Summary of changes since 2.5x
-----------------------------------
- spamd supports UNIX-domain sockets
- SSL support for spamc/spamd now usable
- improved Bayes text analysis
- improved expiration of Bayes-DB
- better detection of 'invisible text' and other obfuscation techniques
in HTML
- new RBL (eg SORBS, SpamCop, Osirusoft dropped)
- better handling of RBL timeouts
- support for Razor V1 dropped
- more flexible header and report rewriting
- Perl taint mode enabled by default
- bug fixes
- new rules
Major changes since 1.3.28:
Security vulnerabilities
* CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred if
one configured a regular expression with more than 9 captures.
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
and have been fixed in Apache 1.3.29:
* Within ap_bclose(), ap_pclosesocket() is now called
* consistently
for sockets and ap_pclosef() for files. Also, closesocket()
is used consistenly to close socket fd's. The previous
confusion between socket and file fd's would cause problems
with some applications now that we proactively close fd's to
prevent leakage.
* Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name.
* Prevent creation of subprocess Zombies when using CGI wrappers
such as suEXEC and cgiwrap.
Major changes since 2.8.15:
*) Upgraded to Apache 1.3.29
*) Avoid memory corruption in certificate handling caused by a heap
memory double-freeing situation.
*) Allow "HTTPS" variable to be passed through by suEXEC.
*) Clear the OpenSSL error code in pass phrase reading code to
workaround the following situation: multiple keys, all with
different passphrases -- entering the correct pass phrase at each
prompt leads to an OpenSSL error message after the last prompt.
*) Reverted the recent change where ap_cleanup_for_exec() called
ap_kill_alloc_shared(). This caused nasty side-effects in other
processes and is not necessary at all (because shared memory
segments are not inherited across exec).
*) mod_ssl was checking the OpenSSL error reason code against
SSL_R_HTTP_REQUEST and concluded the result is an SSL error. Since
OpenSSL reason codes are not unique, this isn't always the case.
It now additionally checks that the library is the SSL library.
Major changes since 1.3.28:
Security vulnerabilities
* CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred if
one configured a regular expression with more than 9 captures.
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
and have been fixed in Apache 1.3.29:
* Within ap_bclose(), ap_pclosesocket() is now called
* consistently
for sockets and ap_pclosef() for files. Also, closesocket()
is used consistenly to close socket fd's. The previous
confusion between socket and file fd's would cause problems
with some applications now that we proactively close fd's to
prevent leakage.
* Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name.
* Prevent creation of subprocess Zombies when using CGI wrappers
such as suEXEC and cgiwrap.
Changes:
- Added result window for output of editor commands.
- Fix application hang until external editor commands finish.
- utf8 fixes, filenames in application now stored as utf8.
- Fix copy/move overwrite auto rename option.
- File selection fixes.
- Fix crash when window dimensions result in hidden image.
- Memory leak fixes (several minor, two major).
Changes:
2.2.8:
* Fixed "inacccessible base" build errors with gcc 3.3.2. (Bradley Bell)
* win32: Re-enabled our wrappers for parts of the GTK+ API that are now properly
exported on Windows by GTK+. See README.win32 for more details. (Cedric Gustin
)
* Documentation:
- book:
-Updated DrawingArea chapter for gtkmm2 (the last chapter that needed to be
updated)
(Ainsley Pereira)
- Mentioned Treeviews with popup menus, with example. (Murray Cumming)
- The libglademm chapter has a clearer explanation of the memory management,
and
mentions the new get_widget_derived() method. (Murray Cumming)
- Distribute doxygen tags for use by the documentation of related projects.
(Bradley Bell)
- Build and install a devhelp file for the reference docs. This doesn't
work yet, but hopefully it's easy to fix. (roel@stack.be)
- added dependency on p5-File-MMagic if perl support enabled (for MMSG
support)
Changes:
- Fixed race condition between silc_client_init and my_silc_scheduler.
- Take reference of the socket in the parser context, as it's possible
to have the parsers in queue after the socket is disconnected and this
may cause crash.
- Check that packet queue purging was successful.
- Optimized the socket referencing in packet routines.
- Resolve the IP for file transfer listener from the connection socket.
- Added LISTKEYS command which can be used to list server and client
public keys from the ~./silc directory. See /HELP LISTKEYS.
- Improved the MMSG command. It now supports the target so it can be used
to send private messages too without opening a windows. It also
detects the MIME type now automatically. Support for digitally signing
the messages was also added. See /HELP MMSG, the help file is there
now. :) Replace the old silc-mime.pl script with the new one to take
advantage of all new features.
- Added /MMSG command help file.
This release focuses especially fixing the remaining MAC failed errors that
people have been experiencing and the infamous Error in select() error which
should now finally be gone. Upgrading is strongly recommended.
Changes:
- Fixed KICK command to not send the command reply twice.
- Fixed the QoS unregistering to avoid the errors in select() for invalid
socket connection.
- Fixed the rekey protocol timeout handling
- Fixed the packet processing to avoid clearing QoS data underneath the QoS.
apparently), so the checksum changed too. Fixes PR pkg/23333.
Also, I sent a mail to the author asking him to version his tarballs, so
we don't get that kind of trouble anymore.
o chmod -> ${CHMOD} in Makefile
o Actually, the PLIST update predates 2.7.0 release. Previous revision of
PLIST was wrong for the distfile of version 2.6.1. Also, previous
revision of distinfo had a wrong sum for the distfile since it was
updated. Bleh.
Change in 2.7.0:
o DVD case inside inserts are now supported, --create-dvd-inside option
