For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.
Here is security related changes.
* Security Fix: The server failed to check the table name argument of
a COM_FIELD_LIST command packet for validity and compliance to
acceptable table name standards. This could be exploited to bypass
almost all forms of checks for privileges and table-level grants by
providing a specially crafted table name argument to COM_FIELD_LIST.
In MySQL 5.0 and above, this allowed an authenticated user with
SELECT privileges on one table to obtain the field definitions of
any table in all other databases and potentially of other MySQL
instances accessible from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated user
with DELETE or SELECT privileges on one table could delete or read
content from any other table in all databases on this server, and
potentially of other MySQL instances accessible from the server's
file system. (Bug#53371, CVE-2010-1848)
* Security Fix: The server was susceptible to a buffer-overflow attack
due to a failure to perform bounds checking on the table name
argument of a COM_FIELD_LIST command packet. By sending long data
for the table name, a buffer is overflown, which could be exploited
by an authenticated user to inject malicious code. (Bug#53237,
CVE-2010-1850)
* Security Fix: The server could be tricked into reading packets
indefinitely if it received a packet larger than the maximum size of
one packet. (Bug#50974, CVE-2010-1849)
- Consolidated support for pydb, bashdb and remake.
Further changes:
Added LICENSE
Changed PAPERSIZE patching to use SUBST framework
Cleaned up pkglint fallout
OpenSSL CHANGES
_______________
Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
*) VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
[Steven M. Schweda" <sms@antinode.info>]
Fixes:
* Added missing memory deallocation call in DNS lookup code.
* Minor fixes to configure script
Changes/Additions:
* Added "YearTotals" config option for main index page totals
* deletion of unattached GDL added.
* Polish translation update by Emil.
* fix UADDR list redisplay problem.
* fix a crash of dc_gui2_stat when there is nothing to display.
* add upload stat to dc_gui2_stat (only DCTC v0.85.9 provides upload logs).
* fix a user display problem. If a user entering the hub is already created
(used by GDL, upload, share list, ...), he was not displayed in the user
clist.
* Fix incorrect global stat values occuring when multiple 'done' files are
loaded.
* Bittorrent tab is handled by an external program: dc_gui2_bt
* To ease development of future external program, most of the configuration is
* now store in gconf instead gnome_config.
* dc_gui2 command line parameters are back (dc_gui2 --help for the list).
* update .spec file to support fedora (based on Sammy Atmadja modification).
* 'done' log file contains upload log.
* fix the incorrect information sent to the UI when uploading a file bigger than
2GB (only the display is buggy, the transfer works).
* update .spec file to support fedora (based on Sammy Atmadja modification).
* Don't include LGPL preamble in Debian changelog
* Changes standards version to 3.8.3
* LT_CONFIG_LTDL_DIR appears to be incompatible with libtool 2
* update changelog
* Resolve various libtoolize warnings
* Use standards version 3.8.2
* Use debhelper 7
* Changelog entry for pending upstream release
* Move libvanessa-adt-dev to section libdevel
* Don't use ./mkinstalldirs as it may not exist
* Use policy version 3.8.0 instead of 3.7.2
* set -e in postinst script for libvanessa-adt0 to fail on any errors
* Use name instead of nickname
* Always use email address in copyright notice
* more...
* Bump changelog date so it is after the release of standards version 3.8.3
* Don't include full LGPL text in Debian changelog
* Update to standards version 3.8.3
* LT_CONFIG_LTDL_DIR appears to be incompatible with libtool 2
* move dev documentation should go in dev package
* Use dh_prep as dh_clean -k is deprecated
* Versioned build dependency on debhelper 7
* syntax error in changelog
* Use debhelper compatibility level 7
* new package contains an updated config.{sub,guess} and thus closes#532527
* Update standards version to 3.8.2
* Resolve various libtoolize warnings
* libvanessa-socket-dev: Remove dependancy on libc6-dev
* more...
* A new, more permissive license allows people to distribute versions of
Mail Avenger that are linked with OpenSSL.
* Some minor corrections to manual pages, thanks to Dererk.
Changes 0.8.0:
* Minor changes for compilation under gcc 4.3.0.
* Fsync the destination directory and expliticly update its times when
delivering a message to a maildir.
* New compile option '-x'. This causes the compiler to produce an
executable program. '-fmain' is deprecated.
* Remove long option --verbose. Use '-v' for verbosity. Problem is
with getopt_long_only which does not like eg. -mv
* New conformity option -std=bs2000.
* FUNCTION is implemented. See cobc/reserved.c for a list of what is
implemented.
* Nested programs are partially supported.
* LINAGE is implemented.
* EXTERNAL on FD is implemented.
* SAME RECORD AREA is implemented.
* New config variables -
* Support for non-gcc compilers.
* Large file support, system dynamic loading and Berkeley DB inclusion
are default for the configure.
* New configure option --with-patch-level=<n>
* At run time, version checking is done. ie. When executing/loading
Cobol programs, the version (eg. 0.33) and the patch level (eg. 0)
are checked against the OC library version/patch level.
* Libtool is not required for systems that support native dynamic
loading. This includes Linux, Cygwin and MingW amongst others.
* Note to developers : See README for required software versions.
* OS X: fixed TM configuration tab to show languages list
* fixed bug introduced in 1.4.3 that caused "Update from POT file"
to clear metadata in catalog header
* added Kazakh translation
Changes 1.4.5:
* OS X: fixed Find to actually show hits in text control
* OS X: fixed "Check for updates" preference broken by 1.4.4
Changes 1.4.4:
* sort catalogs in the manager alphabetically
* fixed escaping of quotes in catalog headers
* fixed reformatting of obsolete entries in catalogs
* fixed list selection visibility on Windows 7
* Windows: automatically check for available updates
Changes 1.4.3:
* Unix: fixed crash with Zemberek spell-checker backend installed
* fixed parsing of catalogs produced with xgettext --indent
* fixed TM updating broken in 1.3.5
* support GNOME's xml2po file references
* fixed handling of "%" in filenames
* added more translations:
* Support for Berkeley DB 5.0.
* Drop support for Python 3.0.
* Now you can use TMPDIR env variable to override default
test directory ("/tmp").
* Versioning of C API. If you use the code from C, please
check the bsddb_api->api_version number against
PYBSDDB_API_VERSION macro.
* In C code, the bsddb_api->dbsequence_type component is always available,
even if the Berkeley DB version used doesn't support sequences. In that
case, the component will be NULL.
* In C code, "DBSequenceObject_Check()" macro always exists, even if the
Berkeley DB version used doesn't suport sequences. In that case, the test
macro always returns "false".
* For a long time, the API has been accesible via C using "_bsddb.api" or
"_pybsddb.api". If you are using Python >=2.7, you acquire access to that
API via the new Capsule protocol (see "bsddb.h"). If you use the C API and
upgrade to Python 2.7 and up, you must update the access code (see
"bsddb.h"). The Capsule protocol is not supported in Python 3.0, but
pybsddb 5.0.x doesn't support Python 3.0 anymore.
* Capsule support was buggy. The string passed in to PyCapsule_New() must
outlive the capsule.
* Solve an "Overflow" warning in the testsuite running under python 2.3.
* When doing a complete full-matrix test, any warning will be considered
an error.
data. The software is distributed in source code form, and developers can
compile and link the source code into a single library for inclusion
directly in their applications.
Developers may choose to store data in any of several different storage
structures to satisfy the requirements of a particular application. In
database terminology, these storage structures and the code that operates on
them are called access methods. The library includes support for the
following access methods:
* B+tree: Stores keys in sorted order, using either a programmer-supplied
ordering function or a default function that does lexicographical
ordering of keys. Applications may perform equality or range searches.
* Hashing: Stores records in a hash table for fast searches based on
strict equality. Extended Linear Hashing modifies the hash function
used by the table as new records are inserted, in order to keep buckets
underfull in the steady state.
* Fixed and Variable-Length Records: Stores fixed- or variable-length
records in sequential order. Record numbers may be immutable or
mutable, i.e., permitting new records to be inserted between existing
records or requiring that new records be added only at the end of the
database.
* The log file format changed in 11gR2.
* Replication Manager sites can specify one or more possible client-to-client
peers.
* Added resource management feature in all Berkeley DB APIs to automatically
manage cursor and database handles by closing them when they are not
required, if they are not yet closed.
* Added a SQL interface to the Berkeley DB library. The interface is based on -
and a drop-in-replacement for - the SQLite API. It can be accessed via a
command line utility, a C API, or existing APIs built for SQLite.
* Added hash databases support to the DB->compact interface.
* Renamed the "db_sql" utility to "db_sql_codegen". This utility is not built
by default. To build this utility, enter --enable-sql_codegen as an argument
to configure.
* Added transactional support in db_sql_codegen utility. Specify TRANSACTIONAL
or NONTRANSACTIONAL in hint comments in SQL statement, db_sql_codegen
enable/disable transaction in generated code accordingly.
* Added the feature read-your-writes consistency that allows client application
to check, or wait for a specific transaction to be replicated from the master
before reading database.
* Added DB log verification feature, accessible via the API and a new utility.
This feature can help debugging and analysis.
* Added support for applications to assign master/client role explicitly at any
time. Replication Manager can now be configured not to initiate elections.
* more...
* Several bugs in filename sorting in the Dolphin file manager have been
fixed
* Issues with encoded filenames in ZIP archives have been fixed
* A number of bugs in games, such as KMines, KNetwalk and LSkat and
KSpaceDuel have been fixed
The changelog lists more
Clutter-GTK 0.10.4 18/03/2010
==================================
* Depend on gtk+ >= 2.19.5
* Depend on clutter >= 1.2.0
* Fix introspection annotations for GtkClutterEmbed,
GtkClutterScrollable and GtkClutterZoomable
* Do no use deprecated gtk+ API
* Documentation fixes
