- SECURITY: Don't try to free() uninitialised variables in DSS verification
code. Thanks to Arne Bernin for pointing out this bug. This is possibly
exploitable, all users with DSS and pubkey-auth compiled in are advised to
upgrade.
- Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
- Don't go into an infinite loop when portforwarding to servers which don't
send any initial data/banner. Patch from Nikola Vladov
- Fix for network vs. host byte order in logging remote TCP ports, also
from Gerrit Pape.
- Initialise many pointers to NULL, for general safety. Also checked cleanup
code for mp_ints (related to security issues above).
Changes:
* The SSL/X509 DNS name verification code was fixed; it used incorrect code
from a book which sometimes caused segmentation faults (Bugreport by Lars
Kellogg-Stedman).
* The 'disconnect' command now accepts an optional message list specifying
messages to be read into the IMAP cache before the connection is closed.
* The new 'cache' command reads a list of messages into the IMAP cache.
* IMAP BODY.PEEK[] is now used when fetching messages from the server, and
the '\Seen' flag is set when the 'quit' command is executed. Thus an
'exit' command does not cause messages marked to be read.
* The 'connect'/'online' commands now announce new messages that are found
on the server.
* The 'replyto' variable can now contain multiple addresses.
* If the 'sort' command is used without arguments, the current sorting
criterion is printed.
* The 'sort', 'thread', 'unsort', and 'unthread' commands now only print a
header summary if the 'header' variable is set.
* The 'size' command has been fixed to print the full sizes of messages that
have not yet been entirely read in IMAP and POP3 folders, instead of the
sizes of the already downloaded parts.
* Deleted messages remained in the cache until an IMAP folder was accessed
a second time since 11.3. They are now deleted immediately when a folder
is quit in online mode.
* The configuration system now also checks for iconv() in libiconv if it is
not found in one of the standard libraries (Matthias Andree).
* Specifying LIBS on the make command line does now work with several make
implementations of commercial Unices too (Bugreports by Matthias Andree,
Matt S).
Changes in the package
======================
* Install compatibility symlinks for shared libraries to not break binary
programs linked against 1.4.0. This is just a workaround for our broken
libtool naming scheme and should be removed when it is fixed. Agreed
by rh@.
* Move installation of documentation to doc/, out of doc/html.
Overview of changes between 1.4.0 and 1.4.1
===========================================
* Win32 bug fixes [Tor Lillqvist, John Ehresman]
* Thai rendering improvements including OpenType support
[Theppitak Karoonboonyanan]
* Fix common crash in Hangul shaper [Changwoo Ryu]
* Fix various problems with language tag selection [Frederic Zhang]
* Documentation improvements [Felipe Heidrich, Doug Quale]
* Fix crash in line break code [Jeroen Zwartepoorte, Billy Biggs]
* Build fixes [J. Ali Harlow, Noah Misch]
* OpenType engine fixes [Kailash C. Chowksey, Sayamindu Dasgupta, Aamir Wali,
Masatake YAMATO, Soheil Hassas Yeganeh]
* Indic module bug fixes [Chris Blizzard, Rajkumar S, Taneem Ahmed,
Jungshik Shin]
* Misc bug fixes [Stanislav Brabec, Anders Carlsson, Behdad Esfahbod,
Jody Goldberg, Theppitak, Sven Neumann, Manish Singh, Morten Welinder]
patch submitted by Ove Soerensen in PR 26810
3.1.8.1, 2004-07-27
+ A fix for some DNS resolution problems on Linux.
3.1.8, 2004-07-07
+ Ncftpget, ncftpput, and ncftpls now try to erase the arguments to the
-u/-p/-j (user, password, account) options so they do not show in
a "ps" command (Thanks, Konstantin Gavrilenko).
+ Recognize broken IBM mainframe FTP servers and work around them.
+ Working around a problem with ProFTPD 1.2.9 and later which would
cause recursive downloads to fail.
+ Fixed a bug where ncftpput in recursive mode could lock up if you
used a trailing slash on the directory to upload.
+ For the malicious server problem that was addressed in 3.1.5, enhanced
the fix for better compatibility with mainframe FTP servers.
+ Ncftpget, ncftpput, and ncftpls, and ncftp's open command now accept
an additional advanced option (-o) which lets you do things like disable
NcFTP's use of SITE UTIME, FEAT, HELP SITE, etc.
+ Several HP-UX 10 compatibility bugs fixed (Thanks, Laurent FAILLIE).
+ A couple of looping problems with ncftpbatch fixed (Thanks, George Goffe).
+ Bug fixed with the upload socket buffer not being set (Thanks, ybobble).
+ The utility programs now accept "-" for the config file name used
with "-f" to denote standard input (Thanks, Jeremy Monin).
+ Bug fixed with ncftpput when using both -c and -A (Thanks, Ken Woodmansee).
+ Support for boldface text in Windows version (Thanks, Adam Gates).
3.1.7, 2004-01-07
+ Fixed a memory leak introduced in 3.1.6.
+ Fixed problem where it was assumed that daylight saving's time occurred
at the same time each year for all timezones.
+ Bug fixed with running a shell escape.
+ Ncftpget now uses passive-with-fall-back-to-port mode like ncftpput and
ncftpls.
+ Problem fixed with "ls -a" where occasionally a row with ".." and another
file would be omitted.
+ Ncftpbatch now uses the UTC timezone for spool files.
+ The configure script can now detect when the config.cache file has been
improperly recycled from a machine with a different OS.
+ The Windows version now uses the USERPROFILE environment variable, if it
was set, as the location of the user's home directory.
+ Recognize broken DG/UX servers and work around them.
pkgsrc changes:
- move to use options.mk framework
- solaris support tidy-up
- fix linux man page extension handling bug
- allow for a user defined smrsh directory
- update MASTER_SITES
- optional SOCKETMAP support and sample script installation
- ok'ed snj@/wiz@
Summary of some of the major changes include:
- New map "socket" to query maps via TCP/IP sockets.
- Connection rate control as well as control over the number of incoming open
connections.
- Several LDAP enhancements such as LDAP recursion and LDAP URI support.
- Message quarantining.
- AUTH EXTERNAL will only be enabled if STARTTLS was successful and the client
has been authenticated, i.e., {verify} is OK.
- Basic support for certificate revocation lists.
- New queue timeouts for DSN messages.
- Experimental support for MTAMark.
For a full list of changes see:
- http://www.sendmail.org/8.13.0.html
- http://www.sendmail.org/8.13.1.html
new sendmail 8.13.x tree in pkgsrc.
Changes to the original package include:
- Added missing NetBSD CVS tags to some files under files
- Path changes in Makefile and Makefile.common to reflect new location under
mail/ of this package
Overview of Changes from GTK+ 2.4.7 to GTK+ 2.4.8
=================================================
* GtkFileChooser
- Fix some memory leaks [Federico Mena Quintero]
- Make save mode work with old versions of the
gnome-vfs backend. [Zack Cerza]
* GtkEntryCompletion
- Warn if text column has wrong type [Fernando San Martin Woerner,
Gustavo Carneiro]
* GtkTreeView
- Fix a redraw problem in fixed height mode [Pawel Salek]
* GDK
- Complete the _NEW_WM_USER_TIME implementation [Elijah Newren]
- Update the _NET_ACTIVE_WINDOW implementation [Elijah]
* gdk-pixbuf
- Avoid infinite loops for bad BMPs [Chris Evans, Manish Singh]
- Fix a problem with GDK_INTERP_NEAREST scaling which caused
Nautilus thumbnails to be misdrawn [Christoph Fergeau]
- Avoid segfaults in gdk-pixbuf-csource [Matthias Clasen]
* Win32 bug fixes [Tim Evans, Tor Lillqvist]
* Other bug fixes [Gustavo, Torsten Schoenfeld, Manish, Tomislav Jonjic,
Soeren Sandmann, Tommi Komulainen, Philip Langdale, Jon-Kare Hellan]
* Documentation improvements [Matthias]
* Updated translations (bs,da,fi,sq)
Overview of Changes from GTK+ 2.4.6 to GTK+ 2.4.7
=================================================
* GtkFileChooser
- Fix for Open button not actually opening [Tommi Komulainen]
- Fix crash when g_get_home_dir() returns NULL [Tor Lillqvist]
Overview of Changes from GTK+ 2.4.4 to GTK+ 2.4.6
=================================================
* GtkFileChooser
- Set busy cursor while mounting [Federico Mena Quintero]
- Set accessible name [Padraig O'Briain]
- Improve activation on focus [Federico]
- Accept paths in entry [Federico]
* GtkTreeView
- Draw focus indicator for empty tree views [Federico]
- Make column dragging more robust [Matthias Clasen,
Christian Biere]
- Prevent DND on non-sources [Pawel Salek]
* GtkUIManager
- Accept paths with a leading / [David Malcolm]
* Gdk
- Fix handling of keep-above and keep-below
state [Matthew Garret]
- Add some missing error traps [Thomas Leonard]
* gdk-pixbuf
- Make incremental loading work for 8bit pcx
files [Magnus Bergman]
- Handle edge pixels consistently [Brian Cameron,
Matthias]
- Handle OS/2 BMPs [Jon-Kare Hellan]
* Bug fixes for Copy-Paste behaviour in text widgets
[Mikael Hallendal, Scott Bronson]
* Memory leak fixes in multiple widgets [Kjartan Maraas,
Tommi Komulainen, Crispin Flowerday, Matthias]
* Win32 fixes [Robert Ögren, Tor Lillqvist, Hans Breuer
* Other bug fixes [John Cupitt, Elke Meier, Matthias,
Peter Zelezny, Guilherme Salgado, John Finlay, Tommi,
Padaig, Olivier Sessink, Nicolas Deves, Lorenzo Gil
Sanchez, Christian Persch, Morten Welinder, Markku Vire,
Markus Lausser, Abel Daniel]
* Documentation improvements [Owen Taylor, Matthias, Axel
Simon, David, Federico, Mariano Suarez-Alvarez]
* Updated translations (ang,az,bg,br,ca,cs,en_CA,es,fi,fr,hi,hu,
it,ja,ko,mn,nb,nl,no,pl,pt,pt_BR,ru,sq,sr,sr@Latn,sr@ije,sv,uz,
wa,zh_CN)
I could not find any recent release notes or change log other than "People
continue to report examples where Tidy does not catch some ill-formed HTML
or, worse, generates ill-formed HTML. These cases have been significantly
reduced." (I didn't compare code with old release either.)
Patch-ab updated (same line patched).
* patches for netware support
* the optional Conversion function wants to have the original
data pulled in via snmp to work with, mapping \n and \r to nothing
and stripping spaces must happen later.
* better error message for missing library
* Updated to snmp_session 1.05
* fix for cuin and cout values saved in html comments
* fix for polish translation
* nodetach option for running mrtg under daemontools
* fixed indexmaker. added missing last for --section=portname code
* fixed scaling bug in rateup (unsigned long) should have been long long
* fix indexmaker when used with 14all
version 0.8.0:
- g++ v3 abi demangler
- x86 disasm: added undocumented ffreep (df c0) instruction
- compiles with gcc 3.4
- fixed buggy blockop-progress indicator
- fixed ugly segfault with elf symbol loading
- ppc disassebler updated (altivec instructions)
- removed stefan's email address (dead)
version 0.8.0pre1:
- disassembler:
- IBM/Motorola PowerPC (PPC) (new)
- file formats:
- XBE (X-Box executable) support by Stefan Esser (experimental)
- Mach-O header and image support for PPC and x86 (experimental)
- FLT (Flat) support (experimental)
- PEF support (experimental)
- XCOFF32 support
- COFF support for coff files without optional header
- COFF big-endian support
- ELF PPC support
- ELF relocatable file support (experimental)
- fixed buggy ELF reading code partially (thanks rpm28)
- eval dialog: added function help
- eval: not ('~') and logical-not ('!') operators
- disassembler interface (int maxlen, not byte maxlen)
- Win32: fixed access to native windows clipboard
- Win32: high CPU usage problems fixed (sys_suspend() bugged)
* a fixed typo in an error message
* conditional code to support large files on Linux
* a workaround for the disabling of errno
pkgsrc changes:
* Update HOMEPAGE and MASTER_SITES.
* Reformat DESCR.
Changes:
- Added support for ESMTP [Andreas Steinmetz]
- Fixed crash when too many connections established
- Announce ourselves as 'clamsmtp' in EHLO/HELO responses which fixes 'loopback'
problems with certain versions of Postfix 1.x
- Better IO performance under heavy load
- Fixed most warnings when compiled with -Wall
- Fixed other minor bugs