libICE provides the API for the Inter-Client Exchange protocol. This release provides a fix for CVE-2017-2626 for platforms which don't have arc4random_buf() in their default libraries but do have getentropy(), such as Linux platforms with a kernel version of 3.17 or newer and a glibc version of 2.25 or newer. (libICE 1.0.9 already ensured that arc4random_buf() is used on platforms that have it to provide sufficient entropy in ICE key generation, but left other platforms with the weaker methods. Linux platforms could also have linked against libbsd to use arc4random_buf() with libICE 1.0.9 for stronger keys.)
Alan Coopersmith (7): spec: Convert troff \*Q..\*U to DocBook <quote>...</quote> Remove obsolete B16 & B32 tags in struct definitions Update README for gitlab migration Update configure.ac bug URL for gitlab migration IceOpenConnection: check for malloc failure on connect_to_you too IceWritePad: always use zero values for pad bytes libICE 1.0.10 Allison Lortie (2): authutil: fix an out-of-bounds access authutil: support $XDG_RUNTIME_DIR/ICEauthority Benjamin Tissoires (1): Use getentropy() if arc4random_buf() is not available Emil Velikov (6): autogen.sh: use quoted string variables Kill off Strstr macro Kill off Time_t macro Remove unneeded ^L symbols. Kill off local ICE_t definitions configure.ac: set TRANS_CLIENT/SERVER Eric Engestrom (3): Make sure errorStr is a free-able string Make sure error_message is a free-able string Make sure string is never NULL Jon TURNEY (1): Include unistd.h for getpid() Mihail Konev (1): autogen: add default patch prefix Olivier Fourdan (3): IceListenForWellKnownConnections: Fix memleak _IceRead: Avoid possible use-after-free cleanup: Separate variable assignment and test Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Remko van der Vossen (1): Bug 90616 - libICE build fails on array bounds check Tobias Stoeckmann (2): Fix use after free on subsequent calls Always terminate strncpy results. walter harms (3): Drop NULL check prior to free() make IceProtocolShutdown() more readable iceauth.c: FIX warning: unused variable 'ret' in 'arc4random_buf' git tag: libICE-1.0.10 https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.bz2 MD5: 76d77499ee7120a56566891ca2c0dbcf libICE-1.0.10.tar.bz2 SHA1: 5b5eb125d4f43a3ab8153b0f850963ee6c982c24 libICE-1.0.10.tar.bz2 SHA256: 6f86dce12cf4bcaf5c37dddd8b1b64ed2ddf1ef7b218f22b9942595fb747c348 libICE-1.0.10.tar.bz2 SHA512: 2f1ef2c32c833c71894a08fa7e7ed53f301f6c7bd22485d71c12884d8e8b36b99f362ec886349dcc84d08edc81c8b2cea035320831d64974edeba021b433c468 libICE-1.0.10.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.gz MD5: 25825f4caca2f75b112f287849455f15 libICE-1.0.10.tar.gz SHA1: b042c56b8a9cb42324c1ee7c8ac43f1bb54cc835 libICE-1.0.10.tar.gz SHA256: 1116bc64c772fd127a0d0c0ffa2833479905e3d3d8197740b3abd5f292f22d2d libICE-1.0.10.tar.gz SHA512: 2d4757f7325eb01180b5d7433cc350eb9606bd3afe82dabc8aa164feda75ef03a0624d74786e655c536c24a80d0ccb2f1e3ecbb04d3459b23f85455006ca8a91 libICE-1.0.10.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.gz.sig -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/alanc
signature.asc
Description: PGP signature
_______________________________________________ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce