Received: by mail.netbsd.org (Postfix, from userid 605) id 4AF1B84D61; Sat, 1 Aug 2020 06:47:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id C601884D5B for ; Sat, 1 Aug 2020 06:47:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id QFb5qJyiTbBg for ; Sat, 1 Aug 2020 06:47:53 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 1BA6184D31 for ; Sat, 1 Aug 2020 06:47:53 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 0A7F4FB28; Sat, 1 Aug 2020 06:47:53 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1596264473170800" MIME-Version: 1.0 Date: Sat, 1 Aug 2020 06:47:53 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2020Q2] pkgsrc/x11/libX11 To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20200801064753.0A7F4FB28@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1596264473170800 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Sat Aug 1 06:47:52 UTC 2020 Modified Files: pkgsrc/x11/libX11 [pkgsrc-2020Q2]: Makefile distinfo Log Message: Pullup ticket #6290 - requested by maya x11/libX11: security fix Revisions pulled up: - x11/libX11/Makefile 1.52 - x11/libX11/distinfo 1.31 --- Module Name: pkgsrc Committed By: maya Date: Fri Jul 31 16:36:55 UTC 2020 Modified Files: pkgsrc/x11/libX11: Makefile distinfo Log Message: libX11: update to 1.6.10 Heap corruption in the X input method client in libX11 ====================================================== CVE-2020-14344 The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method. Patches ======= Patches for these issues have been commited to the libX11 git repository. libX11 1.6.10 will be released shortly and will include those patches. https://gitlab.freedesktop.org/xorg/lib/libx11 commit 1703b9f3435079d3c6021e1ee2ec34fd4978103d (HEAD -> master) Change the data_len parameter of _XimAttributeToValue() to CARD16 It's coming from a length in the protocol (unsigned) and passed to functions that expect unsigned int parameters (_XCopyToArg() and memcpy()). commit 1a566c9e00e5f35c1f9e7f3d741a02e5170852b2 Zero out buffers in functions It looks like uninitialized stack or heap memory can leak out via padding bytes. commit 2fcfcc49f3b1be854bb9085993a01d17c62acf60 Fix more unchecked lengths commit 388b303c62aa35a245f1704211a023440ad2c488 fix integer overflows in _XimAttributeToValue() commit 0e6561efcfaa0ae7b5c74eac7e064b76d687544e Fix signed length values in _XimGetAttributeID() The lengths are unsigned according to the specification. Passing negative values can lead to data corruption. Thanks ====== X.Org thanks Todd Carson for reporting these issues to our security team and assisting them in understanding them and providing fixes. To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.51.4.1 pkgsrc/x11/libX11/Makefile cvs rdiff -u -r1.30 -r1.30.6.1 pkgsrc/x11/libX11/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1596264473170800 Content-Disposition: inline Content-Length: 1799 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/x11/libX11/Makefile diff -u pkgsrc/x11/libX11/Makefile:1.51 pkgsrc/x11/libX11/Makefile:1.51.4.1 --- pkgsrc/x11/libX11/Makefile:1.51 Sat Jan 18 23:35:50 2020 +++ pkgsrc/x11/libX11/Makefile Sat Aug 1 06:47:52 2020 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.51 2020/01/18 23:35:50 rillig Exp $ +# $NetBSD: Makefile,v 1.51.4.1 2020/08/01 06:47:52 bsiegert Exp $ -DISTNAME= libX11-1.6.9 +DISTNAME= libX11-1.6.10 CATEGORIES= x11 devel MASTER_SITES= ${MASTER_SITE_XORG:=lib/} EXTRACT_SUFX= .tar.bz2 Index: pkgsrc/x11/libX11/distinfo diff -u pkgsrc/x11/libX11/distinfo:1.30 pkgsrc/x11/libX11/distinfo:1.30.6.1 --- pkgsrc/x11/libX11/distinfo:1.30 Wed Nov 13 21:59:51 2019 +++ pkgsrc/x11/libX11/distinfo Sat Aug 1 06:47:52 2020 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.30 2019/11/13 21:59:51 wiz Exp $ +$NetBSD: distinfo,v 1.30.6.1 2020/08/01 06:47:52 bsiegert Exp $ -SHA1 (libX11-1.6.9.tar.bz2) = 62456536411f2540fbd4a3f59ed8af94967124c2 -RMD160 (libX11-1.6.9.tar.bz2) = 5575e5b54557979aa48c938a765830a3fabfceca -SHA512 (libX11-1.6.9.tar.bz2) = fc18f0dc17ade1fc37402179f52e1f2b9c7b7d3a1a9590fea13046eb0c5193b4796289431cd99388eac01e8e59de77db45d2c9675d4f05ef8cf3ba6382c3dd31 -Size (libX11-1.6.9.tar.bz2) = 2283814 bytes +SHA1 (libX11-1.6.10.tar.bz2) = e28f6bc0a33ca512b1aeb973a1dd8b3a3c48cd9f +RMD160 (libX11-1.6.10.tar.bz2) = 3d7ecf53bf8d87347857a0a810ce772f97c4b352 +SHA512 (libX11-1.6.10.tar.bz2) = ad384d8896fbe587f7fd99b0d3cc56fac6e2facbab52fa99174200d06b19dd163a483c998acf3834b3a4a3aa4de0dbbe13919a1c80e6797afe467c7075b403ff +Size (libX11-1.6.10.tar.bz2) = 2294095 bytes SHA1 (patch-Makefile.in) = 93d3b8d9882babf70788e984884a9db46a5367ef SHA1 (patch-aa) = 4f502264e7200fd2f9409d8684c53de3bc6f0649 SHA1 (patch-ac) = 565aa2a636b5c50f67cbd11e7c2adcac8d55418e --_----------=_1596264473170800--