similar to: [ANNOUNCE] libXi 1.7.7

Matthieu Herrb (1): libXi 1.7.7 Tobias Stoeckmann (1): Properly validate server responses. git tag: libXi-1.7.7 https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2 MD5: cc0883a898222d50ff79af3f83595823 libXi-1.7.7.tar.bz2 SHA1: 37d150d7cc7061612643a3b8f458ff004edc6f2d libXi-1.7.7.tar.bz2 SHA256: 996f834fa57b9b33ba36690f6f5c6a29320bc8213022943912462d8015b1e030

X.Org security advisory: October 4, 2016 Protocol handling issues in X Window System client libraries ============================================================ Description Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze,

This release fixes a crash introduced in the 1.7.7 release. If a device has no classes, a wrong error was returned, eventually causing some applications to crash. This is fixed now. Niels Ole Salscheider (1): SizeClassInfo can return 0 even without an error Peter Hutterer (2): XListInputDevices: don't touch ndevices in case of error libXi 1.7.8 git tag: libXi-1.7.8

Joining in the release frenzy as well with a new version of libXi, the library interface to the X Input Extension. This version doesn't add new features but has seen numerous packaging cleanups and a number of miscellaneous fixes. Alan Coopersmith (1): Update Sun license notices to current X.Org standard form Carlos Garnacho (1): Fix typo when converting raw events from the wire.

One significant change here: libXi was using raw serial numbers in event cookies, the one read off the wire. All other events don't use that number but a Xlib-internal serial number which is similar but not always the same. This could cause events to look out of order. With this release, libXi is now using the same serial number for event cookies as it uses for all other events. Javier Pello

Alan Coopersmith (2): Update README for gitlab migration Update configure.ac bug URL for gitlab migration Alexander Bersenev (1): Fix the FIXME in XIValuatorClass case of copy_classes function in XExtInt.c Emil Velikov (1): autogen.sh: use quoted string variables Jeff Smith (1): _XIPassiveGrabDevice needs to set time value Matt Turner (2): Replace open-coded

A couple of important bugfixes that have accumulated over the last year. Cosimo Cecchi (1): Fix version check in _XIAllowEvents Julien Cristau (1): Advance the request buffer by the right amount in XIChangeHierarchy Michal Srb (7): Fix double unlock when _XiCheckExtInit return -1. XIChangeHierarchy: Add missing unlock. Do not return NoSuchExtension casted to

A few minor bugfixes, nothing exciting. Emilio Pozuelo Monfort (3): Plug a memory leak Check that allocating a buffer succeeded Fix possible free of uninitialized pointer Peter Hutterer (1): libXi 1.7.9 git tag: libXi-1.7.9 https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.9.tar.bz2 MD5: 1f0f2719c020655a60aee334ddd26d67 libXi-1.7.9.tar.bz2 SHA1:

Reindent with -bad -bap -c0 -cd0 -cp0 -ncdb -ci4 -cli0 -ncs -d0 -di4 -i4 -ip4 -l80 -npcs -psl -sob -ss -ce -sc -br -cdw -lp -cbi0. Bug #6286: Fix build on Cygwin. (Yaakov Selkowitz) Bug #5628 <https://bugs.freedesktop.org/show_bug.cgi?id=5628> Shadow pages not created correctly when MANDIR & MANSUFFIX don't match. CVS tag: libXi-1_0_1

This release is targeted for 7.2 RC2. Daniel Stone: fix indentation on function declarations Jamey Sharp: Don't call XInput_find_display in _XiCheckExtInit, while the Display lock is held. git tag: libXi-1.0.2 http://xorg.freedesktop.org/archive/individual/lib/libXi-1.0.2.tar.bz2 MD5: 4a5207a29a6b220e5462129854689844 libXi-1.0.2.tar.bz2 SHA1:

libXi is moving fast, and having tarballs can make it easier on testers. So here it is, the first libXi tarball including XI2. Changelog below includes all changes since the bump from the stable 1.2 branch. Note that libXi is not stable yet in regards to the XI2 API. Cheers, Peter Alan Coopersmith (2): Add README with pointers to mailing list, bugzilla & git repos Fix typo in

Matthieu Herrb (1): libXfixes 5.0.3 Tobias Stoeckmann (1): Integer overflow on illegal server response git tag: libXfixes-5.0.3 https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.bz2 MD5: 07e01e046a0215574f36a3aacb148be0 libXfixes-5.0.3.tar.bz2 SHA1: ca86342d129c02435a9ee46e38fdf1a04d6b4b91 libXfixes-5.0.3.tar.bz2 SHA256:

Matthieu Herrb (1): libXrandr 1.5.1 Tobias Stoeckmann (1): Avoid out of boundary accesses on illegal responses walter harms (2): fix: doGetScreenResources() info: redundant null check on calling free() fix: redundant null check on calling free() git tag: libXrandr-1.5.1 https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.bz2 MD5:

Lauri Kasanen (1): Fix documentation to explicitly mention premultiplied alpha Matthieu Herrb (1): libXrender 0.9.10 Tobias Stoeckmann (2): Avoid OOB write in XRenderQueryFilters Validate lengths while parsing server data. git tag: libXrender-0.9.10 https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.bz2 MD5: 802179a76bded0b658f4e9ec5e1830a4

Matthieu Herrb (1): libXtst 1.2.3 Michael Joost (1): Remove fallback for _XEatDataWords, require libX11 1.6 for it Tobias Stoeckmann (1): Out of boundary access and endless loop in libXtst git tag: libXtst-1.2.3 https://xorg.freedesktop.org/archive/individual/lib/libXtst-1.2.3.tar.bz2 MD5: ef8c2c1d16a00bd95b9fdcef63b8a2ca libXtst-1.2.3.tar.bz2 SHA1:

Alan Coopersmith (1): Fix typo in dependencies for lint library Matthieu Herrb (1): libXv 1.0.11 Tobias Stoeckmann (1): Protocol handling issues in libXv - CVE-2016-5407 git tag: libXv-1.0.11 https://xorg.freedesktop.org/archive/individual/lib/libXv-1.0.11.tar.bz2 MD5: 210b6ef30dda2256d54763136faa37b9 libXv-1.0.11.tar.bz2 SHA1: d79f9c56faedd682f420fa68bb9d7ff755b84579

Matthieu Herrb (1): libXvMC 1.0.10 Tobias Stoeckmann (1): Avoid buffer underflow on empty strings. git tag: libXvMC-1.0.10 https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.bz2 MD5: 4cbe1c1def7a5e1b0ed5fce8e512f4c6 libXvMC-1.0.10.tar.bz2 SHA1: 8c50ee4a43aff84d807da2122ec6b0d8e3ce4635 libXvMC-1.0.10.tar.bz2 SHA256:

Lauri Kasanen (1): Fix documentation to explicitly mention premultiplied alpha Matthieu Herrb (1): libXrender 0.9.10 Tobias Stoeckmann (2): Avoid OOB write in XRenderQueryFilters Validate lengths while parsing server data. git tag: libXrender-0.9.10 https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.bz2 MD5: 802179a76bded0b658f4e9ec5e1830a4

Alan Coopersmith (20): Move Compose \ o / to be with other emoji compose sequences Replace Xmalloc+memset pairs with Xcalloc calls Get rid of some extraneous ; at the end of C source lines Remove unused definition of XCONN_CHECK_FREQ Bug 93184: read_EncodingInfo invalid free Bug 93183: _XDefaultOpenIM memory leaks in out-of-memory error paths Delete #if 0

Jörg Sonnenberger (1): Fix abs() usage. Matthieu Herrb (1): libXpm 3.5.12 Tobias Stoeckmann (4): Fix out out boundary read on unknown colors Gracefully handle EOF while parsing files. Avoid OOB write when handling malicious XPM files. Handle size_t in file/buffer length git tag: libXpm-3.5.12