ANNOUNCE: p11-kit 0.23.22

Sat Dec 12 10:17:50 UTC 2020

Hello,

This release fixes the 3 security issues discovered in the RPC protocol
handling.  The users of 'p11-kit server' or 'p11-kit remote' commands
are advised to update to this release.

The corresponding advisories are available at:
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2

What's new in 0.23.22
--------------------

 * Fix memory-safety issues that affect the RPC protocol
   (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
   and fixed by David Cook
 * anchor: Prefer persistent format when storing anchor [PR#329]
 * common: Fix infloop in p11_path_build [PR#326, PR#327]
 * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
 * common: Check for a NULL locale before freeing it [PR#321]
 * Build and test fixes [PR#313, PR#315, PR#317, PR#318, PR#319, PR#323, PR#330, PR#333, PR#334, PR#335, PR#338, PR#339]

Detailed changes between 0.23.21 and 0.23.22
------------------------------------------

Alexander Sosedkin (3):
      Remove more duplicate separators in p11_path_build
      Use is_path_component in one more place
      Rename is_path_component to is_path_separator

Anders Kaseorg (1):
      p11_test_copy_setgid: Skip setgid tests on nosuid filesystems

Daiki Ueno (17):
      test-compat: Skip getprogname test if BUILDDIR contains a symlink
      build: Use calloc in a consistent manner
      proxy: C_CloseAllSessions: Make sure that calloc args are non-zero
      common: Fix infloop in p11_path_build
      meson: Use custom_target for generating external XML entities
      meson: expand ternary operator in function call for compatibility
      meson: Set -fstack-protector for MinGW64 cross build
      travis: Route to Ubuntu 20.04 base image
      travis: Use python3 as the default Python interpreter
      travis: Run "make check" along with "make distcheck" for coverage
      anchor: Prefer persistent format when storing anchor
      travis: Add freebsd build
      meson: Add missing libtasn1 dependency
      compat: fdwalk: add guard for Linux specific local variables
      compat: getauxval: correct compiler macro for FreeBSD
      common: Don't assume __STDC_VERSION__ is always defined
      Release 0.23.22

David Cook (5):
      Fix buffer overflow in log_token_info
      Fix bounds check in p11_rpc_buffer_get_byte_array
      Check attribute length against buffer size
      Check for arithmetic overflows before allocating
      Follow-up to arithmetic overflow fix

Jan Alexander Steffens (heftig) (1):
      meson: Allow building manpages without gtk-doc

John Hein (1):
      meson: Allow override of default bashcompdir. Fixes meson regression (issue #322).  Pass -Dbashcompdir=/xxx to meson.

Rosen Penev (1):
      unix-peer: replace incorrect include1

Tavian Barnes (1):
      common: Check for a NULL locale before freeing it

Xℹ Ruoyao (3):
      rename trust-extract-compat.in to trust-extract-compat
      meson: install trust-extract-compat
      add trust-extract-compat into EXTRA-DIST

Download
--------

https://github.com/p11-glue/p11-kit/releases/tag/0.23.22

Regards,
--
Daiki Ueno

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/p11-glue/attachments/20201212/152fef99/attachment.sig>