Version 1.6.0
- Re-org of code into multiple files, split HTML and Unix listdir() into
separate functions, various code cleanups and optimizations.
- Fixed a memory leak in listdir() when memory was allocated early and not
freed before function exit.
- Fixed possible buffer overflow where symbolic links are followed.
- Fixed links printing "argetm" before the name of the link when the LINK
setting for DIR_COLORS is set to target (Markus Schnalke
<meillo@marmaro.de>)
- More fully support dir colors -- added support for su, sg, tw, ow, & st
options (and "do" in theory).
- Use the environment variable "TREE_COLORS" instead of "LS_COLORS" for
color information if it exists.
- Added --si flag to print filesizes in SI (powers of 1000) units (Ulrich
Eckhardt)
- Added -Q to quote filenames in double quotes. Does not override -N or -q.
- Control characters are no longer printed in carrot notation, but as
backslashed octal, ala ls, except for codes 7-13 which are printed as
\a, \b, \t, \n, \v, \f and \r respectively. Spaces and backslashes are
also now backslashed as per ls, for better input to scripts unless -Q
is in use (where "'s are backslashed.) (Ujjwal Kumar)
- Added -U for unsorted listings (directory order).
- Added -c for sorting by last status change (ala ls -c).
- --dirsfirst is now a meta-sort and does not override -c, -v, -r or -t, but
is disabled by -U.
- After many requests, added the ability to process the entire tree before
emitting output. Used for the new options --du, which works like the du
command: sums the amount of space under each directory and prints a total
amount used in the report and the --prune option which will prune all empty
directories from the output (makes the -P option output much more readable.)
It should be noted that this will be slow to output when processing large
directory trees and can consume copious amounts of memory, use at your own
peril.
- Added -X option to emit the directory tree in XML format (turns colorization
off always.)
- Added --timefmt option to specify the format of time display (implies -D).
Uses the strftime format.
Version 1.5.3
- Properly quote directories for the system command when tree is relaunched
using the -R option.
- Fixed possible indentation problem if dirs[*] is not properly zeroed
(Martin Nagy).
- Use strcoll() instead of strcmp() to sort files based on locale if set.
- Change "const static" to "static const" to remove some compiler warnings
for Solaris (Kamaraju Kusumanchi).
- Actually use TREE_CHARSET if it's defined.
- Automatically select UTF-8 charset if TREE_CHARSET is not set, and the
locale is set to *UTF-8 (overridden with --charset option.)
Version 1.5.2.2
- Set locale before checking MB_CUR_MAX.
- Added HP-NonStop platform support (Craig McDaniel <craigmcd@gmail.com>)
- Fixed to support 32 bit UID/GIDs.
- Added Solaris build options to Makefile (edit and uncomment to use).
Provided by Wang Quanhong
Version 1.5.2.1
- Added strverscmp.c file for os's without strverscmp. Source file is
attributed to: Jean-Franois Bignolles <bignolle@ecoledoc.ibp.fr>
- Try different approach to MB_CUR_MAX problem.
- Changed the argument to printit() to be signed char to avoid warnings.
Version 1.5.2
- Added --filelimit X option to not descend directories that have more than
X number of files in them.
- Added -v option for version sorting (also called natural sorting) ala ls.
Version 1.5.1.2
- Fixed compile issues related to MB_CUR_MAX on non-linux machines.
- Removed unecessary features.h
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A possible buffer overflow during H.264 format negotiation. The format
attribute resource for H.264 video performs an unsafe read against a media
attribute when parsing the SDP.
This vulnerability only affected Asterisk 11.
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
Changelog:
FIXED
Security fixes can be found here
FIXED
Adjusting font size when composing emails should be easier (Bug 824926)
Fixed in Thunderbird 17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Changelog:
Fixed in Firefox ESR 17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
* Fix infinite GDALOpen recursion with some VRTs (4835)
* Avoid destroying existing overviews (.aux/.rrd) (4831)
* Support recognising NaN better in CPLStrtod() (4799)
* Fix windows declaration for CPLGetErrorHandlerUserData() (4755)
* Fix compilation with Gentoo modified zlib 1.2.6 (4723)
* Look for libgeotiff headers in /usr/include/libgeotiff too (4706)
* Improve warning handling in CPLClearRecodeStubWarningFlags() (4650)
* Fix Solaris compilation bug (4705)
* MorphFromESRI(): compare SPHEROID/PRIMEM parms, not names (4673)
* Avoid iffy casting of OGRWkbGeometryType to int (4847)
* Fix thread safety issue with CPLOpenShared()
Patched libdap2/ncdap3.c to fix DAP performance bug remotely accessing large files (> 2GiB).
Patched ncdump/dumplib.c to properly escape special characters in CDL output from ncdump for netCDF-4 string data.
Upstream changes:
3.94 2013-04-08
- Added is_hidden method to Mojolicious::Routes.
- Removed deprecated start method from Mojolicious::Commands.
- Improved documentation.
- Improved tests.
- Fixed small selector bug in get command.
- Fixed small anchor bug in Mojolicious::Plugin::PODRenderer.
3.93 2013-04-05
- Deprecated Mojo::IOLoop::Delay::end in favor of generated callbacks.
- Improved Mojo::IOLoop::Delay to be able to generate callbacks that can
capture all arguments.
- Improved prefork command to allow -a and -L values below 1 second.
- Improved documentation.
- Improved tests.
- Fixed multiple timing bugs in Mojo::IOLoop::Delay.
3.92 2013-04-03
- Added monotonic clock support to make Mojolicious more resilient to time
jumps.
- Added steady_time function to Mojo::Util.
- Removed deprecated namespace method from Mojolicious::Routes.
- Removed deprecated base_tag helper.
- Improved WebSocket send method to stringify objects. (jberger)
- Improved version command to show required versions of optional
dependencies.
- Improved documentation.
- Improved tests.
- Fixed RFC 6901 compliance of Mojo::JSON::Pointer. (jberger, sri)
- Fixed a few small Unicode bugs in get command.
3.91 2013-03-17
- Improved bad charset handling in Mojo::DOM::HTML.
- Improved documentation.
- Improved tests.
- Fixed HTTPS proxy support for blocking requests in Mojo::UserAgent.
- Fixed support for RFC 2817 in Mojo::Message::Request.
- Fixed whitespace bug in Mojo::DOM::HTML.
- Fixed proxy detection bug in get command.
3.90 2013-03-14
- Added direct array access for parsed parameters to Mojo::Parameters.
- Added direct array access for path parts to Mojo::Path.
- Improved dumper helper to sort hash keys.
- Improved documentation.
- Improved tests.
- Fixed bug in Mojo::Headers that prevented multiline headers from being
parsed correctly.
- Fixed multiline header support in hash representation of Mojo::Headers.
- Fixed cloning bug in Mojo::Headers.
3.89 2013-03-04
- Improved documentation.
- Improved tests.
- Fixed installable scripts to not "use lib", which sadly breaks updated
dual-life modules. (jberger, sri)
- Fixed bug preventing delayed normalization for reused Mojo::Path objects.
- Fixed path matching bug in Mojo::Path.
3.88 2013-03-03
- Improved Mojo::Path to delay normalization as long as possible.
- Improved Mojo::Path performance.
- Improved documentation.
- Improved tests.
- Fixed small domain detection bug in Mojo::UserAgent::CookieJar.
Library
-------
- The library now behaves correctly when performing large I/O operations on
Mac OS-X. Previously, single I/O operations > 2 GB would fail since the
Darwin read/write calls cannot handle the number of bytes that their
parameter types imply.
Fixes HDFFV-7975 and HDFFV-8240 (DER - 07 JAN 2013)
- Fixed a bug in the core VFD that cause failures when opening files > 2 GB.
Fixes HDFFV-8124 and HDFFV-8158 (DER - 07 JAN 2013)
Tools
-----
- The following h5stat test case failed in BG/P machines (and potentially
other machines that display extra output if an MPI task returns with a
non-zero code.)
Testing h5stat notexist.h5
The test script was fixed to ignore the extra output.
HDFFV-8233 (AKC - 2012/12/17)
- h5diff: Fixed slowness when comparing HDF5 files with many attributes.
Much slower performance was identified with later release version
(from 1.8.7 to 1.8.10) compared to 1.8.6. The issue was introduced
from fixing an attribute related bug for 1.8.7 release in the past.
HDFFV-8145 (JKM 2012/12/13)
1) Shorter package name;
2) Be consistent with kde3-i18n-*, kde4-l10n-*, hunspell-*, lang-*
PKG_OPTIONS;
3) Simplify modifications to PKGNAME in their Makefiles;
4) Accordance with international language naming standards;
5) Facilitate the addition of other dictionaries which are variants of the
same language (ex. Portuguese and Norwegian);
May this commit not cause anything to explode, hairs to gray, nerds to rage
