| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
New in 0.9.6:
* The data tables and line breaking algorithm have been updated to Unicode
version 8.0.0.
|
|
|
|
* Version 1.31 (released 2015-07-08) [bet
** libidn: stringprep_utf8_to_ucs4 now rejects invalid UTF-8. CVE-2015-2059
This function has always been documented to not validate that the
input UTF-8 string is actually valid UTF-8. Like the rest of the API,
when you call a function that works on UTF-8 data, you have to pass it
valid UTF-8 data. Application writers appear to have difficulties
using interfaces designed like that, as bugs triggered by invalid
UTF-8 has been identified in a number of projects (jabberd2, gnutls,
wget, and curl). While we could introduce a new API to perform UTF-8
validation, so that applications can easily implement the proper
checks, this appear error prone because there is a risk that the check
will be forgotten. Instead, we took the more radical approach of
modifying the documentation and the implementation of the API. The
intention is that all functions that accepts UTF-8 data should
validate it before use. This will solve the problem for applications,
without needing to change them. This change has the unfortunate
side-effect that Surrogate codes (see section 5.5 of RFC 3454) no
longer trigger the STRINGPREP_CONTAINS_PROHIBITED error code but
instead will trigger the newly introduced STRINGPREP_ICONV_ERROR error
code, as the gnulib/libunistring-based code that we use to test
UTF-8-compliance rejects Surrogate codes. We hope that this is an
acceptable cost to live with in order to improve application security.
We welcome feedback on this solution, and we are marking this release
as beta rather than stable to signal that we may reconsider this
approach if people disagree. Reported by several people including
Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos
Mavrogiannopoulos.
** libidn: Added STRINGPREP_ICONV_ERROR error code.
** libidn: Workaround valgrind/gcc/glibc issue.
Valgrind reported a 'Invalid read of size 4' that was caused by
optimized strlen implementation. Reported and patch by Alessandro
Ghedini <alessandro@ghedini.me>.
** build: Use LOG_COMPILER instead of TESTS_ENVIRONMENT to fix valgrind use.
Errors caught by valgrind did not always trigger 'make check' failures
before.
** i18n: Updated Danish translation.
Thanks to Joe Hansen.
** API and ABI is backwards compatible with the previous version.
|
|
when deciding to include stdbool.h or not.
Not bumping PKGREVISION as it should only affect nautilus builds, and
perhaps eog* and/or tellico*.
|
|
ninja-build-1.6.0, php-owncloud-8.1, py-django-1.7.9, py-django-1.8.3,
retroarch-1.2, webkit-gtk-2.8.4.
|
|
|
|
Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
o Alternate chains certificate forgery (CVE-2015-1793)
|
|
|
|
|
|
|
|
|
|
|
|
- Use nbcompat correctly.
- Support newer zlib API.
- Handle catpages correctly.
Fixes build on SunOS at least.
|
|
Updated sysutils/amanada-server to 3.3.1nb4
|
|
|
|
* Change packaging from bz2 to xz
* Fixed waitip
* For Prefix Delegation, servers must now support RFC7550
* Fixed detecting host routes in DHCP messages
* Fixed ARP checking that failed in some situations
* Fixed static address assignment in dhcpcd.conf
* Split IPv4LL state from DHCP and into it's own state
* Reject any NA/RA with a hop limit != 255
* Replace if_oneup with if_afwaited and af_waited for hook scripts
* Fix a potential buffer overrun if an embedded DHCP option is
a zero length or fails to parse - thanks to Paul Stewart
* Check fclose for errors - thanks to Bob
* wpad_url has been added to dhcpcd-definitions.conf
* Fix a double free when failing to send a DHCPv6 RELEASE
Thanks to Todd Blanchard.
* Correct IPv6 public address test, thanks to Micha? K?pie?
* Fix DHCPv6 starting if no public addresses found in the RA
but the M or O bit was set
* Replaced custom uptime() with clock_gettime(2)
* Fix DHCPv6 elapsed time
|
|
to configure.
Bump PKGREVISION
|
|
|
|
Mtx(1) is a set of low level driver programs to control features of SCSI
backup related devices such as autoloaders, tape changers, mediajukeboxes,
and tape drives. It can also report much data, including serial numbers,
maximum block sizes, and TapeAlert(tm) messages that most modern tape
drives implement, as well as do raw SCSI READ and WRITE commands to
tape drives.
It works like chio(1) but supports more features and drives and runs in
users land. There are some amanda (sysutils/amanda-server) scripts, which
depend on mtx.
|
|
|
|
configure tries to discover capstone (and ssl) with pkg-config.
This issue was spotted thanks to BulkTracker.
In case of missing capstone, the radare2's Makefiles tries to fetch them
with git. The missing git was the direct reason to fail during bulk builds.
This package is prepared to reuse capstone from devel/capstone and never
fetch additional dependencies, during its build, from external sources.
Reviewed by <khorben>
|
|
avoid network traffic during build.
|
|
|
|
|
|
This Makefile is now used by devel/radare2-valabind/Makefile as well.
|
|
|
|
|
|
radare2 is an advanced commandline hexadecimal editor
with a set of tools for working with binary files.
This package generates language bindings for radare2.
|
|
|
|
|
|
2015.07.05 - GNU nano 2.4.1 "Portorož" is released. This release
includes several fixes, including the ability to resize
when in modes other than the main editing window,
proper displaying of invalid UTF-8 bytes, new syntax
definitions for Elisp, Guile, and PostgreSQL, and
better display of shortcuts in the help menu and file
browser. Thanks for your patience and using nano!
|
|
- Make gvfs a suggested option.
ok @khorben, @dholland
|
|
|
|
I am happy to announce release of Qt 4.8.7 today bringing over 150
improvements and bug fixes. Qt 4.8.7 provides important security
updates, better support for Mac OS X 10.10 and many requested error
corrections. As a patch release, it does not add new functionality
and maintains full compatibility with previous Qt 4.8.x releases.
Highlights of Qt 4.8.7 are:
Security fix for DoS vulnerability in the BMP image handler
(CVE-2015-0295) as well as security fixes for vulnerabilities
in image handling of BMP (CVE-2015-1858), ICO (CVE-2015-1859)
and GIF (CVE-2015-1860)
Update 3rd party libpng to version 1.6.17 to address known
vulnerabilities in previous version
Update 3rd party libtiff to version 4.0.3 to address known
vulnerabilities in previous version
Better support for running Qt 4.8 applications on Mac OS X
10.10 Yosemite
Many customer requested bug fixes
|
|
|
|
Upstream announcement for 11.2.202.481:
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
Security Advisory for Adobe Flash Player
Release date: July 7, 2015
Vulnerability identifier: APSA15-03
CVE number: CVE-2015-5119
Platform: Windows, Macintosh and Linux
Upstream announcement for 11.2.202.468:
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
Security updates available for Adobe Flash Player
Release date: June 23, 2015
Vulnerability identifier: APSB15-14
CVE number: CVE-2015-3113
Platform: Windows, Macintosh and Linux
|
|
|
|
This file only lists a short summary of the changes between FileZilla versions.
For a full list of changes, please read the ChangeLog file.
Legend:
! Security related bugfix or otherwise critical bugfix
+ New feature or important bugfix
- Bugfixes
Platform prefixes:
MSW: Microsoft Windows
*nix: Unix (e.g BSD) and Unix-like systems (e.g. Linux)
OS X: Apple Mac OS X
3.12.0 (2015-07-08)
+ Directory comparison can be configured for Site Manager entires and bookmarks
- Instead of skipping commands due to spontaneous connection failures while
executing a command, reconnect and retry
- FileZilla no longer shows popup dialogs such as the file exists dialog if
another dialog or message box is already shown
- Improved compatibility with servers sending malformed FEAT replies
3.12.0-rc1 (2015-06-29)
+ FileZilla no longer visually enters each visited directory during recursive
operations, e.g. when downloading or deleting remote directories. During recursive
operations the server's directory structure can now be navigated as if idle
+ Ask for confirmation if trying to load Site Manager data originating from a
future version of FileZilla
+ Display location of settings directory on the About dialog
+ Display detected CPU features (on x86) on the About dialog
- Remove certificate verification messages in the message log for data connections
- Speed up parsing of the PASV reply
- The status bar of the search dialog now shows the number of found matches again
- OS X: Configuring SFTP keys no longer fails if the full path of FileZilla's
application bundle contains spaces
- *nix: Make waitable conditions immune to wallclock changes if the system
supports both clock_gettime and pthread_condattr_setclock
- Fixed a rare crash when queuing many socket threads for deletion at the same time
3.11.0.2 (2015-06-02)
- Fixed a potential crash if a connection gets remotely closed in the same
moment a new connection is to be opened
- Improved compatibility with servers sending pre-epoch timestamps
- Fixed pt_BR translation
3.11.0.1 (2015-05-22)
! Reject Diffie-Hellman Groups smaller than 1024 bits when using FTP over TLS to
protect against the Logjam attack
- Do not bind the source IP address of the data connection if the server is not
configured properly
- Deleting bookmarks from the bookmarks dialog no longer deletes the wrong bookmark
- Fixed CPU compatibility issues on 64bit binaries
3.11.0 (2015-05-19)
- Ensure the title bar is at least partially inside the screen boundary when
restoring a saved window position
- Fixed crash if opening a wrapped dialog without having restarted FileZilla
after having change language to Chinese or Japanese
3.11.0-rc1 (2015-05-12)
+ Implemented new date/time handling to solve issues with DST conversion
+ *nix: Official Linux binaries are now built for Debian Jessie
+ In passive mode transfer, the source IP of the data connection is now bound to
the same source IP as the control connection
- Requeueing of folder items no longer prints an error message
- Fix disabling of timeouts
- MSW: Fix the returned error level of the installer
- Fix a crash if disconnecting during transfers
- Official binaries now link against GnuTLS 3.4.1
- Official binaries now link against SQLite 3.8.10.1
=================
Use POSIC fcntl() instead of flock() on SunOS as well as apply to upstream
workarounds to redefinition involving 'struct mutex' on SunOS.
Add xgettext to USE_TOOLS.
|
|
|
|
|
|
Update DEPENDS
Upstream changes:
1.0037 2015-06-19 10:01:31 PDT
[Improvements]
- Lint: Support HTTP/2 in SERVER_PROTOCOL (kazuho) #511
- Bump HTTP::Headers::Fast dependency #512
|
|
|
|
Upstream changes:
0.18 2015-06-19T06:06:14Z
- import content_type_charset from HTTP::Headers. #5
(miyagawa)
|
|
|
|
Upstream changes:
Moodle-2.9.1
Highlights
A lot of work has been done in dealing with unexpected grade changes in the gradebook which some users have experienced when upgrading from Moodle 2.7 to 2.8 or 2.9. See the user documentation Grades min max and Gradebook calculation changes for details.
MDL-48618 - Dealing with unexpected changes to grades after upgrading to Moodle 2.8
MDL-49257 - Adjusting weights when extra credit item is present causes unexpected behaviour
MDL-48239 - Changing the maximum grade of items with calculation to the value different from 100
Another release highlight is the introduction of the authorised access to the YouTube repository. After upgrading you will need to enter an API key from YouTube into your site's YouTube repository settings.
MDL-50176 - Authenticated access to the YouTube repository
Functional changes
MDL-50089 - Gradebook export now respects aggregate only non-empty grades for percentage and letter
MDL-48467 - Atto: Clean the html even if submitting the form when Atto is in html view mode
API changes
MDL-49022 - sync_users must trigger event core\event\user_updated
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional access is used
MDL-39353 - Connection to a hub from behind a proxy server
MDL-49742 - Enrolled users page no longer displays sorting by fields that are not used in user identity
MDL-47787 - After deleting a quiz, its question categories and questions remain in the database
MDL-49764 - Fixed gradebook UI inconsistencies in Internet Explorer
MDL-49885 - The course overview block can now be added to Dashboard
MDL-50675 - Display Wikimedia repository thumbnails (caused by the change in Wikimedia API)
MDL-50091 - Fixed fatal error in gradebook singleview after a module has been uninstalled
MDL-48664 - Messaging contacts paging bar no longer expands and overlaps other text
MDL-50092 - User unenrollment is now working with IMS Enterprise
MDL-49560 - SOAP web service now works with token
MDL-50004 - Fix coursename and enrolment icons in category combo on Frontpage
MDL-50646 - Site default language should be set as the language for new users
MDL-50394 - Grade to pass no longer throws an error when a decimal point separator is used
MDL-50276 - Added missing new line separator in plain text e-mails from the forum
MDL-49061 - The activity completion report in a course correctly shortens headers when multi language filter is used
MDL-50275 - Added missing version bump after risk bitmap change in MDL-49941
MDL-50380 - Fixed missing parameter error when editing files in wiki
|
|
|
|
|
|
2.2.2 - 2014/08/31
- Public header cleanup and documentation update.
- Update Doxygen config.
- Bug #73058: Add missing include for MacOS.
- Bug #72810: Fix typo in date test in MP3 handler.
- Bug #83313: Fix crash on invalid Exif (from Samsung)
- Fix valgrind testing for xmpcore.sh
- Fix delete / delete[] mismatch in ID3_Support.hpp
2.2.1 - 2013/06/29
- Bug #54011: Use POSIX API for files on MacOS. (Misty De Meo)
- Bug #58175: Replace OS X FlatCarbon headers. (Misty De Meo)
- Added a manpage for exempi(1).
- Added the -n option to the command line for arbitrary namespaces.
2.2.0 - 2012/02/21
- New 'exempi' command line tool.
- Upgrade XMPCore to Adobe XMP 5.1.2
- Quicktime support now works without Quicktime.
- Reconciliation with ID3v2.
- "Blessed" 64-bits support (we already had it in exempi).
- Slight change in the way XMP are written for MWG compliance.
- Fixed a serious bug with RIFF.
- Change in the way local text encoding is dealt with.
- Alternative languages behave slightly differently by changing
how the default language property is managed.
- Probably a bunch of bugs fixed that I don't know about.
- Update unit tests.
- Refactor the fixtures.
- Use automake silent rules instead of shave. (build only)
- "make dist" generate a bzip2 archive as well. (build only)
- Remove some obsolete warning flags. (build only)
- Build xmpcommandtool
- New: API xmp_files_get_format_info().
- New: API xmp_files_check_file_format().
- New: API xmp_files_get_file_info().
- New: API XMP_PROP_ARRAY_INSERT_BEFORE, XMP_PROP_ARRAY_INSERT_AFTER array options.
- New: C++ helpers in xmp++.hpp.
Bug fixes:
- Bug #37747: mismatch delete/delete[] and new/new[] (from Meego
https://bugs.meego.com/show_bug.cgi?id=14661)
|
