Bug 236578 - x11/libXdmcp: Update to 1.1.3
Summary: x11/libXdmcp: Update to 1.1.3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-x11 (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-16 17:56 UTC by pete
Modified: 2019-03-21 02:15 UTC (History)
1 user (show)

See Also:
zeising: maintainer-feedback+
zeising: merge-quarterly+


Attachments
patch to bump version to 1.1.3 (838 bytes, patch)
2019-03-16 17:59 UTC, pete
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description pete 2019-03-16 17:56:24 UTC
Upstream release to address CVE-2017-2625:
https://lists.freedesktop.org/archives/xorg/2019-March/059690.html

libXdmcp is the X Display Manager Control Protocol library, used by both
X servers and display managers to handle both ends of the XDMCP connection.

This release provides a fix for CVE-2017-2625 for platforms which don't have
arc4random_buf() in their default libraries but do have getentropy(), such
as Linux platforms with a kernel version of 3.17 or newer and a glibc version
of 2.25 or newer.   (libXdmcp 1.1.2 already ensured that arc4random_buf()
is used on platforms that have it to provide sufficient entropy in XDMCP
key generation, but left other platforms with the weaker methods.  Linux
platforms could also have linked against libbsd to use arc4random_buf()
with libXdmcp 1.1.2 for stronger keys.)
Comment 1 pete 2019-03-16 17:59:07 UTC
Created attachment 202918 [details]
patch to bump version to 1.1.3
Comment 2 commit-hook freebsd_committer freebsd_triage 2019-03-21 02:13:16 UTC
A commit references this bug:

Author: zeising
Date: Thu Mar 21 02:12:38 UTC 2019
New revision: 496408
URL: https://svnweb.freebsd.org/changeset/ports/496408

Log:
  x11/libXdmcp: Update to 1.1.3

  Update x11/libXdmcp to 1.1.3.  This is a security update, fixing an issue
  where ther might be insufficient entropy generating session keys.  It is
  unknown if this issue affects FreeBSD.

  PR:		236578
  Submitted by:	pete@nomadlogic.org
  MFH:		2019Q1 (implicit approval, security fix)
  Security:	1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335
  		CVE-2017-2625

Changes:
  head/x11/libXdmcp/Makefile
  head/x11/libXdmcp/distinfo
Comment 3 commit-hook freebsd_committer freebsd_triage 2019-03-21 02:15:20 UTC
A commit references this bug:

Author: zeising
Date: Thu Mar 21 02:15:05 UTC 2019
New revision: 496409
URL: https://svnweb.freebsd.org/changeset/ports/496409

Log:
  MFH: r496408

  x11/libXdmcp: Update to 1.1.3

  Update x11/libXdmcp to 1.1.3.  This is a security update, fixing an issue
  where ther might be insufficient entropy generating session keys.  It is
  unknown if this issue affects FreeBSD.

  PR:		236578
  Submitted by:	pete@nomadlogic.org
  Security:	1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335
  		CVE-2017-2625

  Approved by:	ports-secteam (implicit, security fix)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/x11/libXdmcp/Makefile
  branches/2019Q1/x11/libXdmcp/distinfo
Comment 4 Niclas Zeising freebsd_committer freebsd_triage 2019-03-21 02:15:58 UTC
Committed and MFH.  Thanks for the patch!