Overview Repositories Revisions Requests Users Attributes Meta

Revisions of zeromq

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1119932 from Adam Majer's avatar Adam Majer (adamm) (revision 43) 
- update to 4.3.5:
  * Relicensing from LGPL-3.0+ (with custom exceptions) to MPL-2.0 is now complete.
    libzmq is now distributed under the Mozilla Public License 2.0. Relicensing
    grants have been collected from all relevant authors, and some functionality
    has been clean-room reimplemented where that was not possible. In layman terms,
    the new license provides the same rights and obligations as before. Source
    files are now tagged using the SPDX license identifier format.
    Details of the relicensing process can be seen at: #2376
    Relicensing grants have been archived at:
    https://github.com/rlenferink/libzmq-relicense
    A special thanks to everybody who helped with this long and difficult task,
    with the process, the reimplementations, the collections and everything else.
  * New DRAFT (see NEWS for 4.2.0) socket options:
    ZMQ_BUSY_POLL will set the SO_BUSY_POLL socket option on the underlying
    sockets, if it is supported.
    ZMQ_HICCUP_MSG will send a message when the peer has been disconnected.
    ZMQ_XSUB_VERBOSE_UNSUBSCRIBE will configure a socket to pass all
    unsubscription messages, including duplicated ones.
    ZMQ_TOPICS_COUNT will return the number of subscribed topics on a
    PUB/SUB socket.
    ZMQ_NORM_MODE, ZMQ_NORM_UNICAST_NACK, ZMQ_NORM_BUFFER_SIZE,
    ZMQ_NORM_SEGMENT_SIZE, ZMQ_NORM_BLOCK_SIZE, ZMQ_NORM_NUM_PARITY,
    ZMQ_NORM_NUM_AUTOPARITY and ZMQ_NORM_PUSH to control various aspect of
    NORM sockets.
    See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
  * New DRAFT (see NEWS for 4.2.0) zmq_ppoll APIs was added that differs from
    zmq_poll in the same way that ppoll differs from poll.
    See doc/zmq_ppoll.txt for details.
  * Various bug fixes and performance improvements.
- qemu-user.patch: upstreamed, removed
Richard Brown's avatar Richard Brown (RBrownFactory) accepted request 997418 from Adam Majer's avatar Adam Majer (adamm) (revision 41) 
- drop xmlto and asciidoc buildrequires, these are only needed
  for non-release builds which do not ship with prebuilt docs
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 839566 from Adam Majer's avatar Adam Majer (adamm) (revision 38) 
Adding bug numbers to previous submission

- New upstream version 4.3.3:
  * Denial-of-Service on CURVE/ZAP-protected servers by
    unauthenticated clients. (CVE-2020-15166, bsc#1176116)
    If a raw TCP socket is opened and connected to an endpoint that is fully
    configured with CURVE/ZAP, legitimate clients will not be able to exchange
    any message. Handshakes complete successfully, and messages are delivered to
    the library, but the server application never receives them.
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
  * Stack overflow on server running PUB/XPUB socket (CURVE disabled).
    The PUB/XPUB subscription store (mtrie) is traversed using recursive
    function calls. In the remove (unsubscription) case, the recursive calls are
    NOT tail calls, so even with optimizations the stack grows linearly with the
    length of a subscription topic. Topics are under the control of remote
    clients - they can send a subscription to arbitrary length topics. An
    attacker can thus cause a server to create an mtrie sufficiently large such
    that, when unsubscribing, traversal will cause a stack overflow. (bsc#1176258)
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
  * Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
    Messages with metadata are never processed by PUB sockets, but the metadata
    is kept referenced in the PUB object and never freed. (bsc#1176257)
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
  * Memory leak in client induced by malicious server(s) without CURVE/ZAP.
    When a pipe processes a delimiter and is already not in active state but
    still has an unfinished message, the message is leaked. (bsc#1176259)
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
  * Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).
    By crafting a packet which is not valid ZMTP v2/v3, and which has two
    messages larger than 8192 bytes, the decoder can be tricked into changing
    the recorded size of the 8192 bytes static buffer, which then gets overflown
    by the next message. The content that gets written in the overflown memory
    is entirely decided by the sender. (bsc#1176256)
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
For complete list of changes, see
https://github.com/zeromq/libzmq/releases/tag/v4.3.3
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 665699 from Adam Majer's avatar Adam Majer (adamm) (revision 36) 
- New upstream version 4.3.1:
  * CVE-2019-6250: A vulnerability has been found that would allow
    attackers to direct a peer to jump to and execute from an address
    indicated by the attacker. (bsc#1121717)
  * fixed race condition in ZMQ_PUSH when quickly disconnecting and
    reconnecting causes last part of multi-part message to get
    "stuck" and resent by mistake to the new socket.
For complete set of changes, see,
https://github.com/zeromq/libzmq/releases/tag/v4.3.1
https://github.com/zeromq/libzmq/releases/tag/v4.3.0
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 481814 from Adam Majer's avatar Adam Majer (adamm) (revision 30) 
- New upstream version 4.2.2
   * fix SO_NOSIGPIPE and connection closing by peer race condition
   * fix IPv4-in-IPv6 mapped addresses parsing error
   * zmq_z85_decode did validate its input. The function has been
   fixed to correctly follow RFC32 and return NULL if the input is
   invalid.
   * for complete changelog see
   https://github.com/zeromq/libzmq/releases/tag/v4.2.2
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 403389 from Ismail Dönmez's avatar Ismail Dönmez (namtrac) (revision 25) 
- New upstream version 4.1.5
  * Fixed #1806 - uninitialised read in curve getsockopt.
  * Fixed #1807 - build broken with GCC 6.
  * Fixed #1831 - potential assertion failure with latest libsodium.
  * Fixed #1850 - detection issues with tweetnacl/libsodium.
  * Fixed #1877 - Avoid terminating connections prematurely
  * fixes some IPv6 related issues
- Removed 3ad076.patch, upstreamed
Displaying revisions 1 - 20 of 43
openSUSE Build Service is sponsored by
Places