Fix CVE-2013-0333.
There is a vulnerability in the JSON code for Ruby on Rails which
allows attackers to bypass authentication systems, inject arbitrary
SQL, inject and execute arbitrary code, or perform a DoS attack on a
Rails application.
## Rails 3.0.20 (unreleased)
* Fix XML serialization of methods that return nil to not be
considered as YAML (GH #8853 and GH #492)
Fix CVE-2013-0333.
There is a vulnerability in the JSON code for Ruby on Rails which
allows attackers to bypass authentication systems, inject arbitrary
SQL, inject and execute arbitrary code, or perform a DoS attack on a
Rails application.
## Rails 3.0.20 (unreleased)
* Fix XML serialization of methods that return nil to not be
considered as YAML (GH #8853 and GH #492)
It's Courier, just better.
Since the beginning, screenplays have been written in Courier. Its
uniformity allows filmmakers to make handy comparisons and estimates,
such as 1 page = 1 minute of screen time.
But there's no reason Courier has to look terrible. We set out to
make the best damn Courier ever.
We call it Courier Prime.
2013-01-22 Rasqal Version 0.9.30 Released
Removed RDQL support as promised. So long and thanks for all the
queries. Use SPARQL instead.
Improved floating equality, comparison and promotion rules
Made other fixes and improvements including fixing reported issues:
0000506, 0000511 and 0000523.
0.17.4 (2013-01-03)
===================
Bugs fixed
----------
* Garbage collection triggered during deallocation of container classes could lead to a double-deallocation.
pkg-config 0.28
===
- Fixed a pair of long-standing and intertwined bugs involving unwanted
removal of flags. The first is that other Libs flags like -Wl are now
kept in context order with -l flags. The second is that aggressive
removal of all duplicate arguments has been scaled back so that just
consecutive duplicate arguments are removed. One result of this change
is that some flags could be repeated in the final output, especially
flags from non-pkg-config packages like -lm. Since pkg-config rarely
has enough knowledge here about the right thing to do, we throw the
duplicate arguments at the compiler/linker and trust it will do the
right thing.
- Fixed an old bug to allow circular Requires. This fix brings along a
small behavior change in that pkg-config resolves requires depth
first, causing some lower level flags to show up earlier in the output
than previously.
- Cleaned up many corner-case bugs and ambiguous behavior in
pkg-config's interface. Thanks to Michał Górny for finding so many of
these.
- New autoconf macro PKG_CHECK_VAR for reading variables from .pc files.
- Default to suppressing -L/lib and/or -L/lib64 like their /usr
counterparts.
- To help support multiarch scenarios out of the box, $host-pkg-config
is now installed unless --disable-host-tool is passed to configure.
***disabled in pkgsrc***
- Added optional gcov usage through the --with-gcov configure option. As
a result, many more tests were added to greatly increase the coverage
of the code to 86% of executed lines on a Fedora 18 machine.
- Bugs fixed: 130, 7331, 16101, 17053, 19950, 34504, 48098, 54231,
54271, 54379, 54384, 54386, 54388, 54389, 54390, 54391, 54427, 54463,
54716, 57078, 58363, 59435.
This minor maintenance release includes several years of build improvements,
cleanups, and bug fixes; including making the build configuration scripts
compatible with automake-1.13.
Alan Coopersmith (7):
Adopt X.Org standard coding style (via x-indent.sh)
Initialize font to 0 values directly instead of via bzero
Combine usage message strings
Add -v flag to print version info
Use symbolic names instead of raw integers for stdin & stdout fd's
Use remove() instead of unlink() to remove files
bdftopcf 1.0.4
Gaetan Nadon (4):
config: use AC_PROG_INSTALL now supplied by XORG_DEFAULT_OPTIONS
config: replace deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS
man: remove trailing spaces and tabs
config: move man pages into their own directory
Features:
* Drag&Drop reordering of photos in the plugin admin
* Unlimited, auto-discovered custom templates - you can change template of
given gallery at anytime, use javascript galleries etc.
based on a source image. So whenever a thumbnail does not exist or if the
source was modified more recently than the existing thumbnail, a new thumbnail
is generated (and saved).
* The attribute mechanism didn't allow limiting attributes to be
applied to only a single directory itself with "path/" like the
exclude mechanism does.
* When attempting to read the XDG-style $HOME/.config/git/config and
finding that $HOME/.config/git is a file, we gave a wrong error
message, instead of treating the case as "a custom config file does
not exist there" and moving on.
* After failing to create a temporary file using mkstemp(), failing
pathname was not reported correctly on some platforms.
* http transport was wrong to ask for the username when the
authentication is done by certificate identity.
* The behaviour visible to the end users was confusing, when they
attempt to kill a process spawned in the editor that was in turn
launched by Git with SIGINT (or SIGQUIT), as Git would catch that
signal and die. We ignore these signals now.
* A child process that was killed by a signal (e.g. SIGINT) was
reported in an inconsistent way depending on how the process was
spawned by us, with or without a shell in between.
* After "git add -N" and then writing a tree object out of the
index, the cache-tree data structure got corrupted.
* "git apply" misbehaved when fixing whitespace breakages by removing
excess trailing blank lines in some corner cases.
* A tar archive created by "git archive" recorded a directory in a
way that made NetBSD's implementation of "tar" sometimes unhappy.
* When "git clone --separate-git-dir=$over_there" is interrupted, it
failed to remove the real location of the $GIT_DIR it created.
This was most visible when interrupting a submodule update.
* "git fetch --mirror" and fetch that uses other forms of refspec
with wildcard used to attempt to update a symbolic ref that match
the wildcard on the receiving end, which made little sense (the
real ref that is pointed at by the symbolic ref would be updated
anyway). Symbolic refs no longer are affected by such a fetch.
* The "log --graph" codepath fell into infinite loop in some
corner cases.
* "git merge" started calling prepare-commit-msg hook like "git
commit" does some time ago, but forgot to pay attention to the exit
status of the hook.
* "git pack-refs" that ran in parallel to another process that
created new refs had a race that can lose new ones.
* When a line to be wrapped has a solid run of non space characters
whose length exactly is the wrap width, "git shortlog -w" failed
to add a newline after such a line.
* The way "git svn" asked for password using SSH_ASKPASS and
GIT_ASKPASS was not in line with the rest of the system.
* "gitweb", when sorting by age to show repositories with new
activities first, used to sort repositories with absolutely
nothing in it early, which was not very useful.
* "gitweb", when sorting by age to show repositories with new
activities first, used to sort repositories with absolutely
nothing in it early, which was not very useful.
* When autoconf is used, any build on a different commit always ran
"config.status --recheck" even when unnecessary.
* Some scripted programs written in Python did not get updated when
PYTHON_PATH changed.
* We have been carrying a translated and long-unmaintained copy of an
old version of the tutorial; removed.
* Portability issues in many self-test scripts have been addressed.
* `6753235d`: Return bounded output from `rcs_diff()` when asked, as
the API states.
* `e45175d5`: Always explicitly set CVS keyword substitution behavior.
Fixes behavior when a text file is added under a name formerly
used for a binary file.
* `b30cacdf`: If the previous working directory no longer exists after
a CVS operation, don't try to `chdir()` back to it afterward.
Bump PKGREVISION.
