Página inicial Explorar Ajuda
Entrar
PUBLIC_REPOS
/
buildroot
mirror de git://git.buildroot.net/buildroot
2
1
Fork 0
Arquivos
Ver código fonte

package/xserver_xorg-server: security bump to version 21.1.11

Fixes the following security issues:

1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.

2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.

3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.

4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.

5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.

6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.

For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2024-January/003444.html

Switch to .tar.gz as the announcement mail only contained hashes for that:
https://lists.x.org/archives/xorg-announce/2024-January/003442.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 219178ef3eed5b3f4a5da0fe4af751e79d77e432)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard 1 ano atrás
pai
f2bc7c3e8a
commit
8667430da2
2 arquivos alterados com 5 adições e 5 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 3 3
      package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
  2. 2 2
      package/x11r7/xserver_xorg-server/xserver_xorg-server.mk

+ 3 - 3
package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
Ver arquivo 

@@ -1,5 +1,5 @@
 
-# From https://lists.x.org/archives/xorg-announce/2023-December/003436.html
 
-sha256  ceb0b3a2efc57ac3ccf388d3dc88b97615068639fb284d469689ae3d105611d0  xorg-server-21.1.10.tar.xz
 
-sha512  8135d9b7c0c71f427ba0a3b80741fee4f6ae195779399b73261a00858882f3516e367a08e2da1403734b04eacabae9aa231e5375eff23b57a3ff764e9caf8926  xorg-server-21.1.10.tar.xz
 
+# From https://lists.x.org/archives/xorg-announce/2024-January/003442.html
 
+sha256  1aa0ee1adad0b2db7f291f3823a4ab240c7f4aea710e89f5ef4aa232b6833403  xorg-server-21.1.11.tar.gz
 
+sha512  e41bf71955691e66084a67fc20643632087f0326d5eddc31e6edd118d05005b8ab536738c181f4c352f331ec8fc8f23ae1b45f237592fa5d7eddbffe43638b08  xorg-server-21.1.11.tar.gz
 
 # Locally calculated
 
 sha256  4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f  COPYING

+ 2 - 2
package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
Ver arquivo 

@@ -4,8 +4,8 @@
 
 #
 
 ################################################################################
 
 
-XSERVER_XORG_SERVER_VERSION = 21.1.10
 
-XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.xz
 
+XSERVER_XORG_SERVER_VERSION = 21.1.11
 
+XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.gz
 
 XSERVER_XORG_SERVER_SITE = https://xorg.freedesktop.org/archive/individual/xserver
 
 XSERVER_XORG_SERVER_LICENSE = MIT
 
 XSERVER_XORG_SERVER_LICENSE_FILES = COPYING