[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[Libevent-users] [ANN] Libevent 1.4.15-stable is released



Hello, all!

There are three new Libevent releases out today.  One of them is
1.4.15-stable, an updated oldstable release.  (I do not expect to do
any more 1.4 releases after this.)

This release fixes a moderately worrisome security issue in
evbuffers that could affect some programs; see
   http://archives.seul.org/libevent/users/Jan-2015/msg00010.html
for details.

You can get the source code from http://libevent.org or from one of
the git repositories.  If the website hasn't updated yet, you can
get the files from
    https://sourceforge.net/projects/levent/files/libevent/

As usual, make sure to check the GPG signatures on the source
distributions.

================================ Changes in 1.4.15-stable

Changes in 1.4.15-stable (5 January 2015)

 o Avoid integer overflow bugs in evbuffer_add() and related
functions.  See CVE-2014-6272 advisory for more information.
(d49bc0e88b81a5812116074dc007f1db0ca1eecd)

 o Pass flags to fcntl(F_SETFL) as int, not long (b3d0382)
 o Backport and tweak the LICENSE file for 1.4 (8a5ebd3)
 o set close-on-exec bit for filedescriptors created by dns subsystem
(9985231 Ralf Schmitt)
 o Replace unused case of FD_CLOSEONEXEC with a proper null statement. (44f04a2)
 o Fix kqueue correctness test on x84_64 (1c25b07)
 o Avoid deadlock when activating signals. (e0e6958)
 o Backport doc fix for evhttp_bind_socket. (95b71d0 Marco)
 o Fix an issue with forking and signal socketpairs in select/poll
backends (f0ff765)
 o Fix compilation on Visual Studio 2010 (53c47c2 VDm)
 o Defensive programming to prevent (hopefully impossible)
stack-stomping (2d8cf0b)
 o Check for POLLERR, POLLHUP and POLLNVAL for Solaris event ports
(353b4ac Trond Norbye)
 o Fix a bug that could allow dns requests with duplicate tx ids (e50ba5b)
 o Avoid truncating huge values for content-length (1d6e30e)
 o Take generated files out of git; add correct m4 magic for libtool
to auto* files (7cf794b)
 o Prefer autoregen -ivf to manual autogen.sh (823d9be)


================================ Acknowledgments

Thanks to everybody who contributed patches or bug reports or advice
to this release, including but not exclusively those mentioned
above.

Thanks also to everyone mentioned in the CVE-2014-6272 advisory.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.