X Strike Force SVN commit: rev 279 - branches/4.3.0/sid/debian

To: debian-x@lists.debian.org
Subject: X Strike Force SVN commit: rev 279 - branches/4.3.0/sid/debian
From: X Strike Force SVN Admin <branden@debian.org>
Date: Thu, 3 Jul 2003 01:41:07 -0500 (EST)
Message-id: <[🔎] 20030703064107.CD3285C0A7@necrotic.deadbeast.net>
Reply-to: debian-x@lists.debian.org

Author: branden
Date: 2003-07-03 01:41:03 -0500 (Thu, 03 Jul 2003)
New Revision: 279

Modified:
   branches/4.3.0/sid/debian/changelog
Log:
debian/changelog: merge in 4.2.1-9 changelog entry from trunk


Modified: branches/4.3.0/sid/debian/changelog
==============================================================================
--- branches/4.3.0/sid/debian/changelog	2003-07-02 23:07:39 UTC (rev 278)
+++ branches/4.3.0/sid/debian/changelog	2003-07-03 06:41:03 UTC (rev 279)
@@ -53,9 +53,6 @@
   * fix weak deps (many on X11/Xext in xlibs):
     - patch #063: new (Closes: #187374)
 
-  * fix deadlock problems in Xi (XINPUT) library when threads enabled
-    - patch #064: new (Closes: #191463)
-
   * xlibs-pic package renamed to xlibs-static-pic
     - reintegrate piclib_support.diff (previously patch #046, now patch #909)
 
@@ -80,6 +77,50 @@
 
  -- Branden Robinson <branden@debian.org>  Thu, 26 Jun 2003 10:14:27 -0500
 
+xfree86 (4.2.1-9) unstable; urgency=high
+
+  * urgency due to xterm security fixes; see below
+
+  * patch #001b: remove special-case logic in linux.cf that defined
+    "HasLinuxInput" to "NO" for Mc68020Architecture; m68k is now supported by
+    the Linux 2.4.20 kernel (at least in Debian), so we let this symbol be
+    defined to "YES" just like all the other architectures.  This only really
+    affects the Wacom input driver and should not cause any regressions.
+    (thanks to James Troup for pointing out this no-longer-needed conditional)
+
+  * build and ship more static-PIC versions of libraries; Xau (for xcb) and
+    xf86misc (for xfce4)
+    - patch #046: updated
+    - debian/{MANIFEST,xlibs-pic.install}.*: add libXau_pic.a,
+      libXxf86misc_pic.a
+    - debian/control: update xlibs-pic's extended description
+
+  * patch #093: new; SECURITY: disable window title reporting to work around
+    potentially malicious text being spewed to terminal window
+    <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063>
+
+  * patch #094: new; SECURITY: fix for xterm DoS attack; malformed DEC UDK
+    escape sequences can lock the terminal window
+    <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071>
+
+  * patch #095: new; fix hangs when threaded apps use XInput library
+    (Closes: #191463)
+
+  * debian/control: move xlibs-pic from section devel to section libdevel
+    (syncrhonize with Debian archive override file)
+  * debian/rules: replace presently-useless $(DEBUGFLAGS) variable in
+    $(SERVERDEBUG_IMAKE_DEFINES) with -DDefaultGcc2OptimizeOpt=-O0 to turn off
+    optimiziation when compiling the debugging XFree86 X server
+  * debian/xserver-xfree86.install.arm: get this file up to date:
+    - stop shipping things that aren't built for this arch: imstt_drv, libafb,
+      imstt manpage
+    - start shipping more things that are built for this arch: nv_drv, s3_drv,
+      calcomp_drv, dmc_drv, hyperpen_drv, penmount_drv, dmc manpage, nv
+      manpage, penmount manpage
+    - tdfx driver name corrected to tdfx_drv
+
+ -- Branden Robinson <branden@debian.org>  Thu, 26 Jun 2003 14:28:34 -0500
+
 xfree86 (4.2.1-8) unstable; urgency=high
 
   * the "you're damn right I'm bitter" release

Reply to:

Prev by Date: Re: X Strike Force SVN commit: rev 278 - branches/4.3.0/sid/debian
Next by Date: X Strike Force SVN commit: rev 280 - branches/4.3.0/sid/debian/scripts
Previous by thread: X Strike Force SVN commit: rev 276 - in trunk/debian: . scripts
Next by thread: X Strike Force SVN commit: rev 280 - branches/4.3.0/sid/debian/scripts
Index(es):
- Date
- Thread