X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=docs%2FNEWS;h=5effdcc2d099cc57538318c77c99e949929e9ad3;hb=d68819ff6dba074f1c5fac5fadd52fcfe154de24;hp=a67391f9d1ce28f5a135af9d83bde0acde234c0f;hpb=9693638f576929c51eb48cc692f9008b4aed7901;p=catta diff --git a/docs/NEWS b/docs/NEWS index a67391f..5effdcc 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -1,3 +1,136 @@ +Avahi 0.6.10 +============ + +This is mostly a bugfix release. Two of the bugs fixed are security +sensitive: a remote denial-of-service vulnerability and a buffer +overflow that can allow local users to become the 'avahi' user. We do +not consider either of them major security threats. + +The DoS vulnerability can be exploited from a local network only. It +is not worth much, though, since mDNS can easily be flooded with +nonsense anyway. It is easy to kick remote mDNS/DNS-SD services by +provoking a name conflict in perfect accordance with the specs. + +The buffer overflow is hard to exploit remotely, only local users can +become the 'avahi' user. In addition the user is trapped inside a +chroot() environment (at least on Linux). + +Anyhow, our security assessments are possibly as buggy as our +code. Hence: + + *** PLEASE UPDATE YOUR INSTALLATION ASAP! *** + +Changes: + * Fix a buffer overflow in avahi-core + * Refuse to process invalid UTF8 data + * Automatically reconnect to the DBUS if we're kicked. (Works only if + chroot() is disabled) + * Don't hit an assert() in the client libs when the Avahi daemon is + terminated + * Enumerate all service types in the database in the Service + Discovery Applet for Gnome + * Improve the Bonjour compatibility layer to make it survive + GnomeMeeting's broken usage + * Deal properly with local non-ASCII hostnames + * AMD64 and FreeBSD portability fixes + * Filter double DNS server entries in avahi-dnsconfd + * Fix a locking bug in avahi-sharp's EntryGroup.AddService() + * Ported to Solaris (incomplete) + * Add _airport._tcp to our service type database + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8 and 0.6.9. + +Avahi 0.6.9 +=========== + +This release fixes some bugs and includes minor enhancements. + + * Don't allow registration of address records with invalid host names + * Clean up argument validity checking for AvahiHostNameResolver and + AvahiAddressResolver + * Fix Avahi builds without DBUS + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7 and 0.6.8. + +Avahi 0.6.8 +=========== + +This release fixes some bugs and adds a few new features. Users of 0.6.7, +please update ASAP! + + * Fix broken parsing of static hosts file + * Improve out-of-the-box Debian support + * Add configuration option to allow mDNS over POINTOPOINT links. + This is a potential security hole and YMMV. See man page for details. + * Create $(localstatedir)/run on installation + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6 and 0.6.7. + +Avahi 0.6.7 +=========== + +This release fixes some bugs and adds a few new features + + * Add static hosts name mappings + * Work around kernel bugs regarding multicast group membership + * ia64 portability fixes + * Don't require X11 to run avahi-bookmarks + * API: Return AVAHI_ERR_IS_EMPTY when the user tries to commit an + empty entry group. + * Improved Slackware and Fedora suppport + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5 and 0.6.6. + +Avahi 0.6.6 +=========== + +This release fixes some bugs and includes some documentation updates + + * Add a bunch of new types to the service type database + * Return errors of avahi_entry_group_commit() properly + * Many doxygen documentation improvements + * Fix destruction of AvahiEntryGroup objects using + avahi_entry_group_free(). + * Don't allow commiting of empty entry groups + * Use a little less memory in avahi-qt + * Don't accept empty TXT strings + * Update example "client-publish-service.c" to show how to modify an + existing service + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4 and 0.6.5. + +Avahi 0.6.5 +=========== + +This release fixes some bugs and adds a new API function. + + * avahi-browse: properly show services that are removed from the + network + * fix build on bi-arch platforms, on GNU/kFreeBSD, on MIPS and + for non-DBUS builds + * add new API function avahi_nss_support() and DBUS function + IsNSSSupportAvailable() which may be used to detect whether + libc's gethostbyname() supports mDNS domain names. + * patch avahi-bookmarks to make use of + IsNSSSupportAvailable(). avahi-bookmarks will now generate links + with real hostnames instead of numeric IP addresses if mDNS support + is detected for gethostbyname(). + * add init script for Mandriva Linux + * speed up avahi_client_free() + * man page updates + * install missing header thread-watch.h + * fix avahi-bookmarks to work with certain twisted versions + * fix record updating + * Use pkg-config's Requires.private directive where it makes sense + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3 and 0.6.4. + Avahi 0.6.4 ===========