Thanks Spunz. A HylaFAX security update has been released:
The HylaFAX development team is pleased to announce our 4.2.4 patch level release! As always, our sincerest thanks go to all who participate and provide feedback.
The source code for the 4.2.4 release can be downloaded from:
ftp://ftp.hylafax.org/source/hylafax-4.2.4.tar.gz
(md5: 1cda04f9faf643095b918956bacf1cf2 1,450,465 bytes)
The README from this release follows. Please read it carefully.
* * *
This document is intended to describe the significant differences between hylafax-4.2.4 and older releases, point out any known incompatibilites and issues, and provide the reader with directions to further resources regarding HylaFAX.
* NEW FEATURES *
* Security fix - hfaxd vulnerability CVE-2005-3538
* Security fix - script vulnerability CVE-2005-3539
* PAM support on Solaris
* Local/GMT timezone support in JOBFMT/RECVFMT formatters
* numerous other enhancements and bugfixes (see CHANGES)
* KNOWN ISSUES *
** Please refer to HylaFAX Bugzilla for a detailed list of issues.
* INCOMPATIBILITIES *
* Some modem config files generated from earlier versions' config file prototypes may contain Class1TCFRecvHack. This is no longer desireable for production use, and this feature should now only be used for debugging purposes.
* The time value of %Z in jobfmt/recvfmt is now returned in GMT time when GMT is requested, and in local time when local time is requested. Previously, %Z was always returned in local time, even if GMT had been requested.
* If upgrading from any releases other than 4.2.2 or 4.2.3, be advised that CIDName/CIDNumber are now part of a larger CallID framework.
* libtiff-3.6.1 is fatally flawed when dealing with Group 3 images. Don't use it as-is.
See: http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=500
* WHO SHOULD UPGRADE? *
* For security reasons, everyone should consider upgrading to this 4.2.4 release as soon as possible.
* HYLAFAX BINARY PACKAGES *
Binary packages for some operating systems and platforms are available. Please see:
ftp://ftp.hylafax.org/binary/
http://www.hylafax.org/content/Binary_Packages
http://www.hylafax.org/content/Handbook:Binary_Package_Install
If you are able and willing to produce a binary package of HylaFAX for general distribution, and one is not already available for your platform/OS, then you are invited to add it to the Binary_Packages wiki page at www.hylafax.org.
* SUPPORT *
HylaFAX has numerous public support resources available. The user is encouraged to utilize the manpage documentation before turning to other support arenas. However, if other support is desired, or if you would like to actively take part in the HylaFAX community, you are invited to:
* join and participate in a HylaFAX mailing list
See: http://www.hylafax.org/content/Mailing_Lists
When corresponding about this software, please always specify:
- what version of HylaFAX you have,
- what system you're running on (if it is Linux please name the distribution)
- if the problem is modem-related, identify it and the firmware rev
For example: "HylaFAX v4.0pl2 under RedHat Linux 4.2 with gcc 2.7.2; ZyXEL 1496E with 6.11a firmware."
* read the on-line documentation and resources
See: http://www.hylafax.org/content/Documentation
* review HylaFAX CVS
See: http://www.hylafax.org/content/Developers
* report confirmed bugs, feature requests, and submit patches
See: http://bugs.hylafax.org/bugzilla
Thanks,
The HylaFAX development team
The HylaFAX development team is pleased to announce our 4.2.4 patch level release! As always, our sincerest thanks go to all who participate and provide feedback.
The source code for the 4.2.4 release can be downloaded from:
ftp://ftp.hylafax.org/source/hylafax-4.2.4.tar.gz
(md5: 1cda04f9faf643095b918956bacf1cf2 1,450,465 bytes)
The README from this release follows. Please read it carefully.
* * *
This document is intended to describe the significant differences between hylafax-4.2.4 and older releases, point out any known incompatibilites and issues, and provide the reader with directions to further resources regarding HylaFAX.
* NEW FEATURES *
* Security fix - hfaxd vulnerability CVE-2005-3538
* Security fix - script vulnerability CVE-2005-3539
* PAM support on Solaris
* Local/GMT timezone support in JOBFMT/RECVFMT formatters
* numerous other enhancements and bugfixes (see CHANGES)
* KNOWN ISSUES *
** Please refer to HylaFAX Bugzilla for a detailed list of issues.
* INCOMPATIBILITIES *
* Some modem config files generated from earlier versions' config file prototypes may contain Class1TCFRecvHack. This is no longer desireable for production use, and this feature should now only be used for debugging purposes.
* The time value of %Z in jobfmt/recvfmt is now returned in GMT time when GMT is requested, and in local time when local time is requested. Previously, %Z was always returned in local time, even if GMT had been requested.
* If upgrading from any releases other than 4.2.2 or 4.2.3, be advised that CIDName/CIDNumber are now part of a larger CallID framework.
* libtiff-3.6.1 is fatally flawed when dealing with Group 3 images. Don't use it as-is.
See: http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=500
* WHO SHOULD UPGRADE? *
* For security reasons, everyone should consider upgrading to this 4.2.4 release as soon as possible.
* HYLAFAX BINARY PACKAGES *
Binary packages for some operating systems and platforms are available. Please see:
ftp://ftp.hylafax.org/binary/
http://www.hylafax.org/content/Binary_Packages
http://www.hylafax.org/content/Handbook:Binary_Package_Install
If you are able and willing to produce a binary package of HylaFAX for general distribution, and one is not already available for your platform/OS, then you are invited to add it to the Binary_Packages wiki page at www.hylafax.org.
* SUPPORT *
HylaFAX has numerous public support resources available. The user is encouraged to utilize the manpage documentation before turning to other support arenas. However, if other support is desired, or if you would like to actively take part in the HylaFAX community, you are invited to:
* join and participate in a HylaFAX mailing list
See: http://www.hylafax.org/content/Mailing_Lists
When corresponding about this software, please always specify:
- what version of HylaFAX you have,
- what system you're running on (if it is Linux please name the distribution)
- if the problem is modem-related, identify it and the firmware rev
For example: "HylaFAX v4.0pl2 under RedHat Linux 4.2 with gcc 2.7.2; ZyXEL 1496E with 6.11a firmware."
* read the on-line documentation and resources
See: http://www.hylafax.org/content/Documentation
* review HylaFAX CVS
See: http://www.hylafax.org/content/Developers
* report confirmed bugs, feature requests, and submit patches
See: http://bugs.hylafax.org/bugzilla
Thanks,
The HylaFAX development team
