Welcome to phpMyAdmin 3.4.6, a bugfix and minor security release.
Please refer to the upcoming PMASA-2011-15 and -16 announcements on
http://www.phpmyadmin.net/home_page/security/.
From release announce:
Dead TYPO3 community,
the TYPO3 core team has just released TYPO3 version 4.5.7, which is now
ready for you to download. This is a maintenance release of the LTS
version of TYPO3v4 and contains bugfixes and a security fix which is
only exploitable by admins.
See this article about the new policy of security team for this situation:
http://buzz.typo3.org/teams/security/article/incident-handling-of-typo3-core-issues/
Changes from previous:
0.81 2011-04-27
- Slight improvements to Squatting::With::MockRequest were made
to facilitate doing static exports of Rhetoric sites.
0.80 2011-04-27
- [ MAJOR API CHANGE! ]
- You don't say: use base 'Squatting' anymore.
- When creating a Squatting app,
you just say: use Squatting;
- You don't say: use Squatting ':controllers' or
use Squatting ':views' anymore
- use Squatting takes care of what those statements used to do.
- Squatting::H->merge renamed to Squatting::H->extend to
be consistent w/ the way these words are used in contemporary
Javascript libraries.
- Added Squatting::With::PerHostConfig
- hacked bin/squatting so that the console experience is a bit nicer.
App->get and App->post will work a tiny bit more reliably.
Recent versions of p5-POE-Component-IRC requires this module.
The functions in this module take care of many of the tasks you are
faced with when working with IRC. Mode lines, ban masks, message
encoding and formatting, etc.
Changelog is long, but I feel this should be included.
Changelog:
mpg321 (0.2.13-4) unstable; urgency=low
* Fixed bug when trying to "load file" from a remote instance and
an error was raised repeatdly until mpg321 process died with
"too many open files". (Closes: Bug#128676)
* Added '-3' or '--restart' option that handles non existent or
corrupted files more elegantly when in remote mode. When option
is enabled the remote shell does not die and is restarted waiting
for a new command.
* Fixed FTBFS for mpg321 by removing debian_changes patch file in
debian/patches directory. (Closes: Bug#643222).
-- Nanakos Chrysostomos <nanakos@wired-net.gr> Thu, 29 Sep 2011 19:33:24 +0300
mpg321 (0.2.13-3) unstable; urgency=low
* Fixed the really annoying bug which didn't restore the TTY
when mpg321 exited.
* Updated S-V to 3.9.2
- debian/copyright file has been revised.
- debian/rules file has been revised.
* Fixed '-a' option to conform with ALSA's uniform device naming. Also
changed man to conform with this change. Now you can use alsa driver
by setting the name of the audio device using the hw:x,y syntax,
where x and y are numbers. For example, if there is only one device
installed, in most cases, the device should be named hw:0,0.
When there is only one device, the device should always have the
same name and numbers. Finally if the default driver which mpg321
is compiled is ALSA then you don't have to specify it with the '-o'
option and you can use '-a' only to specify the audio device.
(Closes: Bug#623941).
-- Nanakos Chrysostomos <nanakos@wired-net.gr> Sun, 24 Jul 2011 15:08:09 +0300
mpg321 (0.2.13-2) unstable; urgency=low
* Added '-K' option so the user can enable/disable the Basic Keys
functionality. This also resolves the 100% CPU problem when mpg321
is run by asterisk for music hold on.
Thanks to James Bottomley for pointing that out. (Closes: Bug#619773).
* Added new algorithm when playing files randomly until interrupted. The
advertised behavior is much better than the previous one.Patch from
Peter Selinger.Thanks.
-- Nanakos Chrysostomos <nanakos@wired-net.gr> Tue, 05 Apr 2011 23:23:54 +0200
mpg321 (0.2.13-1) unstable; urgency=low
* Added uClinux support for embedded systems (Blackfin, Atmel and others).
* Added some Basic Control Keys, Volume Up/Down & Skip, for the moment.
* Updated S-V to 3.9.1
- debian/copyright file has been revised.
* If mmap() fails we fall back to read(). (Closes: Bug#148971).
(Closes: Bug#196787)
* Removed built-in getopt function.
* Problem solved when -x option was invoked and mpg321 couldn't obtain the
current terminal file. If none is forthcoming (e.g. xterm window ops are
disabled) then mpg321 does not block.
* Removed the dependency for the libaudio-scrobbler-perl package from
debian/control file. (Closes: Bug#588051).
* Added LDFLAGS += -Wl,-z,defs -Wl,--as-needed in debian/rules file
to limit the dependencies a bit. Dropped '-c' option from 'install'
command. Thanks to Sven Hoexter <sven@timegate.de>.
-- Nanakos Chrysostomos <nanakos@wired-net.gr> Sun, 20 Feb 2011 15:35:00 +0300
mpg321 (0.2.12-1) unstable; urgency=high
* New upstream release.
* Added AudioScrobbler support.
* Added FFT analysis support on PCM data for Remote mode play.
* mpg123 has been relicensed under the LGPL/GPL. Changed man page
accordingly. (Closes: Bug#533674).
* mpg321 now exits code 1 after failing to play music. (Closes: Bug#501334).
* Fixed ID3v2 tag problem which resulted in a splat-sound at the start of
the file. Patch from Martin Wellard. Thanks.
* Added support for recursive reading of directories. Patch from Giuseppe
Scrivano <gscrivano@gnu.org> and Michal Cihar <nijel@debian.org>.
(Closes: Bug#266887).
* Updated S-V to 3.9.0
- debian/copyright file is now UTF-8 encoded.
-- Nanakos Chrysostomos <nanakos@wired-net.gr> Tue, 29 Jun 2010 21:44:36 +0300
mpg321 (0.2.11-3) unstable; urgency=high
* Now mpg321 displays the right MPEG version. (Closes: Bug#197726).
* New function added for restoring the correct xterm title.
* New troubleshooting information added for the resources that mpg321
uses for xterm control.
* Bug #182122 should close now because in this version of Debian we don't
face such problems. So i am closing this bug. (Closes: Bug#182122).
* Man page now includes the new "-l" option. (Closes: Bug#575836).
Thanks to Memnon Anon.
* Tried to reproduce the same experiment as Bug #388587 and
i don't see any problem.
If someone else can simulate the same problem, please report the bug
and the way to simulate it again.So i am closing thsi bug also.
(Closes: Bug#388587)
* Anyone who wants to use the "-a" option can follow the information from
the manpage. To give an example: "mpg321 -a /dev/dsp song.mp3".
So Bug #286176 should close.The "-a" option seems to work fine.
(Closes: Bug#286176).
* Properly added DM-Upload-Allowed: yes to source section of control file.
* Adjusted watch file properly to eliminate errors of uscan.
* Bumped debhelper versioned Build-Depends to 7, and updated
debian/compat.
* Bumped libao-dev versioned Build-Depends to 1.0.0.
* Fixed libao-dev problem with the new structure option
in ao_format_sample structure. In a near future version
mpg321 will utilise the power of this new libao option.
(Closes: Bug#580062, Bug#580193)
-- Nanakos Chrysostomos <nanakos@wired-net.gr> Sun, 24 May 2010 12:45:08 +0200
mpg321 (0.2.11-2) unstable; urgency=high
* Fixed PATH_MAX POSIX constant needed for GNU/Hurd compilation.
* Fixed compilation errors for MIPS and MIPSEL architectures
by reporting the libmad bug to the pkg-maintainers.Bug fixed and
closed. Thanks.
* Changed to Quilt patch maintenance system.
* Added xterm title setting option so to enable/disable the feature.
Also gmusicbrowser doesn't crash anymore.
(Closes: Bug#566544),(Closes: Bug#567104).
* mpg321 can stream a URL from 0.2.10.1 version. Bug#166512 should
have already been closed. (Closes: Bug#166512).
* mpg321 has already been adopted. (Closes: Bug#533671).
-- Nanakos Chrysostomos <nanakos@wired-net.gr> Sun, 21 Feb 2010 12:51:08 +0200
mpg321 (0.2.11-1) unstable; urgency=low
* New upstream release.
* New maintainer (Closes: Bug#471770).
* Updated S-V to 3.8.3.
* Added HTTP Proxy support with Basic Authentication mechanism
from Chrysostomos Nanakos <nanakos@wired-net.gr>.
* ID3 tags now display on all files when playing a list of files and
you haven't pressed CTRL-C to switch between them.
* Make volume scaling work entirely within fixed point. This is the
way it should have been to begin with.
* Add patch to support IPv6 from Carlos Jesus Bernandos Cano.
This is now the default in the Debian packages.
(Closes: Bug#182480).
* Fix up maintainer scripts to not quit on unknown arguments.
* Add GAIN option to remote control mode.
Patch from Ralf Engels <ralf-engels@gmx.de>.
* Improve shuffling/randomizing code. Patch from Bas Zoetekouw - thanks!
(Closes: Bug#153594).
* Moritz Jodeit <moritz@jodeit.org>:
* Make http://some.server.name (no trailing slash) work.
* Fix other networking issues.
* Fix some format string issues.
* Change use of random() to rand() because random() on Solaris
doesn't return up to RAND_MAX, but 2**31.
* Add patch from Mario <diverses@univecom.ch> to better
support HTTP and Shoutcast streams.
* Nanakos Chrysostomos <nanakos@wired-net.gr>:
* Run autoreconf to update the buildsystem to
current versions of autotools.
* [debian/ruls] Use dh_installman instead of dh_installmanpages
* Add debian/mime and call dh_installmime.
(Closes: Bug#207871).
* Use ifneq and not ifeq to set options for INSTALL when
DEB_BUILD_OPTIONS has nostrip.
(Closes: Bug#163399).
* Acknowledge NMU (Thanks Mario Lang).
(Closes: Bug#186968).
* Print the current frame number of the current file when playing
multiple files in verbose mode. Patch from Piotr Sulecki - thanks.
(Closes: Bug#269118).
* Patch from Gergely Szasz to fix crash when GAIN is
set in remote mode without an argument.
* Add support for winamp playlists.
(Filter out line with # at the beginning).
Patch from Manolis Stamatogiannakis.
* Patch from David G. Andersen to check return value of read and only
decode the right number of bytes.
* Fix off-by-one in networking code parsing ftp reply.
* Add loop option. Patch from Nicolas Bonifas.
(Closes: Bug#158950).
* Add output remote mode to distinguish between stopping playback and
the song finishing. Patch from Nicolas Bonifas.
* Reinitialise the current playback time when rewinding.
Another patch from Nicolas Bonifas.
* Only show the verbose option once in the usage text.
(Closes: Bug#285959).
* Add xterm title support.Patch from Chrysostomos Nanakos.
-- Nanakos Chrysostomos <nanakos@wired-net.gr> Tue, 11 Jan 2010 19:17:42 +0200
mpg321 (0.2.10.6) unstable; urgency=low
* QA upload.
* Don't use update-alternatives --auto in prerm. (Closes: #506892).
-- Barry deFreese <bdefreese@debian.org> Wed, 26 Nov 2008 13:10:23 -0500
mpg321 (0.2.10.5) unstable; urgency=low
* QA upload.
+ Set maintainer to Debian QA Group <packages@qa.debian.org>.
* Add large file support. (Closes: #152392).
+ Thanks to Clint Adams for the patch.
* Avoid crashing on non mp3 files. (Closes: #458035).
+ Thanks to Justin Pryzby for the patch.
* Don't scan file before playback. (Closes: #500102).
+ Thanks to Mikko Rapeli for the patch.
* Don't leave dangling symlink. (Closes: #227713).
+ Thanks to Donggyoo Lee for the patch.
* README.remote should use @P not @S. (Closes: #153596).
+ Add STOP comments.
* Make AM_PATH_AO XIPH_PATH_AO in configure.ac.
* Escape hyphens in manpage.
* Bump debhelper build-dep to 5.
* Move DH_COMPAT to debian/compat and set to 5.
* Make distclean not ignore errors.
* Bump Standards Version to 3.8.0.
-- Barry deFreese <bdefreese@debian.org> Tue, 11 Nov 2008 14:25:12 -0500
mpg321 (0.2.10.4) unstable; urgency=low
* NMU
* Update description: mpg123 is now free. Closes: #390358
-- Joey Hess <joeyh@debian.org> Mon, 10 Sep 2007 16:22:35 -0400
mpg321 (0.2.10.3) unstable; urgency=high
* Non-maintainer upload by the Security Team
* Fix format string vulnerabilities (CAN-2003-0969)
-- Matt Zimmerman <mdz@debian.org> Sun, 4 Jan 2004 11:50:39 -0800
mpg321 (0.2.10.1-1.1) unstable; urgency=low
* NMU
* Apply patch to close fd (Closes: Bug#178948)
-- Mario Lang <mlang@debian.org> Mon, 31 Mar 2003 10:56:12 +0200
mpg321 (0.2.10.1) unstable; urgency=low
* Check both for file existing and link existing in fix-mistake code in
postinst (Closes: Bug#140622)
-- Joe Drew <drew@debian.org> Wed, 3 Apr 2002 23:12:22 -0500
Changelog:
Version 1.4.25:
- DIGEST-MD5 authentication is not considered secure any longer. See RFC 6331.
- Support for alias expansion was added. See the aliases command and --aliases
option.
Changes from previous:
0.006007 - 12 Sep 2011
- Depend on B::Hooks::OP::Check version 0.19, which fixes a serious bug in
how it interacts with other modules that hook ops.
- Initialize immediately upon loading the module, so that "was Devel::Declare
loaded soon enough" errors in string eval can be fixed by loading the
module earlier without having to also actually use the module earlier.
- Adjust toke_scan_str logic to always show a positive effective length of
string source.
- Return undef from toke_scan_str if string was unterminated.
- Detect and croak if unwanted reallocation occurs during toke_scan_str.
- Avoid memory leak in toke_scan_str.
- Give Devel::Declare::Context::Simple a version number.
- Add MYMETA.{json,yml} to MANIFEST.SKIP and .gitignore.
0.006006 - 23 Aug 2011
- Increase default linestr size to avoid reallocations (Zefram).
Changes from previous:
1.41 Sun 17 Apr 2011
- Add Text::Dif::Config to MANIFEST.
1.40 Sat 16 Apr 2011
- Added DIFF_OUTPUT_UNICODE env variable to allow outputting unicode
characters. Thanks to Shlomi Fish for the patch.
Taking a hint from the similarly-named Java Cryptography Architecture,
QCA aims to provide a straightforward and cross-platform crypto
API, using Qt datatypes and conventions. QCA separates the API from
the implementation, using plugins known as Providers. The advantage
of this model is to allow applications to avoid linking to or
explicitly depending on any particular cryptographic library. This
allows one to easily change or upgrade crypto implementations
without even needing to recompile the application. QCA should work
everywhere Qt does, including Windows/Unix/MacOSX.
Capabilities:
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)
This is the GnuPG plugin.
Packaged by jfranz@bsdprojects.net.
pkgsrc change: now what sqlite3 has been imported into NetBSD, enable it
Asterisk Project Security Advisory - AST-2011-012
Product Asterisk
Summary Remote crash vulnerability in SIP channel driver
Nature of Advisory Remote crash
Susceptibility Remote authenticated sessions
Severity Critical
Exploits Known No
Reported On October 4, 2011
Reported By Ehsan Foroughi
Posted On October 17, 2011
Last Updated On October 17, 2011
Advisory Contact Terry Wilson <twilson@digium.com>
CVE Name CVE-2011-4063
Description A remote authenticated user can cause a crash with a
malformed request due to an unitialized variable.
Resolution Ensure variables are initialized in all cases when parsing
the request.
Affected Versions
Product Release Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 10.x All versions (currently in beta)
Corrected In
Product Release
Asterisk Open Source 1.8.7.1, 10.0.0-rc1
Patches
Download URL Revision
http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8
http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff 10
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-012.pdf and
http://downloads.digium.com/pub/security/AST-2011-012.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-012
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
Changes from previous:
---
version: 0.13
date: Sun May 15 17:08:56 EST 2011
changes:
- Use Stardoc
- use Package
---
version: 0.12
date: Sun May 15 12:46:44 EST 2011
changes:
- Forgot to 'use Encode'. doh!
---
version: 0.11
date: Sun May 15 12:11:50 EST 2011
changes:
- Finally works with utf8 templates and yaml. \o/
---
version: 0.10
date: Mon Nov 29 09:58:35 EST 2010
changes:
- Skip tests if YAML::XS not installed.
Changes from previous:
0.15 - 2011.04.17 - SAPER #PerlQA2011
- [DIST] CPAN-RT#54456: Set INSTALLDIRS to "site" when installed on
Perl 5.11+ (thanks to Todd Rinaldo).
- [DOC] Document a known bug under Perl 5.8.4 and 5.8.5.
- [TESTS] Fixed tests to pass under Perl 5.8.4 and 5.8.5.
0.14 - 2011.04.16 - SAPER #PerlQA2011
- [CODE] Updated from bleadperl:
- XSLoader::load() with no arguments can use caller to find
a default package (Nicholas Clark).
- Avoid defining a full XSLoader::bootstrap_inherit post 5.6,
as it's not needed (Nicholas Clark).
- Small optimisation: for the generated XSLoader.pm, avoid a
runtime lexical which is constant (Nicholas Clark).
- [TESTS] Updated from bleadperl, solving RT-CPAN #54132, #61332.
- [TESTS] Fixed tests for old Perls.
- [TESTS] Added t/00-load.t and t/01-api.t, to provide basic tests
when the main ones are skipped.
