- SECURITY: CVE-2010-1623 (cve.mitre.org)
Fix a denial of service attack against apr_brigade_split_line().
[Stefan Fritsch]
- SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
Fix two buffer over-read flaws in the bundled copy of expat which
could cause applications to crash while parsing specially-crafted
XML documents. [Joe Orton]
- Upgrade bundled copy of expat library to 1.95.7. [Joe Orton]
- apr_thread_pool: Fix some potential deadlock situations. Bug 49709.
[Joe Mudd <Joe.Mudd sas.com>]
- apr_thread_pool_create: Fix pool corruption caused by multithreaded
use of the pool when multiple initial threads are created. Bug 47843.
[Alex Korobka <akorobka fxcm.com>]
- apr_thread_pool_create(): Only set the output thread pool handle on
success. [Paul Querna]
- DBD ODBC support: Fix memory corruption using apr_dbd_datum_get() with
several different data types, including APR_DBD_TYPE_TIME. Bug 49645.
[<kappa psilambda.com>]
- Add support for Berkeley DB 4.8 and 5.0. Bug 49866, Bug 49179.
[Bernhard Rosenkraenzer <br blankpage.ch>,
Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>]
- Make bundled expat compatible with libtool 2.x. Bug 49053.
[Rainer Jung]
- Prefer libtool 1.x when searching for libtool in
bundled expat release process. [Rainer Jung, Jim Jagielski]
- Improve platform detection for bundled expat by updating
config.guess and config.sub. [Rainer Jung]
Patch supplied by Mihai Chelaru, approved by Alistair Crooks.
Quote from release announce:
This is a bugfix release, part of the 1.6.x release series. Of note, this
release includes a fix which addresses CVE-2010-3315, a security issue when
using 'SVNPathAuthz short_circuit'. More information can be found here:
http://subversion.apache.org/security/CVE-2010-3315-advisory.txt
CHANGES:
Version 1.6.13
(01 Oct 2010, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.13
User-visible changes:
* don't drop properties during foreign-repo merges (issue #3623)
* improve auto-props failure error message (r961970)
* improve error message for 403 status with ra_neon (r876615)
* don't allow 'merge --reintegrate' for 2-url merges (r959004)
* improve handling of missing fsfs.conf during hotcopy (r980811, -1449)
* escape unsafe characters in a URL during export (issue #3683)
* don't leak stale locks in FSFS (r959760)
* better detect broken working copies during update over ra_neon (r979045)
* fsfs: make rev files read-only (r981921)
* properly canonicalize a URL (r984928, -31)
* fix wc corruption with 'commit --depth=empty' (issue #3700)
* permissions fixes when doing reintegrate merges (related to issue #3242)
* fix mergeinfo miscalculation during 2-url merges (issue #3648)
* fix error transmission problems in svnserve (r997457, -66)
* fixed: record-only merges create self-referential mergeinfo (issue #3646)
* fixed: 'SVNPathAuthz short_circuit' unsolicited read access (issue #3695)
* make 'svnmucc propset' handle existing and non-existing URLs (r1000607)
* add new 'propsetf' subcommand to svnmucc (r1000612)
* emit a warning about copied dirs during ci with limited depth (r1002094)
Developer-visible changes:
* make ruby bindings compatible with Ruby 1.9 (r957507)
* use the repos verify API in JavaHL (r948916)
* teach ra_serf to parse md5 checksums with update editors (r979429)
* let ra_serf work with current serf releases (r879757, r880320, r943796)
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Penetration Test Team of NCNIPC (China) discovered that
the ASN.1 BER dissector was susceptible to a stack overflow.
(Bug 5230)
[A patch for this bug was already in version 1.4.0 in "pkgsrc".]
- The following bugs have been fixed:
o Incorrect behavior using sorting in the packet list. (Bug
2225)
o Cooked-capture dissector should omit the source address field
if empty. (Bug 2519)
o MySQL dissector doesn't dissect MySQL stream. (Bug 2691)
o Wireshark crashes if active display filter macro is renamed.
(Bug 5002)
o Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076)
o TCP bytes_in_flight becomes inflated with lost packets. (Bug
5132)
o GTP header is exported in PDML with an incorrect size. (Bug
5162)
o Packet list hidden columns will not be parsed correctly from
preferences file. (Bug 5163)
o Wireshark does not display the t.38 graph. (Bug 5165)
o Wireshark don't show mgcp calls in "Telephony → VoIP calls".
(Bug 5167)
o Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug
5172)
o GTPv2: IMSI is decoded improperly. (Bug 5179)
o [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug
5186)
o Wireshark mistakenly writes "not all data available" for IPv4
checksum. (Bug 5194)
o GSM: Cell Channel Description, range 1024 format. (Bug 5214)
o Wrong SDP interpretation on VoIP call flow chart. (Bug 5220)
o The CLDAP attribute value on a CLDAP reply is no longer being
decoded. (Bug 5239)
o [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243)
o [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug
5246)
o NTLMSSP_AUTH domain and username truncated to first letter
with IE8/Windows7 (generating the NTLM packet). (Bug 5251)
o IPv6 RH0: dest addr is to be used i.s.o. last RH address when
0 segments remain. (Bug 5252)
o EIGRP dissection error in Flags field in external route TLVs.
(Bug 5261)
o MRP packet is not correctly parsed in PROFINET multiple write
record request. (Bug 5267)
o MySQL Enhancement: support of Show Fields and bug fix. (Bug
5271)
o [NAS EPS] Fix TFT decoding when having several Packet Filters
defined. (Bug 5274)
o Crash if using ssl.debug.file with no password for
ssl.keys_list. (Bug 5277)
- Updated Protocol Support
ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP,
GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL,
NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP
Approved by Alistair Crooks.
Viking 0.9.96 (2010-10-11)
New features since 0.9.95
* Use ETag to detect fresh tiles on servers
* Add new menu entry in GPS Layer to delete the realtime information.
* Ensure GPS realtime information deleted when GPS Layer -->Empty All is called.
* Prevent zoom factor string displaying unnecessary .0s when it's a whole number.
* Improve Track Properties speed profile display for low speed difference (e.g. walking) tracks.
* Use speed units in display of Track/Waypoint layer draw by velocity config values, but maintain units as metres per second when read from/saved to files.
* Add keyboard accelerators for as many as possible View Menu entries.
* Simplify zoom status when xmpp and ympp are equal
* Use height units in the altitude readout for the cursor position on the status bar.
* Use height units in display of DEM min / max elevation values, but maintain units as metres when read from/saved to files.
Fixes since 0.9.95
* Fix many memory leaks
* DEM layer properties tidy up.
* Prevent getting stuck in a near infinite loop when using Coord layer, UTM mode and zoomed out to see the whole world.
* Prevent lock up in attempt to download maps along a track in UTM mode.
* Launchpad Bug #445374: Prevent crash when downloading maps along a track, with Terraserver maps when in Mercator mode.
* Add explicit linking against libz and libm
* Fix SF#3009431: Prevent Crash in Real Time Tracking GPS Mode & Autodownload Maps.
* Fix display of rounded speed units scale markers in the speed profile.
* Fix cycle map URL
* Fix compiler warnings
* Fix Track Draw by Velocity mode, so that individual track points are coloured (as was the intention).
* Fix bug where older file was removed when network not present
* Fix: warning 'draw-mode' message does not display
* Fix incorrect limitation on source map id
