MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta
refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with
long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
- Several fixes to improve performance, stability and security
- Several fixes to improve handling of large folder files stored locally.
- Several fixes to improve corruption in local copy of IMAP mailboxes.
- MFSA 2010-78 Add support for OTS font sanitizer
- MFSA 2010-75 Buffer overflow while line breaking after document.write
with long string
- MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
A number of bugs in the library and in pcregrep have been fixed. As always, see
ChangeLog for details. The following are the non-bug-fix changes:
. Added --match-limit and --recursion-limit to pcregrep.
. Added an optional parentheses number to the -o and --only-matching options
of pcregrep.
. Changed the way PCRE_PARTIAL_HARD affects the matching of $, \z, \Z, \b, and
\B.
. Added PCRE_ERROR_SHORTUTF8 to make it possible to distinguish between a
bad UTF-8 sequence and one that is incomplete when using PCRE_PARTIAL_HARD.
. Recognize (*NO_START_OPT) at the start of a pattern to set the PCRE_NO_
START_OPTIMIZE option, which is now allowed at compile time
Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.
This package provides the following PostgreSQL modules:
- auto_explain
- pg_buffercache
- pg_stat_statements
- pgstattuple
The "auto_explain" module provides a means for logging execution
plans of slow statements automatically, without having to run
EXPLAIN(7) by hand. This is especially helpful for tracking down
un-optimized queries in large applications.
The "pg_buffercache" module provides a means for examining what's
happening in the shared buffer cache in real time.
The "pg_stat_statements" module provides a means for tracking
execution statistics of all SQL statements executed by a server.
The "pgstattuple" module provides various functions to obtain
tuple-level statistics.
version 1.4.5beta01 [September 25, 2010]
Fixed possible configure.ac bug introduced in version 1.4.4rc05.
Rebuilt configure scripts with autoconf-2.68 instead of autoconf-2.65
version 1.4.5beta02 [October 5, 2010]
Reverted configure scripts to autoconf-2.65
Fixed problem with symbols creation in Makefile.am which was assuming that
all versions of cpp write to standard output by default (Martin Banky). The
bug was introduced in libpng-1.2.9beta5.
version 1.4.5beta03 [October 8, 2010]
Wrapped long lines in CMakeLists.txt and introduced ${libpng_public_hdrs}
Undid Makefile.am revision of 1.4.5beta02.
version 1.4.5beta04 [November 8, 2010]
Check for out-of-range text compression mode in png_set_text().
version 1.4.5rc01 [November 19, 2010]
No changes.
version 1.4.5beta05 [November 20, 2010]
Revised png_get_uint_32, png_get_int_32, png_get_uint_16 (Cosmin)
Moved reading of file signature into png_read_sig (Cosmin)
Fixed atomicity of chunk header serialization (Cosmin)
Added test for io_state in pngtest.c (Cosmin)
Added "#!/bin/sh" at the top of contrib/pngminim/*/gather.sh scripts.
version 1.4.5beta06 [November 21, 2010]
Restored the parentheses in pngrutil.c; they are needed when the
png_get_*int_*() functions are compiled (i.e., when PNG_USE_READ_MACROS
is not defined).
Make the "png_get_uint_16" macro return a png_uint_32 in libpng-1.4 for API
compatibility.
Changes to remove gcc warnings (John Bowler)
Certain optional gcc warning flags resulted in warnings in libpng code.
With these changes only -Wconversion and -Wcast-qual cannot be turned on.
Changes are trivial rearrangements of code. -Wconversion is not possible
for pngrutil.c (because of the widespread use of += et al on variables
smaller than (int) or (unsigned int)) and -Wcast-qual is not possible
with pngwio.c and pngwutil.c because the 'write' callback and zlib
compression both fail to declare their input buffers with 'const'.
version 1.4.5beta07 [November 25, 2010]
Reverted png_get_uint_16 macro to beta05 and added comment about the
potential API incompatibility.
version 1.4.5rc02 [December 2, 2010]
No changes.
version 1.4.5rc03 [December 3, 2010]
Added missing vstudio/*/*.vcxproj files to the zip and 7z distributions.
version 1.4.5 [December 9, 2010]
Removed PNG_NO_WRITE_GAMMA from pngminim/encoder/pngusr.h
pg_upgrade (formerly called pg_migrator) allows data stored
in PostgreSQL data files to be migrated to a later PostgreSQL
major version without the data dump/reload typically required
for major version upgrades, e.g. from 8.4.7 to the current
major release of PostgreSQL. It is not required for minor
version upgrades, e.g. from 9.0.1 to 9.0.4.
shared-mime-info 0.90 (2010-12-1)
* Mime-type Changes:
- Make application/epub+zip sub-class-of application/zip
- Make sure RAM files are not all treated as text
- Make CMakefiles a sub-class of text/plain
- Add new mime-type for Panasonic RW2 images
- Add XSL magic
- Add root-XML for XSL
- Add *.gem as a glob for tar archives
- Add test case for text/directory files
- Add go source code
- Add pdf.xz mime-type
- Add text/x-ooc source code
- Add Cobol source code
* Other:
- Don't error out on the x-scheme-handler/* mime-types
- Fix crasher when mime-magic is empty
This package provides the following PostgreSQL tools:
- pg_archivecleanup
- pg_standby
pg_standby supports creation of a "warm standby" database server.
It is designed to be a waiting restore_command, which is needed
to turn a standard archive recovery into a warm standby operation.
pg_archivecleanup is designed to cleanup an archive when used as
an archive_cleanup_command when running with standby_mode = on.
pg_archivecleanup can also be used as a standalone program to
clean WAL file archives.
checking if xorg-macros used to generate configure is at least 1.3... configure: error: configure built with too old of a version of xorg-macros.m4 - requires version 1.2.0 or newer
a few years ago. (Un-,?)fortunately, the first % just grabs all
parameters on a sub call in a way that shift inside it can get at
them, so the 2nd % and the $ were ignored. Until some warning was
added to perl recently.
* Added the sqlite3_blob_reopen() interface to allow an existing sqlite3_blob
object to be rebound to a new row.
* Use the new sqlite3_blob_reopen() interface to improve the performance of FTS.
* VFSes that do not support shared memory are allowed to access WAL databases
if PRAGMA locking_mode is set to EXCLUSIVE.
* Enhancements to EXPLAIN QUERY PLAN.
* Added the sqlite3_stmt_readonly() interface.
* Added PRAGMA checkpoint_fullfsync.
* Added the SQLITE_FCNTL_FILE_POINTER option to sqlite3_file_control().
* Added support for FTS4 and enhancements to the FTS matchinfo() function.
* Added the test_superlock.c module which provides example code for obtaining
an exclusive lock to a rollback or WAL database.
* Added the test_multiplex.c module which provides an example VFS that provides
multiplexing (sharding) of a DB, splitting it over multiple files of fixed
size.
* A very obscure bug associated with the or optimization was fixed.
Transport Tycoon Deluxe (TTD) graphics, music and base sounds used by OpenTTD.
The main goal therefore is to provide a set of free files which make it
possible to play OpenTTD without requiring the (copyright protected) files from
the TTD CD. This potentially increases the OpenTTD fanbase and makes it a true
free game (with "free" as in both "free beer" and "open source").
* Fix: Reading (very) recently freed memory [CVE-2010-4168]
* Fix: Default service interval for ships/aircraft got switched
* Fix: Size of sort buttons for save/load and build vehicle list gui could be
too small
* Fix: [NewGRF] Crash when disabling static NewGRFs (when joining/starting
a server)
* Fix: Upper limit for snowline was too low
* Fix: Wrong (maximum) value shown for generation seed in the in-game console
* Fix: [Windows] Make sure to be upgraded openttd is not running when installing
* Fix: Under some circumstances the file handle of the downloaded savegame
would not be closed, and validity of the handled was not checked in all cases
* Fix: [NewGRF] Crash when getting an industry ID at an offset that uses some
'old' style industry tile
Update Czech, Danish, French, Croatian, Italian, Japanese, Kurdish,
Dutch, Russian, Swedish and Turkish language files.
Also re-enable Lithuanian now.
Catch up to Contao 2.9.2.
* tell Mesa, XPM, Xinerama and XDPMS manually instead of fancy configure.
Then those features are enabled with native X.
Those changes should resolve PR#40662.
Bump PKGREVISION.
