[ANNOUNCE] libICE 1.0.10
Alan Coopersmith
alan.coopersmith at oracle.com
Sun Jul 14 17:53:02 UTC 2019
libICE provides the API for the Inter-Client Exchange protocol.
This release provides a fix for CVE-2017-2626 for platforms which don't have
arc4random_buf() in their default libraries but do have getentropy(), such
as Linux platforms with a kernel version of 3.17 or newer and a glibc version
of 2.25 or newer. (libICE 1.0.9 already ensured that arc4random_buf()
is used on platforms that have it to provide sufficient entropy in ICE
key generation, but left other platforms with the weaker methods. Linux
platforms could also have linked against libbsd to use arc4random_buf()
with libICE 1.0.9 for stronger keys.)
Alan Coopersmith (7):
spec: Convert troff \*Q..\*U to DocBook <quote>...</quote>
Remove obsolete B16 & B32 tags in struct definitions
Update README for gitlab migration
Update configure.ac bug URL for gitlab migration
IceOpenConnection: check for malloc failure on connect_to_you too
IceWritePad: always use zero values for pad bytes
libICE 1.0.10
Allison Lortie (2):
authutil: fix an out-of-bounds access
authutil: support $XDG_RUNTIME_DIR/ICEauthority
Benjamin Tissoires (1):
Use getentropy() if arc4random_buf() is not available
Emil Velikov (6):
autogen.sh: use quoted string variables
Kill off Strstr macro
Kill off Time_t macro
Remove unneeded ^L symbols.
Kill off local ICE_t definitions
configure.ac: set TRANS_CLIENT/SERVER
Eric Engestrom (3):
Make sure errorStr is a free-able string
Make sure error_message is a free-able string
Make sure string is never NULL
Jon TURNEY (1):
Include unistd.h for getpid()
Mihail Konev (1):
autogen: add default patch prefix
Olivier Fourdan (3):
IceListenForWellKnownConnections: Fix memleak
_IceRead: Avoid possible use-after-free
cleanup: Separate variable assignment and test
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
Remko van der Vossen (1):
Bug 90616 - libICE build fails on array bounds check
Tobias Stoeckmann (2):
Fix use after free on subsequent calls
Always terminate strncpy results.
walter harms (3):
Drop NULL check prior to free()
make IceProtocolShutdown() more readable
iceauth.c: FIX warning: unused variable 'ret' in 'arc4random_buf'
git tag: libICE-1.0.10
https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.bz2
MD5: 76d77499ee7120a56566891ca2c0dbcf libICE-1.0.10.tar.bz2
SHA1: 5b5eb125d4f43a3ab8153b0f850963ee6c982c24 libICE-1.0.10.tar.bz2
SHA256: 6f86dce12cf4bcaf5c37dddd8b1b64ed2ddf1ef7b218f22b9942595fb747c348 libICE-1.0.10.tar.bz2
SHA512: 2f1ef2c32c833c71894a08fa7e7ed53f301f6c7bd22485d71c12884d8e8b36b99f362ec886349dcc84d08edc81c8b2cea035320831d64974edeba021b433c468 libICE-1.0.10.tar.bz2
PGP: https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.bz2.sig
https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.gz
MD5: 25825f4caca2f75b112f287849455f15 libICE-1.0.10.tar.gz
SHA1: b042c56b8a9cb42324c1ee7c8ac43f1bb54cc835 libICE-1.0.10.tar.gz
SHA256: 1116bc64c772fd127a0d0c0ffa2833479905e3d3d8197740b3abd5f292f22d2d libICE-1.0.10.tar.gz
SHA512: 2d4757f7325eb01180b5d7433cc350eb9606bd3afe82dabc8aa164feda75ef03a0624d74786e655c536c24a80d0ccb2f1e3ecbb04d3459b23f85455006ca8a91 libICE-1.0.10.tar.gz
PGP: https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.gz.sig
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/alanc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20190714/b53e5b8e/attachment.sig>
More information about the xorg-announce
mailing list