Notable changes
- http: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
- openssl: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against a Node.js TLS server
using DHE key exchange. Details are available at
http://openssl.org/news/secadv/20151203.txt.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
http://openssl.org/news/secadv/20151203.txt. (Shigeki Ohtsu) #4134
- v8: Backport fixes for a bug in JSON.stringify() that can result in
out-of-bounds reads for arrays. (Ben Noordhuis)
Version 1.6.20beta01 [November 20, 2015]
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Version 1.6.20beta02 [November 23, 2015]
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Version 1.6.20beta03 [November 24, 2015]
Backported tests from libpng-1.7.0beta69.
Version 1.6.20rc01 [November 26, 2015]
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
Version 1.6.20rc02 [November 29, 2015]
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
Version 1.6.20 [December 3, 2015]
No changes.
use USE_TOOLS+= gm4:run instead of m4:run.
With our own m4 on NetBSD, the -d flag in the m4 invocation "eats"
the following -I<path> argument, so m4 won't find its own files,
and there may be other dependencies on GNU M4.
Bump PKGREVISION, since this is a bugfix.
Changes since 5.0:
* Fixed --autofix mode (it hadn't been enabled before)
* The --autofix mode now advertises itself when it can do something
* The --autofix mode now adds missing empty lines to patch files
(only in the leading text section, not in the actual patch content)
* Made --autofix code simpler ({prepend,append}{Before,After} was not
really needed)
* Fixed unit tests to report invalid command lines
* Added some more unit tests
Changes:
CHANGES IN CUPS V2.1.2
- Re-release of CUPS 2.1.1 as CUPS 2.1.2 due to error in tagging of the
2.1.1 release (pulled content from the 2.2.x tree instead)
CHANGES IN CUPS V2.1.1
- Security hardening fixes (<rdar://problem/23131948>,
<rdar://problem/23132108>, <rdar://problem/23132353>,
<rdar://problem/23132803>, <rdar://problem/23133230>,
<rdar://problem/23133393>, <rdar://problem/23133466>,
<rdar://problem/23133833>, <rdar://problem/23133998>,
<rdar://problem/23134228>, <rdar://problem/23134299>,
<rdar://problem/23134356>, <rdar://problem/23134415>,
<rdar://problem/23134506>, <rdar://problem/23135066>,
<rdar://problem/23135122>, <rdar://problem/23135207>,
<rdar://problem/23144290>, <rdar://problem/23144358>,
<rdar://problem/23144461>)
- The cupsGetPPD* functions did not work with IPP printers (STR #4725)
- Some older HP LaserJet printers need a delayed close when printing
using the libusb-based USB backend (STR #4549)
- The libusb-based USB backend did not unload the kernel usblp module
if it was preventing the backend from accessing the printer
(STR #4707)
- Current Primera printers were incorrectly reported as Fargo printers
(STR #4708)
- The IPP backend did not always handle jobs getting canceled at the
printer (<rdar://problem/22716820>)
- Scheduler logging change (STR #4728)
- Added USB quirk for Canon MP530 (STR #4730)
- The scheduler did not deliver job notifications for jobs submitted to
classes (STR #4733)
- Changing the printer-is-shared value for a remote queue did not
produce an error (STR #4738)
- The IPP backend incorrectly included the job-password attribute in
Validate-Job requests (<rdar://problem/23531939>)
- Updated localizations (STR #4709)
TLSH is a fuzzy matching library. Given a byte stream with a minimum
length of 256 bytes (and a minimum amount of randomness - see note
in Python extension below), TLSH generates a hash value which can
be used for similarity comparisons. Similar objects will have
similar hash values which allows for the detection of similar
objects by comparing their hash values. Note that the byte stream
should have a sufficient amount of complexity. For example, a byte
stream of identical bytes will not generate a hash value.
TLSH is a fuzzy matching library. Given a byte stream with a minimum
length of 256 bytes (and a minimum amount of randomness - see note
in Python extension below), TLSH generates a hash value which can
be used for similarity comparisons. Similar objects will have
similar hash values which allows for the detection of similar
objects by comparing their hash values. Note that the byte stream
should have a sufficient amount of complexity. For example, a byte
stream of identical bytes will not generate a hash value.
Fixed liblber remove obsolete assert (ITS-8240, ITS-8301)
Fixed libldap file URLs on windows (ITS-8273)
Fixed libldap microsecond timer for windows (ITS-8295)
Fixed slap tools minor one time memory leak (ITS-8082)
Fixed slapd to avoid redundant processing of abandon ops (ITS-8232)
Fixed slapd syncrepl segv when present list is NULL (ITS-8231, ITS-8042)
Fixed slapd segfault with invalid SASL URI (ITS-8218)
Fixed slapd configuration parser with unbalanced quotes (ITS-8233)
Fixed slapd syncrepl check with config db on windows (ITS-8277)
Fixed slapd with mod Increment and inherited attribute type (ITS-8289)
Fixed slapd-ldap SEGV after failed retry (ITS-8173)
Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS-8244)
Fixed slapd-null to have an option to return a search entry (ITS-8249)
Fixed slapd-relay to correctly handle quoted options (ITS-8284)
Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS-8281)
Fixed slapo-dds segfault when using slapo-memberof (ITS-8133)
Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS-8185)
Fixed slapo-ppolicy to release entry on failure (ITS-7537)
Fixed slapo-ppolicy to fall back to default policy if there is a parsing error (ITS-8234)
Fixed slapo-syncprov with interrupted refresh phase (ITS-8281)
Fixed slapo-refint with subtree renames (ITS-8220)
Fixed slapo-rwm missing olcDropUnrequested attribute (ITS-7889)
Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS-7964)
Build Environment
Fixed ldif-filter option parsing (ITS-8292)
Fixed slapd-tester EOL handling in test output for windows (ITS-8280)
Fixed slapd-tester executable suffix for windows (ITS-8216)
Fixed test061 timing issues (ITS-8297)
Contrib
Added libnettle support to pw-pbkdf2 (ITS-8198)
Fixed smbk5pwd compiler warnings with libnettle (ITS-8235)
Fixed passwd symbol collisions with other crypto libraries (ITS-8294)
Documentation
Updated guide to reflect changes to how TLS is handled with syncrepl
* Restore the old behaviour of MiniMagick::Image#respond_to? by looking
at mogrify -help and finding the method. This restores compatibilty
with CarrierWave.
== 1.8 / 2015-10-26
* 1 minor enhancement:
* Add an optional +alpha+ parameter to all #css_rgba calls. Thanks to Luke
Bennellick (@bennell) and Alexander Popov (@AlexWayfer) for independently
implemented submissions. Merged from #15.
* 2 minor bug fixes:
* Improve constant detection to prevent incorrectly identified name
collisions with various other libraries such as Azure deployment tools.
Based on work by Matthew Draper (@matthewd) in #24.
* Prevent Color.equivalent? comparisons from using non-Color types for
comparison. Fix provided by Benjamin Guest (@bguest) in #18.
* 1 governance change
* This project now has a {Code of Conduct}[Code-of-Conduct_rdoc.html]
1.3.5 - 2015-10-28
* Performance improvements for Canvas#crop! and ImageData.combine_chunks
* Update chunky_png/rmagick to work with the latest versions of RMagick.
* Bugfix in Color#from_hsl and Color#from_hsv when hue value is 360.
* Fix encoding issue in Datastream#to_blob
