notable changes:
- workaround for XML POST issues with authgroups (full fix in a future
release, but this interim release has been made to avoid an ABI break)
- fix potential memory corruption which could be triggered by a malicious server
you want a RADIUS server...
Note that radiusd-cistron will also hit the Attic unless someone still
uses it, since its homepage also states that it's now unmaintained and
one should use freeradius instead :)
while traversing inpt_queue. Fix botch in previous commit by
initializing next and prev once each, rather than prev twice and next
not at all. Eliminate 'skip:' and use 'continue' instead, since code
after 'skip:' was pointless. Nuke now unused variable 'head'.
* please refer to http://activemq.apache.org/activemq-590-release.html for an overview of new features/
bugfixes, including the new hawtio console.
if you updated permissions in jetty-realm.properties, apply the same in users.properties for the
new hawtio console (<hostname>:8161/hawtio/) !
Tor 0.2.4.20 fixes potentially poor random number generation for users
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
and 4) have no state file in their DataDirectory (as would happen on
first start). Users who generated relay or hidden service identity
keys in such a situation should discard them and generate new ones.
(no CVE assigned yet)
share/config.kcfg/ to share/config.kcfg.kde3/. Tested on i386, including
run-time tests (not for all apps, though).
After this commit, there are only two conflicting files in kdelibs 3.x and
4.x packages left - to be solved soon.
spurring from espie@
CVE-2013-7106, CVE-2013-7107 https://dev.icinga.org/issues/5250
The icinga web gui is susceptible to several buffer overflow flaws,
which can be triggered as a logged on user. A remote attacker may
utilize a CSRF (cross site request forgery) attack vector against a
logged in user to exploit this flaw remotely.
CVE-2013-7108 https://dev.icinga.org/issues/5251
The icinga web gui are susceptible to an "off-by-one read" error
resulting from an improper assumption in the handling of user submitted
CGI parameters. [..] by sending a specially crafted cgi parameter,
the check routine can be forced to skip the terminating null pointer
and read the heap address right after the end of the parameter list.
Depending on the memory layout, this may result in a memory corruption
condition/crash or reading of sensitive memory locations.
Changelog:
* Fix for quote marks in private messages (thanks @jnm)
* -dontautoreply is a comma-separated list of names you don't want to
auto-reply to. Useful for users you don't want to interact with by mistake
Special thanks to Bhagya Bantwal of Sourcefire for a patch to fix
crashes on sparc64 on first alert.
Tested on sparc64 by Markus; tested on amd64, i386, and macppc by me.
It is currently used in Amarok 2 and Clementine to retrieve a
directory of podcasts and to synchronize podcast subscriptions with
gpodder.net.
This is a dependency for upcoming Clementine 1.2 update.
Input from and okay nigel@
In this release, four "fat" packages were split:
* kdeadmin
* kdenetwork
* kdesdk
* kdetoys
To make updates reliable, we provide corresponding meta-packages now.
Many new patches in x11/kde4 correspond to the linking problems detected.
Those are planned to integrate upstream but probably we'll have to keep
some of them until KDE 5.
For information about major KDE 4.11 features, look at the official site:
http://www.kde.org/announcements/4.11/
Kopete Jingle support is disabled for now, until googletalk-call gets
cured from permanent coredumping.
This update involved a lot of help and patience for my mistakes from
many people, including ajacoutot@, espie@, naddy@... but most of the
times this was landry@ who definitely deserves personal "thank you"!
