* Don't define ENABLE_PUSH_PEER_INFO if SSL is not available
* Fix compiling issues with pkcs11 when --disable-management is configured
* Remove support for Linux 2.2 configuration fallback
* Fix compile issues when using --enable-small and
--disable-ssl/--disable-crypto
* Fix 2.2.0 build failure when management interface disabled
* Added info about --show-proxy-settings
* Documented --x509-username-field option
* Updated "easy-rsa" for OpenSSL 1.0.0
* Fixes to easy-rsa/2.0
* Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf
* Fix a build-ca issue on Windows
* Fix issues with some older GCC compilers
This is primarily a bugfix release.
Fix vulnerabilities:
* KDC uninitialized pointer crash [MITKRB5-SA-2010-006 CVE-2010-1322]
* kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
* KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
* KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
* kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
Interoperability:
* Correctly encrypt GSSAPI forwarded credentials using the session key, not
a subkey.
* Set NT-SRV-INST on TGS principal names as expected by some Windows Server
Domain Controllers.
* Don't reject AP-REQ messages if their PAC doesn't validate; suppress the PAC
instead.
* Correctly validate HMAC-MD5 checksums that use DES keys
What's new in 1.5 rc3
=====================
Pertinent to users:
-------------------
1. PyBlosxom shows an error page if it crashes rather than forcing
you to go figure out what happened by finding the web server logs.
This should make configuring and debugging much easier.
2. Bunch of new plugins.
3. Bunch of fixes to the comments plugin, tags and pycalendar plugins.
Tags plugin gains tags cloud functionality.
Comments plugin gains comment_disable_after_x_days feature.
If you're using them, update to the latest versions.
4. Bunch of fixes to the documentation. If you see errors or things
that are unclear, let us know.
The documentation for the comments plugin still needs to be overhauled.
5. Bunch of other bug fixes.
6. Bunch of new plugins: magicword, pages, rst, check_nonhuman, and
check_blacklist.
New features
* Support for reading MIT database file directly
* KCM is polished up and now used in production
* NTLM first class citizen, credentials stored in KCM
* Table driven ASN.1 compiler, smaller!, not enabled by default
* Native Windows client support
Notes
* Disabled write support NDBM hdb backend (read still in there) since
it can't handle large records, please migrate to a diffrent backend
(like BDB4)
Changes 1.3.3:
Bug fixes
* Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
* Check NULL pointers before dereference them [kdc]
Changes 1.3.2:
Bug fixes
* Don't mix length when clearing hmac (could memset too much)
* More paranoid underrun checking when decrypting packets
* Check the password change requests and refuse to answer empty packets
* Build on OpenSolaris
* Renumber AD-SIGNED-TICKET since it was stolen from US
* Don't cache /dev/*random file descriptor, it doesn't get unloaded
* Make C++ safe
* Misc warnings
Kyua (pronounced Q.A.) is a testing framework for both developers and
users. Kyua is different from most other testing frameworks in that it
puts the end user experience before anything else. There are multiple
reasons for users to run the tests themselves, and Kyua ensures that
they can do so in the most convenient way.
At the moment, Kyua is focused on implementing a solid foundation and a
powerful command-line tool to run tests implemented with the Automated
Testing Framework (ATF). Later on, Kyua will also provide a set of
language bindings (C, C++ and shell, at the least) to ease the
implementation of test cases in a variety of programming languages.
In effect, Kyua is intended to be a replacement for ATF.
* Fix segfault when typing invalid oid number
Changes 0.4.2:
* Fix spurious autoscrolling
Changes 0.4.1:
* Code cleanup, get rid of some deprecated components
* Support saving of window size
* Support more oid types/input conventions
Changes 0.4.0:
* New maintainer
* Upgrade to gtk2
* Improve autodetection of oid type (now supports unsigned, etc.)
* Handle gui events while performing long tasks
* Put scrollbars on the right side
* Make output wrapping configurable
* Fix a bug causing PRAGMA case_sensitive_like statements compiled using
sqlite3_prepare() to fail with an SQLITE_SCHEMA error.
Changes 3.7.7:
* Add support for URI filenames
* Add the sqlite3_vtab_config() interface in support of ON CONFLICT clauses
with virtual tables.
* Add the xSavepoint, xRelease and xRollbackTo methods in virtual tables in
support of SAVEPOINT for virtual tables.
* Update the built-in FTS3/FTS4 and RTREE virtual tables to support ON CONFLICT
clauses and REPLACE.
* Avoid unnecessary reparsing of the database schema.
* Added support for the FTS4 prefix option and the FTS4 order option.
* Allow WAL-mode databases to be opened read-only as long as there is an
existing read/write connection.
* Added support for short filenames.
* CMake configuration support on Linux now provides a boolean ENABLE_GCOV
option to control whether to include support for gcov.
* InnoDB now permits concurrent reads while creating a secondary index.
* Client programs now display more information for SSL errors to aid in
diagnosis and debugging of connection problems.
* In the audit plugin interface, the event_class member was removed from the
mysql_event_general structure and the calling sequence for the notification
function changed. Originally, the second argument was a pointer to the event
structure. The function now receives this information as two arguments: an
event class number and a pointer to the event. Corresponding to these
changes, MYSQL_AUDIT_INTERFACE_VERSION was increased to 0x0300.
* The plugin_audit.h header file, and the NULL_AUDIT example plugin in the
plugin/audit_null directory have been modified per these changes. See
Section 21.2.4.7, “Writing Audit Plugins”.
* Bug fixes.
Summary of selected changes in 1.17
Selected changes since MediaWiki 1.16 that may be of interest:
A new installer has been introduced. It has a wizard-style interface which is translated into many languages. Many shortcomings in the old installer were addressed with this rewrite. Note that it is no longer required for the config directory to be made writable by the webserver. Instead the generated LocalSettings.php file is offered as a download, which you must then upload to the wiki's base directory.
ResourceLoader, a new framework for delivering client-side resources such as JavaScript and CSS, has been introduced. These resources are now delivered through the new entry point script "load.php", instead of as static files served directly by the web server. This allows minification, compression and client-side caching to be used more effectively, which should provide a net performance improvement for most users.
Category sorting has been improved.
Sorting is now case insensitive.
Sub-categories, pages and files can now be paged separately.
When several pages are given the same sort key, they sort by their names instead of randomly.
The lowest supported version of PHP is now 5.2.3. If necessary, please upgrade PHP prior to upgrading MediaWiki.
Summary of selected changes in 1.16
Selected changes since MediaWiki 1.15 that may be of interest:
Watchlists now have RSS/Atom feeds. RSS feeds generally are now hidden, since Atom is a better protocol and is supported by virtually all clients.
It's now possible to block users from sending email via Special:Emailuser.
The maintenance script system was overhauled. Most maintenance scripts now have a useful help page when you run them with --help.
AdminSettings.php is no longer required in order to run maintenance scripts. You can just set $wgDBadminuser and $wgDBadminpassword in your LocalSettings.php instead.
The preferences system was overhauled. Preferences are stored in a more compact format. Changes to site default preferences will automatically affect all users who have not chosen a different preference.
Support for SQLite was improved. Some broken features were fixed, and it now has an efficient full-text search.
The user groups ACL system was improved by allowing rights to be revoked, instead of just granted.
A new localisation caching system was introduced, which will make MediaWiki faster for almost everyone, especially when lots of extensions are enabled.
By default, this new system makes a lot of database queries. If your database is particularly slow, or if your system administrator limits your query count, or if you want to squeeze as much performance as possible out of Mediawiki, set $wgCacheDirectory to a writable path on the local filesystem. Make sure you have the DBA extension for PHP installed, this will improve performance further.
* userlist: New plugin, lets admins see a list of users and their info.
* aggregate: Improve checking for too long aggregated filenames.
* Updated to jQuery 1.6.1.
* attachment: Speed up multiple file uploads by storing uploaded files
in a staging area until the page is saved/previewed, rather than
refreshing the site after each upload.
(Sponsored by The TOVA Company.)
* attachment: Files can be dragged into the edit page to upload them.
Multiple file batch upload support. Upload progress bars.
AJAX special effects. Impemented using the jQuery-File-Upload widget.
(If you don't have javascript don't worry, I kept that working too.)
(Sponsored by The TOVA Company.)
* Add libtext-multimarkdown-perl to Suggests. Closes: #630705
* headinganchors: Plugin by Paul Wise that adds ids to <hn> headings.
* html5 is not experimental anymore. But not the default either, quite yet.
* Support svg as a inlinable image type; svg images can be included on a
page by simply linking to them, or by using the img directive.
Note that sanitizing svg files is still not addressed.
* img: Generate png format thumbnails for svg images.
* Preserve mixed case in page creation links, and when creating a page
whose title is mixed case, allow selecting between the mixed case and
all lower-case names.
* Fix ikiwiki-update-wikilist -r to actually work.
* comments: collect metadata in a scan-phase preprocess hook, which
fixes sorting comments by date. (smcv)
* Run scan hooks for internal pages (preprocess hooks already run in scan
mode) (smcv)
* inline: Handle obfuscated urls, such as the mailto urls generated by
markdown when forcing urls absolute.
* Bugfix for wikilink containing an email address not showing up in
brokenlinks list.
* Bugfix for trying to attach files to a subpage of the index page.
Updating this leaf package during the freeze for bugfix purposes.
While here,
* Exactly enable/disable PCRE support with package option, enabled by default.
* Add workaround patches for PR#44275, sizeof(time_t) > sizeof(unsigned long).
Changes to the Cyrus IMAP Server since 2.4.9
* fixed handling of unparsable emails during append (which would
cause invalid cyrus.index records otherwise)
* quota: fix a pile of bugs. #1801, virtdomain support; #2728, slow
user delete; #3178, "file name too long" with big mailbox names;
#3179, quota -f doubles usage.
* Bug #3043 - parse multiple groups in headers correctly
* Bug #3158 - lmtp backend connection timeout
* Bug #3223 - limit MIME parsing depth to avoid stack overflows
* Bug #3273 - add SORT=DISPLAY support (but note: still questions
about correctness of unicode sorting)
* Bug #3504 - convert all sieve scripts to \r\n line endings on
upload
* Bug #3402 - options to munge 8bit characters in headers during lmtp
delivery to avoid backscatter
* sync_client: fix broken keepalive TCP options (I doubt anyone ever
tried to use it)
* Bug #3482 - add "-o" option to ipurge to only purge messages with
\Deleted flag set
The package name was selected as:
- Make sure to greater version from bind-9.6.3.
- Include "ESV" (Extended Support Version) string.
Since changes from BIND 9.6.3 are too may, please refer changes in detail:
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html
--- 9.7.3-P3 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.7.3-P2 released (withdrawn) ---
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
Introduction
BIND 9.8.0-P4 is security patch for BIND 9.8.0.
Please see the CHANGES file in the source code release for a complete
list of all changes.
--- 9.8.0-P4 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.8.0-P3 released (withdrawn) ---
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #23766]
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #2445]
