| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Two security issues were discovered:
A CSS validation issue was discovered which allows editors to display
external images in wiki pages. This is a privacy concern on public
wikis, since a malicious user may link to an image on a server they
control, which would allow that attacker to gather IP addresses and
other information from users of the public wiki. All sites running
publicly-editable MediaWiki installations are advised to upgrade. All
versions of MediaWiki (prior to this one) are affected.
A data leakage vulnerability was discovered in thumb.php which affects
wikis which restrict access to private files using img_auth.php, or
some similar scheme. All versions of MediaWiki since 1.5 are affected.
Deleting thumb.php is a suitable workaround for private wikis which do
not use $wgThumbnailScriptPath or $wgLocalRepo['thumbScriptUrl'].
Alternatively, you can upgrade to MediaWiki 1.15.2 or backport the
patch below to whatever version of MediaWiki you are using.
|
|
|
|
|
|
|
|
|
|
For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.
Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).
Changes with Apache 2.2.15
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
by rejecting any client-initiated renegotiations. Forcibly disable
keepalive for the connection if there is any buffered data readable. Any
configuration which requires renegotiation for per-directory/location
access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
*) SECURITY: CVE-2010-0408 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
*) SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
|
|
|
|
|
|
|
|
|
|
o CVE-2010-0728:
In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
was added to fix a problem with Linux asynchronous IO handling.
This code introduced a bad security flaw on Linux platforms if the
binaries were built on Linux platforms with libcap support.
The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
capabilities, allowing all file system access to be allowed
even when permissions should have denied access.
|
|
|
|
Updated to tzdata version 2010e
(http://article.gmane.org/gmane.comp.time.tz/3128).
|
|
|
|
1.3.12 (March 8, 2010)
==========================
Security Fixes:
* Updated libpng Windows sources to 1.2.43 in order to resolve
CVE-2010-0205 as it pertains to the GraphicsMagick Windows build.
Bug fixes:
* Filter mode (write to stdout) was completely broken.
* Should now compile with libpng 1.4.
* Windows PerlMagick build identified itself as the wrong version.
New Features:
* None
Feature improvements:
* None
Performance Improvements:
* None
Behavior Changes:
* DCX output format is only written on request. Previously the PCX
coder would automatically switch to DCX format if multiple frames
would be written.
|
|
|
|
* Detect Sys::Syslog vs. Unix::Syslog at run-time
rather than when running ./configure.
* Bug fix: Don't change Content-Disposition to "inline" by default.
This was causing weird bugs with Outlook iCalendar attachments.
* Various crash fixes.
* Make relay_is_blacklisted and relay_is_blacklisted_multi handle
IPv6 addresses.
* Make the C code call smfi_setmlreply if the milter library supports it
and the Perl code returns a multi-line reply.
(And take over maintainer)
|
|
|
|
Samba 3.0 and 3.3. They were completely broken before this.
Bump PKGREVISION for both samba and samba33.
Fix from PR pkg/38961 by Makoto Fujiwara <makoto at ki dot nu>.
|
|
|
|
|
|
using SDL.
|
|
Changes:
Bug #141:
Fix: Raster map search does not work with map files containing multiple '.'
Bug #142:
Fix: Raster map search does not work with lon/lat WGS84 projection
Request #143:
Delete map while active/shown
Request #144:
Make scalebar work for maps with lat/lon projection
Bug #145:
Fix: Zoom to area does not work when using lon/lat DEM and Garmin maps
Bug #146:
Fix: qlb and sticky waypoint handling for qt4.6
Request #147:
Hide / show tracks
Request #148:
Add zoom to fit for multiple selected tracks
Request #149:
Add zoom to fit for multiple selected waypoints
Request #150:
Rewrite 3D view
Request #151:
Add first person view to 3D view
Request #152:
Add point of view on track to 3D view
Request #153:
Add compass to 3D view
Request #154:
Add elevation meter to 3D view
Request #155:
Add artificial horizont to 3D view
Request #156:
Add zoom to fit for multiple selected overlays
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The changelog is too long to paste it here,
but you can find it at http://www.unbound.net/download.html
|
|
|
|
|
|
pkgsrc changes:
- Remove inactive and non-responsive maintainer
- Activate M:I:B module type
Upstream changes:
3.11008 2010-03-02
- Added support for new api methods: reverse_geocode, geo_id
- Updated method "update" with new parameters: place_id,
display_coordinates
3.11007 2010-02-27
- xAuth implemented and tested
3.11006_01 2010-02-26
- xAuth implemented: @oauth = $nt->xauth($username, $password);
3.11006 2010-02-25
- Fixed: unicode.t skip needed number of tests to skip (miyagawa)
3.11005 2010-02-25
- Fixed: image updates accept a single array ref argument (RT#54422)
- Fixed: "since" synthetic arg with InflateObjects role (RT#54901)
- Fixed: utf8 encoding error for latin1 using Basic Authentication
- Allow a pre-created user agent object as argument to new (ua => $ua)
- FAQ: How do I get Twitter to display something other than
"from Perl Net::Twitter"?
3.11004 2010-02-09
- Removed an extraneous tar ball from the distribution (no code changes)
|
|
|
|
pkgsrc changes:
- Adjust dependencies and module type
Upstream changes:
0.07 Tue Mar 02 2010
- Changed build to Module::Install
- Added integration with config_perlcritic config entry
- Added translations:
- French (jquelin)
- Polish (therek)
- Chinese (Traditional) translation (BLUET)
- Arabic (azawawi)
- Spanish (brunov)
- Brazilian Portuguese (garu)
|
|
|
|
Upstream changes:
0.10 Thu Jan 21 2010
- A variety of cleanups to use Padre::Current more efficiently (ADAMK)
- Added menu separator (ADAMK)
- A somewhat cleaner code style that is closer to general conventions (ADAMK)
- Added project config file that matches that of Padre itself (ADAMK)
- Applied the Perl::Tidy plugin to itself, using the project config (ADAMK, BRICAS)
- Added a few more menu tests (BRICAS)
|
|
|
|
Upstream changes:
3.63 Fri Mar 5 13:11:48 EST 2010
- Fix for shared object destruction bug
3.62 Thu Mar 4 04:24:02 2010
- Extended the change in v3.59 to Perl 5.8.9
3.61 Wed Mar 3 21:37:19 2010
- Code cleanup
3.59 Wed Mar 3 19:11:50 2010
- Fixed shared object destruction when using Thread::Queue
|
|
|
|
pkgsrc changes:
- Add license definition
Upstream changes:
version 0.93: Thu Dec 24 11:09:49 CET 2009
Fixes:
- Mail::Identity->from(Mail::Address) produced error
rt.cpan.org#52115 [Dmitry Bigunyak]
Improvements:
- do not run t/pod.t in devel environment.
|
|
|
|
pkgsrc changes:
- Add license definition
Upstream changes:
3.11 2010-03-01 sbeck
* NEW CODE(s)
* Added the IANA domain names to Country
* Fixed a problem that produced warnings with perl 5.11.5.
Jerry D. Hedden
*
3.10 2010-02-18 sbeck
* Moved support files into the Locale::Codes namespace.
* The work done in each of the Locale::XXX modules was
virtually identical to each other. It has all
been moved to a central module and the
Locale::XXX moduels are now just wrappers.
* The XXX_code2code functions would return undef if the
same codeset were passed in for both the 2nd and
3rd arguments. This doesn't make sense and has
been changed.
* Added all semi-private routines (except for the
couple that were already present):
rename_XXX
add_XXX
delete_XXX
add_XXX_alias
delete_XXX_alias
rename_XXX_code
add_XXX_code_alias
delete_XXX_code_alias
* Added "UK" alias. Steve Hay
3.01 2010-02-15 sbeck
* Fixed Makefile.PL and Build.PL to install as core
modules.
3.00 2010-02-10 sbeck
* Took over maintenance of the code
* All codes and country names come from the official
standards
* code2country now returns the name of the country specified
in the standard (if the different standards refer
to the country by different variations in the name,
the results will differe based on the CODESET)
* Added code sets
FIPS 10 country codes
Alpha-3 and Term language codes
Numeric currency codes
* The rename_country funcion from 2.07 would guess the
CODESET (unlike all other functions which used
a default of LOCALE_CODE_ALPHA_2). The guess can
cause problems since (with the addition of FIPS)
codes may appear in different codesets for different
countries. The behavior has been changed to be
the same as other functions (default to
LOCALE_CODE_ALPHA_2).
* Dropped support for _alias_code
* Added language_code2code, currency_code2code
|
|
|
|
pkgsrc changes:
- Adjust license definition
- Adjust homepage
Upstream changes:
0.17 Thu Jan 14 09:20:00 2010
- Support for RFC3579 - Message-Authenticator
0.16 Mon Dec 14 13:34:00 2009
- Generate random authenticators
- Support for CoA request (thanks to Oleg Gawriloff for the patch)
- Ability to specify the source IP/port for outgoing packets
0.15 Mon Oct 05 12:00:00 2009
- Bugfixes in error handling
0.14 Mon Aug 17 15:00:00 2009
- Authen::Radius is now distributed under the Perl Artistic
License v2.0
- Support for RADIUS retransmits
- For the "check_pwd" method plance the local socket's "real"
IP address into the NAS-IP-Address attribute
instead of 127.0.0.1
|
|
|
|
pkgsrc changes:
- Remove big-endian check, big-endian architectures are supported since
3.24
Upstream changes:
*** This will probably be the last release. From now on, please use
Net::Frame::* modules on CPAN. This framework is obsolete.
3.27 Mon Nov 9 19:19:57 CET 2009
- bugfix: PPPoE packing payload
=> http://rt.cpan.org/Public/Bug/Display.html?id=51112
- update: copyright notice
|
|
|
|
Upstream changes:
2.01 2010-03-01 00:00:00
- Removed .perltidyrc.
|
