All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
@ 2017-01-10 11:11 Sona Sarmadi
  2017-01-11  6:45 ` FW: " Sona Sarmadi
  0 siblings, 1 reply; 3+ messages in thread
From: Sona Sarmadi @ 2017-01-10 11:11 UTC (permalink / raw)
  To: openembedded-core

Upgrade libxtst from 1.2.2 to 1.2.3 to address:
Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
 meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)

diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
similarity index 78%
rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
index 1b0bcf3..31ea439 100644
--- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
+++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
@@ -16,5 +16,5 @@ PE = "1"
 
 XORG_PN = "libXtst"
 
-SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
-SRC_URI[sha256sum] = "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c8309f6d9"
+SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
+SRC_URI[sha256sum] = "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4bf5204"
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* FW: [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
  2017-01-10 11:11 [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3 Sona Sarmadi
@ 2017-01-11  6:45 ` Sona Sarmadi
  2017-01-18 22:34   ` akuster808
  0 siblings, 1 reply; 3+ messages in thread
From: Sona Sarmadi @ 2017-01-11  6:45 UTC (permalink / raw)
  To: Armin Kuster (akuster808@gmail.com); +Cc: openembedded-core

Hi Armin,

I hope it is ok to upgrade libXtst, please let me know if you want to keep the same version and apply the patch instead of upgrade.

 The upgrade have only following changes:

https://cgit.freedesktop.org/xorg/lib/libXtst/
Age	Commit message	Author	Files	Lines
2016-10-04	libXtst 1.2.3HEADlibXtst-1.2.3master	Matthieu Herrb	1	-1/+1
2016-09-25	Out of boundary access and endless loop in libXtst	Tobias Stoeckmann	1	-4/+39
2013-11-23	Remove fallback for _XEatDataWords, require libX11 1.6 for it	Michael Joost	2	-18/+1
2013-05-31	libXtst 1.2.2libXtst-1.2.2

This does not affect master. According to Mitre this affects libXtst before 1.2.3:

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

Cheers
//Sona

> -----Original Message-----
> From: openembedded-core-bounces@lists.openembedded.org
> [mailto:openembedded-core-bounces@lists.openembedded.org] On
> Behalf Of Sona Sarmadi
> Sent: den 10 januari 2017 12:11
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
> 
> Upgrade libxtst from 1.2.2 to 1.2.3 to address:
> Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
> 
> References:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
> https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312
> 9ec4a7a4f4b54a0d59701beeae3
> 
> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> ---
>  meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4
> ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)  rename meta/recipes-
> graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
> 
> diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> similarity index 78%
> rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> index 1b0bcf3..31ea439 100644
> --- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> +++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> @@ -16,5 +16,5 @@ PE = "1"
> 
>  XORG_PN = "libXtst"
> 
> -SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
> -SRC_URI[sha256sum] =
> "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83
> 09f6d9"
> +SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
> +SRC_URI[sha256sum] =
> "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b
> f5204"
> --
> 1.9.1
> 
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: FW: [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
  2017-01-11  6:45 ` FW: " Sona Sarmadi
@ 2017-01-18 22:34   ` akuster808
  0 siblings, 0 replies; 3+ messages in thread
From: akuster808 @ 2017-01-18 22:34 UTC (permalink / raw)
  To: Sona Sarmadi; +Cc: openembedded-core



On 01/10/2017 10:45 PM, Sona Sarmadi wrote:
> Hi Armin,
>
> I hope it is ok to upgrade libXtst, please let me know if you want to keep the same version and apply the patch instead of upgrade.
this is reasonable request. once its in Morty, I will pull it into krogoth.
thanks for sending the request.

- armin
>
>   The upgrade have only following changes:
>
> https://cgit.freedesktop.org/xorg/lib/libXtst/
> Age	Commit message	Author	Files	Lines
> 2016-10-04	libXtst 1.2.3HEADlibXtst-1.2.3master	Matthieu Herrb	1	-1/+1
> 2016-09-25	Out of boundary access and endless loop in libXtst	Tobias Stoeckmann	1	-4/+39
> 2013-11-23	Remove fallback for _XEatDataWords, require libX11 1.6 for it	Michael Joost	2	-18/+1
> 2013-05-31	libXtst 1.2.2libXtst-1.2.2
>
> This does not affect master. According to Mitre this affects libXtst before 1.2.3:
>
> Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
>
> Cheers
> //Sona
>
>> -----Original Message-----
>> From: openembedded-core-bounces@lists.openembedded.org
>> [mailto:openembedded-core-bounces@lists.openembedded.org] On
>> Behalf Of Sona Sarmadi
>> Sent: den 10 januari 2017 12:11
>> To: openembedded-core@lists.openembedded.org
>> Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
>>
>> Upgrade libxtst from 1.2.2 to 1.2.3 to address:
>> Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
>>
>> References:
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
>> https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312
>> 9ec4a7a4f4b54a0d59701beeae3
>>
>> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
>> ---
>>   meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4
>> ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)  rename meta/recipes-
>> graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
>>
>> diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> similarity index 78%
>> rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> index 1b0bcf3..31ea439 100644
>> --- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> +++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> @@ -16,5 +16,5 @@ PE = "1"
>>
>>   XORG_PN = "libXtst"
>>
>> -SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
>> -SRC_URI[sha256sum] =
>> "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83
>> 09f6d9"
>> +SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
>> +SRC_URI[sha256sum] =
>> "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b
>> f5204"
>> --
>> 1.9.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-01-18 22:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-10 11:11 [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3 Sona Sarmadi
2017-01-11  6:45 ` FW: " Sona Sarmadi
2017-01-18 22:34   ` akuster808

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.