[ANNOUNCE] xrdb 1.2.1
Matthieu Herrb (1): xrdb 1.2.1 Tobias Stoeckmann (1): Fix out of boundary read. Walter Harms (3): Add actual querying capabilities XFree() can handle NULL arg fix assignment discards ‘const’ qualifier git tag: xrdb-1.2.1 https://xorg.freedesktop.org/archive/individual/app/xrdb-1.2.1.tar.bz2 SHA256: 4f5d031c214ffb88a42ae7528492abde1178f5146351ceb3c05f3b8d5abee8b4 xrdb-1.2.1.tar.bz2 SHA512: d88135cdfea8536523dfb986249ee42761d5363c936352f12f55b4d0c849f21236f7d74d39869c5ec5b549019d6ed89d9096cde4b3c2b4816c2778a8e370b5c9 xrdb-1.2.1.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/app/xrdb-1.2.1.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/app/xrdb-1.2.1.tar.gz SHA256: e674f5fb081a023e54878c0aac728dc30feb821207c989cff17a60f0c4a80ced xrdb-1.2.1.tar.gz SHA512: 0a890d702d7b256a565f52505a8f0b425b170788f263fd173f279919f5641f856cc2317d899c494774b8f1fc049758c5208c41ea5560e2937184eb228ba23f92 xrdb-1.2.1.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/app/xrdb-1.2.1.tar.gz.sig -- Matthieu Herrb signature.asc Description: PGP signature
[ANNOUNCE] xrestop 0.5
Alan Coopersmith (3): Update configure.ac bug URL for gitlab migration Fix -Wsign-compare warning in recurse_win_tree() Fix -Wsign-compare warnings in xrestop_client_get_stats Ben Byer (1): fixed typo in output of xrestop -b Gaetan Nadon (5): config: upgrade Autoconf initialization section config: use standard xorg autogen.sh config: use standard xorg .gitignore file config: upgrade to util-macros 1.8 for additional man page support config: remove AC_PROG_CC as it overrides AC_PROG_C_C99 James Cloos (2): Replace static ChangeLog with dist-hook to generate from git log Fix commit 08c9daab3a0b3ef37723c007858fa949cb91bbd8 Keith Packard (1): Use XResQueryClientIds to get pid instead of window property Kevin Ryde (1): In xrestop_client_get_info() show xrestop's own pid. Matthieu Herrb (7): Update README for gitlab migration Fix version for development. More fixes for README.md + modern packaging Remove unused function window_get_pid() Fix character buffer sizes to hold full formatted strings Fix EXTRA_DIST and MAINTAINERCLEANFILES Release xrestop 0.5 Paulo Cesar Pereira de Andrade (1): Correct make distcheck and sparse warnings. Peter Harris (1): Display ShmSeg resource count Søren Sandmann Pedersen (2): man page: Change -dt to -t More man page fixes Walter Harms (4): FIX: warning: initialization discards `const' qualifier from pointer target type no need-to-check argument for XFree remove unused debug code FIX: malloc+memset=calloc git tag: xrestop-0.5 https://xorg.freedesktop.org/archive/individual/app/xrestop-0.5.tar.bz2 SHA256: 89d0a5d99d1f4b290a79c5ba0d6142d8591262f167165d1bc468abaa9c18d51b xrestop-0.5.tar.bz2 SHA512: f50e1fcba2fdb6167f93b9edae721556bc411232a9d7cc1df853e588cd92608c9ca652bee1aaf5cfe3750d6c60db6c6cd1c6797e282841cc535051e78b2c4c1d xrestop-0.5.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/app/xrestop-0.5.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/app/xrestop-0.5.tar.gz SHA256: 6a5c9730f90121c55cde34a0a4733c429d4b17e42a66a8a3891e9603c83c1ff7 xrestop-0.5.tar.gz SHA512: d5f024c2d9ea9994e447713990a619f9bb0bf474f14b2f212f44ef6030c8633b03c95818f825aca1c241756e68594c44f86e02643af53cecb65f43434f3f8ebf xrestop-0.5.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/app/xrestop-0.5.tar.gz.sig -- Matthieu Herrb signature.asc Description: PGP signature
[ANNOUNCE] libX11 1.7.1
Benno Schulenberg (3): nls: add 'C.utf8' as an alias for 'en_US.UTF-8' nls: allow composing all breved letters also with a lowercase "u" nls: adjust three comments about the APL compose sequences Christopher Chavez (1): Xlib.h: spelling fix in comment Gaurav Ujjwal (1): Fix out-of-bound access in KeySymToUcs4() Matthieu Herrb (2): Reject string longer than USHRT_MAX before sending them on the wire Version 1.7.1 Walter Harms (8): FIX: warning: macro `Pn' not defined FIX: warning: macro `hN' not defined fix warning: macro `s' not defined FIX: warning: macro `IN' not defined FIX: warning: macro `hN' not defined fix broken nroff coding for code comments Fix some roff code add see also fix same roff code git tag: libX11-1.7.1 https://xorg.freedesktop.org/archive/individual/lib/libX11-1.7.1.tar.bz2 SHA256: e64e43deaa562cbfb0d5ada64670ec09c6fac7935262dcd77bbc6d984a535d47 libX11-1.7.1.tar.bz2 SHA512: a76f0a82fce6f9b50646a7cd7ec5ee046650f225816050226068a7548fa083ef07d146d40faaf44e033c59c17b0fda5ffdee3a127dac3ab56cee02133819aa3d libX11-1.7.1.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.7.1.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libX11-1.7.1.tar.gz SHA256: 7e6d4120696e90995e66ac24f1042d4f11c14fbefd7aab48de0ed1fe3c4b922b libX11-1.7.1.tar.gz SHA512: 24f6f4f4b43c118f03180034a30362fe8c25db8241ed1c967d06f3e865afd7db611c8e5052a435c15ff0f08e90b3f49a6887aa78afafcffb5b13e8498a427fd2 libX11-1.7.1.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.7.1.tar.gz.sig -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
libX11 security advisory: May 11, 2021
X.Org libX11 security advisory: May 18, 2021 Missing request length checks in libX11 === CVE-2021-31535 XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server. Patch - A patch for XLookupColor() and other potentially vulnerable functions has been committed to libX11. libX11 1.7.1 will be released shortly and contains a fix for this issue. https://gitlab.freedesktop.org/xorg/lib/libx11 commit: 8d2e02ae650f00c4a53deb625211a0527126c605 Reject string longer than USHRT_MAX before sending them on the wire XTerm version 367 contains extra validation for the length of color names passed to XLookupColor() from terminal control sequences. XTerm version 366 and earlier are vulnerable. Tests conducted by Roman Fiedler on other terminal emulator applications have not found other cases of passing un-checked color names to XLookupColor(). Thanks == This vulnerability has been discovered by Roman Fiedler from Unparalleled IT Services e.U. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
X.Org server security advisory: April 13, 2021
X.Org server security advisory: April 13, 2021 Input validation failures in X server XInput extension == Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorized clients on systems where the X server is running privileged. * CVE-2021-3472 / ZDI CAN 12549 XChangeFeedbackControl Integer Underflow Patch - A patch for this issue has been committed to the xorg server git repository. xorg-server 1.20.11 and xwayland 21.1.1 will be released shortly and will include this patch. https://gitlab.freedesktop.org/xorg/xserver.git commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Fix XChangeFeedbackControl() request underflow CVE-2021-3472 / ZDI-CAN-1259 Thanks == These vulnerabilities have been discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
X.Org server security advisory: December 1, 2020
X.Org server security advisory: December 1, 2020 Multiple input validation failures in X server XKB extension These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged. * CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server. * CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server. Patches --- Patches for these issues have been committed to the xorg server git repository. xorg-server 1.20.10 will be released shortly and will include these patches. https://gitlab.freedesktop.org/xorg/xserver.git commit 446ff2d3177087b8173fa779fa5b77a2a128988b Check SetMap request length carefully. Avoid out of bounds memory accesses on too short request. ZDI-CAN 11572 / CVE-2020-14360 commit 87c64fc5b0db9f62f4e361444f4b60501ebf67b9 Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows ZDI-CAN 11389 / CVE-2020-25712 Thanks == These vulnerabilities have been discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
X.Org libX11 security advisory: August 25, 2020
Double free in libX11 locale handling code == CVE-2020-14363 There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free. Patches --- A Patch for this issue has been committed to the libX11 git repository. libX11 1.6.12 will be released shortly and will include this patch. https://gitlab.freedesktop.org/xorg/lib/libx11 commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master) Fix an integer overflow in init_om() CVE-2020-14363 This can lead to a double free later, as reported by Jayden Rivers. Thanks -- X.Org thanks Jayden Rivers for reporting this issue to our security team and assisting them in understanding them and providing fixes. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
X.Org security advisory: July 31, 2020: libX11
X.Org security advisory: July 31, 2020 Heap corruption in the X input method client in libX11 == CVE-2020-14344 The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method. Patches === Patches for these issues have been commited to the libX11 git repository. libX11 1.6.10 will be released shortly and will include those patches. https://gitlab.freedesktop.org/xorg/lib/libx11 commit 1703b9f3435079d3c6021e1ee2ec34fd4978103d (HEAD -> master) Change the data_len parameter of _XimAttributeToValue() to CARD16 It's coming from a length in the protocol (unsigned) and passed to functions that expect unsigned int parameters (_XCopyToArg() and memcpy()). commit 1a566c9e00e5f35c1f9e7f3d741a02e5170852b2 Zero out buffers in functions It looks like uninitialized stack or heap memory can leak out via padding bytes. commit 2fcfcc49f3b1be854bb9085993a01d17c62acf60 Fix more unchecked lengths commit 388b303c62aa35a245f1704211a023440ad2c488 fix integer overflows in _XimAttributeToValue() commit 0e6561efcfaa0ae7b5c74eac7e064b76d687544e Fix signed length values in _XimGetAttributeID() The lengths are unsigned according to the specification. Passing negative values can lead to data corruption. Thanks == X.Org thanks Todd Carson for reporting these issues to our security team and assisting them in understanding them and providing fixes. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libSM 1.2.3
Alan Coopersmith (1): Stop compiling empty sm_auth.c stub Emil Velikov (1): autogen.sh: use quoted string variables Fab (1): Fix callbacks signatures in libSM documentation Jon TURNEY (1): Include unistd.h for getpid() Matthieu Herrb (3): Fix uuid_to_string(3) type Get rid of strcpy() in the HAVE_UUID_CREATE case libSM 1.2.3 Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Tobias Stoeckmann (1): Fixed out ouf boundary accesses. git tag: libSM-1.2.3 https://xorg.freedesktop.org/archive/individual/lib/libSM-1.2.3.tar.bz2 MD5: 87c7fad1c1813517979184c8ccd76628 libSM-1.2.3.tar.bz2 SHA1: 437d7b13fa2eba325df3a106f177df46ccec6546 libSM-1.2.3.tar.bz2 SHA256: 2d264499dcb05f56438dee12a1b4b71d76736ce7ba7aa6efbf15ebb113769cbb libSM-1.2.3.tar.bz2 SHA512: 74c42e27029db78475e62025b4711dbac5e22d2f8e8a24be98a1c31b03c0fc4afe859928f851800ea0b76854f12147900dc4f27bbfd3d8ea45daaaf24b70a903 libSM-1.2.3.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libSM-1.2.3.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libSM-1.2.3.tar.gz MD5: 6d167e6f7802d76b4ac89c44aa4c1f97 libSM-1.2.3.tar.gz SHA1: 595b43aec719e0525a1e07504218835dadee8ed2 libSM-1.2.3.tar.gz SHA256: 1e92408417cb6c6c477a8a6104291001a40b3bb56a4a60608fdd9cd2c5a0f320 libSM-1.2.3.tar.gz SHA512: 03b77d86b33cdb3df4f9d65131a0025182f3cb0c17b33a90d236e8563b3011d225b9d006186302d07850edafa5b899aec6a086b8d437d357cd69fedd5f22d94b libSM-1.2.3.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libSM-1.2.3.tar.gz.sig -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libX11 1.6.6
Alan Coopersmith (6): Make Xkb{Get,Set}NamedIndicator spec & manpages match code Clarify state parameter to XkbSetNamedDeviceIndicator Improve table formatting in XkbChangeControls & XkbKeyNumGroups man pages If XGetImage fails to create image, don't dereference it to bounds check Use size_t for buffer sizes in SetHints.c Change fall through comment in lcDB.c to match gcc's requirements Arthur Huillet (1): _XDefaultError: set XlibDisplayIOError flag before calling exit Bhavi Dhingra (1): Fix possible memory leak in cmsProp.c:140 Martin Natano (1): Don't rebuild ks_tables.h if nothing changed. Matthieu Herrb (2): Remove statement with no effect. libX11 1.6.6 Michal Srb (1): Use flexible array member instead of fake size. Ryan C. Gordon (1): Valgrind fix for XStoreColor and XStoreColors. Samuel Thibault (1): XkbOpenDisplay.3: fix typo Tobias Stoeckmann (4): Validation of server response in XListHosts. Fixed off-by-one writes (CVE-2018-14599). Fixed out of boundary write (CVE-2018-14600). Fixed crash on invalid reply (CVE-2018-14598). walter harms (13): fix shadow warning _XIOError(dpy); will never return so remore dead remove argument check for free() adjust one inden fix shadow char_size fix more shadow warning no need to check argument for _XkbFree() remove stray extern no need to check args for Xfree() fix memleak in error path fix memleak in error path no need to check XFree arguments mark _XDefaultIOError as no_return Fixes: warning: variable 'req' set but not,used wharms (3): add _X_UNUSED to avoid unused variable warnings remove empty line silence gcc warning assignment discards 'const' qualifier from pointer target type git tag: libX11-1.6.6 https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.6.tar.bz2 MD5: 6b0f83e851b3b469dd660f3a95ac3e42 libX11-1.6.6.tar.bz2 SHA1: b29cf4362b58188cb27fed2294788004af7428a9 libX11-1.6.6.tar.bz2 SHA256: 65fe181d40ec77f45417710c6a67431814ab252d21c2e85c75dd1ed568af414f libX11-1.6.6.tar.bz2 SHA512: 9866dc6b158b15a96efe140b6fa68a775889a37e5565a126216211fee63868e02629a9f9f41816d590ef150560f43b8864010a77a6318c9109e76aec1d21b4d7 libX11-1.6.6.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.6.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.6.tar.gz MD5: 3fd4c6b9f2333dbc5d16824baa1cfb67 libX11-1.6.6.tar.gz SHA1: 3542c1641be5670dd1e9a38ea5b22d4278c17d19 libX11-1.6.6.tar.gz SHA256: c7fb5b1069d700737e02766aaf800d87e87d443af76657fff7a969edfcf49da0 libX11-1.6.6.tar.gz SHA512: 5d8a83521f53f529f6e7e2edc8d6ab837b39cbe794cc83d2dd84871656e5fb6e2d363c89df7af945547415c7bc8c7f2e85097b7b405b7e4f679071d84a42fc8d libX11-1.6.6.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.6.tar.gz.sig signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXfont2 2.0.3
Matthieu Herrb (1): libXfont2 2.0.3 Michal Srb (1): Open files with O_NOFOLLOW. (CVE-2017-16611) git tag: libXfont2-2.0.3 https://xorg.freedesktop.org/archive/individual/lib/libXfont2-2.0.3.tar.bz2 MD5: b7ca87dfafeb5205b28a1e91ac3efe85 libXfont2-2.0.3.tar.bz2 SHA1: 1110f1ad4061d9e8131ecb941757480e3e32bca0 libXfont2-2.0.3.tar.bz2 SHA256: 0e8ab7fd737ccdfe87e1f02b55f221f0bd4503a1c5f28be4ed6a54586bac9c4e libXfont2-2.0.3.tar.bz2 SHA512: 648b664e2aa58cbc7366a1b05873aa06bd4a38060f64085783043388244af8ceced77b29a22c3ac8b6d34cd226e093bbbcc785ea1748ea65720fe7ea05b4b44b libXfont2-2.0.3.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXfont2-2.0.3.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXfont2-2.0.3.tar.gz MD5: ba7277762e3737cd8dcb6c7fe5113a34 libXfont2-2.0.3.tar.gz SHA1: c1a10be432556ec58d9a978b0506e1391bd6e7e8 libXfont2-2.0.3.tar.gz SHA256: a4b761a37528353a2b83dba364d7c1fd6aef2d554a1a019815f24f7f8866890e libXfont2-2.0.3.tar.gz SHA512: 2d1df75e60a6e84556c09135f46eb97daece497fe1e48401151f024cdd4968205e454740418290c5b3c9177af145ef1f5abb9a35f535f40da4ead6df296da1fe libXfont2-2.0.3.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXfont2-2.0.3.tar.gz.sig signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXcursor 1.1.15
Alan Coopersmith (4): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 Use strdup() instead of malloc(strlen())+strcpy() Fix some clang integer sign/size mismatch warnings Emil Velikov (1): autogen.sh: use quoted string variables Matthieu Herrb (1): libXcursor 1.1.15 Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Tobias Stoeckmann (1): Fix heap overflows when parsing malicious files. (CVE-2017-16612) shubham shrivastav (1): Insufficient memory for terminating null of string in _XcursorThemeInherits git tag: libXcursor-1.1.15 https://xorg.freedesktop.org/archive/individual/lib/libXcursor-1.1.15.tar.bz2 MD5: 58fe3514e1e7135cf364101e714d1a14 libXcursor-1.1.15.tar.bz2 SHA1: 3e19f991f244b7fa31566adce7ead078424296cf libXcursor-1.1.15.tar.bz2 SHA256: 294e670dd37cd23995e69aae626629d4a2dfe5708851bbc13d032401b7a3df6b libXcursor-1.1.15.tar.bz2 SHA512: 53ad0fa2afd7b4cf1108b560e44ea71abdf5c55a18df243d7123942513589c927f5c105395f790d8769959e0129db54264e6aac7efd51a5f1aec270379b1f2f5 libXcursor-1.1.15.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXcursor-1.1.15.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXcursor-1.1.15.tar.gz MD5: 837cd0d40afa6ecdafaf6f7b574a0899 libXcursor-1.1.15.tar.gz SHA1: 8804780bbc5a4c425977cfa195412ac6bbc5204b libXcursor-1.1.15.tar.gz SHA256: 449befea2b11dde58ba3323b2c1ec30550013bd84d80501eb56d0048e62251a1 libXcursor-1.1.15.tar.gz SHA512: 89a3c4a02053cbe39d5bb1baf94798a37bc184436ae7b8a164115274a12fee5032f9dc896cf41195dc1d88c32d12da8679e8e4b13d89c2c23d7b22ea7c99b586 libXcursor-1.1.15.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXcursor-1.1.15.tar.gz.sig signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXpm 3.5.12
Jörg Sonnenberger (1): Fix abs() usage. Matthieu Herrb (1): libXpm 3.5.12 Tobias Stoeckmann (4): Fix out out boundary read on unknown colors Gracefully handle EOF while parsing files. Avoid OOB write when handling malicious XPM files. Handle size_t in file/buffer length git tag: libXpm-3.5.12 https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.12.tar.bz2 MD5: 20f4627672edb2bd06a749f11aa97302 libXpm-3.5.12.tar.bz2 SHA1: 4e22fefe61714209539b08051b5287bcd9ecfd04 libXpm-3.5.12.tar.bz2 SHA256: fd6a6de3da48de8d1bb738ab6be4ad67f7cb0986c39bd3f7d51dd24f7854bdec libXpm-3.5.12.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.12.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.12.tar.gz MD5: b286c884b11b5a0b4371175c5327141f libXpm-3.5.12.tar.gz SHA1: c837dfca61080a40031a3d9a83ea284acb619ab7 libXpm-3.5.12.tar.gz SHA256: 2523acc780eac01db5163267b36f5b94374bfb0de26fc0b5a7bee76649fd8501 libXpm-3.5.12.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.12.tar.gz.sig -- Matthieu Herrb signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXvMC 1.0.10
Matthieu Herrb (1): libXvMC 1.0.10 Tobias Stoeckmann (1): Avoid buffer underflow on empty strings. git tag: libXvMC-1.0.10 https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.bz2 MD5: 4cbe1c1def7a5e1b0ed5fce8e512f4c6 libXvMC-1.0.10.tar.bz2 SHA1: 8c50ee4a43aff84d807da2122ec6b0d8e3ce4635 libXvMC-1.0.10.tar.bz2 SHA256: e501a079b5dfaef0897c56152770c77e05e362065cec58910289aa567277ee2e libXvMC-1.0.10.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.gz MD5: ddb5c45bc56977acfdeec29b8118c487 libXvMC-1.0.10.tar.gz SHA1: ebcd70da1c3a01d785df6a003c475cdaaac145ad libXvMC-1.0.10.tar.gz SHA256: d8306f71c798d10409bb181b747c2644e1d60c05773c742c12304ab5aa5c8436 libXvMC-1.0.10.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXrender 0.9.10
Lauri Kasanen (1): Fix documentation to explicitly mention premultiplied alpha Matthieu Herrb (1): libXrender 0.9.10 Tobias Stoeckmann (2): Avoid OOB write in XRenderQueryFilters Validate lengths while parsing server data. git tag: libXrender-0.9.10 https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.bz2 MD5: 802179a76bded0b658f4e9ec5e1830a4 libXrender-0.9.10.tar.bz2 SHA1: d55106de9260c2377c19d271d9b677744a6c7e81 libXrender-0.9.10.tar.bz2 SHA256: c06d5979f86e64cabbde57c223938db0b939dff49fdb5a793a1d3d0396650949 libXrender-0.9.10.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.gz MD5: 98a14fc11aee08b4a1769426ab4b23a3 libXrender-0.9.10.tar.gz SHA1: 704f4571d70e81fcdb40143db938016231f84a05 libXrender-0.9.10.tar.gz SHA256: 770527cce42500790433df84ec3521e8bf095dfe5079454a92236494ab296adf libXrender-0.9.10.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXfixes 5.0.3
Matthieu Herrb (1): libXfixes 5.0.3 Tobias Stoeckmann (1): Integer overflow on illegal server response git tag: libXfixes-5.0.3 https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.bz2 MD5: 07e01e046a0215574f36a3aacb148be0 libXfixes-5.0.3.tar.bz2 SHA1: ca86342d129c02435a9ee46e38fdf1a04d6b4b91 libXfixes-5.0.3.tar.bz2 SHA256: de1cd33aff226e08cefd0e6759341c2c8e8c9faf8ce9ac6ec38d43e287b22ad6 libXfixes-5.0.3.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.gz MD5: fd07d0d77e92b0a72ca1740a72322837 libXfixes-5.0.3.tar.gz SHA1: 5b3f9ae580286eeb90ef6833f22ccc95c45011fa libXfixes-5.0.3.tar.gz SHA256: 9ab6c13590658501ce4bd965a8a5d32ba4d8b3bb39a5a5bc9901edffc5666570 libXfixes-5.0.3.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXrandr 1.5.1
Matthieu Herrb (1): libXrandr 1.5.1 Tobias Stoeckmann (1): Avoid out of boundary accesses on illegal responses walter harms (2): fix: doGetScreenResources() info: redundant null check on calling free() fix: redundant null check on calling free() git tag: libXrandr-1.5.1 https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.bz2 MD5: 28e486f1d491b757173dd85ba34ee884 libXrandr-1.5.1.tar.bz2 SHA1: 7232fe2648b96fed531208c3ad2ba0be61990041 libXrandr-1.5.1.tar.bz2 SHA256: 1ff9e7fa0e4adea912b16a5f0cfa7c1d35b0dcda0e216831f7715c8a3abcf51a libXrandr-1.5.1.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.gz MD5: 59e90a544ee8cf706cf11e3027339f60 libXrandr-1.5.1.tar.gz SHA1: d2d194a00914e863e51bac7c438b437dd490280f libXrandr-1.5.1.tar.gz SHA256: 2baa7fb3eca78fe7e11a09b373ba898b717f7eeba4a4bfd68187e04b4789b0d3 libXrandr-1.5.1.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXi 1.7.7
Matthieu Herrb (1): libXi 1.7.7 Tobias Stoeckmann (1): Properly validate server responses. git tag: libXi-1.7.7 https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2 MD5: cc0883a898222d50ff79af3f83595823 libXi-1.7.7.tar.bz2 SHA1: 37d150d7cc7061612643a3b8f458ff004edc6f2d libXi-1.7.7.tar.bz2 SHA256: 996f834fa57b9b33ba36690f6f5c6a29320bc8213022943912462d8015b1e030 libXi-1.7.7.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.gz MD5: 26150b56d62bc2178fa398442b504ba4 libXi-1.7.7.tar.gz SHA1: 6a3a50e0f0e5f78e258d3c61ac1012a9a559a51b libXi-1.7.7.tar.gz SHA256: 501f49e9c85609da17614d711aa4931fd128011042ff1cae53a16ce03e51ff5e libXi-1.7.7.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libX11 1.6.4
Alan Coopersmith (20): Move Compose \ o / to be with other emoji compose sequences Replace Xmalloc+memset pairs with Xcalloc calls Get rid of some extraneous ; at the end of C source lines Remove unused definition of XCONN_CHECK_FREQ Bug 93184: read_EncodingInfo invalid free Bug 93183: _XDefaultOpenIM memory leaks in out-of-memory error paths Delete #if 0 hunks of code Use strdup instead of Xmalloc+strcpy in _XDefaultOpenIM XDefaultOMIF: replace strlen+Xmalloc+strcpy with strdup XDefaultOMIF: additional code simplification XDefaultOMIF: Remove comments referring to ancient Sun bug ids XlcDL.c: replace strcpy+strcat sequences with snprintf XlcDL.c: reduce code duplication lcPubWrap: replace malloc(strlen) + strcpy with strdup Stop checking XTRANS_SECURE_RPC_FLAGS since we no longer use them Stop checking for preferred order of local transports Don't need to link libX11-xcb against libX11 xcms: use size_t for strlen/sizeof values instead of converting to int & back xcms: use unsigned indexes when looping through unsigned values xcms: use size_t for pointer offsets passed to strncmp Bhavi Dhingra (1): omGeneric.c: Correct the parameter usage of sizeof Christian Linhart (1): fix for Xlib 32-bit request number issues Daniel Albers (1): Add Compose sequence for U+1F4A9. Dominik Muth (1): Xlib.h: Fix macros imitating C functions. Gunnar Hjalmarsson (1): Add compose file for pt_PT similar to pt_BR James Cloos (2): Fix missing update in cf4d5989383a Fix another missing update in cf4d5989383a Julien Cristau (1): Mark _XNextRequest as hidden Mats Blakstad (1): New compose keys for local languages in Togo Matthew D. Fuller (1): Fixup param specification for XChangeProperty() Matthieu Herrb (1): libX11 1.6.4 Mike FABIAN (3): add be_BY.UTF-8@latin and sr_RS.UTF-8@latin to locale.dir fix spelling mistakes in ks_IN and sd_IN devanagari locales Fix spelling mistake introduced by 748d47e69f5c12d8557d56a8a8ec166588da7b93 Olivier Fourdan (1): XKB: fix XkbGetKeyboardByName with Xming server Peter Hutterer (3): Fix potential memory leak Fix an indentation issue Fix three "use of uninitialized variable" coverity warnings Ross Burton (1): Add missing NULL checks to ICWrap Thomas Klausner (2): Do not return() after exit(). Ignore test-driver (used by newer autoconf). Tobias Stoeckmann (2): The validation of server responses avoids out of boundary accesses. Validation of server responses in XGetImage() walter harms (1): XFree will accept NULL as argument git tag: libX11-1.6.4 https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.4.tar.bz2 MD5: 6d54227082f3aa2c596f0b3a3fbb9175 libX11-1.6.4.tar.bz2 SHA1: 94f375f28e592a599594d3d6ce982516afdc212c libX11-1.6.4.tar.bz2 SHA256: b7c748be3aa16ec2cbd81edc847e9b6ee03f88143ab270fb59f58a044d34e441 libX11-1.6.4.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.4.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.4.tar.gz MD5: f60fb9f397090ed7d75c8c8873014d1e libX11-1.6.4.tar.gz SHA1: 04acc1fb67fe3752c3be65f906c8b0ecd2df3ccb libX11-1.6.4.tar.gz SHA256: 5d7fbb9e15c27900ea8963218a59750b674a8d7c94161b66e96fcfbdaa1c6263 libX11-1.6.4.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.4.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
X.Org security advisory: Protocol handling issues in X Window System client libraries
X.Org security advisory: October 4, 2016 Protocol handling issues in X Window System client libraries Description Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. These issue come in addition to the ones discovered by Ilja van Sprundel in 2013. Most of these issues stem from the client libraries trusting the server to send correct protocol data, and not verifying that the values will not overflow or cause other damage. Most of the time X clients & servers are run by the same user, with the server more privileged than the clients, so this is not a problem, but there are scenarios in which a privileged client can be connected to an unprivileged server, for instance, connecting a setuid X client (such as a screen lock program) to a virtual X server (such as Xvfb or Xephyr) which the user has modified to return invalid data, potentially allowing the user to escalate their privileges. The X.Org security team would like to take this opportunity to remind X client authors that current best practices suggest separating code that requires privileges from the GUI, to reduce the attack surface of issues like this. Affected libraries and CVE Ids libX11 - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()). Affected versions libX11 <= 1.6.3 libXfixes - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures. Affected versions : libXfixes <= 5.0.2 libXi - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). Affected versions libXi <= 1.7.6 libXrandr - insufficient validation of data from the X server can cause out of boundary memory writes. Affected versions: libXrandr <= 1.5.0 libXrender - insufficient validation of data from the X server can cause out of boundary memory writes. Affected version: libXrender <= 0.9.9 XRecord - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). Affected version libXtst <= 1.2.2 libXv - insufficient validation of data from the X server can cause out of boundary memory and memory corruption. CVE-2016-5407 affected versions libXv <= 1.0.10 libXvMC - insufficient validation of data from the X server can cause a one byte buffer read underrun. Affected versions: libXvMC <= 1.0.9 Fixes Fixes are available in the following git commits. lib/libX11 8ea762f Validation of server responses in XGetImage() 8c29f16 The validation of server responses avoids out of boundary accesses. libXfixes 61c1039 Integer overflow on illegal server response libXi 19a9cd6 Properly validate server responses. libXrandr a0df3e1 Avoid out of boundary accesses on illegal responses libXrender 9362c7d Validate lengths while parsing server data. 8fad00b Avoid OOB write in XRenderQueryFilters lib/libXtst 9556ad6 Out of boundary access and endless loop in libXtst libXv 87b3c94 Protocol handling issues in libXv libXvMC 2cd95e7 Avoid buffer underflow on empty strings. They will also be available in these modules releases from X.Org: * libX11 1.6.4 * libXfixes 5.0.3 * libXi 1.7.7 * libXrandr 1.5.1 * libXrender 0.9.10 * libXtst 1.2.3 * libXv 1.0.11 * libXvMC 1.0.10 Thanks X.Org thanks Tobias Stoeckmann for reporting these issues to our security team and assisting them in understanding them and evaluating our fixes. -- Matthieu Herrb signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce