- Update to version 21.1.9
* This release contains fixes for CVE-2023-5367 and CVE-2023-5380 as
reported in today's security advisory:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
- adjusted u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=859
This commit is contained in:
Git OBS Bridge
parent
2444a577fa
commit
5df1139ec3
@ -24,11 +24,11 @@ Reviewed-by: Stefan Dirsch <sndirsch@suse.de>
|
||||
os/auth.c | 138 ++++++++++++++++++++++++++++++++++++++++++++++--
|
||||
3 files changed, 141 insertions(+), 7 deletions(-)
|
||||
|
||||
Index: xorg-server-1.20.5/configure.ac
|
||||
Index: xorg-server-21.1.9/configure.ac
|
||||
===================================================================
|
||||
--- xorg-server-1.20.5.orig/configure.ac
|
||||
+++ xorg-server-1.20.5/configure.ac
|
||||
@@ -134,7 +134,7 @@ AM_CONDITIONAL(SPECIAL_DTRACE_OBJECTS, [
|
||||
--- xorg-server-21.1.9.orig/configure.ac
|
||||
+++ xorg-server-21.1.9/configure.ac
|
||||
@@ -132,7 +132,7 @@ AM_CONDITIONAL(SPECIAL_DTRACE_OBJECTS, [
|
||||
AC_HEADER_DIRENT
|
||||
AC_HEADER_STDC
|
||||
AC_CHECK_HEADERS([fcntl.h stdlib.h string.h unistd.h dlfcn.h stropts.h \
|
||||
@ -37,20 +37,11 @@ Index: xorg-server-1.20.5/configure.ac
|
||||
|
||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||
AC_C_CONST
|
||||
@@ -166,7 +166,7 @@ AC_REPLACE_FUNCS([reallocarray strcasecm
|
||||
AM_CONDITIONAL(POLL, [test "x$ac_cv_func_poll" = "xyes"])
|
||||
|
||||
AC_CHECK_LIB([bsd], [arc4random_buf])
|
||||
-AC_CHECK_FUNCS([arc4random_buf])
|
||||
+AC_CHECK_FUNCS([arc4random_buf getentropy])
|
||||
|
||||
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
|
||||
|
||||
Index: xorg-server-1.20.5/include/dix-config.h.in
|
||||
Index: xorg-server-21.1.9/include/dix-config.h.in
|
||||
===================================================================
|
||||
--- xorg-server-1.20.5.orig/include/dix-config.h.in
|
||||
+++ xorg-server-1.20.5/include/dix-config.h.in
|
||||
@@ -155,6 +155,9 @@
|
||||
--- xorg-server-21.1.9.orig/include/dix-config.h.in
|
||||
+++ xorg-server-21.1.9/include/dix-config.h.in
|
||||
@@ -149,6 +149,9 @@
|
||||
/* Define to 1 if you have the `arc4random_buf' function. */
|
||||
#undef HAVE_ARC4RANDOM_BUF
|
||||
|
||||
@ -60,7 +51,7 @@ Index: xorg-server-1.20.5/include/dix-config.h.in
|
||||
/* Define to use libc SHA1 functions */
|
||||
#undef HAVE_SHA1_IN_LIBC
|
||||
|
||||
@@ -232,6 +235,9 @@
|
||||
@@ -226,6 +229,9 @@
|
||||
/* Define to 1 if you have the <sys/utsname.h> header file. */
|
||||
#undef HAVE_SYS_UTSNAME_H
|
||||
|
||||
@ -70,22 +61,22 @@ Index: xorg-server-1.20.5/include/dix-config.h.in
|
||||
/* Define to 1 if you have the `timingsafe_memcmp' function. */
|
||||
#undef HAVE_TIMINGSAFE_MEMCMP
|
||||
|
||||
Index: xorg-server-1.20.5/os/auth.c
|
||||
Index: xorg-server-21.1.9/os/auth.c
|
||||
===================================================================
|
||||
--- xorg-server-1.20.5.orig/os/auth.c
|
||||
+++ xorg-server-1.20.5/os/auth.c
|
||||
@@ -49,6 +49,10 @@ from The Open Group.
|
||||
#ifdef HAVE_LIBBSD
|
||||
#include <bsd/stdlib.h> /* for arc4random_buf() */
|
||||
--- xorg-server-21.1.9.orig/os/auth.c
|
||||
+++ xorg-server-21.1.9/os/auth.c
|
||||
@@ -34,6 +34,10 @@ from The Open Group.
|
||||
#ifdef HAVE_DIX_CONFIG_H
|
||||
#include <dix-config.h>
|
||||
#endif
|
||||
+#include <errno.h>
|
||||
+#ifdef HAVE_SYS_SYSCALL_H
|
||||
+#include <syscall.h>
|
||||
+#endif
|
||||
|
||||
struct protocol {
|
||||
unsigned short name_length;
|
||||
@@ -310,16 +314,140 @@ GenerateAuthorization(unsigned name_leng
|
||||
#include <X11/X.h>
|
||||
#include <X11/Xauth.h>
|
||||
@@ -308,16 +312,140 @@ GenerateAuthorization(unsigned name_leng
|
||||
|
||||
#endif /* XCSECURITY */
|
||||
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152
|
||||
size 4980208
|
||||
Binary file not shown.
3
xorg-server-21.1.9.tar.xz
Normal file
3
xorg-server-21.1.9.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a
|
||||
size 4935860
|
||||
BIN
xorg-server-21.1.9.tar.xz.sig
Normal file
BIN
xorg-server-21.1.9.tar.xz.sig
Normal file
Binary file not shown.
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 25 11:05:06 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
- Update to version 21.1.9
|
||||
* This release contains fixes for CVE-2023-5367 and CVE-2023-5380 as
|
||||
reported in today's security advisory:
|
||||
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
|
||||
- adjusted u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Apr 1 13:42:37 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
|
||||
Binary file not shown.
@ -36,7 +36,7 @@
|
||||
%endif
|
||||
|
||||
Name: xorg-x11-server
|
||||
Version: 21.1.8
|
||||
Version: 21.1.9
|
||||
Release: 0
|
||||
URL: http://xorg.freedesktop.org/
|
||||
Summary: X
|
||||
|
||||
Loading…
Reference in New Issue
Block a user