make sure that examples/ and
drill also get the --without-ssl flag on their configure, if
this is used.
* Some malloc() return value checks have been added
* NSEC3 creation has been improved wrt to empty nonterminals,
and opt-out.
* Fixed a bug in the parser when reading large NSEC3 salt
values.
* Made the allowed length for domain names on wire
and presentation format the same.
Example tools:
* ldns-key2ds can now also generate DS records for keys without
the SEP flag
* ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
the first non-default DNSKEY TTL value it sees)
1.5.1
Example tools:
* ldns-signzone was broken in 1.5.0 for multiple keys, this
has been repaired
Build system:
* Removed a small erroneous output warning in
examples/configure and drill/configure
1.5.0
Bug fixes:
* fixed a possible memory overflow in the RR parser
* build flag fix for Sun Studio
* fixed a building race condition in the copying of header
files
* EDNS0 extended rcode; the correct assembled code number
is now printed (still in the EDNS0 field, though)
* ldns_pkt_rr no longer leaks memory (in fact, it no longer
copies anything all)
API addition:
* ldns_key now has support for 'external' data, in which
case the OpenSSL EVP structures are not used;
ldns_key_set_external_key() and ldns_key_external_key()
* added ldns_key_get_file_base_name() which creates a
'default' filename base string for key storage, of the
form "K<zone>+<algorithm>+<keytag>"
* the ldns_dnssec_* family of structures now have deep_free()
functions, which also free the ldns_rr's contained in them
* there is now an ldns_match_wildcard() function, which checks
whether a domain name matches a wildcard name
* ldns_sign_public has been split up; this resulted in the
addition of ldns_create_empty_rrsig() and
ldns_sign_public_buffer()
Examples:
* ldns-signzone can now automatically add DNSKEY records when
using an OpenSSL engine, as it already did when using key
files
* added new example tool: ldns-nsec3-hash
* ldns-dpa can now filter on specific query name and types
* ldnsd has fixes for the zone name, a fix for the return
value of recvfrom(), and an memory initialization fix
(Thanks to Colm MacCárthaigh for the patch)
* Fixed memory leaks in ldnsd
1.4.1
Bug fixes:
* fixed a build issue where ldns lib existence was done too early
* removed unnecessary check for pcap.h
* NSEC3 optout flag now correctly printed in string output
* inttypes.h moved to configured inclusion
* fixed NSEC3 type bitmaps for empty nonterminals and unsigned
delegations
API addition:
* for that last fix, we added a new function
ldns_dname_add_from() that can clone parts of a dname
The Perl script colordiff is a wrapper for 'diff' and produces the
same output but with pretty 'syntax' highlighting. Colour schemes can
be customized.
