* Fix regressions introduced in 1.8.8 (!245, !248) - this includes
reverting for now the previous "Fix XIM input sometimes jumbled
(#198, !236)"
- supersedes
* U_0001-xlibi18n-restore-parse_line1-for-WIN32-builds.patch
* U_0002-Revert-imDefLkup-Commit-first-info-in-XimCommitInfo.patch
* U_0003-Revert-ximcp-Unmark-to-fabricate-key-events-with-XKe.patch
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=116
This release contains fixes for the issues reported in security
advisory here:
https://lists.x.org/archives/xorg-announce/2023-October/003424.html
* fixes CVE-2023-43785 libX11: out-of-bounds memory access in
_XkbReadKeySyms() (boo#1215683)
* fixes CVE-2023-43786 libX11: stack exhaustion from infinite recursion
in PutSubImage() (boo#1215684)
* fixes CVE-2023-43787 libX11: integer overflow in XCreateImage()
leading to a heap overflow (boo#1215685)
along with:
* Fail XOpenDisplay() if server-provided default visual is invalid (!233)
* Bring XKB docs in line with actual implementation (!231, !228)
* Xutil.h: declare XEmptyRegion() and XEqualRegion() as Bool (!225)
* Assorted updates to en_US.UTF-8 compose keys (!213, !214, !215, !216,
!217, !219, !220, !222, !223, !226, !227, !229)
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=106
- update to 1.8.6:
* InitExt.c: Add bounds checks for extension request,
event, & error codes
* Fixes CVE-2023-3138: X servers could return values from
XQueryExtension that would cause Xlib to write entries
out-of-bounds of the arrays to store them, though this
would only overwrite other parts of the Display
struct, not outside the bounds allocated for that
structure.
- drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/1098803
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=104
- Update to version 1.8.5
* gitlab CI: Add libtool to required packages
* configure: raise minimum autoconf requirement to 2.70
* configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING
* configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* gitlab CI: add workflow rules
* nls: delete compose sequences that pointlessly mix upper and lower case
* nls: remove four hundred and sixty untypable Greek compose sequences
* nls: remove twenty two untypable Greek compose sequences
* XSetScreenSaver.man: restore the part that was accidentally snipped
* nls: make the Amharic compose sequences use the dead-vowel symbols
* nls: sort three sequences alphabetically in their group, like all others
* nls: delete six compose sequences that cannot be typed
* nls: use a slash instead of a combining solidus in compose sequences
* NLS: move long S compositions to respective blocks
* NLS: implement the expansion of the six Breton N-graph keysyms
* NLS: move dead-caron subscript compositions to the relevant Unicode block
* NLS: Remove strange dead_cedilla cedi sign sequences
* nls: add compose sequence for capital schwa, and delete a deviant one
- Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11
will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order
to keep those sequeunces working with this release.
OBS-URL: https://build.opensuse.org/request/show/1090195
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libX11?expand=0&rev=47
* gitlab CI: Add libtool to required packages
* configure: raise minimum autoconf requirement to 2.70
* configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING
* configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* gitlab CI: add workflow rules
* nls: delete compose sequences that pointlessly mix upper and lower case
* nls: remove four hundred and sixty untypable Greek compose sequences
* nls: remove twenty two untypable Greek compose sequences
* XSetScreenSaver.man: restore the part that was accidentally snipped
* nls: make the Amharic compose sequences use the dead-vowel symbols
* nls: sort three sequences alphabetically in their group, like all others
* nls: delete six compose sequences that cannot be typed
* nls: use a slash instead of a combining solidus in compose sequences
* NLS: move long S compositions to respective blocks
* NLS: implement the expansion of the six Breton N-graph keysyms
* NLS: move dead-caron subscript compositions to the relevant Unicode block
* NLS: Remove strange dead_cedilla cedi sign sequences
* nls: add compose sequence for capital schwa, and delete a deviant one
- Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11
will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order
to keep those sequeunces working with this release.
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=100
- Update to version 1.8.1
This release fixes the --enable-thread-safety-constructor option to the
configure script to work as intended. In the previous release, the changes
for this option may not have been enabled when the option was not specified
or when the --enable option was specified.
While we have enabled it by default, believing that doing so will reduce
the number of bugs users encounter running libX11 clients, in some cases
it may expose bugs in which clients had previously gotten away with calling
libX11 functions while a libX11 lock is already held, and thus now deadlock,
as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157
- let's hope this version doesn't suffer yet from the regressions
reported in boo#1205778, boo#1205818 (reported against 1.8.2);
we need libX11 thread safe for totem (GNOME 43) :-(
- going back to version 1.7.5 for now to get rid of regressions,
which were introduced by trying to get thread-safe in libX11
itself
- re-introduced U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
which was not yet in 1.7.5
- supersedes the following patches
* U_0001-Add-XFreeThreads-function.patch
* U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch
* U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch
* U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch
* U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch
OBS-URL: https://build.opensuse.org/request/show/1040432
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libX11?expand=0&rev=45
This release fixes the --enable-thread-safety-constructor option to the
configure script to work as intended. In the previous release, the changes
for this option may not have been enabled when the option was not specified
or when the --enable option was specified.
While we have enabled it by default, believing that doing so will reduce
the number of bugs users encounter running libX11 clients, in some cases
it may expose bugs in which clients had previously gotten away with calling
libX11 functions while a libX11 lock is already held, and thus now deadlock,
as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157
- let's hope this version doesn't suffer yet from the regressions
reported in boo#1205778, boo#1205818 (reported against 1.8.2);
we need libX11 thread safe for totem (GNOME 43) :-(
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=95
* This is primarily a bug fix release, including further work on
improving the thread-safety-constructor and making it work with
software which had incorrectly called libX11 functions from
inside X*IfEvent() calls.
- supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=85
- Update to version 1.8.1
This release fixes the --enable-thread-safety-constructor option to the
configure script to work as intended. In the previous release, the changes
for this option may not have been enabled when the option was not specified
or when the --enable option was specified.
While we have enabled it by default, believing that doing so will reduce
the number of bugs users encounter running libX11 clients, in some cases
it may expose bugs in which clients had previously gotten away with calling
libX11 functions while a libX11 lock is already held, and thus now deadlock,
as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 .
OBS-URL: https://build.opensuse.org/request/show/986957
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=81
- Update to version 1.8.1
This release fixes the --enable-thread-safety-constructor option to the
configure script to work as intended. In the previous release, the changes
for this option may not have been enabled when the option was not specified
or when the --enable option was specified.
While we have enabled it by default, believing that doing so will reduce
the number of bugs users encounter running libX11 clients, in some cases
it may expose bugs in which clients had previously gotten away with calling
libX11 functions while a libX11 lock is already held, and thus now deadlock,
as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 .
OBS-URL: https://build.opensuse.org/request/show/981405
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libX11?expand=0&rev=37
This release fixes the --enable-thread-safety-constructor option to the
configure script to work as intended. In the previous release, the changes
for this option may not have been enabled when the option was not specified
or when the --enable option was specified.
While we have enabled it by default, believing that doing so will reduce
the number of bugs users encounter running libX11 clients, in some cases
it may expose bugs in which clients had previously gotten away with calling
libX11 functions while a libX11 lock is already held, and thus now deadlock,
as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 .
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=79
* The highlight of this release is that we now try to initialize
thread safety ourselves, rather than hope the application does it.
This should resolve a number of long-standing bugs with the libxcb
integration, since the socket handoff mechanism essentially has to
be thread-safe.
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=77
- Update to version 1.7.3.1
* This release of libX11 corrects a packaging problem in 1.7.3
which caused the m4 files needed for autoreconf to not be
included in the tarballs.
* As a bonus, this release also includes one tiny typo fix in the
XIM specs.
- Update to version 1.7.3
* This release includes a number of bug fixes and adds support for
the _EVDEVK keysyms added in xorgproto 2021.2.
OBS-URL: https://build.opensuse.org/request/show/939073
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libX11?expand=0&rev=34
* This release of libX11 corrects a packaging problem in 1.7.3
which caused the m4 files needed for autoreconf to not be
included in the tarballs.
* As a bonus, this release also includes one tiny typo fix in the
XIM specs.
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=73
