---------------------
Bugfixes:
* AXFR/IXFR compatibility issues with tinydns/axfrdns
* Journal file is created only when needed
* Zone-related log messages are logged into correct category
* DNSSEC: Refresh signatures earlier (3 days before their expiration
with the default signature lifetime)
* Fixed RCU synchronization causing deadlock on 'knotc signzone'
* RRSIG not fitting in the additional records doesn't cause truncation
v1.4.1 - Jan 13, 2014
---------------------
Bugfixes:
* Empty APL record support
* 'zonestatus' when using immediate zone syncing
* Immediate zone syncing after reload
* Race condition writing time values to zone file
v1.4.0 - Jan 6, 2014
---------------------
Features:
* Zone SERIAL policies (INCREMENT, UNIXTIME)
Bugfixes:
* AXFR crash with specific packet
* QNAME case-sensitive since 1.4.0-rc0
* DNSSEC records over DDNS
* Semantic check fail in AXFR is only soft-error
* Journal race condition
* Notifies are sent immediately
v1.4.0-rc2 - Dec 13, 2013
-------------------------
Features:
* IDN support in Knot utilities
* DNSSEC: support for GOST algorithm
Bugfixes:
* Crash in particular additionals processing
* Race condition in event cancelation
* Journal corruption after failed transactions
* DNSSEC: fixed detection of ECDSA support
Other improvements:
* ./configure prints build configuration summary
* Pretty zone file output (DNSSEC-related data separately)
* Lower memory consumption
* config: option 'dnssec-keydir' can be set per zone
* config: option 'storage' can be set per zone
v1.4.0-rc1 - Nov 20, 2013
-------------------------
Features:
* Better logging of automatic DNSSEC events
* Support for DNSSEC key pre-publication
Bugfixes:
* Refactored zone loading
* Improved journal locking and fixed some race conditions
* Various fixes in client utilities
* Fixed memory errors in automatic DNSSEC signing
* 'dnssec-keydir' doesn't auto-enable signing
* Fixed rescheduling of zone resigns
v1.4.0-beta - Oct 28, 2013
--------------------------
Features:
* Experimental automatic DNSSEC signing
* Reduced memory usage
package build as a normal user
+ don't refer to MAKEFLAGS outside of pkgsrc/mk
+ add comments to patch files
+ use BSD_INSTALL_* definitions in the build Makefile
+ re-order some parts of the pkgsrc Makefile
+ use pkgsrc definitions for CFLAGS.${OPSYS} rather than conditionals
XXX - TO DO - fix the xauth issue here
The server of the Tryton application platform, a three-tiers high-level general
purpose application platform written in Python and uses PostgreSQL as main
database engine. It is the core base of an Open Source ERP. It provides
modularity, scalability and security.
Unittest2 is a backport of the new features added to the unittest testing
framework in Python 2.7. It is tested to run on Python 2.4 - 2.7.
To use unittest2 instead of unittest simply replace import unittest with
import unittest2.
This package contains the Python 3.x version of the module.
version 2.10.8 (1/28/2014):
General:
* Python build scripts and example plugins are now compatible with
Python 3. (Ashish Gupta) (#15624)
libpurple:
* Fix potential crash if libpurple gets an error attempting to read a
reply from a STUN server. (Discovered by Coverity static analysis)
(CVE-2013-6484)
* Fix potential crash parsing a malformed HTTP response. (Discovered by
Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
* Fix buffer overflow when parsing a malformed HTTP response with
chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent)
(CVE-2013-6485)
* Better handling of HTTP proxy responses with negative Content-Lengths.
(Discovered by Matt Jones, Volvent)
* Fix handling of SSL certificates without subjects when using libnss.
* Fix handling of SSL certificates with timestamps in the distant future
when using libnss. (#15586)
* Impose maximum download size for all HTTP fetches.
Pidgin:
* Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
* Better handling of URLs longer than 1000 letters.
* Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)
Windows-Specific Changes:
* When clicking file:// links, show the file in Explorer rather than
attempting to run the file. This reduces the chances of a user
clicking on a link and mistakenly running a malicious file.
(Originally discovered by James Burton, Insomnia Security. Rediscovered
by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
* Fix Tcl scripts. (#15520)
* Fix crash-on-startup when ASLR is always on. (#15521)
* Updates to dependencies:
* NSS 3.15.4 and NSPR 4.10.2
* Pango 1.29.4-1daa
Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154
AIM:
* Fix untrusted certificate error.
AIM and ICQ:
* Fix a possible crash when receiving a malformed message in a Direct IM
session.
Gadu-Gadu:
* Fix buffer overflow with remote code execution potential. Only
triggerable by a Gadu-Gadu server or a man-in-the-middle.
(Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT)
(CVE-2013-6487)
* Disabled buddy list import/export from/to server (it didn't work
anymore). Buddy list synchronization will be implemented in 3.0.0.
* Disabled new account registration and password change options, as it
didn't work either. Account registration also caused a crash. Both
functions are available using official Gadu-Gadu website.
IRC:
* Fix bug where a malicious server or man-in-the-middle could trigger
a crash by not sending enough arguments with various messages.
(Discovered by Daniel Atallah) (CVE-2014-0020)
* Fix bug where initial IRC status would not be set correctly.
* Fix bug where IRC wasn't available when libpurple was compiled with
Cyrus SASL support. (#15517)
MSN:
* Fix NULL pointer dereference parsing headers in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing OIM data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing SOAP data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix possible crash when sending very long messages. Not
remotely-triggerable. (Discovered by Matt Jones, Volvent)
MXit:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
(CVE-2013-6487)
* Fix sporadic crashes that can happen after user is disconnected.
* Fix crash when attempting to add a contact via search results.
* Show error message if file transfer fails.
* Fix compiling with InstantBird.
* Fix display of some custom emoticons.
SILC:
* Correctly set whiteboard dimensions in whiteboard sessions.
SIMPLE:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)
XMPP:
* Prevent spoofing of iq replies by verifying that the 'from' address
matches the 'to' address of the iq request. (Discovered by Fabian
Yamaguchi and Christian Wressnegger of the University of Goettingen)
(CVE-2013-6483)
* Fix crash on some systems when receiving fake delay timestamps with
extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
* Fix possible crash or other erratic behavior when selecting a very
small file for your own buddy icon.
* Fix crash if the user tries to initiate a voice/video session with a
resourceless JID.
* Fix login errors when the first two available auth mechanisms fail but
a subsequent mechanism would otherwise work when using Cyrus SASL.
(#15524)
* Fix dropping incoming stanzas on BOSH connections when we receive
multiple HTTP responses at once. (Issa Gorissen) (#15684)
Yahoo!:
* Fix possible crashes handling incoming strings that are not UTF-8.
(Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
* Fix a bug reading a peer to peer message where a remote user could
trigger a crash. (CVE-2013-6481)
Plugins:
* Fix crash in contact availability plugin.
* Fix perl function Purple::Network::ip_atoi
* Add Unity integration plugin.
skf (1.99.8)
* fix ruby 2.1.0 support on cygwin broken
* fix -shared flag not set on ruby 2.1.0
-- Seiji Kaneko <efialtes@sourceforge.jp> Fri, 31 Jan 2014 00:05:38 +0900
* Attempt to compile with OS X/pf
* Make all manufacturer info configurable thanks to Leo Moll
Merge PCP support (see https://github.com/miniupnp/miniupnp)
Changelog:
3.1 2014-01-27
The filter command now has a --replace modifier to avoid regex overhead.
Associated branches are renamed when a reset or tag is moved or deleted.
Bug fix for off-by-one error in tags reporting.
3.0: 2014-01-05
Many syntactic features of the language have changed incompatibly.
Backward-incompatible language changes are documented on the manual page.
'expunge' and 'unite' commands have been incompatibly improved.
New 'strip' command for generating test cases with blobs stripped out
New 'reduce' command for topological reduction of test cases.
The 'lint' command gets a test for the existence of multiple roots.
Selecting a date or action stamp matching multiple commits now matches all.
The surgical language now has a macro facility.
