From 5c502ad90549d907c55d7970af8d6793ff3642e6885eda5654818e1def281a2e Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Sat, 10 Jun 2023 10:44:26 +0000 Subject: [PATCH] - Update to 1.5.0 xtrans is a library of code that is shared among various X packages to handle network protocol transport in a modular fashion, allowing a single place to add new transport types - but it is *not* a shared library, more like a \ "header-only" library. It is used by the X server, the XIM support in libX11, libICE, the X font server, and related components. Because this is not a shared library, the changes in this release will only take effect in consumers that are rebuilt on a system with this release of xtrans installed. This release makes progress towards resolving CVE-2020-25697, reported in https://www.openwall.com/lists/oss-security/2020/11/09/3 . Clients will no longer attempt to connect to sockets in the abstract namespace, though servers will still bind to them to prevent other programs binding to those names to intercept connections from clients using libraries built with older versions of libxtrans or libxcb while the servers are running. Clients can also now specify a full Unix domain socket pathname to connect to, instead of relying on built-in defaults under /tmp. (Note that libX11 1.4.0 and later relies on libxcb for making connections instead of libxtrans, so X11 protocol clients will get this support in an upcoming release of libxcb, and the changes in xtrans will only affect clients of other protocols using libxtrans, such as XIM, ICE, SM, and the font service protocols.) This release also removes support for System V UNIX platforms other than Solaris and the illumos family - OS'es from SCO, AT&T's Unix Systems Group, Novell, and NCR are no longer supported. OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xtrans?expand=0&rev=28 --- xtrans-1.4.0.tar.bz2 | 3 --- xtrans-1.5.0.tar.xz | 3 +++ xtrans.changes | 29 +++++++++++++++++++++++++++++ xtrans.spec | 6 +++--- 4 files changed, 35 insertions(+), 6 deletions(-) delete mode 100644 xtrans-1.4.0.tar.bz2 create mode 100644 xtrans-1.5.0.tar.xz diff --git a/xtrans-1.4.0.tar.bz2 b/xtrans-1.4.0.tar.bz2 deleted file mode 100644 index 85f88ad..0000000 --- a/xtrans-1.4.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:377c4491593c417946efcd2c7600d1e62639f7a8bbca391887e2c4679807d773 -size 185371 diff --git a/xtrans-1.5.0.tar.xz b/xtrans-1.5.0.tar.xz new file mode 100644 index 0000000..61c4784 --- /dev/null +++ b/xtrans-1.5.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1ba4b703696bfddbf40bacf25bce4e3efb2a0088878f017a50e9884b0c8fb1bd +size 170388 diff --git a/xtrans.changes b/xtrans.changes index bcfcf79..bb880dd 100644 --- a/xtrans.changes +++ b/xtrans.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Sat Jun 10 10:39:31 UTC 2023 - Stefan Dirsch + +- Update to 1.5.0 +xtrans is a library of code that is shared among various X packages to handle +network protocol transport in a modular fashion, allowing a single place to +add new transport types - but it is *not* a shared library, more like a \ +"header-only" library. It is used by the X server, the XIM support in libX11, +libICE, the X font server, and related components. Because this is not a +shared library, the changes in this release will only take effect in consumers +that are rebuilt on a system with this release of xtrans installed. + +This release makes progress towards resolving CVE-2020-25697, reported in +https://www.openwall.com/lists/oss-security/2020/11/09/3 . Clients will no +longer attempt to connect to sockets in the abstract namespace, though +servers will still bind to them to prevent other programs binding to those +names to intercept connections from clients using libraries built with older +versions of libxtrans or libxcb while the servers are running. Clients can +also now specify a full Unix domain socket pathname to connect to, instead +of relying on built-in defaults under /tmp. (Note that libX11 1.4.0 and later +relies on libxcb for making connections instead of libxtrans, so X11 protocol +clients will get this support in an upcoming release of libxcb, and the changes +in xtrans will only affect clients of other protocols using libxtrans, such as +XIM, ICE, SM, and the font service protocols.) + +This release also removes support for System V UNIX platforms other than +Solaris and the illumos family - OS'es from SCO, AT&T's Unix Systems Group, +Novell, and NCR are no longer supported. + ------------------------------------------------------------------- Wed Sep 30 08:49:47 UTC 2020 - Dominique Leuenberger diff --git a/xtrans.spec b/xtrans.spec index f77109a..806ce9c 100644 --- a/xtrans.spec +++ b/xtrans.spec @@ -1,7 +1,7 @@ # # spec file for package xtrans # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: xtrans -Version: 1.4.0 +Version: 1.5.0 Release: 0 Summary: Library to handle network protocol transport in X License: MIT Group: Development/Libraries/X11 URL: https://xorg.freedesktop.org/ -Source: http://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.bz2 +Source: http://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.xz Patch0: p_xauth.diff Patch1: n_unifdef-LBXPROXY_t-and-TEST_t.patch Patch2: u_xtrans-noarch-pkgconfig.patch