1.24.0 Preview

Post by **zoneminder** » Wed Jan 28, 2009 3:04 pm

Uploaded 2733 now!

o Fixed an issue on systems without the ffmpeg development headers and libraries installed where some bits that depended on it were not conditional compiled.

Post by **zoneminder** » Wed Jan 28, 2009 5:27 pm

Now 2734

o Fixed issue where editing control capabilities would fail to save changes between tabs.

tanderson · Post by **tanderson** » Fri Jan 30, 2009 3:26 pm

Have the security issues mentioned in http://www.securityfocus.com/archive/1/ ... 0/threaded been fixed for this version? I'm a distribution maintainer(gentoo) and currently the package is masked from our users because it has these critical security issues. Are these fixed in the new version? If so, could we have a backported patch for 1.23?

Thanks,
Thomas

Post by **zoneminder** » Fri Jan 30, 2009 5:47 pm

tanderson wrote:Have the security issues mentioned in http://www.securityfocus.com/archive/1/ ... 0/threaded been fixed for this version? I'm a distribution maintainer(gentoo) and currently the package is masked from our users because it has these critical security issues. Are these fixed in the new version? If so, could we have a backported patch for 1.23?

Thanks,
Thomas

Yes, they are fixed (AFAIK) in 1.24.0. I think I did a fix of all but the most trivial issues on 1.23.3 but I will have to check, it was certainly never released yet.

Post by **zoneminder** » Fri Jan 30, 2009 5:49 pm

Uploaded 2737.

o Altered order of tests in configure script so basic function checks are done before path gets built up by 3rd party library checks.
o Completed fix of control capability editing.

JackG · Post by **JackG** » Sat Jan 31, 2009 5:45 pm

zoneminder wrote:
tanderson wrote:Have the security issues mentioned in http://www.securityfocus.com/archive/1/ ... 0/threaded been fixed for this version? I'm a distribution maintainer(gentoo) and currently the package is masked from our users because it has these critical security issues. Are these fixed in the new version? If so, could we have a backported patch for 1.23?

Thanks,
Thomas
Yes, they are fixed (AFAIK) in 1.24.0. I think I did a fix of all but the most trivial issues on 1.23.3 but I will have to check, it was certainly never released yet.

I came here looking for the same answer, so I hope you'll post the results of your review.

-- Jack

Post by **zoneminder** » Sun Feb 01, 2009 8:31 pm

I don't really have access to whatever test software that exposed the vulnerabilities was so I can't really say 100% they are fixed until the reporters retest. For 1.24.x I rewrote nearly all the web code to eliminate my understanding of the errors, for 1.23.3 I have done the most changes (ie injection etc) but stuff that requires access to the source web pages has not necessarily been addressed.

Post by **zoneminder** » Wed Feb 04, 2009 3:13 pm

Updated to 2740.

o Should no longer moan about V4L2 cams that do not have a defined video standard
o Unconditionally or conditionally commented out V4L2 pix format defines that are not present in earlier kernels. There may be other ones from even earlier versions still to discover.
o Fixed issue with FireFox3 objecting to stream image resizing in mid stream.

Post by **zoneminder** » Mon Feb 09, 2009 9:52 pm

Please note that 1.24.0 is now out of beta and on general release. Therefore this thread is now more or less defunct. Please create a new thread for any issues you find (unless one already exists of course) and use this one only to follow up earlier posts.