Fixes (second half of) Secunia SA: http://secunia.com/advisories/15651/
(first half was fixed in 0.3.11nb1)
ChangeLog excerpts:
Thu Feb 24 00:32:44 EST 2005
Added extractor that extracts binary (!) thumbnails from
images using ImageMagick. Decoder function for the binary
string is in the thumbnailextractor.c source.
Sun Feb 20 16:36:17 EST 2005
Fixed similar problem in REAL extractor. Added support
for new Helix/Real format to REAL extractor.
Sun Feb 20 12:48:15 EST 2005
Fixed (rare) integer overflow bug in PNG extractor.
Fri Jan 21 15:23:43 PST 2005
Fixed security problem in PDF extractor.
Fri Dec 24 13:28:59 CET 2004
Added support for Unicode to the pdf extractor.
Thu Dec 23 18:14:10 CET 2004
Avoided exporting symbol OPEN (conflicts on OSX
with same symbol from GNUnet). Added conversion
to utf8 to various plugqins (see todo) and
added conversion from utf8 to current locale to
print keywords.
as devel/lwp, but devel/rx is a regular expression library, not an rpc library.
And arla, of course, is another implementation of AFS. I'll work on making it
not conflict eventually.
- 1.8 (christos)
Yes, it was a cool trick >20 years ago to use "0123456789abcdef"[a] to
implement, xtoa(), but I think defining the samestring 50 times is a bit
too much. Defined HEXDIGITS and hexdigits in subr_prf.c and use it...
- 1.9 (bouyer)
call (ifp->if_input) at splnet(). ifp->if_input points to ether_input()
which doesn't raise the IPL itself in all cases.
Should also fix PR 29546 (the pkgsrc kernel module needs to be updated).
Bump version to 20050610.
Changes:
- security fixes for DoS issues:
http://gaim.sourceforge.net/security/index.php?id=18http://gaim.sourceforge.net/security/index.php?id=19
- Fix Yahoo! privacy bug
- Fix Jabber Get Info crash on busted servers
- The file transfer details section now also displays the full
path to the local file sent/received.
- Yahoo! has the following new "/" commands: /join, /buzz
- Updated our gaim.desktop file, thanks to all our terrific
- translators for sending in translations of the changes
- Improvements to how Gaim handles new message notification
Notable changes (see files/ChangeLog for full details):
* Convert to use getline() instead of fgets() whenever reading user input to
ensure that an overly long input line doesn't leave excess characters for
the next input operation to accidentally use as input.
Should fix PR 23953.
* Improve method used in fileindir() to determine if `file' is in or under
`dir': realpath(3) on non-NetBSD systems may fail if the target filename
doesn't exist, so instead use realpath(3) on the parent directory of `file'.
(The previous code was over-aggressive in preventing transfers on systems
with a realpath(3) that had different semantics to NetBSD.)
* Various portability fixes.
Security-related bug fixes:
* Convert to use getline() instead of fgets() whenever reading user input to
ensure that an overly long input line doesn't leave excess characters for
the next input operation to accidentally use as input.
* Zero out the password & account after we've finished with it.
* Consistently use getpass(3) (i.e, character echo suppressed) when reading
the account data. For some reason, historically the "login" code
suppressed echo for Account: yet the "user" command did not!
* Improve method used in fileindir() to determine if `file' is in or under
`dir': realpath(3) on non-NetBSD systems may fail if the target filename
doesn't exist, so instead use realpath(3) on the parent directory of `file'.
(The previous code was over-aggressive in preventing transfers on systems
with a realpath(3) that had different semantics to NetBSD.)
Bug fixes:
* Display the hostname in the "getaddrinfo failed" warning.
* Only print the "Trying <address>..." message if verbose and there's more
than one struct addrinfo in the getaddrinfo() result.
* formatbuf(): fix %m and %M to use the hostname, not the username.
* fetch_ftp(): preserve 'anonftp' across a disconnect() so that multiple ftp
auto-fetches on the same command line login automatically.
* Improve bounds checking.
* Update various copyright notices.
Portability fixes:
* Look for dirname(3), which may be in -lgen on IRIX, and replace it if not
found.
* Don't use non-standard: u_char, u_short, u_int, or uint.
* Use uint32_t instead of u_int32_t.
* Don't use register.
* Helps if the definition of xconnect() matches its declaration....
* Fix some cast issues highlighted by gcc 4 on OSX.4
* Use size_t instead of int where appropriate.
* Make this compile on sparc64 (size_t != int).
* Printf field widths and size_t don't always mix well, so cast to int.
Fixes build problem for alpha.
* auto_fetch(): use an initialized volatile int to appease IRIX cc.
* Don't abuse unconstify'ing a string and writing to it, because you'll core
dump. Also remove extra const that gives pain to the irix compiler.
* Make sure we flush after we prepare when we are unbuffered otherwise the
prompt will not appear immediately.
* Terminate the arglist with a NULL instead of 0. (Shuts up gcc4.x)
* Use malloc(3) instead of alloca(3).
* Include "src/progressbar.h" for xsignal_restart() prototype.
* Ensure that fallback #define of __attribute__ is available.
Fixes build problem on HP-UX with cc.
* Pull in <poll.h> or <sys/poll.h> if they exist even if we're not using poll,
as struct pollfd might exist in those. Fixes build problem on OSX.3.
* Use NS_INADDRSZ, NS_IN6ADDRSZ and NS_INT16SZ instead of
equivalents without NS_ prefix.
* Use socklen_t instead of size_t where appropriate.
* Separate CPPFLAGS from CFLAGS.
* Use "long long" instead of "quad" in various comments & constants.
* Prefer poll over select when implementing replacement usleep().
PR pkg/28850. (Patch applied with multiple changes.)
Version 0.7.2
* Features:
- Now if ${HOME}/.ideskrc file don't exist then the default
${PREFIX}/share/idesk/dot.ideskrc file is loaded with default options.
- if ${HOME}/.idesktop files doesn't exist then the default
${PREFIX}/share/idesk/default.lnk file is loaded with default options
but remember you must create the directory .idesktop.
- New option Background.File for background image (wallpaper) in
.ideskrc file example Background.File: /path_to_image/background.jpg
- Optional feature for Background.File is the default folder_home.png
image in ${PREFIX}/share/idesk directory. If you define Background.File
option and that image is invalid or it isn't exist then folder_home.png
file image is loaded.
- Regroup the new options in .ideskrc file for tooltip
+ ToolTip.FontSize: 11
+ ToolTip.FontName: gothic
+ ToolTip.ForeColor: #0000FF
+ ToolTip.BackColor: #FFFFFF
+ ToolTip.CaptionOnHover: true
+ ToolTip.CaptionPlacement: Right
* Minor bug fixes:
- Clean up the code
- Fixed the init scripts (automake version problems)
- Now only .lnk type extension for the image files are valid images, any
other extension is a invalid image and they aren't loaded.
Version 0.7.1
* Minor bug fixes:
* Fixed the default value for BackColorTip attribute (background color
for tooltip) in Tooltip (don't see the letters)
* Fixed the default value for FillStyle attribute. Now is "None" the
default value instead "FillHLine". Valid values are:
FillInvert, FillHLine, FillVLine and None.
Version 0.7.0
* Features:
- Added the GNU configure and build system for Idesk. Now is easy
configure, build and install this project.
- Now Startup Notification is optional (with --enable-libsn option).
Default is disable.
- 'FillStyle' attribute. Define the appearance for the icon when the
user click it.
- Now is possible define the Font, Size, Foreground and Background
color for the ToolTip.
* Bug fixes:
* Fixed the old bug for transparent effect when the user run idesk and
others windows were open, Idesk take a "snapshot" from the current screen
but also take from the others windows, producing that the transparent
effect wasn't seen good (horrible effect produced).
* Fix the problem with SnapShadow have the value true.
* Fix the bug, when restart the program with double middle click.
* Fix the error of the imlib with color_modifier null.
* Fix the bug, when the Caption attribute is empty string.
(Thanks to Rene De La Garza <rene.delagarza@gmail.com>)
Version 0.6.1
Bug fixes. Font problem and idesk restarting.
Version 0.6.0
Porting from Imlib to Imlib2 ready!!! In addition, better support for mouse
actions (EnterNotify and LeaveNotify events). The SVG support was remove
because not implemented in Imlib2 yet and a few fixes and clean ups here
and there. Now the application run although it fails in loading some
configuration files icon. GTK and GDK support isn't necessary now. Startup
notification support for launch applications!!! but is very experimental and
under some Window Managers it will not worki ... and more. See the
Screenshots.
Version 0.5.6
Bug-fixes and better support for SVG.
Version 0.5.5
Multiple commands, completely configurable actions, automatic background
updating with Esetroot, a new option to only show the caption on mouseover,
and a few fixes and clean ups here and there.
Version 0.5.2.1
Fixed a few bugs here and there. Took away the need for the SVG: true
field.and other things that I forgot to list.
Version 0.5.0
Added SVG support using librsvg. Still rudimentary, need to check for
bugs andd leaks.
Version ? (maybe .5)
New idesk mostly coding structure changes. Code was re-written to be more
object oriented and modular. Added single-click, click-delay, and snapping
options.
Changes:
### SECURITY BUGFIXES
- Fetchnews did not detect timeouts while it was downloading an article
header, which malicious upstream servers could exploit to mount
a denial of service attack against the fetchnews client. See
leafnode-SA-2005-02.txt. CVE Name: CAN-2005-1911
### BUGFIXES
- Bugfix sed expression in makesubst script. (Reported by Jeff Zacharias.)
### CHANGES
- texpire now tags the message.id expired count with "message.id" rather
than "total:" to avoid misleading the user who assumes that "total:"
would have to be the sum of the group counts. See also the FAQ change
below. SourceForge bug #1215453.
- When debugmode and verbose mode are set, leafnode programs now print a
warning to stdout that the user should check syslog.conf and the
syslog output rather than the screen print for debugging and sleeps for
three seconds.
### DOCUMENTATION
- Add FAQ entry to explain discrepancies between texpire group counts
and message.id expired articles counts.
- Add FAQ entry to explain influence of Gnus' gnus-read-active-file
setting on lost subscriptions, and extend stop fetchnews from
unsubscribing FAQ. Debian bug #307685.
- Drop FAQ entry on license issues as some parts of leafnode are in fact
GPLd.
- Drop FAQ entry on why old articles aren't posted, obsolete since
1.9.33.
- INSTALL and INSTALL_de have been polished.
- Add a hint that syslog.conf must be edited to config.example.
- leafnode(8) mentions that LIST ACTIVE keeps an existing subscription
fresh. CVS:
----------------------------------------------------------------------
----------------------------------------------------------------------
distinfo CVS:
----------------------------------------------------------------------
* Improve the documentation.
* Avoid running commands during Makefile processing by using the :sh
modifier instead of defining variables using !=
* Add a new variable PKGSRC_CHANGES that holds the path to the CHANGES
file to be modified.
* Use ${ID} and ${DATE}, which are provided by the tools framework and
avoid PATH issues.
"The fixps and psmandup scripts in a2ps allow local users to overwrite
arbitrary files via a symlink attack on temporary files."
Patches from Gentoo with few minor issues corrected.
