- Update to version 1.19.4:
A collection of stability fixes from the development branch, including
two minor CVEs (CVE-2017-13721, CVE-2017-13723).
- Remove upstream patches:
+ U_Xi-Do-not-try-to-swap-GenericEvent.patch
+ U_Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch
+ U_Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch
+ U_dix-Disallow-GenericEvent-in-SendEvent-request.patch
- Adapt patches to work with the new release:
+ u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
OBS-URL: https://build.opensuse.org/request/show/531711
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=676
If arc4random_buf() is not available for generating cookies:
* use getentropy(), if available (which was only recently added to
glibc)
* use getrandom() via syscall(), if available (there was no glibc
wrapper for this syscall for a long time)
* if all else fails, directly read from /dev/urandom as before, but
employ O_CLOEXEC, do an OsAbort() in case the random data couldn't be
read to avoid unsecure situations. Don't know if that's too hard a
measure but it shouldn't actually occur except on maximum number of
FDs reached
(bsc#1025084)
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=671