Changeset View
Changeset View
Standalone View
Standalone View
_posts/2014-11-04-news1114.md
- This file was added.
1 | --- | ||||
---|---|---|---|---|---|
2 | title: konversation 1.5.1 has been released! | ||||
3 | date: 2014-11-04 | ||||
4 | layout: post | ||||
5 | --- | ||||
6 | konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. The KDE Platform version dependency has increased to v4.9.0 to gain access to newer Qt socket transport security flags. | ||||
7 | | ||||
8 | Changes from 1.5 to 1.5.1: | ||||
9 | | ||||
10 | + Fixed a bug causing wildcards in command alias replacement patterns not to be expanded. | ||||
11 | + Fixed a bug causing auto-joining of channels not starting in # or & to sometimes fail because the auto-join command was generated before we got the CHANTYPES pronouncement by the server. | ||||
12 | + Added a size sanity check for incoming Blowfish ECB blocks. The blind assumption of incoming blocks being the expected 12 bytes could lead to a crash or up to 11 byte information leak due to an out-of-bounds read. This fixes CVE-2014-8483. | ||||
13 | + Enabling SSL/TLS support for connections will now advertise the protocols Qt considers secure by default, instead of being hardcoded to TLSv1. | ||||
14 | + Fixed the bundled 'sysinfo' script not coping with empty lines in /etc/os-release. | ||||
15 | + Made disk space info in the bundled 'sysinfo' script more robust by forcing the C locale for 'df'. | ||||
16 | + Added an audio player type hint for Cantata to the bundled 'media' script. | ||||
17 | + Fixed some minor comparison logic errors turned up by static analysis. | ||||
18 | + Konversation now depends on KDE Platform v4.9.0 or higher. | ||||
19 | | ||||
20 | | ||||
21 | |