- Update to bugfix release 24.1.3
* dix: check for calloc() failure in Xi event conversion routines
* dix: PolyText: fully initialize local_closure
* dix: SetFontPath: don't set errorValue on Success
* dix: enterleave.c: fix implicit fallthrough warnings
* dix: CreateScratchGC: avoid dereference of pointer we just set to NULL
* dix: InitPredictableAccelerationScheme: avoid memory leak on failure
* dix: dixChangeWindowProperty: don't call memcpy if malloc failed
* dix: ProcListProperties: skip unneeded work if numProps is 0
* dix: HashResourceID: use unsigned integers for bit shifting
* dix: GetPairedDevice: check if GetMaster returned NULL
* dix: FindBestPixel: fix implicit fallthrough warning
* CI: clone libdecor from fd.o instead of gnome.org
* CI: update libdecor from 0.1.0 to 0.1.1
* Don't crash if the client argv or argv[0] is NULL.
* Return NULL in *cmdname if the client argv or argv[0] is NULL
* xwayland: connect to the wl display before calling into EGL
* xwayland: Report correct mode size when rootful
* build: Move epoll dependency check
* build: Add epoll to Xwayland for DragonFly and OpenBSD
* build: Fix DRI3 on DragonFly and OpenBSD
* os: Fix NULL pointer dereference
* dix: don't push the XKB state to a non-existing master keyboard
* Xi: when removing a master search for a disabled paired device
OBS-URL: https://build.opensuse.org/request/show/1205602
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xwayland?expand=0&rev=37
* dix: check for calloc() failure in Xi event conversion routines
* dix: PolyText: fully initialize local_closure
* dix: SetFontPath: don't set errorValue on Success
* dix: enterleave.c: fix implicit fallthrough warnings
* dix: CreateScratchGC: avoid dereference of pointer we just set to NULL
* dix: InitPredictableAccelerationScheme: avoid memory leak on failure
* dix: dixChangeWindowProperty: don't call memcpy if malloc failed
* dix: ProcListProperties: skip unneeded work if numProps is 0
* dix: HashResourceID: use unsigned integers for bit shifting
* dix: GetPairedDevice: check if GetMaster returned NULL
* dix: FindBestPixel: fix implicit fallthrough warning
* CI: clone libdecor from fd.o instead of gnome.org
* CI: update libdecor from 0.1.0 to 0.1.1
* Don't crash if the client argv or argv[0] is NULL.
* Return NULL in *cmdname if the client argv or argv[0] is NULL
* xwayland: connect to the wl display before calling into EGL
* xwayland: Report correct mode size when rootful
* build: Move epoll dependency check
* build: Add epoll to Xwayland for DragonFly and OpenBSD
* build: Fix DRI3 on DragonFly and OpenBSD
* os: Fix NULL pointer dereference
* dix: don't push the XKB state to a non-existing master keyboard
* Xi: when removing a master search for a disabled paired device
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=92
- added version specific requirements for dri3proto, presentproto
and wayland-protocols
- This supersedes the following patches
* U_CVE-2024-31080-Xi-ProcXIGetSelectedEvents-needs-to-use-unswapped-le.patch
* U_CVE-2024-31081-Xi-ProcXIPassiveGrabDevice-needs-to-use-unswapped-le.patch
* U_CVE-2024-31083-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch
* U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
which fixed security issues
* CVE-2024-31080 (bsc#1222309)
* CVE-2024-31081 (bsc#1222310)
* CVE-2024-31083 (bsc#1222312)
and a regression due to a security fix for CVE-2024-31083 (bsc#1222312,
boo#1222442, gitlab xserver issue #1659)
- Update to bugfix release 24.1.1 for the current stable 24.1
branch of Xwayland
* xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev`
* os: Explicitly include X11/Xmd.h for CARD32 definition to fix
building on i686
* present: On *BSD, epoll-shim is needed to emulate eventfd()
* xwayland: Stop on first unmapped child
* xwayland/window-buffers: Promote xwl_window_buffer
* xwayland/window-buffers: Add xwl_window_buffer_release()
* xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM
* xwayland/window-buffers: Use synchronization from GLAMOR/GBM
* xwayland/window-buffers: Do not always set syncpnts
* xwayland/window-buffers: Move code to submit pixmaps
* xwayland/window-buffers: Set syncpnts for all pixmaps
* xwayland: Move xwl_window disposal to its own function
* xwayland: Make sure we do not leak xwl_window on destroy
* wayland/window-buffers: Move buffer disposal to its own function
* xwayland/window-buffers: optionally force disposal
* wayland: Force disposal of windows buffers for root on destroy
* xwayland: Check for pointer in xwl_seat_leave_ptr()
* xwayland: remove includedir from pkgconfig
OBS-URL: https://build.opensuse.org/request/show/1187080
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xwayland?expand=0&rev=34
and wayland-protocols
- This supersedes the following patches
* U_CVE-2024-31080-Xi-ProcXIGetSelectedEvents-needs-to-use-unswapped-le.patch
* U_CVE-2024-31081-Xi-ProcXIPassiveGrabDevice-needs-to-use-unswapped-le.patch
* U_CVE-2024-31083-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch
* U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
which fixed security issues
* CVE-2024-31080 (bsc#1222309)
* CVE-2024-31081 (bsc#1222310)
* CVE-2024-31083 (bsc#1222312)
and a regression due to a security fix for CVE-2024-31083 (bsc#1222312,
boo#1222442, gitlab xserver issue #1659)
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=85
branch of Xwayland
* xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev`
* os: Explicitly include X11/Xmd.h for CARD32 definition to fix
building on i686
* present: On *BSD, epoll-shim is needed to emulate eventfd()
* xwayland: Stop on first unmapped child
* xwayland/window-buffers: Promote xwl_window_buffer
* xwayland/window-buffers: Add xwl_window_buffer_release()
* xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM
* xwayland/window-buffers: Use synchronization from GLAMOR/GBM
* xwayland/window-buffers: Do not always set syncpnts
* xwayland/window-buffers: Move code to submit pixmaps
* xwayland/window-buffers: Set syncpnts for all pixmaps
* xwayland: Move xwl_window disposal to its own function
* xwayland: Make sure we do not leak xwl_window on destroy
* wayland/window-buffers: Move buffer disposal to its own function
* xwayland/window-buffers: optionally force disposal
* wayland: Force disposal of windows buffers for root on destroy
* xwayland: Check for pointer in xwl_seat_leave_ptr()
* xwayland: remove includedir from pkgconfig
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=84
- Update to feature release 24.1.0
* This fixes a couple of regressions introduced in the previous release
candidate versions along with a fix for XTEST emulation with EI.
+ xwayland: Send ei_device_frame on device_scroll_discrete
+ xwayland: Restore the ResizeWindow handler
+ xwayland: Handle rootful resize in ResizeWindow
+ xwayland: Move XRandR emulation to the ResizeWindow hook
+ xwayland: Use correct xwl_window lookup function in xwl_set_shape
- eglstreams has been dropped
- Update to bug fix relesae 23.2.7
* m4: drop autoconf leftovers
* xwayland: Send ei_device_frame on device_scroll_discrete
* xwayland: Call drmFreeDevice for dma-buf default feedback
* xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done
* dri3: Free formats in cache_formats_and_modifiers
* xwayland/glamor: Handle depth 15 in gbm_format_for_depth
* Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows"
* xwayland: Check for outputs before lease devices
* xwayland: Do not remove output on withdraw if leased
OBS-URL: https://build.opensuse.org/request/show/1174287
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xwayland?expand=0&rev=32
* This fixes a couple of regressions introduced in the previous release
candidate versions along with a fix for XTEST emulation with EI.
+ xwayland: Send ei_device_frame on device_scroll_discrete
+ xwayland: Restore the ResizeWindow handler
+ xwayland: Handle rootful resize in ResizeWindow
+ xwayland: Move XRandR emulation to the ResizeWindow hook
+ xwayland: Use correct xwl_window lookup function in xwl_set_shape
- eglstreams has been dropped
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=80
* m4: drop autoconf leftovers
* xwayland: Send ei_device_frame on device_scroll_discrete
* xwayland: Call drmFreeDevice for dma-buf default feedback
* xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done
* dri3: Free formats in cache_formats_and_modifiers
* xwayland/glamor: Handle depth 15 in gbm_format_for_depth
* Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows"
* xwayland: Check for outputs before lease devices
* xwayland: Do not remove output on withdraw if leased
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=79
- Security update 23.2.5
This release contains the 3 security fixes that actually apply to
Xwayland reported in the security advisory of April 3rd 2024
* CVE-2024-31080
* CVE-2024-31081
* CVE-2024-31083
Additionally, it also contains a couple of other fixes, a copy/paste
error in the DeviceStateNotify event and a fix to enable buttons with
pointer gestures for backward compatibility with legacy X11 clients.
OBS-URL: https://build.opensuse.org/request/show/1164509
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xwayland?expand=0&rev=30
This release contains the 3 security fixes that actually apply to
Xwayland reported in the security advisory of April 3rd 2024
* CVE-2024-31080
* CVE-2024-31081
* CVE-2024-31083
Additionally, it also contains a couple of other fixes, a copy/paste
error in the DeviceStateNotify event and a fix to enable buttons with
pointer gestures for backward compatibility with legacy X11 clients.
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=75
- This release contains the following patches mentioned in previous
sle15 releases
* U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch:
fixes regression introduced with security update for
CVE-2022-46340 (bsc#1205874)
* U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch:
fix handling of PropModeAppend/Prepend ((CVE-2023-5367, ZDI-CAN-22153,
bsc#1216135)
* U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch,
U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch:
Server Damage Object Use-After-Free Local Privilege Escalation
Vulnerability (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
* U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch:
fixes a regresion, which can trigger a segfault in Xwayland on
exit, introduced by
U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
(CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
OBS-URL: https://build.opensuse.org/request/show/1128531
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xwayland?expand=0&rev=26
sle15 releases
* U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch:
fixes regression introduced with security update for
CVE-2022-46340 (bsc#1205874)
* U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch:
fix handling of PropModeAppend/Prepend ((CVE-2023-5367, ZDI-CAN-22153,
bsc#1216135)
* U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch,
U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch:
Server Damage Object Use-After-Free Local Privilege Escalation
Vulnerability (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
* U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch:
fixes a regresion, which can trigger a segfault in Xwayland on
exit, introduced by
U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
(CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=63
- Update to version 23.2.2
* This release contains the fix for CVE-2023-5367 and CVE-2023-5574
in today's security advisory:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
Xwayland does not support multiple protocol screens (Zaphod) and is thus
not affected by CVE-2023-5380.
* Additionally, there is a change in the default behaviour of Xwayland:
Since version 23.2.0 Xwayland (via liboeffis) automatically tries to
connect to the XDG Desktop Portal's RemoteDesktop interface to obtain
the EI socket. That socket is used to send XTest events to the
compositor.
* However, the connection to the session-wide Portal is unsuitable when
Xwayland is running in a nested compositor. Xwayland cannot tell whether
it's running on a nested compositor and to keep backwards compatibility
with Xwayland prior to 23.2.0, Xwayland must now be started with
"-enable-ei-portal" to connect to the portal.
* Compositors (who typically spawn Xwayland rootless) must now pass this
option to get the same behaviour as 23.2.x.
* Finally, Xwayland now uses libbsd-overlay instead of libbsd.
OBS-URL: https://build.opensuse.org/request/show/1120261
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xwayland?expand=0&rev=25
* This release contains the fix for CVE-2023-5367 in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-October/003430.html
Xwayland does not support multiple protocol screens (Zaphod) and is thus
not affected by CVE-2023-5380.
* Additionally, there is a change in the default behaviour of Xwayland:
Since version 23.2.0 Xwayland (via liboeffis) automatically tries to
connect to the XDG Desktop Portal's RemoteDesktop interface to obtain
the EI socket. That socket is used to send XTest events to the
compositor.
* However, the connection to the session-wide Portal is unsuitable when
Xwayland is running in a nested compositor. Xwayland cannot tell whether
it's running on a nested compositor and to keep backwards compatibility
with Xwayland prior to 23.2.0, Xwayland must now be started with
"-enable-ei-portal" to connect to the portal.
* Compositors (who typically spawn Xwayland rootless) must now pass this
option to get the same behaviour as 23.2.x.
* Finally, Xwayland now uses libbsd-overlay instead of libbsd.
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=60
* glamor: Ignore destination alpha as necessary for composite operation
* xtest: Check whether there is a sendEventsProc to call
- supersedes xwayland-glamor-Ignore-destination-alpha-as-necessary-for-com.patch
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=58
- enable libei and libdecor only for TW, since it does not exist
yet on sle15-sp5
- Update to version 23.2.0:
* Optional support for emulated input (EI) via the libei library,
support for the tearing control protocol, and the XWayland
rootful mode is now resizable with libdecor.
- Add pkgconfig(libei-1.0) BuildRequires, build new optional
emulated input support.
- Add pkgconfig(libdecor-0) BuildRequires, build optional CSD
support.
OBS-URL: https://build.opensuse.org/request/show/1105976
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xwayland?expand=0&rev=23
- Update to version 23.2.0:
* Optional support for emulated input (EI) via the libei library,
support for the tearing control protocol, and the XWayland
rootful mode is now resizable with libdecor.
- Add pkgconfig(libei-1.0) BuildRequires, build new optional
emulated input support.
- Add pkgconfig(libdecor-0) BuildRequires, build optional CSD
support.
OBS-URL: https://build.opensuse.org/request/show/1104339
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=54
- Update to version 23.1.1 (CVE-2023-1393):
+ This release contains the fix for CVE-2023-1393.
+ xkbUtils: use existing symbol names instead of deleted
deprecated ones
+ glamor: Don't glFlush/ctx switch unless any work has been
performed
+ xwayland:
- Refactor xwl_present_for_each_frame_callback helper
- Prevent nested xwl_present_for_each_frame_callback calls
+ composite: Fix use-after-free of the COW
- Drop U_xserver-composite-Fix-use-after-free-of-the-COW.patch:
Fixed upstream.
OBS-URL: https://build.opensuse.org/request/show/1076649
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=50
