Wed Dec 13 22:01:34 UTC 202320231213220134_15.0

patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz: Upgraded. This update addresses regressions when building against libxml2 that were due to header file refactoring. patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz: Rebuilt. This update fixes two security issues: Out-of-bounds memory write in XKB button actions. Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty. For more information, see: https://lists.x.org/archives/xorg/2023-December/061517.html https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz: Rebuilt. This update fixes two security issues: Out-of-bounds memory write in XKB button actions. Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty. For more information, see: https://lists.x.org/archives/xorg/2023-December/061517.html https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 (* Security fix *)
author: Patrick J Volkerding <volkerdi@slackware.com> 2023-12-13 22:01:34 +0000
committer: Eric Hameleers <alien@slackware.com> 2023-12-14 13:39:45 +0100
commit: 823a8c2cb79520c3c7692bbf4a4be64989a047e2 (patch)
tree: 85207710541bfb18b627bfaf01d36fd29607835d
parent: 653fd727bd247d30a7a3373be4825532b9838351 (diff)
download: current-823a8c2cb79520c3c7692bbf4a4be64989a047e2.tar.gz
current-823a8c2cb79520c3c7692bbf4a4be64989a047e2.tar.xz
17 files changed, 413 insertions, 66 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index cb89f9731..e2bb37e0b 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,46 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Tue, 12 Dec 2023 19:54:42 GMT</pubDate>
-      <lastBuildDate>Wed, 13 Dec 2023 12:30:30 GMT</lastBuildDate>
+      <pubDate>Wed, 13 Dec 2023 22:01:34 GMT</pubDate>
+      <lastBuildDate>Thu, 14 Dec 2023 12:39:12 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
       <item>
+         <title>Wed, 13 Dec 2023 22:01:34 GMT</title>
+         <pubDate>Wed, 13 Dec 2023 22:01:34 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20231213220134</link>
+         <guid isPermaLink="false">20231213220134</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz:  Upgraded.
+  This update addresses regressions when building against libxml2 that were
+  due to header file refactoring.
+patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
+  This update fixes two security issues:
+  Out-of-bounds memory write in XKB button actions.
+  Out-of-bounds memory read in RRChangeOutputProperty and
+  RRChangeProviderProperty.
+  For more information, see:
+    https://lists.x.org/archives/xorg/2023-December/061517.html
+    https://www.cve.org/CVERecord?id=CVE-2023-6377
+    https://www.cve.org/CVERecord?id=CVE-2023-6478
+  (* Security fix *)
+patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz:  Rebuilt.
+  This update fixes two security issues:
+  Out-of-bounds memory write in XKB button actions.
+  Out-of-bounds memory read in RRChangeOutputProperty and
+  RRChangeProviderProperty.
+  For more information, see:
+    https://lists.x.org/archives/xorg/2023-December/061517.html
+    https://www.cve.org/CVERecord?id=CVE-2023-6377
+    https://www.cve.org/CVERecord?id=CVE-2023-6478
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
+      <item>
          <title>Tue, 12 Dec 2023 19:54:42 GMT</title>
          <pubDate>Tue, 12 Dec 2023 19:54:42 GMT</pubDate>
          <link>https://git.slackware.nl/current/tag/?h=20231212195442</link>
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 9682dae01..748ab7d69 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,31 @@
+Wed Dec 13 22:01:34 UTC 2023
+patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz:  Upgraded.
+  This update addresses regressions when building against libxml2 that were
+  due to header file refactoring.
+patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
+  This update fixes two security issues:
+  Out-of-bounds memory write in XKB button actions.
+  Out-of-bounds memory read in RRChangeOutputProperty and
+  RRChangeProviderProperty.
+  For more information, see:
+    https://lists.x.org/archives/xorg/2023-December/061517.html
+    https://www.cve.org/CVERecord?id=CVE-2023-6377
+    https://www.cve.org/CVERecord?id=CVE-2023-6478
+  (* Security fix *)
+patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz:  Rebuilt.
+  This update fixes two security issues:
+  Out-of-bounds memory write in XKB button actions.
+  Out-of-bounds memory read in RRChangeOutputProperty and
+  RRChangeProviderProperty.
+  For more information, see:
+    https://lists.x.org/archives/xorg/2023-December/061517.html
+    https://www.cve.org/CVERecord?id=CVE-2023-6377
+    https://www.cve.org/CVERecord?id=CVE-2023-6478
+  (* Security fix *)
++--------------------------+
 Tue Dec 12 19:54:42 UTC 2023
 patches/packages/mozilla-thunderbird-115.5.2-x86_64-1_slack15.0.txz:  Upgraded.
   This is a bugfix release.
diff --git a/FILELIST.TXT b/FILELIST.TXT
index 904f51b2c..71adcf3dd 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,20 +1,20 @@
-Tue Dec 12 19:58:25 UTC 2023
+Wed Dec 13 22:07:38 UTC 2023
 
 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.
 
-drwxr-xr-x 12 root root      4096 2023-12-12 19:54 .
+drwxr-xr-x 12 root root      4096 2023-12-13 22:01 .
 -rw-r--r--  1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--  1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
--rw-r--r--  1 root root   1203236 2023-12-10 01:17 ./CHECKSUMS.md5
--rw-r--r--  1 root root       163 2023-12-10 01:17 ./CHECKSUMS.md5.asc
+-rw-r--r--  1 root root   1203236 2023-12-12 19:58 ./CHECKSUMS.md5
+-rw-r--r--  1 root root       163 2023-12-12 19:58 ./CHECKSUMS.md5.asc
 -rw-r--r--  1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--  1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--  1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--  1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r--  1 root root   2071565 2023-12-12 19:54 ./ChangeLog.txt
+-rw-r--r--  1 root root   2072975 2023-12-13 22:01 ./ChangeLog.txt
 drwxr-xr-x  3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--  1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@@ -25,7 +25,7 @@ drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x  1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--  1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--  1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r--  1 root root   1573010 2023-12-10 01:17 ./FILELIST.TXT
+-rw-r--r--  1 root root   1573010 2023-12-12 19:58 ./FILELIST.TXT
 -rw-r--r--  1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--  1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--  1 root root      8034 2022-02-02 03:36 ./README.TXT
@@ -770,13 +770,13 @@ drwxr-xr-x  2 root root      4096 2022-12-17 19:52 ./pasture/source/samba
 -rw-r--r--  1 root root      7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
 -rw-r--r--  1 root root      7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
 -rw-r--r--  1 root root       536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x  4 root root      4096 2023-12-12 19:58 ./patches
--rw-r--r--  1 root root     91913 2023-12-12 19:58 ./patches/CHECKSUMS.md5
--rw-r--r--  1 root root       163 2023-12-12 19:58 ./patches/CHECKSUMS.md5.asc
--rw-r--r--  1 root root    125054 2023-12-12 19:58 ./patches/FILE_LIST
--rw-r--r--  1 root root  14547119 2023-12-12 19:58 ./patches/MANIFEST.bz2
--rw-r--r--  1 root root     67679 2023-12-12 19:58 ./patches/PACKAGES.TXT
-drwxr-xr-x  4 root root     28672 2023-12-12 19:58 ./patches/packages
+drwxr-xr-x  4 root root      4096 2023-12-13 22:07 ./patches
+-rw-r--r--  1 root root     92291 2023-12-13 22:07 ./patches/CHECKSUMS.md5
+-rw-r--r--  1 root root       163 2023-12-13 22:07 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--  1 root root    125500 2023-12-13 22:07 ./patches/FILE_LIST
+-rw-r--r--  1 root root  14538990 2023-12-13 22:07 ./patches/MANIFEST.bz2
+-rw-r--r--  1 root root     67683 2023-12-13 22:07 ./patches/PACKAGES.TXT
+drwxr-xr-x  4 root root     28672 2023-12-13 22:07 ./patches/packages
 -rw-r--r--  1 root root       360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@@ -921,9 +921,9 @@ drwxr-xr-x  4 root root     28672 2023-12-12 19:58 ./patches/packages
 -rw-r--r--  1 root root       498 2023-09-14 17:26 ./patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    358924 2023-09-14 17:26 ./patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-09-14 17:26 ./patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz.asc
--rw-r--r--  1 root root       518 2023-12-10 00:58 ./patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txt
--rw-r--r--  1 root root   1162520 2023-12-10 00:58 ./patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz
--rw-r--r--  1 root root       163 2023-12-10 00:58 ./patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz.asc
+-rw-r--r--  1 root root       518 2023-12-13 20:18 ./patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txt
+-rw-r--r--  1 root root   1161892 2023-12-13 20:18 ./patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-12-13 20:18 ./patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz.asc
 -rw-r--r--  1 root root       219 2022-03-01 04:56 ./patches/packages/libxslt-1.1.35-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    375568 2022-03-01 04:56 ./patches/packages/libxslt-1.1.35-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-03-01 04:56 ./patches/packages/libxslt-1.1.35-x86_64-1_slack15.0.txz.asc
@@ -1076,21 +1076,21 @@ drwxr-xr-x  2 root root      4096 2023-06-23 18:50 ./patches/packages/old-linux-
 -rw-r--r--  1 root root       377 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    801956 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz.asc
--rw-r--r--  1 root root       670 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txt
--rw-r--r--  1 root root   1779800 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz
--rw-r--r--  1 root root       163 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz.asc
--rw-r--r--  1 root root       370 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt
--rw-r--r--  1 root root    869132 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz
--rw-r--r--  1 root root       163 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz.asc
--rw-r--r--  1 root root       592 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt
--rw-r--r--  1 root root    605108 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz
--rw-r--r--  1 root root       163 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz.asc
--rw-r--r--  1 root root       689 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt
--rw-r--r--  1 root root    731384 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz
--rw-r--r--  1 root root       163 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz.asc
--rw-r--r--  1 root root       816 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt
--rw-r--r--  1 root root    816792 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz
--rw-r--r--  1 root root       163 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz.asc
+-rw-r--r--  1 root root       670 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txt
+-rw-r--r--  1 root root   1780124 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz.asc
+-rw-r--r--  1 root root       370 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txt
+-rw-r--r--  1 root root    869204 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz.asc
+-rw-r--r--  1 root root       592 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txt
+-rw-r--r--  1 root root    605124 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz.asc
+-rw-r--r--  1 root root       689 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txt
+-rw-r--r--  1 root root    731156 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz.asc
+-rw-r--r--  1 root root       816 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txt
+-rw-r--r--  1 root root    816656 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz.asc
 -rw-r--r--  1 root root       463 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   9161204 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz.asc
@@ -1103,7 +1103,7 @@ drwxr-xr-x  2 root root      4096 2023-06-23 18:50 ./patches/packages/old-linux-
 -rw-r--r--  1 root root       463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 97 root root      4096 2023-12-12 18:08 ./patches/source
+drwxr-xr-x 97 root root      4096 2023-12-13 20:27 ./patches/source
 drwxr-xr-x  2 root root      4096 2023-09-26 19:22 ./patches/source/Cython
 -rw-r--r--  1 root root   1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
 -rwxr-xr-x  1 root root      3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@@ -1501,9 +1501,9 @@ drwxr-xr-x  2 root root      4096 2023-09-14 17:24 ./patches/source/libwebp
 -rwxr-xr-x  1 root root      5226 2023-09-14 17:25 ./patches/source/libwebp/libwebp.SlackBuild
 -rw-r--r--  1 root root        49 2022-01-21 19:13 ./patches/source/libwebp/libwebp.url
 -rw-r--r--  1 root root       985 2018-02-27 06:12 ./patches/source/libwebp/slack-desc
-drwxr-xr-x  2 root root      4096 2023-12-09 19:10 ./patches/source/libxml2
+drwxr-xr-x  2 root root      4096 2023-12-13 20:16 ./patches/source/libxml2
 -rw-r--r--  1 root root      1254 2023-12-06 00:00 ./patches/source/libxml2/libxml2-2.12.0-python3-unicode-errors.patch
--rw-r--r--  1 root root   2642336 2023-12-05 19:59 ./patches/source/libxml2/libxml2-2.12.2.tar.xz
+-rw-r--r--  1 root root   2641720 2023-12-12 14:59 ./patches/source/libxml2/libxml2-2.12.3.tar.xz
 -rwxr-xr-x  1 root root      5073 2023-12-10 00:55 ./patches/source/libxml2/libxml2.SlackBuild
 -rw-r--r--  1 root root       114 2022-08-27 18:08 ./patches/source/libxml2/libxml2.url
 -rw-r--r--  1 root root       973 2018-02-27 06:49 ./patches/source/libxml2/slack-desc
@@ -2020,7 +2020,7 @@ drwxr-xr-x  2 root root      4096 2022-11-16 19:13 ./patches/source/xfce4-settin
 -rw-r--r--  1 root root        83 2022-11-09 20:26 ./patches/source/xfce4-settings/xfce4-settings.url
 -rw-r--r--  1 root root       543 2012-07-19 19:32 ./patches/source/xfce4-settings/xfce4-settings.xft.defaults.diff.gz
 drwxr-xr-x 10 root root      4096 2022-07-12 20:19 ./patches/source/xorg-server
-drwxr-xr-x  2 root root      4096 2023-10-25 18:36 ./patches/source/xorg-server-xwayland
+drwxr-xr-x  2 root root      4096 2023-12-13 20:11 ./patches/source/xorg-server-xwayland
 -rw-r--r--  1 root root      1175 2022-07-12 17:02 ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
 -rw-r--r--  1 root root      2243 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch.gz
 -rw-r--r--  1 root root      1923 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch.gz
@@ -2037,13 +2037,15 @@ drwxr-xr-x  2 root root      4096 2023-10-25 18:36 ./patches/source/xorg-server-
 -rw-r--r--  1 root root       605 2023-02-07 19:33 ./patches/source/xorg-server-xwayland/CVE-2023-0494.patch.gz
 -rw-r--r--  1 root root       792 2023-03-29 18:09 ./patches/source/xorg-server-xwayland/CVE-2023-1393.patch.gz
 -rw-r--r--  1 root root      1127 2023-10-25 18:35 ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch.gz
+-rw-r--r--  1 root root      1150 2023-12-13 20:03 ./patches/source/xorg-server-xwayland/CVE-2023-6377.patch.gz
+-rw-r--r--  1 root root       972 2023-12-13 20:03 ./patches/source/xorg-server-xwayland/CVE-2023-6478.patch.gz
 -rw-r--r--  1 root root      1287 2021-04-18 18:21 ./patches/source/xorg-server-xwayland/slack-desc
--rwxr-xr-x  1 root root      6585 2023-10-25 18:37 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
+-rwxr-xr-x  1 root root      6746 2023-12-13 20:11 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
 -rw-r--r--  1 root root   1261712 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz
 -rw-r--r--  1 root root        95 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz.sig
 -rw-r--r--  1 root root       376 2021-01-16 18:58 ./patches/source/xorg-server/arch.use.flags
 drwxr-xr-x  2 root root      4096 2013-04-18 22:42 ./patches/source/xorg-server/build
--rw-r--r--  1 root root        12 2023-10-25 18:41 ./patches/source/xorg-server/build/xorg-server
+-rw-r--r--  1 root root        13 2023-12-13 20:06 ./patches/source/xorg-server/build/xorg-server
 drwxr-xr-x  2 root root      4096 2022-07-12 19:51 ./patches/source/xorg-server/configure
 -rw-r--r--  1 root root      3140 2021-12-26 22:45 ./patches/source/xorg-server/configure/xorg-server
 drwxr-xr-x  2 root root      4096 2013-04-18 22:43 ./patches/source/xorg-server/doinst.sh
@@ -2053,8 +2055,8 @@ drwxr-xr-x  2 root root      4096 2022-07-12 19:52 ./patches/source/xorg-server/
 -rw-r--r--  1 root root      1189 2018-05-03 12:16 ./patches/source/xorg-server/noarch
 -rw-r--r--  1 root root       833 2019-12-09 18:56 ./patches/source/xorg-server/package-blacklist
 drwxr-xr-x  3 root root      4096 2023-02-07 20:15 ./patches/source/xorg-server/patch
-drwxr-xr-x  2 root root      4096 2023-10-25 18:40 ./patches/source/xorg-server/patch/xorg-server
--rw-r--r--  1 root root      5193 2023-10-25 18:41 ./patches/source/xorg-server/patch/xorg-server.patch
+drwxr-xr-x  2 root root      4096 2023-12-13 20:05 ./patches/source/xorg-server/patch/xorg-server
+-rw-r--r--  1 root root      5499 2023-12-13 20:05 ./patches/source/xorg-server/patch/xorg-server.patch
 -rw-r--r--  1 root root       623 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch.gz
 -rw-r--r--  1 root root      3846 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-autobind-GPUs-to-the-screen.patch.gz
 -rw-r--r--  1 root root      1175 2022-07-12 17:02 ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
@@ -2077,6 +2079,8 @@ drwxr-xr-x  2 root root      4096 2023-10-25 18:40 ./patches/source/xorg-server/
 -rw-r--r--  1 root root       792 2023-03-29 18:09 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch.gz
 -rw-r--r--  1 root root      1127 2023-10-25 18:35 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch.gz
 -rw-r--r--  1 root root      1534 2023-10-25 18:40 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch.gz
+-rw-r--r--  1 root root      1150 2023-12-13 20:03 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch.gz
+-rw-r--r--  1 root root       972 2023-12-13 20:03 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch.gz
 -rw-r--r--  1 root root       298 2018-05-30 05:02 ./patches/source/xorg-server/patch/xorg-server/fix-nouveau-segfault.diff.gz
 -rw-r--r--  1 root root       357 2020-09-11 18:38 ./patches/source/xorg-server/patch/xorg-server/fix-pci-segfault.diff.gz
 -rw-r--r--  1 root root       340 2012-04-14 03:01 ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff.gz
@@ -2706,12 +2710,12 @@ drwxr-xr-x  2 root root     20480 2022-02-02 04:20 ./slackware64/ap
 -rw-r--r--  1 root root       163 2021-10-10 21:42 ./slackware64/ap/sc-im-20210927_64b1a41-x86_64-1.txz.asc
 -rw-r--r--  1 root root       653 2022-02-02 02:13 ./slackware64/ap/screen-4.9.0-x86_64-1.txt
 -rw-r--r--  1 root root    550196 2022-02-02 02:13 ./slackware64/ap/screen-4.9.0-x86_64-1.txz
--rw-r--r--  1 root root       163 2022-02-02 02:13 ./slackware64/ap/screen-4.9.0-x86_64-1.txz.asc
--rw-r--r--  1 root root       452 2021-02-13 11:43 ./slackware64/ap/seejpeg-1.10-x86_64-4.txt
--rw-r--r--  1 root root     56116 2021-02-13 11:43 ./slackware64/ap/seejpeg-1.10-x86_64-4.txz
--rw-r--r--  1 root root       163 2021-02-13 11:43 ./slackware64/ap/seejpeg-1.10-x86_64-4.txz.asc
--rw-r--r--  1 root root       556 2022-01-17 19:27 ./slackware64/ap/slackpkg-15.0.10-noarch-1.txt
--rw-r--r--  1 root root    179800 2022-01-17 19:27 ./slackware64/ap/slackpkg-15.0.10-noarch-1.txz
+-rw-r--r-- 1 root root       163 2022-02-02 02:13 ./slackware64/ap/screen-4.9.0-x86_64-1.txz.asc
+-rw-r--r-- 1 root root       452 2021-02-13 11:43 ./slackware64/ap/seejpeg-1.10-x86_64-4.txt
+-rw-r--r-- 1 root root     56116 2021-02-13 11:43 ./slackware64/ap/seejpeg-1.10-x86_64-4.txz
+-rw-r--r-- 1 root root       163 2021-02-13 11:43 ./slackware64/ap/seejpeg-1.10-x86_64-4.txz.asc
+-rw-r--r-- 1 root root       556 2022-01-17 19:27 ./slackware64/ap/slackpkg-15.0.10-noarch-1.txt
+-rw-r--r-- 1 root root    179800 2022-01-17 19:27 ./slackware64/ap/slackpkg-15.0.10-noarch-1.txz
 -rw-r--r-- 1 root root       163 2022-01-17 19:27 ./slackware64/ap/slackpkg-15.0.10-noarch-1.txz.asc
 -rw-r--r-- 1 root root       298 2021-02-13 11:43 ./slackware64/ap/soma-3.3.7-noarch-2.txt
 -rw-r--r-- 1 root root     31044 2021-02-13 11:43 ./slackware64/ap/soma-3.3.7-noarch-2.txz
@@ -5444,10 +5448,10 @@ drwxr-xr-x 2 root root     32768 2022-02-01 04:47 ./slackware64/n
 -rw-r--r-- 1 root root       413 2021-02-13 12:10 ./slackware64/n/libnetfilter_acct-1.0.3-x86_64-4.txt
 -rw-r--r-- 1 root root     14808 2021-02-13 12:10 ./slackware64/n/libnetfilter_acct-1.0.3-x86_64-4.txz
 -rw-r--r-- 1 root root       163 2021-02-13 12:10 ./slackware64/n/libnetfilter_acct-1.0.3-x86_64-4.txz.asc
--rw-r--r-- 1 root root       600 2021-02-13 12:10 ./slackware64/n/libnetfilter_conntrack-1.0.8-x86_64-3.txt
--rw-r--r-- 1 root root     49656 2021-02-13 12:10 ./slackware64/n/libnetfilter_conntrack-1.0.8-x86_64-3.txz
--rw-r--r-- 1 root root       163 2021-02-13 12:10 ./slackware64/n/libnetfilter_conntrack-1.0.8-x86_64-3.txz.asc
--rw-r--r-- 1 root root       617 2021-02-13 12:10 ./slackware64/n/libnetfilter_cthelper-1.0.0-x86_64-4.txt
+-rw-r--r--   1 root root      600 2021-02-13 12:10 ./slackware64/n/libnetfilter_conntrack-1.0.8-x86_64-3.txt
+-rw-r--r--   1 root root    49656 2021-02-13 12:10 ./slackware64/n/libnetfilter_conntrack-1.0.8-x86_64-3.txz
+-rw-r--r--   1 root root      163 2021-02-13 12:10 ./slackware64/n/libnetfilter_conntrack-1.0.8-x86_64-3.txz.asc
+-rw-r--r--   1 root root      617 2021-02-13 12:10 ./slackware64/n/libnetfilter_cthelper-1.0.0-x86_64-4.txt
 -rw-r--r--   1 root root    12932 2021-02-13 12:10 ./slackware64/n/libnetfilter_cthelper-1.0.0-x86_64-4.txz
 -rw-r--r--   1 root root      163 2021-02-13 12:10 ./slackware64/n/libnetfilter_cthelper-1.0.0-x86_64-4.txz.asc
 -rw-r--r--   1 root root      584 2021-02-13 12:10 ./slackware64/n/libnetfilter_cttimeout-1.0.0-x86_64-4.txt
@@ -8502,13 +8506,13 @@ drwxr-xr-x   2 root root     4096 2022-02-02 02:08 ./source/ap/screen
 -rw-r--r--   1 root root      693 2014-07-26 12:01 ./source/ap/screen/52fix_screen_utf8_nfd.patch.gz
 -rw-r--r--   1 root root      341 2016-08-23 17:08 ./source/ap/screen/60-revert-screenrc-change.diff.gz
 -rw-r--r--   1 root root      350 2020-02-07 00:25 ./source/ap/screen/doinst.sh.gz
--rw-r--r--   1 root root   571934 2022-02-01 16:01 ./source/ap/screen/screen-4.9.0.tar.lz
--rwxr-xr-x   1 root root     5380 2022-02-02 02:13 ./source/ap/screen/screen.SlackBuild
--rw-r--r--   1 root root       77 2014-07-26 21:04 ./source/ap/screen/screen.pam
--rw-r--r--   1 root root     1107 2018-02-27 06:12 ./source/ap/screen/slack-desc
-drwxr-xr-x   2 root root     4096 2021-02-13 05:31 ./source/ap/seejpeg
--rw-r--r--   1 root root      227 2000-04-30 06:01 ./source/ap/seejpeg/_seejpeg.tar.gz
--rw-r--r--   1 root root   500701 1996-07-25 23:00 ./source/ap/seejpeg/libjpeg-6a.tar.gz
+-rw-r--r--   1 root root    571934 2022-02-01 16:01 ./source/ap/screen/screen-4.9.0.tar.lz
+-rwxr-xr-x   1 root root      5380 2022-02-02 02:13 ./source/ap/screen/screen.SlackBuild
+-rw-r--r--   1 root root        77 2014-07-26 21:04 ./source/ap/screen/screen.pam
+-rw-r--r--   1 root root      1107 2018-02-27 06:12 ./source/ap/screen/slack-desc
+drwxr-xr-x   2 root root      4096 2021-02-13 05:31 ./source/ap/seejpeg
+-rw-r--r--   1 root root       227 2000-04-30 06:01 ./source/ap/seejpeg/_seejpeg.tar.gz
+-rw-r--r--   1 root root    500701 1996-07-25 23:00 ./source/ap/seejpeg/libjpeg-6a.tar.gz
 -rw-r--r--   1 root root       654 2000-04-30 05:52 ./source/ap/seejpeg/seejpeg-1.10.diff.gz
 -rw-r--r--   1 root root       855 1999-11-09 00:03 ./source/ap/seejpeg/seejpeg-1.10.lsm
 -rw-r--r--   1 root root     46550 1999-11-09 00:03 ./source/ap/seejpeg/seejpeg-1.10.tgz
@@ -14987,12 +14991,12 @@ drwxr-xr-x   2 root root     12288 2021-11-29 19:51 ./source/x/x11/build
 -rw-r--r--   1 root root         3 2021-02-13 05:35 ./source/x/x11/build/xdm
 -rw-r--r--   1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xdpyinfo
 -rw-r--r--   1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xdriinfo
--rw-r--r--   1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xedit
--rw-r--r--   1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xev
--rw-r--r--   1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xextproto
--rw-r--r--   1 root root         2 2021-08-02 17:59 ./source/x/x11/build/xeyes
--rw-r--r--   1 root root         3 2021-02-13 05:35 ./source/x/x11/build/xf86-input-acecad
--rw-r--r--   1 root root         3 2021-02-13 05:35 ./source/x/x11/build/xf86-input-aiptek
+-rw-r--r--  1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xedit
+-rw-r--r--  1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xev
+-rw-r--r--  1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xextproto
+-rw-r--r--  1 root root         2 2021-08-02 17:59 ./source/x/x11/build/xeyes
+-rw-r--r--  1 root root         3 2021-02-13 05:35 ./source/x/x11/build/xf86-input-acecad
+-rw-r--r--  1 root root         3 2021-02-13 05:35 ./source/x/x11/build/xf86-input-aiptek
 -rw-r--r--  1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xf86-input-evdev
 -rw-r--r--  1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xf86-input-joystick
 -rw-r--r--  1 root root         2 2021-02-13 05:35 ./source/x/x11/build/xf86-input-keyboard
diff --git a/patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txt b/patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txt
index 2bea28102..2bea28102 100644
--- a/patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txt
+++ b/patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txt
diff --git a/patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txt b/patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txt
index ec0248ea9..ec0248ea9 100644
--- a/patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txt
+++ b/patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txt
diff --git a/patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt b/patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txt
index 2ffb35f60..2ffb35f60 100644
--- a/patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt
+++ b/patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txt
diff --git a/patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt b/patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txt
index 9c7075278..9c7075278 100644
--- a/patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt
+++ b/patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txt
diff --git a/patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt b/patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txt
index 675c628db..675c628db 100644
--- a/patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt
+++ b/patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txt
diff --git a/patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt b/patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txt
index 44e18f2cf..44e18f2cf 100644
--- a/patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt
+++ b/patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txt
diff --git a/patches/source/xorg-server-xwayland/CVE-2023-6377.patch b/patches/source/xorg-server-xwayland/CVE-2023-6377.patch
new file mode 100644
index 000000000..4e2fca615
--- /dev/null
+++ b/patches/source/xorg-server-xwayland/CVE-2023-6377.patch
@@ -0,0 +1,75 @@
+From 0c1a93d319558fe3ab2d94f51d174b4f93810afd Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 28 Nov 2023 15:19:04 +1000
+Subject: [PATCH] Xi: allocate enough XkbActions for our buttons
+
+button->xkb_acts is supposed to be an array sufficiently large for all
+our buttons, not just a single XkbActions struct. Allocating
+insufficient memory here means when we memcpy() later in
+XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
+leading to the usual security ooopsiedaisies.
+
+CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ Xi/exevents.c | 12 ++++++------
+ dix/devices.c | 10 ++++++++++
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index dcd4efb3bc..54ea11a938 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+         }
+ 
+         if (from->button->xkb_acts) {
+-            if (!to->button->xkb_acts) {
+-                to->button->xkb_acts = calloc(1, sizeof(XkbAction));
+-                if (!to->button->xkb_acts)
+-                    FatalError("[Xi] not enough memory for xkb_acts.\n");
+-            }
++            size_t maxbuttons = max(to->button->numButtons, from->button->numButtons);
++            to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
++                                                   maxbuttons,
++                                                   sizeof(XkbAction));
++            memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
+             memcpy(to->button->xkb_acts, from->button->xkb_acts,
+-                   sizeof(XkbAction));
++                   from->button->numButtons * sizeof(XkbAction));
+         }
+         else {
+             free(to->button->xkb_acts);
+diff --git a/dix/devices.c b/dix/devices.c
+index b063128df0..3f3224d626 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -2539,6 +2539,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+ 
+     if (master->button && master->button->numButtons != maxbuttons) {
+         int i;
++        int last_num_buttons = master->button->numButtons;
++
+         DeviceChangedEvent event = {
+             .header = ET_Internal,
+             .type = ET_DeviceChanged,
+@@ -2549,6 +2551,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+         };
+ 
+         master->button->numButtons = maxbuttons;
++        if (last_num_buttons < maxbuttons) {
++            master->button->xkb_acts = xnfreallocarray(master->button->xkb_acts,
++                                                       maxbuttons,
++                                                       sizeof(XkbAction));
++            memset(&master->button->xkb_acts[last_num_buttons],
++                   0,
++                   (maxbuttons - last_num_buttons) * sizeof(XkbAction));
++        }
+ 
+         memcpy(&event.buttons.names, master->button->labels, maxbuttons *
+                sizeof(Atom));
+-- 
+GitLab
+
diff --git a/patches/source/xorg-server-xwayland/CVE-2023-6478.patch b/patches/source/xorg-server-xwayland/CVE-2023-6478.patch
new file mode 100644
index 000000000..ed2044c7d
--- /dev/null
+++ b/patches/source/xorg-server-xwayland/CVE-2023-6478.patch
@@ -0,0 +1,59 @@
+From 14f480010a93ff962fef66a16412fafff81ad632 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 27 Nov 2023 16:27:49 +1000
+Subject: [PATCH] randr: avoid integer truncation in length check of
+ ProcRRChange*Property
+
+Affected are ProcRRChangeProviderProperty and ProcRRChangeOutputProperty.
+See also xserver@8f454b79 where this same bug was fixed for the core
+protocol and XI.
+
+This fixes an OOB read and the resulting information disclosure.
+
+Length calculation for the request was clipped to a 32-bit integer. With
+the correct stuff->nUnits value the expected request size was
+truncated, passing the REQUEST_FIXED_SIZE check.
+
+The server then proceeded with reading at least stuff->num_items bytes
+(depending on stuff->format) from the request and stuffing whatever it
+finds into the property. In the process it would also allocate at least
+stuff->nUnits bytes, i.e. 4GB.
+
+CVE-2023-6478, ZDI-CAN-22561
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ randr/rrproperty.c         | 2 +-
+ randr/rrproviderproperty.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index 25469f57b2..c4fef8a1f6 100644
+--- a/randr/rrproperty.c
++++ b/randr/rrproperty.c
+@@ -530,7 +530,7 @@ ProcRRChangeOutputProperty(ClientPtr client)
+     char format, mode;
+     unsigned long len;
+     int sizeInBytes;
+-    int totalSize;
++    uint64_t totalSize;
+     int err;
+ 
+     REQUEST_AT_LEAST_SIZE(xRRChangeOutputPropertyReq);
+diff --git a/randr/rrproviderproperty.c b/randr/rrproviderproperty.c
+index b79c17f9bf..90c5a9a933 100644
+--- a/randr/rrproviderproperty.c
++++ b/randr/rrproviderproperty.c
+@@ -498,7 +498,7 @@ ProcRRChangeProviderProperty(ClientPtr client)
+     char format, mode;
+     unsigned long len;
+     int sizeInBytes;
+-    int totalSize;
++    uint64_t totalSize;
+     int err;
+ 
+     REQUEST_AT_LEAST_SIZE(xRRChangeProviderPropertyReq);
+-- 
+GitLab
+
diff --git a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
index 16b56263b..fe617accc 100755
--- a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
+++ b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 PKGNAM=xorg-server-xwayland
 SRCNAM=xwayland
 VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-8_slack15.0}
+BUILD=${BUILD:-9_slack15.0}
 
 # Default font paths to be used by the X server:
 DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic"
@@ -113,6 +113,10 @@ zcat $CWD/857.patch.gz | patch -p1 --verbose || exit 1
 # Patch another security issue:
 zcat $CWD/CVE-2023-5367.patch.gz | patch -p1 --verbose || exit 1
 
+# Patch more security issues:
+zcat $CWD/CVE-2023-6377.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/CVE-2023-6478.patch.gz | patch -p1 --verbose || exit 1
+
 # Configure, build, and install:
 export CFLAGS="$SLKCFLAGS"
 export CXXFLAGS="$SLKCFLAGS"
diff --git a/patches/source/xorg-server/build/xorg-server b/patches/source/xorg-server/build/xorg-server
index 7970fef66..92794e1d7 100644
--- a/patches/source/xorg-server/build/xorg-server
+++ b/patches/source/xorg-server/build/xorg-server
@@ -1 +1 @@
-9_slack15.0
+10_slack15.0
diff --git a/patches/source/xorg-server/patch/xorg-server.patch b/patches/source/xorg-server/patch/xorg-server.patch
index a9dc46a2f..fa924f1f7 100644
--- a/patches/source/xorg-server/patch/xorg-server.patch
+++ b/patches/source/xorg-server/patch/xorg-server.patch
@@ -64,3 +64,6 @@ zcat $CWD/patch/xorg-server/CVE-2023-1393.patch.gz | patch -p1 --verbose || { to
 zcat $CWD/patch/xorg-server/CVE-2023-5367.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
 zcat $CWD/patch/xorg-server/CVE-2023-5380.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
 
+# Patch more security issues:
+zcat $CWD/patch/xorg-server/CVE-2023-6377.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+zcat $CWD/patch/xorg-server/CVE-2023-6478.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch
new file mode 100644
index 000000000..4e2fca615
--- /dev/null
+++ b/patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch
@@ -0,0 +1,75 @@
+From 0c1a93d319558fe3ab2d94f51d174b4f93810afd Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 28 Nov 2023 15:19:04 +1000
+Subject: [PATCH] Xi: allocate enough XkbActions for our buttons
+
+button->xkb_acts is supposed to be an array sufficiently large for all
+our buttons, not just a single XkbActions struct. Allocating
+insufficient memory here means when we memcpy() later in
+XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
+leading to the usual security ooopsiedaisies.
+
+CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ Xi/exevents.c | 12 ++++++------
+ dix/devices.c | 10 ++++++++++
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index dcd4efb3bc..54ea11a938 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+         }
+ 
+         if (from->button->xkb_acts) {
+-            if (!to->button->xkb_acts) {
+-                to->button->xkb_acts = calloc(1, sizeof(XkbAction));
+-                if (!to->button->xkb_acts)
+-                    FatalError("[Xi] not enough memory for xkb_acts.\n");
+-            }
++            size_t maxbuttons = max(to->button->numButtons, from->button->numButtons);
++            to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
++                                                   maxbuttons,
++                                                   sizeof(XkbAction));
++            memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
+             memcpy(to->button->xkb_acts, from->button->xkb_acts,
+-                   sizeof(XkbAction));
++                   from->button->numButtons * sizeof(XkbAction));
+         }
+         else {
+             free(to->button->xkb_acts);
+diff --git a/dix/devices.c b/dix/devices.c
+index b063128df0..3f3224d626 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -2539,6 +2539,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+ 
+     if (master->button && master->button->numButtons != maxbuttons) {
+         int i;
++        int last_num_buttons = master->button->numButtons;
++
+         DeviceChangedEvent event = {
+             .header = ET_Internal,
+             .type = ET_DeviceChanged,
+@@ -2549,6 +2551,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+         };
+ 
+         master->button->numButtons = maxbuttons;
++        if (last_num_buttons < maxbuttons) {
++            master->button->xkb_acts = xnfreallocarray(master->button->xkb_acts,
++                                                       maxbuttons,
++                                                       sizeof(XkbAction));
++            memset(&master->button->xkb_acts[last_num_buttons],
++                   0,
++                   (maxbuttons - last_num_buttons) * sizeof(XkbAction));
++        }
+ 
+         memcpy(&event.buttons.names, master->button->labels, maxbuttons *
+                sizeof(Atom));
+-- 
+GitLab
+
diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch
new file mode 100644
index 000000000..ed2044c7d
--- /dev/null
+++ b/patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch
@@ -0,0 +1,59 @@
+From 14f480010a93ff962fef66a16412fafff81ad632 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 27 Nov 2023 16:27:49 +1000
+Subject: [PATCH] randr: avoid integer truncation in length check of
+ ProcRRChange*Property
+
+Affected are ProcRRChangeProviderProperty and ProcRRChangeOutputProperty.
+See also xserver@8f454b79 where this same bug was fixed for the core
+protocol and XI.
+
+This fixes an OOB read and the resulting information disclosure.
+
+Length calculation for the request was clipped to a 32-bit integer. With
+the correct stuff->nUnits value the expected request size was
+truncated, passing the REQUEST_FIXED_SIZE check.
+
+The server then proceeded with reading at least stuff->num_items bytes
+(depending on stuff->format) from the request and stuffing whatever it
+finds into the property. In the process it would also allocate at least
+stuff->nUnits bytes, i.e. 4GB.
+
+CVE-2023-6478, ZDI-CAN-22561
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ randr/rrproperty.c         | 2 +-
+ randr/rrproviderproperty.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index 25469f57b2..c4fef8a1f6 100644
+--- a/randr/rrproperty.c
++++ b/randr/rrproperty.c
+@@ -530,7 +530,7 @@ ProcRRChangeOutputProperty(ClientPtr client)
+     char format, mode;
+     unsigned long len;
+     int sizeInBytes;
+-    int totalSize;
++    uint64_t totalSize;
+     int err;
+ 
+     REQUEST_AT_LEAST_SIZE(xRRChangeOutputPropertyReq);
+diff --git a/randr/rrproviderproperty.c b/randr/rrproviderproperty.c
+index b79c17f9bf..90c5a9a933 100644
+--- a/randr/rrproviderproperty.c
++++ b/randr/rrproviderproperty.c
+@@ -498,7 +498,7 @@ ProcRRChangeProviderProperty(ClientPtr client)
+     char format, mode;
+     unsigned long len;
+     int sizeInBytes;
+-    int totalSize;
++    uint64_t totalSize;
+     int err;
+ 
+     REQUEST_AT_LEAST_SIZE(xRRChangeProviderPropertyReq);
+-- 
+GitLab
+
diff --git a/recompress.sh b/recompress.sh
index 8e4aef9bc..601fba1a2 100755
--- a/recompress.sh
+++ b/recompress.sh
@@ -1201,6 +1201,8 @@ gzip ./patches/source/texlive/texlive.unicode5.0.diff
 gzip ./patches/source/sysstat/doinst.sh
 gzip ./patches/source/xorg-server-xwayland/CVE-2022-46342.patch
 gzip ./patches/source/xorg-server-xwayland/CVE-2022-46343.patch
+gzip ./patches/source/xorg-server-xwayland/CVE-2023-6377.patch
+gzip ./patches/source/xorg-server-xwayland/CVE-2023-6478.patch
 gzip ./patches/source/xorg-server-xwayland/CVE-2022-46340.patch
 gzip ./patches/source/xorg-server-xwayland/CVE-2023-0494.patch
 gzip ./patches/source/xorg-server-xwayland/CVE-2022-46340.correction.patch
@@ -1261,6 +1263,8 @@ gzip ./patches/source/emacs/doinst.sh
 gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46342.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46343.patch
+gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch
+gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46340.patch
author	Patrick J Volkerding <volkerdi@slackware.com>	2023-12-13 22:01:34 +0000
committer	Eric Hameleers <alien@slackware.com>	2023-12-14 13:39:45 +0100
commit	823a8c2cb79520c3c7692bbf4a4be64989a047e2 (patch)
tree	85207710541bfb18b627bfaf01d36fd29607835d
parent	653fd727bd247d30a7a3373be4825532b9838351 (diff)
download	current-823a8c2cb79520c3c7692bbf4a4be64989a047e2.tar.gz current-823a8c2cb79520c3c7692bbf4a4be64989a047e2.tar.xz