* Noteworthy changes in Version 1.4.11 (2008-04-02) [stable]
Released by Eric Blake, based on git version 1.4.10a
** Security fixes for the -F option, for bugs present since -F was
introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and
avoid arbitrary code execution with certain file names.
** Fix regression introduced in 1.4.9b in the `divert' builtin when more
than 512 kibibytes are saved in diversions on platforms like NetBSD
or darwin where fopen(name,"a+") seeks to the end of the file.
** The output of the `maketemp' and `mkstemp' builtins is now quoted if a
file was created. This is a minor security fix, because it was possible
(although rather unlikely) that an unquoted string could match an
existing macro name, such that use of the `mkstemp' output would trigger
inadvertent macro expansion and operate on the wrong file name.
** Enhance the `defn' builtin to support concatenation of multiple text
arguments, as required by POSIX. However, at this time, it is not
possible to concatenate a builtin macro with anything else; a warning is
now issued if this is attempted, although a future version of M4 may
lift this restriction to match other implementations.
** Enhance the `format' builtin to parse all C99 floating point numbers,
even on platforms where strtod(3) is buggy, although the replacement
function does have the known issue of rounding errors when parsing
some decimal floating point values. This fixes testsuite failures
introduced in 1.4.9b.
** Enhance the `index' builtin to guarantee linear behavior, in spite of
the surprisingly large number of systems with a brain-dead quadratic
strstr(3).
** A number of portability improvements inherited from gnulib.
General:
* greatly improved merge tool configuration, see "hgrc.5.txt" for details
* improved copy/rename handling in diffs, status, and merge
* files in .hg inherit permissions from .hg/store
* infer --repository when possible, so commands may be run from anywhere.
* easy-installable
* new "droplet" logo
Commands:
* archive: disable ".hg_archival.txt" file addition with "ui.archivemeta"
* bisect: now built-in with greatly improved performance and usability
* bundle: new --all option to bundle the whole repository more easily.
* cat: apply decode filters with --decode
* clone: can clone from a full-history bundle
* commit: warn when creating a new head
* debugancestor: index argument is now optional
* diff: set the number of context line to show with -U/--unified
* grep: display matched revisions commit date with --date
* import: new --no-commit and --user options
* incoming/outgoing: add --limit option
* log: use -b/--only-branch to show revisions of a single branch
* remove: improve handling for --after
* revert: major speedup
* serve: prefix the served path with --prefix (also in [web] section)
* status: unknown files are skipped by --quiet
* tag: allow multiple tags to be added or removed
* tags: --verbose flags local tags
* update: switch between named branches without -C
Extensions:
* churn: promoted to an official extension (previously in contrib)
* color: new extension coloring "status" and "qseries" command outputs
* convert:
* hgk: configuration file changed from .gitk to .hgk
* highlight: new extension enabling syntax highlighting in hgweb
file view (requires pygments)
* inotify: new extension using Linux 2.6 inotify API for instant
status checking
* keyword: new extension for filewise RCS-keyword expansion in working
directory
* mq: new --currentdate, --date, --currentuser, and --user options
* record: add "qrecord" command when used with mq
Web interface:
* improved WSGI integration and compatibility
* follow symlinks in hgwebdir collections
* show branches in most of gitweb templates
* add line anchors to annotate, changeset, diff and file views
* support web.baseurl in hgwebdir, overriding SCRIPT_NAME
Hooks:
* standard hook to reject text files with CRLF in win32text extension
* redirect stdout to stderr for ssh and http servers
support is built into the package.
+ Convert to use PLIST_VARS instead of manually adding "@comment" to
PLIST_SUBST.
Bump PKGREVISION to 19 due to the addition of package options.
* Changes since 1.4.2
** key event handling
top level key bindings are grabbed "asynchronously" instead of
"synchronously." This should eliminate the freezes some people have
experienced in previous versions.
fix: stg mail crashes when there is no patch description
Better "stg rebase" help text
Enhance rebase help string by providing guidance on merge conflict
resolution during a rebase.
Based on text suggested by Catalin Marinas.
Test the 'stg rename' command
Simple rename of top-most patch
Allow renaming of the top-most patch just by calling stg rename
<new-patch-name>, instead of stg rename <old> <new>. This is for
example helpful for those people who always have a typo or two in
their patch names.
Make documentation less confusing
It's not just by default "stg new" doesn't do a refresh -- it never
does.
replace "git repo-config" usage by "git config"
Remove a newline from the e-mail template
Allow picking of one commit id
Remove the reordering side-effect of the latter sync changes
Fix sync to push the popped patches back after sync'ing
Add a boundary to parse_patches in pick.py
Refuse to send empty patches
Set umask to 0022 during the setup.py execution
This allows template files to be installed with the proper rights.
Modify 'series' to use '#' instead of '|'
Allow the synchronisation of the unapplied patches
Check for unnecessary push/pop in 'float'
Allow pick to import multiple patches
This patch allows multiple patches on the "pick" command line.
Don't set the default authdate if none specified
This way, we allow a patch editing to remove an existing date by not
specifying it.
changes:
* Security fixes:
- Array Indexing Vulnerability in sdpplin_parse(). (CVE-2008-0073)
- integer overflow, possibly leading to buffer overflow, CVE-2008-1482
* Reworked the plugin directory naming so that external plugins don't have
to be rebuilt for every release
* Made the version parsing much more reliable; it wasn't properly coping
with four-part version numbers
* Fixed an off-by-one in the FLAC security fix patch. This breakage was
causing failure to play some files
* Support 16-bit big-endian DTS audio
* Improved frame snapshot API. (ABI extension.)
* Re-add support for # (stream parameter separator) in raw filenames
* Fixed long delay when closing stream on dual core systems
pkgsrc note: CVE-2008-0073 was already fixed by patch
This release fixes security vulnerabilities and also changes APIs. Sites are urged to upgrade immediately after reading the security announcement:
* SA-2008-026 - Drupal core - Drupal core - Access bypass
In addition to this security vulnerability, the following bugs have been fixed since the 6.0 release:
* #228120 by jvandyk: typo in documentation in comment.tpl.php
* #226480 by gpk: fix wording on when node access rebuild button is displayed in node_configure()
* #229817 by mcarrera: l() attributes were not properly specified in theme.inc's theme_username()
* #234403 by alienbrain: PHP.net documents we should use CRLF in mail headers, so do that
* #226555 by jvandyk, Rok Zlender: fix notice level error in xmlrpc.inc
* #204415 by chx: actually use 'administer content types' permission for node type editing instead of 'administer nodes'
* #234699 by hass: theme_link() did not mark frontpage links active properly
* #237717 by hass: missing t() in system_clear_cache_submit()
* #232037 by pwolanin: (performance) block regions should only be populated when called for, not in all cases (fixes performance expectation on 403/404 pages)
* #226728 by chx: (performance) temporary cache table entries were not flushed, causing cache_menu and cache_form to grow big
* #231587 by pwolanin, killes: (performance) use two level cache in menus, instead of storing very large amounts of data multiple times
* #239196 by jvandyk and myself: missing status check on nodes in search indexing counter
* rolling back #234403 by Bevan and damz: we should keep using LF in mail headers, without CR, CRLF causes problems
* #238564 by scor: two missing t() calls in update.module
* #241629 by solotandem: dblog module left one more row in, when cleaning up in cron
* #244597 by kbahey: remove cruft from user_login(), that added extra message to the form was never used or displayed
MediaTomb is an open source (GPL) UPnP MediaServer with a nice web
user interface, it allows you to stream your digital media through
your home network and listen to/watch it on a variety of UPnP
compatible devices.
MediaTomb implements the UPnP MediaServer V 1.0 specification that can
be found on http://www.upnp.org/. The current implementation focuses
on parts that are required by the specification, however we look into
extending the functionality to cover the optional parts of the spec as
well.
MediaTomb should work with any UPnP compliant MediaRenderer, please
tell the authors if you experience difficulties with particular
models, also take a look at the Supported Devices list for more
information.
With thanks to Jared Macneill for the patches to make this compile on
NetBSD.
Oh, and works very nicely with my Archos 605 (not in the Supported Devices
list).
