base for other systems. It allows the creation of users, which can
be authenticated by username, password, and optionally a YubiKey
OTP.
Aside from providing a user authentication backend, YubiAuth allows
storing and retrieving arbitrary key-value attributes for each user
as well as each YubiKey.
While here, update some example versions, prune some superfluous text,
improve a bit of wording, and link directly to the anoncvs section of
our mirrors page.
* Fix udev rules so they contain four digits.
* Only try to detach the kernel driver if it's attached. For libusb-1.0
* Let import config report errors properly.
Changelog:
31.2.0:
Fixed
Fixed a case where having a contact and card in an address book with the same name could send to the mailing list (Bug 1008718)
Fixed
Invalid certificate issue with mozilla::pkix (see bug 1042889)
Fixed
Importing an RSA private key fails if p < q (see bug 1049435)
Fixed
Security fixes can be found here
31.1.2:
Fixed
Fixed an issue where anchor links would not work in HTML emails (Bug 974857)
Fixed
Security fixes can be found here
31.1.1:
Fixed
Fixed an issue where mailing lists with spaces in their names couldn't be autocompleted (Bug 1060901)
Fixed
Fixed an occasional startup crash (Bug 1005336)
31.1.0:
Fixed
Security fixes can be found here
Fixed
Improved performance of autocomplete for large address books (Bug 984875)
Fixed
Fixed an issue with IMAP being slow when looking for folders on certain server types (Bug 799821, Bug 859269)
Fixed
Fixed various theme issues relating to titlebars and toolbars (Bug 1007225, Bug 1026608, Bug 1041211, Bug 1046563, Bug 1054260)
# Fixed in Thunderbird 31.2
2014-81 Inconsistent video sharing within iframe
2014-79 Use-after-free interacting with text directionality
2014-77 Out-of-bounds write with WebM video
2014-76 Web Audio memory corruption issues with custom waveforms
2014-75 Buffer overflow during CSS manipulation
2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
# Fixed in Thunderbird 31.1.2
2014-73 RSA Signature Forgery in NSS
# Fixed in Thunderbird 31.1
2014-72 Use-after-free setting text directionality
2014-70 Out-of-bounds read in Web Audio audio timeline
2014-69 Uninitialized memory use during GIF rendering
2014-68 Use-after-free during DOM interactions with SVG
2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
NEO. There is a command line tool "ykneomgr" for interactive use.
It supports querying the YubiKey NEO for firmware version, operation
mode (OTP/CCID) and serial number. You may also mode switch the
device and manage applets (list, delete and install).
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662)
CVE-2014-8710
* wnpa-sec-2014-21
AMQP crash. (Bug 10582) CVE-2014-8711
* wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628) CVE-2014-8712
CVE-2014-8713
* wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596) CVE-2014-8714
The following bugs have been fixed:
* 6LoWPAN Mesh headers not treated as encapsulating address.
(Bug 10462)
* UCP dissector bug of operation 31 - PID 0639 not
recognized. (Bug 10463)
* iSCSI dissector rejects PDUs with "expected data transfer
length" > 16M. (Bug 10469)
* GTPv2: trigging_tree under Trace information has wrong
length. (Bug 10470)
* Attempt to render an SMS-DELIVER-REPORT instead of an
SMS-DELIVER. (Bug 10547)
* IPv6 Mobility Option IPv6 Address/Prefix marks too many
bytes for the address/prefix field. (Bug 10576)
* IPv6 Mobility Option Binding Authorization Data for FMIPv6
Authenticator field is read beyond the option data.
(Bug 10577)
* IPv6 Mobility Option Mobile Node Link Layer Identifier
Link-layer Identifier field is read beyond the option data.
(Bug 10578)
* Malformed PTPoE announce packet. (Bug 10611)
* IPv6 Permanent Home Keygen Token mobility option includes
too many bytes for the token field. (Bug 10619)
* IPv6 Redirect Mobility Option K and N bits are parsed
incorrectly. (Bug 10622)
* IPv6 Care Of Test mobility option includes too many bytes
for the Keygen Token field. (Bug 10624)
* IPv6 MESG-ID mobility option is parsed incorrectly.
(Bug 10625)
* IPv6 AUTH mobility option parses Mobility SPI and
Authentication Data incorrectly. (Bug 10626)
* IPv6 DNS-UPDATE-TYPE mobility option includes too many
bytes for the MD identity field. (Bug 10629)
* IPv6 Local Mobility Anchor Address mobility option's code
and reserved fields are parsed as 2 bytes instead of 1.
(Bug 10630)
* TShark crashes when running with PDML on a specific packet.
(Bug 10651)
* IPv6 Mobility Option Context Request reads an extra
request. (Bug 10676)
- Updated Protocol Support
6LoWPAN, AMQP, GSM MAP, GTPv2, H.223, IEEE 802.11, iSCSI, MIH,
Mobile IPv6, PTPoE, TN5250, and UCP
- New and Updated Capture File Support
Catapult DCT2000, HP-UX nettl, pcap-ng, and Sniffer (DOS)
* TAILQ macros are now pulled in via config.h only so dhcpcd compiles
on systems where sys/queue.h does not exist at all
* Remove DHCP state correctly when the interface departs
* End the IPv4LL state when DHCP is stopped
* Ensure that any DHCP leased offered still exists when assigning an
IPv4LL address
PolarSSL ChangeLog
= Version 1.2.12 released 2014-10-24
Security
* Remotely-triggerable memory leak when parsing some X.509 certificates
(server is not affected if it doesn't ask for a client certificate).
(Found using Codenomicon Defensics.)
Bugfix
* Fix potential bad read in parsing ServerHello (found by Adrien
Vialletelle).
* ssl_close_notify() could send more than one message in some circumstances
with non-blocking I/O.
* x509_crt_parse() did not increase total_failed on PEM error
* Fix compiler warnings on iOS (found by Sander Niemeijer).
* Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
* Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
* ssl_read() could return non-application data records on server while
renegotation was pending, and on client when a HelloRequest was received.
* Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
Changes
* X.509 certificates with more than one AttributeTypeAndValue per
RelativeDistinguishedName are not accepted any more.
* ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
* Accept spaces at end of line or end of buffer in base64_decode().
Version 0.9.98 - 2014-07-04
===========================
- Text rendering now with QTextLayout fixes the following issues
- Correct handling for variable width fonts.
- Corrected display of highlighted text with Qt4.8.x on Ubuntu and Mac.
- Improved handling of texts with both right to left and left to right
languages (mixed Arabic and western texts).
- Improved handling of Chinese and Japanese.
- Whitespace characters are now shown as dots for spaces and arrows for
tabs, and not only in differences.
- Fixed symlink comparison (Qt4 symLinkTarget returns absolute paths)
- Text analysis for rendering with QTextLayout is interruptable and
multithreaded. (See progressbar and abort-button in statusbar)
- Fix for saving to relative path in KDE-environments. (Patch from Harald Sitter)
- Fixed bug in 0.9.97: Directory compare was always case sensitive.
- Fix for saving files on KDE with relative path specified via command
line option -o.
- Fixed problem with KIO (nonlocal urls).
- Improved Mac support.
- Write --confighelp information to stdout instead of stderr.
- Directory Merge Window: Enabled state of "Delete A And B" now also
depends on existence of source file A.
- Works now with Qt4 and Qt5
- Progress dialog during printing.
- Workaround for bug in QSplitter::childEvent that broke
QFileDialog::getSaveFileName
* Fixed a bug causing wildcards in command alias replacement patterns not
to be expanded.
* Fixed a bug causing auto-joining of channels not starting in # or & to
sometimes fail because the auto-join command was generated before we got
the CHANTYPES pronouncement by the server.
* Added a size sanity check for incoming Blowfish ECB blocks. The blind
assumption of incoming blocks being the expected 12 bytes could lead to
a crash or up to 11 byte information leak due to an out-of-bounds read.
This fixes CVE-2014-8483.
* Enabling SSL/TLS support for connections will now advertise the protocols
Qt considers secure by default, instead of being hardcoded to TLSv1.
* Fixed the bundled 'sysinfo' script not coping with empty lines in
/etc/os-release.
* Made disk space info in the bundled 'sysinfo' script more robust by
forcing the C locale for 'df'.
* Added an audio player type hint for Cantata to the bundled 'media' script.
* Fixed some minor comparison logic errors turned up by static analysis.
* Konversation now depends on KDE Platform v4.9.0 or higher.
Version 2.1.0 (oct.29th 2014)
Bugs fixed:
* The switch -sysinfo worked only in Windows - in Linux (?also in Mac?) the
clipboard is deleted on exit
* extensive work in the SGF-parser, "\" and "]" are handled correct IN THE
PARSER (not yet in the display)
Further:
* SGF FF[3] files (AddWhite, SiZe, DaTe, CiRcle, ...) are now processed and
displayed!!
* Files from a defect version of Hibiscus 2.1 (LB[yy:0]...) are now displayed
* Many defect SGF files get now a suitable error message; a stacktrace is
only shown for debugging (internal switch "DEBUG2"). Normal file errors
shouldn't give a stack trace. (If you have a defect sgf file, which
doesn't get an sppropriate error message - let me know!)
* Grinder has now an extra log file for SGF file errors: sgf-log.txt
