package/xserver_xorg-server: security bump to version 21.1.11

Fixes the following security issues: 1) CVE-2023-6816 can be triggered by passing an invalid array index to DeviceFocusEvent or ProcXIQueryPointer. 2) CVE-2024-0229 can be triggered if a device has both a button and a key class and zero buttons. 3) CVE-2024-21885 can be triggered if a device with a given ID was removed and a new device with the same ID added both in the same operation. 4) CVE-2024-21886 can be triggered by disabling a master device with disabled slave devices. 5) CVE-2024-0409 can be triggered by enabling SELinux xserver_object_manager and running a client. 6) CVE-2024-0408 can be triggered by enabling SELinux xserver_object_manager and creating a GLX PBuffer. For details, see the advisory: https://lists.x.org/archives/xorg-announce/2024-January/003444.html Switch to .tar.gz as the announcement mail only contained hashes for that: https://lists.x.org/archives/xorg-announce/2024-January/003442.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-25 23:21:40 +01:00 · 2024-01-25 23:21:40 +01:00 · 219178ef3e
commit 219178ef3e
parent b8d9e75eb8
2 changed files with 5 additions and 5 deletions
--- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
+++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
@ -1,5 +1,5 @@
-# From https://lists.x.org/archives/xorg-announce/2023-December/003436.html
-sha256  ceb0b3a2efc57ac3ccf388d3dc88b97615068639fb284d469689ae3d105611d0  xorg-server-21.1.10.tar.xz
-sha512  8135d9b7c0c71f427ba0a3b80741fee4f6ae195779399b73261a00858882f3516e367a08e2da1403734b04eacabae9aa231e5375eff23b57a3ff764e9caf8926  xorg-server-21.1.10.tar.xz
+# From https://lists.x.org/archives/xorg-announce/2024-January/003442.html
+sha256  1aa0ee1adad0b2db7f291f3823a4ab240c7f4aea710e89f5ef4aa232b6833403  xorg-server-21.1.11.tar.gz
+sha512  e41bf71955691e66084a67fc20643632087f0326d5eddc31e6edd118d05005b8ab536738c181f4c352f331ec8fc8f23ae1b45f237592fa5d7eddbffe43638b08  xorg-server-21.1.11.tar.gz
 # Locally calculated
 sha256  4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f  COPYING
--- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
+++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
@ -4,8 +4,8 @@
 #
 ################################################################################

-XSERVER_XORG_SERVER_VERSION = 21.1.10
-XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.xz
+XSERVER_XORG_SERVER_VERSION = 21.1.11
+XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.gz
 XSERVER_XORG_SERVER_SITE = https://xorg.freedesktop.org/archive/individual/xserver
 XSERVER_XORG_SERVER_LICENSE = MIT
 XSERVER_XORG_SERVER_LICENSE_FILES = COPYING