pkgsrc.se | The NetBSD package collection

./x11/libX11, Base X libraries from modular Xorg X11

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2020Q2, Version: 1.6.10nb1, Package name: libX11-1.6.10nb1, Maintainer: joerg

This is the libX11 library that is the C binding to the X protocol. It
is the foundation of practically every X Window System program out there.

This is from the modular X.org X11 project.

Required to run:
[x11/libXau] [x11/libxcb] [x11/libXdmcp]

Required to build:
[x11/xcb-proto] [x11/xtrans] [x11/xorgproto]

Master sites:

SHA1: e28f6bc0a33ca512b1aeb973a1dd8b3a3c48cd9f
RMD160: 3d7ecf53bf8d87347857a0a810ce772f97c4b352
Filesize: 2240.327 KB

Version history: (Expand)

(2020-08-14) Updated to version: libX11-1.6.10nb1
(2020-08-01) Updated to version: libX11-1.6.10
(2020-07-01) Package added to pkgsrc.se, version libX11-1.6.9 (created)

CVS history: (Expand)

2020-08-14 19:11:16 by Benny Siegert | Files touched by this commit (3)

Log message:
Pullup ticket #6295 - requested by maya
x11/libX11: bugfix

Revisions pulled up:
- x11/libX11/Makefile                                           1.53
- x11/libX11/distinfo                                           1.32
- x11/libX11/patches/patch-regression                           1.1

---
   Module Name:	pkgsrc
   Committed By:	maya
   Date:		Tue Aug  4 15:50:19 UTC 2020

   Modified Files:
   	pkgsrc/x11/libX11: Makefile distinfo
   Added Files:
   	pkgsrc/x11/libX11/patches: patch-regression

   Log message:
   libX11: backport patch fixing regression from upstream. bump PKGREVISION

2020-08-01 08:47:52 by Benny Siegert | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket #6290 - requested by maya
x11/libX11: security fix

Revisions pulled up:
- x11/libX11/Makefile                                           1.52
- x11/libX11/distinfo                                           1.31

---
   Module Name:	pkgsrc
   Committed By:	maya
   Date:		Fri Jul 31 16:36:55 UTC 2020

   Modified Files:
   	pkgsrc/x11/libX11: Makefile distinfo

   Log message:
   libX11: update to 1.6.10

   Heap corruption in the X input method client in libX11
   ======================================================

   CVE-2020-14344

   The X Input Method (XIM) client implementation in libX11 has some
   integer overflows and signed/unsigned comparison issues that can lead
   to heap corruption when handling malformed messages from an input
   method.

   Patches
   =======

   Patches for these issues have been commited to the libX11 git repository.
   libX11 1.6.10 will be released shortly and will include those patches.

   https://gitlab.freedesktop.org/xorg/lib/libx11

   commit 1703b9f3435079d3c6021e1ee2ec34fd4978103d (HEAD -> master)

       Change the data_len parameter of _XimAttributeToValue() to CARD16

       It's coming from a length in the protocol (unsigned) and passed
       to functions that expect unsigned int parameters (_XCopyToArg()
       and memcpy()).

   commit 1a566c9e00e5f35c1f9e7f3d741a02e5170852b2

       Zero out buffers in functions

       It looks like uninitialized stack or heap memory can leak
       out via padding bytes.

   commit 2fcfcc49f3b1be854bb9085993a01d17c62acf60

       Fix more unchecked lengths

   commit 388b303c62aa35a245f1704211a023440ad2c488

       fix integer overflows in _XimAttributeToValue()

   commit 0e6561efcfaa0ae7b5c74eac7e064b76d687544e

       Fix signed length values in _XimGetAttributeID()

       The lengths are unsigned according to the specification. Passing
       negative values can lead to data corruption.

   Thanks
   ======

   X.Org thanks Todd Carson for reporting these issues to our security
   team and assisting them in understanding them and providing fixes.