Note: This release is not binary compatible with previous releases. It is source compatible.
- added IO Data (XEP-0244)
- serialise access to compressionZlib::cleanup for thread safety (thanks to Stephen Hilliard)
- prevent infinite loop in Tag::setCData() (thanks to Stephen Hilliard)
- TLSOpenSSL: memory leak on every client connection attempt (thanks to Stephen Hilliard)
- TLSOpenSSLClient/Server: disabled SSLv3, Google & co. finally support TLS
- fixed Debian bug #746857, worked around #758899
- fixed memory leak (#240)
- fixed compatibility with recent GnuTLS versions, fixed GnuTLS check (thanks to Andreas Metzler) (#231)
* This release contains a SECURITY FIX for a command injection vulnerability
that was found and reported by Alexandre Rebert:
The previous handling of metadata placeholders allowed for arbitrary shell
commands to be trivially injected and executed as the ezstream user, via
malicious media files.
* This release requires users to ADJUST their CONFIGURATION:
To protect against the injection vulnerability above, metadata is now
properly quoted and escaped from the shell. This means that any extra
quoting must be removed from configuration files.
Remove all quoting from metadata placeholders in <encode/> and <decode/>
commands, e.g. replace "@M@" with @M@, and "@T@" with @T@, etc. Without
these changes, stream metadata will look both wrong and the injection
vulnerability may be re-introduced.
The first Node.js LTS release! See https://github.com/nodejs/LTS/
for details of the LTS process.
- Added new -c (or --check) command line argument for checking script
syntax without executing the code
- Added process.versions.icu to hold the current ICU library versio
- Added process.release.lts to hold the current LTS codename when
the binary is from an active LTS release line
- npm: Upgraded to npm 2.14.7 from 2.14.4, see release notes
for full details
See full release notes incl. commit log:
https://nodejs.org/en/blog/release/v4.2.0/
the SHA512 digest to the mix of digests we keep for each distfile.
All part of providing stronger digests for pkgsrc, as discussed on
tech-pkg recently, with unanimous agreement. There will be further
changes in this area in the near future, as we transit away from
reliance on SHA1 and RMD160.
New distinfo files will gain a SHA512 digest entry. Existing
verification of distinfo files will just use the SHA1 and RMD160
digests which exist right now.
** New Commandline Options
- The introduction of additional blend color spaces in the Development
Branch requires a new option to select them. Here, in the Stable
Branch, the new option `--blend-colorspace' just duplicates the
functionality of `--ciecam' and `--no-ciecam'. The Stable Branch
does *not* provide the additional blend colorspaces of the
Development Branch. The following equivalences hold
--ciecam <=> --blend-colorspace=ciecam
--no-ciecam <=> --blend-colorspace=identity
Both options `--ciecam' and `--no-ciecam' are deprecated in 4.2 and
will be withdrawn in 4.3. Thus, users should prefer
`--blend-colorspace'.
** Bug Fixes
- [Enblend and Enfuse] Fix the nesting-depth counter for response
files. This bug prohibited to load more than 20 images in a single
response file.
- [Enblend and Enfuse] Allow grayscale images to bring their own
(grayscale) profiles. Previously grayscale images with ICC profiles
were rejected.
- [Enblend] Fix a possible domain error followed by a division-by-zero
in the seam-line optimizer.
- [Enblend and Enfuse] Avoid an undeserved warning about incompatible
colorspaces if they only disagree on their meta-data (e.g. profile
creation date/time).
- [Enblend] Fix a bug in the Dijkstra Optimizer which could lead to
undefined behavior in the placement of the (optimized) seam line.
- [Enblend] Fix a non-dereferencable vector iterator which led to a
segfault.
- [Enblend] Avoid a division-by-zero in the Annealing Optimizer.
- [Enblend] Fix a bug (1356551) in the seam-line vectorization code
that was there since 2004. The fix changes the position of almost
any coarse-mask seam line vertex by one pixel.
=== 1.3.11 / 2015-10-10
* Enhancements:
* Windows: build against SQLite 3.8.11.1
* Internal:
* Use rake-compiler-dock to build Windows binaries. Pull #159 [larskanis]
* Expand Ruby versions being tested for Travis and AppVeyor
Version 1.1.2, 2015-07-20
- permit newline inside parser definition
- new parser "cisco-interface-spec"
- new parser "json" to process json parts of the message
- new parser "mac48" to process mac layer addresses
- new parser "name-value-list" (currently inofficial, experimental)
- some parsers did incorrectly report success when an error occurred
- call "rest" parser only if nothing else matches.
- new API to support error callbacks
- testbench is now enabled by default
- bugfix: misadressing on some constant values
- bugfix: add missing function prototypes
Version 3.5.4 (2015-10-09)
--------------------------
### Fixed
Do not add the back end language in the meta wizard (see #8056).
### Fixed
Do not add excluded files to the DBAFS if they are edited in the file manager.
### Fixed
Add the `|flatten` insert tag flag to handle arrays (see #8021).
### Fixed
Check for excluded folders in the back end file popup (see #8003).
### Fixed
Fixed a wrong option name when initializing sortables (see #8053).
### Fixed
Translate UUIDs to paths in the parent view header fields.
### Fixed
Trigger the options_callback for the parent view header fields (see #8031).
### Fixed
Correctly create the initial version of a member without username (see #8037).
### Fixed
Improve the performance of the debug bar (see #7839).
### Fixed
Correctly output the event details in the `event_list` template (see #8041).
### Fixed
Only modify empty `href` attributes in the `nav_` template (see #8006, #8038).
### Fixed
Correctly show the group headlines in the repository DB updater (see #8020).
### Fixed
Improve the e-mail regex to also match the new TLDs (see #7984).
### Fixed
Ensure that the database port is not empty (see #7950).
### Fixed
Remove the left-over usages of `$this->v2warning` (see #8027).
### Fixed
Support the `hasDetails` variable in the event reader (see #8011).
