From ueno at gnu.org Sat Dec 12 10:17:50 2020 From: ueno at gnu.org (Daiki Ueno) Date: Sat, 12 Dec 2020 11:17:50 +0100 Subject: ANNOUNCE: p11-kit 0.23.22 Message-ID: <87ft4b9vld.fsf-ueno@gnu.org> Hello, This release fixes the 3 security issues discovered in the RPC protocol handling. The users of 'p11-kit server' or 'p11-kit remote' commands are advised to update to this release. The corresponding advisories are available at: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 What's new in 0.23.22 -------------------- * Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook * anchor: Prefer persistent format when storing anchor [PR#329] * common: Fix infloop in p11_path_build [PR#326, PR#327] * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325] * common: Check for a NULL locale before freeing it [PR#321] * Build and test fixes [PR#313, PR#315, PR#317, PR#318, PR#319, PR#323, PR#330, PR#333, PR#334, PR#335, PR#338, PR#339] Detailed changes between 0.23.21 and 0.23.22 ------------------------------------------ Alexander Sosedkin (3): Remove more duplicate separators in p11_path_build Use is_path_component in one more place Rename is_path_component to is_path_separator Anders Kaseorg (1): p11_test_copy_setgid: Skip setgid tests on nosuid filesystems Daiki Ueno (17): test-compat: Skip getprogname test if BUILDDIR contains a symlink build: Use calloc in a consistent manner proxy: C_CloseAllSessions: Make sure that calloc args are non-zero common: Fix infloop in p11_path_build meson: Use custom_target for generating external XML entities meson: expand ternary operator in function call for compatibility meson: Set -fstack-protector for MinGW64 cross build travis: Route to Ubuntu 20.04 base image travis: Use python3 as the default Python interpreter travis: Run "make check" along with "make distcheck" for coverage anchor: Prefer persistent format when storing anchor travis: Add freebsd build meson: Add missing libtasn1 dependency compat: fdwalk: add guard for Linux specific local variables compat: getauxval: correct compiler macro for FreeBSD common: Don't assume __STDC_VERSION__ is always defined Release 0.23.22 David Cook (5): Fix buffer overflow in log_token_info Fix bounds check in p11_rpc_buffer_get_byte_array Check attribute length against buffer size Check for arithmetic overflows before allocating Follow-up to arithmetic overflow fix Jan Alexander Steffens (heftig) (1): meson: Allow building manpages without gtk-doc John Hein (1): meson: Allow override of default bashcompdir. Fixes meson regression (issue #322). Pass -Dbashcompdir=/xxx to meson. Rosen Penev (1): unix-peer: replace incorrect include1 Tavian Barnes (1): common: Check for a NULL locale before freeing it X? Ruoyao (3): rename trust-extract-compat.in to trust-extract-compat meson: install trust-extract-compat add trust-extract-compat into EXTRA-DIST Download -------- https://github.com/p11-glue/p11-kit/releases/tag/0.23.22 Regards, -- Daiki Ueno -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: