[ANNOUNCE] xtrans 1.5.0
Alan Coopersmith
alan.coopersmith at oracle.com
Sat Jun 3 00:37:44 UTC 2023
xtrans is a library of code that is shared among various X packages to handle
network protocol transport in a modular fashion, allowing a single place to
add new transport types - but it is *not* a shared library, more like a \
"header-only" library. It is used by the X server, the XIM support in libX11,
libICE, the X font server, and related components. Because this is not a
shared library, the changes in this release will only take effect in consumers
that are rebuilt on a system with this release of xtrans installed.
This release makes progress towards resolving CVE-2020-25697, reported in
https://www.openwall.com/lists/oss-security/2020/11/09/3 . Clients will no
longer attempt to connect to sockets in the abstract namespace, though
servers will still bind to them to prevent other programs binding to those
names to intercept connections from clients using libraries built with older
versions of libxtrans or libxcb while the servers are running. Clients can
also now specify a full Unix domain socket pathname to connect to, instead
of relying on built-in defaults under /tmp. (Note that libX11 1.4.0 and later
relies on libxcb for making connections instead of libxtrans, so X11 protocol
clients will get this support in an upcoming release of libxcb, and the changes
in xtrans will only affect clients of other protocols using libxtrans, such as
XIM, ICE, SM, and the font service protocols.)
This release also removes support for System V UNIX platforms other than
Solaris and the illumos family - OS'es from SCO, AT&T's Unix Systems Group,
Novell, and NCR are no longer supported.
Adam Jackson (4):
unifdef USG and NCR
Delete SCO support
Remove non-Solaris SysV support
TEST_t is never defined
Alan Coopersmith (5):
Build xz tarballs instead of bzip2
Fix spelling/wording issues
gitlab CI: add a basic build test
Remove "All rights reserved" from Oracle copyright notices
xtrans 1.5.0
Demi Marie Obenour (3):
Remove client-side abstract socket support
Allow full paths to sockets on non-macOS
DISPLAY starting with unix: or / is always a socket path
Keith Packard (2):
move is_numeric to Xtranssock.c and only define for TCPCONN or TRANS_REOPEN
Use font server ErrorF/VErrorF instead of private versions
Olivier Fourdan (1):
Allow partial connection to succeed
Ray Strode (1):
Automatically disable inet6 transport if ipv6 is disabled on machine
git tag: xtrans-1.5.0
https://xorg.freedesktop.org/archive/individual/lib/xtrans-1.5.0.tar.gz
SHA256: a806f8a92f879dcd0146f3f1153fdffe845f2fc0df9b1a26c19312b7b0a29c86 xtrans-1.5.0.tar.gz
SHA512: cc9b9e2d76fccaecfc3e5ef873e8e6ced9e82a00c7d7d31cf13e85921f010915f9540c4d38afbb20885bbbf36c62b922ec514f4c8fc3fac65c93219cd8a6f796 xtrans-1.5.0.tar.gz
PGP: https://xorg.freedesktop.org/archive/individual/lib/xtrans-1.5.0.tar.gz.sig
https://xorg.freedesktop.org/archive/individual/lib/xtrans-1.5.0.tar.xz
SHA256: 1ba4b703696bfddbf40bacf25bce4e3efb2a0088878f017a50e9884b0c8fb1bd xtrans-1.5.0.tar.xz
SHA512: e8091f11d4ad2b14e01de3eac56bdf2267ea26687ce66e3056374d0d02e049480c0b27c482f8828a0efd086f1e4c485108ca4dce3f83d66c1896effa3b38b228 xtrans-1.5.0.tar.xz
PGP: https://xorg.freedesktop.org/archive/individual/lib/xtrans-1.5.0.tar.xz.sig
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20230602/2c4d29af/attachment.sig>
More information about the xorg-announce
mailing list