[ANNOUNCE] xorg-server 1.20.11
Christopher Chavez (1): XQuartz: recognize F16-F20 and Menu keys Fabrice Fontaine (1): meson.build: KMS support also depends on dri2 Jeremy Huddleston Sequoia (36): xquartz: Remove support for Panther and earlier versions of macOS os: Remove support for Tiger and earlier versions of macOS xquartz: Remove support for Tiger and earlier versions of macOS xquartz: Remove support for Leopard and earlier versions of macOS xquartz: Remove check for libdispatch now that we don't support pre-SnowLeopard xquartz: Remove support for SnowLeopard and earlier versions of macOS xquartz: Remove support for Lion and earlier versions of macOS xquartz: Remove support for Mountain Lion and earlier versions of macOS xquartz: Remove support for building for i386 xquartz: Remove unused include of AvailabilityMacros.h from various sources xquartz: Remove support for older versions of libXplugin xquartz: Ensure that NSRunAlertPanel() is run on the main thread xquartz: Ensure we call into TIS on the main thread xquartz: Update the about box copyright to 2021 xquartz: Apply Xcode 12.4 automatic updates to nibs xquartz: Fix applications menu table background color for dark mode xquartz: Apply spell check fixes from master for easier cherry-picking of changes in xquartz xquartz: Remove a workaround for AppKit versions older than Lion xquartz: Remove some dead code for compatibility with older nibs xquartz: Minor code modernization -- @autoreleasepool adoption xquartz: Use objc_autoreleasePoolPush / objc_autoreleasePoolPop directly in QuartzBlockHandler xqaurtz: Remove message_kit_thread() and use dispatch instead xquartz: Fold away array_with_strings_and_numbers and simplify with more modern Objective-C xquartz: Fold away some unnecessary hops to X11Controller through X11Application xquartz: Fold quartzCommon.h into quartz.h xquartz: Convert X11Application ivars into @properties xquartz: Convert X11Controller ivars into @properties xquartz: Rewrite Window menu handling to not depend on X11App.windowsMenu.numberOfItems being correct in -awakeFromNib xquartz: Silence a compiler warning about missing internal methods on NSApplication xquartz: Fix build with sparkle enabled xquartz: Fix a compiler warning about const incompatible pointer assignment xquartz: Allocate each fbconfig separately xquartz: Don't process AppKit events if we haven't finished initializing xquartz: Add a launch trampoline to better integrate with modern versions of macOS xquartz: Don't include strndup.c any more since we no longer support 10.8 and older xquartz: Remove a check for NSAppKitVersionNumber >= NSAppKitVersionNumber10_7 Jim DeLaHunt (1): Fix typo "XQaurtz" in Xquartz.man Jon Turney (1): xquartz: Add stub ddxInputThread() Mariusz Ceier (1): xwayland: Replace LogMessage with LogMessageVerb Matt Turner (1): xserver 1.20.11 Matthieu Herrb (1): Fix XChangeFeedbackControl() request underflow Michal Srb (1): xkb: Fix heap overflow caused by optimized away min. git tag: xorg-server-1.20.11 https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.11.tar.bz2 SHA256: 914c796e3ffabe1af48071d40ccc85e92117c97a9082ed1df29e4d64e3c34c49 xorg-server-1.20.11.tar.bz2 SHA512: 1017015b9fd5d53788abe3641d877e6df8609841fa5c1847c0a5e133ddcc1b758a5d695304ebd36828099ec201a85b6b70b46f5ea4f81c5bd3a16fa6e175e3c2 xorg-server-1.20.11.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.11.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.11.tar.gz SHA256: 4e9341c96f5ed0f6b9491ed732c501303479d3fe21da280c768a1822d7e5d352 xorg-server-1.20.11.tar.gz SHA512: 5a06d3c1406c1d896315a2ea030939c1c6b52abbf6d8489a31e060ba27795044e03ccc3607855586440a0df8660a18f84355c77ef030f81d765c9663bc9ac0df xorg-server-1.20.11.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.11.tar.gz.sig signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
X.Org server security advisory: April 13, 2021
X.Org server security advisory: April 13, 2021 Input validation failures in X server XInput extension == Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorized clients on systems where the X server is running privileged. * CVE-2021-3472 / ZDI CAN 12549 XChangeFeedbackControl Integer Underflow Patch - A patch for this issue has been committed to the xorg server git repository. xorg-server 1.20.11 and xwayland 21.1.1 will be released shortly and will include this patch. https://gitlab.freedesktop.org/xorg/xserver.git commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Fix XChangeFeedbackControl() request underflow CVE-2021-3472 / ZDI-CAN-1259 Thanks == These vulnerabilities have been discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
