Created attachment 233116 [details] Patch for libX11 Compile and (very lightly) tested on FreeBSD 13.1-STABLE #0 stable/13-n250098-4081882c415 (amd64) (make, make check-plist, make test) Poudriere testport OK 12.3-RELEASE (amd64) Poudriere testport OK 13.0-RELEASE (i386) Unfortunately upstream doesn't update changelog anymore so the only reference as far as I can tell is the commit log https://gitlab.freedesktop.org/xorg/lib/libx11/-/commits/libX11-1.7.5
(In reply to Daniel Engberg from comment #0) > upstream doesn't update changelog anymore Previous updates referenced xorg-announce maillist. Such a commit can be used as a template e.g., git commit -c <hash> --reset-author https://lists.x.org/archives/xorg-announce/2022-April/003137.html seems to match https://gitlab.freedesktop.org/xorg/lib/libx11/-/compare/libX11-1.7.4...libX11-1.7.5
(In reply to Jan Beich from comment #1) Thanks for bring that up
Created attachment 242809 [details] patch for updating to 1.8.6
libX11 prior to 1.8.6 is affected by CVE-2023-3138 https://lists.x.org/archives/xorg-announce/2023-June/003406.html
(In reply to Li-Wen Hsu from comment #3) I've been running this patch on -current desktop for a day, and test build of the ports directly depend on it is fine: audio/dexed games/mangband games/xroach graphics/grafx2 graphics/krita java/openjdk8 sysutils/lcdproc x11-wm/blackbox x11/dwmblocks x11/habak x11/wallutils x11/xorg-libraries
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e32d988a04bdac38511cf2c72d6b8def83ef7ba0 commit e32d988a04bdac38511cf2c72d6b8def83ef7ba0 Author: Li-Wen Hsu <lwhsu@FreeBSD.org> AuthorDate: 2023-06-17 11:29:09 +0000 Commit: Li-Wen Hsu <lwhsu@FreeBSD.org> CommitDate: 2023-06-17 11:29:09 +0000 x11/libX11: Update to 1.8.6 Release announcement: https://lists.x.org/archives/xorg-announce/2023-June/003407.html PR: 263190 Approved by: x11 (manu) x11/libX11/Makefile | 4 ++-- x11/libX11/distinfo | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-)
A commit in branch 2023Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e52ce5c909ab27e0e01b249e0065b8d3eef4d30e commit e52ce5c909ab27e0e01b249e0065b8d3eef4d30e Author: Li-Wen Hsu <lwhsu@FreeBSD.org> AuthorDate: 2023-06-17 11:29:09 +0000 Commit: Li-Wen Hsu <lwhsu@FreeBSD.org> CommitDate: 2023-06-17 11:36:15 +0000 x11/libX11: Update to 1.8.6 Release announcement: https://lists.x.org/archives/xorg-announce/2023-June/003407.html PR: 263190 Approved by: x11 (manu) (cherry picked from commit e32d988a04bdac38511cf2c72d6b8def83ef7ba0) x11/libX11/Makefile | 4 ++-- x11/libX11/distinfo | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-)