xkeyboard-config 2.2.1
Just a couple of days after 2.2. Since X.org was very kind to release libx11 1.4.3 (which is required for xkeyboard-config 2.2), that exposed one serious issue in the build process of xkeyboard-config So, here is 2.2.1 - just a build fix. This release is highly recommended (realistically - required) for GNOME3. http://www.x.org/releases/individual/data/xkeyboard-config/xkeyboard-config-2.2.1.tar.bz2 http://www.x.org/releases/individual/data/xkeyboard-config/xkeyboard-config-2.2.1.tar.gz The tag in git is xkeyboard-config-2.2.1 Bugzilla: https://bugs.freedesktop.org/enter_bug.cgi?product=xkeyboard-config Sorry for the hassle Sergey ___ xorg-announce mailing list xorg-announce@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libX11 1.4.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A minor release of libX11 to add support for the Sinhala keysyms required by the recent xkb-config 2.2 release. Note that to get full support for these keysyms you will also need to upgrade to x11proto 7.0.21 before building the new libX11. Alan Coopersmith (1): libX11 1.4.3 Gaetan Nadon (1): Documentation: add Docbook external references support Harshula Jayasuriya (1): Add #define XK_SINHALA git tag: libX11-1.4.3 http://xorg.freedesktop.org/archive/individual/lib/libX11-1.4.3.tar.bz2 MD5: 85e942627aaa020813e0eb8433353563 SHA1: 174270a0e51614b5077026fc6c20701d4e09aef8 http://xorg.freedesktop.org/archive/individual/lib/libX11-1.4.3.tar.gz MD5: 3300b63f7a9629d8ce5e9bfed70e9128 SHA1: 75fd6f6b3470792bdd37f42fe3bccfac835dfcca - -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (SunOS) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2bhxoACgkQovueCB8tEw6z+gCfU5DbkNFjvIAPPcEfHRJnwoCx xvAAn1zfWRCNdpk+xhB+yVnWwU9RfW0t =aOEl -END PGP SIGNATURE- ___ xorg-announce mailing list xorg-announce@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg-announce
[ANNOUNCE] X.Org security advisory: root hole via rogue hostname
X.Org security advisory, April 5th, 2011 root hole via rogue hostname CVE ID: CVE-2011-0465 Overview By crafting hostnames with shell escape characters, arbitrary commands can be executed in a root environment when a display manager reads in the resource database via xrdb. These specially crafted hostnames can occur in two environments: * Hosts that set their hostname via DHCP * Hosts that allow remote logins via xdmcp Impact -- Arbitrary (short) commands can be executed as root on affected hosts. With some display managers a working login is required (resource database is read upon login), with others no working login is required (resource database is read upon display manager start as well). Only systems are affected that 1) set their hostname via DHCP, and the used DHCP client allows setting of hostnames with illegal characters or 2) allow remote logins via xdmcp 1) requires either physical access to the network, or administrative access to the running DHCP server. 2) does not require physical access, if a regular account on a machine accepted by xdmcp is available, but describes a case that is considered insecure nowadays. Affected versions - xrdb up to including 1.0.8 X11R7.6 (latest release) includes xrdb 1.0.7 Fix --- This issue has been fixed with git commit 1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 A fix of this vulnerability is included in xrdb 1.0.9. This issue was found by Sebastian Krahmer from the SUSE security team. Thanks Matthias Hopf pgpoBBPwhQArl.pgp Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg-announce
[ANNOUNCE] xrdb 1.0.9
xrdb security issue; separate announcement follows. This fixes CVE-2011-0465. Matthias Hopf (2): Create shell-escape-safe cpp options in the non-pathetic-cpp case. Bump to 1.0.9 git tag: xrdb-1.0.9 http://xorg.freedesktop.org/archive/individual/app/xrdb-1.0.9.tar.bz2 MD5: ed2e48cf33584455d74615ad4bbe4246 xrdb-1.0.9.tar.bz2 SHA1: efa5f2420411988d6a6e142934393fd272507857 xrdb-1.0.9.tar.bz2 http://xorg.freedesktop.org/archive/individual/app/xrdb-1.0.9.tar.gz MD5: cc66bd89cd830c8b4c839421397457ac xrdb-1.0.9.tar.gz SHA1: 0beefc6dc4fa99bd673b58ed5b2b13d741621720 xrdb-1.0.9.tar.gz pgpC3b52JUgTQ.pgp Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg-announce