This release contains fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-October/003424.html along with: * Fail XOpenDisplay() if server-provided default visual is invalid (!233) * Bring XKB docs in line with actual implementation (!231, !228) * Xutil.h: declare XEmptyRegion() and XEqualRegion() as Bool (!225) * Assorted updates to en_US.UTF-8 compose keys (!213, !214, !215, !216, !217, !219, !220, !222, !223, !226, !227, !229)
Alan Coopersmith (17):
Remove XkbSetBounceKeysDelay.man from list of man pages to build
docs: finish removing XkbGetBounceKeysDelay & XkbSetBounceKeysDelay
docs: remove XkbAllocDeviceLedInfo
docs: remove XkbGetAccessXTimeout & XkbSetAccessXTimeout
docs: remove XkbGetSlowKeysDelay & XkbSetSlowKeysDelay
docs: remove XkbGetStickyKeysOptions & XkbSetStickyKeysOptions
docs: XkbSAActionSetCtrls is really named XkbActionSetCtrls
docs: remove XkbChangeIndicators and Xkb{Get,Note}IndicatorChanges
docs: remove XkbGetNameChanges
docs: remove XkbKeySymsOffset
docs: fix names for XkbKeyKeyType & XkbKeyKeyTypeIndex
XOpenDisplay: ensure each screen has a valid root_visual pointer
CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage()
XPutImage: clip images to maximum height & width allowed by protocol
XCreatePixmap: trigger BadValue error for out-of-range dimensions
libX11 1.8.7
Antti Savolainen (2):
nls: add a compose sequence with double dead_tilde for ≈ (almost equal to)
Add two compose sequences for dagger/obelisk symbols
Benno Schulenberg (12):
nls: remove three duplicated combining acute accents
nls: order a few compose sequences left first, and in mirroring pairs
nls: remove four unobvious and redundant compose sequences for ¥ (yen)
nls: delete twenty eight compose sequences that cannot be typed
nls: use the shorter and more consistent name for the dead capital schwa
nls: harmonize the comments for compose sequences with combining accents
nls: add, correct, and normalize some comments of compose sequences
nls: delete twenty seven untypable Greek compose sequences
nls: change result of sequence `<C> <bar>` from `¢` (CENT) to `₵` (CEDI)
nls: add compose sequences for `₲` (guaraní), `₭` (kip), and `₮` (tugrik)
nls: reshuffle the compose sequences for currencies into ascending order
nls: add two compose sequences for currency symbol `฿` (the Thai baht)
Christopher Chavez (1):
Xutil.h: use Bool for XEmptyRegion(), XEqualRegion()
G. Branden Robinson (1):
configure script reports stray, confusing "yes"
Walter Harms (1):
rm XkbSetBounceKeysDelay.man
Yair Mizrahi (1):
CVE-2023-43787: Integer overflow in XCreateImage() leading to a heap
overflow
jmcwilliams403 (1):
NLS: Drop two math sequences, slightly clean up APL sequences.
git tag: libX11-1.8.7
https://xorg.freedesktop.org/archive/individual/lib/libX11-1.8.7.tar.gz
SHA256: 793ebebf569f12c864b77401798d38814b51790fce206e01a431e5feb982e20b
libX11-1.8.7.tar.gz
SHA512:
67575740356aecc6a7a4898e92ff1007aa6a44ff506d80fe577c1bdc3d64a900edf545cf3e082e9f17c25f4afe28e724145d5e82ae428bdc44348d368d9451a6
libX11-1.8.7.tar.gz
PGP:
https://xorg.freedesktop.org/archive/individual/lib/libX11-1.8.7.tar.gz.sig
https://xorg.freedesktop.org/archive/individual/lib/libX11-1.8.7.tar.xz
SHA256: 05f267468e3c851ae2b5c830bcf74251a90f63f04dd7c709ca94dc155b7e99ee
libX11-1.8.7.tar.xz
SHA512:
d53bfc18f38d339a6a695b09835b2ae96b323881678bfe7ddca697605e3bdf4102ff49cc3078880a6c55b5977fcdd0aadaf5429086132de3a5bda302f79a2fa6
libX11-1.8.7.tar.xz
PGP:
https://xorg.freedesktop.org/archive/individual/lib/libX11-1.8.7.tar.xz.sig
--
-Alan Coopersmith- alan.coopersm...@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
signature.asc
Description: PGP signature
