- avcodec/hevc_ps: improve check for missing default display window bitstream
- avcodec/hevc_ps: Fix c?_qp_offset_list size
- avcodec/shorten: Move buffer allocation and offset init to end of read_header()
- avcodec/jpeg2000dsp: Fix multiple integer overflows in ict_int()
- avcodec/hevcdsp_template: Fix undefined shift in put_hevc_pel_bi_w_pixels
- avcodec/diracdec: Fix overflow in DC computation
- avcodec/scpr: optimize shift loop.
- avcodec/dirac_vlc: limit res_bits in APPEND_RESIDUE()
- libavcodec/h264_parse: don't use uninitialized value when chroma_format_idc==0
- avformat/asfdec: Fix DoS in asf_build_simple_index()
- avformat/mov: Fix DoS in read_tfra()
- avcodec/dirac_vlc: Fix invalid shift in ff_dirac_golomb_read_32bit()
- avcodec/dirac_dwt: Fix multiple overflows in 9/7 lifting
- avcodec/diracdec: Fix integer overflow in INTRA_DC_PRED()
- avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
- avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array()
- avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop.
- avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered()
- avcodec/hevc_ps: Fix undefined shift in pcm code
- avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate()
- avformat/mvdec: Fix DoS due to lack of eof check
- avformat/rl2: Fix DoS due to lack of eof check
- avformat/rmdec: Fix DoS due to lack of eof check
- avformat/cinedec: Fix DoS due to lack of eof check
- avformat/asfdec: Fix DoS due to lack of eof check
- avformat/hls: Fix DoS due to infinite loop
- ffprobe: Fix NULL pointer handling in color parameter printing
- ffprobe: Fix null pointer dereference with color primaries
- avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps()
- avformat/rtpdec_h264: Fix heap-buffer-overflow
- avformat/aviobuf: Fix signed integer overflow in avio_seek()
- avformat/mov: Fix signed integer overflows with total_size
- avcodec/utils: Fix signed integer overflow in rc_initial_buffer_occupancy initialization
- avcodec/aacdec_template: Fix running cleanup in decode_ics_info()
- avcodec/me_cmp: Fix crashes on ARM due to misalignment
- avcodec/pixlet: Fixes: undefined shift in av_mod_uintp2()
- avcodec/dirac_dwt_template: Fix integer overflow in vertical_compose53iL0()
- avcodec/fic: Fixes signed integer overflow
- avcodec/snowdec: Fix off by 1 error
- avcodec/pixlet: fixes integer overflow in read_highpass()
- avcodec/zmbv: Check decomp_size
- avcodec/diracdec: Fixes integer overflow
- avcodec/diracdec: Check perspective_exp and zrs_exp.
- avcodec/ffv1dec_template: Fix undefined shift
- avcodec/mpeg4videodec: Clear mcsel before decoding an image
- avcodec/dirac_dwt: Fixes integer overflows in COMPOSE_DAUB97*
- avcodec/aacdec_fixed: fix invalid shift in predict()
- avcodec/h264_slice: Fix overflow in slice offset
- avformat/utils: fix memory leak in avformat_free_context
- swscale: fix gbrap16 alpha channel issues
- avcodec/h264idct_template: Fix integer overflow in ff_h264_idct_add()
- avcodec/diracdsp: fix integer overflow
- avcodec/diracdec: Check weight_log2denom
- avcodec/nvenc: only push cuda context on encoder close if encoder exists
- avfilter/vf_ssim: fix temp size calculation
* Fixed a bug introduced in version 1.8.21 which prevented sudo
from using the PAM-supplied prompt. Bug 799
* Fixed a bug introduced in version 1.8.21 which could result in
sudo hanging when running commands that exit quickly. Bug 800
* Fixed a bug introduced in version 1.8.21 which prevented the
command from being run when the password was read via an external
program using the askpass interface. Bug 801
What's new in Sudo 1.8.21p1
* On systems that support both PAM and SIGINFO, the main sudo
process will no longer forward SIGINFO to the command if the
signal was generated from the keyboard. The command will have
already received SIGINFO since it is part of the same process
group so there's no need for sudo to forward it. This is
consistent with the handling of SIGINT, SIGQUIT and SIGTSTP.
Bug 796
* If SUDOERS_SEARCH_FILTER in ldap.conf does not specify a value,
the LDAP search expression used when looking up netgroups and
non-Unix groups had a syntax error if a group plugin was not
specified.
* "sudo -U otheruser -l" will now have an exit value of 0 even
if "otheruser" has no sudo privileges. The exit value when a
user attempts to lists their own privileges or when a command
is specified is unchanged.
* Fixed a regression introduced in sudo 1.8.21 where sudoreplay
playback would hang for I/O logs that contain terminal input.
* Sudo 1.8.18 contained an incomplete fix for the matching of
entries in the LDAP and SSSD backends when a sudoRunAsGroup is
specified but no sudoRunAsUser is present in the sudoRole.
What's new in Sudo 1.8.21
* The path that sudo uses to search for terminal devices can now
be configured via the new "devsearch" Path setting in sudo.conf.
* It is now possible to preserve bash shell functions in the
environment when the "env_reset" sudoers setting is disabled by
removing the "*=()*" pattern from the env_delete list.
* A change made in sudo 1.8.15 inadvertantly caused sudoedit to
send itself SIGHUP instead of exiting when the editor returns
an error or the file was not modified.
* Sudoedit now uses an exit code of zero if the file was not
actually modified. Previously, sudoedit treated a lack of
modifications as an error.
* When running a command in a pseudo-tty (pty), sudo now copies a
subset of the terminal flags to the new pty. Previously, all
flags were copied, even those not appropriate for a pty.
* Fixed a problem with debug logging in the sudoers I/O logging
plugin.
* Window size change events are now logged to the policy plugin.
On xterm and compatible terminals, sudoreplay is now capable of
resizing the terminal to match the size of the terminal the
command was run on. The new -R option can be used to disable
terminal resizing.
* Fixed a bug in visudo where a newly added file was not checked
for syntax errors. Bug 791.
* Fixed a bug in visudo where if a syntax error in an include
directory (like /etc/sudoers.d) was detected, the edited version
was left as a temporary file instead of being installed.
* On PAM systems, sudo will now treat "username's Password:" as
a standard password prompt. As a result, the SUDO_PROMPT
environment variable will now override "username's Password:"
as well as the more common "Password:". Previously, the
"passprompt_override" Defaults setting would need to be set for
SUDO_PROMPT to override a prompt of "username's Password:".
* A new "syslog_pid" sudoers setting has been added to include
sudo's process ID along with the process name when logging via
syslog. Bug 792.
* Fixed a bug introduced in sudo 1.8.18 where a command would
not be terminated when the I/O logging plugin returned an error
to the sudo front-end.
* A new "timestamp_type" sudoers setting has been added that replaces
the "tty_tickets" option. In addition to tty and global time stamp
records, it is now possible to use the parent process ID to restrict
the time stamp to commands run by the same process, usually the shell.
Bug 793.
* The --preserve-env command line option has been extended to accept
a comma-separated list of environment variables to preserve.
Bug 279.
* Friulian translation for sudo from translationproject.org.
Changelog:
This is an emergency release to fix a security vulnerability in Emacs.
Enriched Text mode has its support for decoding 'x-display' disabled.
This feature allows saving 'display' properties as part of text.
Emacs 'display' properties support evaluation of arbitrary Lisp forms
as part of instantiating the property, so decoding 'x-display' is
vulnerable to executing arbitrary malicious Lisp code included in the
text (e.g., sent as part of an email message).
This vulnerability was introduced in Emacs 19.29.
3.27.1 (2017-08-14)
! Change client identification string if connecting with SFTP due to OpenSSH disregarding the supported ciphers announced by the client, resulting in less secure algorithms being chosen by OpenSSH.
- MSW: Improve handling of NTFS reparse points
- MSW: If running the installer with /S, previous versions where not uninstalled prior to the new version being installed
- MSW: The installer can be run with /quiet for a semi-silent installation
- OS X, *nix: Potential fix for a rare crash if changing local directories while the local directory list is being updated and vice versa.
3.27.0.1 (2017-07-19)
- MSW: Add misssing file to .zip binary package
- MSW: Fix toolchain issues breaking the shell extension
3.27.0 (2017-07-19)
- SFTP components have been updated and are now based on PuTTY 0.70
3.27.0-rc1 (2017-07-11)
+ Support for the Storj decentralized cloud storage provider
- MSW: Fix display of file type of directories if the directory name contains a dot
- Fix assertion if entering an invalid protocol prefix into the host field on the quickconnect bar or in the site manager
- Improve error message if TLS certificate verification fails due to a missing stapled OCSP resonse
- Building and running FileZilla now depends on libfilezilla >= 0.10.0 (https://lib.filezilla-project.org/)
3.26.2 (2017-06-12)
- Fixed crash if using master passwords and decrypting very long passwords
3.26.1 (2017-06-02)
- Fixed crash if changing password settings and the Site Manager contains subdirectories
- *nix: Fixed saving of sites having more than one site-specific bookmark
3.26.0 (2017-06-01)
- When changing or removing the master password, update protected credentials of server items in the transfer queue
- Fix display of remember checkbox when showing the password entry dialog for sites that have no username set and are using the "Ask" logon type
- Some icons were missing in the Windows .zip binary archive
3.26.0-rc1 (2017-05-25)
+ Passwords can now be stored encrypted, protected with a master password
+ Building and running FileZilla now depends on libfilezilla >= 0.9.2 (https://lib.filezilla-project.org/).
+ Building and running FileZilla now depends on wxWidgets >= 3.0.3
Carry forward libtool patch from 3.0.2, with LDFLAGS changes
included.
This is a bug fix release with no significant new features compared
to the previous 3.0.x releases and compatible with them at both the
API and the ABI level (i.e. all applications linked against earlier
3.0.x DLLs or shared libraries will continue to work when using
3.0.3 libraries).
The full list of changes in this release is available at
https://raw.githubusercontent.com/wxWidgets/wxWidgets/v3.0.3/docs/changes.txt
(starting from the line 583, or search for "3.0.3" in this file),
here are some selected ones:
* In all ports:
- Support requestion modern (3.x+) OpenGL version in wxGLCanvas.
- Fix using wxHTTP and wxFTP from worker thread.
* In wxGTK:
- Support for Gstreamer 1.0 in wxMediaCtrl, in addition to obsolete 0.x.
- Several fatal bug fixes for GTK+ 3.
## 1.4.1 / 2017-06-21
* Don't ask .empty? until it's a String. (#38)
* rename Liquid 4 `has_key?` to `key?` to add compatibility for liquid 4 (#41)
* Test against Ruby 2.1 to 2.4 (#45)
3.5.2 (2017/8/18)
* Backport #6281 for v3.5.x: Fix Drop#key? so it can handle a nil argument (#6288)
* Backport #6280 for v3.5.x: Guard against type error in absolute_url (#6287)
* Backport #6266 for v3.5.x: Memoize the return value of Document#url (#6301)
* Backport #6273 for v3.5.x: delegate StaticFile#to_json to StaticFile#to_liquid (#6302)
* Backport #6226 for v3.5.x: Reader#read_directories: guard against an entry not being a directory (#6304)
* Backport #6247 for v3.5.x: kramdown: symbolize keys in-place (#6303)
3.5.1 (2017/7/18)
Minor Enhancements
* Use Warn for deprecation messages (#6192)
* site template: Use plugins key instead of gems (#6045)
Bug Fixes
* Backward compatiblize URLFilters module (#6163)
* Static files contain front matter default keys when to_liquid'd (#6162)
* Always normalize the result of the relative_url filter (#6185)
Documentation
* Update reference to trouble with OS X/macOS (#6139)
* added BibSonomy plugin (#6143)
* add plugins for multiple page pagination (#6055)
* Update minimum Ruby version in installation.md (#6164)
* [docs] Add information about finding a collection in site.collections (#6165)
* Add {%raw%} to Liquid example on site (#6179)
* Added improved Pug plugin - removed 404 Jade plugin (#6174)
* Linking the link (#6210)
* Small correction in documentation for includes (#6193)
* Fix docs site page margin (#6214)
Development Fixes
* Add jekyll doctor to GitHub Issue Template (#6169)
* Test with Ruby 2.4.1-1 on AppVeyor (#6176)
* set minimum requirement for jekyll-feed (#6184)
2.71.2 (2017/9/7)
* fix freebsd service check
* correct spelling mistake
2.71.1 (2017/8/31)
* Allow to test main package version on Alpine Linux
* get_version returns malformed value if the package name contains a hyphen
2.71.0 (2017/8/26)
* Allow to switch backends
2.70.2 (2017/8/26)
* Updated suse.rb to detect OS info on SUSE 11 machine
2.70.1 (2017/8/2)
* Fix freebsd commands
2.70.0 (2017/7/25)
* Add jexec backend to support FreeBSD jail.
* Facter/Ohai support for host_inventory
2.69.0 (2017/7/14)
* Support Debian 9
1.6.0 (2017/09/01)
* Rack::PostBodyContentTypeParser: if the middleware is told a POST body is
JSON, but it doesn't parse as JSON, then... it's not really JSON, and the
request is now rejected with a 400 response. Thanks to Yukihiko SAWANOBORI
(@sawanoboly) for the fix.
1.5.0 (2017/07/19)
After an extended hiatus, rack-contrib maintenance is back on track. This
is a tidy-up release, merging things that have sat around for far too long.
* git-version-bump has now been moved to being a development dependency,
thanks to Tobias Haagen Michaelsen.
* Rack::AcceptLocale can be restricted to a set of enforced locales, thanks to
Paco Guzman.
* Rack::NotFound's path argument is now optional, thanks to Ed Morley.
* Rack::BounceFavicon now has a description and tests, thanks to Steven
Wilkin.
* The automated Travis CI suite now tests all supported Ruby versions up to
2.4, which necessitated a few small changes.
### 0.9.1
o Added ssl_version options `TLSv1_1`, `TLSv1_2`, `TLSv1_3` for explicitly
forcing the SSL version
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
o Added a new `:http_version` option with `HTTPv1_1` and `HTTPv2_0` values to
explicitly set the HTTP version of HTTP/1.1 or HTTP/2.0
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_HTTP_VERSION.html
o Updates the gem release procedure for more convenience, using the updated
Rubygems.org tasks
o Update a few minor dependencies and documentation to be Ruby
2.4.1-compatible, add 2.4.1. to Travis CI matrix
o Add `Session#download_byte_limit` for limiting the permitted download size.
This can be very useful in dealing with untrusted download sources, which
might attempt to send very large responses that would overwhelm the
receiving client.
o Add `Patron.libcurl_version_exact` which returns a triplet of major, minor
and patch libCURL version numbers. This can be used for more fine-grained
matching when using some more esoteric Curl features which might not
necessarily be available on libCURL Patron has been linked against.
