[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[Libevent-users] [ANN] Libevent 1.4.15-stable is released

To: libevent-users@xxxxxxxxxxxxx
Subject: [Libevent-users] [ANN] Libevent 1.4.15-stable is released
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Mon, 5 Jan 2015 10:32:06 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Mon, 05 Jan 2015 10:32:09 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=7MqgcQhiVhgynmSwXG9h/k1TiySCVki+2jvAihouuv0=; b=vhTizG4bFQ7HoVqWQ5LRejehQlHgL8xknl0x5FIjIHUq4XTzrK6Zsa7XMzS23FWwua D//MKOWyNSvfNBDDU0WcVEumAar+FHBdJlwnX8bjxeuYgKU9F9bRv7WwM+cR+h9vZzi7 6wozJxTdC8WgqODvz0HGzHPRq+ULMZCAlYOJFzXJ8ppag7EEqEjn3rDlHiOLvwfnFJHM FRmtQ6FIR4tG2wPDua7FdjIOhi/VOdibO/eUuNPmG+BOTnXIZ5zODNVOaH0speG5xeIK lP3G9kOb+Q1tZhTkmvbajryNiGoviX51VQ8ssYI6zJcBG/UNJ66dyHgUj6XJrNpEw1Lm gECA==
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx

Hello, all!

There are three new Libevent releases out today.  One of them is
1.4.15-stable, an updated oldstable release.  (I do not expect to do
any more 1.4 releases after this.)

This release fixes a moderately worrisome security issue in
evbuffers that could affect some programs; see
   http://archives.seul.org/libevent/users/Jan-2015/msg00010.html
for details.

You can get the source code from http://libevent.org or from one of
the git repositories.  If the website hasn't updated yet, you can
get the files from
    https://sourceforge.net/projects/levent/files/libevent/

As usual, make sure to check the GPG signatures on the source
distributions.

================================ Changes in 1.4.15-stable

Changes in 1.4.15-stable (5 January 2015)

 o Avoid integer overflow bugs in evbuffer_add() and related
functions.  See CVE-2014-6272 advisory for more information.
(d49bc0e88b81a5812116074dc007f1db0ca1eecd)

 o Pass flags to fcntl(F_SETFL) as int, not long (b3d0382)
 o Backport and tweak the LICENSE file for 1.4 (8a5ebd3)
 o set close-on-exec bit for filedescriptors created by dns subsystem
(9985231 Ralf Schmitt)
 o Replace unused case of FD_CLOSEONEXEC with a proper null statement. (44f04a2)
 o Fix kqueue correctness test on x84_64 (1c25b07)
 o Avoid deadlock when activating signals. (e0e6958)
 o Backport doc fix for evhttp_bind_socket. (95b71d0 Marco)
 o Fix an issue with forking and signal socketpairs in select/poll
backends (f0ff765)
 o Fix compilation on Visual Studio 2010 (53c47c2 VDm)
 o Defensive programming to prevent (hopefully impossible)
stack-stomping (2d8cf0b)
 o Check for POLLERR, POLLHUP and POLLNVAL for Solaris event ports
(353b4ac Trond Norbye)
 o Fix a bug that could allow dns requests with duplicate tx ids (e50ba5b)
 o Avoid truncating huge values for content-length (1d6e30e)
 o Take generated files out of git; add correct m4 magic for libtool
to auto* files (7cf794b)
 o Prefer autoregen -ivf to manual autogen.sh (823d9be)


================================ Acknowledgments

Thanks to everybody who contributed patches or bug reports or advice
to this release, including but not exclusively those mentioned
above.

Thanks also to everyone mentioned in the CVE-2014-6272 advisory.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

Prev by Author: [Libevent-users] [ANN] Libevent 2.0.22-stable is released
Next by Author: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
Previous by thread: Re: [Libevent-users] [ANN] Libevent 2.0.22-stable is released
Next by thread: [Libevent-users] Memory leak in locks?
Index(es):
- Author
- Thread