Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
[ Simon McVittie ]
* img: stop ImageMagick trying to be clever if filenames contain a colon,
avoiding mis-processing
* HTML-escape error messages, in one case avoiding potential cross-site
scripting (OVE-20160505-0012)
* Mitigate ImageMagick vulnerabilities such as CVE-2016-3714:
- img: force common Web formats to be interpreted according to extension,
so that "allowed_attachments: '*.jpg'" does what one might expect
- img: restrict to JPEG, PNG and GIF images by default, again mitigating
CVE-2016-3714 and similar vulnerabilities
- img: check that the magic number matches what we would expect from
the extension before giving common formats to ImageMagick
* d/control: use https for Homepage
* d/control: add Vcs-Browser
[ Joey Hess ]
* img: Add back support for SVG images, bypassing ImageMagick and
simply passing the SVG through to the browser, which is supported by all
commonly used browsers these days.
SVG scaling by img directives has subtly changed; where before
size=wxh would preserve aspect ratio, this cannot be done when passing
them through and so specifying both a width and height can change
the SVG's aspect ratio.
* loginselector: When only openid and emailauth are enabled, but
passwordauth is not, avoid showing a "Other" box which opens an
empty form.
[ Amitai Schlair ]
* mdwn: Process .md like .mdwn, but disallow web creation.
[ Florian Wagner ]
* git: Correctly handle filenames starting with a dash in add/rm/mv.
-- Simon McVittie <smcv@debian.org> Fri, 06 May 2016 07:54:26 +0100
|
|
|
|
Upstream changes:
1.67 2016-03-31
- Fixed a regression introduced in 1.60. Older versions of this library would
match dates pretty match anywhere in a string, so "%Y-%m-%d" would match a
string like "abcd1234-12-30efgh". This is probably _too_ permissive, but we
definitely want to match on word boundaries so that we match
"log.2016-03-31". Based on a PR from YASUTAKE Kiyoshi. GitHub #3.
1.66 2016-03-27
- Added a zone_map constructor argument. This lets you supply a mapping for
ambiguous time zone abbreviations. Based on a patch from Douglas Wilson. RT
#74762.
1.65 2016-03-15
- Updated zone short name parsing to handle names like "+07", which were
introduced in the latest IANA time zone database release.
|
|
|
|
Upstream changes:
0.06 2015/02/06
- fix for #77911 Patch to add more functions
- new constructors: new, rand, pseudo_rand, rand_range
- new methods: ucmp, num_bits, num_bytes, rshift, lshift, swap
- improved pod documentation (added missing functions)
- XS code cleanup
0.05 2015/02/04
- fix for #84369 Win32 compatibility patch
- fix for #100993 Memory not reclaimed when CTX object goes out of scope
- fix for #86561 typo fixes
- fix for #82959 Error in synopsis: Crypt::OpenSSL::Bignum->new_from_hex("0x3e8") returns "0"
- fix for #81537 to_bin method returns garbage when value is zero
|
|
|
|
Upstream changes:
Version 2.12.01
Portability fixes for some platforms.
Fix error when not specifying a list file.
Correct the handling of macro-local labels in the Codeview debugging format.
Add CLZERO, MONITORX and MWAITX instructions.
Version 2.12
Major fixes to the macho backend (section 7.8); earlier versions would produce invalid symbols and relocations on a regular basis.
Support for thread-local storage in Mach-O.
Support for arbitrary sections in Mach-O.
Fix wrong negative size treated as a big positive value passed into backend causing NASM to crash.
Fix handling of zero-extending unsigned relocations, we have been printing wrong message and forgot to assign segment with predefined value before passing it into output format.
Fix potential write of oversized (with size greater than allowed in output format) relative relocations.
Portability fixes for building NASM with LLVM compiler.
Add support of Codeview version 8 (cv8) debug format for win32 and win64 formats in the COFF backend, see section 7.5.3.
Allow 64-bit outputs in 16/32-bit only backends. Unsigned 64-bit relocations are zero-extended from 32-bits with a warning (suppressible via -w-zext-reloc); signed 64-bit relocations are an arror.
Line numbers in list files now correspond to the lines in the source files, instead of simply being sequential.
There is now an official 64-bit (x64 a.k.a. x86-64) build for Windows.
Version 2.11.09
Fix potential stack overwrite in macho32 backend.
Fix relocation records in macho64 backend.
Fix symbol lookup computation in macho64 backend.
Adjust .symtab and .rela.text sections alignments to 8 bytes in elf64 backed.
Fix section length computation in bin backend which leaded in incorrect relocation records.
|
|
|
|
|
|
6.2.20 contains security fix.
2016-04-26 412080d [RELEASE] Release of TYPO3 6.2.22 (TYPO3 Release Team)
2016-04-26 1adf60b #75860 [BUGFIX] Double encoding in image title-tag (Frank Naegler)
2016-04-25 ec7b229 #75519 [BUGFIX] Remember not rendered checkboxes in TCA treeSelect (Frans Saris)
2016-04-20 576677d #73735 [BUGFIX] Check if folder is within the filemount (Frans Saris)
2016-04-18 8513140 #75548 [BUGFIX] RTE: Show content of link style dropdown again (Markus Klein)
2016-04-18 aed3061 #73567 [BUGFIX] Ignore cURL proxy header block (Albrecht Köhnlein)
2016-04-12 0dd0ce1 [TASK] Set TYPO3 version to 6.2.22-dev (TYPO3 Release Team)
2016-04-12 cd53673 [RELEASE] Release of TYPO3 6.2.21 (TYPO3 Release Team)
2016-04-12 5645614 #75541 [BUGFIX] Add missing bracket in EXT:rtehtmlarea to fix syntax error (Andreas Fernandez)
2016-04-12 c236b4d [TASK] Set TYPO3 version to 6.2.21-dev (TYPO3 Release Team)
2016-04-12 efbf8a9 [RELEASE] Release of TYPO3 6.2.20 (TYPO3 Release Team)
2016-04-12 1fcfd5b #75055 [SECURITY] Disallow login with empty password (Nicole Cordes)
2016-04-12 5a8e0a1 #28175 [SECURITY] Limit user access in workspace previews (Nicole Cordes)
2016-04-12 c6dcf83 #51908 [SECURITY] Prevent XSS in ElementBrowser (Markus Klein)
2016-04-12 ef368ac #75164 [SECURITY] Prevent XSS in SelectMultipleSideBySideElement (Nicole Cordes)
2016-04-12 e7ca585 #73459 [SECURITY] Fix arbitrary file disclosure in form extension (Steffen Müller)
2016-04-12 ab32091 #75022 [BUGFIX] Load XML files of Extension Manager properly (Andreas Fernandez)
2016-04-07 ab3cc83 #74131 [BUGFIX] WinCache 2.0 and newer have no opcode cache (Alexander Opitz)
2016-04-06 f5219a6 #75423 [TASK] Allow installation of composer installers 1.2.x (Helmut Hummel)
2016-04-04 08ef6cd #69773 [BUGFIX] Warning when clearing all caches from within install tool (Bernhard Kraft)
2016-03-31 d5d3832 #75273 [TASK] Loosen version constraint for TYPO3 CMS Composer Installers (Christian Opitz)
2016-03-31 ccea306 #73631 [BUGFIX] only trim leading slash from section name (Daniel Neugebauer)
2016-03-30 c36eb54 #75156 [BUGFIX] Add reference count to delete message (Gianluigi Martino)
2016-03-29 4b2594f #75283 [BUGFIX] Use proper quotation in phpdoc of ExtensionManagementUtility::addService() (Andreas Fernandez)
2016-03-29 d767d59 #75287 [BUGFIX] Fix typo in BooleanNode exception message (Sascha Egerer)
2016-03-23 297a828 #75242 [BUGFIX] Use `modTSconfig` for default language label, if set (Andreas Fernandez)
2016-03-12 c5cec73 #72606 [BUGFIX] Prevent TYPO3.settings in ajax requests (Nicole Cordes)
2016-03-11 e9c6fb9 #74815 [TASK] Add unit tests for TYPO3SEARCH markers (Tymoteusz Motylewski)
2016-03-10 7e934ec #74508 [BUGFIX] Load XML files of t3editor properly (Andreas Fernandez)
2016-03-06 25ee28e #72225 [BUGFIX] Workspace page previews collide with generated preview links (Oliver Hader)
2016-03-05 9db88b5 #74127 [BUGFIX] Ensure t3d compatibility for supported TYPO3 version (Nicole Cordes)
2016-03-04 3fbe9cd #70373 [BUGFIX] Adjust UserAgent checks in RTE to detect Edge correctly (Benjamin Kott)
2016-03-04 54e3a4d #71094 [TASK] Keep selected page active after save & close (Gianluigi Martino)
2016-03-04 5ecde7c #69346 [TASK] EXT:form - Update and optimize documentation (Björn Jacob)
2016-03-03 b389089 #72886 [TASK] Add info about Apache version when using mod_filter (Eric Chavaillaz)
2016-02-25 8060388 #73243 [BUGFIX] Stage buttons shown in frontend without user being repsonsible (Oliver Hader)
|
|
This will set all normal files to NONBINMODE (=644) avoiding, in the first
place, install warnings and errors about world and/or group writeability.
Some modules may even be shipped with egg-info files having mode 600
which has an adverse side-effect of wreaking havoc with setuptools
find_package() for *any* python module after installation of the culprit.
Ensuring world and group readability fixes this anomaly.
ok'd by wiz@
|
|
|
|
This release fixes some regressions introduced by the last security fixes.
Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of
bugs addressing these regressions and more information.
Changes since 4.3.8:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 11742: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11771: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11822: s3: libsmb: Fix error where short name length was read as 2
bytes, should be 1.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11780: smbd: Only check dev/inode in open_directory, not the full
stat().
* BUG 11789: pydsdb: Fix returning of ldb.MessageElement.
o Berend De Schouwer <berend.de.schouwer@gmail.com>
* BUG 11643: docs: Add example for domain logins to smbspool man page.
o Günther Deschner <gd@samba.org>
* BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build.
o Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
* BUG 8093: access based share enum: Handle permission set in configuration
files.
o Volker Lendecke <vl@samba.org>
* BUG 11816: nwrap: Fix the build on Solaris.
* BUG 11827: vfs_catia: Fix memleak.
* BUG 11878: smbd: Avoid large reads beyond EOF.
o Stefan Metzmacher <metze@samba.org>
* BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before
dereferencing an ioctl response.
* BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np.
* BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on
ldap_add.
* BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action
restored.
* BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain
list.
* BUG 11789: s3:wscript: pylibsmb depends on pycredentials.
* BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
* BUG 11847: Only validate MIC if "map to guest" is not being used.
* BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego
option for testing.
* BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
* BUG 11858: Allow anonymous smb connections.
* BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
* BUG 11872: Fix 'wbinfo -u' and 'net ads search'.
o Noel Power <noel.power@suse.com>
* BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.
o Garming Sam <garming@catalyst.net.nz>
* BUG 11789: build: Mark explicit dependencies on pytalloc-util.
o Partha Sarathi <partha@exablox.com>
* BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA
infolevel.
o Jorge Schrauwen <sjorge@blackdot.be>
* BUG 11816: configure: Don't check for inotify on illumos.
o Uri Simchoni <uri@samba.org>
* BUG 11691: winbindd: Return trust parameters when listing trusts.
* BUG 11753: smbd: Ignore SVHDX create context.
* BUG 11763: passdb: Add linefeed to debug message.
* BUG 11788: build: Fix disk-free quota support on Solaris 10.
* BUG 11798: build: Fix build when '--without-quota' specified.
* BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set.
* BUG 11852: libads: Record session expiry for spnego sasl binds.
o Hemanth Thummala <hemanth.thummala@nutanix.com>
* BUG 11740: Real memory leak(buildup) issue in loadparm.
* BUG 11840: Mask general purpose signals for notifyd.
|
|
|
|
Upstream changes:
0.300.2 2016-04-21
- Added ps support via pdflatex
0.300.1 2016-04-17
- Added ps support for xelatex
0.300.0 2016-04-16
- Fix 0.20 refactoring made stdout 'bleed' into caller's stdout
- Add more formats for explicit processor (pdf|xe)latex selection
- Win32 fixes
|
|
|
|
|
|
|
|
New in version 1.3.5
* enhancement: the platform's strtod() is exposed as SB-POSIX:STRTOD
* enhancement: speed up debug info creation for highly nested functions.
* enhancement: the interleaved structure slot optimization from release 1.2.6
has been ported to all architectures.
* enhancement: support run-program I/O redirection into lisp streams on Windows.
* bug fix: better wording in missed optimization note.
* bug fix: interpreted (CAS SVREF) was broken
* bug fix: support CLISP as build host for ARM
|
|
|
|
|
|
|
|
and for test-driving your code. It is written in C++ but is used in C
and C++ projects and frequently used in embedded systems but it works
for any C/C++ project.
CppUTest's core design principles are:
- Simple in design and simple in use.
- Portable to old and new platforms.
- Build with Test-driven Development in mind.
VS: ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
- Fix compatibility for 4.03 (#227)
- Various documentation fixes (#199,#200,#210,)
- Improve wildcard detection in the ppx (#198)
- Fix Lwt_stream: bounded_push#close wake the reader (#201)
- Fix infinite loop with Lwt_stream.choose (#214)
- Fix lazyness failure with Lwt_io.common#close (#207)
|
|
|
|
|
|
- Add all SHA-2 hash functions: SHA-224, SHA-384 and SHA-512
in addition to the existing SHA-256. (Closes: #1223)
- Add support for CTR (Counter) chaining mode.
- Fix compilation error with OCaml 4.03+dev.
- Avoid using some obsolete OCaml stdlib functions.
|
|
dependency
|
|
|
|
Redis 3.2 contains significant changes to the API and
implementation of Redis.
- A new set of commands for Geo indexing was added (GEOADD,
GEORADIUS and related commands).
- The new BITFIELD command handles contiguous arrays of integers
or counters of arbitrary bits width and offset inside strings.
- Memory optimizations to hold the same data in less memory.
- Lua scripts can now contain side effects using the new effect
replication.
- A complete remote Lua debugger is available in order to make
writing scripts a simpler task.
Read the release notes for the full set of changes:
https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
|
|
|
|
|
|
|
|
Consul is a tool for service discovery and configuration. Consul
is distributed, highly available, and extremely scalable.
|
|
|
|
Changelog:
Bug Fixes
The following table lists the bug fixes included in JDK 8u92 release:
Bug Id Category Subcategory Description
JDK-8041900 client-libs 2d [macosx] Java forces the use of discrete GPU
JDK-8132890 client-libs 2d Text Overlapping on Dot Matrix Printers
JDK-8132503 client-libs java.awt [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X
JDK-8138764 client-libs java.awt In some cases the usage of TreeLock can be replaced by other synchronization
JDK-8041501 client-libs javax.imageio ImageIO reader is not capable of reading JPEGs without JFIF header
JDK-8134828 client-libs javax.swing Scrollbar thumb disappears with Nimbus L&F
JDK-8131129 core-libs java.lang.invoke Attempt to define a duplicate BMH$Species class
JDK-8067800 core-libs java.time Clarify java.time.chrono.Chronology.isLeapYear for out of range years
JDK-8062901 core-libs java.util Iterators is spelled incorrectly in the Javadoc for Spliterator
JDK-8140587 core-libs java.util.concurrent Atomic*FieldUpdaters should use Class.isInstance instead of direct class check
JDK-8145539 core-libs java.util:collections (coll) AbstractMap.keySet and .values should not be volatile
JDK-8143297 core-libs jdk.nashorn Nashorn compilation time reported in nanoseconds
JDK-8143896 core-libs jdk.nashorn java.lang.Long is implicitly converted to double
JDK-8144020 core-libs jdk.nashorn Remove long as an internal numeric type
JDK-8144131 core-libs jdk.nashorn ArrayData.getInt implementations do not convert to int32
JDK-8146147 core-libs jdk.nashorn Java linker indexed property getter does not work for computed nashorn string
JDK-8147845 core-libs jdk.nashorn Varargs Array functions still leaking longs
JDK-8147857 core-svc javax.management RMIConnector logs attribute names incorrectly
JDK-8140244 core-svc tools Port fix of JDK-8075773 to AIX and possibly MacOSX
JDK-8139773 deploy Add more debug traces to deployment registration process (RegFx.cpp)
JDK-8142982 deploy Race Condition can cause CacheEntry.getJarSigningData() to return null.
JDK-8143294 deploy cookie handler can't get JSESSIONID on linux
JDK-8145217 deploy Fix GenericCookieHandlerTest
JDK-8143314 deploy packager Runtime not respected with INI-configuration while creating native bundle
JDK-8139389 deploy webstart Register a protocol handler for Java Webstart
JDK-6869327 hotspot compiler Add new C2 flag to keep safepoints in counted loops.
JDK-8058563 hotspot compiler InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries
JDK-8080650 hotspot compiler Enable stubs to use frame pointers correctly
JDK-8129847 hotspot compiler Compiling methods generated by Nashorn triggers high memory usage in C2
JDK-8131782 hotspot compiler C1 Class.cast optimization breaks when Class is loaded from static final
JDK-8139421 hotspot compiler PPC64LE: MacroAssembler::bxx64_patchable kills register R12
JDK-8140483 hotspot compiler Atomic*FieldUpdaters final fields should be trusted
JDK-8144487 hotspot compiler PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true
JDK-8144935 hotspot compiler C2: safepoint is pruned from a non-counted loop
JDK-8145754 hotspot compiler PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI
JDK-8065579 hotspot gc WB method to start G1 concurrent mark cycle should be introduced
JDK-8138966 hotspot gc Intermittent SEGV running ParallelGC
JDK-8145442 hotspot gc Add the facility to verify remembered sets for G1
JDK-8029630 hotspot runtime Thread id should be displayed as hex number in error report
JDK-8046611 hotspot runtime Build errors with gcc on sparc/fastdebug
JDK-8087120 hotspot runtime [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms
JDK-8138745 hotspot runtime Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot
JDK-8139258 hotspot runtime PPC64LE: argument passing problem when passing 15 floats in native call
JDK-8143963 hotspot runtime improve ClassLoader::trace_class_path to accept an additional outputStream* arg
JDK-8029726 hotspot svc On OS X some dtrace probe names are mismatched with Solaris
JDK-8029727 hotspot svc On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired.
JDK-8029728 hotspot svc On OS X dtrace probes SetStaticBooleanField are not fired
JDK-8130910 hotspot svc hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions
JDK-8140031 hotspot svc SA: Searching for a value in Threads does not work
JDK-8144885 hotspot svc agent/src/os/linux/libproc.h needs to support Linux/SPARC builds
JDK-8145099 hotspot svc Better error message when SA can't attach to a process
JDK-8074935 security-libs java.security jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
JDK-8139436 security-libs java.security sun.security.mscapi.KeyStore might load incomplete data
JDK-8064330 security-libs javax.net.ssl Remove SHA224 from the default support list if SunMSCAPI enabled
JDK-8131665 security-libs javax.net.ssl Bad exception message in HandshakeHash.getFinishedHash
JDK-8136442 security-libs javax.net.ssl Don't tie Certificate signature algorithms to ciphuites
JDK-8038184 security-libs javax.xml.crypto XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
JDK-8038349 security-libs javax.xml.crypto Signing XML with DSA throws Exception when key is larger than 1024 Exception when calling super with Object<>()
JDK-8066974 tools javac Compiler doesn't infer method's generic type information in lambda body
JDK-8068254 tools javac Method reference uses wrong qualifying type
JDK-8130506 tools javac javac Assertien invoking MethodHandle.invoke with lambda parameter
JDK-8134007 tools javac Improve string folding
JDK-8134759 tools javac jdb: Incorrect stepping inside finally block
JDK-8139751 tools javac Javac crash with -XDallowStringFolding=false
JDK-8145466 tools javac javac: No line numbers in compilation error
JDK-8145722 tools javadoc(tool) NullPointerException in javadoc
JDK-8133924 xml jaxp NPE may be thrown when xsltc select a non-existing node after JDK-8062518
|
|
|
|
Vault is a tool for securely accessing secrets. A secret is
anything that you want to tightly control access to, such as API
keys, passwords, certificates, and more. Vault provides a unified
interface to any secret, while providing tight access control and
recording a detailed audit log.
|
|
|
|
---------------------------------
7.12 Wed Jan 27 19:12:26 CET 2016
- use common name as hostname for tls connects, if Net::SSLeay
supports SNI.
- fix documentation of tls_autostart read type in AnyEvent::Handle,
analyzed by Felix Ostmann.
|
|
|
|
(fails with Conflicting PLIST with p5-Perl4-CoreLibs-0.003nb5):
- Add DEPENDS+= p5-Perl4-CoreLibs
- Remove newgetopt.pl from Getopt-Long.pm (by patch-Makefile.PL)
(Fortunately the files are exactly the same as v1.18)
Thanks dholland@ for review :-)
|
|
|
|
20160506:
* M+ OUTLINE FONTS has been updated to TESTFLIGHT 061 (2016.04.12).
|