| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
The PHP development team is proud to announce the immediate release of PHP
5.3.4. This is a maintenance release in the 5.3 series, which includes a large
number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.4:
* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\0bar.txt) are now considered as invalid
(CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream
support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset
hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend
multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.
For users upgrading from PHP 5.2 there is a migration guide available here,
detailing the changes between those releases and PHP 5.3.
For a full list of changes in PHP 5.3.4, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be found on
windows.php.net/download/.
|
|
The PHP development team would like to announce the immediate
availability of PHP 5.2.15. This release marks the end of support for
PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
This release focuses on improving the security and stability of the
PHP 5.2.x branch with a small number, of predominatly security fixes.
Security Enhancements and Fixes in PHP 5.2.15:
* Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE.
* Fixed crash in zip extract method (possible CWE-170).
* Fixed a possible double free in imap extension.
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data).
Key enhancements in PHP 5.2.15 include:
* Fixed bug #47643 (array_diff() takes over 3000 times longer than php
5.2.4).
* Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
with SoapClient object).
* To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
migration guide available on http://php.net/migration53, details the changes
between PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.15 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.15.
|
|
|
|
The quvi is a command line tool for parsing video download links. It
supports Youtube and other similar video websites. libquvi is a
library for parsing video download links with C API. It is written in
C and intended to be a cross-platform library.
You can see the list of supported sites from 'quvi --support'.
|
|
|
|
the UI ported to qt4
(documents from pkgsrc/scribus can be imported, but not the other way)
|
|
|
|
2.2.19 Sat Dec 11 2010 Toni Gundogdu
Changes:
- Set <http://clive.sourceforge.net> as new WWW home
- Add man1/clive.1.pod, manify from this from now on
- Youtube: Extend format aliases to match quvi IDs
- Remove myubo support: dead site
- Backup ChangeLog as ChangeLog.pre-gitlog
- Generate ChangeLog from gitlog
- Rename Evisor.pm to Gaskrank.pm
- Rename tests
- Remove dangling (and broken) ehrensenf, cctv support
- Exclude network tests, can still be found in the repo
- gzip release tarball from now on
Bugfixes:
- Liveleak.pm: token/ID parsing
- Youtube.pm: Unknown error (http/404) [#1]
|
|
|
|
|
|
The following changes have been made between John 1.7.5.1 and 1.7.6:
* Generic crypt(3) support (enabled with "--format=crypt") has been added for
auditing password hash types supported by the system but not yet supported by
John's own optimized cryptographic routines (such as "SHA-crypt" and SunMD5).
* Optional parallelization of the above has been implemented by means of OpenMP
along with glibc's crypt_r(3) or Solaris' MT-safe crypt(3C).
* Optional parallelization of John's own optimized code for the OpenBSD-style
Blowfish-based crypt(3) (bcrypt) hashes with OpenMP has been added.
* A more suitable version of 32-bit x86 assembly code for Blowfish is now
chosen on Core i7 and similar CPUs (when they happen to run a 32-bit build).
* More optimal DES S-box expressions for PowerPC with AltiVec (making use of
the conditional select operation) contributed by Dumplinger Boy (Dango-Chu)
have been integrated.
* The bitslice DES C source code has been reworked to allow for the use of
arbitrary SIMD intrinsics, which was previously only implemented for AltiVec
as a special case.
* Support for SSE2 and MMX intrinsics with bitslice DES (as an alternative to
the supplied assembly code) has been added (currently only enabled for SSE2 on
x86-64 when compiling with GCC 4.4+).
* Support for mixed-type longer virtual vectors (such as SSE2+MMX, SSE2+ALU,
AltiVec+ALU, and other combinations) with bitslice DES has been added (not
enabled by default yet, primarily intended for easy benchmarks on future CPUs,
with future compiler versions, with even more SIMD instruction sets, and with
different DES S-box expressions that might be available in the future).
* The obsolete 32-bit SPARC assembly implementation of DES has been dropped.
* The loader will now detect password hashes specified on a line on their own,
not only as part of an /etc/passwd or PWDUMP format file.
* When run in "--stdin" mode and reading candidate passwords from a terminal
(to be typed by the user), John will no longer mess with the terminal settings.
* John will now restore terminal settings not only on normal termination or
interrupt, but also when forcibly interrupted with two Ctrl-C keypresses.
The following changes have been made between John 1.7.5 and 1.7.5.1:
* A new numeric variable has been added to the word mangling rules engine:
"p" for position of the character last found with the "/" or "%" commands.
The following changes have been made between John 1.7.4.2 and 1.7.5:
* Support for the use of "--format" along with "--show" or "--make-charset" has
been added.
* The choice of .rec and .log filenames for custom session names has been made
more intuitive.
* Support for "\r" (character lists with repeats) and "\p0" (reference to the
immediately preceding character list/range) has been added to the word mangling
rules preprocessor.
* The undefined and undocumented behavior of some subtle word mangling rules
preprocessor constructs has been changed to arguably be more sensible.
* Some bugs were fixed, most notably JtR crashing on no password hashes loaded
(bug introduced in 1.7.4.2).
The following changes have been made between John 1.7.4 and 1.7.4.2:
* Major performance improvements for processing of very large password files
or sets of files, especially with salt-less or same-salt hashes, achieved
primarily through introduction of two additional hash table sizes (64K and 1M
entries), changes to the loader, and smarter processing of successful guesses
(to accommodate getting thousands of hashes successfully cracked per second).
* Many default buffer and hash table sizes have been increased and thresholds
for the use of hash tables lowered, meaning that John will now tend to use
more memory to achieve better speed (unless it is told not to with the
"--save-memory" option).
* Some previously missed common website passwords found on public lists of
"top N passwords" have been added to the bundled common passwords list.
* Some bugs introduced in 1.7.4 and affecting wordlist mode's elimination of
consecutive duplicate candidate passwords have been fixed.
The following changes have been made between John 1.7.3.4 and 1.7.4:
* Support for back-references and "parallel" ranges has been added to the
word mangling rules preprocessor.
* The notion of numeric variables (to be used for character positions
and substring lengths along with numeric constants supported previously)
has been introduced into the rules engine. Two pre-defined variables
("l" for initial or updated word's length and "m" for initial or
memorized word's last character position) and 11 user-defined variables
("a" through "k") have been added. Additionally, there's a new numeric
constant: "z" for "infinite" position or length.
* New rule commands have been added: "A" (append, insert, or prefix with a
string), "X" (extract a substring from memory and insert), "v" (subtract
and assign to a numeric variable).
* New rule reject flags have been added: ":" (no-op, for use along with the
"parallel" ranges feature of the preprocessor) and "p" (reject unless word
pair commands are allowed, for sharing of the same ruleset between "single
crack" and wordlist modes).
* Processing of word mangling rules has been made significantly faster in
multiple ways (caching of the current length, less copying of data, code
and data placement changes for better branch prediction and L1 cache usage,
compiler-friendly use of local variables, code micro-optimizations,
removal of no-op rule commands in an initial pass).
* The default rulesets for "single crack" and wordlist modes have been
revised to make use of the new features, for speed, to produce fewer
duplicates, and to attempt additional kinds of candidate passwords (such
as for years 2010 through 2019 with "year-based" rules).
* The idle priority emulation code has been optimized for lower overhead when
there appears to be no other demand for CPU time.
* The default for the Idle setting has been changed from N to Y.
The following changes have been made between John 1.7.3.1 and 1.7.3.4:
* "make check" has been implemented (for Unix-like systems only).
* The "--test" option will now take an optional argument - the duration of each
benchmark in seconds.
* Section .note.GNU-stack has been added to all assembly files to avoid the
stack area unnecessarily being made executable on Linux systems that use this
mechanism.
* Some very minor bugs that did not affect normal operation have been fixed.
* Some unimportant compiler warnings have been fixed, a source code comment has
been made more verbose and more complete.
|
|
Fix build problem after update to Contao 2.9.2.
|
|
PR#44122.
|
|
etm-685, libgdata-0.6.6, libraw-0.12.0, x264-devel-20101211.
|
|
|
|
|
|
* support for new libjpeg v7
* fix to display of 8bit characters
|
|
|
|
|
|
when pkg_add'ing on NetBSD. Bump version to 20101212.
Ok jym, gdt
|
|
|
|
0.92:
Senko Rašić found that this should have depended on GLib 2.26, but still
only checked for 2.24. Sorry about that. So here's a new version,
identical to 0.90 except with the GLib dependency fixed.
0.90:
Christian Dywan (6):
Remove unused method attribute variables in introspect_interfaces
Dereference main loop once variant recursion test is done
Plug leak of expected_str in threaded server test
Free path string after emission in in statemachine server example
Always free method_c_name in dbus binding tool
Free looked up function name in dbus binding tool
Mike Gorse (1):
Fix switching a connection's GMainContext
Simon McVittie (18):
Add DBusGObjectPath, DBusGSignature typedefs
Give specialized GArrays iteration/appending support
Actually run test/core/test-gvariant
Test dbus_g_value_build_g_variant for various fixed arrays
Remove gcov decoder, which hasn't worked since dbus-glib left libdbus
replace remnants of gcov support with lcov.am from telepathy-glib
fd.o #30428: add dbus_g_value_parse_g_variant
dbus_g_type_specialized_map_append: document that the value contents are stolen
dbus_g_value_build_g_variant: cope with empty arrays, maps
Test dbus_g_value_parse_g_variant
dbus_g_value_basic_array_parse_variant: allow the fast path to be taken
Adjust syntax to avoid relying on array/pointer duality
dbus_g_value_parse_variant_by_type: talk about GVariant, not GDBus, in docs
Add dbus_g_value_parse_g_variant to gtkdoc
output unhandled GVariantClass as ASCII if possible
copy arrays of 'o', 'g' from GVariant without constructing a format string programmatically
Merge branch 'gvariant'
Merge branch 'type-names'
Will Thompson (5):
Build test/ before its subdirs.
Release version 0.90
Makefile.am: Remove ChangeLog's spurious FORCE dependency
HACKING: Fix release URL; be honest about NEWS
|
|
Updated fonts/umefont-ttf to 0.422.
|
|
|
|
Changelog:
In Gothic (Sans-serif) family
* Fix glyphs in Unicode : 0020-5b4c, 9fa0-ffff (first check)
* Fix glyphs in SJIS : second check completed
In Minchi (Serif) family
* Fix glyphs in Unicode : 0020-5b4c, 9fa0-ffff (first check)
* Fix glyphs in SJIS : second check completed
|
|
version 1.25 - Sergey Poznyakoff, 2010-11-07
* Fix extraction of empty directories with the -C option in effect.
* Fix extraction of device nodes.
* Make sure name matching occurs before eventual name transformation.
Tar 1.24 changed the ordering of name matching and name transformation
so that the former saw already transformed file names. This made it
impossible to match file names in certain cases. It is fixed now.
* Fix the behavior of tar -x --overwrite on hosts lacking O_NOFOLLOW.
* Improve the testsuite.
* Alternative decompression programs.
If extraction from a compressed archive fails because the corresponding
compression program is not installed and the following two conditions
are met, tar retries extraction using an alternative decompressor:
1. Another compression program supported by tar is able to handle this
compression format.
2. The compression program was not explicitly requested in the command
line by the use of such options as -z, -j, etc.
For example, if `compress' is not available, tar will try `gzip'.
version 1.24 - Sergey Poznyakoff, 2010-10-24
* The --full-time option.
New command line option `--full-time' instructs tar to output file
time stamps to the full resolution.
* Bugfixes.
** More reliable directory traversal when creating archives
Tar now checks for inconsistencies caused when a file system is
modified while tar is creating an archive. In the new approach, tar
maintains a cache of file descriptors to directories, so it uses more
file descriptors than before, but it adjusts to system limits on
the number of file descriptors. Tar also takes more care when
a file system is modified while tar is extracting from an archive.
The new checks are implemented via the openat and related calls
standardized by POSIX.1-2008. On an older system where these calls do
not exist or do not return useful results, tar emulates the calls at
some cost in efficiency and reliability.
** Symbolic link attributes
When extracting symbolic links, tar now restores attributes such as
last-modified time and link permissions, if the operating system
supports this. For example, recent versions of the Linux kernel
support setting times on symlinks, and some BSD kernels also support
symlink permissions.
** --dereference consistency
The --dereference (-h) option now applies to files that are copied
into or out of archives, independently of other options. For example,
if F is a symbolic link and archive.tar contains a regular-file member
also named F, "tar --overwrite -x -f archive.tar F" now overwrites F
itself, rather than the file that F points to. (To overwrite the file
that F points to, add the --dereference (-h) option.) Formerly,
--dereference was intended to apply only when using the -c option, but
the implementation was not consistent.
Also, the --dereference option no longer affects accesses to other
files, such as archives and time stamp files. Symbolic links to these
files are always followed. Previously, the links were usually but not
always followed.
** Spurious error diagnostics on broken pipe.
When receiving SIGPIPE, tar would exit with error status and
"write error" diagnostics. In particular, this occurred if
invoked as in the example below:
tar tf archive.tar | head -n 1
** --remove-files
`Tar --remove-files' failed to remove a directory which contained
symlinks to another files within that directory.
** --test-label behavior
In case of a mismatch, `tar --test-label LABEL' exits with code 1,
not 2 as it did in previous versions.
The `--verbose' option used with `--test-label' provides additional
diagnostics.
Several volume labels may be specified in a command line, e.g.:
tar --test-label -f archive 'My volume' 'New volume' 'Test volume'
In this case, tar exits with code 0 if any one of the arguments
matches the actual volume label.
** --label used with --update
The `--label' option can be used with `--update' to prevent accidental
update of an archive:
tar -rf archive --label 'My volume' .
This did not work in previous versions, in spite of what the docs said.
** --record-size and --tape-length (-L) options
Usual size suffixes are allowed for these options. For example,
-L10k stands for a 10 kilobyte tape length.
** Fix dead loop on extracting existing symlinks with the -k option.
|
|
|
|
|
|
|
|
referenced in Makefile.
D-Bus Python Bindings 0.83.2 (2010-12-02)
=========================================
Dependencies:
* libdbus 1.2 is still supported, but libdbus >= 1.4 is recommended.
Fixes:
* Make BusConnection.list_activatable_names actually call ListActivatableNames,
not ListNames (Johan Sandelin)
* Don't override CFLAGS when adding compiler warnings
(Louis-Francis Ratté-Boulianne)
* Fix compilation on platforms where Py_ssize_t is larger than int, like x86-64
(Elvis Pfützenreuter)
* fd.o #21831: deserialize empty byte arrays with byte_arrays=True as
ByteArray(''), not ByteArray('None') (Simon McVittie)
* fd.o #23278, #25105: fix crashes when trying to append more struct entries
than the signature allows with libdbus 1.4 (Simon McVittie)
* fd.o #23831: fix crashes when an embedded Python interpreter imports dbus,
is finalized, is re-initialized, and re-imports dbus (Simon McVittie)
|
|
|
|
2.26.3 (stable):
* Build/Installer: Added support for MSVC 2010 and 64 bit.
(Armin Burgmeier)
|
|
|
|
2010-12-04 Rasqal Version 0.9.21 Released
Updated to handle aggregate expression execution as defined by the
SPARQL 1.1 Query W3C working draft of 14 October 2010
Executes grouping of results: GROUP BY
Executes aggregate expressions: AVG, COUNT, GROUP_CONCAT, MAX, MIN,
SAMPLE, SUM
Executes filtering of aggregate expressions: HAVING
Parses new syntax: BINDINGS, isNUMERIC(), MINUS, sub SELECT and
SERVICE.
The syntax format for parsing data graphs at URIs can be explictly
declared.
The roqet utility can execute queries over SPARQL HTTP Protocol and
operate over data from stdin.
Added several new APIs
Fixed Issue: #0000388
|
|
|
|
* Version 2.10.4 (released 2010-12-06)
** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz.
** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures.
This makes us comply with RFC3279. Reported by Michael Rommel.
** libgnutls: Reverted default behavior for verification and
introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
V1 trusted CAs are allowed, unless the new flag is specified.
** minitasn1: Updated to Libtasn1 2.9.
** API and ABI modifications:
No changes since last version.
|
|
|
|
Gnumeric 1.10.12
Andreas:
* Add argument to FOURIER to separate parts.
* Extend TREND function to handle multiple regression. [#630085]
* Fix selection for sheet object lists and combos. [#631322]
* Preserve selection for sheet object lists when we change
content. [#631327]
* Add option to sheet object lists and combos to enter values
rather than index. [#629333]
* Fix manual pagebreak handling when printing. [#631570]
* Add menu items to remove and add manual page breaks.
* Improve the sc import.
* Fix button sensitivity in sort dialog. [#632999]
* Fix ODF export of files with large formatted sheets. [#634135]
* Fix extensions of supported ODF files. [#635111]
Hans de Goede:
* Fix import of dib format images in XLS. [#553098]
Jean:
* Fixed maximum for col/row number in sheet resize dialog. [#631702]
* Eliminate glade usage. [#631717]
* Fixed crash in print setup. [#634149]
* Fixed image bounds in zoomed sheets.
Morten:
* Fix crash related to broken xls. [#632050]
* Fix print area problem from broken xls.
* Fix printing crash. [#632439]
* Partially fix problem with undefined names. [#633140]
* Fix analysis tools problems when "as values" is chosen.
* Fix gtk+/X crash with large tooltips.
* Take care of dead kittens.
* Fix text object clipping issue. [#634597]
* Fix problem with disappearing window for empty file. [#634792]
* Fix ranges-in-expression criticals.
Sameer Morar:
* Add key combinations to move sheets. [#634139]
* Modify quit dialog to be able to discard multiple files without
saving. [#527133]
|
|
|
|
goffice 0.8.12:
Andreas
* Fix US 30/360 date calculations. [#631242][#630784]
Jean:
* Fixed sorting with accentuated characters. [#631504]
* Allow filled plots to be displayed behind the grids. [#632310]
* Fixed patterns with cairo-1.10.
* Fixed flawed exponential fit in graphs for small values. [#633735]
* Fixed an infinite loop condition in cubic spline evaluation. [#633965]
Morten:
* Fix GOImage-vs-cairo lifecycle issue.
* Fix loading of weird themes.
--------------------------------------------------------------------------
goffice 0.8.11:
Jean:
* Implement custom grids in xyz plots. [#624273]
Jon Nordby:
* Update API documentation.
Morten:
* Improve fractional days support for date axes.
* Draw charset/locale selectors with "radio" buttons.
Yasuaki Taniguchi:
* Fix charset problem for Japanese. [#627829]
|
|
|
|
|
|
|
|
instructions to accelerate baseline JPEG compression/decompression by about
2-4x on x86 and x86-64 platforms.
XXX Conflicts with graphics/jpeg - which rather demands a solution.
|
|
|
|
Fixed issues
* All ‘null (FP)’ problems should be resolved
* Post-end bid-counts should be correct again
* eBay is testing a new ‘confirm’ page which broke sniping.
* Update-All works again, and is reasonably efficient
* Substantial performance tuning
|
|
|
|
2.2.18 Tue Nov 30 2010 legatvs
Changes:
- Change google test URL
- Accept dailymotion swf URLs (related b#3115846)
|
|
|
