1.1. Notable changes
Git and Subversion subrepos have been disabled by default to
mitigate a potential security risk if files overlapping with
a subrepo managed to be committed to a repository.
Subrepos are now more paranoid about symlink traversal.
The share extension handles drive letters on Windows better.
It is possible that a specially malformed repository can cause Git
subrepositories to run arbitrary code in the form of a
.git/hooks/post-update script checked in to the repository in
Mercurial 4.4 and earlier. Typical use of Mercurial prevents
construction of such repositories, but they can be created
programmatically.
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-42
BT ATT dissector crash ([2]Bug 14049) [3]CVE-2017-15192
* [4]wnpa-sec-2017-43
MBIM dissector crash ([5]Bug 14056) [6]CVE-2017-15193
* [7]wnpa-sec-2017-44
DMP dissector crash ([8]Bug 14068) [9]CVE-2017-15191
The following bugs have been fixed:
* Wireshark crash when end capturing with "Update list of packets in
real-time" option off. ([10]Bug 13024)
* Diameter service response time statistics broken in 2.2.4. ([11]Bug
13442)
* Some Infiniband Connect Req fields are not decoded correctly.
([12]Bug 13997)
* wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in
wrong place ?. ([13]Bug 14016)
* [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). ([14]Bug
14025)
* [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). ([15]Bug
14032)
* RTP Analysis "save as CSV" saves twice the forward stream, if two
streams are selected. ([16]Bug 14040)
* Cannot Apply Bitmask to Long Unsigned. ([17]Bug 14063)
Updated Protocol Support
BT ATT, DCERPC, DMP, E.212, H.248, InfiniBand, MBIM, RPC, and WSP
FFTW 3.3.7:
* Experimental support for CMake.
The primary build mechanism for FFTW remains GNU autoconf/automake.
CMake support is meant to offer an easy way to compile FFTW on
Windows, and as such it does not cover all the features of the
automake build system, such as exotic cycle counters,
cross-compiling, or build of binaries for a mixture of ISA's
(e.g., amd64 vs amd64+avx vs amd64+avx2). Patches are welcome.
* Fixes for armv7a cycle counter.
* Official support for aarch64, now that we have hardware to test it.
* Tweak usage of FMA instructions in a way that favors newer processors
(Skylake and Ryzen) over older processors (Haswell).
* tests/bench: use 64-bit precision to compute mflops.
FFTW 3.3.6-pl2:
* Bugfix: MPI Fortran-03 headers were missing in FFTW 3.3.6-pl1.
Version 2.40.19
- bgo#621088: Using text objects as clipping paths is now supported.
- bgo#587721: Fix rendering of text elements with transformations (Massimo).
- bgo#777833 - Fix memory leaks when an RsvgHandle is disposed before
being closed (Philip Withnall).
- bgo#782098 - Don't pass deprecated options to gtk-doc (Ting-Wei Lan).
- bgo#786372 - Fix the default for the "type" attribute of the <style> element.
- bgo#785276 - Don't crash on single-byte files.
- bgo#634514: Don't render unknown elements and their sub-elements.
- bgo#777155 - Ignore patterns that have close-to-zero dimensions.
- bgo#634324 - Fix Gaussian blurs with negative scaling.
- Fix the <switch> element; it wasn't working at all.
- Fix loading when rsvg_handle_write() is called one byte at a time.
- bgo#787895 - Fix incorrect usage of libxml2. Thanks to Nick Wellnhofer
for advice on this.
- Backported the test suite machinery from the master branch (Chun-wei Fan,
Federico Mena).
- We now require Pango 1.38.0 or later (released in 2015).
- We now require libxml2 2.9.0 or later (released in 2012).
LGOGDownloader 3.3
- Updated url for login check
- Added support for new language: Ukrainian
- Added support for new language: Spanish (Latin American)
- Added option to select platform architecture for Galaxy
* Allows selecting platform architecture with "--galaxy-arch" when "osBitness" is set for depot in API response
- Check for orphaned files after installing a game with --galaxy-install
- Preserve timestamps for downloaded files
* Get timestamps from server for all downloaded files and set the last modified date to that
* Retroactively changes timestamps for previously downloaded files that have different timestamp
* Retroactively changing timestamps doesn't work for files downloaded with --galaxy-install
- Fixed help text for --subdir-installers
- Added option to set user agent
- Expose Galaxy options as experimental options in help text
- Added option to set interval for progress bar update
- Added retry limit for failed chunk repairs
* Fixes infinite loop caused by failed chunk repair
- Get game details using Galaxy API
* Most features now use Galaxy API and should work without having valid downloader API login
* --download-file still uses the old API and will not work without valid API login
* --update-check option also uses the old API and thus requires valid API login to work properly
- Game details cache version is incremented because of changes to gameFile class
- Show product id for DLCs when using --list-details option
- Fixed serials containing <br> tags
- Fixed crash when using old version of jsoncpp and trying to get unsigned int value as string
News in 3.24.5
--------------
* Bug fix in gtk_source_view_indent_lines().
* Improvements to the Visual Studio builds.
* Improvements to the syntax highlighting of: Vala.
* Translation updates.
News in 3.24.4
--------------
* Fix bug when GtkSourceView:indent-width and :tab-width are equal.
* New syntax highlighting definition files for: Swift, Maxima and Kotlin.
* Improvements to the syntax highlighting of: CSS.
* Various other small improvements.
* Translation updates.
Changes:
- In the JPC codec, the requirement that the number of tile parts be at
least one has been removed (since the JPEG-2000 standard allows
a special value of zero to mean the number of tile parts is unspecified).
- add option to disable programs
- Include jasper/jas_debug.h when using jas_eprintf
Fixes building with -Werror=implicit-function-declaration.
- Applied patches to resolve some missing export problems.
See: https://github.com/mdadams/jasper/issues/122
- Moved inttypes.h and stdbool.h includes to jas_types.h and fixed
the build for Visual Studio 2012 and lower.
- Correct or add comments for jas_safe_* functions
Mostly fixing bad copy-n-paste issues, or functions added without any
comment.
- Added a check in the JP2 encoder to ensure that the image to be coded
has at least one component. Also, made some small changes to a
private build script.
- Fixed bugs due to uninitialized data in the JP2 decoder.
Also, added some comments marking I/O stream interfaces that probably
need to be changed (in the long term) to fix integer overflow
problems.
- Added some additional checking to prevent a potential integer overflow
due to conversion in the JPC decoder.
- Added numerous more-detailed error messages for the JPC and JP2
codecs.
- Added a partial verbose capability for the run_test_1 script.
- Moved a test case from the bad category to the good category, as the
test case had been miscategorized.
- Add some regression test cases.
- Fixed some potential double-free problems in the JPC codec.
Update to version 2.81
test: Can't test for Y2038 fix because 32 bit machines
glibc on all 32-bit machines fails the Y2038 test. Change that to use
the maximum possible 32-bit value instead (sigh)
Remove unused variable in builtin-date.c
Add date conversion functions localtime, gmtime, timelocal, timegm
These just wrap the C versions, except they report actual years,
rather than years since 1900 and January is month 1, not 0.
Add JSON tests
Add floats to JSON module.
Support floating point values in JSON input and output.
Make nickle-tutorial.pdf build reproducibly
Set TeX dates to RELEASE_DATE.
Remove PDF /ID entry.
2017-11-06 - FileZilla Client 3.29.0 released
Bugfixes and minor changes:
Fix activity indicators not working after the update check has been run
2017-10-31 - FileZilla Client 3.29.0-rc1 released
New features:
Added new quick search filter to file lists, accessed through Ctrl+F
FTP over TLS: Mismatched hostnames are now highlighted in red in the certificate verification dialog
Filters using regular expressions can now be case-insensitive
Bugfixes and minor changes:
Explicitly wait for the settings to be written to disk before removing the backup file to prevent loss of data in case of system crashes
* Changes in Wget 1.19.2
* Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling)
* Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling)
* New option --compression for gzip Content-Encoding
* New option --[no]-netrc to control .netrc parsing
* Added GNU extensions to .netrc parsing
* Improved IDNA 2003 compatibility
* Fix VPATH issues
* Improved and extended the test suite
* Support Wayback Machine's X-Archive-Orig-last-modified
* Several bug fixes
Overview of changes between 1.40.13 and 1.40.14
===============================================
- Fix char break problem introduced in 1.40.13 (#789625)
- Add tests for char breaking
Overview of changes between 1.40.12 and 1.40.13
===============================================
- Some performance improvements (#788643)
- Update pango_default_break for line breaks (#788115)
- Fix an introspection warning (#781857)
Changes in libsoup from 2.60.1 to 2.60.2:
* Fix documentation typos [#788920, Nirbheek Chauhan]
* format-zero-length warning triggered in soup-logger.c
[#789096, Tomas Popela]
* Warnings while generating inrospection files
[#789099, Tomas Popela]
* Visual Studio builds: Enhance security of x64 binaries
[Chun-wei Fan]
* Updated translation: Nepali.
Changes in libsoup from 2.60.0 to 2.60.1:
* Fallback to another authentication type if the current
failed [#788238, Tomas Popela]
* Fix unbalanced G_GNUC_BEGIN_IGNORE_DEPRECATIONS use in
soup-session.c [#787166, Zan Dobersek]
* SoupCache: fix setting default value for cache dir
[#788452, Cosimo Cecchi]
* Updated translations: Catalan (Valencian).
libvisio 0.1.6
- Consider stencil txtxform in binary formats (tdf#67914).
- Parse font width scaling.
- Fix dependency of tests on time zone (tdf#92396).
- Enable building of unit tests without command-line tools.
- Remove namespace check for VDX to allow parsing documents produced by
lucidchart.com (tdf#98791).
- Output shape ID if set.
- Fix parsing of text block background color in some cases.
- Write bitmaps with color palette correctly.
- Deduce text encoding from font name.
- Parse theme fill and shadow color.
- Parse font scheme in VSDX documents.
- Require C++11 for build.
- Fix various crashes, leaks and hangs when reading damaged files found
by oss-fuzz.
- Drop outdated Windows project files.
- Fix some issues found by Coverity.
- Many other small improvements and fixes.
Version 1.3.3 (2017 November 7)
* Fix and issue with corrupt continued packet handling.
* Update Windows projects and build settings.
* Remove Mac OS 9 build support.
Notmuch 0.25.2 (2017-11-05)
===========================
Command Line Interface
----------------------
Fix segfault in notmuch-show crypto handling when compiled against
GMime 2.6; this was a regression in 0.25.
General
-------
Support for GMime before 3.0 is now deprecated, and will be removed in
a future release.
