0.4.3 Ungrab keyboard after a key press 2010-04-02
0.4.2.1 Fix GCC warning on FreeBSD. 2010-03-22
0.4.2 Add some debug for buttons. 2010-03-21
0.4.1 This one should fix title problems 2010-03-12
This is a security and bugfix release of MediaWiki 1.15.3 and MediaWiki
1.16.0beta2.
MediaWiki was found to be vulnerable to login CSRF. An attacker who
controls a user account on the target wiki can force the victim to log
in as the attacker, via a script on an external website. If the wiki is
configured to allow user scripts, say with "$wgAllowUserJs = true" in
LocalSettings.php, then the attacker can proceed to mount a
phishing-style attack against the victim to obtain their password.
Even without user scripting, this attack is a potential nuisance, and so
all public wikis should be upgraded if possible.
Our fix includes a breaking change to the API login action. Any clients
using it will need to be updated. We apologise for making such a
disruptive change in a minor release, but we feel that security is
paramount.
For more details see https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
intended, the format string parser that generates the va_list does not support
all formatting characters.
Make this code portable by failing to parse any format string at all, not just
the ones that aren't fully supported.
Bump PKGREVISION for the functional change, though this code is probably
generally unused anyway. Unmark as BROKEN and NOT_FOR_PLATFORM - I think all
uses of va_list casts are inhibited.
leaf node. Adds DESTDIR support. Drop maintainership.
Nov. 21st, 2009 ivtools-1.2.8
- significant work on keeping up with gcc and libstdc++. A wrapper
for stdio.h was inadvertently getting pulled in by /usr/include
files, causing a lot of trouble. Now builds with gcc-4.4 on Ubuntu
9.10.
August 25th, 2009 ivtools-1.2.7
- series of memory leak checking commands
- added reference counting to OverlayView's (ComponentView's) referred from
AttributeValue's (#define RESOURCE_COMPVIEW)
- fixed attrname func.
- fixed stddev func.
- added BooleanType to NumFunc promotion method.
- fixed graphdraw copy/paste of graph fragments
- new SocketObj for use comterp
- fix behavior of symbol manipulating funcs, by using internal bquote.
- port to Ubuntu Heron
- applied (most of) patch to build on Fedora 10 contributed by John Heidemann
- balance of changes to support ipl-1.0.4
July 9th, 2008 ivtools-1.2.6
- Debian contributed patch for iostreams backward compatibility
- bug fix for dispatcher.c contributed by Damon Permezel
- add mute command to comterp
- balance of changes to support ipl-1.0.2
March 4th, 2008 ivtools-1.2.5
- overall evolution to support use by ipl-1.0.1 (see
http://sf.net/projects/ipl for further details)
changes.
Version 2.2.11
--------------
April 3, 2010
Bugfixes:
* Youtube, update patterns to reflect website changes
Version 2.2.10
--------------
March 24, 2010
Changes:
* Add buzzhumor.com support
* Mark ehrensenf.de support as broken
Bugfixes:
* Update --hosts format strings
* dailymotion.com
# Change format IDs to reflect website changes (yet again):
* h264-hd -> hd
* h264-hq -> hq
* removed h264 and spark-mini (no longer even listed)
# Parse title from elsewhere
* Title was previously parsed from the title HTML tag
* Which usually contained more than we cared for
# Spew out an error if the video looks like a partner video
* break.com
# Support, thanks to Werner Elsler for the fix
# Title parsing, ported from libquvi
* websetup: Add websetup_unsafe to allow marking other settings
as unsafe.
* Improve openid url munging; do not display anchors and cgi parameters,
as used by yahoo and google urls.
* Add complete German basewiki and directives translation done by
Sebastian Kuhnert.
* Add a include setting, which can be used to make ikiwiki process
wiki source files, such as .htaccess, that would normally be skipped
for security or other reasons. Closes: #447267
(Thanks to Aaron Wilson for the original patch.)
* Add support for setup files written in YAML.
* Add --set-yaml switch for setting more complex config file options.
* filecheck: Fix bugs that prevented the pagespecs from matching when
not called by attachment plugin.
* Fix incorrect influence info returned by a failing link() pagespec,
that could lead to bad dependency handling in certian situations.
* Add preprocessed 'use lib' line to ikiwiki-transition and ikiwiki-calendar
if necessary for unusual install.
* auto-blog.setup: Set tagbase by default, since most bloggers will want it.
* Allow wrappers to be built using tcc. (Workaround #452876)
* openid: Use Openid Simple Registration or OpenID Attribute Exchange
to get the user's email address and username. (Neither is yet
used, but they are available in the session object now.)
* page.tmpl: Add Cache-Control must-revalidate to ensure that users
(especially of Firefox) see fresh page content.
* htmlscrubber: Allow colons in urls after '?'
* template: Search for templates in the templatedir, if they are not
found as pages in the wiki.
Leaf package, updating during the freeze for bugfixes.
Bug fixes:
- SNMPv3 Engine ID registration. (Bug 2426)
- Open file dialog always displayed when clicking anywhere on
Wireshark. (Bug 2478)
- tshark reports wrong number of bytes on big dumpfiles with -z
io,stat. (Bug 3205)
- Negative INTEGER number displayed as positive number in SNMP
dissector. (Bug 3230)
- Add support for FT_BOOLEAN fields to wslua FieldInfo. (Bug 4049)
- Wireshark crashes w/ GLib error when trying to play RTP
stream. (Bug 4119)
- Windows 2000 support has been restored. (Bug 4176)
- Wrong dissection on be_cell_id_list for bssmap. (Bug 4437)
- I/O Graph dropdown boxes not working correctly. (Bug 4487)
- Runtime Error when right-clicking field and selecting "Filter
Field Reference". (Bug 4522)
- In GSM SMS PDU TPVPF showing wrong. (Bug 4524)
- Profinet: May be wrong defined byte meaning. (Bug 4525)
- GLib-CRITICAL ** Message. (Bug 4547)
- Certain EDP display filters trigger Wireshark/tshark runtime
error. (Bug 4563)
- Some NCP frames trigger "Dissector bug, protocol NCP". (Bug 4565)
- The encapsulation abbreviation "bluetooth-h4" is ambiguous.(Bug 4613)
Updated Protocol Support:
- BSSMAP, DMP, GSM SMS, LDSS, NCP, PN/IO, PPP, SIP, SNMP
Requested by Alistair Crooks.
* Security fixes (MFSA 2010-16 through MFSA 2010-24)
* Fixes for a number of non-security-relevant crashes, increasing the
stability of the whole platform and the Mail & Newsgroups part of SeaMonkey
* ChatZilla localization packs work again (Bug 540842)
* FTP file upload was fixed (Bug 467524)
* The internal help content was updated some more
1.5.1 - 2010-04-01
Core
* improve warning on adding large files
* expand ~ in auth filenames and aliases
* several improvements to patch parsing
* warn about attempts to use hg branch to switch branches
* push: fix bug in prepush logic and its tests
* hgweb: fix broken URLs of RSS/Atom feeds
* subrepo: several bug fixes
Extensions
* acl: added support for '*' (everyone) in user list
* progress: use stderr instead of stdout
* schemes: add Kiln On Demand to default schemes
Changes in version 0.2.1.25 - 2010-03-16
o Major bugfixes:
- Fix a regression from our patch for bug 1244 that caused relays
to guess their IP address incorrectly if they didn't set Address
in their torrc and/or their address fails to resolve. Bugfix on
0.2.1.23; fixes bug 1269.
- When freeing a session key, zero it out completely. We only zeroed
the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and
patched by ekir. Fixes bug 1254.
o Minor bugfixes:
- Fix a dereference-then-NULL-check sequence when publishing
descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes
bug 1255.
- Fix another dereference-then-NULL-check sequence. Bugfix on
0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
- Make sure we treat potentially not NUL-terminated strings correctly.
Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.
