Opened 13 months ago

Closed 12 months ago

Last modified 12 months ago

#19579 closed enhancement (fixed)

xwayland-23.2.5 xorg-server-21.1.12

Reported by: Xi Ruoyao Owned by: Bruce Dubbs
Priority: elevated Milestone: 12.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New patch versions containing security fixes for CVE-2024-3108{0,1,2,3}. CVE-2024-31082 is only affecting xorg-server, the other three is affecting both xwayland and xorg-server.

Change History (6)

comment:1 by Xi Ruoyao, 13 months ago

xwayland:

This release contains the 3 security fixes that actually apply to Xwayland reported in today's security advisory:

  • CVE-2024-31080
  • CVE-2024-31081
  • CVE-2024-31083

Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients.

Alan Coopersmith (2):

  • Xi: ProcXIGetSelectedEvents needs to use unswapped length to send reply
  • Xi: ProcXIPassiveGrabDevice needs to use unswapped length to send reply

Olivier Fourdan (1):

  • Bump version to 23.2.5

Peter Hutterer (2):

  • dix: fix valuator copy/paste error in the DeviceStateNotify event
  • render: fix refcounting of glyphs during ProcRenderAddGlyphs

Warren Togami (1):

  • xwayland: Ensure pointer for gestures has buttons

comment:2 by Xi Ruoyao, 13 months ago

xorg:

This release addresses the following 4 security issues:

  • CVE-2024-31080
  • CVE-2024-31081
  • CVE-2024-31082
  • CVE-2024-31083

Additionally it provides a way to disable byte-swapped clients either by command line flag or config option. This allows to turn off byte swapping code that has been a source of security problems lately.

Alan Coopersmith (4):

  • Xext: SProcSyncCreateFence needs to swap drawable id too
  • Xi: ProcXIGetSelectedEvents needs to use unswapped length to send reply
  • Xi: ProcXIPassiveGrabDevice needs to use unswapped length to send reply
  • Xquartz: ProcAppleDRICreatePixmap needs to use unswapped length to send reply

Matthieu Herrb (1):

  • Initialize Mode->name in xf86CVTMode()

Peter Hutterer (2):

  • Allow disabling byte-swapped clients
  • render: fix refcounting of glyphs during ProcRenderAddGlyphs

Povilas Kanapickas (2):

  • dix: Fix use after free in input device shutdown
  • xserver 21.1.12

Yusuf Khan (1):

  • hw/xfree86: fix NULL pointer refrence to mode name

comment:3 by Bruce Dubbs, 12 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:4 by Bruce Dubbs, 12 months ago

The tearfree_backport patch still applies cleanly. It's curious that the patch description says it is a backport from Xorg master but it is not incorporated in this version.

comment:5 by Bruce Dubbs, 12 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commits 

e703da7b3f Update to nghttp2-1.61.0.
2399f363b6 Update to xorg-server-21.1.12.
ecce19100a Update to xwayland-23.2.5.

comment:6 by Douglas R. Reno, 12 months ago

SA-12.1-020 issued for xorg-server

SA-12.1-021 issued for xwayland

Note: See TracTickets for help on using tickets.