http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be exploited
via symlink attacks to create or overwrite arbitrary files with the privileges
of the user running the affected script."
Bump to nb6.
* A serious problem with the French translation was corrected.
Changes 1.2.4:
* The File menu now includes a list of recent files.
* The "Generate Silence" effect now prompts for a length.
* Audacity is now built with Vorbis 1.1, which features better encoding quality
and file compression.
* Dragging sound files into the Audacity window now works on Mac OS X and Linux,
as well as Windows. (Before, it worked only on Windows.)
* Better support for certain audio devices on Mac OS X 10.4 "Tiger"
* The "View History" window can now discard old undo levels to save disk space
on Windows. (This previously worked only on Linux and Mac.)
* "Preferences" command is now in Edit menu.
* "Plot Spectrum" command is now in Analyze menu.
* Opening a project file saved by a later version of Audacity displays an
intelligent error message. Also, trying to import a project file (instead of
open it) displays an intelligent error message.
* Audacity now compiles in Visual C++ .NET 2003.
* Other minor bug fixes.
* New or updated translations: Arabic (ar), Czech (cs), Finnish (fi), Hungarian
(hu), Japanese (ja), Norwegian (nb), Slovenian (sl), Simplified Chinese
(zh_CN), Traditional Chinese (zh_TW).
- Recode support
- Isupport (005 numeric)
- Passive DCC support.
- Many memleak fixes.
- Network specific ignoring.
- Updated internal error handling.
- Complete 64bit support.
- Revised default aliases.
- Updated paste detection and settings.
- Tons of bugfixes.
- Other changes
The 'pre-install' hack from the pr is no longer needed after a fix from
jlam. Don't delete the patch-ae, which was removed in the pr.
Recode support won't work at the moment on NetBSD.
Bump the version for irssi-icb, due too the upgrade of irssi.
Changes to 1.38.4 released 17Jan06:
- The main changes are to the Director and the Storage daemon, thus there is no
need to update your File daemons. Just the same, I do recommend running with
the release 1.38.3 Win32 FD or later.
- Add two new queries to query.sql provided by Arno. One list volumes known to
the Storage device, and the other lists volumes possibly needing replacement
(error, ...).
- Add periodic (every 24 hours) garbage collection of memory pool by releasing
free buffers.
- Correct bug counting sized (for display only) in smartall.c
- Print FD mempool stats if debug > 0 rather than 5.
- Correct bug in alist.c that re-allocated the list if the number of items goes
to zero.
- Move the reservation system thread locking to the top level so that one job
at a time tries all possible drives before waiting.
- Implement a reservation 'fail' message queue that is built and destroyed on
each pass through the reservation system. These messages are displayed in a
'Jobs waiting to reserve a drive' list during a 'status storage='. Note,
multiple messages will generally print for each JobId because they represent
the different problems with either the same drive or different drives. If
this output proves too confusing of voluminous, I will display it only when
debug level 1 or greater is enabled in the SD.
- Add enable/disable job=<job-name>. This command prevents the specified job
from being scheduled. Even when disabled, the job can be manually started
from the console.
- During 'update slots' clear all InChanger flags where the StorageId is zero
(old Media records).
- Fix autochanger code to strip leading spaces from returned slots number.
Remove bc from chio-changer.
- Back port a bit of 1.39 crypto code to reduce diffs.
- Fix first call to autochanger that missed close()ing the drive. Put close()
just before each run_program(). Fixes Arno's changer bug.
- Add PoolId to Job record when updating it at job start time.
- Pull in more code from 1.39 so that there are fewer file differences (the new
ua_dotcmds.c, base64.h, crypto.h hmac.c jcr.c (dird and lib) lib.h md5.h
parse_conf.c util.c. Aside from ua_dotcmds.c these are mostly crypto upgrades.
- Implement new method of walking the jcr chain. The incr/dec of the use_count
is done within the walking routines. This should prevent a jcr from being
freed from under the walk routines.
0006509: [security] Port: Additional XSS Vulnerabilities in Filter (thraxisp)
0006557: [security] XSS Vulnerability in manage_user (TKADV2005-11-002) (thraxisp)
0006563: [security] Port XSS Vulnerability in project documents (TKADV2005-11-02) (thraxisp)
0006569: [security] XSS Vulnerability in saved queries (TKADV2005-11-002) (thraxisp)
0006594: [bugtracker] config_flush_cache does not work correctly (thraxisp)
0006585: [documentation] don't see the documentation (thraxisp)
0006501: [filters] Categories can't be selected for filter-setting (thraxisp)
* Added an OpenDocument exportes, and substantially updated the OpenDocument
importer
* Greatly improved the print quality of images (Unix)
* Fixed a substantial number of memory leaks
* Support for GNUstep.conf and relocation of the filesystem is much
improved in this release.
* The WM_QUIT message is now intercepted to allow an application to
terminate cleanly.
* NSMessagePort was implemented on Windows platforms.
* Deprecated support for system-wide GNUsteprc files has been
removed.
* Some support for keeping user defaults in the Windows registry
implemented.
The `GNUstep.conf' file is now viewed as the essential determination of
the install location for GNUstep libraries, tools and other files.
During configuration, this file is read, if it exists, to determine
this information. This can still be overriden with environment and
command line options, however. See the filesystem documentation in the
GNUstep Make Documentation directory for more information.
You no longer need to source GNUstep.sh in order to compile GNUstep
programs. All that is needed is the definition of GNUSTEP_MAKEFILES.
You should also have the GNUstep system tools directory in your path.
All netbsd systems are assumed to use ELF libraries. Support for the
old static libs version of netbsd was removed.
Serveral new options were added to configure to change the location
of basic dir locations and basic configuration files. Also, the help was
greatly improved. Note that -prefix=/usr/GNUstep/System no longer
works. Please use -prefix=/usr/GNUstep or
-with-system-root=/usr/GNUstep/System.
A few more fixes for cygwin are included as well as Windows resource
rules.
Support for ObjC++ has been added. You should list the ObjC++ .mm
files in the xxx_OBJCC_FILES variable, and put extra ObjC++ flags in
xxx_OBJCCFLAGS or ADDITIONAL_OBJCCFLAGS.
* Repeated [namespace import] of same command now permitted.
* ${prefix}/share added to ::tcl_pkgPath on some systems.
* [exec]'s >> redirection has improved append behavior.
* [info globals] returned only existing variables.
* Recognize some Solaris variations of the cp1251 encoding.
* Addressed [file mkdir] race condition.
* Support opening >2GB files on RHEL 3.
* Corrections to $argv formatting when [encoding system] is multibyte.
* http 2.5.2: Update URL encoding rules to RFC 3986.
* Fixed issue in recursive file delete with NFS lock files.
* Stopped crash after use of Tcl_TraceCommand().
* Win NT/XP: support unicode console.
* Improved support for Tclkit to set [encoding system].
* Added Korean timezone abbreviations.
* Windows: exit codes can now exceed -128..127 range.
* [load] support on LynxOS.
* Packages with incorrect index scripts now cause a warning to be logged.
*** POTENTIAL INCOMPATIBILITY ***
* [lsearch -regexp] now accepts backrefs in the RE.
* [selection get] made compatible with OpenOffice.org.
* Dialog support for widget names containing spaces.
* Improved Tk window manager event interaction on OS X Aqua.
Update Greek translation (Hellenic Linux Users Group).
Add German translation (po/de.po and mainwindow.cpp).
Destroy thread attribute object correctly (utils/thread.h and
utils/thread.cpp).
Use GtkSpinButton objects in the settings dialog where relevant
(settings.h, settings.cpp and settings_help.cpp).
Improve documentation/commenting of write_error() function
(mainwindow.cpp).
Update gettext tools to latest version (gettext-0.14.5)
(po/Makevars and po/Rules-quot).
Move typedef of InstanceMap into the Notifier class
(utils/notifier.h and utils/notifier.cpp).
Provide specific CFLAGS and CXXFLAGS specification in rpm spec
file (efax-gtk.spec.in and efax-gtk.spec).
* Gdk::Window::set_cursor():
Avoid leaking an extra Cursor instance.
* Build:
- Correctly find gmmproc on 64-bit systems.
- Optionally don't build the documentation, for
people in a hurry.
- Windows: Check for mkifofs().
- For reduced-resources devices, optionally allow deprecated
API to be left out of the library.
* Documentation:
- Generated Since and Deprecated lists of API.
- Improved Expander documentation.
- Corrections to DrawArea chapter in book.
