Please note that I did not find a public key for peter.hutterer@who-t.net that did this release, so the keyring included here is wrong as it is for a different person....
- Update to version 22.1.6:
* Fixes CVE-2022-46340, CVE-2022-46341, CVE-2022-46342,
CVE-2022-46343, CVE-2022-46344, CVE-2022-4283.
* Xtest: disallow GenericEvents in XTestSwapFakeInput
* Xi: disallow passive grabs with a detail > 255
* Xext: free the XvRTVideoNotify when turning off from the same
client
* Xext: free the screen saver resource when replacing it
* Xi: return an error from XI property changes if verification
failed
* Xi: avoid integer truncation in length check of
ProcXIChangeProperty
* xkb: reset the radio_groups pointer to NULL after freeing it
- Drop patches fixed upstream:
* U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
* U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
* U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
* U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
* U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
* U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
* U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
OBS-URL: https://build.opensuse.org/request/show/1043174
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=40
* xwayland: Aggregate scroll axis events to fix kinetic scrolling
* Forbid server grabs by non-WM on *rootless* XWayland
* xkb: Avoid length-check failure on empty strings.
* ci: remove redundant slash in libxcvt repository url
* dix: Skip more code in SetRootClip for ROOT_CLIP_INPUT_ONLY
* dix: Fix overzealous caching of ResourceClientBits()
* xwayland: Prevent Xserver grabs with rootless
* xwayland: Delay wl_surface destruction
* build: Bump wayland requirement to 1.18
* xwayland: set tag on our surfaces
* xwayland: Clear the "xwl-window" tag on unrealize
* xwayland: correct the type for the discrete scroll events
* xkb: fix some possible memleaks in XkbGetKbdByName
* xkb: length-check XkbGetKbdByName before accessing the fields
* xkb: length-check XkbListComponents before accessing the fields
* xkb: proof GetCountedString against request length attacks
- supersedes security patches:
* U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
* U_xkb-proof-GetCountedString-against-request-length-at.patch
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=33
* os: print <signal handler called> if unw_is_signal_frame()
* os: print registers in the libunwind version of xorg_backtrace()
* xwayland/present: Do not send two idle notify events for flip pixmaps
* xwayland: Fix check logic in sprite_check_lost_focus()
* xwayland: Change randr_output status when call xwl_output_remove()
* xkb: switch to array index loops to moving pointers
* xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck
* xkb: add request length validation for XkbSetGeometry
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=29
* xwayland: Clear timer_armed in xwl_present_unrealize_window
* xwayland: Always hook up frame_callback_list in xwl_present_queue_vblank
* Xwayland: Do not map the COW by default when rootless
* xwayland/present: Fix use-after-free in xwl_unrealize_window()
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=25
I realize it is to early to push this RC to TW, but perhaps we can have it in the devel repo for now?
- Update to version 22.0.99.901
* DRM lease support
* Enables sRGB fbconfigs in GLX
* Requires libxcvt
* Refactoring of the present code in Xwayland
* Implements support for touchpad gestures
* Support for xfixes's ClientDisconnectMode and optional
terminate delay
- Add pkgconfig(libxcvt) BuildRequires: New dependency.
- Add xwayland.keyring, use url for sources, validate sig.
- Move man pages from devel to main binary package.
- Enable LTO, no longer disable LTO via macro.
OBS-URL: https://build.opensuse.org/request/show/947907
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=22
* Fixes for multiple input validation failures in X server extensions:
+ CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds access (boo#1193030)
+ CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds access (boo#1190487)
+ CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access (boo#1190488)
+ CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access (boo#1190489)
* This release also includes other fixes such as:
+ Store EGLcontext to avoid superfluous eglMakeCurrent() calls
+ Prefer EGLStream with NVIDIA proprietary driver if both GBM and EGLstream are available
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=21
- Update to version 21.1.0:
* meson: Make sure XKM_OUTPUT_DIR has a trailing slash
* xwayland: Fix LeaveNotify for relative pointer
- Highlights compared to xserver 1.20.10:
* Xwayland's XVideo support (via glamor) now supports NV12
* glamor can now accelerate some more RENDER extension formats
* Xwayland's GLX provider now uses the EGL implementation instead of Mesa's
swrast_dri.so directly
* Xwayland can now use the wp_viewport Wayland protocol for up-scaling of
fullscreen applications setting lower resolutions via the RandR /
XFree86-VidModeExtension extensions
* Xwayland now alternates between multiple buffers for all Wayland surfaces,
making it less of a special case compared to other Wayland clients
* Xwayland can now use memfd_create for creating buffers shared with the
Wayland compositor when glamor hardware acceleration is disabled
* Xwayland has better support for clients using relative mouse input and
keyboard grabs
* An Xwayland.1 manpage is now installed
* Xwayland now supports -listenfd, -version and -verbose command line options
* Xwayland now installs an xwayland.pc file which helps discovering the path
of the installed Xwayland binary and the features it supports
* Only meson is supported for building
* Only Xwayland and Xvfb can be built, only Xwayland can be installed
OBS-URL: https://build.opensuse.org/request/show/879745
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=5
