http://libevent.org/ still shows only https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
Am 05.01.2015 um 16:30 schrieb Nick Mathewson:
Hello, all! There are three new Libevent releases out today. One of them is 2.0.22-stable, an updated stable release. This release fixes a moderately worrisome security issue in evbuffers that could affect some programs; see http://archives.seul.org/libevent/users/Jan-2015/msg00010.html for details. You can get the source code from http://libevent.org or from one of the git repositories. If the website hasn't updated yet, you can get the files from https://sourceforge.net/projects/levent/files/libevent/ As usual, make sure to check the GPG signatures on the source distributions. ================================ Changes in 2.0.22-stable Changes in version 2.0.22-stable (5 Jan 2015) SECURITY FIXES (evbuffers) o Avoid integer overflow bugs in evbuffer_add() and related functions. See CVE-2014-6272 advisory for more information. (20d6d4458bee5d88bda1511c225c25b2d3198d6c) BUGFIXES (evhttp) o fix #73 and fix http_connection_fail_test to catch it (crash fix) (b618204 Greg Hazel) o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum) BUGFIXES (compilation and portability) o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739) o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan) o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5) (74d4c44 Kevin Bowling) o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for autmake 1.13 compat (817ea36) o Rename configure.in to configure.ac to appease newer autoconfs (0c79787) o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e) o Use windows vsnprintf fixup logic on all windows environments (e826f19) o Fix a compiler warning when checking for arc4random_buf linker breakage. (5cb3865) o Fix another arc4random_buf-related warning (e64a2b0) o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye) BUGFIXES (resource leaks/lock errors on error) o Avoid leaking fds on evconnlistener with no callback set (69db261) o Avoid double-close on getsockname error in evutil_ersatz_socketpair (0a822a6) o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e) o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer) (b8f5980 Frank Denis) BUGFIXES: (other stability) o bufferevent_pair: don't call downcast(NULL) (f2428a2) o Consistently check for failure from evbuffer_pullup() (60f8f72) o Fix race caused by event_active (3c7d6fc vjpai) BUGFIXES (miscellaneous) o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62) o Typo fixes from Linus Nordberg (cec62cb, 8cd695b) o Add a few files created by "make verify" to .gitignore. (1a8295a Pierre Phaneuf) o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov) o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243) o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a) BUFGIXES (evdns) o Checking request nameserver for NULL, before using it. (5c710c0 Belobrov Andrey) o Fix SEGFAULT after evdns_base_resume if no nameservers installed. (f8d7df8 Azat Khuzhin) o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749) BUGFIXES (epoll) o Check does arch have the epoll_create and __NR_epoll_wait syscalls. (dfe1e52 Marcin Juszkiewicz) BUGFIXES (evutil_secure_random) o Avoid other RNG initialization FS reads when urandom file is specified (9695e9c, bb52471) o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540) o Document that arc4random is not a great cryptographic PRNG. (6e49696) o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7) o Really remove RNG seeds from the stack (f5ced88) DOCUMENTATION FIXES o Fix a mistake in evbuffer_remove() arguments in example http server code (c322c20 Gyepi Sam) o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5) o Clarify event_base_loop exit conditions (031a803) o Use FindClose for handle from FindFirstFile in http-server.c (6466e88) o Fix a typo in a doxygen comment. Reported by äå. (be1aeff) ================================ Acknowledgments Thanks to everybody who contributed patches or bug reports or advice to this release, including but not exclusively those mentioned above. Thanks also to everyone mentioned in the CVE-2014-6272 advisory. *********************************************************************** To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with unsubscribe libevent-users in the body.
Attachment:
signature.asc
Description: OpenPGP digital signature