Page 3 of 3
Posted: Wed Jan 28, 2009 3:04 pm
by zoneminder
Uploaded 2733 now!
o Fixed an issue on systems without the ffmpeg development headers and libraries installed where some bits that depended on it were not conditional compiled.
Posted: Wed Jan 28, 2009 5:27 pm
by zoneminder
Now 2734
o Fixed issue where editing control capabilities would fail to save changes between tabs.
Posted: Fri Jan 30, 2009 3:26 pm
by tanderson
Have the security issues mentioned in
http://www.securityfocus.com/archive/1/ ... 0/threaded been fixed for this version? I'm a distribution maintainer(gentoo) and currently the package is masked from our users because it has these critical security issues. Are these fixed in the new version? If so, could we have a backported patch for 1.23?
Thanks,
Thomas
Posted: Fri Jan 30, 2009 5:47 pm
by zoneminder
tanderson wrote:Have the security issues mentioned in
http://www.securityfocus.com/archive/1/ ... 0/threaded been fixed for this version? I'm a distribution maintainer(gentoo) and currently the package is masked from our users because it has these critical security issues. Are these fixed in the new version? If so, could we have a backported patch for 1.23?
Thanks,
Thomas
Yes, they are fixed (AFAIK) in 1.24.0. I think I did a fix of all but the most trivial issues on 1.23.3 but I will have to check, it was certainly never released yet.
Posted: Fri Jan 30, 2009 5:49 pm
by zoneminder
Uploaded 2737.
o Altered order of tests in configure script so basic function checks are done before path gets built up by 3rd party library checks.
o Completed fix of control capability editing.
Posted: Sat Jan 31, 2009 5:45 pm
by JackG
zoneminder wrote:tanderson wrote:Have the security issues mentioned in
http://www.securityfocus.com/archive/1/ ... 0/threaded been fixed for this version? I'm a distribution maintainer(gentoo) and currently the package is masked from our users because it has these critical security issues. Are these fixed in the new version? If so, could we have a backported patch for 1.23?
Thanks,
Thomas
Yes, they are fixed (AFAIK) in 1.24.0. I think I did a fix of all but the most trivial issues on 1.23.3 but I will have to check, it was certainly never released yet.
I came here looking for the same answer, so I hope you'll post the results of your review.
-- Jack
Posted: Sun Feb 01, 2009 8:31 pm
by zoneminder
I don't really have access to whatever test software that exposed the vulnerabilities was so I can't really say 100% they are fixed until the reporters retest. For 1.24.x I rewrote nearly all the web code to eliminate my understanding of the errors, for 1.23.3 I have done the most changes (ie injection etc) but stuff that requires access to the source web pages has not necessarily been addressed.
Posted: Wed Feb 04, 2009 3:13 pm
by zoneminder
Updated to 2740.
o Should no longer moan about V4L2 cams that do not have a defined video standard
o Unconditionally or conditionally commented out V4L2 pix format defines that are not present in earlier kernels. There may be other ones from even earlier versions still to discover.
o Fixed issue with FireFox3 objecting to stream image resizing in mid stream.
Posted: Mon Feb 09, 2009 9:52 pm
by zoneminder
Please note that 1.24.0 is now out of beta and on general release. Therefore this thread is now more or less defunct. Please create a new thread for any issues you find (unless one already exists of course) and use this one only to follow up earlier posts.