mirror of
https://github.com/BLAKE3-team/BLAKE3
synced 2024-05-28 05:26:04 +02:00
tag the first release of the C implementation, c-0.2.0
This release is motivated by a fix for a potential security vulnerability.421a21abd8fixes a bug introduced ina1c4c4efb5. A truncated pointer register led to a segfault on x86-64 under Clang 7 and 8. Clang 9 happens to be unaffected, but the behavior is undefined in general. See also: https://github.com/BLAKE3-team/BLAKE3/issues/60#issuecomment-585838317 The C implementation of BLAKE3 hasn't been formally packaged anywhere, and most callers vendor code from master. This release tag is intended to make the fix above more visible, to encourage callers to update their vendored copies. We will continue to publish tags like this whenever bugs in the C implementation are fixed, or if there are any incompatible API changes. Note that the issue above does not impact callers of the Rust `blake3` crate. The affected file, `blake3_dispatch.c`, is not compiled by that crate in any configuration. It does impact callers of the internal `blake3_c_rust_bindings` crate, but that crate is not published on crates.io and not intended for production use.
This commit is contained in:
Jack O'Connor
parent
421a21abd8
commit
fdeb3a38ee