A collection of stability fixes here across glamor, Xwayland, input, and Prime support. Also a security fix for CVE-2017-2624, a timing attack which can brute-force MIT-MAGIC-COOKIE authentication. Everybody is encouraged to upgrade. Thanks to all who contributed fixes! Adam Jackson (5): xserver 1.19.2 Revert "xserver 1.19.2" os: Squash missing declaration warning for timingsafe_memcmp xserver 1.19.2 xserver 1.19.2, no, really Chris Wilson (3): xfree86: Take the input lock for xf86RecolorCursor xfree86: Take input lock for xf86TransparentCursor xfree86: Take input_lock() for xf86ScreenCheckHWCursor Matthieu Herrb (4): Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES CVE-2017-2624 Use arc4random_buf(3) if available to generate cookies. auth: remove AuthToIDFunc and associated functions. Not used anymore. Brown bag commit to fix 957e8d (arc4random_buf() support) Michel Dänzer (3): prime: Sync shared pixmap from root window instead of screen pixmap present: Allow flipping with PRIME slave outputs damage: Validate source pictures bound to windows before unwrapping Olivier Fourdan (5): xwayland: Apply output rotation for screen size xwayland: CRTC should support all rotations glamor: Two pass won't work on memory pixmaps xwayland: Make sure we have a focus window xwayland: do not set checkRepeat on master kbd Peter Hutterer (1): os: log a bug whenever WriteToClient is called from the input thread Svitozar Cherepii (1): xwayland: Add hack for FWXGA resolution #99574 git tag: xorg-server-1.19.2 https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.2.tar.bz2 MD5: d9f9e9f216d29f8220e76f8294507d85 xorg-server-1.19.2.tar.bz2 SHA1: da3ee5149de78ec9795bed1c94072e1c8f4bc473 xorg-server-1.19.2.tar.bz2 SHA256: 4f8ab9f4a1a885fe7550080555381b34b82858582559e8e3c4da96e3a85884bb xorg-server-1.19.2.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.2.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.2.tar.gz MD5: dfa411de6ce6fe35128d3b2e06941135 xorg-server-1.19.2.tar.gz SHA1: 3648335593b9d267e44737b89694d38b99e3aee4 xorg-server-1.19.2.tar.gz SHA256: 191d91d02c059c66747635e145c30bc1004e703fe3b74439e26c0d05d5c4d28b xorg-server-1.19.2.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.2.tar.gz.sig - ajax -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 201 bytes Desc: This is a digitally signed message part URL: <https://lists.x.org/archives/xorg-announce/attachments/20170302/7f22038d/attachment.sig>
On Thu, 2017-03-02 at 18:13 -0500, Adam Jackson wrote:> A collection of stability fixes here across glamor, Xwayland, input, > and Prime support. Also a security fix for CVE-2017-2624, a timing > attack which can brute-force MIT-MAGIC-COOKIE authentication. Everybody > is encouraged to upgrade. Thanks to all who contributed fixes!As several people have noticed, this tarballs is missing some of the standard buildsystem bits, such that you need to run autoreconf before ./configure. This is partly my fault for driving the release script incorrectly, and mostly autotools' fault for being sheer garbage. (Seriously, dear gnu project, please sunset autotools. It is a net loss to humanity at this point.) Once I beat the release tools into submission I'll upload 1.19.3 with otherwise the same content. Sorry for the mess. - ajax