[ANNOUNCE] libICE 1.0.10

Alan Coopersmith alan.coopersmith at oracle.com
Sun Jul 14 17:53:02 UTC 2019

libICE provides the API for the Inter-Client Exchange protocol.

This release provides a fix for CVE-2017-2626 for platforms which don't have
arc4random_buf() in their default libraries but do have getentropy(), such
as Linux platforms with a kernel version of 3.17 or newer and a glibc version
of 2.25 or newer.   (libICE 1.0.9 already ensured that arc4random_buf()
is used on platforms that have it to provide sufficient entropy in ICE
key generation, but left other platforms with the weaker methods.  Linux
platforms could also have linked against libbsd to use arc4random_buf()
with libICE 1.0.9 for stronger keys.)

Alan Coopersmith (7):
      spec: Convert troff \*Q..\*U to DocBook <quote>...</quote>
      Remove obsolete B16 & B32 tags in struct definitions
      Update README for gitlab migration
      Update configure.ac bug URL for gitlab migration
      IceOpenConnection: check for malloc failure on connect_to_you too
      IceWritePad: always use zero values for pad bytes
      libICE 1.0.10

Allison Lortie (2):
      authutil: fix an out-of-bounds access
      authutil: support $XDG_RUNTIME_DIR/ICEauthority

Benjamin Tissoires (1):
      Use getentropy() if arc4random_buf() is not available

Emil Velikov (6):
      autogen.sh: use quoted string variables
      Kill off Strstr macro
      Kill off Time_t macro
      Remove unneeded ^L symbols.
      Kill off local ICE_t definitions
      configure.ac: set TRANS_CLIENT/SERVER

Eric Engestrom (3):
      Make sure errorStr is a free-able string
      Make sure error_message is a free-able string
      Make sure string is never NULL

Jon TURNEY (1):
      Include unistd.h for getpid()

Mihail Konev (1):
      autogen: add default patch prefix

Olivier Fourdan (3):
      IceListenForWellKnownConnections: Fix memleak
      _IceRead: Avoid possible use-after-free
      cleanup: Separate variable assignment and test

Peter Hutterer (1):
      autogen.sh: use exec instead of waiting for configure to finish

Remko van der Vossen (1):
      Bug 90616 - libICE build fails on array bounds check

Tobias Stoeckmann (2):
      Fix use after free on subsequent calls
      Always terminate strncpy results.

walter harms (3):
      Drop NULL check prior to free()
      make IceProtocolShutdown() more readable
      iceauth.c: FIX warning: unused variable 'ret' in 'arc4random_buf'

git tag: libICE-1.0.10

MD5:  76d77499ee7120a56566891ca2c0dbcf  libICE-1.0.10.tar.bz2
SHA1: 5b5eb125d4f43a3ab8153b0f850963ee6c982c24  libICE-1.0.10.tar.bz2
SHA256: 6f86dce12cf4bcaf5c37dddd8b1b64ed2ddf1ef7b218f22b9942595fb747c348  libICE-1.0.10.tar.bz2
SHA512: 2f1ef2c32c833c71894a08fa7e7ed53f301f6c7bd22485d71c12884d8e8b36b99f362ec886349dcc84d08edc81c8b2cea035320831d64974edeba021b433c468  libICE-1.0.10.tar.bz2
PGP:  https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.bz2.sig

MD5:  25825f4caca2f75b112f287849455f15  libICE-1.0.10.tar.gz
SHA1: b042c56b8a9cb42324c1ee7c8ac43f1bb54cc835  libICE-1.0.10.tar.gz
SHA256: 1116bc64c772fd127a0d0c0ffa2833479905e3d3d8197740b3abd5f292f22d2d  libICE-1.0.10.tar.gz
SHA512: 2d4757f7325eb01180b5d7433cc350eb9606bd3afe82dabc8aa164feda75ef03a0624d74786e655c536c24a80d0ccb2f1e3ecbb04d3459b23f85455006ca8a91  libICE-1.0.10.tar.gz
PGP:  https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.gz.sig

	-Alan Coopersmith-               alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - https://blogs.oracle.com/alanc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20190714/b53e5b8e/attachment.sig>

More information about the xorg-announce mailing list