This is an unscheduled bugfix release containing two security fixes
for issues we uncovered in both Git and Mercurial for CVE-2014-9390.
Users on Mac and Windows are encouraged to upgrade.
context: stop setting None for modified or added nodes
darwin: omit ignorable codepoints when normcase()ing a file path
encoding: add hfsignoreclean to clean out HFS-ignored characters
largefiles: don't actually remove largefiles in an addremove dry run
log: fix log -f slow path to actually follow history
log: fix log revset instability
manifest: disallow setting the node id of an entry to None
pathauditor: check for Windows shortname aliases
pathauditor: check for codepoints ignored on OS X
rebase: ignore negative state when updating back to original wc parent
update: add tests for untracked local file
update: don't overwrite untracked ignored files on update
RELEASE 1.0.4
-------------
- Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#1490118)
- Fix bug where show_real_foldernames setting wasn't honored on compose page (#1490153)
- Fix issue where Archive folder wasn't protected in Folder Manager (#1490154)
- Fix compatibility with PHP 5.2. in rcube_imap_generic (#1490115)
- Fix setting flags on servers with no PERMANENTFLAGS response (#1490087)
- Fix regression in SHAA password generation in ldap driver of password plugin (#1490094)
- Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103)
- Fix font style display issue in HTML messages with styled <span> elements (#1490101)
- Fix download of attachments that are part of TNEF message (#1490091)
- Fix handling of uuencoded messages if messages_cache is enabled (#1490108)
- Fix handling of base64-encoded attachments with extra spaces (#1490111)
- Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046)
- Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113)
- Fix reply scrolling issue with text mode and start message below the quote (#1490114)
- Fix possible issues in skin/skin_path config handling (#1490125)
- Fix lack of delimiter for recipient addresses in smtp_log (#1490150)
- Fix generation of Blowfish-based password hashes (#1490184)
- Fix bugs where CSRF attacks were still possible on some requests
* We used to allow committing a path ".Git/config" with Git that is
running on a case sensitive filesystem, but an attempt to check out
such a path with Git that runs on a case insensitive filesystem
would have clobbered ".git/config", which is definitely not what
the user would have expected. Git now prevents you from tracking
a path with ".Git" (in any case combination) as a path component.
* On Windows, certain path components that are different from ".git"
are mapped to ".git", e.g. "git~1/config" is treated as if it were
".git/config". HFS+ has a similar issue, where certain unicode
codepoints are ignored, e.g. ".g\u200cit/config" is treated as if
it were ".git/config". Pathnames with these potential issues are
rejected on the affected systems. Git on systems that are not
affected by this issue (e.g. Linux) can also be configured to
reject them to ensure cross platform interoperability of the hosted
projects.
* "git fsck" notices a tree object that records such a path that can
be confused with ".git", and with receive.fsckObjects configuration
set to true, an attempt to "git push" such a tree object will be
rejected. Such a path may not be a problem on some filesystems
but in order to protect those on HFS+ and on case insensitive
filesystems, this check is enabled on all platforms.
A big "thanks!" for bringing this issue to us goes to our friends in
the Mercurial land, namely, Matt Mackall and Augie Fackler.
Also contains typofixes, documentation updates and trivial code clean-ups.
Changes since v2.2.0 are as follows:
Hartmut Henkel (1):
l10n: de.po: fix typos
Jeff King (8):
unpack-trees: propagate errors adding entries to the index
read-tree: add tests for confusing paths like ".." and ".git"
verify_dotfile(): reject .git case-insensitively
t1450: refactor ".", "..", and ".git" fsck tests
fsck: notice .git case-insensitively
utf8: add is_hfs_dotgit() helper
read-cache: optionally disallow HFS+ .git variants
fsck: complain about HFS+ ".git" aliases in trees
Johannes Schindelin (3):
path: add is_ntfs_dotgit() helper
read-cache: optionally disallow NTFS .git variants
fsck: complain about NTFS ".git" aliases in trees
Several patches are dropped because they were integrated upsteam.
(Approval during freeze by wiz@.)
Upstream changes since 0.3.1 from
https://savannah.nongnu.org/forum/forum.php?forum_id=8094
Item posted by Todd Kover <kovert> on Thu 11 Sep 2014 01:05:20 AM GMT.
I am pleased to announce the release of spamass-milt version 0.4.0.
This is the first of what I hope are a number of maintenance releases
with the goal to eliminate the outstanding bug/patch/feature requests:
The following changes are included in this release
- -C option to change the default reject code
- -S option to specify a path to sendmail (for the -x option)
- -R option to specify the rejection message
- -a option to skip messages that were authenticated
- IPv6 address support
- zombie process fix for the - option introduced in 0.3.2
This also includes the fix for CVE-2010-1132 that was in the unannounced but generated 0.3.2 release.
XXX: couldn't convince it to use pkgsrc libraries for libdvdnav
and libdvdread though
XXX: musepack support is old-fashioned, so I haven't enabled the pkgsrc
dependency since xine would then conflict with vlc
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the sqlite3 shared libraries.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the sqlite3 shared libraries.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the gstreamer shared libraries.
