* Compiling OpenMP support (--enable-openmp) now installs a fftw3_omp library,
instead of fftw3_threads, so that OpenMP and POSIX threads (--enable-threads)
libraries can be built and installed at the same time.
* Various minor compilation fixes, corrections of manual typos, and
improvements to the benchmark test program.
* Add support for the AVX extensions to x86 and x86-64. The AVX code works with
16-byte alignment (as opposed to 32-byte alignment), so there is no ABI
change compared to FFTW 3.2.2.
* Added Fortran 2003 interface, which should be usable on most modern Fortran
compilers (e.g. gfortran) and provides type-checked access to the the C FFTW
interface. (The legacy Fortran-77 interface is still included also.)
* Added MPI distributed-memory transforms. Compared to 3.3alpha, the major
changes in the MPI transforms are:
* Fixed some deadlock and crashing bugs.
* Added Fortran 2003 interface.
* Added new-array execute functions for MPI plans.
* Eliminated use of large MPI tags, since Cray MPI requires tags < 224.
* Expanded documentation.
* make check now runs MPI tests
* Some ABI changes — not binary-compatible with 3.3alpha MPI.
* Add support for quad-precision __float128 in gcc 4.6 or later (on x86.
x86-64, and Itanium). The new routines use the fftwq_ prefix.
* Temporarily removed MIPS paired-single support due to lack of available
hardware for testing. We hope to add it back before the final FFTW 3.3
release; meanwhile, users who want this functionality should continue using
FFTW 3.2.x.
* Removed support for the Cell Broadband Engine. Cell users should use FFTW
3.2.x.
* New convenience functions fftw_alloc_real and fftw_alloc_complex to use
fftw_malloc for real and complex arrays without typecasts or sizeof.
Changes:
* xetex.ch (pack_buffered_name): Adapt to modified ../tex.ch.
(read_font_info): Cast print_c_string() arg to string.
* xetex.ch: Reformulate to not depend on eTeX_version_string.
* XeTeXFontInst.h: Fix prototype for xmalloc().
* XeTeXFontMgr_FC.cpp, XeTeX_ext.c: Move (nested) extern
declaration of gFreeTypeLibrary from here ...
* XeTeX_ext.h: ... to here.
* XeTeXOTLayoutEngine.{cpp,h}: Drop support for ICU < 4.2.
Changes:
- luatex now uses the standard synctex files.
- The default form margin is now zero (was 1bp before).
- New function node.currentattr() queries the current active attribute list.
- Lua font loading; ignore unknown enumeration keys in MathConstants.
- JPEG 2000 image support.
- Bug fixes.
Changes:
* Trailing comments and whitespace omitted from config values.
* Add .tlu to type lua suffixes, and .dfont to truetype suffixes.
* Prefix program_invocation{,_short}_name with kpse_.
* Finally remove kpse_set_progname (deprecated since 1998).
Also fixed INSTALL_PROGRAM patch to not break install-sh.
Changes since 1.0.1
============================================================================
HTTP Interface:
* Native SSL support.
* Added support for HTTP range requests for attachments.
* Added built-in filters for '_changes': '_doc_ids' and '_design'.
* Added configuration option for TCP_NODELAY aka "Nagle".
* Allow POSTing arguments to '_changes'.
* Allow 'keys' parameter for GET requests to views.
* Allow wildcards in vhosts definitions.
* More granular ETag support for views.
* More flexible URL rewriter.
* Added support for recognizing "Q values" and media parameters in
HTTP Accept headers.
* Validate doc ids that come from a PUT to a URL.
Externals:
* Added OS Process module to manage daemons outside of CouchDB.
* Added HTTP Proxy handler for more scalable externals.
Replicator:
* Added '_replicator' database to manage replications.
* Fixed issues when an endpoint is a remote database accessible via SSL.
* Added support for continuous by-doc-IDs replication.
* Fix issue where revision info was omitted when replicating attachments.
* Integrity of attachment replication is now verified by MD5.
Storage System:
* Multiple micro-optimizations when reading data.
View Server:
* Added CommonJS support to map functions.
* Added 'stale=update_after' query option that triggers a view update after
returning a 'stale=ok' response.
* Warn about empty result caused by 'startkey' and 'endkey' limiting.
* Built-in reduce function '_sum' now accepts lists of integers as input.
* Added view query aliases start_key, end_key, start_key_doc_id and
end_key_doc_id.
Futon:
* Added a "change password"-feature to Futon.
URL Rewriter & Vhosts:
* Fix for variable substituion
Changelog:
ver 3.0.6
* Support cairo for text rendering. (Experimental)
(See doc/en/README.cairo in detail.)
* Support searching text in terminal screen. (Add "mlsearch.sh" tool.)
* "CSI < r", "CSI < s" and "CSI < t" sequences are supported.
* Improve cursor movement in bi-direction text.
* Improve compatibility of libvte. (Gtkterm2, evilvte and sakura work.)
* Ignore all spaces at the end of lines in selecting text regardless of their
fg/bg colors.
* Support unicode indic characters (using ISCII fonts though). (Experimental)
* Other bug fixes:
Fix a mistake which disabled configuration in $prefix/etc/mlterm in libvte.
General:
* Improved audio device detection and fallback.
There should be no more silent errors due to invalid audio devices.
Instead ScummVM should pick up a suitable alternative device.
Mohawk:
* Added detection entries for more variants of some Living Books games.
Tinsel:
* Fixed a regression that made Discworld uncompletable.
SAGA:
* Fixed a regression in Inherit the Earth's dragon walk code which
was causing crashes there.
* Fixed a regression causing various crashes in I Have No Mouth and
I Must Scream.
SCI:
* Added detection entries for some Macintosh game versions.
* Audio settings are now stored correctly for the CD version of EcoQuest 1.
SCUMM:
* Fixed graphics bug in FM-TOWNS versions of games on ARM devices
(Android, iPhone, etc.).
Postfix stable release 2.8.4 is available. This contains fixes and
workarounds that were already included with the Postfix 2.9
experimental release. Where applicable these fixes will also be
made available for the legacy releases Postfix 2.5..2.7.
* Performance: a high load of DSN success notification requests
could slow down the queue manager. Solution: make the trace
client asynchronous, just like the bounce and defer clients.
* The local(8) delivery agent ignored table lookup errors in
mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
and (while bouncing mail to alias) alias owner lookup.
* Workaround: dbl.spamhaus.org rejects lookups with "No IP
queries" even if the name has an alphanumerical prefix. We
play safe, and skip both RHSBL and RHSWL queries for names
ending in a numerical suffix.
* The "sendmail -t" command reported "protocol error" instead
of "file too large", "no space left on device" etc.
* The Postfix Milter client reported a temporary error instead
of "file too large" in three cases.
* Linux kernel version 3 support. Linus Torvalds has reset the
counters for reasons not related to changes in code.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
- New Features:
- New Apps: (see the validator/apps directory for details)
- dnssec-check: check dnssec support from your ISP
- dnssec-nodes: graphically displays a DNS
hierarchy, color coded by each node's DNSSEC status
- dnssec-system-tray: displays pop-up
notifications when a libval-enabled application
triggers a DNSSEC error
- lookup: a graphical DNS lookup utility that
displays the results in a hierarchical tree and
color codes the window according to DNSSEC status
- libval: - Added support for building on Windows.
- added support for falling back to recursion when
the caching name server does not appear to
support DNSSEC. This also works as a mechanism
to work around poisoned or misbehaving cache.
- Significant improvements to the the asynchronous support.
- lsdnssec: - Improvements to lsdnssec to display different
output depending on whether a zone is a
stand-alone zone or under control of rollerd.
- nagios: - Plugins for the nagios monitoring system which
enable monitoring of zone rollerover states.
- firefox: - Improved patches that work with the most recent firefox
Plus many more minor features and bug fixes
1.9:
- New Features:
- lsdnssec: - Added a new flag (-p) to show only zones in a
particular rollerd phase.
- fixed bugs to align timing output with rollerd.
- rollerd: - Added a -logtz flag for logging timezones
- fixed bugs related to the -alwayssign flag.
- zonesigner's path is taken from the config file.
- rollctl: - Added -rollall and -rollzone options.
- zonesigner: - Assumes keys need to be generated for new zones
(Assumes -genkeys option was given if a keyrec file
can't be found.)
- Exits with unique exit codes if a failure occurs.
("zonesigner -xc CODE" can lookup a description for it.")
- Added the -phase option so rollover options could be
more easily specified.
- lights: - A simple GUI to check the status of rollover states
- blinkenlights:- Added hide/show commands for rollrec names and zone
names, for split-zone support
- cleankrf: - Fixed deletion of obsolete set keyrecs.
- GUI commands: - Fixed how the Exit command works so they don't coredump.
- libsres
& libval: - New beta support for issuing asynchronous requests.
This can speed up queries by up to 4 times if used.
(see example code in validator/apps/validator_selftest.c)
- NSEC3, DLV and IPv6 are enabled by default.
- improved logging and logging-callback support.
- drawvalmap - Can output PNG files now
- Packaging:
- Our download page now allows you to download
the C validator libraries independently of the
full DNNSEC-Tools tool-suite.
- Many bugs were also fixed in the 240+ changes.
* fixed a coredump in torrent on linux with a ppp interface.
* translation updated (ru).
Version 4.3.0 - 2011-06-17
* new command `attach' to control a backgrounded lftp.
* automatically fill torrent:ipv6 setting.
* slightly improved torrent status display.
* fixed reconnect interval (it was sometimes uninitialized).
* several fixes for the case of cmd:parallel>1
* In mimedefang.c, truncate overlong responses from the multiplexor. Also sanitize replies so "\r" doesn't get fed to smfi_setmlreply.
* If a slave process replies with a very long reply, have the multiplexor consume (and discard) the excess input so the multiplexor-to-slave protocol does not become de-synchronized.
* When mimedefang becomes a daemon, have it wait for a "go/no-go" message from the child before exiting. This should eliminate race conditions whereby the MTA starts before the milter socket is present.
* Avoid run-time errors from Unix::Syslog on some platforms.
Bug Fixes:
* removed ldns-src tarball inside the unbound tarball.
* [bugzilla: 395 ]
fix that id bits of other query may leak out under conditions
* fix replyaddr count wrong after jostled queries, which leads to eventual starvation where the daemon has no replyaddrs left to use.
* fix that the listening socket is not closed when too many remote control connections are made at the same time.
* version number in example config file.
* fix that --enable-static-exe does not complain about it unknown.
* iana portlist updated
1.4.11:
Features:
* log-queries: yesno option, default is no, prints querylog.
* ignore-cd-flag: yesno to provide dnssec to legacy servers.
* Use -flto compiler flag for link time optimization, if supported.
* unbound-control has version number in the header, and uses port number registered with IANA, 8953.
Bug Fixes:
* Fix Makefile for U in environment, since wrong U is more common than deansification necessity.
* defense in depth against the assertion failure bug fixed in 1.4.10, an error is printed to log instead of an assertion failure.
* [bugzilla: 386 ]
--enable-allsymbols option links all binaries to libunbound and reduces install size significantly.
* Fix TTL of SOA so negative TTL is separately cached from normal TTL.
* configure created with newer autoconf 2.66.
* [bugzilla: 378 ]
Fix that configure checks for ldns_get_random presence.
* queries with CD flag set cause DNSSEC validation, but the answer is not withheld if it is bogus. Thus, unbound will retry if it is bad and curb the TTL if it is bad, thus protecting the cache for use by downstream validators.
* val-override-date: -1 ignores dates entirely, for NTP usage.
* harden-below-nxdomain: changed so that it activates when the cached nxdomain is dnssec secure. This avoids backwards incompatibility because those old servers do not have dnssec.
* statistics-interval prints the number of jostled queries to log.
* IPv6 service address for d.root-servers.net (2001:500:2D::D).
* updated ldns tarball to 1.6.10rc2 snapshot
* iana portlist updated.
* New example tool added: ldns-gen-zone.
* bugfix #359: Serial-arithmetic for the inception and expiration
fields of a RRSIG and correctly converting them to broken-out time
information.
* bugfix #364: Slight performance increase of ldns-verifyzone.
* bugfix #367: Fix to allow glue records with the same name as the
delegation.
* Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
glue when the zone is opt-out.
* bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
* pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
performance)
* Better handling of reference variables in ldns_rr_new_frm_fp_l from
pyldns, with a very nice generator function by Bedrich Kosata.
* Decoupling of the rdfs in rrs in the python wrappers to enable
the python garbage collector by Bedrich Kosata.
* bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
build time and when used.
* bugfix #383: Fix detection of empty nonterminals of multiple labels.
* Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded
names (in stead of just the ones that contain glue only) and all
occluded records on the delegation points (in stead of just the glue).
* Clarify the operation of ldns_dnssec_mark_glue and the usage of
ldns_dnssec_node_next_nonglue functions in the documentation.
* Added function ldns_dnssec_mark_and_get_glue as an real fast
alternative for ldns_zone_glue_rr_list.
* Fix parse buffer overflow for max length domain names.
* Fix Makefile for U in environment, since wrong U is more common than
deansification necessity.
* Include simple-dnskey-mailer-plugin in dist.
* Enforcer: Change message about KSK retirement to make it less confusing.
Bugfixes:
* ods-control: If the Enforcer did not close down, you entered an infinite loop.
* Signer Engine: Fix log message typos.
* Signer Engine: Fix crash where ods-signer update
* Signer Engine: Also replace DNSKEYs if <DNSKEY><TTL> has changed in policy.
* Zonefetcher: Sometimes invalid 'Address already in use' occurred.
* Bugfix #247: Fixes bug introduced by bugfix #242.
OpenDNSSEC 1.3.0rc3
* Do not distribute trang.
Bugfixes:
* Fix test for java executable and others.
* Auditor: Fix delegation checks.
* Bugfix #242: Race condition when receiving multiple NOTIFIES for a zone.
* ods-kaspcheck: Do not expect resalt in NSEC policy.
* Signer Engine: Ifdef a header file.
* Signer Engine: The default working directory was not specified.
* Signer Engine: Handle stdout console output throttling that would
truncate daemon output intermittently.
OpenDNSSEC 1.3.0.rc2
* Match the names of the signer pidfile and enforcer pidfile.
* Include check for resign < resalt in ods-kaspcheck.
Bugfixes:
* Bugfix #231: Fix MySQL version check.
* ods-ksmutil: Update now sends a HUP to the enforcerd.
* Signer Engine: Fix assertion failure if zone was just added.
* Signer Engine: Don't hsm_close() on setup error.
* Signer Engine: Fix race condition bug when doing a single run.
* Signer Engine: In case of failure, also mark zone processed (single run).
* Signer Engine: Don't leak backup file descriptor.
* signconf.rnc now allows NSEC3 Iterations of 0
OpenDNSSEC 1.3.0rc1
* <SkipPublicKey/> is enabled for SoftHSM in the default configuration.
It improves the performance by only using the private key objects.
* Document the <RolloverNotification> tag in conf.xml.
Bugfixes:
* Bugfix #221: Segmentation Fault on schedule.c:232
* Enforcer: 'make check' now works.
* Enforcer: Fixed some memory leaks in the tests.
* Signer Engine: Coverity report fixes some leaks and thread issues.
* Signer Engine: Now logs to the correct facility again.
OpenDNSSEC 1.3.0b1
* Support for signing the root. Use the zone name "."
* Enforcer: Stop import of policy if it is not consistent.
* ods-signer: The queue command will now also show what tasks the workers
are working on.
* Signer Engine: Just warn if occluded zone data was found, don't stop signing p
rocess.
* Signer Engine: Simpler serial maintenance, reduces the number of conflicts.
Less chance to hit a 'cannot update: serial too small' error message.
* Signer Engine: Simpler NSEC(3) maintenance.
* Signer Engine: Temperate the number of backup files.
* Signer Engine: Set number of <SignerThreads> in conf.xml to
get peak performance from HSMs that can handle multiple threads.
Bugfixes:
* Bugreport #139: ods-auditor fails on root zone.
* Bugreport #198: Zone updates ignored?
* Replace tab with white-space when writing to syslog.
* Signer Engine: Do not block update command while signing.
==============================
Release Notes for Samba 3.3.16
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.3.15
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
==============================
Release Notes for Samba 3.5.10
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.5.9:
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
darktable is a photography workflow application: a virtual lighttable
and darkroom for photographers: it manages your digital negatives
in a database and lets you view them through a zoomable lighttable.
it also enables you to develop raw images and enhance them.
