[ANNOUNCE] libX11 1.8.7

Alan Coopersmith alan.coopersmith at oracle.com
Tue Oct 3 16:45:34 UTC 2023 

This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-October/003424.html
along with:
 * Fail XOpenDisplay() if server-provided default visual is invalid (!233)
 * Bring XKB docs in line with actual implementation (!231, !228)
 * Xutil.h: declare XEmptyRegion() and XEqualRegion() as Bool (!225)
 * Assorted updates to en_US.UTF-8 compose keys (!213, !214, !215, !216,
   !217, !219, !220, !222, !223, !226, !227, !229)

Alan Coopersmith (17):
      Remove XkbSetBounceKeysDelay.man from list of man pages to build
      docs: finish removing XkbGetBounceKeysDelay & XkbSetBounceKeysDelay
      docs: remove XkbAllocDeviceLedInfo
      docs: remove XkbGetAccessXTimeout & XkbSetAccessXTimeout
      docs: remove XkbGetSlowKeysDelay & XkbSetSlowKeysDelay
      docs: remove XkbGetStickyKeysOptions & XkbSetStickyKeysOptions
      docs: XkbSAActionSetCtrls is really named XkbActionSetCtrls
      docs: remove XkbChangeIndicators and Xkb{Get,Note}IndicatorChanges
      docs: remove XkbGetNameChanges
      docs: remove XkbKeySymsOffset
      docs: fix names for XkbKeyKeyType & XkbKeyKeyTypeIndex
      XOpenDisplay: ensure each screen has a valid root_visual pointer
      CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()
      CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage()
      XPutImage: clip images to maximum height & width allowed by protocol
      XCreatePixmap: trigger BadValue error for out-of-range dimensions
      libX11 1.8.7

Antti Savolainen (2):
      nls: add a compose sequence with double dead_tilde for ≈ (almost equal to)
      Add two compose sequences for dagger/obelisk symbols

Benno Schulenberg (12):
      nls: remove three duplicated combining acute accents
      nls: order a few compose sequences left first, and in mirroring pairs
      nls: remove four unobvious and redundant compose sequences for ¥ (yen)
      nls: delete twenty eight compose sequences that cannot be typed
      nls: use the shorter and more consistent name for the dead capital schwa
      nls: harmonize the comments for compose sequences with combining accents
      nls: add, correct, and normalize some comments of compose sequences
      nls: delete twenty seven untypable Greek compose sequences
      nls: change result of sequence `<C> <bar>` from `¢` (CENT) to `₵` (CEDI)
      nls: add compose sequences for `₲` (guaraní), `₭` (kip), and `₮` (tugrik)
      nls: reshuffle the compose sequences for currencies into ascending order
      nls: add two compose sequences for currency symbol `฿` (the Thai baht)

Christopher Chavez (1):
      Xutil.h: use Bool for XEmptyRegion(), XEqualRegion()

G. Branden Robinson (1):
      configure script reports stray, confusing "yes"

Walter Harms (1):
      rm XkbSetBounceKeysDelay.man

Yair Mizrahi (1):
      CVE-2023-43787: Integer overflow in XCreateImage() leading to a heap overflow

jmcwilliams403 (1):
      NLS: Drop two math sequences, slightly clean up APL sequences.

git tag: libX11-1.8.7

https://xorg.freedesktop.org/archive/individual/lib/libX11-1.8.7.tar.gz
SHA256: 793ebebf569f12c864b77401798d38814b51790fce206e01a431e5feb982e20b  libX11-1.8.7.tar.gz
SHA512: 67575740356aecc6a7a4898e92ff1007aa6a44ff506d80fe577c1bdc3d64a900edf545cf3e082e9f17c25f4afe28e724145d5e82ae428bdc44348d368d9451a6  libX11-1.8.7.tar.gz
PGP:  https://xorg.freedesktop.org/archive/individual/lib/libX11-1.8.7.tar.gz.sig

https://xorg.freedesktop.org/archive/individual/lib/libX11-1.8.7.tar.xz
SHA256: 05f267468e3c851ae2b5c830bcf74251a90f63f04dd7c709ca94dc155b7e99ee  libX11-1.8.7.tar.xz
SHA512: d53bfc18f38d339a6a695b09835b2ae96b323881678bfe7ddca697605e3bdf4102ff49cc3078880a6c55b5977fcdd0aadaf5429086132de3a5bda302f79a2fa6  libX11-1.8.7.tar.xz
PGP:  https://xorg.freedesktop.org/archive/individual/lib/libX11-1.8.7.tar.xz.sig


-- 
        -Alan Coopersmith-                 alan.coopersmith at oracle.com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20231003/0f99f041/attachment.sig>

More information about the xorg-announce mailing list