Changeset View
Changeset View
Standalone View
Standalone View
_posts/2014-11-04-news1114.md
- This file was added.
| 1 | --- | ||||
|---|---|---|---|---|---|
| 2 | title: konversation 1.5.1 has been released! | ||||
| 3 | date: 2014-11-04 | ||||
| 4 | layout: post | ||||
| 5 | --- | ||||
| 6 | konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. The KDE Platform version dependency has increased to v4.9.0 to gain access to newer Qt socket transport security flags. | ||||
| 7 | | ||||
| 8 | Changes from 1.5 to 1.5.1: | ||||
| 9 | | ||||
| 10 | + Fixed a bug causing wildcards in command alias replacement patterns not to be expanded. | ||||
| 11 | + Fixed a bug causing auto-joining of channels not starting in # or & to sometimes fail because the auto-join command was generated before we got the CHANTYPES pronouncement by the server. | ||||
| 12 | + Added a size sanity check for incoming Blowfish ECB blocks. The blind assumption of incoming blocks being the expected 12 bytes could lead to a crash or up to 11 byte information leak due to an out-of-bounds read. This fixes CVE-2014-8483. | ||||
| 13 | + Enabling SSL/TLS support for connections will now advertise the protocols Qt considers secure by default, instead of being hardcoded to TLSv1. | ||||
| 14 | + Fixed the bundled 'sysinfo' script not coping with empty lines in /etc/os-release. | ||||
| 15 | + Made disk space info in the bundled 'sysinfo' script more robust by forcing the C locale for 'df'. | ||||
| 16 | + Added an audio player type hint for Cantata to the bundled 'media' script. | ||||
| 17 | + Fixed some minor comparison logic errors turned up by static analysis. | ||||
| 18 | + Konversation now depends on KDE Platform v4.9.0 or higher. | ||||
| 19 | | ||||
| 20 | | ||||
| 21 | | ||||