New features
* Support for reading MIT database file directly
* KCM is polished up and now used in production
* NTLM first class citizen, credentials stored in KCM
* Table driven ASN.1 compiler, smaller!, not enabled by default
* Native Windows client support
Notes
* Disabled write support NDBM hdb backend (read still in there) since
it can't handle large records, please migrate to a diffrent backend
(like BDB4)
Changes 1.3.3:
Bug fixes
* Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
* Check NULL pointers before dereference them [kdc]
Changes 1.3.2:
Bug fixes
* Don't mix length when clearing hmac (could memset too much)
* More paranoid underrun checking when decrypting packets
* Check the password change requests and refuse to answer empty packets
* Build on OpenSolaris
* Renumber AD-SIGNED-TICKET since it was stolen from US
* Don't cache /dev/*random file descriptor, it doesn't get unloaded
* Make C++ safe
* Misc warnings
Kyua (pronounced Q.A.) is a testing framework for both developers and
users. Kyua is different from most other testing frameworks in that it
puts the end user experience before anything else. There are multiple
reasons for users to run the tests themselves, and Kyua ensures that
they can do so in the most convenient way.
At the moment, Kyua is focused on implementing a solid foundation and a
powerful command-line tool to run tests implemented with the Automated
Testing Framework (ATF). Later on, Kyua will also provide a set of
language bindings (C, C++ and shell, at the least) to ease the
implementation of test cases in a variety of programming languages.
In effect, Kyua is intended to be a replacement for ATF.
* Fix segfault when typing invalid oid number
Changes 0.4.2:
* Fix spurious autoscrolling
Changes 0.4.1:
* Code cleanup, get rid of some deprecated components
* Support saving of window size
* Support more oid types/input conventions
Changes 0.4.0:
* New maintainer
* Upgrade to gtk2
* Improve autodetection of oid type (now supports unsigned, etc.)
* Handle gui events while performing long tasks
* Put scrollbars on the right side
* Make output wrapping configurable
* Fix a bug causing PRAGMA case_sensitive_like statements compiled using
sqlite3_prepare() to fail with an SQLITE_SCHEMA error.
Changes 3.7.7:
* Add support for URI filenames
* Add the sqlite3_vtab_config() interface in support of ON CONFLICT clauses
with virtual tables.
* Add the xSavepoint, xRelease and xRollbackTo methods in virtual tables in
support of SAVEPOINT for virtual tables.
* Update the built-in FTS3/FTS4 and RTREE virtual tables to support ON CONFLICT
clauses and REPLACE.
* Avoid unnecessary reparsing of the database schema.
* Added support for the FTS4 prefix option and the FTS4 order option.
* Allow WAL-mode databases to be opened read-only as long as there is an
existing read/write connection.
* Added support for short filenames.
* CMake configuration support on Linux now provides a boolean ENABLE_GCOV
option to control whether to include support for gcov.
* InnoDB now permits concurrent reads while creating a secondary index.
* Client programs now display more information for SSL errors to aid in
diagnosis and debugging of connection problems.
* In the audit plugin interface, the event_class member was removed from the
mysql_event_general structure and the calling sequence for the notification
function changed. Originally, the second argument was a pointer to the event
structure. The function now receives this information as two arguments: an
event class number and a pointer to the event. Corresponding to these
changes, MYSQL_AUDIT_INTERFACE_VERSION was increased to 0x0300.
* The plugin_audit.h header file, and the NULL_AUDIT example plugin in the
plugin/audit_null directory have been modified per these changes. See
Section 21.2.4.7, “Writing Audit Plugins”.
* Bug fixes.
Summary of selected changes in 1.17
Selected changes since MediaWiki 1.16 that may be of interest:
A new installer has been introduced. It has a wizard-style interface which is translated into many languages. Many shortcomings in the old installer were addressed with this rewrite. Note that it is no longer required for the config directory to be made writable by the webserver. Instead the generated LocalSettings.php file is offered as a download, which you must then upload to the wiki's base directory.
ResourceLoader, a new framework for delivering client-side resources such as JavaScript and CSS, has been introduced. These resources are now delivered through the new entry point script "load.php", instead of as static files served directly by the web server. This allows minification, compression and client-side caching to be used more effectively, which should provide a net performance improvement for most users.
Category sorting has been improved.
Sorting is now case insensitive.
Sub-categories, pages and files can now be paged separately.
When several pages are given the same sort key, they sort by their names instead of randomly.
The lowest supported version of PHP is now 5.2.3. If necessary, please upgrade PHP prior to upgrading MediaWiki.
Summary of selected changes in 1.16
Selected changes since MediaWiki 1.15 that may be of interest:
Watchlists now have RSS/Atom feeds. RSS feeds generally are now hidden, since Atom is a better protocol and is supported by virtually all clients.
It's now possible to block users from sending email via Special:Emailuser.
The maintenance script system was overhauled. Most maintenance scripts now have a useful help page when you run them with --help.
AdminSettings.php is no longer required in order to run maintenance scripts. You can just set $wgDBadminuser and $wgDBadminpassword in your LocalSettings.php instead.
The preferences system was overhauled. Preferences are stored in a more compact format. Changes to site default preferences will automatically affect all users who have not chosen a different preference.
Support for SQLite was improved. Some broken features were fixed, and it now has an efficient full-text search.
The user groups ACL system was improved by allowing rights to be revoked, instead of just granted.
A new localisation caching system was introduced, which will make MediaWiki faster for almost everyone, especially when lots of extensions are enabled.
By default, this new system makes a lot of database queries. If your database is particularly slow, or if your system administrator limits your query count, or if you want to squeeze as much performance as possible out of Mediawiki, set $wgCacheDirectory to a writable path on the local filesystem. Make sure you have the DBA extension for PHP installed, this will improve performance further.
* userlist: New plugin, lets admins see a list of users and their info.
* aggregate: Improve checking for too long aggregated filenames.
* Updated to jQuery 1.6.1.
* attachment: Speed up multiple file uploads by storing uploaded files
in a staging area until the page is saved/previewed, rather than
refreshing the site after each upload.
(Sponsored by The TOVA Company.)
* attachment: Files can be dragged into the edit page to upload them.
Multiple file batch upload support. Upload progress bars.
AJAX special effects. Impemented using the jQuery-File-Upload widget.
(If you don't have javascript don't worry, I kept that working too.)
(Sponsored by The TOVA Company.)
* Add libtext-multimarkdown-perl to Suggests. Closes: #630705
* headinganchors: Plugin by Paul Wise that adds ids to <hn> headings.
* html5 is not experimental anymore. But not the default either, quite yet.
* Support svg as a inlinable image type; svg images can be included on a
page by simply linking to them, or by using the img directive.
Note that sanitizing svg files is still not addressed.
* img: Generate png format thumbnails for svg images.
* Preserve mixed case in page creation links, and when creating a page
whose title is mixed case, allow selecting between the mixed case and
all lower-case names.
* Fix ikiwiki-update-wikilist -r to actually work.
* comments: collect metadata in a scan-phase preprocess hook, which
fixes sorting comments by date. (smcv)
* Run scan hooks for internal pages (preprocess hooks already run in scan
mode) (smcv)
* inline: Handle obfuscated urls, such as the mailto urls generated by
markdown when forcing urls absolute.
* Bugfix for wikilink containing an email address not showing up in
brokenlinks list.
* Bugfix for trying to attach files to a subpage of the index page.
Updating this leaf package during the freeze for bugfix purposes.
While here,
* Exactly enable/disable PCRE support with package option, enabled by default.
* Add workaround patches for PR#44275, sizeof(time_t) > sizeof(unsigned long).
Changes to the Cyrus IMAP Server since 2.4.9
* fixed handling of unparsable emails during append (which would
cause invalid cyrus.index records otherwise)
* quota: fix a pile of bugs. #1801, virtdomain support; #2728, slow
user delete; #3178, "file name too long" with big mailbox names;
#3179, quota -f doubles usage.
* Bug #3043 - parse multiple groups in headers correctly
* Bug #3158 - lmtp backend connection timeout
* Bug #3223 - limit MIME parsing depth to avoid stack overflows
* Bug #3273 - add SORT=DISPLAY support (but note: still questions
about correctness of unicode sorting)
* Bug #3504 - convert all sieve scripts to \r\n line endings on
upload
* Bug #3402 - options to munge 8bit characters in headers during lmtp
delivery to avoid backscatter
* sync_client: fix broken keepalive TCP options (I doubt anyone ever
tried to use it)
* Bug #3482 - add "-o" option to ipurge to only purge messages with
\Deleted flag set
The package name was selected as:
- Make sure to greater version from bind-9.6.3.
- Include "ESV" (Extended Support Version) string.
Since changes from BIND 9.6.3 are too may, please refer changes in detail:
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html
--- 9.7.3-P3 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.7.3-P2 released (withdrawn) ---
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
Introduction
BIND 9.8.0-P4 is security patch for BIND 9.8.0.
Please see the CHANGES file in the source code release for a complete
list of all changes.
--- 9.8.0-P4 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.8.0-P3 released (withdrawn) ---
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #23766]
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #2445]
---
Release messages:
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.1.1.
This release fixes a number of bugs and introduces some enhancements,
including exchange to exchange bindings and some performance improvements,
in the server and clients.
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.2.0.
This release fixes a number of bugs and introduces some enhancements,
including automatic upgrades of non-clustered brokers, per-queue message
TTLs and significantly reduced memory usage for pending acknowledgements.
Perfectly timed one day before the start of the year of the Rabbit,
the RabbitMQ team is pleased to announce the release of RabbitMQ 2.3.0.
This release fixes a number of bugs and introduces some enhancements,
including streaming publish confirmations, new plugin mechanisms for
authentication and authorisation, and a great deal more.
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.3.1.
This release fixes a small number of bugs, in particular one serious bug
in 2.3.0 which could lead to queue processes crashing.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.4.0.
This release fixes a number of bugs and introduces some enhancements,
including fast routing for topic exchanges, sender-selected distribution
and server-side consumer cancellation notifications.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.4.1.
This release fixes a number of bugs, in particular one bug in 2.4.0 that
would break upgrades if durable queues were present. A notable enhancement
included in this release are cluster upgrades.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.5.0.
This release fixes a number of bugs. In particular:
recovery has been simplified, improving startup times when many exchanges
or bindings exist
bindings are recovered between durable queues and non-durable exchanges
on restart of individual cluster nodes
better performance under high load and memory pressure
source compatibility with the new Erlang R14B03 release
New features include:
tracing facility for debugging incoming and outgoing messages, (see firehose)
improved inbound network performance
improved routing performance
new rabbitmqctl commands ('report', 'environment', and 'cluster_status')
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.5.1.
This release correctly upgrades from RabbitMQ 2.1.1 and 2.2.0.
There are no other changes compared with 2.5.0.
Asterisk Project Security Advisory - AST-2011-011
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Possible enumeration of SIP users due to |
| | differing authentication responses |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Unauthorized data disclosure |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|--------------------+---------------------------------------------------|
| Severity | Moderate |
|--------------------+---------------------------------------------------|
| Exploits Known | No |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2011-2536 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | Asterisk may respond differently to SIP requests from an |
| | invalid SIP user than it does to a user configured on |
| | the system, even when the alwaysauthreject option is set |
| | in the configuration. This can leak information about |
| | what SIP users are valid on the Asterisk system. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Respond to SIP requests from invalid and valid SIP users |
| | in the same way. Asterisk 1.4 and 1.6.2 do not respond |
| | identically by default due to backward-compatibility |
| | reasons, and must have alwaysauthreject=yes set in |
| | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes. |
| | |
| | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4 |
| | and 1.6.2 set alwaysauthreject=yes in the general section |
| | of sip.conf. |
+------------------------------------------------------------------------+
Please note that Asterisk 1.6.2.19 is the final maintenance release
from the 1.6.2 branch. Support for security related issues will
continue until April 21, 2012. For more information about support
of the various Asterisk branches, see
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
The release of Asterisk 1.6.2.19 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Don't broadcast FullyBooted to every AMI connection
The FullyBooted event should not be sent to every AMI connection
every time someone connects via AMI. It should only be sent to
the user who just connected.
(Closes issue #18168. Reported, patched by FeyFre)
* Fix thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
Freddi_Fonet. Patched by dvossel)
* Don't delay DTMF in core bridge while listening for DTMF features.
(Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
globalnetinc, jde. Patched by oej, twilson)
* Fix chan_local crashs in local_fixup()
Thanks OEJ for tracking down the issue and submitting the patch.
(Closes issue #19053. Reported, patched by oej)
* Don't offer video to directmedia callee unless caller offered it as well
(Closes issue #19195. Reported, patched by one47)
Additionally security announcements AST-2011-008, AST-2011-010, and
AST-2011-011 have been resolved in this release.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19
