X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=docs%2FNEWS;h=5effdcc2d099cc57538318c77c99e949929e9ad3;hb=d68819ff6dba074f1c5fac5fadd52fcfe154de24;hp=c87d3beb18145e050a4308fb916c34fd3a57492e;hpb=c2e9baad40936cf4b577fb3bee92d7e12b599266;p=catta diff --git a/docs/NEWS b/docs/NEWS index c87d3be..5effdcc 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -1,3 +1,59 @@ +Avahi 0.6.10 +============ + +This is mostly a bugfix release. Two of the bugs fixed are security +sensitive: a remote denial-of-service vulnerability and a buffer +overflow that can allow local users to become the 'avahi' user. We do +not consider either of them major security threats. + +The DoS vulnerability can be exploited from a local network only. It +is not worth much, though, since mDNS can easily be flooded with +nonsense anyway. It is easy to kick remote mDNS/DNS-SD services by +provoking a name conflict in perfect accordance with the specs. + +The buffer overflow is hard to exploit remotely, only local users can +become the 'avahi' user. In addition the user is trapped inside a +chroot() environment (at least on Linux). + +Anyhow, our security assessments are possibly as buggy as our +code. Hence: + + *** PLEASE UPDATE YOUR INSTALLATION ASAP! *** + +Changes: + * Fix a buffer overflow in avahi-core + * Refuse to process invalid UTF8 data + * Automatically reconnect to the DBUS if we're kicked. (Works only if + chroot() is disabled) + * Don't hit an assert() in the client libs when the Avahi daemon is + terminated + * Enumerate all service types in the database in the Service + Discovery Applet for Gnome + * Improve the Bonjour compatibility layer to make it survive + GnomeMeeting's broken usage + * Deal properly with local non-ASCII hostnames + * AMD64 and FreeBSD portability fixes + * Filter double DNS server entries in avahi-dnsconfd + * Fix a locking bug in avahi-sharp's EntryGroup.AddService() + * Ported to Solaris (incomplete) + * Add _airport._tcp to our service type database + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8 and 0.6.9. + +Avahi 0.6.9 +=========== + +This release fixes some bugs and includes minor enhancements. + + * Don't allow registration of address records with invalid host names + * Clean up argument validity checking for AvahiHostNameResolver and + AvahiAddressResolver + * Fix Avahi builds without DBUS + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7 and 0.6.8. + Avahi 0.6.8 =========== @@ -27,7 +83,7 @@ This release fixes some bugs and adds a few new features * Improved Slackware and Fedora suppport This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, -0.6.3, 0.6.4, 0.6.5 and 0.6.6 +0.6.3, 0.6.4, 0.6.5 and 0.6.6. Avahi 0.6.6 =========== @@ -46,7 +102,7 @@ This release fixes some bugs and includes some documentation updates existing service This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, -0.6.3, 0.6.4 and 0.6.5 +0.6.3, 0.6.4 and 0.6.5. Avahi 0.6.5 ===========