X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=docs%2FNEWS;h=5effdcc2d099cc57538318c77c99e949929e9ad3;hb=331616bd807e632bec117e78f257e8ec99ef0ba5;hp=1cd04a5a0b40507309ce416054ebf2c00f488a5c;hpb=14b8e77f72911a2e33312a1a9860d5c2672992b6;p=catta diff --git a/docs/NEWS b/docs/NEWS index 1cd04a5..5effdcc 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -1,3 +1,189 @@ +Avahi 0.6.10 +============ + +This is mostly a bugfix release. Two of the bugs fixed are security +sensitive: a remote denial-of-service vulnerability and a buffer +overflow that can allow local users to become the 'avahi' user. We do +not consider either of them major security threats. + +The DoS vulnerability can be exploited from a local network only. It +is not worth much, though, since mDNS can easily be flooded with +nonsense anyway. It is easy to kick remote mDNS/DNS-SD services by +provoking a name conflict in perfect accordance with the specs. + +The buffer overflow is hard to exploit remotely, only local users can +become the 'avahi' user. In addition the user is trapped inside a +chroot() environment (at least on Linux). + +Anyhow, our security assessments are possibly as buggy as our +code. Hence: + + *** PLEASE UPDATE YOUR INSTALLATION ASAP! *** + +Changes: + * Fix a buffer overflow in avahi-core + * Refuse to process invalid UTF8 data + * Automatically reconnect to the DBUS if we're kicked. (Works only if + chroot() is disabled) + * Don't hit an assert() in the client libs when the Avahi daemon is + terminated + * Enumerate all service types in the database in the Service + Discovery Applet for Gnome + * Improve the Bonjour compatibility layer to make it survive + GnomeMeeting's broken usage + * Deal properly with local non-ASCII hostnames + * AMD64 and FreeBSD portability fixes + * Filter double DNS server entries in avahi-dnsconfd + * Fix a locking bug in avahi-sharp's EntryGroup.AddService() + * Ported to Solaris (incomplete) + * Add _airport._tcp to our service type database + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8 and 0.6.9. + +Avahi 0.6.9 +=========== + +This release fixes some bugs and includes minor enhancements. + + * Don't allow registration of address records with invalid host names + * Clean up argument validity checking for AvahiHostNameResolver and + AvahiAddressResolver + * Fix Avahi builds without DBUS + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7 and 0.6.8. + +Avahi 0.6.8 +=========== + +This release fixes some bugs and adds a few new features. Users of 0.6.7, +please update ASAP! + + * Fix broken parsing of static hosts file + * Improve out-of-the-box Debian support + * Add configuration option to allow mDNS over POINTOPOINT links. + This is a potential security hole and YMMV. See man page for details. + * Create $(localstatedir)/run on installation + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6 and 0.6.7. + +Avahi 0.6.7 +=========== + +This release fixes some bugs and adds a few new features + + * Add static hosts name mappings + * Work around kernel bugs regarding multicast group membership + * ia64 portability fixes + * Don't require X11 to run avahi-bookmarks + * API: Return AVAHI_ERR_IS_EMPTY when the user tries to commit an + empty entry group. + * Improved Slackware and Fedora suppport + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5 and 0.6.6. + +Avahi 0.6.6 +=========== + +This release fixes some bugs and includes some documentation updates + + * Add a bunch of new types to the service type database + * Return errors of avahi_entry_group_commit() properly + * Many doxygen documentation improvements + * Fix destruction of AvahiEntryGroup objects using + avahi_entry_group_free(). + * Don't allow commiting of empty entry groups + * Use a little less memory in avahi-qt + * Don't accept empty TXT strings + * Update example "client-publish-service.c" to show how to modify an + existing service + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4 and 0.6.5. + +Avahi 0.6.5 +=========== + +This release fixes some bugs and adds a new API function. + + * avahi-browse: properly show services that are removed from the + network + * fix build on bi-arch platforms, on GNU/kFreeBSD, on MIPS and + for non-DBUS builds + * add new API function avahi_nss_support() and DBUS function + IsNSSSupportAvailable() which may be used to detect whether + libc's gethostbyname() supports mDNS domain names. + * patch avahi-bookmarks to make use of + IsNSSSupportAvailable(). avahi-bookmarks will now generate links + with real hostnames instead of numeric IP addresses if mDNS support + is detected for gethostbyname(). + * add init script for Mandriva Linux + * speed up avahi_client_free() + * man page updates + * install missing header thread-watch.h + * fix avahi-bookmarks to work with certain twisted versions + * fix record updating + * Use pkg-config's Requires.private directive where it makes sense + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3 and 0.6.4. + +Avahi 0.6.4 +=========== + +This is a bugfix release and adds a new event loop implementation to +avahi-common's public interface. + + * avahi-common: add new AvahiThreadedPool event loop implementation + * avahi-sharp: compatibility with newer mono versions + * avahi-publish-service: don't ignore the port number specified + * avahi-sharp: correct some flags definitions + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2 and +0.6.3. + +A quick introduction how to use the new AvahiThreadedPool interface is +available in our Wiki: + + http://avahi.org/wiki/RunningAvahiClientAsThread + +Avahi 0.6.3 +=========== + +This is a bugfix release. Everyone should update ASAP! + + * avahi-sharp: make sure to append a trailing NUL byte to all C strings + * avahi-core: fix a double free() which occurs when wide area lookups timeout + +This release is fully compatible with Avahi 0.6, 0.6.1 and 0.6.2. + +Avahi 0.6.2 +=========== + +This is mostly a bugfix release. + + * Compatibility with DBUS 0.60 (Full compatibility with DBUS 0.3x and + 0.5 is retained) + * Fix introspection for some auxiliary DBUS objects + * Miscellaneous documentation updates + * Improve Autoconf support for detecting PTHREADS library + * Fix avahi-publish --help + * Workaround a DBUS limitation which might cause Avahi to die when a + user sends an empty TXT entry over DBUS + * Increase number of resolver/browser objects a DBUS client may create + * Remove fprintf() call in avahi_client_new() + * Other minor fixes + +This release is both up and downwards compatible with Avahi 0.6 and 0.6.1. + +Avahi now has its own Domain (http://avahi.org) and a new Website! + +And, most importantly, we now have a Logo: + http://avahi.org/chrome/site/avahi-trac.png + Avahi 0.6.1 ===========