rpm/xorg-x11-server
SHA256
1
0
Fork 0
forked from pool/xorg-x11-server
Code Pull Requests Activity
904 Commits 2 Branches 0 Tags 18 MiB
56a97a1764
Commit Graph

904 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Dominique Leuenberger
56a97a1764 Accepting request 1190943 from X11:XOrg 
- Added U_xorg-xserver-e89edec497ba.patch to fix incompatible pointer
  type error with GCC 14.

OBS-URL: https://build.opensuse.org/request/show/1190943
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=433
 2024-08-02 15:25:34 +00:00
Stefan Dirsch
54057616e4 rename latest patch according to our X11:XOrg patch guidelines 
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=892
 2024-08-01 10:34:24 +00:00
Stefan Dirsch
6ff43929b0 Accepting request 1189636 from home:jamborm:gcc14test-m 
- Added xorg-xserver-e89edec497ba.patch to fix incompatible pointer
  type error with GCC 14.

If the request is OK, please forward it to Factory soon too so that we
can switch the default compiler.  Thanks!

OBS-URL: https://build.opensuse.org/request/show/1189636
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=891
 2024-08-01 10:31:47 +00:00
Ana Guerrero
5e96e458ad Accepting request 1188381 from X11:XOrg 
- u_fbdevhw_kernel6.9_break_fbdev_open.patch
  * Linux kernel v6.9 has changed the symlink to point to the
    parent device.  This breaks fbdev_open() detection logic.
    Change it to use the subsystem symlink instead which will
    remain stable (gitlab xserver issue#1714)

OBS-URL: https://build.opensuse.org/request/show/1188381
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=432
 2024-07-19 13:25:43 +00:00
Stefan Dirsch
d1a7e7ee12 - u_fbdevhw_kernel6.9_break_fbdev_open.patch 
* Linux kernel v6.9 has changed the symlink to point to the
    parent device.  This breaks fbdev_open() detection logic.
    Change it to use the subsystem symlink instead which will
    remain stable (gitlab xserver issue#1714)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=889
 2024-07-18 11:00:29 +00:00
Ana Guerrero
a9de2465e4 Accepting request 1180219 from X11:XOrg 
OBS-URL: https://build.opensuse.org/request/show/1180219
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=431
 2024-06-13 13:37:44 +00:00
Stefan Dirsch
2465782129 Accepting request 1180145 from home:dgarcia:branches:X11:XOrg 
- Fix python3 shebang in source python script to use specific python
  interpreter and remove dependency on /usr/bin/python3
  (bsc#1212476)

OBS-URL: https://build.opensuse.org/request/show/1180145
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=887
 2024-06-12 13:13:51 +00:00
Ana Guerrero
6a5a8cfee5 Accepting request 1166666 from X11:XOrg 
- U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
  * fixes regression for security fix for CVE-2024-31083 (bsc#1222312, 
    boo#1222442, gitlab xserver issue #1659)

OBS-URL: https://build.opensuse.org/request/show/1166666
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=430
 2024-04-11 17:40:24 +00:00
Stefan Dirsch
7cf27825ed - U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch 
* fixes regression for security fix for CVE-2024-31083 (bsc#1222312, 
    boo#1222442, gitlab xserver issue #1659)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=885
 2024-04-10 13:25:42 +00:00
Ana Guerrero
7861952257 Accepting request 1164516 from X11:XOrg 
- Security update 21.1.12
  This release addresses the following 4 security issues:
  * CVE-2024-31080
  * CVE-2024-31081
  * CVE-2024-31082
  * CVE-2024-31083
  Additionally it provides a way to disable byte-swapped clients either by
  command line flag or config option. This allows to turn off byte swapping
  code that has been a source of security problems lately.

OBS-URL: https://build.opensuse.org/request/show/1164516
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=429
 2024-04-04 20:24:46 +00:00
Stefan Dirsch
25a7aa1fcd - Security update 21.1.12 
This release addresses the following 4 security issues:
  * CVE-2024-31080
  * CVE-2024-31081
  * CVE-2024-31082
  * CVE-2024-31083
  Additionally it provides a way to disable byte-swapped clients either by
  command line flag or config option. This allows to turn off byte swapping
  code that has been a source of security problems lately.

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=883
 2024-04-04 08:26:50 +00:00
Ana Guerrero
ea487cfa07 Accepting request 1151681 from X11:XOrg 
OBS-URL: https://build.opensuse.org/request/show/1151681
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=428
 2024-02-27 21:44:47 +00:00
Stefan Dirsch
b5c8d1679f Accepting request 1151307 from home:dimstar:rpm4.20:x 
Prepare for RPM 4.20

OBS-URL: https://build.opensuse.org/request/show/1151307
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=881
 2024-02-26 13:55:25 +00:00
Ana Guerrero
f0d4ba78c8 Accepting request 1148344 from X11:XOrg 
- fix permissions of files in xorg-x11-server-source for tigervnc
  build later (needed since latest autoconf)

- Provide again xorg-x11-server-source
  * xwayland sources are not meant for a generic server.
  * https://github.com/TigerVNC/tigervnc/issues/1728

- Stop providing xorg-x11-server-source from xorg-x11-server
  * Now the sources are provided by xwayland because it is more updated.
  * Fixes bsc#1219892.

OBS-URL: https://build.opensuse.org/request/show/1148344
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=427
 2024-02-23 15:40:13 +00:00
Stefan Dirsch
acf968d516 - fix permissions of files in xorg-x11-server-source for tigervnc 
build later (needed since latest autoconf)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=879
 2024-02-20 20:40:13 +00:00
Stefan Dirsch
041c8cf369 Accepting request 1146918 from home:jtorres:branches:X11:XOrg 
- Provide again xorg-x11-server-source
  * xwayland sources are not meant for a generic server.
  * https://github.com/TigerVNC/tigervnc/issues/1728

OBS-URL: https://build.opensuse.org/request/show/1146918
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=878
 2024-02-15 18:36:36 +00:00
Stefan Dirsch
31a9dd9b98 Accepting request 1146793 from home:jtorres:branches:X11:XOrg 
- Stop providing xorg-x11-server-source from xorg-x11-server
  * Now the sources are provided by xwayland because it is more updated.
  * Fixes bsc#1219892.

OBS-URL: https://build.opensuse.org/request/show/1146793
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=877
 2024-02-15 11:54:17 +00:00
Ana Guerrero
e61d5aaba0 Accepting request 1146120 from X11:XOrg 
- Release 21.1.11 also covers fixes for security issue CVE-2022-46340
  and bug numbers bsc#1205874, bsc#1217765

- Release 21.1.11 covers fixes for the following bug numbers, which
  are not mentioned in this changelog before: bsc#1218845,
  bsc#1218846, bsc#1216261, bsc#1216133, bsc#1216135

- Release 21.1.11 supersedes the following patches still used with
  xorg-x11-server 21.1.4 on sle15-sp5/Leap 15.5 and not mentioned in
  this changelog as superseded before:
  * U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
  * U_bsc1216133-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
  * U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
  * U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch
  * U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
  * U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch
  * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
  * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
  * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
  * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
  * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
  * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
  * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
  * U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
  * U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch

- xserver sources of this release fixes segfault in Xvnc (bsc#1219311)

OBS-URL: https://build.opensuse.org/request/show/1146120
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=426
 2024-02-12 17:51:07 +00:00
Stefan Dirsch
670f3724ce - Release 21.1.11 also covers fixes for security issue CVE-2022-46340 
and bug numbers bsc#1205874, bsc#1217765

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=875
 2024-02-12 10:05:11 +00:00
Stefan Dirsch
2e97444477 - Release 21.1.11 covers fixes for the following bug numbers, which 
are not mentioned in this changelog before: bsc#1218845,
  bsc#1218846, bsc#1216261, bsc#1216133, bsc#1216135

- Release 21.1.11 supersedes the following patches still used with
  xorg-x11-server 21.1.4 on sle15-sp5/Leap 15.5 and not mentioned in
  this changelog as superseded before:
  * U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
  * U_bsc1216133-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
  * U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
  * U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch
  * U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
  * U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch
  * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
  * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
  * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
  * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
  * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
  * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
  * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
  * U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
  * U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=874
 2024-02-11 10:31:45 +00:00
Stefan Dirsch
a80075e194 - xserver sources of this release fixes segfault in Xvnc (bsc#1219311) 
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=873
 2024-02-09 20:19:15 +00:00
Ana Guerrero
974b5eefd5 Accepting request 1142261 from X11:XOrg 
- no longer (build-)require obsolete Xprint/XprintUtil

OBS-URL: https://build.opensuse.org/request/show/1142261
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=425
 2024-01-30 17:23:54 +00:00
Stefan Dirsch
17a63689f9 - no longer (build-)require obsolete Xprint/XprintUtil 
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=871
 2024-01-29 13:10:06 +00:00
Ana Guerrero
9e7dfe9bf7 Accepting request 1139223 from X11:XOrg 
- Update to version 21.1.11
  * This release contains fixes for the issues reported in today's security
    advisory: https://lists.x.org/archives/xorg/2024-January/061525.html
  * CVE-2023-6816  (bsc#1218582)
  * CVE-2024-0229  (bsc#1218583)
  * CVE-2024-21885 (bsc#1218584)
  * CVE-2024-21886 (bsc#1218585)
  * CVE-2024-0408
  * CVE-2024-0409
- supersedes the following patches
  * U_xephyr-Don-t-check-for-SeatId-anymore.patch
  * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
  * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch

OBS-URL: https://build.opensuse.org/request/show/1139223
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=424
 2024-01-17 21:15:03 +00:00
Stefan Dirsch
eac62a3a3b - Update to version 21.1.11 
* This release contains fixes for the issues reported in today's security
    advisory: https://lists.x.org/archives/xorg/2024-January/061525.html
  * CVE-2023-6816  (bsc#1218582)
  * CVE-2024-0229  (bsc#1218583)
  * CVE-2024-21885 (bsc#1218584)
  * CVE-2024-21886 (bsc#1218585)
  * CVE-2024-0408
  * CVE-2024-0409
- supersedes the following patches
  * U_xephyr-Don-t-check-for-SeatId-anymore.patch
  * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
  * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=869
 2024-01-16 14:20:49 +00:00
Ana Guerrero
4ac071937a Accepting request 1137765 from X11:XOrg 
- u_miCloseScreen_check_for_null_pScreen_dev_private.patch
  * miCloseScreen check for null pScreen dev private (bsc#1218176); 
    another regression introduced by 
    U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch

OBS-URL: https://build.opensuse.org/request/show/1137765
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=423
 2024-01-10 20:51:05 +00:00
Dominique Leuenberger
b0f021b69e Accepting request 1137260 from X11:XOrg 
- n_xserver-optimus-autoconfig-hack.patch
  u_randr-Do-not-crash-if-slave-screen-does-not-have-pro.patch
  u_xfree86-activate-GPU-screens-on-autobind.patch
  * check dixPrivateKeyRegistered(rrPrivKey) before calling
    rrGetScrPriv() to avoid xserver crash when Xinerama is enabled
    (boo#1218240)
 -------------------------------------------------------------------

OBS-URL: https://build.opensuse.org/request/show/1137260
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=422
 2024-01-07 20:39:07 +00:00
Stefan Dirsch
678de8e366 - u_miCloseScreen_check_for_null_pScreen_dev_private.patch 
* miCloseScreen check for null pScreen dev private (bsc#1218176); 
    another regression introduced by 
    U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=866
 2024-01-06 20:07:07 +00:00
Stefan Dirsch
605942037e - n_xserver-optimus-autoconfig-hack.patch 
u_randr-Do-not-crash-if-slave-screen-does-not-have-pro.patch
  u_xfree86-activate-GPU-screens-on-autobind.patch
  * check dixPrivateKeyRegistered(rrPrivKey) before calling
    rrGetScrPriv() to avoid xserver crash when Xinerama is enabled
    (boo#1218240)
 -------------------------------------------------------------------

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=865
 2024-01-06 15:21:02 +00:00
Ana Guerrero
8dca7e3f1a Accepting request 1132834 from X11:XOrg 
- U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
  * Out-of-bounds memory write in XKB button actions (CVE-2023-6377, 
    ZDI-CAN-22412, ZDI-CAN-22413, bsc#1217765)
- U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
  * Out-of-bounds memory read in RRChangeOutputProperty and
    RRChangeProviderProperty (CVE-2023-6478, ZDI-CAN-22561,
    bsc#1217766)

OBS-URL: https://build.opensuse.org/request/show/1132834
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=421
 2023-12-14 21:02:29 +00:00
Joan Torres
cdc2ed918d Added missing fixes on U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch. 
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=863
 2023-12-13 10:09:44 +00:00
Joan Torres
d3adf84eb2 - U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch 
* Out-of-bounds memory write in XKB button actions (CVE-2023-6377, 
    ZDI-CAN-22412, ZDI-CAN-22413, bsc#1217765)
- U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
  * Out-of-bounds memory read in RRChangeOutputProperty and
    RRChangeProviderProperty (CVE-2023-6478, ZDI-CAN-22561,
    bsc#1217766)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=862
 2023-12-13 09:18:18 +00:00
Ana Guerrero
28b3701e72 Accepting request 1120244 from X11:XOrg 
- Update to version 21.1.9
  * This release contains fixes for CVE-2023-5367, CVE-2023-5380
    and CVE-2023-5574 as reported in today's security advisory:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
- adjusted u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch

OBS-URL: https://build.opensuse.org/request/show/1120244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=420
 2023-10-25 16:02:08 +00:00
Stefan Dirsch
f2b0c39e9f * This release contains fixes for CVE-2023-5367, CVE-2023-5380 
and CVE-2023-5574 as reported in today's security advisory:

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=860
 2023-10-25 12:08:03 +00:00
Stefan Dirsch
5df1139ec3 - Update to version 21.1.9 
* This release contains fixes for CVE-2023-5367 and CVE-2023-5380 as
    reported in today's security advisory:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
- adjusted u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=859
 2023-10-25 11:29:21 +00:00
Dominique Leuenberger
b8eaf40ba1 Accepting request 1076666 from X11:XOrg 
OBS-URL: https://build.opensuse.org/request/show/1076666
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=419
 2023-04-02 17:16:56 +00:00
Stefan Dirsch
2444a577fa Accepting request 1076665 from home:iznogood:branches:X11:XOrg 
Tweak .changes entry from my previous sub - add CVE...

OBS-URL: https://build.opensuse.org/request/show/1076665
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=857
 2023-04-01 18:44:04 +00:00
Stefan Dirsch
648f5c3fe3 Accepting request 1076650 from home:iznogood:branches:X11:XOrg 
- Update to version 21.1.8:
  * composite: Fix use-after-free of the COW
  * xkbUtils: use existing symbol names instead of deleted
    deprecated ones
- Drop U_xserver-composite-Fix-use-after-free-of-the-COW.patch:
  Fixed upstream
- Switch back to tarball release, drop source service, add keyring
  and sig files.

OBS-URL: https://build.opensuse.org/request/show/1076650
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=856
 2023-04-01 17:59:31 +00:00
Dominique Leuenberger
5f4493c278 Accepting request 1075267 from X11:XOrg 
This can be checked in now https://lists.x.org/archives/xorg-announce/2023-March/003374.html

- U_xserver-composite-Fix-use-after-free-of-the-COW.patch
  * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866,
    bsc#1209543)

OBS-URL: https://build.opensuse.org/request/show/1075267
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=418
 2023-03-30 20:50:52 +00:00
Stefan Dirsch
d2f12e3cf3 - U_xserver-composite-Fix-use-after-free-of-the-COW.patch 
* overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866,
    bsc#1209543)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=854
 2023-03-29 13:38:58 +00:00
Dominique Leuenberger
b7578ba345 Accepting request 1063640 from X11:XOrg 
- Update to version xorg-server-21.1.7:
  * This release contains the fix for CVE-2023-0494 in today's security
    advisory: 
    https://lists.x.org/archives/xorg-announce/2023-February/003320.html
    It also fixes a second possible OOB access during EnqueueEvent and a
    crasher caused by ResourceClientBits not correctly honouring the
    MaxClients value in the configuration file.
- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch,
  U_xorg-server-oob-read-enqueue-event.patch

- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
  * DeepCopyPointerClasses use-after-free (CVE-2023-0494, 
    ZDI-CAN-19596, bsc#1207783)

OBS-URL: https://build.opensuse.org/request/show/1063640
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=417
 2023-02-08 16:19:52 +00:00
Stefan Dirsch
8832186295 - Update to version xorg-server-21.1.7: 
* This release contains the fix for CVE-2023-0494 in today's security
    advisory: 
    https://lists.x.org/archives/xorg-announce/2023-February/003320.html
    It also fixes a second possible OOB access during EnqueueEvent and a
    crasher caused by ResourceClientBits not correctly honouring the
    MaxClients value in the configuration file.
- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch,
  U_xorg-server-oob-read-enqueue-event.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=852
 2023-02-07 14:51:52 +00:00
Stefan Dirsch
ac6d09dc19 - U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch 
* DeepCopyPointerClasses use-after-free (CVE-2023-0494, 
    ZDI-CAN-19596, bsc#1207783)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=851
 2023-02-07 02:58:41 +00:00
Dominique Leuenberger
d6612caf84 Accepting request 1060975 from X11:XOrg 
- rename u_xorg-server-oob-read-enqueue-event.patch to 
  U_xorg-server-oob-read-enqueue-event.patch since it's already
  upstream

- Add u_xorg-server-oob-read-enqueue-event.patch: fix an
  out-of-bounds read in EnqueueEvent.

OBS-URL: https://build.opensuse.org/request/show/1060975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=416
 2023-01-26 12:57:05 +00:00
Stefan Dirsch
130596bd3a fixed patch name in specfile 
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=849
 2023-01-25 16:04:47 +00:00
Stefan Dirsch
07094f5b10 - rename u_xorg-server-oob-read-enqueue-event.patch to 
U_xorg-server-oob-read-enqueue-event.patch since it's already
  upstream

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=848
 2023-01-25 16:03:15 +00:00
Stefan Dirsch
8dd4b14442 Accepting request 1060712 from home:mgorse:branches:X11:XOrg 
- Add u_xorg-server-oob-read-enqueue-event.patch: fix an
  out-of-bounds read in EnqueueEvent.

OBS-URL: https://build.opensuse.org/request/show/1060712
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=847
 2023-01-25 15:59:41 +00:00
Dominique Leuenberger
efa6a83d96 Accepting request 1045913 from X11:XOrg 
OBS-URL: https://build.opensuse.org/request/show/1045913
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=415
 2023-01-01 08:38:20 +00:00
Stefan Dirsch
810aa51f71 Accepting request 1043805 from home:dirkmueller:Factory 
- Update to version xorg-server-21.1.6:
  * xserver 21.1.6
  * Xext: fix invalid event type mask in XTestSwapFakeInput
  * xkb: fix some possible memleaks in XkbGetKbdByName
  * xkb: proof GetCountedString against request length attacks
  * xquartz: Fix some formatting
  * XQuartz: stub: Call LSOpenApplication instead of fork()/exec()
- drop the following upstream patches:
  U_xkb-proof-GetCountedString-against-request-length-at.patch
  U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch

- Update to version xorg-server-21.1.5:
  * xkb: reset the radio_groups pointer to NULL after freeing it
  * Xi: avoid integer truncation in length check of ProcXIChangeProperty
  * Xi: return an error from XI property changes if verification failed
  * Xext: free the screen saver resource when replacing it
  * Xext: free the XvRTVideoNotify when turning off from the same client
  * Xi: disallow passive grabs with a detail > 255
  * Xtest: disallow GenericEvents in XTestSwapFakeInput
  * meson: Don't build COMPOSITE for XQuartz
  * xquartz: Move default applications list outside of the main executable
  * xquartz: Remove unused macro (X11LIBDIR)
- drop the following upstream patches:
  U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
  U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
  U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
  U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
  U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
  U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
  U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch

OBS-URL: https://build.opensuse.org/request/show/1043805
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=845
 2022-12-31 12:48:22 +00:00
Dominique Leuenberger
8cc638378f Accepting request 1042895 from X11:XOrg 
- U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
  * XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283,
    bsc#1206017)

- U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
  * Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265,
    CVE-2022-46340, bsc#1205874)
- U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
  * Xi: return an error from XI property changes if verification
    failed (no ZDI-CAN id, no CVE id, bsc#1205875)
- U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
  * Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405,
    CVE-2022-46344, bsc#1205876)
- U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
  * Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381,
    CVE-2022-46341, bsc#1205877)
- U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
  * Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404,
    CVE-2022-46343, bsc#1205878)
- U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
  * Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400,
    CVE-2022-46342, bsc#1205879)

OBS-URL: https://build.opensuse.org/request/show/1042895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=414
 2022-12-15 18:24:14 +00:00