[ANNOUNCE] xtrans 1.5.0

Alan Coopersmith alan.coopersmith at oracle.com
Sat Jun 3 00:37:44 UTC 2023

xtrans is a library of code that is shared among various X packages to handle
network protocol transport in a modular fashion, allowing a single place to
add new transport types - but it is *not* a shared library, more like a \
"header-only" library.  It is used by the X server, the XIM support in libX11,
libICE, the X font server, and related components.  Because this is not a
shared library, the changes in this release will only take effect in consumers
that are rebuilt on a system with this release of xtrans installed.

This release makes progress towards resolving CVE-2020-25697, reported in
https://www.openwall.com/lists/oss-security/2020/11/09/3 .  Clients will no
longer attempt to connect to sockets in the abstract namespace, though 
servers will still bind to them to prevent other programs binding to those
names to intercept connections from clients using libraries built with older
versions of libxtrans or libxcb while the servers are running.  Clients can 
also now specify a full Unix domain socket pathname to connect to, instead
of relying on built-in defaults under /tmp.  (Note that libX11 1.4.0 and later
relies on libxcb for making connections instead of libxtrans, so X11 protocol
clients will get this support in an upcoming release of libxcb, and the changes
in xtrans will only affect clients of other protocols using libxtrans, such as 
XIM, ICE, SM, and the font service protocols.)

This release also removes support for System V UNIX platforms other than
Solaris and the illumos family - OS'es from SCO, AT&T's Unix Systems Group,
Novell, and NCR are no longer supported.

Adam Jackson (4):
      unifdef USG and NCR
      Delete SCO support
      Remove non-Solaris SysV support
      TEST_t is never defined

Alan Coopersmith (5):
      Build xz tarballs instead of bzip2
      Fix spelling/wording issues
      gitlab CI: add a basic build test
      Remove "All rights reserved" from Oracle copyright notices
      xtrans 1.5.0

Demi Marie Obenour (3):
      Remove client-side abstract socket support
      Allow full paths to sockets on non-macOS
      DISPLAY starting with unix: or / is always a socket path

Keith Packard (2):
      move is_numeric to Xtranssock.c and only define for TCPCONN or TRANS_REOPEN
      Use font server ErrorF/VErrorF instead of private versions

Olivier Fourdan (1):
      Allow partial connection to succeed

Ray Strode (1):
      Automatically disable inet6 transport if ipv6 is disabled on machine

git tag: xtrans-1.5.0

SHA256: a806f8a92f879dcd0146f3f1153fdffe845f2fc0df9b1a26c19312b7b0a29c86  xtrans-1.5.0.tar.gz
SHA512: cc9b9e2d76fccaecfc3e5ef873e8e6ced9e82a00c7d7d31cf13e85921f010915f9540c4d38afbb20885bbbf36c62b922ec514f4c8fc3fac65c93219cd8a6f796  xtrans-1.5.0.tar.gz
PGP:  https://xorg.freedesktop.org/archive/individual/lib/xtrans-1.5.0.tar.gz.sig

SHA256: 1ba4b703696bfddbf40bacf25bce4e3efb2a0088878f017a50e9884b0c8fb1bd  xtrans-1.5.0.tar.xz
SHA512: e8091f11d4ad2b14e01de3eac56bdf2267ea26687ce66e3056374d0d02e049480c0b27c482f8828a0efd086f1e4c485108ca4dce3f83d66c1896effa3b38b228  xtrans-1.5.0.tar.xz
PGP:  https://xorg.freedesktop.org/archive/individual/lib/xtrans-1.5.0.tar.xz.sig

        -Alan Coopersmith-                 alan.coopersmith at oracle.com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20230602/2c4d29af/attachment.sig>

More information about the xorg-announce mailing list