summaryrefslogtreecommitdiff
tag namev2016.14 (0207814f9883fb196568400d20d3742adc06ab28)
tag date2016-11-23 11:44:42 -0500
tagged byColin Walters <walters@verbum.org>
tagged objectcommit 7584dc0f25...
downloadostree-2016.14.tar.gz
Release 2016.14
First, this release adds GPG verification for the commit objects inside deltas. This was a vulnerability if you are fetching content over plain HTTP, and is still important if using TLS. More information is available in [the commit](https://github.com/ostreedev/ostree/pull/589/commits/d06163038ff1ca407027d08e0f3c7d04c802810d) and there is [continuing upstream discussion](https://mail.gnome.org/archives/ostree-list/2016-October/msg00002.html) of transport integrity models. Also regarding GPG, we now make it easier to [use a GPG ASCII key](https://github.com/ostreedev/ostree/pull/575/commits/9fb2d5a501660e155553d98998da87839287054c) in a remote configuration. Another major thing in this release is that we started making more use of the [GCC/Clang sanitizers](https://github.com/google/sanitizers/wiki) like `-fsanitize=address`, `-fsanitize=undefined` etc. and numerous small memory leaks were fixed in particular. Thanks to all contributors! ``` Abhay Kadam (1): Fix broken link in docs/CONTRIBUTING.md Alexander Larsson (1): commit: Fix reading xattrs from OstreeRepoFile:s Colin Walters (17): travis: Drop debian unstable since we can't fetch packages reliably pull: Add support for `http-headers` option pull: Redo logic for "scanning" lib: Define and use cleanup functions for gpgme lib: Split out helper function to create GPG context Add "gpgkeypath" option to remotes lib: Add an API to GPG verify a commit given a remote [UBSAN] deltas: Don't call memset(NULL, NULL, 0) with no xattrs [TSAN] main: Stop calling g_set_prgname() [TSAN] Rework assertions to always access refcount atomically pull: Dedup code for checking for > 0 valid results pull: Use new per-remote API for GPG verification pull: Do GPG verify commit objects when using deltas tests: Support TEST_SKIP_CLEANUP=err [ASAN] tests: Fix some memleaks in libarchive importer [ASAN] lib: Squash various leaks in library and commandline Release 2016.14 Jasper St. Pierre (3): ostree-repo: Fix parameter name ostree-repo-static-delta-processing: Don't close(-1) ostree-repo: Make the lock with a long-lasting FD Jonathan Lebon (1): .redhat-ci.yml: no longer install libubsan & clang William Manley (1): ostree commit: Fix combining trees with multiple --tree=ref arguments ``` Git-EVTag-v0-SHA512: 6756eef81978c4a9559327972b53019f9ea214ab92af266054d303770e7a60684e73fba0870fda81b5262a0ab3aae3f89d962cd346930932a3c668f081d5726a -----BEGIN PGP SIGNATURE----- iQEwBAABCgAaBQJYNcd6Exx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwtu mgf/Z1rDWdTKAdvnJ4jR4eW2yKJYMrok0QUZXn2Q7MlA/1O0qtY6GudlNdScW9Tr WFMydw6xr04PCQFMofsK14KkeD4eZqAAon2dyrnoZM1A5a6rVjfBSYLgVf8k+oIl yZxlqHjKnKSnW985lIIrZPanFTk8aekXL2oMzQtr0xKjflcpeW6XJvm7fMIfv+dM pyLlDQA6zfo+eQ8fgKJc9opx7MTmVACcP4Efzvj+YV3msLRVOqs5S2WE76CDhL5T KV0AnVfSTYY1PQLfgwOmqSAyV2nCf96aUIYquHqMz/pt5p2WElxTMKuD5YYB7GoG goDEz0dNJDER+65leUUtGCqYZg== =n2Vt -----END PGP SIGNATURE-----
View Lorry Controller Status