| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Security Fixes:
---------------
Annotate: Some requestable text-subsitution attributes caused a crash.
All formats: Image dimensions are checked to assure that they are within limits before proceeding to read the image.
BMP: Fix hang (endless loop) for certain files.
DCM: Fix crash as well as small heap over-write.
DPX: Fix crash due to DPX file reporting more elements than it has.
MNG: Validate MHDR chunk length to avoid huge memory allocation and DOS.
PCX: Fix for CVE-2014-8355. Validate file header in order to avoid buffer overun later.
PDB: Detect arithmetic overflows when calculating buffer sizes. Fix crash in writer when image width is not even multiple of 16. Fix buffer overrun with 2 and 4-bit PDB image files.
PNM: Validate PGM, PPM, and PAM header MaxValue parameter to avoid crash on poorly-formed input.
PNG: Impose a 10-million limit on dimensions when reading a PNG file to avoid denial of service.
PSD: Avoid problems caused by huge PSD colormap size.
PSD: Fix small stack over-write if more than 99 layers are written to PSD format.
PSD: Returns immediately if pixel limit was exceeded.
RLE: URT RLE reader is now more robust with errant files.
SUN: Header validation is now made fully robust, and arithmetic overflows in buffer-size calculations are detected to avoid heap overwrite.
TIFF: Fix crashes for photometrics which may delivery one or three samples per pixel (was assuming always three).
VIFF: Fixes to prevent buffer overflow. Validate colormap indexes.
Windows delegates: Fix unexpected argument splitting when invoking an external delegate program via delegates.mgk.
WPG: Fix use of NULL pointers. Fix buffer overflows.
XPM: Detect truncated row and quit with error rather than over-running a buffer.
XWD: Improve header validation. Added to UnstableCoderClass since the reader for this format should not be entrusted with untrustworthy input.
Bug fixes:
----------
CIN: Fix problem with text attribute values which are not NULL terminated. Validate sizes claimed by Cineon header.
Coverity: Fixes for many issues detected by Coverity scan (see ChangeLog).
DPX: Fix problem with text attribute values which are not NULL terminated.
DPX: Fix severe corruption of little-endian 32-bit packed output. Corruption was severe enough that it would have been noticed immediately.
Delegates: Fix possible memory leaks when invoking external application.
FITS: Properly validate values provided by file header.
GIF: Fix use of uninitialized data.
JBIG: Fix memory leaks.
JNG: Fix double-free error in error path.
JPEG: Verify the number of output components before attempting to decode the image.
Magick++: Image resolutionUnits() was not always returning correct value.
Magick++: Locking has not been working properly since the code was written in 1998. Apparently the issue has not been significant enough to cause run-time issues.
ICO: Windows icon reader is now much more robust.
MIFF: Reader now quits with an error if zip or bzip2 stream is corrupted.
MAT: Fix memory leaks.
PALM: Reader now reads various input formats (up to version 2) correctly whereas it was crashing or otherwise malfunctioning before. More work remains, particularly in the writer.
PCX: Eliminate memory leaks in error paths.
PDB: In PDB writer, void possible under-allocation due to arthimetic overflow when allocating packets.
PICT: Fix PICT reader crash with corrupted file.
PNG: Fix double-free error in error path.
PNG: Fixed handling of transparency when writing indexed PNG.
PNG: Avoid reading beyond the end of a tEXt keyword.
PSD: Fix error when reading PSDs files which have no layers.
RLA: Fix possible crash due to file header.
Signal Handling: Signal handling is now more robust and handles SIGSEGV and other critical signals. The sole purpose of the default signal handling is to remove any temporary files and quit. An informative message is printed for signals other than SIGINT.
SUN: Sun raster reader was not completely robust. Now it is.
SWF: Fix pixel cache access errors in 'ping' mode.
Text annotation: An empty text string is no longer treated as an error.
Text annotation: Fix regression added in 1.3.19 which caused spurious drawing errors to be produced while rendering with text when all of the text is off the left-hand side of the image.
TIFF: Fix unreliable reading JBIG compressed files by forcing use of strip reader rather than sometimes using scanline reader (which libtiff's JBIG codec does not support).
TIFF: Fix reading or writing planar min-is-white or min-is-black images with an associated alpha channel.
WebP: WebP writer now writes truely lossless output when requested.
identify / GetImageStatistics(): Failed to compute statistics for the Black channel of CMYK image files.
VICAR: Fix problem with continuing to "read" data when there is no more data left to read.
WMF: Fix memory leaks.
WPG: Fix potential DOS due to long reads during an error condition.
XPM: Avoid strncpy() of overlapping memory. Fixed memory leaks in error paths. Fixed bad memory access caused by empty file.
New Features:
-------------
compose: Supports composite operator names similar to the major *Magick brand, without losing any any compatibility with previous naming.
ICO: Windows ICO reader now supports reading PNG-encoded files.
Magick++ Geometry: New methods limitPixels() and fillArea() to support '@' and '^' geometry qualifiers. This enancement breaks the ABI due to previous use of inline methods and no place to put the new flags.
Magick++ Image::extent(): New method to place image on sized canvas of constant color using gravity.
Magick++ Image::formatExpression(): New method format a string based on a format similar to command-line -format.
Magick++ Image::resize(): New method to resize image specifying geometry, filter, and blur.
Magick++ STL extentImage: New New function object to invoke image extent method.
Magick++ Image::quiet(). New method which blocks (ignores) warning exceptions when passed a 'true' argument.
Resource limits: Added support for image Width and Height limits. Default image Width and Height limits are based on the range of a 32-bit signed integer, even for 64-bit builds which may have sufficient numeric range to image an entire galaxy. Limits may be increased as desired.
TIFF: Use define tiff:ignore-tags to ignore tags in 'corrupted' files with unknown and invalid tags. Use to read TIFF files which otherwise can not be read due to errors.
TIFF: Use '-define tiff:report-warnings=true' to enable that warnings reported by libtiff are thrown as warning exceptions so that they may be caught or will be reported at the gm command-line.
Windows Exceptions: A handler is registered (due to calling InitializeMagick()) to capture Windows Exceptions in a similar manner to the existing POSIX signal handler. If an application is using the library and wants to provide it own Windows exception handling, then it should make any changes after invoking InitializeMagick().
Windows Delegate Updates/Additions:
-----------------------------------
PNG: Update bundled libpng to 1.6.16. Resolves known security issues.
FreeType: Update bundled Freetype to 2.5.4. Resolves known security issues.
WebP: Update bundled WebP to 0.4.2 release.
WebP is auto-linked in Visual Studio.
Build Changes:
WebP is not included in the build when building with Visual Studio 6 (1998 vintage compiler!) since it requires more modern C.
Behavior Changes:
-----------------
AVI: Support for this format is removed since the implementation was worthless.
TIFF: Now uses YCbCr encoding when JPEG compression is requested for an RGB image.
|
|
|
|
12.0
Remove dependency on jaraco.util. Instead depend on surgical packages.
Deprecated irc.logging in favor of jaraco.logging.
Dropped support for Python 3.2.
11.1.1
Issue #55: Correct import error on Python 2.7.
11.1
Decoding errors now log a warning giving a reference to the Decoding Input
section of the readme.
11.0
Renamed irc.client.Manifold to irc.client.Reactor. Reactor better reflects
the implementation as a reactor pattern <. This name makes it’s function much
more clear and inline with standard terminology.
Removed deprecated manifold and irclibobj properties from Connection. Use
reactor instead.
Removed deprecated ircobj from SimpleIRCClient. Use reactor instead.
10.1
Added ServerConnection.as_nick, a context manager to set a nick for the
duration of the context.
10.0
Dropped support for Python 2.6.
Dropped irc.client.LineBuffer and irc.client.DecodingBuffer (available in
irc.client.buffer).
Renamed irc.client.IRC to irc.client.Manifold to provide a clearer name for
that object. Clients supporting 8.6 and later can use the Manifold name. Latest
clients must use the Manifold name.
Renamed irc.client.Connection.irclibobj property to manifold. The property
is still exposed as irclibobj for compatibility but will be removed in a future
version.
Removed unused irc.client.mask_matches function.
Removed unused irc.client.nick_characters.
Added extra numerics for ‘whoisaccount’ and ‘cannotknock’.
9.0
Issue #46: The whois command now accepts a single string or iterable for the
target.
NickMask now returns None when user, host, or userhost are not present.
Previously, an IndexError was raised. See Pull Request #26 for details.
|
|
* Fixed a compression-ratio regression in fast mode of LZMA1 and
LZMA2. The bug is present in 5.1.4beta and 5.2.0 releases.
* Fixed a portability problem in xz that affected at least OpenBSD.
* Fixed xzdiff to be compatible with FreeBSD's mktemp which differs
from most other mktemp implementations.
* Changed CPU core count detection to use cpuset_getaffinity() on
FreeBSD.
|
|
|
|
- don't use ALT_JDK_IMPORT_PATH on SunOS, just build like on other platforms
- regen all bootstraps to facilitate removal of the +UseSerialGC hacks
- bootstrap binaries on FTP are now PGP signed
- remove a handful of obsolete patches
|
|
Bumped the revision since it changes the resulting package.
ok schnoebe@
|
|
and CVE-2015-1464.
|
|
feature test macros. Should fix "UINTPTR_MAX not declared" error.
|
|
|
|
Changelog:
RT 4.2.10 -- 2015-02-26
-----------------------
RT 4.2.10 contains important security fixes, as well as minor bugfixes.
This release is primarily a security release; it addresses CVE-014-9472,
a denial-of-service via RT's email gateway, as well as CVE-2015-1165 and
CVE-2015-1464, which allow for information disclosure and session
hijacking via RT's RSS feeds.
As part of these security updates, RT's dependency on the Encode module
has been changed, to Encode 2.64. If upgrading, be sure to run
rt-test-dependencies to verify that your installed version of Encode
meets this requirement; if not, you will need to install a newer version
from CPAN.
This release is also a bugfix release; most notably, it addresses a bug
which causes RT to generate blank outgoing text/plain parts. This fix
requires installing the HTML::FormatExternal module, and having an
external tool (w3m, elinks, etc) installed on the server.
It also introduces indexed full-text searching for MySQL without the
need to recompile MySQL to use the external Sphinx tool; instead, a
MyISAM table is used for indexing. On MySQL 5.6 and above, an
additional InnoDB table can also be used.
The complete list of changes includes:
General user UI
* Speed up the default simple search on all FTS-enabled installs by not
OR'ing it with a Subject match. This returns equivalent results for
almost all tickets, and allows the database to make full use of the
FTS index.
* Pressing enter in user preference form fields no longer instead
resets the auth token (#19431)
* Pressing enter in ticket create and modify form fields now creates or
updates the ticket, instead being equivalent to "add more
attachments", or the "search" on People pages (#19431)
* Properly encode headers in forwarded emails that contain non-ASCII
text (#29753)
* Allow users to customize visibility of chart/table/TicketSQL in saved
charts
* Allow groups to be added as requestors on tickets
* Perform group searches case-insensitively on People page (#27835)
* Ticket create transactions for tickets created via the web UI now
contain mocked-up From, To, and Date headers; this causes them to
render more correctly when forwarded
* Update wording of error message for saved searches without a
description (#30435)
* Flush TSV download every 10 rows, for responsiveness
* Retain values in Quick Create on homepage if it fails (#19431)
* Limit the custom field value autocomplete to 10 values, like other
autocompletes (#30190)
* Fix a regression in 4.0.20/4.2.4 which caused some users to have
blank homepages (#30106)
* Fix styling on "unread messages" box on Ballard and Web2 themes
* Fix format of Date headers in RSS feeds (#29712)
* Adjust width of transaction date to accommodate all date formats
(#30176)
* Allow searching for tickets by queue lifecycle
Command-line
* Fix server name displayed at password prompt when RT is deployed at
a non-root path like /rt (#22708)
Admin
* If the optional HTML::FormatExternal module is installed, use w3m,
elinks, links, html2text, or lynx to format HTML to text. This
addresses problems with the pure-Perl HTML-to-text converted which
resulted in blank outgoing emails. (#30176)
* Add support for native (non-Sphinx) indexed full-text search on
MySQL. This uses the InnoDB fulltext engine on MySQL 5.6, and an
additional MyISAM table on prior versions of MySQL.
* Support MySQL database names with dashes in them (#7568)
* Properly escape quotes and backslashes in config options in web
installer (#29990)
* Increase length of template title form input
* Clarify wording on updating old Organization values by rt-validator
* Resolve a runtime error for SMIME without secret keys (#30436)
* Empty email addresses are no longer caught as being "an RT address"
if there exist queues without Correspond addresses set (#18380)
* Allow Parents/Children/Members/MemberOf in CreateTickets action
* Allow RT-Originator to be overridden in templates
* Ensure that HTML-encoded entities are indexed in FTS
* Fix uninitialized value warnings from charts grouped by date
* Remove no-op $CanonicalizeOnCreate configuration variable;
RT::User->CanonicalizeUserInfo is always called
* Make NotifyGroup action respect AlwaysNotifyActor argument
* Fix X-RT-Interface header on incoming email on existent tickets
* Warn on startup if queues have invalid lifecycles set (#28352)
Developer
* Add AfterHeaders callback to ShowMessageHeaders
* Update all upgrade steps to use .in files (#18856)
* Add policy tests to enforce the new upgrade step standards
* Remove +x bit from multiple non-executable files
* Make Obfuscate callback in configuration options be passed the
current user, as was documented
* Remove obsolete _CacheConfig parameters
* Preferentially use IN rather than multiple OR clauses
* Respect RowsPerPage for external custom field values
* Localize default statuses from RT_Config.pm, instead of hardcoding
* Add callbacks within Dates box after each type of Date
* Pass the CustomFieldObj down to CustomFieldValue objects intact, so
its ContextObj can be inspected; this is particularly useful for
external custom fields.
* Allow more than one right per @ACL in initialdata
* Don't hardcode share/html in tests, for non-default layouts
* Base detection of new themes on presence of main.css file, not
base.css file (#30554)
* Allow for relative "lib" in @INC when running tests
* Allow EditComponentName customfield callback to alter Rows/Cols
values
Serializer/importer
* Memory usage improvements in both serialization and import
* Templates, Scrips, and ObjectScrips now serialize correctly
when not cloning
Documentation
* Document how to enable un-indexed full-text-search, and its drawbacks
* Note that after restoring from backups, PostgreSQL may need to have
statistics updated
* New documentation on writing portlets
* Add an =pod directive so the first paragraph of UPGRADING is not
skipped
* Clarify when UPGRADING-x.y steps should be run
* Better document known bugs with Sphinx FTS
* Add missing semicolon on Shredder suggested indexes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reviewed by wiz@
|
|
|
|
|
|
Bump PKGREVISION.
|
|
|
|
* Fix PLIST with newer rubygems and ruby21.
|
|
|
|
## 1.2.1
- fix error for draft 76 when leftovers are empty
## 1.2.0
- Remove support for Ruby 1.8
- Add support for sending custom headers for Client
- Better detection and handling of draft 76
- Multiple small fixes and optimizations
|
|
|
|
pkgsrc change: Add pkg_alternatives support.
== 1.6.3 Protein Powder
* Add HTTP 422 status code [rajcybage]
* Add warning about EM reactor still running when stopping.
* Remove version number from "Server" HTTP header. [benbasson]
* Adding `--ssl-disable-verify` to allow disabling of client cert requests when SSL enabled [brucek]
* Ensure Tempfiles created by a large request are closed and deleted. [Tonkpils]
|
|
https://www.trinitydesktop.org/
KDE3 successor
|
|
|
|
|
|
* Comment out HOMEPAGE which has gone. (It's time to remove this pacahge?)
Bump PKGREVISION.
|
|
|
|
The TYPO3 Community announces the version 6.2.10 LTS of the TYPO3 Enterprise
Content Management System.
We announce the release of TYPO3 CMS 6.2.10 LTS, which is a regular
maintenance release that contains over 200 bug fixes and improvements.
For details about the release, please visit the following wiki page:
http://wiki.typo3.org/TYPO3_CMS_6.2.10
Performance Improvements
Additionally, a new extraordinary change in regard of performance was
included. The existing functionality for loading PHP classes was improved by
also including the autoloader functionality from the Composer project. This
is a backport from TYPO3 CMS 7.1 and will speed up requests for both
frontend pages and the TYPO3 Backend up to 20%, especially on sites with
non-cached frontend pages.
The backport to TYPO3 6.2.10 loads all PHP classes from the required system
extensions via a static class map based on the PSR-4 standard. All other PHP
classes are still loaded via the existing TYPO3-internal class loader.
For details about the integration and the functionality, see the
corresponding wiki page on http://wiki.typo3.org/ComposerClassLoader.
|
|
|
|
* Strengthen check for TracePoint compatibility. On JRuby 9.0.0.0-pre1,
TracePoint#binding, #return_value always return nil.
* Add workaround for ruby 2.2 in ruby 2.2, TracePoint#binding may return nil.
|
|
|
|
* Several improvements.
pkgsrc change:
* Add pkg_alternatives support.
|
|
|
|
From commit log:
* Remove require not needed since railtie takes care of that.
* Allow to pluralize active_model name.
|
|
|
|
|
|
CHANGES IN V1.0.66
- cups-browsed: SECURITY FIX: Fixed a bug in the remove_bad_chars()
failing to reliably filter out illegal characters if there are two
or more subsequent illegal characters, allowing execution of
arbitrary commands with the rights of the "lp" user, using forged
print service announcements on DNS-SD servers (Bug #1265).
- pdftoopvp: Added conditionals to also build with Poppler 0.31.0
and newer. Thanks to Armin K. (krejzi at email dot com) for the
patch (Bug #1254).
|
|
|
|
2015/02/25
+ modify gauge widget to keep from erasing a second gauge widget, e.g.,
via the "--and-widget" option. This is a cosmetic change to match
behavior of dialog 1.0 (report by Jason Orendorf).
+ add configure option "--with-man2html"
+ add configure options for versioned symbols, from ongoing work on
ncurses.
+ update configure macros, e.g., for shared libraries
|
|
|
