shared-mime-info 0.18 (2006-07-03)
* Mime-type Changes:
- Add *.qtl to video/quicktime
- Add *.wax to audio/x-ms-asx
- Add *.mpga to audio/mpeg
- Add audio/x-ms-wma (Windows Media Audio)
- Add application/xspf+xml (XSPF playlist)
- Add a lot of subclassing information
- Fix the RSS mime-types
- Fix *.asx files' mime-type
- Avoid audio/x-ms-asx files being detected as HTML
- Avoid application/pdf files being detected as Matlab documents
- Clarify C, C++, C# and ObjC mime-types
* New translations:
- Danish
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
Changes since version 2.8.0.4:
- XSS vulnerability from requests not containing a token
- Reenable XML option in Export
- State in documentation that your browser must accept cookies
- CVS link was broken on main page
- Adding a user with password containing a backslash
- Removing a default value
- Setup script: compatibility with security tokens
- Setup script: detection of writable config
- Reading the database list with MySQL wildcards
Most notably this version includes fixes for
http://secunia.com/advisories/20365/
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903
The fix for the latter was provided in PR pkg/33616 by Cedric
Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
and is not part of the upstream version 4.1.20.
* Changes since last packaged version (4.1.19)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details):
This is a security fix release for the previous production release
family. This release includes the security fix described later in
this section and a few other changes to resolve build problems,
relative to the last official MySQL release (4.1.19).
Bugs fixed:
- Security fix: An SQL-injection security hole has been found in
multi-byte encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the mysql_real_escape_string() C
API function. (CVE-2006-2753, Bug#8378)
This vulnerability was discovered and reported by Josh Berkus
<josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of
the inter-project security collaboration of the OSDB consortium.
- The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
(In string literals with an escape character (\) followed by a
multi-byte character that has a second byte of (\), the literal
was not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict reverse of
the mysql_real_escape_string() function.)
- The client libraries had not been compiled for position-indpendent
code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
Bug#18091)
- Running myisampack followed by myisamchk with the --unpack option
would corrupt the auto_increment key. (Bug#12633)
the pkglint warning:
As {INSTALL,DEINSTALL}_TEMPLATE is modified using "+=", its name
should indicate plural.
This does make the variables a bit more suggestive of the fact that they
hold lists of values.
This avoids the need for a confusing line of the form:
DEINSTALL_TEMPLATE+= path/to/INSTALL
in the package Makefile, and actually removes the need to specify it
altogether since by convention, the existence of the DEINSTALL script
is enough to add it to DEINSTALL_TEMPLATE.
Fixed variable ref errors in adodb-ado5.inc.php in _query().
Mysqli setcharset fix using method_exists().
The adodb-perf.inc.php CreateLogTable() code now works for user-defined table names.
Error in ibase_blob_open() fixed. See
http://phplens.com/lens/lensforum/msgs.php?id=14997
Active Record
============
Now we only update fields that have changed, using $this->_original.
We do not include auto_increment fields in replace(). Thx Travis Cline
Added ADODB_ACTIVE_CACHESECS.
Mostly bug fixes from 3.8.
- Use string methods instead of deprecated string functions.
- Only use SQL-standard way of escaping quotes.
- Added the functions escape_string() and escape/unescape_bytea()
(as suggested by Charlie Dyson and Kavous Bojnourdi a long time ago).
- Reverted code in clear() method that set date to current.
- Added code for backwards compatibility in OID munging code.
- Reorder attnames tests so that "interval" is checked for before "int."
- If caller supplies key dictionary, make sure that all has a namespace.
