This release addresses the following 4 security issues:
* CVE-2024-31080
* CVE-2024-31081
* CVE-2024-31082
* CVE-2024-31083
Additionally it provides a way to disable byte-swapped clients either by
command line flag or config option. This allows to turn off byte swapping
code that has been a source of security problems lately.
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=883
are not mentioned in this changelog before: bsc#1218845,
bsc#1218846, bsc#1216261, bsc#1216133, bsc#1216135
- Release 21.1.11 supersedes the following patches still used with
xorg-x11-server 21.1.4 on sle15-sp5/Leap 15.5 and not mentioned in
this changelog as superseded before:
* U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
* U_bsc1216133-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
* U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
* U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch
* U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
* U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch
* bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
* bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
* bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
* bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
* bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
* bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
* bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
* U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
* U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=874
u_randr-Do-not-crash-if-slave-screen-does-not-have-pro.patch
u_xfree86-activate-GPU-screens-on-autobind.patch
* check dixPrivateKeyRegistered(rrPrivKey) before calling
rrGetScrPriv() to avoid xserver crash when Xinerama is enabled
(boo#1218240)
-------------------------------------------------------------------
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=865
- Update to version xorg-server-21.1.6:
* xserver 21.1.6
* Xext: fix invalid event type mask in XTestSwapFakeInput
* xkb: fix some possible memleaks in XkbGetKbdByName
* xkb: proof GetCountedString against request length attacks
* xquartz: Fix some formatting
* XQuartz: stub: Call LSOpenApplication instead of fork()/exec()
- drop the following upstream patches:
U_xkb-proof-GetCountedString-against-request-length-at.patch
U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
- Update to version xorg-server-21.1.5:
* xkb: reset the radio_groups pointer to NULL after freeing it
* Xi: avoid integer truncation in length check of ProcXIChangeProperty
* Xi: return an error from XI property changes if verification failed
* Xext: free the screen saver resource when replacing it
* Xext: free the XvRTVideoNotify when turning off from the same client
* Xi: disallow passive grabs with a detail > 255
* Xtest: disallow GenericEvents in XTestSwapFakeInput
* meson: Don't build COMPOSITE for XQuartz
* xquartz: Move default applications list outside of the main executable
* xquartz: Remove unused macro (X11LIBDIR)
- drop the following upstream patches:
U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
OBS-URL: https://build.opensuse.org/request/show/1043805
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=845
* This release fixes 2 recently reported security vulnerabilities
in xkb, several regressions since 1.20.x and a number of
miscellaneous bugs.
- supersedes the following security patches
* U_boo1194181-001-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch
* U_boo1194179-001-xkb-rename-xkb_h-to-xkb-procs_h.patch
* U_boo1194179-002-xkb-add-request-length-validation-for-XkbSetGeometry.patch
- supersedes U_Fix-build-with-gcc-12.patch
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=829
* This release fixes 4 recently reported security vulnerabilities and
several regressions.
* In particular, the real physical dimensions are no longer reported
by the X server anymore as it was deemed to be a too disruptive
change. X server will continue to report DPI as 96.
- supersedes U_hw-xfree86-Propagate-physical-dimensions-from-DRM-co.patch
- supersedes U_rendercompositeglyphs.patch
- supersedes U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch
- supersedes U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
- supersedes U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=812
* CVE-2021-4009/ZDI-CAN-14950 (bsc#1190487)
The handler for the CreatePointerBarrier request of the XFixes
extension does not properly validate the request length leading
to out of bounds memory write.
- U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
* CVE-2021-4010/ZDI-CAN-14951 (bsc#1190488)
The handler for the Suspend request of the Screen Saver extension
does not properly validate the request length leading to out of
bounds memory write.
- U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
* CVE-2021-4011/ZDI-CAN-14952 (bsc#1190489)
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=811