From alan.coopersmith at oracle.com Thu Aug 6 17:21:32 2020 From: alan.coopersmith at oracle.com (Alan Coopersmith) Date: Thu, 6 Aug 2020 10:21:32 -0700 Subject: [ANNOUNCE] libX11 1.6.11 Message-ID: <20200806172132.GA17916@also.us.oracle.com> This release fixes a regression introduced by the security patches in 1.6.10. See https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116 for details. Alan Coopersmith (1): libX11 1.6.11 Yichao Yu (1): Fix size calculation in `_XimAttributeToValue`. git tag: libX11-1.6.11 https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.11.tar.bz2 SHA256: b1cc4b802058be7e3fb438ee2490f66fcc52ac3b2a14f47a22cbf77638e33606 libX11-1.6.11.tar.bz2 SHA512: 2cb4e215c1e3ccb327e02586844f8c426068536a0f472a39f12191feace607f61a6a08586f03758248199678c2f6897a984b0f1222bc0d68fd2e02702f4ce0bf libX11-1.6.11.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.11.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.11.tar.gz SHA256: 95d44ecb1a1b430c6d3619215f76c466e97be0efe0c141bed6aa6f07699965a0 libX11-1.6.11.tar.gz SHA512: da54d37a70cdedf3dcd7f8365e643d5c5ec659630c95594f21895644702edefc1b1b2d871ff956b92fb3d95e950bbf61cc20b2750e8c31a5d8be67a34d17e15e libX11-1.6.11.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.11.tar.gz.sig -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/alanc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From alan.coopersmith at oracle.com Thu Aug 6 21:22:40 2020 From: alan.coopersmith at oracle.com (Alan Coopersmith) Date: Thu, 6 Aug 2020 14:22:40 -0700 Subject: [ANNOUNCE] font-alias 1.0.4 Message-ID: <20200806212240.GA15009@also.us.oracle.com> This minor maintenance release rolls up the past decade worth of fixes & cleanups. Alan Coopersmith (5): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 Update README for gitlab migration Update configure.ac bug URL for gitlab migration font-alias 1.0.4 Emil Velikov (1): autogen.sh: use quoted string variables Gaetan Nadon (2): config: Use the shorthand --disable-all-encodings option in font-util v1.2 config: replace deprecated use of AC_OUTPUT with AC_CONFIG_FILES Jesse Adkins (1): Purge cvs tags. Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish git tag: font-alias-1.0.4 https://xorg.freedesktop.org/archive/individual/font/font-alias-1.0.4.tar.bz2 SHA256: f3111ae8bf2e980f5f56af400e8eefe5fc9f4207f4a412ea79637fd66c945276 font-alias-1.0.4.tar.bz2 SHA512: c67ac2ee344a601fcc09471580214b30c3fd6acc4800702840de44f0733e6d18b3faeec2fa3f4e2314025cc1724d7d6796ebaf620398fe350710182fd2c4b07d font-alias-1.0.4.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/font/font-alias-1.0.4.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/font/font-alias-1.0.4.tar.gz SHA256: 49525fa6f2c3f3b54f461b2e0649b0ac61af50c36bf40069355a25ced8ce2028 font-alias-1.0.4.tar.gz SHA512: 47d401bef43421f68a31bfd551f340de679e1f3616360061d2fa4f5ddf6f8e5003a1e20cfdaa9a9f6906c4fdb7eb2184394400a8c4894cb913932da437cbcc53 font-alias-1.0.4.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/font/font-alias-1.0.4.tar.gz.sig -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/alanc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From alan.coopersmith at oracle.com Thu Aug 6 21:43:12 2020 From: alan.coopersmith at oracle.com (Alan Coopersmith) Date: Thu, 6 Aug 2020 14:43:12 -0700 Subject: [ANNOUNCE] font-misc-ethiopic 1.0.4 Message-ID: <20200806214312.GA20850@also.us.oracle.com> This minor maintenance release rolls up the past decade's worth of fixes & cleanups. Of particular note: This package contains two font versions: TrueType and OpenType. One may want to install only one of them and (re)generate font.scale for this introduce two new config options: --disable-opentype-install and --disable-truetype-install Alan Coopersmith (5): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 Update README for gitlab migration Update configure.ac bug URL for gitlab migration font-misc-ethiopic 1.0.4 Egbert Eich (1): install: Make fonttypes to be installed configurable Emil Velikov (1): autogen.sh: use quoted string variables Gaetan Nadon (1): config: replace deprecated use of AC_OUTPUT with AC_CONFIG_FILES Matthieu Herrb (1): Typo: font.dir -> fonts.dir Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish git tag: font-misc-ethiopic-1.0.4 https://xorg.freedesktop.org/archive/individual/font/font-misc-ethiopic-1.0.4.tar.bz2 SHA256: 698c0f6ddf9ca482250bdafa08293893148393bb9cb23e0a9ca313c6dbfc4ae0 font-misc-ethiopic-1.0.4.tar.bz2 SHA512: 4fed9ff3782746898c56dac199e9ca89356f4967779937049b9ff4ffad202317c023859f92d44b371dfa5485d5368ccad648e64b12cde0ed21f7d4aee5affcd5 font-misc-ethiopic-1.0.4.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/font/font-misc-ethiopic-1.0.4.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/font/font-misc-ethiopic-1.0.4.tar.gz SHA256: f7901250fb746815065cfe13a814d92260348fede28d61dcab0d05c5d8eafd54 font-misc-ethiopic-1.0.4.tar.gz SHA512: c81f91227a5b8a4ff8bc02b4e5030896ef31cc8278d68127214bd290edca7b1a037f115ed986ea6f6a0c2058a94b446972a6463bcb2ac80195a0a1c825fd7979 font-misc-ethiopic-1.0.4.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/font/font-misc-ethiopic-1.0.4.tar.gz.sig -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/alanc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From matthieu at herrb.eu Tue Aug 25 15:18:33 2020 From: matthieu at herrb.eu (Matthieu Herrb) Date: Tue, 25 Aug 2020 17:18:33 +0200 Subject: X.Org libX11 security advisory: August 25, 2020 Message-ID: <20200825151833.GD30064@timmy> Double free in libX11 locale handling code ========================================== CVE-2020-14363 There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free. Patches ------- A Patch for this issue has been committed to the libX11 git repository. libX11 1.6.12 will be released shortly and will include this patch. https://gitlab.freedesktop.org/xorg/lib/libx11 commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master) Fix an integer overflow in init_om() CVE-2020-14363 This can lead to a double free later, as reported by Jayden Rivers. Thanks ------ X.Org thanks Jayden Rivers for reporting this issue to our security team and assisting them in understanding them and providing fixes. -- Matthieu Herrb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From matthieu at herrb.eu Tue Aug 25 15:22:48 2020 From: matthieu at herrb.eu (Matthieu Herrb) Date: Tue, 25 Aug 2020 17:22:48 +0200 Subject: [ANNOUNCE] libX11 1.6.12 Message-ID: <20200825152248.GE30064@timmy> Christopher Chavez (1): Fix typo GCCLipYOrigin -> GCClipYOrigin in XCreateGC() manpage Felix Yan (1): Correct a typo in GetStCmap.c Matthieu Herrb (2): Fix an integer overflow in init_om() libX11 1.6.12 Maya Rashish (1): Avoid the use of "register" keyword in XkbTranslateKeySym. Niclas Zeising (1): Fix input clients connecting to server git tag: libX11-1.6.12 https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.12.tar.bz2 SHA256: f108227469419ac04d196df0f3b80ce1f7f65059bb54c0de811f4d8e03fd6ec7 libX11-1.6.12.tar.bz2 SHA512: 79df7d61d9009b0dd3b65f67a62189aa0a43799c01026b3d2d534092596a0b67f246af5e398a89eb1ccc61a27335f81be8262b8a39768a76f62d862cd7415a47 libX11-1.6.12.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.12.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.12.tar.gz SHA256: 0fce5fc0a24a3dc728174eccd0cb8d6a1b37a2ec1654bd5628c84e5bc200d594 libX11-1.6.12.tar.gz SHA512: be86b8ad874311bc9d4bd28f33ecdbf2dd391b4a17bdf456c0f8b483f740145cd976b68fa7afee806223acff319e77e163a612b82f7fa9dfa898a31cfbbda851 libX11-1.6.12.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.12.tar.gz.sig -- Matthieu Herrb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From matthieu at herrb.eu Tue Aug 25 15:24:05 2020 From: matthieu at herrb.eu (Matthieu Herrb) Date: Tue, 25 Aug 2020 17:24:05 +0200 Subject: X.Org server security advisory: August 25, 2020 Message-ID: <20200825152405.GF30064@timmy> Multiple input validation failures in X server extensions ========================================================= All theses issuses can lead to local privileges elevation on systems where the X server is running privileged. * CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access The handler for the XkbSetNames request does not validate the request length before accessing its contents. * CVE-2020-14346 / ZDI CAN 11429 XIChangeHierarchy Integer Underflow An integer underflow exists in the handler for the XIChangeHierarchy request. * CVE-2020-14361 / ZDI CAN 11573 XkbSelectEvents Integer Underflow An integer underflow exist in the handler for the XkbSelectEvents request. * CVE-2020-1436 / ZDI CAN 11574 XRecordRegisterClients Integer Underflow An integer underflow exist in the handler for the CreateRegister request of the X record extension. Patches ------- Patches for this issues have been commited to the xorg server git repository. xorg-server 1.20.9 will be released shortly and will include these patches. https://gitlab.freedesktop.org/xorg/xserver.git commit 11f22a3bf694d7061d552c99898d843bcdaf0cf1 Correct bounds checking in XkbSetNames() CVE-2020-14345 / ZDI 11428 commit 1e3392b07923987c6c9d09cf75b24f397b59bd5e Fix XIChangeHierarchy() integer underflow CVE-2020-14346 / ZDI-CAN-11429 commit 90304b3c2018a6b8f4a79de86364d2af15cb9ad8 Fix XkbSelectEvents() integer underflow CVE-2020-14361 ZDI-CAN 11573 commit 24acad216aa0fc2ac451c67b2b86db057a032050 Fix XRecordRegisterClients() Integer underflow CVE-2020-14362 ZDI-CAN-11574 Thanks ====== These vulnerabilities have beend discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From mattst88 at gmail.com Tue Aug 25 15:47:54 2020 From: mattst88 at gmail.com (Matt Turner) Date: Tue, 25 Aug 2020 08:47:54 -0700 Subject: [ANNOUNCE] xorg-server 1.20.9 Message-ID: <20200825154754.GA418554@hp-x360.mattst88.com> Aaron Ma (1): xfree86: add drm modes on non-GTF panels Adam Jackson (2): linux: Make platform device probe less fragile linux: Fix platform device PCI detection for complex bus topologies Alan Coopersmith (2): Update URL's in man pages doc: Update URLs in Xserver-DTrace.xml Alex Goins (1): randr: Check rrPrivKey in RRHasScanoutPixmap() Hans de Goede (1): modesetting: Disable pageflipping when using a swcursor Huacai Chen (1): linux: Fix platform device probe for DT-based PCI Jose Maria Casanova Crespo (1): modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation Lyude Paul (1): xwayland: Store xwl_tablet_pad in its own private key Martin Weber (1): hw/xfree86: Avoid cursor use after free Matt Turner (1): xserver 1.20.9 Matthieu Herrb (5): fix for ZDI-11426 Correct bounds checking in XkbSetNames() Fix XIChangeHierarchy() integer underflow Fix XkbSelectEvents() integer underflow Fix XRecordRegisterClients() Integer underflow Michel D?nzer (7): present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip xwayland: Always use xwl_present_free_event for freeing Present events xwayland: Free all remaining events in xwl_present_cleanup xwayland: Hold a pixmap reference in struct xwl_present_event xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp Olivier Fourdan (4): xwayland: Fix infinite loop at startup xwayland: Clear private on device removal xwayland: Disable the MIT-SCREEN-SAVER extension when rootless xwayland: Use a fixed DPI value for core protocol Roman Gilg (1): present: Check valid region in window mode flips Samuel Thibault (1): dix: do not send focus event when grab actually does not change Simon Ser (2): xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only xwayland: only use linux-dmabuf if format/modifier was advertised SimonP (1): xwayland: Initialise values in xwlVidModeGetGamma() Sjoerd Simons (1): xwayland: Fix crashes when there is no pointer git tag: xorg-server-1.20.9 https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.9.tar.bz2 SHA256: e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571 xorg-server-1.20.9.tar.bz2 SHA512: d9b5f93e1b9763a89187d8b272aa7d4ce9709641b8539f4536708af153310e5a4931bffd4229c51a3b0e3b12da7838750aa71b635751fb4c0bb27438cce4e5e6 xorg-server-1.20.9.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.9.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.9.tar.gz SHA256: 067c348fe1a86a1924010354c1c7cf1eaa9e43866e48540aa56a465f2a341ddc xorg-server-1.20.9.tar.gz SHA512: 7cc4aca6c1438332e6dcb939404b2c469206e33108009d8b34c4dbb579ed135a42dfa47f9a91279c54875da9e5b6aac0cadeaad6c09bba474b0383fdfc789961 xorg-server-1.20.9.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.9.tar.gz.sig -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 376 bytes Desc: not available URL: