freeze; plus the prior version wasn't buildable anyhow.
pkgsrc changes:
- add comments to patches
- fix some pkglint
- add a LICENSE
- add a MESSAGE with url to the patches on cvsweb.n.o., which
the license may require
- enable the DAV and Redland RDF code
Vulnerabilities:
- Fixes Secunia 34531.
- Fixes CVE-2008-6005, which hasn't been in pkg-vulnerabilities for
some reason.
- No longer uses outdated builtin wxGTK, so CVE-2009-2369 no longer applies.
- It isn't clear if Secunia 32848 is fixed or not.
Upstream changes:
Amaya 11.3.1
9 December 2009
* Amaya merged paragraphs when several paragraphs are selected and
the user applies to it Strong, Emphasis or Code
* Sometimes after a <br> element is inserted the selection was misplaced
* The caret at the end of a line is sometimes not displayed
* The markup within <script> elements is now preserved
* Bold Italic fonts were not available on Windows platforms
* The $HOME variable is now ignored on Windows platforms
Amaya 11.3
2 December 2009
New Features
* The https protocol is now supported
* New version of the template editor: creation of XTiger
libraries, components, imports, etc.
* Automatic opening of the Structure view for template instances
* The vertical split opens the Structure view and the horizontal
split opens the Source view
* A double click on an item of the List of style sheets tool opens
the style sheet
* A new set of Amaya profiles: "Lite", "Lite+Web", "Lite+Web+CSS",
"Lite+Web+CSS+Math_Graphics", "Advanced"
* The Insert entity command now allows one to insert a unicode
character into a HTML document
* A new command Undo close Tab in the Tab contextual menu
* The Tab and Shift Tab commands allow one to move down/up list items
* The fonts configuration changes: old personal fonts.gl and
fonts.gl.win files have to be removed
Bug fixes
* The link dialogue didn't allow one to insert relative links into
a remote document
* Sometimes the focus in the link dialogue was lost
* Fix some rendering bugs and improve the CSS support
* Improve the edit of template instances: management of options
and attributes and fix bugs
* The refresh of tool panels was too slow
* PNG images were not displayed on 64-bit platforms
* On Mac OSX, the ^ dead key behaved like if "enter" was pressed
* On Mac OSX 10.5, sometimes cached files of the libwww were
stored into the "/" directory
* On Mac OS X platforms when scrolling, svg drawing moved up on the text
* The table of contents was not generated when the selection is not empty
* When the loaded file is ReadOnly, the Save As to another
location didn't work
Amaya 11.2
3 July 2009
New Features
* CSS: Support of z-index, opacity, SVG fill-rule, stop-opacity
and stop-color properties
* SVG: Implementation of linear gradients, copy/paste of markers
* Amaya proposes now to keep a local copy of edited pages when the
publishing fails
* Publishing: Resources can be saved with the document
* A new button allows one to lock/unlock WebDAV resources
Bug fixes
* Move the selection into the structure view when the created
<option> is not visible in the formated view
* The Attributes panel is updated as soon as it is opened
* When a column of a table is selected, Attributes and Style
panels apply to the <col> element
* Keep options of the table creation dialog
* Improve the management of template instances: options, repeats, etc.
* On Windows, local annotations were not correctly loaded
* On Mac OS X: Improve the management of libwww cached files
* The Code clean-up command now keeps style and lang attributes of
<div>, <table>, <span>, and <img> elements
* Improve the rendering of floated boxes and background images
* Fix some redisplay problems
* SVG: When there are several <group> elements, only the first
<group> could be selected
* SVG: When the <svg> element is centered, the position of new
components was miscalculated
* SVG: Improve the creation of arrows
* Fix a crash on Windows version when the Tab key was used in a
document that included a <form> element.
* The Type of the last created document was sometimes lost.
* Improve the WebDAV support
* Etag and preconditions were always checked when a document was
published
* Optimize the calculation of large tables and documents
* And other bug fixes...
Amaya 11.1
30 January 2009
New Features
* Text wrapping in the source view
* Partial support of SVG markers (arrow heads are now drawn with markers)
Bug fixes
* Fix possible security holes CVE-2008-6005
* Prevent a crash when the window, or a tab, or the application is
closed and a dialog is opened
* Display an empty window when the last tab of a window is closed
* Allow to create a link to the document itself
* Sometimes images were not loaded
* Keep options of the Search/Replace command
* Amaya ignored floated boxes within a table cell
* Mac OS X: Sometimes the horizontal scroll bar was not displayed
correctly
* Mac OS X and Windows: Next element and Previous element keys
were applied twice
Amaya 11.0
16 December 2008
New Features
* Support of XHTML+RDFa documents:
o RDFa attributes are parsed and can be edited
o Possibility to create XHTML+RDFa documents
o A command to add/remove namespace declarations of a document
o List of namespace declarations defined in the RDFa Preference.
* Shift+wheel scrolls the document horizontally
* Support direct resizing of images
* Integration of Japanese dialogs thanks to Martin D?rst
* XHTML, MathML, SVG, Template, and XML panels are now tabs of the
Elements tool
* Few new characters are proposed in the Special Characters tool
* A Span menu item is now available in the menu Insert > Character
Element
* SVG editing (a subset of the language)
* Template editing
* the Crtl-Click command opens a link in a new tab (Unix and Windows)
* The Reload command re-open the source or the structure view
* New management of Help documentation
* Improvement of template instances editing (Enter key,
transformations, contextual menus)
* A Tools > Code clean up command to clean up documents generated
by most word processors
Bug fixes
* Improvement of the rendering engine
* When the user selects in the structure view, the selection path
was not displayed in the status bar
* Sometimes images within a table were not displayed
* CSS style sheets attached to an object were not applied
* Close the help window when the user closes the last window document
* The Save all command was active only when a edited document is displayed
* Documents are now scrolled page by page
* On Mac OS X the focus could be lost when a dialog is closed
* On Mac OS X, Ctrl Enter didn't insert a <br>
* Improvement of MathML editing
* It was impossible to extend the selection outside a table
* <br> elements were not copied/pasted
* All attributes in MathML expressions were considered invalid
* Interpretation of attributes attached to <col> elements to fix
alignment, background-color, and width
* Display "Column" instead of "td" or "th" in the statusbar when
the whole column is selected
* A background image CSS property attached to any element (*) was
not applied immediately
* Improvement of XML document saving
* On Mac OS X, the default charset was set to us-ascii by error
* Amaya now uses the Content Location to save a remote document
without suffix (instead of redirecting to the Save As dialog)
* Amaya requested a confirmation each times the PUT is redirected
* Amaya keeps "\\windows-server\sharename\filename.html" URIs unchanged
* When text typed causes image contents to be pushed (to the
right) along with text, only part of the image was refreshed
* In source view, <shif-PageUP/DN>, <shift-DNarrow>, and
<shift-RTarrow> didn't work well.
Changes since 0.10.6:
New feature: atmosphere refraction support.
New plugin: Historical supernova.
New translatable strings: landscapes.
New moons of solar system planets (LP: #730686).
New feature: using different symbols for nebula icons.
TimeZone plug-in: fixed a bug preventing the saving of custom time zones. (LP: #720107)
Ocular plug-in: Corrected the calculation of CCD FOV.
Ocular plug-in: Implemented rotating the CCD bounding box.
Ocular plug-in: Made Telrad & CCD mutually exclusive.
Ocular plug-in: Implemented better binoculars support (LP: #695568).
Ocular plug-in: Redesign dialog.
SVMT plug-in: Adding QtWebKit dependency.
Satellite plug-in: improve of code.
Solar System Editor plug-in: fixed MPES online search and updated hard-coded URLs (LP: #725870).
Skycultures: two new skyculture descriptions in Norwegian (Bokmål).
Redesign search tool (LP: #730687).
Improved texture manager.
Various problems resolved (LP: #730069, #772206, #683255, #657455, #785574, #515311, #730075, #711887, #688978, #616748, #589634)
Update GeoIP to 1.4.8.
1.4.8
* Fix GEOIP_DOMAIN_EDITION_V6 ( Boris Zentner )
* Add new Datatypes GEOIP_NETSPEED_EDITION_REV1_V6 and
GEOIP_NETSPEED_EDITION_REV1 ( Boris Zentner )
* Fix possible directory traversal weakness in geoipupdate-pureperl.pl with
malicious update server ( Boris Zentner )
* Fix GEOIP_ORG_EDITION_V6 and GEOIP_ISP_EDITION_V6 ( Boris Zentner )
* It fixes a critical bug in 1.4.6.
== 1.5.0 / 2011-07-01
* Notes
* See changelog from 1.4.7
* Features
* extracted sets of Node::SaveOptions into Node::SaveOptions::DEFAULT_{X,H,XH}TML (refactor)
* Bugfixes
* default output of XML on JRuby is no longer formatted due to
inconsistent whitespace handling. #415
* (JRuby) making empty NodeSets with null `nodes` member safe to operate on. #443
* Fix a bug in advanced encoding detection that leads to partially
duplicated document when parsing an HTML file with unknown
encoding.
* Add support for <meta charset="...">.
== 1.5.0 beta3 / 2010/12/02
* Notes
* JRuby performance tuning
* See changelog from 1.4.4
* Bugfixes
* Node#inner_text no longer returns nil. (JRuby) #264
== 1.5.0 beta2 / 2010/07/30
* Notes
* See changelog from 1.4.3
== 1.5.0 beta1 / 2010/05/22
* Notes
* JRuby support is provided by a new pure-java backend.
* Deprecations
* Ruby 1.8.6 is deprecated. Nokogiri will install, but official support is ended.
* LibXML 2.6.16 and earlier are deprecated. Nokogiri will refuse to install.
* FFI support is removed.
=== 1.4.7 / 2011-07-01
* Bugfixes
* Fix a bug in advanced encoding detection that leads to partially
duplicated document when parsing an HTML file with unknown
encoding. Thanks, Timothy Elliott (@ender672)! #478
=== 1.4.6 / 2011-06-19
* Notes
* This version is functionally identical to 1.4.5.
* Ruby 1.8.6 support has been restored.
PR#45110.
* change dependency on xulrunner to build only.
Not bump PKGREVISION, because it is inpossible to build after dependency was
switched to xulrunner-2.
XXX: still firefox-4.1 does not recognize this plugin as add-on for me.
== Version 0.3.29 (tzdata v2011h) - 27-Jun-2011
* Updated to tzdata version 2011h
(http://article.gmane.org/gmane.comp.time.tz/3814).
* Allow the default value of the local_to_utc and period_for_local dst
parameter to be specified globally with a Timezone.default_dst attribute.
Thanks to Kurt Werle for the suggestion and patch.
version 2.9.0 (06/23/2011):
Pidgin:
* Fix a potential remote denial-of-service bug related to displaying
buddy icons.
* Significantly improved performance of larger IRC channels (regression
introduced in 2.8.0).
* Fix Conversation->Add on AIM and MSN.
* Entries in the chat user list are sorted properly again. This was
inadvertenly broken in 2.8.0.
Finch:
* Fix logging in to ICQ.
libpurple:
* media: Actually use the specified TCP port from the TURN configuration to
create a TCP relay candidate.
AIM and ICQ:
* Fix crashes on some non-mainstream OSes when attempting to
printf("%s", NULL). (Clemens Huebner) (#14297)
Plugins:
* The Evolution Integration plugin compiles again.
version 2.8.0 (06/07/2011):
General:
* Implement simple silence suppression for voice calls, preventing
wasted bandwidth for silent periods during a call. (Jakub Adam)
(half of #13180)
* Added the DigiCert High Assurance CA-3 intermediate CA, needed for
validation of the Facebook XMPP interface's certificate.
* Removed the QQ protocol plugin. It hasn't worked in a long time and
isn't being maintained, therefore we no longer want it.
Pidgin:
* Duplicate code cleanup. (Gabriel Schulhof) (#10599)
* Voice/Video call window adapts correctly to adding or removing
streams on the fly. (Jakub Adam) (half of #13535)
* Don't cancel an ongoing call when rejecting the addition of a
stream to the existing call. (Jakub Adam) (#13537)
* Pidgin plugins can now override tab completion and detect clicks on
usernames in the chat userlist. (kawaii.neko) (#12599)
* Fix the tooltip being destroyed when it is full of information and
cover the mouse (dliang) (#10510)
libpurple:
* media: Allow obtaining active local and remote candidates. (Jakub
Adam) (#11830)
* media: Allow getting/setting video capabilities. (Jakub Adam) (half
of #13095)
* Simple Silence Suppression is optional per-account. (Jakub Adam)
(half of #13180)
* Fix purple-url-handler being unable to find an account.
* media: Allow adding/removing streams on the fly. (Jakub Adam)
(half of #13535)
* Support new connection states in NetworkManager 0.9. (Dan Williams)
(#13505)
* When removing a buddy, delete the pounces associated with it.
(Kartik Mohta) (#1131)
* media: Allow libpurple and plugins to set SDES properties for RTP
conferences. (Jakub Adam) (#12981)
* proxy: Add new "Tor/Privacy" proxy type that can be used to
restrict operations that could leak potentially sensitive data
(e.g. DNS queries). (#11110, #13928)
* media: Add support for using TCP relaying with TURN (will only work with
libnice 0.1.0 and later).
AIM:
* Fix setting icons with dimensions greater than 64x64 pixels by scaling
them down to at most 64x64. (#12874, #13165)
Gadu-Gadu:
* Allow showing your status only to buddies. (Mateusz Piękos) (#13358)
* Updated internal libgadu to version 1.10.1. (Robert Matusewicz,
Krzysztof Klinikowski) (#13525)
* Updated internal libgadu to version 1.11.0. (Tomasz Wasilczyk)
(#14248)
* Suppress blank messages that happen when receiving inline
images. (Tomasz Wasilczyk) (#13554)
* Fix sending inline images to remote users, don't crash when
trying to send large (> 256kB) images. (Tomasz Wasilczyk) (#13580)
* Support typing notifications. (Jan Zachorowski, Tomasz Wasilczyk,
Krzysztof Klinikowski) (#13362, #13590)
* Require libgadu 1.11.0 to avoid using internal libgadu.
* Optional SSL connection support for GNUTLS users (not on Windows
yet!). (Tomasz Wasilczyk) (#13613, #13894)
* Don't count received messages or statuses when determining whether
to send a keepalive packet. (Jan Zachorowski) (#13699)
* Fix a crash when receiving images on Windows or an incorrect
timestamp in the log when receiving images on Linux. (Tomasz
Wasilczyk) (#10268)
* Support XML events, resulting in immediate update of other users'
buddy icons. (Tomasz Wasilczyk) (#13739)
* Accept poorly formatted URLs from other third-party clients in
the same manner as the official client. (Tomasz Wasilczyk)
(#13886)
ICQ:
* Fix setting icons with dimensions greater than 64x64 pixels by scaling
them down to at most 64x64. (#12874, #13165)
* Fix unsetting your mood when "None" is selected. (Dustin Gathmann)
(#11895)
* Ignore Daylight Saving Time when performing calculations related to
birthdays. (Dustin Gathmann) (#13533)
* It is now possible to specify multiple encodings on the Advanced
tab of an ICQ account's settings by using a comma-delimited list.
(Dmitry Utkin) (#13496)
IRC:
* Add "authserv" service command. (tomos) (#13337)
MSN:
* Fix a hard-to-exploit crash in the MSN protocol when using the
HTTP connection method (Reported by Marius Wachtler).
MXit:
* Support for an Invite Message when adding a buddy.
* Fixed bug in splitting-up of messages that contain a lot of links.
* Fixed crash caused by timer not being disabled on disconnect.
(introduced in 2.7.11)
* Clearing of the conversation window now works.
* When receiving an invite you can display the sender's profile
information, avatar image, invite message.
* The Change PIN option was moved into separate action.
* New profile attributes added and shown.
* Update to protocol v6.3.
* Added the ability to view and invite your Suggested Friends,
and to search for contacts.
* Also display the Status Message of offline contacts in their
profile information.
XMPP:
* Remember the previously entered user directory when searching.
(Keith Moyer) (#12451)
* Correctly handle a buddy's unsetting his/her vCard-based avatar.
(Matthew W.S. Bell) (#13370)
* Squash one more situation that resulted in duplicate entries in
the roster (this one where the server reports the buddy as being
in the same (empty) group. (Reported by Danny Mayer)
Plugins:
* The Voice/Video Settings plugin now includes the ability to test
microphone settings. (Jakub Adam) (#13182)
* Fix a crash when handling some saved settings in the Voice/Video
Settings plugin. (Pat Erley) (13290, #13774)
Windows-Specific Changes:
* Fix building libpurple with Visual C++ .NET 2005. This was
accidentally broken in 2.7.11. (Florian Quèze)
* Build internal libgadu using packed structs, fixing several
long-standing Gadu-Gadu issues. (#11958, #6297)
Add PKG_DESTDIR_SUPPORT;
Add LICENSE
`$Cambridge: hermes/src/prayer/docs/DONE,v 1.66 2011/06/27 13:39:56 dpc22 Exp $
27/06/2010
==========
Release: Prayer 1.3.4
22/06/2011
==========
draft.c fixes:
Fold long lines of addresses before the entry which reaches 78 characters
when possible, rather than after the first entry which crosses that
boundary. Long standing bug bear of mine but several support functions
needed to be rewritten to use scratch string in place of output buffer.
Long subject lines which are not RFC1522 encoded need to be folded.
separately. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>.
RFC1522 is not allowed to fold lines in the middle of a UTF-8 multibyte
character. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>.
Tidy library:
Add support for tidyp fork of (apparently abandoned) tidy library.
Fix cross site scripting problem:
MSIE and Chrome think that <!---> is a complete comment. Allows people to
hide scripts inside <!---><script>...<!--->. Strip all comments (which is
something that the old sanitiser had been doing already)
Sieve blocks should check "From: " address in body as well as
envelope sender address. Check "Sender: " as well for completeness.
Linux needs IPPROTO_IPV6 to bind to '0.0.0.0' and '::'
01/11/2010
==========
Mike Brudenell <mike.brudenell@york.ac.uk> reported problem with RFC
2183/RFC 2231 quoting with vey long filenames, or filenames with strange
characters from ASCII range.
20/07/2010
==========
Release: Prayer 1.3.3
08/07/2010
==========
Better handling of complex multipart messages:
Rather than just displaying the first text/plain or text/html that we can
find in the top, (leaving people to access sections for the other parts),
display the entire tree: multipart/alternative are handled as before, but
with other multipart messages, recurse into the subtrees and repeat. Given:
1 (Nested multipart)
1.1 text/html
1.2 text/plain
2 text/plain
we display sections 1.1 and 2. Previously we would display section 2,
which is a bit of a disaster if section (1) was the original message and
a listserver has helpfully tagged on a message footer as a separate bodypart
Combine os_*.c back into a single file (which is where I started off
many years back). Eliminates lots of repeated code.
07/07/2010
==========
Bugs
====
os_bind_inet_socket(unsigned long port, char *interface)
If interface resolves to multiple IP addresses then only binds to the
first. Should really walk along ai->ai_next and bind to each IP address
in turn. Unfortuanetly this means that os_bind_inet_socket() needs to
return an array of sockfds rather than a single int. Parent routines
probably aren't going to play ball either.
Most likely cause will be a hostname which generates both IPv4 and IPv6
addresses. Unfortanately it is a probably that we are going to have
to solve eventually.
05/07/2010
==========
Fix XSS problems reported by:
Jacob H. Hilton <jhh40@cam.ac.uk>
Dr Andrew C Aitchison <A.C.Aitchison@dpmms.cam.ac.uk>
Rather than trying to spot dangerous tags by simple substring matching in C,
I now feed the html through Tidy library (http://tidy.sourceforge.net/),
and then prune unwanted nodes from the parse tree before setting it to
the pretty printer. The only problem is that the Tidy library doesn't
provide any public API for manipulating the parse tree (although it does
provide a public API for walking the tree!?), so I had to dig around to
find the private functions required to remove and manipulate nodes.
Javascript embedded into CSS is also a problem: I need to strip off CSS
character entities before looking for dangerous expressions. The final
part is still a simple string match: I hope that I don't end up having to
generate parse trees for CSS as well as the HTML.
Now passes full test suite at:
https://secure.grepular.com/email_privacy_tester/
Better vacation screen
Subject line
Phrasing
Coping with multiple logins as single user from single browser:
SessionID stored in HTTP Cookie: second login blats first
Can store SessionID in URL (Prayer does this if no cookies available)
Not secure: leaks in HTTP "Referrer" header with links from HTML email.
Solution: Use HTTP Cookie keyed by PID of login session.
Smaller cleanups:
Improve gap between words in spell check (Cambridge house style)
Remove extra blank lines after postpone, restore cycle.
From README:
RPy2 is subject to the Mozilla Public License Version 1.1 (the
"License"); you may not use RPy2 except in compliance with the
License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/ (or see the file MPL_LICENSE)
Software distributed under the License is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
the License for the specific language governing rights and
limitations under the License.
The Original Code is the RPy2 python package, itself subdivived
into subpackages and modules.
All code is Copyright of the respective author(s).
See the file AUTHORS for further details regarding authorship.
Alternatively, RPy2 may be used under the terms of either the GNU
General Public License Version 2 or later (the "GPL", see the file
GPL_LICENSE), or the GNU Lesser General Public License Version 2.1
or later (the "LGPL", see the file LGPL_LICENSE), in which case the
provisions of the GPL or the LGPL are applicable instead of those
above. If you wish to allow use of your version of this file only
under the terms of either the GPL or the LGPL, and not to allow
others to use your version of this file under the terms of the MPL,
indicate your decision by deleting the provisions above and replace
them with the notice and other provisions required by the GPL or the
LGPL. If you do not delete the provisions above, a recipient may use
your version of this file under the terms of any one of the MPL, the
GPL or the LGPL.
