-update broken link in FAQ. Thanks: Stefan Kangas.
-strip a few extra problematic (on non-Unix systems) characters when
generating oldmail filenames; backslash was requested by Andy Ross.
If upgrading and your current oldmail file contains any of these
characters:
\ ; < > |
... then rename it, replacing runs of one or more of those characters with
a single "-".
-improve clarity of message logged by getmail when an external program exits
0 but getmail considers it failed because it wrote to stderr. Thanks:
Chris Dennis.
Several versions of libpng through 1.4.2 (and through 1.2.43 in
the older series) contain a bug whereby progressive applications
such as web browsers (or the rpng2 demo app included in libpng)
could receive an extra row of image data beyond the height reported
in the header, potentially leading to an out-of-bounds write to
memory (depending on how the application is written) and the
possibility of execution of an attacker's code with the privileges
of the libpng user (including remote compromise in the case of a
libpng-based browser visiting a hostile web site). This vulnerability
has been assigned ID CVE-2010-1205 (via Mozilla).
An additional memory-leak bug, involving images with malformed sCAL
chunks, is also present; it could lead to an application crash
(denial of service) when viewing such images.
Both bugs are fixed in versions 1.4.3 and 1.2.44.
version 1.4.3beta01 [June 18, 2010]
Added missing quotation marks in the aix block of configure.ac
The new "vstudio" project was missing from the zip and 7z distributions.
In pngpread.c: png_push_have_row() add check for new_row > height
version 1.4.3beta02 [June 18, 2010]
Removed the now-redundant check for out-of-bounds new_row from example.c
version 1.4.3beta03 [June 18, 2010]
In pngpread.c: png_push_finish_row() add check for too many rows.
version 1.4.3beta04 [June 19, 2010]
In pngpread.c: png_push_process_row() add check for too many rows.
Removed the checks added in beta01 and beta03, as they are now redundant.
version 1.4.3beta05 [June 20, 2010]
Rewrote png_process_IDAT_data to consistently treat extra data as warnings
and handle end conditions more cleanly.
Removed the new (beta04) check in png_push_process_row().
version 1.4.3rc01 [June 21, 2010]
Revised some comments in png_process_IDAT_data().
version 1.4.3rc02 [June 22, 2010]
Changed char *msg to PNG_CONST char *msg in pngrutil.c
Stop memory leak when reading a malformed sCAL chunk.
Removed some trailing blanks.
version 1.4.3rc03 [June 23, 2010]
Revised pngpread.c patch of beta05 to avoid an endless loop.
version 1.4.3 [June 26, 2010]
Updated some of the "last changed" dates.
In Gothic (Sans-serif) family
Version 414
* Fix glyphs in Unicode : 0020-4f1a, 9fa0-ffff
Version 415
* Fix glyphs in Unicode : 0020-4f1a, 9fa0-ffff, and 9 characters
Version 416
* Fix glyphs in Unicode : 0020-4f1a, 9fa0-ffff
In Minchi (Serif) family
Version 414
* Fix glyphs in Unicode : 0020-44e0, 9fa0-ffff
Version 415
* Fix glyphs in Unicode : 0020-44e0, 9fa0-ffff
Version 416
* Fix glyphs in Unicode : 0020-44e0, 9fa0-ffff
MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored
if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-27 Use-after-free error in nsCycleCollector::MarkRoots()
MFSA 2010-26 Crashes with evidence of memory corruption
MFSA 2010-25 Re-use of freed object due to scope confusion
New features since 0.9.93
* Add knots as a speed unit option.
* Detect USB Garmin eTrex HCx Legend devices (and maybe others).
* Auto use of /dev/ttyUSB type device if available on Unix systems.
* Add ability to turn off Garmin GPS after transfer.
* Add a 'home' default location preference.
* Add ability to changes preferences outside of the preferences.c file.
* NLS Maps API: Historic map of Great Britain
* Change GUI related command line parameter for Waypoint symbol size into run time preference.
* Support All Zoom Levels in Zoom Menu
* [DOC] Import User Manual from wiki
* Add menu item for help contents
(Update started before freeze, ok wiz@ to commit now.)
MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored
if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-26 Crashes with evidence of memory corruption
for a handful of bugfixes, to 3.20100623. From the changelog:
* openid: Add openid_realm and openid_cgiurl configuration options,
useful in a few edge case setups.
* attachment: Show files from underlay in attachments list.
* img: Support hspace and vspace attributes.
* editpage: Rename "comments" field to avoid CSS conflict with the
comments div.
* edittemplate: Make silent mode not disable display when the template
page does not exist, so it can be easily created.
* edittemplate: Look for template pages under templates/ like everything
else (still looks in old location for backwards compatibility).
* attachment: When inserting links, insert img directives for images,
if that plugin is enabled.
* websetup: Allow enabling plugins listed in disable_plugins.
* editpage, comments: Fix broken links in sidebar (due to forcebaseurl).
(Thanks, privat)
* calendar: Tune archive_pagespec to only match pages, not other files.
* Fix issues with combining unicode srcdirs and source files.
(Workaround bug #586045)
* Make --gettime be honored after initial setup.
* git: Fix --gettime to properly support utf8 filenames.
* attachment: Support Windows paths when taking basename of client-supplied
file name.
* theme: New plugin, allows easily themeing a site via the underlay.
* Added actiontabs theme by Svend Sorensen.
* Added blueview theme by Bernd Zeimetz.
* mercurial: Fix buggy getctime code. Closes: #586279
* link: Enhanced to handle URLs and email addresses. (Bernd Zeimetz)
