[Pixman] [ANNOUNCE] pixman release 0.42.2 now available

[Matt Turner]

A new pixman release 0.42.2 is now available. This is a stable release
in the 0.42 series.

This version contains a fix for a heap overflow. A CVE has been
requested, and I'll reply to this email with the number when it is
allocated. 

See 
https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
and https://gitlab.freedesktop.org/pixman/pixman/-/issues/63 for more 
information.

Thanks to Maddie Stone and Google's Project Zero for discovering this
issue, providing a proof-of-concept, and a great analysis.

tar.gz:
        https://cairographics.org/releases/pixman-0.42.2.tar.gz
        https://www.x.org/releases/individual/lib/pixman-0.42.2.tar.gz

tar.xz:
        https://www.x.org/releases/individual/lib/pixman-0.42.2.tar.xz

Hashes:
        SHA256: 
ea1480efada2fd948bc75366f7c349e1c96d3297d09a3fe62626e38e234a625e  
pixman-0.42.2.tar.gz
        SHA256: 
5747d2ec498ad0f1594878cc897ef5eb6c29e91c53b899f7f71b506785fc1376  
pixman-0.42.2.tar.xz
        SHA512: 
0a4e327aef89c25f8cb474fbd01de834fd2a1b13fdf7db11ab72072082e45881cd16060673b59d02054b1711ae69c6e2395f6ae9214225ee7153939efcd2fa5d
  pixman-0.42.2.tar.gz
        SHA512: 
3476e2676e66756b1af61b1e532cd80c985c191fb7956eb01702b419726cce99e79163b7f287f74f66414680e7396d13c3fee525cd663f12b6ac4877070ff4e8
  pixman-0.42.2.tar.xz

GPG signature:
        https://cairographics.org/releases/pixman-0.42.2.tar.gz.sha512.asc
        (signed by [ultimate] Matt Turner <matts...@gmail.com>
         [ultimate] Matt Turner <matts...@gentoo.org>
         [ultimate] Matt Turner <matts...@freedesktop.org>
         [ultimate] Matt Turner <mstur...@google.com>)

Git:
        https://gitlab.freedesktop.org/pixman/pixman.git
        tag: pixman-0.42.2

Log:
        Matt Turner (4):
              build: Add a64-neon-test.S to EXTRA_DIST
              Revert "Fix signed-unsigned semantics in reduce_32"
              Avoid integer overflow leading to out-of-bounds write
              Pre-release version bump to 0.42.2
        
        Simon Ser (3):
              Post-release version bump to 0.42.1
              meson: override pixman-1 dependency
              meson: explicitly set C standard to gnu99
        
        Thomas Klausner (2):
              configure.ac: avoid unportable test(1) operator
              Makefile.am: increase shell portability

signature.asc
Description: PGP signature