Security Fixes
* Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection encoding.
* Upgraded bundled SQLite 3 to version 3.3.17. (Ilia)
* Fixed gd build when used with freetype 1.x (Pierre, Tony)
And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3
for all the details.
KoverArtist is a program for the fast creation of covers for
cd/dvd cases and boxes. The main idea behind it is to be able
to create decent looking covers with some mouseclicks.
CUPS 1.2.11 fixes several build system, printing, PPD, and IPP conformance
issues. It also fixes a crash bug in the scheduler when printing to files
in non-existent directories.
2006-02-19 Manfred Paulus <manfred.paulus@googlemail.com>
* option: added -C option for switching clipping facilities
* option: added -O option for setting content overlap
* output: make postscript functions out of read in
page descriptions instead of copying the code
for every output page
* pages: corrected sizes of ISO A and B formats
2005-09-07 Cristian Tibirna <tibirna@kde.org>
* option: don't crash when specifying -s option (scaling)
2002-08-30 Michael Goffioul <goffioul@imec.be>
* option: added a "fake" option to pre-calculate the
tile pages (used within KDEPrint).
2002-08-28 Michael Goffioul <goffioul@imec.be>
* pages: allow selection of tile pages to print
2002-08-26 Michael Goffioul <goffioul@imec.be>
* gets: avoid the use of gets, replaced by fgets
* input: allow input from STDIN
* pages: allow poster printing of more than one page
other conditionals. Indented all conditionals according to pkglint's
idea of correct indentation.
All packages that use this file must also have some options. Otherwise,
why should they use it at all?
All errors are _appended_ to PKG_FAIL_REASON, instead of overwriting
older ones.
gnutls-1.6.x (the stable branch).
No further PKGREVISION bumps necessary, because opencdk caused recursive
PKGREVISION bumps and afterwards gnutls wouldn't build.
Addresses PR pkg/36448.
Package change: Fix opencdk-config and opencdk.pc.
Noteworthy changes in version 0.6.1 (2007-05-12)
------------------------------------------------
* The opencdk.def file is included in the distribution archive,
fixes build failures on mingw32.
* Some bug fixes for the mingw32 build in combination with WINE.
* Now the decryption code uses the name in the literal packet
for the output file whenever this is possible.
* Take care of absolute file names in literal packets.
adopted by many Linux distributions as well as FreeBSD ports:
o jpegtran: add "-perfect" switch:
Fail if there are non-transformable edge blocks.
o jpegtran: add "-crop" switch:
Crop to a rectangular subarea.
o jpegtran: correct EXIF handling.
o jpegexiforient: Get and set the Exif Orientation Tag.
o exifautotran: Transforms Exif files so that Orientation becomes 1.
Suggested by dzoe on #NetBSD IRCNet.
just explain a little better how RoundCube is setup in pkgsrc.
* While were here update to 20070528
2007/05/28 (thomasb)
---------
- Fixed buggy imap_root settings (closes 1484379)
- Prevent default events on subject links (1484399)
- Typo in rcube_smtp.inc
2007/05/23 (estadtherr)
----------
- Upgrade to TinyMCE v2.1.1.1
2007/05/18 (thomasb)
----------
- Use HTTP-POST requests for actions that change state
2007/05/17 (thomasb)
----------
- Updated Catalan, Russian, Portuguese, Slovak and Chinese translations
- Renamed localization folder for Chinese (Big5)
- Chanegd Slovenian language code from 'si' to 'sl'
- Added Sinhala (Sri-Lanka) localization
- Use global filters and bind username/ for Ldap searches (1484159)
- Hide quota display if imap server does not support it
- Hide address groups if no LDAP servers configured
- Add link to message subjects (closes 1484257)
- Better SQL query for contact listing/search (closes 1484369)
2007/05/13 (thomasb)
----------
- Updated Norwegian (bokmal), Czech, Danish and Portuguese (standard) translation
- Fixed marking as read in preview pane (closes 1484364)
- CSS hack to display attachments correctly in IE6
- Wrap message body text (closes 1484148)
You do not need nspluginwrapper if the ABI of the plugin and browser are the
same, such as running a 32 bit Linux firefox and flash plugin under NetBSD.
JamVM 1.4.5 released on 4th February 2007
=========================================
A summary of changes since 1.4.4:
- Support for Java 1.5 Annotations. This includes the following
methods for reflection access to Annotations:
- VMClass.getDeclaredAnnotations
- java.lang.reflect.Field.getDeclaredAnnotations
- java.lang.reflect.Constructor
- getAnnotation, getDeclaredAnnotations, getParameterAnnotations
- java.lang.reflect.Method
- getDefaultValue, getAnnotation, getDeclaredAnnotations,
getParameterAnnotations
- Class sun.misc.Unsafe implemented, providing VM support for
JSR-166 (Concurrency Utilities).
- Ported to the mipsel architecture. This is a full port, with hand-
coded assembler to handle the construction of a call-frame for calling
JNI native methods. This supports the O32 ABI (for other ABIs libffi
can be used).
- Bug fix in registering references external to the heap with the GC.
The table should be locked for references registered after VM
initialisation.
- Bug fix when expanding the heap and the free-list is empty.
- Fixed race-condition when rewriting OPC_NEW in the indirect-threaded
interpreter (by default the direct-threaded interpreter is used).
- Bug fix in the GC compaction phase. The class-loader references
within the loaded DLL hashtable must be updated when the class-loader
is moved during compaction. This is a regression introduced in
JamVM 1.4.3 (DLL unloading), seen while running Eclipse.
- Bug fix in JNI_GetStringUTFLength. The reported length should not
include space for a NULL terminator.
- Various compile fixes for uClibc. Support for the JNI invocation
API requires glibc features not implemented in uClibc.
- Command line option -fullversion implemented.
JamVM 1.4.4 released on 2nd November 2006
=========================================
A summary of changes since 1.4.3:
- Full JNI Invocation API implemented, enabling JamVM to be linked into
another program.
- JNI_CreateJavaVM, DestroyJavaVM, AttachCurrentThread,
- AttachCurrentThreadAsDaemon, DetachCurrentThread
- JNI_GetDefaultJavaVMInitArgs
- JamVM is now also built as a shared library (lib/libjvm.so).
- The executable (bin/jamvm) is statically linked with this library
instead of being a wrapper. This is because the shared library
runs slower than static linking on some architectures. As JamVM
is small this is not a problem.
- Improved class-loader and shared library support
- When a class-loader (and all its classes) is unloaded all shared
libraries loaded by the class-loader are unloaded and JNI_OnUnload
called (if defined)
- A shared library can no longer be opened by two class-loaders
at once
- A class can only resolve native methods defined in shared libraries
opened by its defining class-loader
- Major re-working of thread/locking code to support additional Java 1.5
functionality
- Thread.getState() implemented
- correct thread states and their transistions (e.g. BLOCKING,
WAITING, TIMED_WAITING, etc.)
- native support for the ThreadMXBean thread system management API
- thread creation statistics (count of live, started and
peak threads)
- Information about a thread (ThreadInfo)
- execution information (thread state, stack backtrace to
a particular depth, object upon which the thread is blocked
or waiting to be notified)
- synchronization statistics (counts of the times the thread
has been blocked or waited for notification)
- Thread.interrupt() re-implemented fixing several bugs
- if a thread was waiting on a monitor, previous implementation
required the monitor lock to be obtained. If a 3rd thread
was holding this, the interrupt could not occur to avoid
deadlock. New thread-code does not require lock to be obtained.
- in rare circumstances another thread waiting on the monitor
could be notified (when there was pending notifications,
and then an interrupt, and subsequent threads waiting on the
monitor).
- a thread waiting on a thin-lock (waiting for inflation)
could erroneously report an InterruptedException
- GC bug fix for class-unloading when only using the compactor
(-Xcompactalways). The compactor in some circumstances could move
objects ontop of the object holding the native class-loader VM data
before it was freed leading to a SEGV.
- Bug fix for abstract methods which fell through previous
AbstractMethodError checks (using a stub method)
- AbstractMethodError now also gives the method name
- Bug fix to not allow abstract classes to be instantiated
- Bug fix for NULL in identityHashCode (a regression in JamVM 1.4.3)
- Bug fix for NULL in JNI method GetStringUTFLength|Chars
- Bug fix for $ in native method names
- FirstNonNullClassLoader implemented
- Access-checking bug fix. In reflection method/field access, also
check class access in addition to method/field.
- Ensure created threads have a native stack size of at least 2MB. This
fixes SEGVs due to stack overflow seen on OpenBSD/Darwin
(default 512KB).
- Property sun.boot.class.path is now also defined in addition to
java.boot.classpath. Certain applications look for the Sun property
(e.g. Dacapo bloat benchmark).
- Extra bootclasspath command line options
- bootclasspath/v overrides the default VM classes path
- bootclasspath/c overrides the default GNU Classpath classes path
- java.endorsed.dirs support added
- directories are scanned and any jar/zip files are added to the
boot classpath.
- Improved thread dump (produced via ctrl-\). Now shows thread state.
- JamVM by default now installs in its own directory (/usr/local/jamvm)
JamVM 1.4.3 released on 21st May 2006
=====================================
A summary of changes since 1.4.2:
- Heap compaction implemented. Previously on some programs the object
allocation pattern could lead to a highly fragmented heap (lots of
small holes). This caused early heap expansion, and in some cases
an OutOfMemory exception (a result of repeated heap expansion until
heap fully expanded).
JamVM now includes a mark/compact collector in addition to the
mark/sweep GC. This is normally ran after forced finalisation, and
before heap expansion. It removes fragmentation by sliding the objects
to the bottom of the heap, closing the holes.
Two new command line options can be used to control compaction :
-Xnocompact : don't do compaction and just use the mark/sweep
collector. This is equivalent to JamVM 1.4.2 behaviour.
-Xcompactalways : do compaction on every garbage-collection. In
some cases this may lead to less collections, but
the compactor is slower than the sweeper.
- The interned String table is now garbage-collected (JamVM uses its
own interned String hashtable).
- Additional Java 1.5 support
- New methods within VMClass implemented
- isMemberClass, isLocalClass, isAnonymousClass,
getEnclosingClass, getEnclosingMethod,
getEnclosingConstructor, getClassSignature.
- Generic signature support in reflection classes (Constructor, Method
Field).
- getTypeParameters, getSignature, getGenericExceptionTypes,
getGenericParameterTypes, toGenericString, getGenericType,
getGenericReturnType
- Uncaught exceptions will now use the thread's uncaughtExceptionHandler
(if available).
- Fix for Non-ASCII characters in class name parameter
- affected methods Class.ForName, ClassLoader.defineClass
- Use getcwd() instead of PWD enviroment variable for user.dir
property. This fixes problems seen on some applications.
- Fix in VMClass.defineClass on 64-bit machines (protection domain
parameter assumed to be 4 bytes).
- Minor interpreter optimisation in direct-mode with handler
prefetch (reload of handler address in aload_0/getfield pair).
- Command line options -version and -showversion now prints a "Java
compatible" version number. This is to work with shell scripts which
parse the output to get the Java version.
- Set the java.home property to the JAVA_HOME environment variable if set.
- Ported to Mac OS X on Intel.
- Runtime.availableProcessors implemented (Linux, Mac OS X and BSD
systems).
- Updated to be compatible with Classpath 0.91.
- Merged in changes to GNU Classpath's VM reference classes and
JamVM's classes.
- Various compiler warnings.
Java binaries. This makes it easier for packages to call the wrapper
instead of the direct binary. See games/cgoban-java/Makefile revision
1.39 for the current approach and the following revision for the simpler
one.
Added _VARGROUPS. Doing that, I realized that BUILD_DEFS corresponds to
_USER_VARS.* and BUILD_DEFS_EFFECTS to _SYS_VARS.*. This redundancy may
be removed in the future.
Removed a redundant comment.
