From 07c91947be2566176c7d2309f0896733e89d1305 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Mon, 11 Dec 2023 16:25:49 +0100 Subject: [PATCH] package/xserver_xorg-server: security bump to version 21.1.9 Fixes the following security issues: - CVE-2023-5367 X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty - CVE-2023-5380: Use-after-free bug in DestroyWindow - CVE-2023-5574: Use-after-free bug in DamageDestroy For details, see the advisory: https://lists.x.org/archives/xorg-announce/2023-October/003430.html Signed-off-by: Peter Korsgaard (cherry picked from commit 36a9ec8921b6b6c0359ca6e4afd529f8473bab89) Signed-off-by: Peter Korsgaard --- package/x11r7/xserver_xorg-server/xserver_xorg-server.hash | 6 +++--- package/x11r7/xserver_xorg-server/xserver_xorg-server.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash index 092a640f04..ccd7cc74fa 100644 --- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash +++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash @@ -1,5 +1,5 @@ -# From https://lists.x.org/archives/xorg-announce/2023-March/003377.html -sha256 38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152 xorg-server-21.1.8.tar.xz -sha512 6104b3620ed2e1e27d9a8e963388bbe8785a764585b1bc03dbf5d719a92894773dda580d377ca18ceeab353e65a5d23cc947bab84a4012f9dd1eca31cac36937 xorg-server-21.1.8.tar.xz +# From https://lists.x.org/archives/xorg-announce/2023-October/003431.html +sha256 ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a xorg-server-21.1.9.tar.xz +sha512 9044e1b9222616fb63aea444b75f4ca6582edb7d899018f8ea30359e57edf04b1555e69397ebc4d288f7e36d6b82a54dde3895f11d414573d229e908ac17bfe8 xorg-server-21.1.9.tar.xz # Locally calculated sha256 4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f COPYING diff --git a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk index ede03d024c..cf0e688c36 100644 --- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk +++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk @@ -4,7 +4,7 @@ # ################################################################################ -XSERVER_XORG_SERVER_VERSION = 21.1.8 +XSERVER_XORG_SERVER_VERSION = 21.1.9 XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.xz XSERVER_XORG_SERVER_SITE = https://xorg.freedesktop.org/archive/individual/xserver XSERVER_XORG_SERVER_LICENSE = MIT