SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for zeromq-devel-4.3.4-1.3.x86_64.rpm :

* Mon Aug 15 2022 Dirk Müller - drop xmlto and asciidoc buildrequires, these are only needed for non-release builds which do not ship with prebuilt docs
* Mon Jun 28 2021 Matej Cepl - Explicit BR on python is not necessary.
* Sun Jan 24 2021 Dirk Müller - update to 4.3.4:
* ZMQ_PRIORITY will set the SO_PRIORITY socket option on the underlying sockets. Only supported on Linux.
* Fixed compilation errors on kFreeBSD and GNU/Hurd
* Fixed excessive amount of socket files left behind in Windows TMP
* Fixed regression that breaks using IPv6 link-local addresses on Linux
* Fixed compilation errors on Android
* Fixed compilation error with ulibc and libbsd
* Fixed stack overflow on Windows x64
* Fixed various compilation errors on Windows ARM 32bit
* Fixed various compilation warnings with XCode
* Fixed return value of zmq_ctx_get changed unintentionally
* Mon Sep 07 2020 Adam Majer - New upstream version 4.3.3:
* Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. (CVE-2020-15166, bsc#1176116) If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
* Stack overflow on server running PUB/XPUB socket (CURVE disabled). The PUB/XPUB subscription store (mtrie) is traversed using recursive function calls. In the remove (unsubscription) case, the recursive calls are NOT tail calls, so even with optimizations the stack grows linearly with the length of a subscription topic. Topics are under the control of remote clients - they can send a subscription to arbitrary length topics. An attacker can thus cause a server to create an mtrie sufficiently large such that, when unsubscribing, traversal will cause a stack overflow. (bsc#1176258) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
* Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP. Messages with metadata are never processed by PUB sockets, but the metadata is kept referenced in the PUB object and never freed. (bsc#1176257) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
* Memory leak in client induced by malicious server(s) without CURVE/ZAP. When a pipe processes a delimiter and is already not in active state but still has an unfinished message, the message is leaked. (bsc#1176259) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
* Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled). By crafting a packet which is not valid ZMTP v2/v3, and which has two messages larger than 8192 bytes, the decoder can be tricked into changing the recorded size of the 8192 bytes static buffer, which then gets overflown by the next message. The content that gets written in the overflown memory is entirely decided by the sender. (bsc#1176256) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 For complete list of changes, see https://github.com/zeromq/libzmq/releases/tag/v4.3.3
* Tue Jul 09 2019 Vítězslav Čížek - New upstream version 4.3.2:
* CVE-2019-13132: a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. (bsc#1140255)
* New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports a versioned monitoring events protocol as a parameter. Passing 1 results in the same behaviour as zmq_socket_monitor.
* New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned v2 API, which contains the current status of all the queues owned by the monitored socket. See doc/zmq_socket_monitor_versioned.txt for details.
* New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread safe socket.
* New DRAFT (see NEWS for 4.2.0) socket options: ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid duplicates when using last value caching. ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy authentication.- For complete set of changes, see https://github.com/zeromq/libzmq/releases/tag/v4.3.2
* Mon Jan 14 2019 adam.majerAATTsuse.de- New upstream version 4.3.1:
* CVE-2019-6250: A vulnerability has been found that would allow attackers to direct a peer to jump to and execute from an address indicated by the attacker. (bsc#1121717)
* fixed race condition in ZMQ_PUSH when quickly disconnecting and reconnecting causes last part of multi-part message to get \"stuck\" and resent by mistake to the new socket. For complete set of changes, see, https://github.com/zeromq/libzmq/releases/tag/v4.3.1 https://github.com/zeromq/libzmq/releases/tag/v4.3.0
* Tue Jul 10 2018 dimstarAATTopensuse.org- Add baselibs.conf: build libzmq5-32bit, as it is a required dependency to libavfilter7-32bit (i.e ffmpeg 4).
* Mon Mar 26 2018 adam.majerAATTsuse.de- New upstream version 4.2.5:
* fix backward-incompatible change in the NULL auth mechanism that slipped in 4.2.3 and made connections with a ZAP domain set on a socket but without a working ZAP handler fail. See ZMQ_ZAP_ENFORCE_DOMAIN
* clarify in zmq_close manpage that the operation will complete asynchronously.
* Thu Mar 22 2018 adam.majerAATTsuse.de- New upstream version 4.2.4
* New DRAFT (see NEWS for 4.2.0) socket options: - ZMQ_LOOPBACK_FASTPATH to enable faster TCP loopback on Windows - ZMQ_METADATA to set application-specific metadata on a socket See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
* New DRAFT (see NEWS for 4.2.0) context options: - ZMQ_ZERO_COPY_RECV to disable zero-copy receive to save memory at the expense of slower performance See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
* New DRAFT API zmq_stopwatch_intermediate which returns the time elapsed without stopping the stopwatch.
* TIPC: support addressing TIPC Port Identity addresses.
* fix ZMQ_DISH over UDP triggers errno_assert() after watermark
* fix ZMQ_PUB crash when due to high volume of subscribe and unsubscribe messages, an unmatched unsubscribe message is received in certain conditions
* see NEWS and ChangeLog for additional details- install licenses correctly and update SPDX license to version 3
* Thu Dec 14 2017 adam.majerAATTsuse.de- New upstream version 4.2.3
* API change: previously ZMQ_POLLOUT on a ZMQ_ROUTER socket returned always true due to how the type works. When ZMQ_ROUTER_MANDATORY is set, sending fails when the peer is not available, but ZMQ_POLLOUT always returns true anyway, which does not make sense. Now when ZMQ_ROUTER_MANDATORY is set, ZMQ_POLLOUT on a ZMQ_ROUTER will return true only if at least one peer is available. Given ZMQ_POLLOUT with ZMQ_ROUTER was not usable at all previously, we do not consider this a breakage warranting a major or minor version increase.
* ZMQ_IDENTITY has been renamed to ZMQ_ROUTING_ID and ZMQ_CONNECT_RID has been renamed to ZMQ_CONNTECT_ROUTING_ID to disambiguate. ZMQ_IDENTITY and ZMQ_CONNECT_RID are still available to keep backward compatibility, and will be removed in a future release after further advance notice.
* DRAFT API change: zmq_poller_wait, zmq_poller_wait_all and zmq_poller_poll have been changed to be inline with other existing APIs that have a timeout to return EAGAIN instead of ETIMEDOUT as the errno value.
* Existing non-DRAFT socket types ZMQ_REP/REQ, ZMQ_ROUTER/DEALER and ZMQPUB/SUB, that were previously declared deprecated, have been reinstated as stable and supported
* Curve: all remaining traces of debug output to console are now removed, and new DRAFT events are available to properly debug CURVE, PLAIN, GSSAPI and ZAP events and failures.
* for compelete changelog see https://github.com/zeromq/libzmq/releases/tag/v4.2.3- drop remove_werror.patch: can now be disabled at configure time, if needed.
  
ICM