rpm/xorg-x11-server
SHA256
1
0
Fork 0
forked from pool/xorg-x11-server
Code Pull Requests Activity

Compare commits

base: rpm:factory
Branches Tags
rpm:factory rpm:devel pool:slfo-1.2 pool:slfo-main pool:factory pool:devel
..
compare: pool:slfo-1.2
Branches Tags
pool:slfo-1.2 pool:slfo-main pool:factory pool:devel rpm:factory rpm:devel

24 Commits
factory ... slfo-1.2

Author SHA256 Message Date
Adrian Schröter
7cc9578cca Sync changes to SLFO-1.2 branch 2025-08-20 14:22:33 +02:00
Ana Guerrero
fd03d6b349 Accepting request 1287668 from X11:XOrg 
- U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch
  * additional fix for CVE-2025-49176

OBS-URL: https://build.opensuse.org/request/show/1287668
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=443
 2025-06-23 12:55:56 +00:00
Stefan Dirsch
7446a32443 - U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch 
* additional fix for CVE-2025-49176

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=915
 2025-06-22 12:24:21 +00:00
Ana Guerrero
59149ece2e Accepting request 1286394 from X11:XOrg 
- U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch
  * Out-of-bounds access in X Rendering extension (Animated cursors)
    (CVE-2025-49175, bsc#1244082)
- U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch
  * Integer overflow in Big Requests Extension
    (CVE-2025-49176, bsc#1244084)
- U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch
  * Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode)
    (CVE-2025-49177, bsc#1244085)
- U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch
  * Unprocessed client request via bytes to ignore 
    (CVE-2025-49178, bsc#1244087)
- U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch
  * Integer overflow in X Record extension
    (CVE-2025-49179, bsc#1244089)
- U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch
  U_CVE-2025-49180-xfree86-Check-for-RandR-provider-functions.patch
  * Integer overflow in RandR extension (RRChangeProviderProperty)
    (CVE-2025-49180, bsc#1244090)

OBS-URL: https://build.opensuse.org/request/show/1286394
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=442
 2025-06-18 17:30:29 +00:00
Stefan Dirsch
2c7b8ef9b5 - U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch 
* Out-of-bounds access in X Rendering extension (Animated cursors)
    (CVE-2025-49175, bsc#1244082)
- U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch
  * Integer overflow in Big Requests Extension
    (CVE-2025-49176, bsc#1244084)
- U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch
  * Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode)
    (CVE-2025-49177, bsc#1244085)
- U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch
  * Unprocessed client request via bytes to ignore 
    (CVE-2025-49178, bsc#1244087)
- U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch
  * Integer overflow in X Record extension
    (CVE-2025-49179, bsc#1244089)
- U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch
  U_CVE-2025-49180-xfree86-Check-for-RandR-provider-functions.patch
  * Integer overflow in RandR extension (RRChangeProviderProperty)
    (CVE-2025-49180, bsc#1244090)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=913
 2025-06-17 14:17:57 +00:00
Ana Guerrero
3041ad84d7 Accepting request 1267280 from X11:XOrg 
OBS-URL: https://build.opensuse.org/request/show/1267280
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=441
 2025-04-08 15:50:00 +00:00
Stefan Dirsch
2636acfb03 We have two new kernel drivers coming up that require Xorg workarounds. The patches in this submission request are pending for upstream Xorg, but can already go into TW. 
- Add u_xf86-Accept-devices-with-the-kernel-s-vesadrm-driver.patch: Enables
  Xorg to make use of the kernel's vesadrm driver. Taken from upstream. See
  the MR at https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1879.
  (bsc#1240624)
- Add u_xf86-Accept-devices-with-the-kernel-s-efidrm-driver.patch: Enables
  Xorg to make use of the kernel's efidrm driver. Taken from upstream. See
  the MR at https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1879.
  (bsc#1240624)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=911
 2025-04-05 13:08:41 +00:00
Ana Guerrero
23ca4343bc Accepting request 1254223 from X11:XOrg 
- U_CVE-2022-49737-dix-Hold-input-lock-for-AttachDevice.patch
  * Xorg may crash when client applications use easystroke for
    mouse gestures (CVE-2022-49737, bsc#1239750)

OBS-URL: https://build.opensuse.org/request/show/1254223
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=440
 2025-03-20 18:24:35 +00:00
Stefan Dirsch
f713bf9163 - U_CVE-2022-49737-dix-Hold-input-lock-for-AttachDevice.patch 
* Xorg may crash when client applications use easystroke for
    mouse gestures (CVE-2022-49737, bsc#1239750)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=909
 2025-03-18 18:44:03 +00:00
Dominique Leuenberger
590ad28c39 Accepting request 1248450 from X11:XOrg 
- U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch
  U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
  * Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
  * Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
  * Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
  * Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
  * Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
  U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
  * Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
  * Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
  U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
  U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
  U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
  * Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)

OBS-URL: https://build.opensuse.org/request/show/1248450
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=439
 2025-02-26 16:13:43 +00:00
Stefan Dirsch
f15e897874 - U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch 
U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
  * Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
  * Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
  * Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
  * Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
  * Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
  U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
  * Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
  * Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
  U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
  U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
  U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
  * Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=907
 2025-02-25 18:04:55 +00:00
Ana Guerrero
8d7e820a2d Accepting request 1234946 from X11:XOrg 
- get rid of %dnl usage (fails on SP7 due to unkonwn macro); also
  after latest change I now got an autodecline that patches in
  sources are not mentioned in specfile; just use '#patch ...'
  now for not applying a patch ...

- properly comment out also "PatchXX:" lines; since 
  'osc service runall source_validator' failed with latest change

- Properly comment out %patch lines: '#' still expands the macro, which
  makes build fail with rpm 4.20. Use %dnl instead.

- Update to relesae 21.1.15
  * dix-config.h: add HAVE_SOCKLEN_T definition
  * config: add a quirk for Apple Silicon appledrm
  * os: Fix assignment with incompatible pointer type
  * os: Fix siHostnameAddrMatch in the case where h_addr isn't defined
  * hw/xfree86: Fix -Wmissing-prototypes warnings
  * hw/xfree86: Fix -Wincompatible-pointer-types sbus compile failure

OBS-URL: https://build.opensuse.org/request/show/1234946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=438
 2025-01-06 15:04:34 +00:00
Stefan Dirsch
1765d3375b - get rid of %dnl usage (fails on SP7 due to unkonwn macro); also 
after latest change I now got an autodecline that patches in
  sources are not mentioned in specfile; just use '#patch ...'
  now for not applying a patch ...

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=905
 2025-01-04 19:03:00 +00:00
Stefan Dirsch
db8611d389 - properly comment out also "PatchXX:" lines; since 
'osc service runall source_validator' failed with latest change

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=904
 2025-01-04 18:39:27 +00:00
Stefan Dirsch
e5dafcdb78 - Properly comment out %patch lines: '#' still expands the macro, which 
makes build fail with rpm 4.20. Use %dnl instead.

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=903
 2025-01-04 11:20:09 +00:00
Stefan Dirsch
a3d641bfbd - Update to relesae 21.1.15 
* dix-config.h: add HAVE_SOCKLEN_T definition
  * config: add a quirk for Apple Silicon appledrm
  * os: Fix assignment with incompatible pointer type
  * os: Fix siHostnameAddrMatch in the case where h_addr isn't defined
  * hw/xfree86: Fix -Wmissing-prototypes warnings
  * hw/xfree86: Fix -Wincompatible-pointer-types sbus compile failure

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=902
 2025-01-04 10:36:31 +00:00
Ana Guerrero
8f6624618d Accepting request 1229142 from X11:XOrg 
- re-added and re-enabled u_xfree86-activate-GPU-screens-on-autobind.patch
  in order to fix the regression of a black screen in login screen
  (SDDM) on some hybrid graphics Laptop (Intel Meteor Lake-P/
  NVIDIA GeForce RTX 4060) (boo#1234301)

OBS-URL: https://build.opensuse.org/request/show/1229142
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=437
 2024-12-09 20:09:44 +00:00
Stefan Dirsch
a39f56179a - re-added and re-enabled u_xfree86-activate-GPU-screens-on-autobind.patch 
in order to fix the regression of a black screen in login screen
  (SDDM) on some hybrid graphics Laptop (Intel Meteor Lake-P/
  NVIDIA GeForce RTX 4060) (boo#1234301)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=900
 2024-12-08 19:14:45 +00:00
Ana Guerrero
214bcc86f2 Accepting request 1228313 from X11:XOrg 
- no longer apply and remove 
  u_xfree86-activate-GPU-screens-on-autobind.patch since it's
  no longer needed and might be harmful even ... (tested
  successfully on Thinkpad P16 with Intel/NVIDIA hybrid graphics)
- remove no longer applied and no longer needed patch 
  n_xserver-optimus-autoconfig-hack.patch (feature implemented
  upstream)

OBS-URL: https://build.opensuse.org/request/show/1228313
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=436
 2024-12-05 16:05:20 +00:00
Stefan Dirsch
f43fd6f711 - no longer apply and remove 
u_xfree86-activate-GPU-screens-on-autobind.patch since it's
  no longer needed and might be harmful even ... (tested
  successfully on Thinkpad P16 with Intel/NVIDIA hybrid graphics)
- remove no longer applied and no longer needed patch 
  n_xserver-optimus-autoconfig-hack.patch (feature implemented
  upstream)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=898
 2024-12-04 13:20:03 +00:00
Ana Guerrero
5674b3a8fa Accepting request 1221609 from X11:XOrg 
- 21.1.14 covers also
  * CVE-2024-31080 (bsc#1222309)
  * CVE-2024-31081 (bsc#1222310) 
  * CVE-2024-31082 (bsc#1222311)
  * CVE-2024-31083 (bsc#1222312)

- Security update 21.1.14
  This release addresses the following security issue
  * CVE-2024-9632: Heap-based buffer overflow privilege escalation
    in _XkbSetCompatMap (bsc#1231565)
- supersedes U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
- supersedes U_xorg-xserver-e89edec497ba.patch

OBS-URL: https://build.opensuse.org/request/show/1221609
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=435
 2024-11-06 15:49:21 +00:00
Stefan Dirsch
e8016ed6b3 - 21.1.14 covers also 
* CVE-2024-31080 (bsc#1222309)
  * CVE-2024-31081 (bsc#1222310) 
  * CVE-2024-31082 (bsc#1222311)
  * CVE-2024-31083 (bsc#1222312)

- Security update 21.1.14
  This release addresses the following security issue
  * CVE-2024-9632: Heap-based buffer overflow privilege escalation
    in _XkbSetCompatMap (bsc#1231565)
- supersedes U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
- supersedes U_xorg-xserver-e89edec497ba.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=896
 2024-10-29 19:23:13 +00:00
Ana Guerrero
dd81c855e7 Accepting request 1202929 from X11:XOrg 
- added conflicts to patterns-wsl-tmpfiles to Xserver packages
  as this patterns package creates a symlink from /tmp/.X11-unix to
  /mnt/wslg/.X11-unix and therefore prevents Xservers from creating
  this needed directory (bsc#1230755)

OBS-URL: https://build.opensuse.org/request/show/1202929
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=434
 2024-09-25 19:52:50 +00:00
Stefan Dirsch
3796c8f146 - added conflicts to patterns-wsl-tmpfiles to Xserver packages 
as this patterns package creates a symlink from /tmp/.X11-unix to
  /mnt/wslg/.X11-unix and therefore prevents Xservers from creating
  this needed directory (bsc#1230755)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=894
 2024-09-24 11:37:25 +00:00
32 changed files with 2371 additions and 498 deletions
Expand all files Collapse all files

83
U_CVE-2022-49737-dix-Hold-input-lock-for-AttachDevice.patch Normal file
View File

@@ -0,0 +1,83 @@
From dc7cb45482cea6ccec22d117ca0b489500b4d0a0 Mon Sep 17 00:00:00 2001
From: tholin <thomas.lindroth@gmail.com>
Date: Tue, 4 Jan 2022 12:08:11 +0000
Subject: [PATCH] dix: Hold input lock for AttachDevice()
Fix the following race:
Possible data race during read of size 8 at 0xA112510 by thread #6
Locks held: 1, at address 0x366B40
at 0x14C8B9: GetMaster (devices.c:2691)
by 0x15CFC5: IsFloating (events.c:346)
by 0x2B9554: miPointerGetScreen (mipointer.c:527)
by 0x1A5136: xf86PostButtonEventM (xf86Xinput.c:1379)
by 0x1A52BD: xf86PostButtonEvent (xf86Xinput.c:1345)
by 0x485F45B: EvdevProcessEvent (in /usr/lib64/xorg/modules/input/evdev_drv.so)
by 0x485FDAC: EvdevReadInput (in /usr/lib64/xorg/modules/input/evdev_drv.so)
by 0x195427: xf86ReadInput (xf86Events.c:247)
by 0x2CC113: InputReady (inputthread.c:180)
by 0x2CE4EA: ospoll_wait (ospoll.c:657)
by 0x2CC077: InputThreadDoWork (inputthread.c:369)
by 0x484A336: mythread_wrapper (hg_intercepts.c:406)
This conflicts with a previous write of size 8 by thread #1
Locks held: none
at 0x14D2C6: AttachDevice (devices.c:2609)
by 0x15CF85: ReattachToOldMaster (events.c:1457)
by 0x1647DD: DeactivateKeyboardGrab (events.c:1700)
by 0x25D7F1: ProcXIUngrabDevice (xigrabdev.c:169)
by 0x2552AD: ProcIDispatch (extinit.c:398)
by 0x155291: Dispatch (dispatch.c:479)
by 0x158CBA: dix_main (main.c:276)
by 0x143A3D: main (stubmain.c:34)
Address 0xa112510 is 336 bytes inside a block of size 904 alloc'd
at 0x4846571: calloc (vg_replace_malloc.c:1328)
by 0x14A0B3: AddInputDevice (devices.c:260)
by 0x1A31A0: xf86ActivateDevice (xf86Xinput.c:365)
by 0x1A4549: xf86NewInputDevice (xf86Xinput.c:948)
by 0x1A4B44: NewInputDeviceRequest (xf86Xinput.c:1090)
by 0x1B81FE: device_added (udev.c:282)
by 0x1B8516: config_udev_init (udev.c:439)
by 0x1B7091: config_init (config.c:50)
by 0x197970: InitInput (xf86Init.c:814)
by 0x158C6B: dix_main (main.c:250)
by 0x143A3D: main (stubmain.c:34)
Block was alloc'd by thread #1
The steps to trigger the race are:
1. Main thread does cleanup at mipointer.c:360 setting the slave device's
miPointerPtr to null.
2. Input thread use MIPOINTER in mipointer.c and get the slave's
miPointerPtr = null.
3. Main thread updates dev->master at devices.c:2609.
4. MIPOINTER would now return the master's miPointerPtr but the input
thread already got the slave's miPointerPtr in step 2 and segfaults by
null ptr deref.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260
Signed-off-by: Thomas Lindroth <thomas.lindroth@gmail.com>
---
dix/devices.c | 3 +++
1 file changed, 3 insertions(+)
Index: xorg-server-21.1.15/dix/devices.c
===================================================================
--- xorg-server-21.1.15.orig/dix/devices.c
+++ xorg-server-21.1.15/dix/devices.c
@@ -2672,6 +2672,8 @@ AttachDevice(ClientPtr client, DeviceInt
if (IsFloating(dev) && !master && dev->enabled)
return Success;
+ input_lock();
+
/* free the existing sprite. */
if (IsFloating(dev) && dev->spriteInfo->paired == dev) {
screen = miPointerGetScreen(dev);
@@ -2712,6 +2714,7 @@ AttachDevice(ClientPtr client, DeviceInt
RecalculateMasterButtons(master);
}
+ input_unlock();
/* XXX: in theory, the MD should change back to its old, original
* classes when the last SD is detached. Thanks to the XTEST devices,
* we'll always have an SD attached until the MD is removed.

49
U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch Normal file
View File

@@ -0,0 +1,49 @@
From efca605c45ff51b57f136222b966ce1d610ebc33 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 27 Nov 2024 11:27:05 +0100
Subject: [PATCH xserver 1/2] Cursor: Refuse to free the root cursor
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If a cursor reference count drops to 0, the cursor is freed.
The root cursor however is referenced with a specific global variable,
and when the root cursor is freed, the global variable may still point
to freed memory.
Make sure to prevent the rootCursor from being explicitly freed by a
client.
CVE-2025-26594, ZDI-CAN-25544
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
v2: Explicitly forbid XFreeCursor() on the root cursor (Peter Hutterer
<peter.hutterer@who-t.net>)
v3: Return BadCursor instead of BadValue (Michel Dänzer
<michel@daenzer.net>)
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Suggested-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
dix/dispatch.c | 4 ++++
1 file changed, 4 insertions(+)
Index: xwayland-22.1.5/dix/dispatch.c
===================================================================
--- xwayland-22.1.5.orig/dix/dispatch.c
+++ xwayland-22.1.5/dix/dispatch.c
@@ -3107,6 +3107,10 @@ ProcFreeCursor(ClientPtr client)
rc = dixLookupResourceByType((void **) &pCursor, stuff->id, RT_CURSOR,
client, DixDestroyAccess);
if (rc == Success) {
+ if (pCursor == rootCursor) {
+ client->errorValue = stuff->id;
+ return BadCursor;
+ }
FreeResource(stuff->id, RT_NONE);
return Success;
}

43
U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch Normal file
View File

@@ -0,0 +1,43 @@
From ded614e74e7175927dd2bc5ef69accaf2de29939 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed, 4 Dec 2024 15:49:43 +1000
Subject: [PATCH xserver 2/2] dix: keep a ref to the rootCursor
CreateCursor returns a cursor with refcount 1 - that refcount is used by
the resource system, any caller needs to call RefCursor to get their own
reference. That happens correctly for normal cursors but for our
rootCursor we keep a variable to the cursor despite not having a ref for
ourselves.
Fix this by reffing/unreffing the rootCursor to ensure our pointer is
valid.
Related to CVE-2025-26594, ZDI-CAN-25544
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
---
dix/main.c | 4 ++++
1 file changed, 4 insertions(+)
Index: xorg-server-21.1.14/dix/main.c
===================================================================
--- xorg-server-21.1.14.orig/dix/main.c
+++ xorg-server-21.1.14/dix/main.c
@@ -233,6 +233,8 @@ dix_main(int argc, char *argv[], char *e
FatalError("could not open default cursor font");
}
+ rootCursor = RefCursor(rootCursor);
+
#ifdef PANORAMIX
/*
* Consolidate window and colourmap information for each screen
@@ -275,6 +277,8 @@ dix_main(int argc, char *argv[], char *e
Dispatch();
+ UnrefCursor(rootCursor);
+
UndisplayDevices();
DisableAllDevices();

57
U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch Normal file
View File

@@ -0,0 +1,57 @@
From 98602942c143075ab7464f917e0fc5d31ce28c3f Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 27 Nov 2024 14:41:45 +0100
Subject: [PATCH xserver] xkb: Fix buffer overflow in XkbVModMaskText()
The code in XkbVModMaskText() allocates a fixed sized buffer on the
stack and copies the virtual mod name.
There's actually two issues in the code that can lead to a buffer
overflow.
First, the bound check mixes pointers and integers using misplaced
parenthesis, defeating the bound check.
But even though, if the check fails, the data is still copied, so the
stack overflow will occur regardless.
Change the logic to skip the copy entirely if the bound check fails.
CVE-2025-26595, ZDI-CAN-25545
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
xkb/xkbtext.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
Index: xwayland-22.1.5/xkb/xkbtext.c
===================================================================
--- xwayland-22.1.5.orig/xkb/xkbtext.c
+++ xwayland-22.1.5/xkb/xkbtext.c
@@ -175,14 +175,14 @@ XkbVModMaskText(XkbDescPtr xkb,
len = strlen(tmp) + 1 + (str == buf ? 0 : 1);
if (format == XkbCFile)
len += 4;
- if ((str - (buf + len)) <= VMOD_BUFFER_SIZE) {
- if (str != buf) {
- if (format == XkbCFile)
- *str++ = '|';
- else
- *str++ = '+';
- len--;
- }
+ if ((str - buf) + len > VMOD_BUFFER_SIZE)
+ continue; /* Skip */
+ if (str != buf) {
+ if (format == XkbCFile)
+ *str++ = '|';
+ else
+ *str++ = '+';
+ len--;
}
if (format == XkbCFile)
sprintf(str, "%sMask", tmp);

41
U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch Normal file
View File

@@ -0,0 +1,41 @@
From b41f6fce201e77a174550935330e2f7772d4adf9 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu, 28 Nov 2024 11:49:34 +0100
Subject: [PATCH xserver] xkb: Fix computation of XkbSizeKeySyms
The computation of the length in XkbSizeKeySyms() differs from what is
actually written in XkbWriteKeySyms(), leading to a heap overflow.
Fix the calculation in XkbSizeKeySyms() to match what kbWriteKeySyms()
does.
CVE-2025-26596, ZDI-CAN-25543
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
xkb/xkb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Index: xwayland-22.1.5/xkb/xkb.c
===================================================================
--- xwayland-22.1.5.orig/xkb/xkb.c
+++ xwayland-22.1.5/xkb/xkb.c
@@ -1093,10 +1093,10 @@ XkbSizeKeySyms(XkbDescPtr xkb, xkbGetMap
len = rep->nKeySyms * SIZEOF(xkbSymMapWireDesc);
symMap = &xkb->map->key_sym_map[rep->firstKeySym];
for (i = nSyms = 0; i < rep->nKeySyms; i++, symMap++) {
- if (symMap->offset != 0) {
- nSymsThisKey = XkbNumGroups(symMap->group_info) * symMap->width;
- nSyms += nSymsThisKey;
- }
+ nSymsThisKey = XkbNumGroups(symMap->group_info) * symMap->width;
+ if (nSymsThisKey == 0)
+ continue;
+ nSyms += nSymsThisKey;
}
len += nSyms * 4;
rep->totalSyms = nSyms;

38
U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch Normal file
View File

@@ -0,0 +1,38 @@
From c5114475db18f29d639537d60e135bdfc11a5d3a Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu, 28 Nov 2024 14:09:04 +0100
Subject: [PATCH xserver] xkb: Fix buffer overflow in XkbChangeTypesOfKey()
If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the
key syms to 0 but leave the key actions unchanged.
If later, the same function is called with a non-zero value for nGroups,
this will cause a buffer overflow because the key actions are of the wrong
size.
To avoid the issue, make sure to resize both the key syms and key actions
when nGroups is 0.
CVE-2025-26597, ZDI-CAN-25683
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
xkb/XKBMisc.c | 1 +
1 file changed, 1 insertion(+)
Index: xwayland-22.1.5/xkb/XKBMisc.c
===================================================================
--- xwayland-22.1.5.orig/xkb/XKBMisc.c
+++ xwayland-22.1.5/xkb/XKBMisc.c
@@ -553,6 +553,7 @@ XkbChangeTypesOfKey(XkbDescPtr xkb,
i = XkbSetNumGroups(i, 0);
xkb->map->key_sym_map[key].group_info = i;
XkbResizeKeySyms(xkb, key, 0);
+ XkbResizeKeyActions(xkb, key, 0);
return Success;
}

112
U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch Normal file
View File

@@ -0,0 +1,112 @@
From 0f5ea9d269ac6225bcb302a1ec0f58878114da9f Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 16 Dec 2024 11:25:11 +0100
Subject: [PATCH xserver] Xi: Fix barrier device search
The function GetBarrierDevice() would search for the pointer device
based on its device id and return the matching value, or supposedly NULL
if no match was found.
Unfortunately, as written, it would return the last element of the list
if no matching device id was found which can lead to out of bounds
memory access.
Fix the search function to return NULL if not matching device is found,
and adjust the callers to handle the case where the device cannot be
found.
CVE-2025-26598, ZDI-CAN-25740
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xi/xibarriers.c | 27 +++++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
Index: xwayland-22.1.5/Xi/xibarriers.c
===================================================================
--- xwayland-22.1.5.orig/Xi/xibarriers.c
+++ xwayland-22.1.5/Xi/xibarriers.c
@@ -129,14 +129,15 @@ static void FreePointerBarrierClient(str
static struct PointerBarrierDevice *GetBarrierDevice(struct PointerBarrierClient *c, int deviceid)
{
- struct PointerBarrierDevice *pbd = NULL;
+ struct PointerBarrierDevice *p, *pbd = NULL;
- xorg_list_for_each_entry(pbd, &c->per_device, entry) {
- if (pbd->deviceid == deviceid)
+ xorg_list_for_each_entry(p, &c->per_device, entry) {
+ if (p->deviceid == deviceid) {
+ pbd = p;
break;
+ }
}
- BUG_WARN(!pbd);
return pbd;
}
@@ -337,6 +338,9 @@ barrier_find_nearest(BarrierScreenPtr cs
double distance;
pbd = GetBarrierDevice(c, dev->id);
+ if (!pbd)
+ continue;
+
if (pbd->seen)
continue;
@@ -445,6 +449,9 @@ input_constrain_cursor(DeviceIntPtr dev,
nearest = &c->barrier;
pbd = GetBarrierDevice(c, master->id);
+ if (!pbd)
+ continue;
+
new_sequence = !pbd->hit;
pbd->seen = TRUE;
@@ -485,6 +492,9 @@ input_constrain_cursor(DeviceIntPtr dev,
int flags = 0;
pbd = GetBarrierDevice(c, master->id);
+ if (!pbd)
+ continue;
+
pbd->seen = FALSE;
if (!pbd->hit)
continue;
@@ -679,6 +689,9 @@ BarrierFreeBarrier(void *data, XID id)
continue;
pbd = GetBarrierDevice(c, dev->id);
+ if (!pbd)
+ continue;
+
if (!pbd->hit)
continue;
@@ -738,6 +751,8 @@ static void remove_master_func(void *res
barrier = container_of(b, struct PointerBarrierClient, barrier);
pbd = GetBarrierDevice(barrier, *deviceid);
+ if (!pbd)
+ return;
if (pbd->hit) {
BarrierEvent ev = {
@@ -903,6 +918,10 @@ ProcXIBarrierReleasePointer(ClientPtr cl
barrier = container_of(b, struct PointerBarrierClient, barrier);
pbd = GetBarrierDevice(barrier, dev->id);
+ if (!pbd) {
+ client->errorValue = dev->id;
+ return BadDevice;
+ }
if (pbd->barrier_event_id == event_id)
pbd->release_event_id = event_id;

59
U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch Normal file
View File

@@ -0,0 +1,59 @@
From 10a24e364ac15983051d0bb90817c88bbe107036 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Tue, 17 Dec 2024 15:19:45 +0100
Subject: [PATCH xserver 1/2] composite: Handle failure to redirect in
compRedirectWindow()
The function compCheckRedirect() may fail if it cannot allocate the
backing pixmap.
In that case, compRedirectWindow() will return a BadAlloc error.
However that failure code path will shortcut the validation of the
window tree marked just before, which leaves the validate data partly
initialized.
That causes a use of uninitialized pointer later.
The fix is to not shortcut the call to compHandleMarkedWindows() even in
the case of compCheckRedirect() returning an error.
CVE-2025-26599, ZDI-CAN-25851
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
---
composite/compalloc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Index: xwayland-24.1.4/composite/compalloc.c
===================================================================
--- xwayland-24.1.4.orig/composite/compalloc.c
+++ xwayland-24.1.4/composite/compalloc.c
@@ -140,6 +140,7 @@ compRedirectWindow(ClientPtr pClient, Wi
CompScreenPtr cs = GetCompScreen(pWin->drawable.pScreen);
WindowPtr pLayerWin;
Bool anyMarked = FALSE;
+ int status = Success;
if (pWin == cs->pOverlayWin) {
return Success;
@@ -218,13 +219,13 @@ compRedirectWindow(ClientPtr pClient, Wi
if (!compCheckRedirect(pWin)) {
FreeResource(ccw->id, RT_NONE);
- return BadAlloc;
+ status = BadAlloc;
}
if (anyMarked)
compHandleMarkedWindows(pWin, pLayerWin);
- return Success;
+ return status;
}
void

121
U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch Normal file
View File

@@ -0,0 +1,121 @@
From f5ce639ff9d3af05e79efce6c51e084352d28ed1 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 13 Jan 2025 16:09:43 +0100
Subject: [PATCH xserver 2/2] composite: initialize border clip even when
pixmap alloc fails
If it fails to allocate the pixmap, the function compAllocPixmap() would
return early and leave the borderClip region uninitialized, which may
lead to the use of uninitialized value as reported by valgrind:
Conditional jump or move depends on uninitialised value(s)
at 0x4F9B33: compClipNotify (compwindow.c:317)
by 0x484FC9: miComputeClips (mivaltree.c:476)
by 0x48559A: miValidateTree (mivaltree.c:679)
by 0x4F0685: MapWindow (window.c:2693)
by 0x4A344A: ProcMapWindow (dispatch.c:922)
by 0x4A25B5: Dispatch (dispatch.c:560)
by 0x4B082A: dix_main (main.c:282)
by 0x429233: main (stubmain.c:34)
Uninitialised value was created by a heap allocation
at 0x4841866: malloc (vg_replace_malloc.c:446)
by 0x4F47BC: compRedirectWindow (compalloc.c:171)
by 0x4FA8AD: compCreateWindow (compwindow.c:592)
by 0x4EBB89: CreateWindow (window.c:925)
by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
by 0x4A25B5: Dispatch (dispatch.c:560)
by 0x4B082A: dix_main (main.c:282)
by 0x429233: main (stubmain.c:34)
Conditional jump or move depends on uninitialised value(s)
at 0x48EEDBC: pixman_region_translate (pixman-region.c:2233)
by 0x4F9255: RegionTranslate (regionstr.h:312)
by 0x4F9B7E: compClipNotify (compwindow.c:319)
by 0x484FC9: miComputeClips (mivaltree.c:476)
by 0x48559A: miValidateTree (mivaltree.c:679)
by 0x4F0685: MapWindow (window.c:2693)
by 0x4A344A: ProcMapWindow (dispatch.c:922)
by 0x4A25B5: Dispatch (dispatch.c:560)
by 0x4B082A: dix_main (main.c:282)
by 0x429233: main (stubmain.c:34)
Uninitialised value was created by a heap allocation
at 0x4841866: malloc (vg_replace_malloc.c:446)
by 0x4F47BC: compRedirectWindow (compalloc.c:171)
by 0x4FA8AD: compCreateWindow (compwindow.c:592)
by 0x4EBB89: CreateWindow (window.c:925)
by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
by 0x4A25B5: Dispatch (dispatch.c:560)
by 0x4B082A: dix_main (main.c:282)
by 0x429233: main (stubmain.c:34)
Conditional jump or move depends on uninitialised value(s)
at 0x48EEE33: UnknownInlinedFun (pixman-region.c:2241)
by 0x48EEE33: pixman_region_translate (pixman-region.c:2225)
by 0x4F9255: RegionTranslate (regionstr.h:312)
by 0x4F9B7E: compClipNotify (compwindow.c:319)
by 0x484FC9: miComputeClips (mivaltree.c:476)
by 0x48559A: miValidateTree (mivaltree.c:679)
by 0x4F0685: MapWindow (window.c:2693)
by 0x4A344A: ProcMapWindow (dispatch.c:922)
by 0x4A25B5: Dispatch (dispatch.c:560)
by 0x4B082A: dix_main (main.c:282)
by 0x429233: main (stubmain.c:34)
Uninitialised value was created by a heap allocation
at 0x4841866: malloc (vg_replace_malloc.c:446)
by 0x4F47BC: compRedirectWindow (compalloc.c:171)
by 0x4FA8AD: compCreateWindow (compwindow.c:592)
by 0x4EBB89: CreateWindow (window.c:925)
by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
by 0x4A25B5: Dispatch (dispatch.c:560)
by 0x4B082A: dix_main (main.c:282)
by 0x429233: main (stubmain.c:34)
Fix compAllocPixmap() to initialize the border clip even if the creation
of the backing pixmap has failed, to avoid depending later on
uninitialized border clip values.
Related to CVE-2025-26599, ZDI-CAN-25851
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
---
composite/compalloc.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
Index: xwayland-24.1.4/composite/compalloc.c
===================================================================
--- xwayland-24.1.4.orig/composite/compalloc.c
+++ xwayland-24.1.4/composite/compalloc.c
@@ -606,9 +606,12 @@ compAllocPixmap(WindowPtr pWin)
int h = pWin->drawable.height + (bw << 1);
PixmapPtr pPixmap = compNewPixmap(pWin, x, y, w, h);
CompWindowPtr cw = GetCompWindow(pWin);
+ Bool status;
- if (!pPixmap)
- return FALSE;
+ if (!pPixmap) {
+ status = FALSE;
+ goto out;
+ }
if (cw->update == CompositeRedirectAutomatic)
pWin->redirectDraw = RedirectDrawAutomatic;
else
@@ -622,14 +625,16 @@ compAllocPixmap(WindowPtr pWin)
DamageRegister(&pWin->drawable, cw->damage);
cw->damageRegistered = TRUE;
}
+ status = TRUE;
+out:
/* Make sure our borderClip is up to date */
RegionUninit(&cw->borderClip);
RegionCopy(&cw->borderClip, &pWin->borderClip);
cw->borderClipX = pWin->drawable.x;
cw->borderClipY = pWin->drawable.y;
- return TRUE;
+ return status;
}
void

61
U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch Normal file
View File

@@ -0,0 +1,61 @@
From 70ad5d36ae80f6e5a436eabfee642c2c013e51cc Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 16 Dec 2024 16:18:04 +0100
Subject: [PATCH xserver] dix: Dequeue pending events on frozen device on
removal
When a device is removed while still frozen, the events queued for that
device remain while the device itself is freed.
As a result, replaying the events will cause a use after free.
To avoid the issue, make sure to dequeue and free any pending events on
a frozen device when removed.
CVE-2025-26600, ZDI-CAN-25871
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
dix/devices.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
Index: xorg-server-21.1.14/dix/devices.c
===================================================================
--- xorg-server-21.1.14.orig/dix/devices.c
+++ xorg-server-21.1.14/dix/devices.c
@@ -963,6 +963,23 @@ FreeAllDeviceClasses(ClassesPtr classes)
}
+static void
+FreePendingFrozenDeviceEvents(DeviceIntPtr dev)
+{
+ QdEventPtr qe, tmp;
+
+ if (!dev->deviceGrab.sync.frozen)
+ return;
+
+ /* Dequeue any frozen pending events */
+ xorg_list_for_each_entry_safe(qe, tmp, &syncEvents.pending, next) {
+ if (qe->device == dev) {
+ xorg_list_del(&qe->next);
+ free(qe);
+ }
+ }
+}
+
/**
* Close down a device and free all resources.
* Once closed down, the driver will probably not expect you that you'll ever
@@ -1027,6 +1044,7 @@ CloseDevice(DeviceIntPtr dev)
free(dev->last.touches[j].valuators);
free(dev->last.touches);
dev->config_info = NULL;
+ FreePendingFrozenDeviceEvents(dev);
dixFreePrivates(dev->devPrivates, PRIVATE_DEVICE);
free(dev);
}

63
U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch Normal file
View File

@@ -0,0 +1,63 @@
From 573a2265aacfeaddcc1bb001905a6f7d4fa15ee6 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 20 Jan 2025 16:52:01 +0100
Subject: [PATCH xserver 1/4] sync: Do not let sync objects uninitialized
When changing an alarm, the change mask values are evaluated one after
the other, changing the trigger values as requested and eventually,
SyncInitTrigger() is called.
SyncInitTrigger() will evaluate the XSyncCACounter first and may free
the existing sync object.
Other changes are then evaluated and may trigger an error and an early
return, not adding the new sync object.
This can be used to cause a use after free when the alarm eventually
triggers.
To avoid the issue, delete the existing sync object as late as possible
only once we are sure that no further error will cause an early exit.
CVE-2025-26601, ZDI-CAN-25870
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xext/sync.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
Index: xwayland-22.1.5/Xext/sync.c
===================================================================
--- xwayland-22.1.5.orig/Xext/sync.c
+++ xwayland-22.1.5/Xext/sync.c
@@ -329,11 +329,6 @@ SyncInitTrigger(ClientPtr client, SyncTr
client->errorValue = syncObject;
return rc;
}
- if (pSync != pTrigger->pSync) { /* new counter for trigger */
- SyncDeleteTriggerFromSyncObject(pTrigger);
- pTrigger->pSync = pSync;
- newSyncObject = TRUE;
- }
}
/* if system counter, ask it what the current value is */
@@ -401,6 +396,14 @@ SyncInitTrigger(ClientPtr client, SyncTr
}
}
+ if (changes & XSyncCACounter) {
+ if (pSync != pTrigger->pSync) { /* new counter for trigger */
+ SyncDeleteTriggerFromSyncObject(pTrigger);
+ pTrigger->pSync = pSync;
+ newSyncObject = TRUE;
+ }
+ }
+
/* we wait until we're sure there are no errors before registering
* a new counter on a trigger
*/

77
U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch Normal file
View File

@@ -0,0 +1,77 @@
From 7dc3f11abb51cad8a59ecbff5278c8c8a318df41 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 20 Jan 2025 16:54:30 +0100
Subject: [PATCH xserver 2/4] sync: Check values before applying changes
In SyncInitTrigger(), we would set the CheckTrigger function before
validating the counter value.
As a result, if the counter value overflowed, we would leave the
function SyncInitTrigger() with the CheckTrigger applied but without
updating the trigger object.
To avoid that issue, move the portion of code checking for the trigger
check value before updating the CheckTrigger function.
Related to CVE-2025-26601, ZDI-CAN-25870
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xext/sync.c | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
Index: xwayland-22.1.5/Xext/sync.c
===================================================================
--- xwayland-22.1.5.orig/Xext/sync.c
+++ xwayland-22.1.5/Xext/sync.c
@@ -350,6 +350,24 @@ SyncInitTrigger(ClientPtr client, SyncTr
}
}
+ if (changes & (XSyncCAValueType | XSyncCAValue)) {
+ if (pTrigger->value_type == XSyncAbsolute)
+ pTrigger->test_value = pTrigger->wait_value;
+ else { /* relative */
+ Bool overflow;
+
+ if (pCounter == NULL)
+ return BadMatch;
+
+ overflow = checked_int64_add(&pTrigger->test_value,
+ pCounter->value, pTrigger->wait_value);
+ if (overflow) {
+ client->errorValue = pTrigger->wait_value >> 32;
+ return BadValue;
+ }
+ }
+ }
+
if (changes & XSyncCATestType) {
if (pSync && SYNC_FENCE == pSync->type) {
@@ -376,24 +394,6 @@ SyncInitTrigger(ClientPtr client, SyncTr
return BadValue;
}
}
- }
-
- if (changes & (XSyncCAValueType | XSyncCAValue)) {
- if (pTrigger->value_type == XSyncAbsolute)
- pTrigger->test_value = pTrigger->wait_value;
- else { /* relative */
- Bool overflow;
-
- if (pCounter == NULL)
- return BadMatch;
-
- overflow = checked_int64_add(&pTrigger->test_value,
- pCounter->value, pTrigger->wait_value);
- if (overflow) {
- client->errorValue = pTrigger->wait_value >> 32;
- return BadValue;
- }
- }
}
if (changes & XSyncCACounter) {

44
U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch Normal file
View File

@@ -0,0 +1,44 @@
From 4ccaa5134482b6be9c9a7f0b66cd221ef325d082 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 20 Jan 2025 17:06:07 +0100
Subject: [PATCH xserver 3/4] sync: Do not fail SyncAddTriggerToSyncObject()
We do not want to return a failure at the very last step in
SyncInitTrigger() after having all changes applied.
SyncAddTriggerToSyncObject() must not fail on memory allocation, if the
allocation of the SyncTriggerList fails, trigger a FatalError() instead.
Related to CVE-2025-26601, ZDI-CAN-25870
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xext/sync.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
Index: xwayland-22.1.5/Xext/sync.c
===================================================================
--- xwayland-22.1.5.orig/Xext/sync.c
+++ xwayland-22.1.5/Xext/sync.c
@@ -199,8 +199,8 @@ SyncAddTriggerToSyncObject(SyncTrigger *
return Success;
}
- if (!(pCur = malloc(sizeof(SyncTriggerList))))
- return BadAlloc;
+ /* Failure is not an option, it's succeed or burst! */
+ pCur = XNFalloc(sizeof(SyncTriggerList));
pCur->pTrigger = pTrigger;
pCur->next = pTrigger->pSync->pTriglist;
@@ -408,8 +408,7 @@ SyncInitTrigger(ClientPtr client, SyncTr
* a new counter on a trigger
*/
if (newSyncObject) {
- if ((rc = SyncAddTriggerToSyncObject(pTrigger)) != Success)
- return rc;
+ SyncAddTriggerToSyncObject(pTrigger);
}
else if (pCounter && IsSystemCounter(pCounter)) {
SyncComputeBracketValues(pCounter);

126
U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch Normal file
View File

@@ -0,0 +1,126 @@
From f0984082067f79b45383fa1eb889c6a901667331 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 20 Jan 2025 17:10:31 +0100
Subject: [PATCH xserver 4/4] sync: Apply changes last in
SyncChangeAlarmAttributes()
SyncChangeAlarmAttributes() would apply the various changes while
checking for errors.
If one of the changes triggers an error, the changes for the trigger,
counter or delta value would remain, possibly leading to inconsistent
changes.
Postpone the actual changes until we're sure nothing else can go wrong.
Related to CVE-2025-26601, ZDI-CAN-25870
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xext/sync.c | 42 +++++++++++++++++++++++++++---------------
1 file changed, 27 insertions(+), 15 deletions(-)
Index: xwayland-22.1.5/Xext/sync.c
===================================================================
--- xwayland-22.1.5.orig/Xext/sync.c
+++ xwayland-22.1.5/Xext/sync.c
@@ -799,8 +799,14 @@ SyncChangeAlarmAttributes(ClientPtr clie
int status;
XSyncCounter counter;
Mask origmask = mask;
-
- counter = pAlarm->trigger.pSync ? pAlarm->trigger.pSync->id : None;
+ SyncTrigger trigger;
+ Bool select_events_changed = FALSE;
+ Bool select_events_value;
+ int64_t delta;
+
+ trigger = pAlarm->trigger;
+ delta = pAlarm->delta;
+ counter = trigger.pSync ? trigger.pSync->id : None;
while (mask) {
int index2 = lowbit(mask);
@@ -816,24 +822,24 @@ SyncChangeAlarmAttributes(ClientPtr clie
case XSyncCAValueType:
mask &= ~XSyncCAValueType;
/* sanity check in SyncInitTrigger */
- pAlarm->trigger.value_type = *values++;
+ trigger.value_type = *values++;
break;
case XSyncCAValue:
mask &= ~XSyncCAValue;
- pAlarm->trigger.wait_value = ((int64_t)values[0] << 32) | values[1];
+ trigger.wait_value = ((int64_t)values[0] << 32) | values[1];
values += 2;
break;
case XSyncCATestType:
mask &= ~XSyncCATestType;
/* sanity check in SyncInitTrigger */
- pAlarm->trigger.test_type = *values++;
+ trigger.test_type = *values++;
break;
case XSyncCADelta:
mask &= ~XSyncCADelta;
- pAlarm->delta = ((int64_t)values[0] << 32) | values[1];
+ delta = ((int64_t)values[0] << 32) | values[1];
values += 2;
break;
@@ -843,10 +849,8 @@ SyncChangeAlarmAttributes(ClientPtr clie
client->errorValue = *values;
return BadValue;
}
- status = SyncEventSelectForAlarm(pAlarm, client,
- (Bool) (*values++));
- if (status != Success)
- return status;
+ select_events_value = (Bool) (*values++);
+ select_events_changed = TRUE;
break;
default:
@@ -855,25 +859,33 @@ SyncChangeAlarmAttributes(ClientPtr clie
}
}
+ if (select_events_changed) {
+ status = SyncEventSelectForAlarm(pAlarm, client, select_events_value);
+ if (status != Success)
+ return status;
+ }
+
/* "If the test-type is PositiveComparison or PositiveTransition
* and delta is less than zero, or if the test-type is
* NegativeComparison or NegativeTransition and delta is
* greater than zero, a Match error is generated."
*/
if (origmask & (XSyncCADelta | XSyncCATestType)) {
- if ((((pAlarm->trigger.test_type == XSyncPositiveComparison) ||
- (pAlarm->trigger.test_type == XSyncPositiveTransition))
- && pAlarm->delta < 0)
+ if ((((trigger.test_type == XSyncPositiveComparison) ||
+ (trigger.test_type == XSyncPositiveTransition))
+ && delta < 0)
||
- (((pAlarm->trigger.test_type == XSyncNegativeComparison) ||
- (pAlarm->trigger.test_type == XSyncNegativeTransition))
- && pAlarm->delta > 0)
+ (((trigger.test_type == XSyncNegativeComparison) ||
+ (trigger.test_type == XSyncNegativeTransition))
+ && delta > 0)
) {
return BadMatch;
}
}
/* postpone this until now, when we're sure nothing else can go wrong */
+ pAlarm->delta = delta;
+ pAlarm->trigger = trigger;
if ((status = SyncInitTrigger(client, &pAlarm->trigger, counter, RTCounter,
origmask & XSyncCAAllTrigger)) != Success)
return status;

83
U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch Normal file
View File

@@ -0,0 +1,83 @@
From 8c5f521c0492941794301afe107a2ee5030128af Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Fri, 28 Mar 2025 09:43:52 +0100
Subject: [PATCH xserver] render: Avoid 0 or less animated cursors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Animated cursors use a series of cursors that the client can set.
By default, the Xserver assumes at least one cursor is specified
while a client may actually pass no cursor at all.
That causes an out-of-bound read creating the animated cursor and a
crash of the Xserver:
| Invalid read of size 8
| at 0x5323F4: AnimCursorCreate (animcur.c:325)
| by 0x52D4C5: ProcRenderCreateAnimCursor (render.c:1817)
| by 0x52DC80: ProcRenderDispatch (render.c:1999)
| by 0x4A1E9D: Dispatch (dispatch.c:560)
| by 0x4B0169: dix_main (main.c:284)
| by 0x4287F5: main (stubmain.c:34)
| Address 0x59aa010 is 0 bytes after a block of size 0 alloc'd
| at 0x48468D3: reallocarray (vg_replace_malloc.c:1803)
| by 0x52D3DA: ProcRenderCreateAnimCursor (render.c:1802)
| by 0x52DC80: ProcRenderDispatch (render.c:1999)
| by 0x4A1E9D: Dispatch (dispatch.c:560)
| by 0x4B0169: dix_main (main.c:284)
| by 0x4287F5: main (stubmain.c:34)
|
| Invalid read of size 2
| at 0x5323F7: AnimCursorCreate (animcur.c:325)
| by 0x52D4C5: ProcRenderCreateAnimCursor (render.c:1817)
| by 0x52DC80: ProcRenderDispatch (render.c:1999)
| by 0x4A1E9D: Dispatch (dispatch.c:560)
| by 0x4B0169: dix_main (main.c:284)
| by 0x4287F5: main (stubmain.c:34)
| Address 0x8 is not stack'd, malloc'd or (recently) free'd
To avoid the issue, check the number of cursors specified and return a
BadValue error in both the proc handler (early) and the animated cursor
creation (as this is a public function) if there is 0 or less cursor.
CVE-2025-49175
This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: José Expósito <jexposit@redhat.com>
---
render/animcur.c | 3 +++
render/render.c | 2 ++
2 files changed, 5 insertions(+)
Index: xorg-server-21.1.15/render/animcur.c
===================================================================
--- xorg-server-21.1.15.orig/render/animcur.c
+++ xorg-server-21.1.15/render/animcur.c
@@ -304,6 +304,9 @@ AnimCursorCreate(CursorPtr *cursors, CAR
int rc = BadAlloc, i;
AnimCurPtr ac;
+ if (ncursor <= 0)
+ return BadValue;
+
for (i = 0; i < screenInfo.numScreens; i++)
if (!GetAnimCurScreen(screenInfo.screens[i]))
return BadImplementation;
Index: xorg-server-21.1.15/render/render.c
===================================================================
--- xorg-server-21.1.15.orig/render/render.c
+++ xorg-server-21.1.15/render/render.c
@@ -1795,6 +1795,8 @@ ProcRenderCreateAnimCursor(ClientPtr cli
ncursor =
(client->req_len -
(bytes_to_int32(sizeof(xRenderCreateAnimCursorReq)))) >> 1;
+ if (ncursor <= 0)
+ return BadValue;
cursors = xallocarray(ncursor, sizeof(CursorPtr) + sizeof(CARD32));
if (!cursors)
return BadAlloc;

30
U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch Normal file
View File

@@ -0,0 +1,30 @@
From 4fc4d76b2c7aaed61ed2653f997783a3714c4fe1 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 18 Jun 2025 08:39:02 +0200
Subject: [PATCH] os: Check for integer overflow on BigRequest length
Check for another possible integer overflow once we get a complete xReq
with BigRequest.
Related to CVE-2025-49176
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Suggested-by: Peter Harris <pharris2@rocketsoftware.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2028>
---
os/io.c | 2 ++
1 file changed, 2 insertions(+)
Index: xorg-server-21.1.15/os/io.c
===================================================================
--- xorg-server-21.1.15.orig/os/io.c
+++ xorg-server-21.1.15/os/io.c
@@ -395,6 +395,8 @@ ReadRequestFromClient(ClientPtr client)
needed = get_big_req_len(request, client);
}
client->req_len = needed;
+ if (needed > MAXINT >> 2)
+ return -(BadLength);
needed <<= 2;
}
if (gotnow < needed) {

84
U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch Normal file
View File

@@ -0,0 +1,84 @@
From d725dfd9455ab1e5393ec46f1cd725e3a784b9cc Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 7 Apr 2025 16:13:34 +0200
Subject: [PATCH xserver] os: Do not overflow the integer size with BigRequest
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The BigRequest extension allows request larger than the 16-bit length
limit.
It uses integers for the request length and checks for the size not to
exceed the maxBigRequestSize limit, but does so after translating the
length to integer by multiplying the given size in bytes by 4.
In doing so, it might overflow the integer size limit before actually
checking for the overflow, defeating the purpose of the test.
To avoid the issue, make sure to check that the request size does not
overflow the maxBigRequestSize limit prior to any conversion.
The caller Dispatch() function however expects the return value to be in
bytes, so we cannot just return the converted value in case of error, as
that would also overflow the integer size.
To preserve the existing API, we use a negative value for the X11 error
code BadLength as the function only return positive values, 0 or -1 and
update the caller Dispatch() function to take that case into account to
return the error code to the offending client.
CVE-2025-49176
This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
---
dix/dispatch.c | 9 +++++----
os/io.c | 4 ++++
2 files changed, 9 insertions(+), 4 deletions(-)
Index: xorg-server-21.1.15/dix/dispatch.c
===================================================================
--- xorg-server-21.1.15.orig/dix/dispatch.c
+++ xorg-server-21.1.15/dix/dispatch.c
@@ -518,9 +518,10 @@ Dispatch(void)
/* now, finally, deal with client requests */
result = ReadRequestFromClient(client);
- if (result <= 0) {
- if (result < 0)
- CloseDownClient(client);
+ if (result == 0)
+ break;
+ else if (result == -1) {
+ CloseDownClient(client);
break;
}
@@ -541,7 +542,7 @@ Dispatch(void)
client->index,
client->requestBuffer);
#endif
- if (result > (maxBigRequestSize << 2))
+ if (result < 0 || result > (maxBigRequestSize << 2))
result = BadLength;
else {
result = XaceHookDispatch(client, client->majorOp);
Index: xorg-server-21.1.15/os/io.c
===================================================================
--- xorg-server-21.1.15.orig/os/io.c
+++ xorg-server-21.1.15/os/io.c
@@ -296,6 +296,10 @@ ReadRequestFromClient(ClientPtr client)
needed = get_big_req_len(request, client);
}
client->req_len = needed;
+ if (needed > MAXINT >> 2) {
+ /* Check for potential integer overflow */
+ return -(BadLength);
+ }
needed <<= 2; /* needed is in bytes now */
}
if (gotnow < needed) {

47
U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch Normal file
View File

@@ -0,0 +1,47 @@
From eb1c0386535c5a6451cbf21ca351087ebfafb025 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 28 Apr 2025 10:05:36 +0200
Subject: [PATCH xserver] xfixes: Check request length for
SetClientDisconnectMode
The handler of XFixesSetClientDisconnectMode does not check the client
request length.
A client could send a shorter request and read data from a former
request.
Fix the issue by checking the request size matches.
CVE-2025-49177
This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.
Fixes: e167299f6 - xfixes: Add ClientDisconnectMode
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
xfixes/disconnect.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: xorg-server-21.1.15/xfixes/disconnect.c
===================================================================
--- xorg-server-21.1.15.orig/xfixes/disconnect.c
+++ xorg-server-21.1.15/xfixes/disconnect.c
@@ -67,6 +67,7 @@ ProcXFixesSetClientDisconnectMode(Client
ClientDisconnectPtr pDisconnect = GetClientDisconnect(client);
REQUEST(xXFixesSetClientDisconnectModeReq);
+ REQUEST_SIZE_MATCH(xXFixesSetClientDisconnectModeReq);
pDisconnect->disconnect_mode = stuff->disconnect_mode;
@@ -80,7 +81,7 @@ SProcXFixesSetClientDisconnectMode(Clien
swaps(&stuff->length);
- REQUEST_AT_LEAST_SIZE(xXFixesSetClientDisconnectModeReq);
+ REQUEST_SIZE_MATCH(xXFixesSetClientDisconnectModeReq);
swapl(&stuff->disconnect_mode);

45
U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch Normal file
View File

@@ -0,0 +1,45 @@
From 247f1622fa8d48783b4ed5d5154791c171f00e18 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 28 Apr 2025 10:46:03 +0200
Subject: [PATCH xserver] os: Account for bytes to ignore when sharing input
buffer
When reading requests from the clients, the input buffer might be shared
and used between different clients.
If a given client sends a full request with non-zero bytes to ignore,
the bytes to ignore may still be non-zero even though the request is
full, in which case the buffer could be shared with another client who's
request will not be processed because of those bytes to ignore, leading
to a possible hang of the other client request.
To avoid the issue, make sure we have zero bytes to ignore left in the
input request when sharing the input buffer with another client.
CVE-2025-49178
This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
os/io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/os/io.c b/os/io.c
index 0a26c988e..31c85cf34 100644
--- a/os/io.c
+++ b/os/io.c
@@ -442,7 +442,7 @@ ReadRequestFromClient(ClientPtr client)
*/
gotnow -= needed;
- if (!gotnow)
+ if (!gotnow && !oci->ignoreBytes)
AvailableInput = oc;
if (move_header) {
if (client->req_len < bytes_to_int32(sizeof(xBigReq) - sizeof(xReq))) {
--
2.49.0

72
U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch Normal file
View File

@@ -0,0 +1,72 @@
From 244101ac9d4c6963416cfc74f2174d440f1cb4b6 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 28 Apr 2025 11:47:15 +0200
Subject: [PATCH xserver] record: Check for overflow in
RecordSanityCheckRegisterClients()
The RecordSanityCheckRegisterClients() checks for the request length,
but does not check for integer overflow.
A client might send a very large value for either the number of clients
or the number of protocol ranges that will cause an integer overflow in
the request length computation, defeating the check for request length.
To avoid the issue, explicitly check the number of clients against the
limit of clients (which is much lower than an maximum integer value) and
the number of protocol ranges (multiplied by the record length) do not
exceed the maximum integer value.
This way, we ensure that the final computation for the request length
will not overflow the maximum integer limit.
CVE-2025-49179
This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
record/record.c | 8 ++++++++
1 file changed, 8 insertions(+)
Index: xorg-server-21.1.15/record/record.c
===================================================================
--- xorg-server-21.1.15.orig/record/record.c
+++ xorg-server-21.1.15/record/record.c
@@ -36,6 +36,9 @@ and Jim Haggerty of Metheus.
#include <dix-config.h>
#endif
+#include <X11/Xdefs.h>
+#include "os/osdep.h"
+
#include "dixstruct.h"
#include "extnsionst.h"
#include "extinit.h"
@@ -1298,6 +1301,13 @@ RecordSanityCheckRegisterClients(RecordC
int i;
XID recordingClient;
+ /* LIMITCLIENTS is 2048 at max, way less that MAXINT */
+ if (stuff->nClients > LIMITCLIENTS)
+ return BadValue;
+
+ if (stuff->nRanges > (MAXINT - 4 * stuff->nClients) / SIZEOF(xRecordRange))
+ return BadValue;
+
if (((client->req_len << 2) - SIZEOF(xRecordRegisterClientsReq)) !=
4 * stuff->nClients + SIZEOF(xRecordRange) * stuff->nRanges)
return BadLength;
Index: xorg-server-21.1.15/record/Makefile.am
===================================================================
--- xorg-server-21.1.15.orig/record/Makefile.am
+++ xorg-server-21.1.15/record/Makefile.am
@@ -1,6 +1,6 @@
noinst_LTLIBRARIES = librecord.la
-AM_CFLAGS = $(DIX_CFLAGS)
+AM_CFLAGS = $(DIX_CFLAGS) -I..
librecord_la_SOURCES = record.c set.c

37
U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch Normal file
View File

@@ -0,0 +1,37 @@
From ca652633c02ceb054143207d71d24a8123733c27 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Tue, 20 May 2025 15:18:19 +0200
Subject: [PATCH xserver 1/2] randr: Check for overflow in
RRChangeProviderProperty()
A client might send a request causing an integer overflow when computing
the total size to allocate in RRChangeProviderProperty().
To avoid the issue, check that total length in bytes won't exceed the
maximum integer value.
CVE-2025-49180
This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
randr/rrproviderproperty.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: xorg-server-21.1.15/randr/rrproviderproperty.c
===================================================================
--- xorg-server-21.1.15.orig/randr/rrproviderproperty.c
+++ xorg-server-21.1.15/randr/rrproviderproperty.c
@@ -179,7 +179,8 @@ RRChangeProviderProperty(RRProviderPtr p
if (mode == PropModeReplace || len > 0) {
void *new_data = NULL, *old_data = NULL;
-
+ if (total_len > MAXINT / size_in_bytes)
+ return BadValue;
total_size = total_len * size_in_bytes;
new_value.data = (void *) malloc(total_size);
if (!new_value.data && total_size) {

44
U_CVE-2025-49180-xfree86-Check-for-RandR-provider-functions.patch Normal file
View File

@@ -0,0 +1,44 @@
From b6f38b47c3bb31a6e7af4aeae33434ab40a969b3 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 28 Apr 2025 14:59:46 +0200
Subject: [PATCH xserver 2/2] xfree86: Check for RandR provider functions
Changing XRandR provider properties if the driver has set no provider
function such as the modesetting driver will cause a NULL pointer
dereference and a crash of the Xorg server.
Related to CVE-2025-49180
This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
hw/xfree86/modes/xf86RandR12.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: xorg-server-21.1.15/hw/xfree86/modes/xf86RandR12.c
===================================================================
--- xorg-server-21.1.15.orig/hw/xfree86/modes/xf86RandR12.c
+++ xorg-server-21.1.15/hw/xfree86/modes/xf86RandR12.c
@@ -2145,7 +2145,8 @@ xf86RandR14ProviderSetProperty(ScreenPtr
/* If we don't have any property handler, then we don't care what the
* user is setting properties to.
*/
- if (config->provider_funcs->set_property == NULL)
+ if (config->provider_funcs == NULL ||
+ config->provider_funcs->set_property == NULL)
return TRUE;
/*
@@ -2163,7 +2164,8 @@ xf86RandR14ProviderGetProperty(ScreenPtr
ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen);
xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(pScrn);
- if (config->provider_funcs->get_property == NULL)
+ if (config->provider_funcs == NULL ||
+ config->provider_funcs->get_property == NULL)
return TRUE;
/* Should be safe even w/o vtSema */

74
U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
View File

@@ -1,74 +0,0 @@
From c3c2218ab797516e4d63a93a078d77c6ce872d03 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Fri, 5 Apr 2024 15:24:49 +0200
Subject: [PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs()
ProcRenderAddGlyphs() adds the glyph to the glyphset using AddGlyph() and
then frees it using FreeGlyph() to decrease the reference count, after
AddGlyph() has increased it.
AddGlyph() however may chose to reuse an existing glyph if it's already
in the glyphSet, and free the glyph that was given, in which case the
caller function, ProcRenderAddGlyphs() will call FreeGlyph() on an
already freed glyph, as reported by ASan:
READ of size 4 thread T0
#0 in FreeGlyph xserver/render/glyph.c:252
#1 in ProcRenderAddGlyphs xserver/render/render.c:1174
#2 in Dispatch xserver/dix/dispatch.c:546
#3 in dix_main xserver/dix/main.c:271
#4 in main xserver/dix/stubmain.c:34
#5 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#6 in __libc_start_main_impl ../csu/libc-start.c:360
#7 (/usr/bin/Xwayland+0x44fe4)
Address is located 0 bytes inside of 64-byte region
freed by thread T0 here:
#0 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52
#1 in _dixFreeObjectWithPrivates xserver/dix/privates.c:538
#2 in AddGlyph xserver/render/glyph.c:295
#3 in ProcRenderAddGlyphs xserver/render/render.c:1173
#4 in Dispatch xserver/dix/dispatch.c:546
#5 in dix_main xserver/dix/main.c:271
#6 in main xserver/dix/stubmain.c:34
#7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
previously allocated by thread T0 here:
#0 in __interceptor_malloc libsanitizer/asan/asan_malloc_linux.cpp:69
#1 in AllocateGlyph xserver/render/glyph.c:355
#2 in ProcRenderAddGlyphs xserver/render/render.c:1085
#3 in Dispatch xserver/dix/dispatch.c:546
#4 in dix_main xserver/dix/main.c:271
#5 in main xserver/dix/stubmain.c:34
#6 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: heap-use-after-free xserver/render/glyph.c:252 in FreeGlyph
To avoid that, make sure not to free the given glyph in AddGlyph().
v2: Simplify the test using the boolean returned from AddGlyph() (Michel)
v3: Simplify even more by not freeing the glyph in AddGlyph() (Peter)
Fixes: bdca6c3d1 - render: fix refcounting of glyphs during ProcRenderAddGlyphs
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 337d8d48b618d4fc0168a7b978be4c3447650b04)
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1478>
---
render/glyph.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/render/glyph.c b/render/glyph.c
index d5fc5f3c9..f5069d42f 100644
--- a/render/glyph.c
+++ b/render/glyph.c
@@ -291,8 +291,6 @@ AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id)
gr = FindGlyphRef(&globalGlyphs[glyphSet->fdepth], signature,
TRUE, glyph->sha1);
if (gr->glyph && gr->glyph != DeletedGlyph && gr->glyph != glyph) {
- FreeGlyphPicture(glyph);
- dixFreeObjectWithPrivates(glyph, PRIVATE_GLYPH);
glyph = gr->glyph;
}
else if (gr->glyph != glyph) {
--
2.35.3

54
U_xorg-xserver-e89edec497ba.patch
View File

@@ -1,54 +0,0 @@
From e89edec497bac581ca9b614fb00c25365580f045 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
Date: Fri, 19 Jan 2024 13:05:51 +0100
Subject: [PATCH] ephyr: Fix incompatible pointer type build error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix a compilation error on 32 bits architectures with gcc 14:
ephyr_glamor_xv.c: In function ephyr_glamor_xv_init:
ephyr_glamor_xv.c:154:31: error: assignment to SetPortAttributeFuncPtr {aka int (*)(struct _KdScreenInfo *, long unsigned int, int, void *)} from incompatible pointer type int (*)(KdScreenInfo *, Atom, INT32, void *) {aka int (*)(struct _KdScreenInfo *, long unsigned int, long int, void *)} [-Wincompatible-pointer-types]
154 | adaptor->SetPortAttribute = ephyr_glamor_xv_set_port_attribute;
| ^
ephyr_glamor_xv.c:155:31: error: assignment to GetPortAttributeFuncPtr {aka int (*)(struct _KdScreenInfo *, long unsigned int, int *, void *)} from incompatible pointer type int (*)(KdScreenInfo *, Atom, INT32 *, void *) {aka int (*)(struct _KdScreenInfo *, long unsigned int, long int *, void *)} [-Wincompatible-pointer-types]
155 | adaptor->GetPortAttribute = ephyr_glamor_xv_get_port_attribute;
| ^
Build error logs:
https://koji.fedoraproject.org/koji/taskinfo?taskID=111964273
Signed-off-by: José Expósito <jexposit@redhat.com>
---
hw/kdrive/ephyr/ephyr_glamor_xv.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/kdrive/ephyr/ephyr_glamor_xv.c b/hw/kdrive/ephyr/ephyr_glamor_xv.c
index 4dd15cf417..b5eae48c85 100644
--- a/hw/kdrive/ephyr/ephyr_glamor_xv.c
+++ b/hw/kdrive/ephyr/ephyr_glamor_xv.c
@@ -50,16 +50,16 @@ ephyr_glamor_xv_stop_video(KdScreenInfo *screen, void *data, Bool cleanup)
static int
ephyr_glamor_xv_set_port_attribute(KdScreenInfo *screen,
- Atom attribute, INT32 value, void *data)
+ Atom attribute, int value, void *data)
{
- return glamor_xv_set_port_attribute(data, attribute, value);
+ return glamor_xv_set_port_attribute(data, attribute, (INT32)value);
}
static int
ephyr_glamor_xv_get_port_attribute(KdScreenInfo *screen,
- Atom attribute, INT32 *value, void *data)
+ Atom attribute, int *value, void *data)
{
- return glamor_xv_get_port_attribute(data, attribute, value);
+ return glamor_xv_get_port_attribute(data, attribute, (INT32 *)value);
}
static void
--
GitLab

345
n_xserver-optimus-autoconfig-hack.patch
View File

@@ -1,345 +0,0 @@
From 3216e0c618cc330f053ed36a749c8d8cfeb87a2f Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@redhat.com>
Date: Fri, 17 Aug 2012 09:49:24 +1000
Subject: [PATCH] autobind GPUs to the screen, (v5)
this is racy and really not what we want for hotplug going forward,
but until DE support is in GNOME its probably for the best.
v2: fix if config or slave config is NULL
v3: fix multi useful slaves
v4: do not unbound GPUs before attaching them
compatibility fix for 5c7af02b10
-- Michal Srb <msrb@suse.com>
v5: Do not use xf86CrtcConfig, it is not filled by nvidia proprietary driver,
only use randr structures.
Auto configure outputs of additional GPUs on start, just like the outputs
of the main GPU are configured.
-- Michal Srb <msrb@suse.com>
DO NOT UPSTREAM.
Signed-off-by: Dave Airlie <airlied@gmail.com>
---
hw/xfree86/common/xf86Init.c | 12 ++++++++++++
hw/xfree86/common/xf86platformBus.c | 3 +++
hw/xfree86/modes/xf86Crtc.c | 32 ++++++++++++++++++++++++++++++++
3 files changed, 47 insertions(+)
Index: xorg-server-1.20.5/dix/main.c
===================================================================
--- xorg-server-1.20.5.orig/dix/main.c
+++ xorg-server-1.20.5/dix/main.c
@@ -122,6 +122,8 @@ extern void Dispatch(void);
CallbackListPtr RootWindowFinalizeCallback = NULL;
+CallbackListPtr RootWindowInitialized = NULL;
+
int
dix_main(int argc, char *argv[], char *envp[])
{
@@ -246,6 +248,8 @@ dix_main(int argc, char *argv[], char *e
for (i = 0; i < screenInfo.numScreens; i++)
InitRootWindow(screenInfo.screens[i]->root);
+ CallCallbacks(&RootWindowInitialized, NULL);
+
InitCoreDevices();
InitInput(argc, argv);
InitAndStartDevices();
Index: xorg-server-1.20.5/hw/xfree86/common/xf86Init.c
===================================================================
--- xorg-server-1.20.5.orig/hw/xfree86/common/xf86Init.c
+++ xorg-server-1.20.5/hw/xfree86/common/xf86Init.c
@@ -76,6 +76,7 @@
#include "xf86DDC.h"
#include "xf86Xinput.h"
#include "xf86InPriv.h"
+#include "xf86Crtc.h"
#include "picturestr.h"
#include "randrstr.h"
#include "glxvndabi.h"
@@ -294,6 +295,237 @@ AddVTAtoms(CallbackListPtr *pcbl, void *
"Failed to register VT properties\n");
}
+/*
+ * This function activates all outputs of all GPU screens associated with the
+ * given master screen and sets them to their preferred resolution next to
+ * each other left-to-right.
+ */
+static void
+xf86AutoConfigureProviderOutputsForMaster(ScreenPtr pMasterScreen)
+{
+ ScreenPtr pScreen;
+ rrScrPrivPtr pMasterScrPriv, pScrPriv;
+ RROutputPtr pOutput;
+ RRCrtcPtr pCrtc;
+ RRCrtcPtr *pUsedCrtcs;
+ int usedCrtcsCount;
+ int screenWidth, screenHeight, screenWidthMM, screenHeightMM;
+ int i, j, k, l;
+
+ struct OutputConfig {
+ RROutputPtr pOutput;
+ RRCrtcPtr pCrtc;
+
+ int x;
+ int y;
+ } *outputConfigs;
+ int outputConfigsCount = 0, outputConfigsUsed = 0;
+
+ if (!dixPrivateKeyRegistered(rrPrivKey))
+ return;
+
+ pMasterScrPriv = rrGetScrPriv(pMasterScreen);
+ if (!pMasterScrPriv)
+ return;
+
+ // Count the potential maximum of outputs that we will try to auto configure
+ for (i = 0; i < xf86NumGPUScreens; i++) {
+ pScreen = xf86GPUScreens[i]->pScreen;
+ if (pScreen->current_master != pMasterScreen || !pScreen->is_output_slave)
+ continue;
+
+ pScrPriv = rrGetScrPriv(pScreen);
+ if (!pScrPriv)
+ continue;
+
+ outputConfigsCount += pScrPriv->numOutputs;
+ }
+
+ if (outputConfigsCount == 0)
+ return;
+
+ outputConfigs = calloc(outputConfigsCount, sizeof(*outputConfigs));
+
+ screenWidth = 0;
+ screenHeight = 0;
+
+ // Consider the master's own outputs/crtcs that were already configured
+ for (i = 0; i < pMasterScrPriv->numCrtcs; i++) {
+ if (!pMasterScrPriv->crtcs[i]->mode)
+ continue;
+
+ screenWidth = max(screenWidth, pMasterScrPriv->crtcs[i]->x + pMasterScrPriv->crtcs[i]->mode->mode.width);
+ screenHeight = max(screenHeight, pMasterScrPriv->crtcs[i]->y + pMasterScrPriv->crtcs[i]->mode->mode.height);
+ }
+
+ // Now add as many outputs from slave GPUs as we can next to it
+ for (i = 0; i < xf86NumGPUScreens; i++) {
+ pScreen = xf86GPUScreens[i]->pScreen;
+ if (pScreen->current_master != pMasterScreen || !pScreen->is_output_slave)
+ continue;
+
+ pScrPriv = rrGetScrPriv(pScreen);
+ if (!pScrPriv)
+ continue;
+
+ pUsedCrtcs = calloc(pScrPriv->numCrtcs, sizeof(*pUsedCrtcs));
+ if (!pUsedCrtcs)
+ continue;
+
+ usedCrtcsCount = 0;
+
+ for (j = 0; j < pScrPriv->numOutputs; j++) {
+ pOutput = pScrPriv->outputs[j];
+
+ if (pOutput->connection != RR_Connected ||
+ pOutput->nonDesktop ||
+ pOutput->numModes == 0 ||
+ pOutput->numCrtcs == 0)
+ continue;
+
+ if (screenWidth + pOutput->modes[0]->mode.width > pMasterScrPriv->maxWidth ||
+ screenHeight + pOutput->modes[0]->mode.height > pMasterScrPriv->maxHeight)
+ {
+ // It can't fit into the maximal size, skip
+ continue;
+ }
+
+ for (k = 0; k < pOutput->numCrtcs; k++) {
+ pCrtc = pOutput->crtcs[k];
+ for (l = 0; l < usedCrtcsCount; l++) {
+ if (pCrtc == pUsedCrtcs[l]) {
+ pCrtc = NULL;
+ break;
+ }
+ }
+ if (pCrtc) {
+ break;
+ }
+ }
+
+ if (!pCrtc) {
+ // No more free CRTCs to setup this output, skip
+ continue;
+ }
+
+ pUsedCrtcs[usedCrtcsCount] = pCrtc;
+ usedCrtcsCount++;
+
+ assert(outputConfigsUsed < outputConfigsCount);
+ outputConfigs[outputConfigsUsed].pOutput = pOutput;
+ outputConfigs[outputConfigsUsed].pCrtc = pCrtc;
+ outputConfigs[outputConfigsUsed].x = screenWidth;
+ outputConfigs[outputConfigsUsed].y = 0;
+ outputConfigsUsed++;
+
+ screenWidth += pOutput->modes[0]->mode.width;
+ screenHeight += pOutput->modes[0]->mode.height;
+ }
+
+ free(pUsedCrtcs);
+ }
+
+ if (outputConfigsUsed == 0)
+ goto out;
+
+ if (screenWidth < pMasterScrPriv->minWidth)
+ screenWidth = pMasterScrPriv->minWidth;
+ if (screenHeight < pMasterScrPriv->minHeight)
+ screenHeight = pMasterScrPriv->minHeight;
+
+ if (pMasterScrPriv->mmWidth > 0 &&
+ pMasterScrPriv->mmHeight > 0 &&
+ pMasterScrPriv->width > 0 &&
+ pMasterScrPriv->height > 0)
+ {
+ // If the master screen already has some DPI, keep it
+ screenWidthMM = pMasterScrPriv->mmWidth * screenWidth / pMasterScreen->width;
+ screenHeightMM = pMasterScrPriv->mmHeight * screenHeight / pMasterScreen->height;
+ } else {
+ assert(outputConfigsUsed > 0);
+ // Otherwise use DPI of the first output
+ screenWidthMM = outputConfigs[0].pOutput->mmWidth * screenWidth / outputConfigs[0].pOutput->modes[0]->mode.width;
+ screenHeightMM = outputConfigs[0].pOutput->mmHeight * screenHeight / outputConfigs[0].pOutput->modes[0]->mode.height;
+ }
+
+ if (!RRScreenSizeSet(pMasterScreen, screenWidth, screenHeight, screenWidthMM, screenHeightMM))
+ goto out;
+
+ for (i = 0; i < outputConfigsUsed; i++) {
+ RRCrtcSet(
+ outputConfigs[i].pCrtc,
+ outputConfigs[i].pOutput->modes[0],
+ outputConfigs[i].x,
+ outputConfigs[i].y,
+ RR_Rotate_0,
+ 1,
+ &outputConfigs[i].pOutput
+ );
+ }
+
+out:
+ free(outputConfigs);
+}
+
+static void
+xf86AutoConfigProviderOutputs(CallbackListPtr *pcbl, void *data, void *call_data)
+{
+ int i;
+
+ for (i = 0; i < xf86NumScreens; i++) {
+ xf86AutoConfigureProviderOutputsForMaster(xf86Screens[i]->pScreen);
+ }
+}
+
+void
+xf86AutoConfigOutputDevice(ScreenPtr slave, ScreenPtr master)
+{
+ RRProviderPtr master_provider;
+ RRProviderPtr slave_provider;
+ rrScrPrivPtr master_rp;
+ rrScrPrivPtr slave_rp;
+
+ if (!dixPrivateKeyRegistered(rrPrivKey))
+ return;
+
+ master_rp = rrGetScrPriv(master);
+ slave_rp = rrGetScrPriv(slave);
+
+ if (!master_rp || !slave_rp)
+ return;
+
+ master_provider = master_rp->provider;
+ slave_provider = slave_rp->provider;
+
+ if (!master_provider || !slave_provider)
+ return;
+
+ if ((master_provider->capabilities & RR_Capability_SinkOffload) &&
+ (slave_provider->capabilities & RR_Capability_SourceOffload)) {
+ /* source offload */
+ AttachOffloadGPU(master, slave);
+ slave_provider->offload_sink = master_provider;
+ }
+ if ((master_provider->capabilities & RR_Capability_SourceOutput) &&
+ (slave_provider->capabilities & RR_Capability_SinkOutput)) {
+ /* sink offload */
+ AttachOutputGPU(master, slave);
+ slave_provider->output_source = master_provider;
+ }
+}
+
+static void
+xf86AutoConfigOutputDevices(void)
+{
+ int i;
+
+ for (i = 0; i < xf86NumGPUScreens; i++) {
+ xf86AutoConfigOutputDevice(xf86GPUScreens[i]->pScreen, xf86Screens[0]->pScreen);
+ }
+
+ AddCallback(&RootWindowInitialized, xf86AutoConfigProviderOutputs, NULL);
+}
+
static Bool
xf86ScreenInit(ScreenPtr pScreen, int argc, char **argv)
{
@@ -770,6 +996,8 @@ InitOutput(ScreenInfo * pScreenInfo, int
for (i = 0; i < xf86NumGPUScreens; i++)
AttachUnboundGPU(xf86Screens[0]->pScreen, xf86GPUScreens[i]->pScreen);
+ xf86AutoConfigOutputDevices();
+
xf86VGAarbiterWrapFunctions();
if (sigio_blocked)
input_unlock();
Index: xorg-server-1.20.5/hw/xfree86/common/xf86platformBus.c
===================================================================
--- xorg-server-1.20.5.orig/hw/xfree86/common/xf86platformBus.c
+++ xorg-server-1.20.5/hw/xfree86/common/xf86platformBus.c
@@ -594,6 +594,8 @@ xf86platformAddGPUDevices(DriverPtr drvp
return foundScreen;
}
+extern void xf86AutoConfigOutputDevice(ScreenPtr slave, ScreenPtr master);
+
int
xf86platformAddDevice(int index)
{
@@ -665,6 +667,7 @@ xf86platformAddDevice(int index)
}
/* attach unbound to 0 protocol screen */
AttachUnboundGPU(xf86Screens[0]->pScreen, xf86GPUScreens[i]->pScreen);
+ xf86AutoConfigOutputDevice(xf86GPUScreens[i]->pScreen, xf86Screens[0]->pScreen);
RRResourcesChanged(xf86Screens[0]->pScreen);
RRTellChanged(xf86Screens[0]->pScreen);
Index: xorg-server-1.20.5/include/dix.h
===================================================================
--- xorg-server-1.20.5.orig/include/dix.h
+++ xorg-server-1.20.5/include/dix.h
@@ -599,6 +599,8 @@ typedef struct {
extern _X_EXPORT CallbackListPtr RootWindowFinalizeCallback;
+extern _X_EXPORT CallbackListPtr RootWindowInitialized;
+
extern int
XItoCoreType(int xi_type);
extern Bool

3
xorg-server-21.1.12.tar.xz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1e016e2be1b5ccdd65eac3ea08e54bd13ce8f4f6c3fb32ad6fdac4e71729a90f
size 4957972

BIN
xorg-server-21.1.12.tar.xz.sig
View File

Binary file not shown.

BIN
xorg-server-21.1.15.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
xorg-server-21.1.15.tar.xz.sig Normal file
View File

Binary file not shown.

138
xorg-x11-server.changes
View File

@@ -1,3 +1,141 @@
-------------------------------------------------------------------
Sun Jun 22 13:00:41 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch
* additional fix for CVE-2025-49176
-------------------------------------------------------------------
Thu Jun 5 15:18:04 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch
* Out-of-bounds access in X Rendering extension (Animated cursors)
(CVE-2025-49175, bsc#1244082)
- U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch
* Integer overflow in Big Requests Extension
(CVE-2025-49176, bsc#1244084)
- U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch
* Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode)
(CVE-2025-49177, bsc#1244085)
- U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch
* Unprocessed client request via bytes to ignore
(CVE-2025-49178, bsc#1244087)
- U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch
* Integer overflow in X Record extension
(CVE-2025-49179, bsc#1244089)
- U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch
U_CVE-2025-49180-xfree86-Check-for-RandR-provider-functions.patch
* Integer overflow in RandR extension (RRChangeProviderProperty)
(CVE-2025-49180, bsc#1244090)
-------------------------------------------------------------------
Tue Mar 18 18:36:12 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- U_CVE-2022-49737-dix-Hold-input-lock-for-AttachDevice.patch
* Xorg may crash when client applications use easystroke for
mouse gestures (CVE-2022-49737, bsc#1239750)
-------------------------------------------------------------------
Tue Feb 25 17:58:08 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch
U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
* Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
* Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
* Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
* Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
* Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
* Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
* Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)
-------------------------------------------------------------------
Sat Jan 4 18:58:07 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- get rid of %dnl usage (fails on SP7 due to unkonwn macro); also
after latest change I now got an autodecline that patches in
sources are not mentioned in specfile; just use '#patch ...'
now for not applying a patch ...
-------------------------------------------------------------------
Sat Jan 4 18:37:29 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- properly comment out also "PatchXX:" lines; since
'osc service runall source_validator' failed with latest change
-------------------------------------------------------------------
Mon Dec 23 17:02:18 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Properly comment out %patch lines: '#' still expands the macro, which
makes build fail with rpm 4.20. Use %dnl instead.
-------------------------------------------------------------------
Wed Dec 18 10:32:34 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- Update to relesae 21.1.15
* dix-config.h: add HAVE_SOCKLEN_T definition
* config: add a quirk for Apple Silicon appledrm
* os: Fix assignment with incompatible pointer type
* os: Fix siHostnameAddrMatch in the case where h_addr isn't defined
* hw/xfree86: Fix -Wmissing-prototypes warnings
* hw/xfree86: Fix -Wincompatible-pointer-types sbus compile failure
-------------------------------------------------------------------
Sun Dec 8 19:01:08 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- re-added and re-enabled u_xfree86-activate-GPU-screens-on-autobind.patch
in order to fix the regression of a black screen in login screen
(SDDM) on some hybrid graphics Laptop (Intel Meteor Lake-P/
NVIDIA GeForce RTX 4060) (boo#1234301)
-------------------------------------------------------------------
Wed Dec 4 12:41:37 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- no longer apply and remove
u_xfree86-activate-GPU-screens-on-autobind.patch since it's
no longer needed and might be harmful even ... (tested
successfully on Thinkpad P16 with Intel/NVIDIA hybrid graphics)
- remove no longer applied and no longer needed patch
n_xserver-optimus-autoconfig-hack.patch (feature implemented
upstream)
-------------------------------------------------------------------
Tue Oct 29 19:08:32 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- 21.1.14 covers also
* CVE-2024-31080 (bsc#1222309)
* CVE-2024-31081 (bsc#1222310)
* CVE-2024-31082 (bsc#1222311)
* CVE-2024-31083 (bsc#1222312)
-------------------------------------------------------------------
Tue Oct 29 19:00:06 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- Security update 21.1.14
This release addresses the following security issue
* CVE-2024-9632: Heap-based buffer overflow privilege escalation
in _XkbSetCompatMap (bsc#1231565)
- supersedes U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
- supersedes U_xorg-xserver-e89edec497ba.patch
-------------------------------------------------------------------
Tue Sep 24 11:20:23 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- added conflicts to patterns-wsl-tmpfiles to Xserver packages
as this patterns package creates a symlink from /tmp/.X11-unix to
/mnt/wslg/.X11-unix and therefore prevents Xservers from creating
this needed directory (bsc#1230755)
-------------------------------------------------------------------
Thu Jul 25 16:04:30 UTC 2024 - Martin Jambor <mjambor@suse.com>

757
xorg-x11-server.keyring
View File

@@ -241,3 +241,760 @@ U/c6Oz90A8HFOMXMG2ffDmtD7hQZIrVCLdhg7hXaq7eXl4MlZGjgKOOZHLTpOrHR
bBqT9FJdOjVocUZKA7KD1+5AQvEh5elDZGKIcyWtgIoiUd1SjKXR
=h52C
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 3BB6 39E5 6F86 1FA2 E865 0569 0FDD 682D 974C A72A
Comment: Matt Turner <mattst88@freedesktop.org>
Comment: Matt Turner <mattst88@gentoo.org>
Comment: Matt Turner <mattst88@gmail.com>
Comment: Matt Turner <msturner@google.com>
xsFNBE6HVy4BEADACp0EU6HZ4KyFx/qfhzNarCfnlyEoCFY08k516UaHrUOrYWPp
ukoahcceA/M3H/xM0CGIn6uiuG/Cq7+qODAZNBsr6haIbDaqSUt+953b5qCSbD65
LBR8TXvW+9KkXPhXTKi/osYBdmsbFLeVLqU5Kd4QJqWKRLtuo0ENbFkQPVypEJk8
Ozg2zZ2yeSQAy0pgeFh8lezI7A23yj229kFq0EEfeqHpgifIzR2hNIhS5pTSOt8V
RDapO3FpOmxPPUMsaJ1KATD92+SgbZW8evW7ffz4QUiQiFsfTSOTCaTFu8qpu6Fb
a9u/u6mTrJQGRdqDcFp3iWjEUOVr0gUdLSr3zey152PBRaC26/eLqH8PFgCerBkn
o9vso0Vr+Kh63OOQeDHATZGy7tMHbWW5AEXVkTpNoSRYr48pd6u9Z1TfWVcovNAZ
tWiFVKKxniTa4MZY2czOSyh2YahCbEt3P0DoNihy3YHhTvW1k0Os2x5yCsfpGzp3
U8x1apfQqAyRNIa9SptLpQ7xF+lv52D9kp3XdkWXw1BFY+nmm/FqoC4tKU8AmbuB
n3SX/sYjq3Z6aLoBOmZ849G0Zp1xEYHCbfWBxvqhIc6dlPc3Y9uYV01+FlTzX9Mh
THa8p6oABrXbWRJpkOvaVbdDhXON+02Jlvawy3T3rwVkuEfEZu8akv7miwARAQAB
zSZNYXR0IFR1cm5lciA8bWF0dHN0ODhAZnJlZWRlc2t0b3Aub3JnPsLBlgQTAQgA
QAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAFiEEO7Y55W+GH6LoZQVpD91o
LZdMpyoFAmdcubkFCRywhGYACgkQD91oLZdMpyohYxAAv97y7x9DbkYmy2zZ9JV6
eUgGbBI9P1Q1RTI8eQLdl1qk4eyuFdNnpmlguqky6rAHYyibyYpo/07rOrHpZkMw
xlK88buBl+spKe4TSAwGvMZRR2FQLD6pTxxFtFevB8/MH/VEnaEEcFSgN50Spiiu
1DNeov0tOl9KiIfj6AasqjJzpxeWHm7hM7RDGvksIjmm6IC3q3eKkfL57zSW3CTN
883Ge5lc8/t9bYslF3vnfyIkfpyQL8BIkCYxSDUt0qBxIOFnIqmwzc9Cslk/0uw+
JOzlQ4rdy/JIPqZioFVWYUOf1On6bONiWZ3bZoGHvq+TsZAVzTT6XD64ITyk9rOi
7NlzyDgskKyYTw9JggEVvHLNJhUxGlavLGUC5/HqcWdjTJQWCzSyaEH6rV0BN4q+
jeTTVr76+Rp0M29BQFBHX7XE5LfaBz5PrEZtQiIsYGXaN5pnjVBFqF3sV4qEtOMn
0LH/qUQoyyO4sydJ6EYxztF6yz/LgwCsRfcUTU6e9zjfP5zp1H82hBkOF5qStRsW
/9Nnkvw4mAXIjv9jr/VcR6XQOrQx0c7ZmwbhYR4/bznycn/8ssKu++1LGBC4wJ6J
8Sl5J+Keb9B9eQNKxQeSyvDbBH5moqfzVw27XKO1RpctQjLIon61xjRBwiG689uP
oDTUdRRS346L78p7oJ6M4rbCwZYEEwEIAEACGwMHCwkIBwMCAQYVCAIJCgsEFgID
AQIeAQIXgBYhBDu2OeVvhh+i6GUFaQ/daC2XTKcqBQJjoL47BQkY7h1kAAoJEA/d
aC2XTKcqHMYP/165rTweY5SKIxEgeG7TL0teZDl9cSFuquR/4fzdTI3z9BO5svxk
GDiGImRTv0Igp1EH2ErSinaPF1YcA3DZLWgfa4mFJHBW912u4fZREosUgwZqFokC
ujwnwEp2cBUO9VRz8cDm0mgz8s9n23NzqumvNfNFOpYHTLzPQCVl8Hau4BkMM3y9
y+zS/5niNR6eop/Sve7aBF4jQth4jYId4IYg31XPh61sFPJzuq74jSUmvYn2noFT
jVd/jF/QeYAaFgS9bEZiUymkaSZlQt73CRSyaGpcfbNME9tf1vthW/xFg5DUHgvQ
lnzcu7dUsQ6HNtZIKFYlRu6ouYT/oBi13bLeffHuEpCuWb9A6CY6s45n0JKHHuJf
maJruF8DaLjudXBI4tRSuGFnfnf6FJVWl7PLB+h9gikzWgnY6+8pTqXPW1KaFTpd
ZLsM+tSs9+E8QjkFp63r3gS5fPg7cQAjIFXEKfSRjPaBx69ejpx5XoqcIUqlakQb
TJg0WsKLUNQwsvQ4kHdOpK7nVki1Xjgsc7W4x+6cTmdB05pfQjTH5y2EKX67XYQ/
QBQjtE1FvtJvwpOWCpYMtYUuLhjgkK7xhxCZ634qqQYLH1lh0zK3rfe91LAHEha5
4EzaHEZcau+OnGkSnDtdAz4rQl06aJRchOw+q6o3T+Qfw9AZ1kUR8pjFwsGWBBMB
CABAAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AWIQQ7tjnlb4YfouhlBWkP
3Wgtl0ynKgUCYAS3BQUJFSl12wAKCRAP3Wgtl0ynKrV6D/9HFFisHoHoKGzdhHID
Jpto5pRYFLRPQg3FuxiJgXmNnP9wUa59ELMNtk16HZEgQedqcoolM3GA16NjCA2r
tu6mvhqoZs7l6zdSSBSR4Y3RpI7NqkfavEoOv4NNGanUmlEkB2u+7fsDBYUNtYkh
17Huppye0vENtrmDc6XDULCoQ1qwUH6gTHhsZagV+MjyxL8iW3aH+aTWeQFug7oV
XVGviSiWbkUXB0N4dXX0UYZiiTTOBkX2WrQJZBrMP93HFhe3GzHFHQlXEZYu8ZEu
t2i+9NgTqfbWlmfKP1t2E5Q90ouMeqh/wtcVm/Cv9G3tuP2P8urOsLBMM+DjR0nI
z9mS7261Jf8QV3AMT9uA8a1VZkSe5bKNfDZkJ5HTNhUu+uK/aDY1WfTOLZeURGkd
EtOsnI88pCZq1NxhBRuUg662LDGVifsNBMAXPOypD4Y6a9UolOaGxkXduPqA4deW
vWZ8k0jKLQQVoVTU1OmeRcpMzKbSFWLpf2+KJUslUnWy+GVnZ29hcduwcXqNme8t
S85bjTJJcvKbMoU78v5JlimN5CxuowHHtAgE+2SFaCyDU/zxoNgtnttT0Fm/Vy2m
qf06yA1Ee8wH7TVeg10NHBY5f8qlSx3QnEt20mLejiMgr8xwc2c7yq7/mj3Pt9TB
344+q9wLmfLeX8uGpRGrLnYTYMLBlgQTAQgAQAIbAwcLCQgHAwIBBhUIAgkKCwQW
AgMBAh4BAheAFiEEO7Y55W+GH6LoZQVpD91oLZdMpyoFAlxGxOsFCRGRBpQACgkQ
D91oLZdMpypp8g//aHrJ1Ck+LqF+3GzEwYszctUQ/SsxlBPrlWUFxy/5hWo5QLLB
NAUUcTZgTm7O9YJyRgk6MHviqXHgz+HLTuXmq4rmwpUkbrThgZjMXcMHDfwVVjdo
TfhDCueUVLetkb4iJ8EKdkvxfo4Izk+AsYL5uGaMIi4M8vvKv1hvUp75u0oYt6Cw
endP11b9AVcq861qN9FL4rhIQ5qnqI1X85JYuxNPBO+x7BH7B12FJknubHBd5KN4
yhQa1APUi2cpZTn+EkL57oJxvEAxfvLKDlmv9RfjDeK5y7MqfQpOxqBoht4RbWHN
PQbNS0e8kT/Buf9Nxp5D6w4U8S9HPM+R8gzof471Ae5QI2wTJZ5d4vJTexFGILR5
XsfF7s8tWQ2zCC3xxSQD0CBrrTSn7k5aq6P+dPjUblm6TALfS4z8kElArDOr9IAQ
S2+TI/TPH5r9+B91N1EYzYt6nOx8O71z6gXjqBNwlCkrpIV14zsrJslKJIXkaVtv
2mvrrAdzU0n+ZNW2ELtIwOnbSB+jzr5zvbnzyfCjC9REzKf5QXqnCrCvtdw4p3vS
EFsuw8PNRYrV2hYYttjG7lDrMBIh5VogiPFsH+hQlfoeMUxPgxCLt1Io94bw73nM
it59m+auEZrWxcNQnTGFBIK0HDxUF2e+1z6e3WY+r8QeaV3jnqRxvohAKQzCwZYE
EwECACkCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCWJFhUgUJDcxxJAAh
CRAP3Wgtl0ynKhYhBDu2OeVvhh+i6GUFaQ/daC2XTKcql5cP/RPOMGcKphCKN7Zk
cFHXkGlzDhP2sig6c4YgcFqUgDLGT2I+g7rXS0gtjf/1seBw8N2b0vl+pS5Em6Gr
kkt2tTHW91wXYVMiSDv2KreO2ZTHd6GJOBgRsvSLUfAvSr/ThfzxxamZyuRXWBLZ
PUAe3Y+HUcsNn9NRAiF3ChOj9ilZ+K1MP6YUSCAhplo1oc8klSiEGHslBG1UX4l/
jnh2k9xHjrgjknvvftgjsn/jmHPJXk+34KtYzQWX7E0yV04PmSIq+GL00JYXrPeb
ypLY2mv63z0oHwOSZmA15uEqOwL91PNvlP85KkJlM4lAbP8URgoCIcJ2iDjNcPiZ
z3j79ygaqVwqCPSUuAL1m4jcpYDRqt0HB8rR2KsTdWTKcA+EvMMN8ZUNERVt+9v/
4LdXNnZoet0MN5inmG/ifR/672SCrQeyLSDlQ52f99tPSluQjHE2yjtA1fwLJkjR
mWw9cGwYj0SVtwXaVi/uNokYA1gf/oI6ZZSV8+R970N81yFV2TW16QlisyageQCE
KK7LUTVjJB+cTAiFmEtBf8pKF0oj17mcE+7B4U6OWXcXpv9SO3Hr4YHiYTq2eT7+
JXnOBZlJxE6FZwx84HxpxzbRgt8uBjXPxf+KUeAlUBIt1rSLur/bBQpYmxP0RjTF
ckYEfqfF14mYxxVYb1QVneX5i1R0wsGWBBMBAgApAhsDBwsJCAcDAgEGFQgCCQoL
BBYCAwECHgECF4AFAlQAms0FCQsc3hsAIQkQD91oLZdMpyoWIQQ7tjnlb4Yfouhl
BWkP3Wgtl0ynKlHfEACYdpejFV9mH2AYcTkD7mmKVs+UBS47V38bozQWFyufEuFK
NzylBosc1ektIGSZalfM/QgIB5PSlcITbEXcK2+pRIyePEqd9zYC3b4fBgW4I08e
zA3yfiufLG39vYISXFBdv7zy5/e0PYhVbqKKqvEla0PGzr21riJeXkYGZnjwKdq4
TM3aLiz3WOGYzAnNUwIc5Ql4IoQGuYzqiEjHJ5QEellsV6sQ+2/rSlXcbz7/AEA3
RbZugei32HH4rjoM0XIQ01gYbWua0+zi3f0Zvkmq6aa2PS25izuBq/aknFtZVwMq
izLOaoFIK5VLsa1ZKn0Ul9WsSMXlo/k+EVmyuZSAvTG5oQPIQse2TC5fp+8Vt/cc
Z0bIpaKGz0Ok4ouua6671WfSMX1LPAz+BtUzWkHrzMfuvmjBX5eTjSnZrdJGNEBg
Y9oRDsE14u21u7B2/GZzIyHY6JlT4Ik3d4KWF2Bo5pcXk/ne1k+NYQ0+6dbp7BPS
R8xLTflqak7HzccS6HwsryuGtYAuxItvWIw0ByEOrS6CkOmSXYabZ2hdDORTzmH8
GHJboFWNFEonSwW11J6zqtnatsWFjx8cI8GUn9RZ/szfNHMgIb/EZqXEM2KCRvE4
ctA3+/f+G5T/yM3durOMtwqVSzskC/0+Ih3/1lS0ZLVAbW8SM1gSSJwJ6wyys8LB
lgQTAQIAKQUCUt2CnQIbAwUJBaOagAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA
ACEJEA/daC2XTKcqFiEEO7Y55W+GH6LoZQVpD91oLZdMpyqnCBAAlTeTz10VKQBr
y+Jb4vWqoS3kZ9qw7DsJlwyvJIwtwEJaFtgpF+YVCNvMsuQoFxEwW0gDAqPoKXcL
FidzOcpt9XJ+M+oiIuj34LCBwdA/CYIH4jNG3dO9hxRDPhe3KrWX7cRtiAIwkTgS
c4LMCRcDDxRzCESOecEQr+txdrMcOg9daWQdMaaG9snJjYJmgXkttWwKUZM1EgAH
cSWn5eMPd0+qq0jNIoVkbheajpq0oZk0S/q6gPpageBdw59OyVlvDJPIKfoLv2e6
nhDwMRC54R+BqzbiP+1r2lU8ALOdhcZou6x4S1giQ+97igt4aU9uCp4eMCx2Kk6R
/pfkeX8QYMJkpSdLEOKlPhxd1T7UKeYNmxM0IsKebh1oJQI9aVGfuBbIcJyCd8IU
1eEOgg8a+6C13B/hTHHjEsKtoB1YGKyaOKCUF3UswmhcoWH1T2Yu5QZGnZ2q7qj1
HeogqPFLl7/8rYOo6Cz/2npgpQviomNdiEKcEvgyzJFwHYqdKBqIRQKSNb3bz5ax
tJ9cI4tf/0xH3fsm27aKTPQs4rkAd5WqCKXFkh8RxRYSj3zUZgc5XBTJsrpeX1Em
niKGFy6sR3zR3fO9M2Ya7veQ0DTRYEQuXHjy5gMMGoq9bXEECj8BGN+VYfYmRT05
IhnxunupA/j5mxPHuG/FWFEICnJYNnTNIU1hdHQgVHVybmVyIDxtYXR0c3Q4OEBn
ZW50b28ub3JnPsLBlQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AW
IQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUCZ1y5uQUJHLCEZgAKCRAP3Wgtl0ynKh1t
D/9UR1l2UM4jgmmuqXdsuBB/+MIT36ihH2JOEXJQe3JHktiDwyk5gftQU6tRh4is
af6bAfp0hK6FXu35ufyUw07JzWSmSLKjoe3gHsSZTyP0/Xsd8FrIbT/ngMDXm94E
HjkSRbIMWpcTZtLOJoDtN5NOpZHkxi+PGqNUqDyXWgfEV/XnV7i9se5MPQu+yD3t
TWIxBR7HFEpc9kxFnaqvhu7WlpUJ/fTWQhA53Wj9ObzzVOXTXMMevMbWnNOWYFx4
GXYWu7+KDaFsSow2qPItQtFRVAgJoiFnm0cwIBFKCbBpN5/tdcd1nu2h/5G3wxtO
rHb5vQHRjuaW1bjmrMUCcUydWiC5Kq8EzdqtAy2NQP7MyCw02oCg0HgSrJapXuYc
wtLHoima4DIu+3CRNtixqBh82C5GVw0Ad+MQWTC7332OyvfQdCnFibvBvw9BtG/D
5Y83qJZdS+CHzr+jIqbjA1HyuZD+a2ncNSi4kc00vNrFdHubChMrsHJAm5z3tov6
TZ6BAtlUd/ywmnOt9E+kgJTVCfDOorfPcsAAhv+mq83BPQxQgibBQroYwYTG6zHW
TFISspeJX68462WALXPnPqi4eNhstf4VmJqTVVJvMG5Y82/dY7FAJLLDW4xsIilv
QF/fz3N0wpEUXtsL7cHyuKQLzHtYqvIZgHlSXOJ8jc7c2cLBlQQTAQgAPwIbAwYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUC
Y6C+OwUJGO4dZAAKCRAP3Wgtl0ynKqtfEACFdacYYjOmCTgLvumgSo6ZQOmA0kii
V2vPUP62u5CuO0DByEpnjtqJUKf21gML+UHNz6v/bCVbkigcoXWbOV+7zgZCmhr3
V2USJ5bmenbQCc7XcELU27V4J/E3uxNPgCyVuMfAL6M/1tDFFQ2Ha3bwOfB+2rBH
zLuTrSqy8WaYR/C5kxZCme6hziW6U68pbNTVJ0dnECjJQe7Pu6Uc6Ljty1s4He0x
2SVaJ0pHiCT+VjCq0N5ezji8muXeXnp0u7to/F8mu7/uXVRtcAL1Hew/vMVr3Uog
vUBwnZJTry0VD5vT/bdammzNy1m16f8ZjY5E2GGzCraPnluJ7VWrh+XFtmfvoLIh
qlcz6Wu8NaCLvr24F12bMYuTtDoDzTfALvPwULQ9g8yOq5aAqc4pNG9IojNcWiw5
0+IKZZLu2pqCyXFf7xigyw0LrwLLcWYNZn0G1g2OHTI8ju6JHFvnsqpOnqBoZjTt
f7UG1htzaeXbaGOTVp1PYBulaCau5lXfE1CIMngmalfdPFoz9DZMp4BtLRH84PQE
Ae90qDQxyTGQzASrrQzl+SKIBG1jmPNg2FcequKYyKaBJoVQY+9UnAWAeB9I4eVr
JLNvpjWk8QERwlDnFQ1C9DU8mAXXUX9je+hvfOL4EUGktw1vuP6U0FeQBbH+l2Hc
r9jVC6lWg/C968LBlQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AW
IQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUCYAS3BQUJFSl12wAKCRAP3Wgtl0ynKnYh
EACk+1hgwdn+HayOB0nEEmWyOGFnEqknwc/nRxJ96Kdc+oWyzcoZZj9vzqGdmyS/
5irhYQOd/vmRGfKqjD72XSfJnHaKmwdrJ2o9jgYzA2D99naayr4NGMymo51iiXUf
YkdBWuCcEXJSNVRDaDYBorew12y3UU7fxZj3Bvrqz5lhrntg0SqCktbya5qmNOja
vVtx8/tcqhh1K9W98mU4st2h5RG8RqXGHFC9wJbXHtN1Ky1TvNtDbQyrD4D1M1KU
giOy0gBZMRipLdhriNjAyADTHH8C4l+l/T2UtT2iZL1SYR+tCfTfDqPPlwVzPS3S
9+LSx7x5Yn+Ivqh/mY4NuWdo9Y7PBW7PWD7U9Y5QW0FFYJw0DbkpmRzJ1FPaY7id
sC9xx9oFCj8MQ5uMnW9tIW2SlbtdJ1g5TtPekMdMpe1MglbG0iBmKWVwu4pK00fo
5VgTCtWk0nTdMGFhAw42ydoOo6sl+s+novvDEUAA03gm7SQILy6xfBOFzokGWfPp
cEKcPG56K73jxOoQTF1SSoFssWCZYKYWgfnXxFI/+GDSto60pq2RURih1KKG8voC
d4IcBnJ2nHp8KyZudfIqpH/rtPklb3sqLpevVA6PcOx1DzR0uzW0hvFxKdCIFXvn
kPj7ZQWAD7bO+Nze3WT3KyE0NoZlM9OfcNe2qHYFKuQTL8LBlQQTAQgAPwIbAwYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUC
XEbE6wUJEZEGlAAKCRAP3Wgtl0ynKmsmEACAHaO9eYG71wERXVyD6y7D92654ky2
dAFeYP8rC75nE7qxkgEVG2wQ40XkVScDqtPxUWxJSGbkfsEkhlGx/3+FL8is8AzB
1h8ckTgFgyNYcTzfwCHdgleGHI6bXBz4t6HQ2LhvDWaNZzXnBoUl5CWHyy3tQ+cs
o+05omtvLl3wyYRPYAyhvfZVepT4UwFfR6/N4PkCOVuJdFLZ3M6Nmoh/J4rOUT+0
eqo2qqHdt8eLPTCVGal5flPBr/1xlLUKxzNKxs94LCEUS6r2TdBdjAkEJNuNVJLM
L+3yB7MhM5p+gq7kko0mfGNbGzf2yYG3f5U8m4DuH2lI3QaxUw4ZwZxTYqZQL8mt
uOzHxc2SjqueY3RNzC80yX3p3Xct0s2lzpmvDwPwVF2Bmtw9cYPpmYwftDJBD+Cy
wvdbNHatl5lhNAcUjAokopcG47K61lfkLKvcihJQT5xe7/yWjS/gFosw4QP1yBUQ
U3GwUQgGsjxNgjZmOv4Tt1LaBuVvLxqGdCWDAmn1dlNdxDX/bqraupkFoVD5x85D
E7pTEGyGu87AuIKA/OguWNz1EK9sD3g/iW2DNc8s3hZ4O+KBQwVp48DJlGAtsSgd
NmpgaQTFTB8q5ho3tTg6y2dE5dyTaWbbcSzrraMkrca3+VE/2t5O1GuZvMXoZF0K
shXHK0bU+EY9PcLBlQQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AF
AliRYVIFCQ3McSQAIQkQD91oLZdMpyoWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKt7v
D/4wL2Al4uTOSosCRD+zuCi5GbHHs/NjNQlDd7DPslre48yysJ4CAMSWj84N87bx
51gocgIeyjt3M0W6Q+RRhQqqnTafXI7kGLnqaOyyiGHgy5tPJGHrUNYTgl113www
G9u0QwSdztC3LzU8VXokRGAutvjv78fSf/w8ZNxa/Ldpk8Fsd1EKktSlRqkYa8oG
wFtMVZ+Ha2GeezC1Cb0eQ4JG8FEdYIKDnIW/vHQhz7Cxj6rzYy/hFdKOHQrWDIWT
SthBxFqR+lnAgkclrJwa3znJljKtzeoksA6pbiGcVmubeSl34G08N9IzXmfwEG0G
X9+nGWlVFVt5PuwyJge3PCWzRa7/4AYPMZSsAhhEmTny2FaPAyiiUjp7hLUcZPL4
TQxMPL57BNDWp64q/w14TnxKir8ZOFdxcxq+54r02LrW+cwSIKdCeJ9MSBmF8saX
P4JqGiHjN6CCHQ0Lm7l+usOMxsaqM4+2FKEqUwdRrdo4ry35T3Ei1/enBIFJFuMT
bqyi5sERDMns6KWLz40pQnrj/Yj7+Brts5WEtGl+WdVjcvPzpv/tWbdyOV+iR4kL
ejszdlWz9e5rk3tmWchkVuv8amyPyIYHTEkN42XpAvwGXuEca3NOIbQmJ/S039Gd
cf1l+LbwwKd3DnC2GClSaQ2JEo00Ii4om7bu+fComGtVhcLBlQQTAQIAKAIbAwYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlQAms0FCQsc3hsAIQkQD91oLZdMpyoW
IQQ7tjnlb4YfouhlBWkP3Wgtl0ynKqHZD/42PTJ6TezNtrAkxU/ZFDpVLjTih94/
A8eimGu6PB7dxNYCSoSz4J+MKVWW+T3ooaQ9O9pc45TwXtyxGf9tdBbscqtVp78W
oACklT3lL2FXmgdzep4mKOs+FwEH09ZrfiTsxHEUXVGpb1//mNZqhlyiONjyz07X
JTzfG6vv9oFvylJUJiNM9gSbgPOtc6tgP+NIfEKltBVKW6aFYvg5Xsq0+YyXqwy8
MB1j73J8hzerzYOXI6z791VyxBPJNI9kBlMnD3/eR5RLU9xs/j6oQMIOUSxv43TN
7YArjW6mTmFLnojX2kIuApzsXTJqSGZ9zRLd1epZ8hnJW2Iti7VaZ5EbH9cQkuTp
d4ceS9DKDidAwtD+OB+9jbSS3Kvp7nFS6XxZzTt7xs8PhvjmEw/dWMHA2edpfVWW
7Et6ZRmNKFdv4+3PkH0x9aINY5Rl6ksThCZF+VzjSp9Lp2Ph9SncWt7GnIAT6VY0
D6XCqBRc6kcxTylyw2v/Ve13OETvukCFLW87WPl0qFyHmkskW1iBmaLnRJ82bqZm
zbT3rok8qZgbSJKtuUwUQzRvqStQU/1Jghv4FqVtVd3M2RPxjviJocx/1lTmsgYy
PMKYxAX+fnygKOicYPQMQr2dN6Dyk+4vtOip1jdTLTAr0johhQ4m8z3XG8AGiLcj
AkoX4kveM0IKYcLBlQQTAQIAKAUCTodYtgIbAwUJBaOagAYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AAIQkQD91oLZdMpyoWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKvl+
D/40zsVNd/MiB47EZO9yEIdBII//9tE3Y6NZ55WY1vPnaZNwy/UFPxxbt1FrS6ig
qQon7FzEqaSwNwCx2yyAF3hdLZkPM4LJQe7uva7kzbb9fQRHgJ2zW8ajNi/EPt2z
EALY9GIlP8Ys+K9X7NsNtDlJ5r9OzYC5KmqgKaoJQlnFJwUIEuRiNkV/Bib3FWgu
bHAanvoovjeJr5YVf9uPINYBnydtIcXWz9y+BpUqaIgreJws5ZNBsfLjBozjZlwM
kF2x7DWTKBUl6UyQh4GZG3tq/mxgOYWTFhSLWJ1W7yD0Bv09n0N9ZUJOBxEvJNwv
RrslJw3C+hXDL+VrQfzzjnlIE/wiSpNWTjBN5Hqtd7uubPQu3y/PANAOOXfkAvbB
webeCnYA4FyLvTwoN5yOTEKwcg3CTPrT3rl6IQXfIkxOlHkuoMJJgo5k/GXWtD74
o02YBRoJ6DnjdofCSUmCIrdXc/ep/z6SSwtOv3A/2B2uAPVxW3xGnMjSCBuSAWZw
KY2bo54jIzO3H5uxshKW3MdT27RO3sRtAA5Y2Rxjm3TgTiU2UoSQcIL+EONbLDl2
iZR4o4AXI0RnOJWTviysMtYNQ9228Hd0SuPEzEwX5ogn34aOpiw8D4a4/O/5ZNhQ
FXx+2xXM0YW5vCPQzgUn7/M0cP6HxvWyZa71Zar/WYzRuc0gTWF0dCBUdXJuZXIg
PG1hdHRzdDg4QGdtYWlsLmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW
AgMBAh4BAheAAhkBFiEEO7Y55W+GH6LoZQVpD91oLZdMpyoFAmdcubkFCRywhGYA
CgkQD91oLZdMpyrkiBAAqLZIJCLIq8ZYwAivxqXwJqO1b62n32+0NmU8Qt8AuS8P
h/RtlCAMKJkJXm6a/A1UfB5w5o+ntVt2AI/1CaEz5JuyAA1JNLtM/HIbNx4khEhD
2GcBwJqXgsbuEOF3jh16CCsOmQg54akcqN3HVFXgp7avJHPPdtRILiwZgIUJqiJ3
AQnBBz05W4jZybq3epVO3nNNC0eQuZYmWftqekvPPd/znIJCViM8LR7NQlb0rdmB
c35KFsfVBp2UlH0pgfl64EN3B3j6UgxEQ4HQtsl7WB6ECqbmLpm6EFKmxQqJbjgh
KoBZMdRkOGy+uB4qPAPQRhf/Xi2eFHC1AOfaXrMM0iQLUeLFy8NzlAb47A6ew2bn
rB70MoKJMlPhoMqM8DMHSsTmmd8uhsVlN2Ps/qVES4Rwyi/3JXercsu+pG4GwBAu
cdDkMp3jlnu5BytRD/mYnKtWuHJzKdQpV8ZPX1YCSGTWWn39j6dOt3bNy9cLPEkn
FB6ORdUjicBDvPl3qUGjgQ0nO1BDPZculTfGSUIoc/AjpI5PdFW7ulVPEsU8KDnw
owL+ujXAgauq8Xqel8OWqiFuMMOoXGL/J99ORJdHUGKIvKEqnVjR+uupTbCtENb7
UGG/ZeKkeHZSS8UdWqxQ2gRzLesJwbDhPcA/kaqH9R7kg4j0boxHWlSZVzCq8qDC
wZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAhkBFiEEO7Y55W+G
H6LoZQVpD91oLZdMpyoFAmOgvjcFCRjuHWQACgkQD91oLZdMpyoiQA/+Lq8OPao/
EOPpCGkeSGWWU+byuU8qINc1rAFtYAFYMXNXrgLx9DA6iKeHEi8EAua5c1aGdS/Q
3i1zBAaSvETmDOn50wKJdOgBrpiMUmV83Chum7Yf9YziMkVtfW9XhMxMbY50xOvQ
WjfpxggqDlJRyQSfTAICYQOOdqdSGeXGQ4OFOLjTL2NjvlHFSI9/3ejBg6TJuilk
LYzkk+DgGFqkuNtZGHY8lxBoiQmCbQvWL77M/zL+Fq7tQUucSWdVTVcMbnifl8vt
w35JjH7AAo0dcLQF5D7G4pU70JdHZQTlYqsWBaIm1r3MzaFWLJFvHI8g3NuHWjzr
vs28R6t8c37qZRbPlZbH+J3uC5Ki/mv8u/ZSUqUQ8VUrniDS4WcQXsWF43SAmkKp
tZuFw1Wc6qcDsqejiipmBgSYkaRPibKcWU1Ad2sluVonHrF9O6EPeUdhgVuMEr7O
Dy1v7FxrmC9/vfiCHNirrG/AIeLwZc6djAcJRINJhi89NLZR19GGFZI6f+u4cps8
kywI/x37moWsxNAc20kP/Bs4GMP2uh18ZcqHQps9qlpir8+EsMFzLxaROt1U6hLi
LRAT3KxMIF3gQH/9RKg6Xchd0WRHPX8EsFF4tYmrBnfgP/00vH8i0zM3lUeMxCm1
Xok4oash2M+VcdfyVWaNU9LUqqNvI2E6Gp3CwZgEEwEIAEICGwMGCwkIBwMCBhUI
AgkKCwQWAgMBAh4BAheAAhkBFiEEO7Y55W+GH6LoZQVpD91oLZdMpyoFAmAEtwAF
CRUpddsACgkQD91oLZdMpyrVqxAAifNMv+/k7D1PxAb4kDPUlskKcnIVmDOlzEKM
hPDMHro4cJQLVa+kE5v3Q/O5udK8NjACC8soo64/1hqYEhs/ffT0U8yRBgdDhvJo
ceEjj1orPmlMEoHQmku6YT7G6syIeKn1Lhud79RIOXGdsh8QXR266vmA7Bauiqtm
5iESIbs+8S4P1YnFaJvpSjqnljE0Al+jRXkZ/fAEv1TNfHbzWWzMng5Ub6kcw4va
ZevhWx84u2aLD9atMvKXs5VZGROwuhEn6aMZ/41nKEaf01xn95ZM9lt46myK9Km/
patU8TB0BhoYVRgWP7JQ/GC569WwHUsa9TImur6skdwp9kJpRSMa4WWXpPkq6MRi
QUHV1Ia7vkT+wCq8fkr11zRzGghV3BIift60IhfL0IW/7YKYY9E4Q4qEk7bkOVtq
6i3MMVYpKgQwrb5Ol/B5BM5IG4B42CNwYFekXtpswN2FKJYGp8ZqyJXVUfUdcmZH
XIUGyHH2e6o3Rf7XfKzwJtCR+EnBIUB8C/ysQ542ZELO52y98I/OAb1PmNuGm3J0
Me9LTO5Ep5WQTKobkA4gljGna+RyAdArrDeBTa8I4gNHenXgEM3H+K0Vppv75Kbb
3MoLNYrby8IvquXQt3AIlgFAAkOuaibNqbUaTDYjE2FRpOY/9lX9ZmncNTcYP939
9/bwiwHCwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAhkBFiEE
O7Y55W+GH6LoZQVpD91oLZdMpyoFAlxGxOcFCRGRBpQACgkQD91oLZdMpyo8zA//
Q2ISdjhKLAumQ6PfAqN4ZPhKsvnoC21OSVX7ngua94VY7w+Djkb8dm4DgLdW2CWZ
BYK7qAN1Jj5BmCAkTlRsMIo2c11O7rbWZfXxGWWDWFJWsLYsRMs+ddOIVuxHydXX
9jRr8qjbt9oER/4aoU3h7oB2uDBH0EG20I1Eh6oFMylwXGdwSlPTXZofP+H0jHQD
u9K2EzXrdyTe+HsuM7R3iW0Y73Kio2zKMDvKpUIe2iAKOIZ188LcoMlb68x0aDGd
8nd+bf+jd1wSMNJtkbjynoCBXTOX57S3K35h5Pdr/QlhDlQJnJuFxRVeLmELUGXJ
8crOnzGpJLGkZCMB/NOIGisGoy9HiC50PMRlv9MZcyluJkiZ5NjLZ/HVEW0+J4A0
q2nWIot7yBbH2z96vLf3sZWWpPf6OUWJ0KZJCW4kSb3i76pinsTEcJ+wC4tzuTWC
k5R3D/hDBr5JnjnjLTAGG9xvnd4oTk/gi3YiOmEyzVcO4dc7zXMQZBrDbsTcwIbj
GuUxAA6sxsD+Nfnuuy31+mmMyjWckfDjiX4d3yYIgTeqJbh17W9HRMpOMfHM8nKU
JcEKXQYI/nY1DNoreqYJLtm3bf0OWs0lE4yiwNjUm0nId5Df+bGsArelejujBp1G
hg25jmeGoBBpKFtWsEiMqNxWzNNb5B7vlajLs/lpOFzCwZgEEwECACsCGwMGCwkI
BwMCBhUIAgkKCwQWAgMBAh4BAheAAhkBBQJYkWFSBQkNzHEkACEJEA/daC2XTKcq
FiEEO7Y55W+GH6LoZQVpD91oLZdMpyrfpg//VJ/E6j0Bc1XIOeVPjZ/C8a9pJ85J
vLfh1vLtB5EJM6mc9/D7GJkCjql6tscZfBVewNbHq+Bt9DSXCx/9e5B0xtYOSvai
geYt9/PxEndbsFKOJ/+s7P1XGsKVJRZtezr2VhuHDLQfChqKjhCR/XqA5WZQ96jU
K/lS7kPEtKRwRJK0vW9Hj1bD3gh2cNQA/1THncZkihZpFJhUdK3382ZlLU2f5EIl
gMSquVeMKmlvU+YJgwXp8YH4JPRhUbcBZyGCzYgOtBBSmh+Y8vzxhjpLNzpnkV46
zx4Hguz9xcOa1XqXILxIuXGqm1pDD1tv37Wf78KcjL7qqKl3Gl8q6eRYqyv7c/7B
t96sxCzVBWThQr8/fz1c8TWnmUz9xi1cg94PWAresR878Cr4aPCFtJQ4ZHzlymPA
t8sc2aW8l768159h6B2HwFUnaBsVCbCGDDu1/hMxamOR9jQZCw9UMNKKIDoNMTKm
eD5DAeo+S4Vu0a/5rFbVL5/s47VxYpoh5QP8uDmuwawEzf7GnErNXSkdqIvhWRfR
8e/0sna/DTybz/lz6/bMBHsGNmL1n4ZMBBqvlVTy26UT9XqkLZdQAmGQy0x1r9VW
9szMdmaLEM5vTvR0qQXoyQhnoNuJPEVvvuDst8WS2xuJNdodRIZ1R+dZFZx4K3tI
w6Zs8UXAN7W8LxDCwZgEEwECACsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
AhkBBQJUAJrJBQkLHN4bACEJEA/daC2XTKcqFiEEO7Y55W+GH6LoZQVpD91oLZdM
pyo5Jw//QaWhsC9TWUGTLO4Qc/5B6GYeeZxU/G8GWhz0e09/rtLZd0KqTLwXv/CT
njhq49wlScgbz/2ahxCsSbyhTs0wiAtZeDQ5w3D3VTjni8rIqXExXPOHlAM1JqpK
IoaSY2VVKo/ZjDH2CfZMd7h86MeE911socrTcKFl71YvofdLRA0W0nJPyF/lSc6B
tblAAs0aHfBUZpxXYoZpdZzE1sXPxO8hbyyhmToBAtPtfj4hrSratI7GXEGQoPHe
5+gBQ7Wvt+0p7kvN30OwEllBzWF0BHbaznfDzkwfpILbcxyAUVJFo0YcOCCes4Kj
C0aFW2mjTebst6S3IEstkKlSW6VQudpCC3YokXJshqWg0Wyt6kVEYWUUeZVilmmy
xq55a2IhA6+4RZEs/7Lrb329YJDEytcbq+KoauAFmeHWDYidbXBFga2MzVdNWBH9
R0cY/DXExuutZjigrV62GQ5hyHab8iRvO3nsqy32B0XqXY13p1Kr08290HTBFx5c
rJ1vvVAJpMfsERmLhdcdkxbIsXX0cdsFA+rCvBQ6o7an0AQURQe43vikM2M5w7mA
MtZuJ3jyGymVXvimaSl5Sr3ZmQxJt9xknkhM+spDCT/4xQpiA2ET//b9jpKviS1V
nyKRc1wMiUWxFn1PUMhfn31YsAU5prHDdi1aMm3q3yP/6zUmw//CwZgEEwECACsC
GwMFCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOh1i+AhkBACEJEA/d
aC2XTKcqFiEEO7Y55W+GH6LoZQVpD91oLZdMpyorzA//VdiX712S2MeQH/xdv2xp
HPuUXsgdOo03rggxIYQ8HQ16wUKCRZw7G2hhOuLWde3uWB7ojWU8MifjaDlcm6cs
SD2YXmDz3YnpPJuwuwQtVyazns9QrgTMWU0jt92TGMYH1xDq99KNPpFPvtsHm83A
tE37RY0ptssGzxAi83Ehk4tEnWM8qDlWDs/v4MEgDzBC+T1vkbVHd1/gXPrz23nF
xb0NVx2wKw+9NZFv4q87ptYbK2tz2w4LNKFg6AvZe5da6xoBeeFbbQSegzBsBwC1
zXGn0praqAYsqJC086JISKNW3uZdMrZ+UXaV+Ci3+qzNxTejgcbe8KgAjnYMLl8V
+VB5Y2PEol1yqGOhRg6uTEiR79Jkap8fW5+Sz/asVHqT1KZ8O4ln8s5GsPBrV/3Z
HOpws5y0Y7kRXvwf+jLWIoRdpQRbT9DCeW3VQk8plm3/HgBwGSUq7bUSbsISE0O1
amcZmoIH7sb9986LWHEiGLrZjcHFovLee0ENnJC0AB+MVp6ZJifnLNwQePAR5R1M
o4Q5UUbUP3u/lgBMB6V3ASoV2nqynFVYVwkueZhyqlc63h7JdcW36svFiU8XqJ2/
ea8wG3dFcrLnaqyFP4kov5C2k2h44jCH3Ox/srzUqozHOA3sqUNCFUBt6QyC0CV6
1eNA0lwUxU/H1pr4zMGjqGPNIU1hdHQgVHVybmVyIDxtc3R1cm5lckBnb29nbGUu
Y29tPsLBlAQTAQgAPgIbAwULCQgHAwUVCgkICwUWAwIBAAIeAQIXgBYhBDu2OeVv
hh+i6GUFaQ/daC2XTKcqBQJnXLm5BQkcsIRmAAoJEA/daC2XTKcqOGgP/0i6hCOT
9OJ2B2UOYzA7L2aTIDvpKo1pjA0pQZwTvbykSvBkfcBLd5bAt3/I2yH8RQhglajI
IsfombiODnqqWwOnpseSu+pu5D0VyKh8bSsP6uu32JKGKE8RPyW9XL0C3oCqhis7
LUeu2DYxZVVk9cSKcHdknmOBRep5Rki0ih1m9k3H+HXfL0DHFmBe/ll4L6DF50Jo
i1yndfzlf7QSpk413DjNzBn2x9nt9WX7pVWVgAlrIssBwm7iyEOVilkMyKJ0/ENM
JhRJ4lbdZFrD24H4sA9Ef/yWQdAEtlsK9yX1hfLfcBm5Njsc/X0Loq+j87LytlsP
f04HaFWzhaYQtDQF6X28HRrrUqeSa9aPYMPthwhw1esVzt/LN1/Z6aW8xxFPVdv1
5ovs0TV6DQVt4hLIz5TvsJ/a9GemGON739SGrhFD32g0mfrDhTVXyA7rretqrNP/
ys5EMb+E5q+IizZBobm07onmyB7KVA14dY7C1EUiZVfc+sXGXZ41sFH4pPJR57TG
sKmi2yNY9301CaBS9hvFLccDV+uJasmzWjgJHKcZrUFNCle3h2ZLzaOvyAN0ILiP
4sY/Vd1kbEkiFsMZi/ZaQNwueIz6TYY6D70Ka43IRkl7zU81FSKEBJ6x0kqHrpEf
wf06o0L60/BSBh253SZZi0m/FQU4Frk4VcL3wsGUBBMBCAA+AhsDBQsJCAcDBRUK
CQgLBRYDAgEAAh4BAheAFiEEO7Y55W+GH6LoZQVpD91oLZdMpyoFAmOgvjsFCRju
HWQACgkQD91oLZdMpypZ+xAAtjU4TPcWiHPJn19sy3tUhnf7MzuPUcda2TYwkOEK
f6gLeaIYQM2yV7ykbYr9u2geOD42S/pd1dCSvTZy56kgfq3ZFrUAdAH4sLaq1oMm
BCtNMKYvibbpz+UCs3JVU0VLNciJ3/SMV5ooYGwwdoLGcbCNm6beYAOEFr0b0Gqo
Dg+pH7fwWj8XxsOgYzRodrAshHdbKkavGaolmJWAoDtdLCNyADysJ7BpFg8p+fCW
6Me2tPY7WLbZlF77urF2i2Py3iSIdZfv7b31JGL+XdXkkM6PmJLpeWiIAVGCSTcZ
eZ39zTajh3y9kxZu3ZxTXPjeOnT6wpu+F0B60rJ16BNYMOKpQpR/HCveLT8RjkKy
51KZMWJLxwagsmSlm4+Xq8Aye0DmeyGRE2I1oYmMNDF2JSIcdYUyNX6gcSrhFLu7
iU1S8S1lyAqNgJEau502l9wFwVV1/hC0uHs8ZqZSPZvm2fTFZYGMZHG49TuK4DLa
CgDE+ul5wdh2Fn7f770UMaDmTHpLA40DIcuSsNd8AHR4yykXM1KxMXqnkzIsXhgo
g+fuovEE6peOiz9ehf7gsp8D6OiFNZ1g3RGRGMHX5wni5lLxVz9rgV9ertuZIKry
yLZUTrAwBvCGqY5APl+rM/zELKOKBVmAchl7FomSUE7MnRpuHKsJ+OaWr/hVM+rz
p5jCwZQEEwEIAD4CGwMFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AWIQQ7tjnlb4Yf
ouhlBWkP3Wgtl0ynKgUCYAS3BQUJFSl12wAKCRAP3Wgtl0ynKsQXEAC+AQZEOtaQ
K+7TbKUruJ3uGqp03jb8wPAQwYnEuEBVrnO7mWUA4OVQNFnoOKKJvZPW4QJAw2EY
dzubZCYmE3O8GOiNf2eRVLjsKayoDRq/kK/QNh728jLhyxNrXtDAXIvQJjYAWutj
ywejkgrN+ERYJkzcJmJpolAXiCoYq1iDyrQNW+g3LMPh9yDAQYZ+pAku367pyIoD
HpOXpSA1HWQfIAczgtUpTzWH9B7XM4unvdgLShrEEnLq9ueMjJEv4cn58lX82cYu
/zAvSe4DulMFsR0B3uu7FAl73qHHl2f+Nj8vHntBe03n3bIqSnThIDAmT+HWYd7v
LUOIOWjaIybaiBUIqH1crTHqx1F9L6g5jSfXXf+IUNc2K9HOFe32VpFyBeBUMZJv
+1lCAtQ+Y0QzjGipfOYO2NE6HckT3d2pQFmaeiVGyzsuwA83xfXAf1dA209xVBBt
oxTwesyrMZVurmLN/OxRTSwueL9ZGWA7OITz//u7jCaVSOxdc1tULvLUeoX8tX34
JDgolqyyNfw8cJulqutwjrnfGgYgBG7PqcDbZxl/KHILYAHGKS3l47lZK2CSMQ2w
VpXBGhqbxx3CQSznx1FI3QwUOBahVS31DDZQektkZwXJ50/rUPAjUIwrXbp7ws22
AMBkzzIKHb1YHfHj5+O51IDjP0mHD3fSzsLBlAQTAQgAPhYhBDu2OeVvhh+i6GUF
aQ/daC2XTKcqBQJfuu9PAhsDBQkRkQaUBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheA
AAoJEA/daC2XTKcqMZYP/RlqQbGc1phM0/+6RjvQNKzm9Des5Ee4CMXlq7Hm1xhD
H6l/pBFSg2RQFMLw7y/hG8I2A55525Lj4v7xB5h0BuCkZdYo9RTl9+CwaFdqmWWw
l7d85ghz4P7tzUamieMFMdRCyWDf9EAVaNuHDO7q6DKxcRXhF/+zoiRbwFtkw9AZ
6zW+upq72FgeOvu8GquDsn+Tsvj5l0O4DuOXXdNa1BA+suzSp64J1Dw1baH81Njg
Lb+u9viUHBBLGs+Oego1fWF+gHljwU2oaiaPPobiBdJs0DW9qzVR4bqLscAzZ8Uy
e3Xks2ug3Op0DlHwqQ9AhHYQVEqL1Nq2VoH7HR1S4q2Wd94dWcI2Sg5oq1uxKTbk
r17I11ump/nyvABArlzB4HamZRyidfrAngYXkUaor5xvNgpIuHNr0QXGGDaB1awm
Qv65jzkxYnofT1yIWLQEoORygIty/u1VVbXl/vzKzswkzozz3O98QFld49kY5sYC
qPoxJz3+L7pAX8s25tzInryXfKpWORIcCjak0OvItejzf7cjMUs3iF1OSE1KglkM
PrCq0D93brVk9npJN42Dy15nneUz1A393Wjqh79Uj+cjXLjRTkqt0jaP1VSSzBgp
BWW7SnBb4kTXLS7vHpuesrQm4XQ/X8djwa4F24u+LwhT6YlAehpYd9qMeQlcgxLx
zsBNBGAq+3ABCACmXnZUBQd5ybaGKpt4CpIAqknCap1Bt90DAJtIMdMhMTuIP9YN
xmxovdNpX4FOan5LpqqDWOxb+GD68fr03jFNFpPGWLGdL/ngSgwCTiKqBxgixMqk
BPb0PtyNRyL13z7w0QgHXu8PvXe3GMszr+lX/U3Y10+YpJ5oilIvIgsz8B1FBglU
LFqdOgEXdyHC3wHj+dh/Luwcx6pauaTkeWwAwDg630lKxsKNOz/ORbayDAycrUN8
ZNRfy13IeMz1CB6ZUjeDI8L6t5SfGHJ5o17F1KEcvwBeErfecRLtnCEA9IRk3Kcj
rRb8n7fegz/y3lDzg4M6w7NhJ6XH9W4xhzrJABEBAAHCwxIEGAEIACYCGwIWIQQ7
tjnlb4YfouhlBWkP3Wgtl0ynKgUCY6C+kgUJB0p5IgGgCRAP3Wgtl0ynKsDUIAQZ
AQgAfRYhBL7vSUtbKR6zAKJ/E+0u0Z+Fs2gsBQJgKvtwXxSAAAAAAC4AKGlzc3Vl
ci1mcHJAbm90YXRpb25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCRUVGNDk0
QjVCMjkxRUIzMDBBMjdGMTNFRDJFRDE5Rjg1QjM2ODJDAAoJEO0u0Z+Fs2gslqAH
/RmXBFn3UrNkq2NTC0v1XcYRU/N47rHXprCQz3UMjTylJLv0onsK4gn+P+vY+/nd
pC4Jte47aLCcWr+Qdd7F5FTSOhFsl+TbbrkKmvJP7ApeeA5LoCFEY8zZzwzf4Iaz
iL0xi/6hDOCC0NCm0NOMnjDfYwfxoE4PDzRnBryOn5/0bD1mgIKKIwd5LgA4R6fs
PG4NhKgF9M8qDthOVwExm1F6vlgxFCIiO8ColuG/YZBN/h+ij5LSE0dgjKEhk9EQ
GJA+WNqEH9vrZ12HHWz6fLBE5iTBXeLKy8UQA0wWR+7Kx8W+7u9jJKKEVgdaLbZq
ucZ63QPRLr8KRdL+SpgaV8eL6RAAvYRWewZ2sEhicQvs9cj1XNax0gUkypvuY8oN
JuZpdYnJbEvsssToLpxD6VRBBGU1hrDmfZhiT5GnwfdxKasKzOxeaN42RbQayBDp
boMoRlkJtMdcFz6Bc0S9txnW2BcdDGEFmuwLJNanpTmI48aF+zU/tfPkFTfboR7O
fg9Mo0lA0lVHohvSxOpjl2l+iQGoNOtmOMIUDVvn3nDFVVgUOBc011GJTSZZDFFJ
2F0/atoC9ZkrEIkRmIcOPxX6lj6J79HWTSUoKnO3D0hD0EnCPchAqeae1vBt+UbA
bceapJ4zdPEngRLP+6fwR7niR46Hc6G8Qhe8RZFtGbGwzIDl+O3YnPy4vjFzG0rI
gSYgDigm9ScAUrjeGcoXvDKYX0AkI9hU8823Lk0pQZ/qoGdzw44vVVTS33q0aNSO
rNLtdIRilgkZ1pjYUkhvQmtB8Xiw1wYAe31R+5HBOh4mAZBT1DMLjAaiik7rWAuc
UUxjXGenSKbMmghe21LIp/i9L1dOR/YVy1dwO1s6KPMrZt5vCU/ajMvn7I49I6mS
IlEZp2UTPyAlyOAaoBWUtVUQoRR0N7JBxutwkeoukwhRzW1wQUJqoDBGu8ZiYs7M
JDaVnOEF9YDGzaF3EFzvew4oVa6fPzUOKpWnG5yNZSPad7fyoWZy/UrWyniPMiDm
8Zpm81bCwxIEGAEIACYWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUCYCr7cAIbAgUJ
A4bAQwGgCRAP3Wgtl0ynKsDUIAQZAQgAfRYhBL7vSUtbKR6zAKJ/E+0u0Z+Fs2gs
BQJgKvtwXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3AuZmlm
dGhob3JzZW1hbi5uZXRCRUVGNDk0QjVCMjkxRUIzMDBBMjdGMTNFRDJFRDE5Rjg1
QjM2ODJDAAoJEO0u0Z+Fs2gslqAH/RmXBFn3UrNkq2NTC0v1XcYRU/N47rHXprCQ
z3UMjTylJLv0onsK4gn+P+vY+/ndpC4Jte47aLCcWr+Qdd7F5FTSOhFsl+TbbrkK
mvJP7ApeeA5LoCFEY8zZzwzf4IaziL0xi/6hDOCC0NCm0NOMnjDfYwfxoE4PDzRn
BryOn5/0bD1mgIKKIwd5LgA4R6fsPG4NhKgF9M8qDthOVwExm1F6vlgxFCIiO8Co
luG/YZBN/h+ij5LSE0dgjKEhk9EQGJA+WNqEH9vrZ12HHWz6fLBE5iTBXeLKy8UQ
A0wWR+7Kx8W+7u9jJKKEVgdaLbZqucZ63QPRLr8KRdL+SpgaV8cyhhAArKxA8Kqs
XJ5wf2PCQY8qTTx5lxl6NzvDmq7+SBKL8whzcLJNWLZ+Tc+XlZUUsv3ujohjAgIi
a+9a8IcGih5Vg+xyRQbqgNNPcJ0rZ2fUb26sK+ngiWiCJi2J2nIMLTR81ToI58AE
wLXrgoSMisrUTtUSmBNRU5TbOU72eySLioKDZ9OCKZYT7kQFTJwkXMI3JBfV+bdB
LfKXavQA7F+SElKPUGmqGfhSFFs63jNe4MAH2TddOUNocgfYYkJaI03JOohI38fu
bX2BgfVt0rAfG/RyFb6bShiC0TATyH04rdFn+mnJO+81K8cYBvmsBrupoJz36Nks
BW5hiVuBdZKzG11YkwQHMEvq4lmMw4ifwr9/6LJudze2lGTAiBg3QsSnJ/BmzLte
wQY1+v41ERa3L1qVOdcA+eSRMO4xJe5KKnLOmH8JRWKDAF3fpI92ZkFZlNViRa2n
/98UFMV9Yc8EOerRDOqpdfxaPJgrGH1az88RMAf444sEnUL9tBUjIMwELQreK0CU
5frVrC/lClPCre5xU4YswIPgburs9GP3umn4ODByFEiWwb92zDjCpGxZjdJXouGW
zlEryRWEiXHt/sFILZfBulUkVgwv5fLDBXc676qS3VJ3Bs9OlB0zmpT7l8NdQh77
UdPTRy469+7JMtpKd1nTo9ECa0/mX0vQnKfOwU0ETodXLgEQAKvlwepeqGbkmKOT
HchHY1cnO95BHnlOBbiflU+abvKSzR4zm/QIMccn7E0hGsAvrDSndtD2vSsVHGbC
DIkl0WNrr+z8aIP5FrOkDyLIO8rCNr+CxKt4cl7vpxQ0CP/Erq/M6jeGvBwFfbyQ
cM1M/P6xVJAk1AAj0ts38c2DUOz11FQmMDy0Zwb832mfXO6lMznKkWdAl9Qql1vO
4cH5XWn45V97nqnsg1fIK8sTov3Dr29RiW5VKuPuQgT1pIzvPCsN9Of/1Eb8nwgH
SP9x2CqUHSsomBQbvZoJIwbeWW2cziy2/jKlbsBnG/9d4X2KyS9jOIgnPULf0NoE
k6qghqZeh1Eccegbq6VdKwz4TI3lcX9pEnU9nyAeIAcvERLbNWwWIAMd6JcriJ/S
BklBUFEn9on4Qf7ex63KoOxDjj5ze2TYuy7dqZrcIq0qmosMV8OcaY1bz7eFQdnF
T6Hg1q+yOfKptnnt0AJNdgRL/72hMU5a3CrF1stXMgtlLfz28i81+UI9wmRBFNuv
FffTtS8M6sRybbbq1WHJ0nC5XSdOfjTRRjHLoyNoJydVRMLacU8RSpdRP7r+xYjD
paUmImuzi+ZYF/Ym/Pt7RiKgrjtXqjyS7F9dkmE7Vt3xjPn45lwfkkYum+16FQTP
IhNWbmqnFs3Wb7pN6M/gc8VbXzkPABEBAAHCwXwEGAEIACYCGwwWIQQ7tjnlb4Yf
ouhlBWkP3Wgtl0ynKgUCZ1y6vwUJHLCEZwAKCRAP3Wgtl0ynKtfjD/9IUwaZzt9d
DgVy63XwcnPWMllns2gQH5X2qWOn09/q2D/ImnIS4dNEDqyHOApGuB+SsgvDHgBD
wTFWTbht2y2U4SA7SKDqeIqbLsc4F6X5IehgA+GfXJ+NBQznaNCM2f++Zp6DhDCF
zJjT5YdNVgtzjJpxABnoFnG/sBqXQnqjs7OEJ4KVbZXYfy5IX87EoPKpCaoGawg9
tatWMsIfw0upsP8s1maroYmVKc0seDrvQunzy2wlnhSxCbkBNIPOwKLGWLjx4mSR
Ir0VewhqVFhkEQ+yq0V3Z6XN0A+g/kT/CsQHmzveQLjmKxStPdY5u06U+9OdzkhA
U4sLRBXihZ0WtlB5X0EG1ZdXt7Ig0R/fKlz+hzBvRYQ3hcxcarNeD+8boNodCOfB
CtkjJ7L1s9q5/mr4i/u9qYm5lQxWO1w64YYPb7ivVPc0XifMG9Frya39t9IVKv27
dGOyBqtZM2Sfz3d8jciko3QpIBnQ0SvPuElmdjY46jgKumjJohdisDa0FZ3h7bjO
mEBd/nJeE1PP6IA/xWWcJkeC4YqMxeFa+F32+1hA7AnOiB9Dv3QTCNkHshxLGsKm
ziQC+R5hkxLGhVyuXqHFg1DT1W08EQe61JbfqiTRpcRRHSTRYiI4oRF9v+WGAk9d
f9IpwB+i7gPWPcC7h0b9+GLPpLxfSsQNn8LBfAQYAQgAJgIbDBYhBDu2OeVvhh+i
6GUFaQ/daC2XTKcqBQJjoL6SBQkY7h1kAAoJEA/daC2XTKcqUqoQAI35QzM27duv
dIvijol0IkTbEcX8P+QRfUn/KqF3xJiJHUU/WhkzbysMUi5dZNOMPVCKkvLLYCew
rdQei4DqaTns/QkQ3VWhUwH9R5wlYAq4PKoGWCP+bvGYszOwvt/mEEquFrEkG/vd
uBJ9F9vjxbUyLewoTLUTMIoYs6y4fW3gcGSlXL+YlipV9LtD0sU0HPzZBio9psd6
+9gaOc/FV9funZ/3mAdiA4GOlsfmf1nqAxokvIF4X9vYTFj43G1tIDZiBiPd4NNS
76CopXCsFAmFnQqq8B9NF/ozGRtdTRmB50beoHJDA0793+pkAOyXJq7q1VRoEvFD
T+toOmrYpQ+aJ3nbzqEYrpR/af2541YdR4/IG0K1nkz2b8gb53x3Q1smXqDPNeZ2
UCON11/zfrP4+DKLZI2j1XAlF6YsRUarzkEzPQ2n9GLIQWg5eB5DC0vEigcHet5X
0HAGCPkYrERY1YUptJS7QUFVLTStyqv3NTeWwMwDmhbGhK465sg7c9tSTjQkkTAl
XzbOFMdgc68B9hFePjBl7X1LtaHOWIELWMBsU2qqk/b27QFD2aNJyXy1YcUJP/oj
xv8frEVrqB+BSp69VEPI7EuJdfdjP3Cjhp6t/T0YLP2delkf22yPyztq87MaG5yA
lnSr9DoLHS3HgvqEkpp2RKqAhVtduYyQwsF8BBgBCAAmAhsMFiEEO7Y55W+GH6Lo
ZQVpD91oLZdMpyoFAmAEtygFCRUpddYACgkQD91oLZdMpyqraBAAuSUa82+MkbP4
LVJtUA50hsm/UoWwsp4DiGpU0/33TnsjYY4QZ/J5RtIVONN5EqaMM/aIWWos9qqB
yItwmlPcnmwI76Dio90/5LcjdkvXm2+DaW90BGIcoYuzcllT2OGKy4FX1idx3E2s
rILqSS2IzNu4jXIXySss3bAiao9MHXGSqGMDRSU71ixqlhUX5Qsdnei+WMX1wLTk
eY8wmRbul4A0T3/H7b+hQQp+OkmSaDUtuHdvEuacMSaRIA4dmzKwjOQkssXQB6GP
Hwd4zIJ7MKBxAjO2fJD8NAmzYHMvvHGcYRLVqRXEEQO+rMYDJRoT32aLDC8gg15G
UTtinLrZGKSutX1qROUX2GqKszSXQ+BlpiYEvQG4uWjmdL/4LVl1x9aLrSD6QUkl
oRJ8NA+uupc8HlxQpu2GxlLM/Wk6QVa0tZVnswuiAqKjV0L21cayBfGBXBYJPEHP
0ALr0SKaT5e8S9rV0ehWA/srR6/B5/DMIKHPk0z9Bqrkm+lyYXs2wqTlUU8Aqao7
lt+q/uSqaQcgKXbcmYDXxCdcR5aorKOHEPgK5VlMex+Gbr9laOS7W+JrTUfyxJZ2
jLngo0b6j4L8+xlXzyTnGHhDd4IBuEpMK0hNwQN9aHvjuJlARCoTCtsH9bbapekU
RiFBVaLljnB1TY6fOzc4rPvhZpscp1PCwXwEGAEIACYCGwwWIQQ7tjnlb4Yfouhl
BWkP3Wgtl0ynKgUCXEbFIQUJEZEGlQAKCRAP3Wgtl0ynKrOkEACFDCLFyUZLCRdj
c4Wxb3B/JqoXC7sXRN/VUp34W5Mc4xFqldJ9OPPEle1QLtKqhKMjewurr3NUQwmi
eYkhGU3aeEB/fHw5O71RWGXuqYdprYtsMNf1q7VuKCwQ8JVZ5IAceAxuY5Iv7CKW
nBUnJ1Od0fquAp9AAueetXma3oywqyEeDZCJX5sLzzsU/AAEJSolBg409QPzUcYl
5AVFmJfw8hFBGteFtRtGam9BsVF1pUH9sgnC0dfKabcUP/AC5JQq7mbGm9Ap2aVW
8b5Gx9aIFmj30U6ABCOvpn8X33XHvLPByymqIixKWyJBFqhLBb2MdXVMhaA2AI6q
4aYZsDxXTVlB0BATOHOYQoGUWUm0ru1dkF3ZydUZYiJSe5AWDyoTIrdQI4+IRScp
1i0zriwp5Bs7ikL2i2X2hFjKv3xJaPGupNStcoDrGm47VMDHqUf+OmA/LrKoeCyk
/tw2BNEBFboE1gPRQsjwGdKCvmDs7uVYNY1DpIrThcdOa0FGpMD8SQALp+UcZe0F
sdKeccVJ/1sz5DlOriDUd40flMfS9ombg4nbkEzia6Git0GbS8mFiaoRuQtPyTXO
XxaJuX7QffkvW5huvbG7ROfRoyoxR90Uliv3geM+iStKsXLEPDo+uYb7XEUMqKxp
SKeeImIdYT2oIYQMfaF6Kx1jlutV08LBfAQYAQIADwIbDAUCWJFhWQUJDcxxKwAh
CRAP3Wgtl0ynKhYhBDu2OeVvhh+i6GUFaQ/daC2XTKcqn+QQALSfr+2wMWeWm4lV
aujx/YSfrEI+YnwUZOJGL66K/eeiH6ntZfh5RUMd6cQS8hrW38lKTwMP3djcFzCT
qAd+gACN/rZuMpK6Unq1eGPPs/0XU7p19JGAXooHY7veyv8x/1dlusaBetORXTlX
R+M6HlEluWcROQKp4wiZGIYJ4i/HNU83LbhXpzK6yvsn5OctrSlA6hJM+oPGsayr
S3miQVWQE4hFa62HbtZgPW4sKFVFe0Vr/4qzTwtCrwW9rTnx3Cs81hG/ObW2lmKF
uVPhR3TuqzfLLobC36JsIdUKYdlDlpkxMJmQYBq10mhCZsinuZ2I8Nv4QaEG0Np2
O82xUtHvZDCvOr1VZKjn9UKSVl9gFCZTLzcbI3qOURNuVWnHKXSuJV0UfRJm8t1c
482D8B/XaTjU73CZmp3/mV4U+o+ITFlJUrFVbmmzBPMefE+Z1wQxpOET3thEHdXA
qCSZaVXcKqMeD0J7ErqWQg6L/Zb6OEFhgZx5ZhXI61ZPreC/v82aP/d0Dh8yFReQ
WRzE/tdFX9+XZiYPuRwM6XvUxjSqAtAue+eSx/1se9HNr4ORFwd0oVGgn2WcJ485
Aoipr2uSZThVlV1w7ubQMEtqFdBCbnK2le89kFt74TUjkPdXPmpmKP2e75EZw8mT
y5bKDpXETY6+VOP5WMktACUv0Q2dwsF8BBgBAgAPAhsMBQJUAJrzBQkLHN5FACEJ
EA/daC2XTKcqFiEEO7Y55W+GH6LoZQVpD91oLZdMpypF/w//fYdK6zTNF873Luva
exJ9REh/91wTkd+FnfkwZ6/Hu54UimKgsKr3o5/rM3X640rN6B2WmJOPkWRgJ1ds
0ArjKiQcl0lj9eeqHvR3wveOuX8DC/qDYwkOXJ13CGMFbd3HjSjMiI0Kfrj8/24K
9zobk214pkmloV2hTbnv+JVnoJS/gVA9FQEGuqhHeSxu89i2LQ2dCjCQHka3CGFc
cyaAAe+IB/Ug9zlq9A7FcB5VoKYbdbhGhCrjfaxiB2CoBba5f7P1+IQoo6PvDRRe
MsmwfisVg09zvFWsTXKUlVtpVuXVl5nFkPDsoEaMQbwMfBwJeeaVF1AvG7FZboXu
QzlAfc6fF9ti/J2uQ0MUL241Zt6GftJyOFDLabHhYBBsmwJ5WjlDB04AnmRyWsx4
lc4TnwrR0oCRLaOR4PU1rQWiGpjaoRkPl0wPbfGW3VuyVKnT2T3GuSr3DKwwBTZK
xD2C+HJqIVtOCipTst9O7xaPeLPib9XVxzekTKRv2ULHZQ+jyur+S3elpJER4/2j
iYpsByKB2xdfY4BHAOQ4yHEPwlBzzFWyHAsb3bb/2Gy/EFQMutJsZoOCotVdvee3
LEVzoFIWgQ/uzcY6HF8gDQ9tQqWlYxqmG1JMz70Ypv04gIDN83QWEZ6n1p/stMjS
121EMPVle500+v0snqqnIoZLjsTCwXwEGAECAA8FAk6HVy4CGwwFCQWjmoAAIQkQ
D91oLZdMpyoWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKrcmD/9FaI6k+fyybHBgneIg
JNCYP4cwk0v+1KxECcJLAaxR9Oe66t08yteGjj4nVMqq00G26d8gAvVG6N4LpJ4h
Ig4rjfgMjNBlWyi1JXoLGve+/6xY1y4RBOOUqcJc1H5Fyg+WIy+f8r1S6ks+6pM2
bUdHtoo75p5aVX7eVrZCMthCWIGatLnixCQCKEjXG3Tx/GcaHlbcic8j9H/sHPn1
+o4vccfbDKS6Lg+sVmzDjcYfujlUMbIwUCQX0/wkdU9qhVJFGp7Ngp7eWnah06CG
Xz0fLapGVjuuSzqPm3J7BgNfTvNmbA9E+nBz5Xa1IQws6bXzbYb3zJW1W0ULs30R
zKGWlZ8Z/6ackOAN6bzEO5NhPNJ9C/rQdUSNb2TFNC7rLWh4sjjBurq/er626a8i
pIW7rBmw6q08VfTcQ24mpAz56UN2uKFf2JmffVPfguLyQ2AzkXSeqqlInEN9ePlQ
m7r2fj2MSBA3YdlldC0hvqqD1ct5US2EenoDALhjUeVilvpZ1tmlRXPVwTB0GiXh
7vtStG3DB0b3+97OytFiBdvscn9bNW4iprj8WHsy6n7bIpbs+vyvhLfy64geljQ7
mLpEonPfzUDOrwe7xdHBUdEzWvCmyWINxPyGggPi5iXJMb2+MyxiCcMb0GEkxaIF
ADKhQllXGRT8+mZeDzkdHLI1pM4zBGWi5S4WCSsGAQQB2kcPAQEHQBihetgmPXru
CyIeEKYLxmifXhu3h4xOMzWAse4OR3IrwsF8BBgBCAAmAhsgFiEEO7Y55W+GH6Lo
ZQVpD91oLZdMpyoFAmdcur8FCQWU9mcACgkQD91oLZdMpyrfMQ/+JziY00l//1b1
dQsL1c0Y/uyG9gJbQ4OBqbeDKAgTFA++99I2uE6oFFKAiZOCxzLwjVtUhgvyS0eO
CQuphq99Rncy055ZboMF5Q6tnB9E90cgCNN+fW/eqyFU14aFKULrYl2KYg6q37de
5L61Nh0Pc9SRMgDpFyaub8Zb0WiRHe/XcY12pcQdkk8aUWTxB+uLF+H/W5GDARVP
fExPb7tQu+yKDcrvxACBywKaJV6imVnh+SfPVHAgmcNSlJNzfFAJJg11TtRTb/Mm
In+nLYo3F6zv+GmxEh1SnNOOo6C2+4eWivZW5TfuD1+bgswjfnyFL9UtpO3owwUT
2m9NrKjyxqggkxKmYQ2xtYRVTMdmQhQapYkH0D8igCdN72GiQVDudMz14Gp7UJYW
hVnA4xTi8qyLLJqq9gIqFzDwXjrpJTxYaAjM3y7cy1DLjWRPu+mi1jyTfPDLuBGc
SN6LG265GM0zid3ddDwww4cxJ9Ulh2r0RQoW6jlqzCuxiFsAIQJYVB7a9of6qdMa
A0aPwRrzzKYwWzfQ+K3Nxm6hjC93SQiO4MgWc50JZul5MTLZhBt/H66ABZKeaxii
DjXYHrB3FiiyUb/KSvW1XLXgnQDph02/supgIDTXjU5mzgSKOTLvlLq+3OKwOkTC
vBk4JdIW6+Mp3QekwbgHsZhm0I/aepTCwXwEGAEIACYWIQQ7tjnlb4YfouhlBWkP
3Wgtl0ynKgUCZaLlLgIbIAUJA8JnAAAKCRAP3Wgtl0ynKrMsD/9edngOQq47w8P1
Tgo13sQ+fFEZlfwFDz7Zu/kz9wcVrtgaVy0LEh/AvKg7lN67Pxb/wlDeUL1937P6
QG0ZpTzwmf28Ys8yDgbtY2qCa62EAP7ubFhV4tIF/D2dUDw5w4w9tt0n7SYjVobg
SsmNQmIDF2zj0+xv3ceGU+BMW9ujppHCOPKZYYiNM+ToVgF6fgwLiylET2ISIZqw
/4z+SwvstzjIo8Gg4kG5rVVXQ8S3xGZvifGRwAm6qw5YXG+sXipZi9HHTOVYDzmA
nFMoizKJwfKZG9hbm6AyXY5OfQpalHVmKyLiUH1sXqxGJ128wluzy53nCFDmae5s
QCcxams99JSnFovbS7iA14Rd+4XO6uyRlitdD+iB4+TyzrUDKGy4V2bNKK8nQfys
ktLxZcleOQ/5lvYARJan+O0xt+4EWHRYDqTjFXTGdSDW89KFS203CPboVcfN15Ji
vXpNcoJng+9bgy7PeLQ3h5GUm75oPds09HN/DFYmUJFsm7zTnRbtmXCNbovXFblq
FHcPE5/0QFt5+ODAcZmYqDTb4SEv5uR0pqcOXOidbS8Yp9wjlGXi18bbJr+zCr8q
EdQnPCNvdcBM9yJFSbumz48cu3z60d4c/uAhse7IUgiYH5W/qzGz+FX9LPZ7EKaJ
IpozgWjCnP8xxOR3R1bMwSOtwT9m884zBGEK+j0WCSsGAQQB2kcPAQEHQBlhv5oV
tA9SnZ/ToHZJR9NcC0NnoJff9L44+cuEmykHwsJUBBgBCAAmAhsCFiEEO7Y55W+G
H6LoZQVpD91oLZdMpyoFAmdcur8FCQos4VgA4gkQD91oLZdMpyrAFiAEGRYIAH0W
IQReryEEmoa4pUzLG/qs6yl0DJpOlwUCYQr6PV8UgAAAAAAuAChpc3N1ZXItZnBy
QG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NUVBRjIxMDQ5QTg2
QjhBNTRDQ0IxQkZBQUNFQjI5NzQwQzlBNEU5NwAKCRCs6yl0DJpOl3xWAP9brYkn
csineKhHmZy35b8+WlvPE1bkpc6HSjoV0uj6CwD/eHM7XwQo3DOH9YafshRkkANQ
rTqqtXVVgRI46jL/0QOhnA//YzIsNtQiB0erKFpiE8wJ0Ba5QJf9loNtg41Vfqsk
Lz6KIFsSAGNinNSNXB1owqyisLxNjGffYPEK9k7awmU/I0rMnfxDghwGNEdptQ5E
7DxIWYwAjBnDsXQwiKQ4B2qWGW/yUlA3hit32f2JeTcE6lyiBE7oyYzTw2aNCH2c
xuCiuUeGrm7yPI1JNKtSsGiNGASS25rl2bBDeD1Qp/IEkqI77DOS3vHBHOK58QFQ
run384AT+3+8ywtHfUFGUT75P5+Om0vB3RosHRG7Brbf45dxDaOT4nWZjnkEHX/W
qbcFcgRIwQexXL8xp9xWdLKQq3tgJNmblOjD6cPr/BecU28SX9VCzAtZX19qtTms
CmM+9RU26b048sE2dm/3OA0qTqaGoHdH6aOzUd9gXYkX5gk9pPHWeQDg6ecI8F0j
VnG25DCsQccc0F/Go6oRRoCpwyUh19y0QY9Vtcu/iso33vTirzP0tx3NxdD6XXbE
dOnAA7p7rGGsYWb4vc+Uk0jbaBIz6iBJXuU/ezjBDyMGV3nIu6ZIEI3huQf46kQv
i/iJ/BT99H5ygVSri3QTSpCg2DCGqqc9SHkTrgrfoCbhkRAyUyi0uhL4U+K5Z2Qh
+4SZ4pF4xF7OY2J9eQ3yj5AEPFSSjXhix+Ip4jWOi60TztCBk/iUJwsc21TcAuCc
fOfCwlQEGAEIACYCGwIWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUCY6C+kgUJBmp6
VQDiCRAP3Wgtl0ynKsAWIAQZFggAfRYhBF6vIQSahrilTMsb+qzrKXQMmk6XBQJh
Cvo9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3AuZmlmdGho
b3JzZW1hbi5uZXQ1RUFGMjEwNDlBODZCOEE1NENDQjFCRkFBQ0VCMjk3NDBDOUE0
RTk3AAoJEKzrKXQMmk6XfFYA/1utiSdyyKd4qEeZnLflvz5aW88TVuSlzodKOhXS
6PoLAP94cztfBCjcM4f1hp+yFGSQA1CtOqq1dVWBEjjqMv/RAwBWEACmVO8qrKOS
fUvPoTSP6rwbCMllDX7jAeUF5NioJmdCzH7bob6TCqkNfuOusmBu+6mDx8gYYeUb
O8VtSey6f+Gh7bS3cO9L0DSgr8XaDosSQl6jjN0ZvDKCeBTKe2s2yYBNfKwCInxO
4oUdPusxkbizwvyRJYe/BvcbHKG2kdXz58WMUZG7qL/CYfkze+hSvJbia56QYK6U
V8/dYEFke/2v7L16q7qG2QvIVjc9igcmYivYCYxsheo428UzIInxGcubkwNCwYak
cobjhjBNt46HGmImou0yUtMzb/BSGoQRTGr4likUa2cqmlwgghY4d9+tb0ZCniam
lnxy+6aoGpBdcUuB8+b51gQGSgB9OzId25GA4AdKeQPrR2DOCnrYZ3BRJJ4bSCz1
YanwOoS3BQ+anzlRV0n+NRgJ3slM+qhK28XgDJODbB276VCfCZZF/24hZgNChfzF
YsbVdABnkdQPJHN8Rv9/j2IaDyJNDetz4tk9QpnmmFA1SPb6y3EhOsOJooh1+JjF
oRaarJIagTYfgG9165efEQbO86IrDT7LWquwL2LyWNWFb2s7U1Le66g3QkkodWyO
z2ZSg8KgNGJeuw6tyMuwgNWhOZ60pIDoy8kQzbribgnTj8x3uJSy1JMT1ra54yWx
feyeWozkTO5MWiOdP8g9nSizSJTcDMrmZsLCVAQYAQgAJhYhBDu2OeVvhh+i6GUF
aQ/daC2XTKcqBQJhCvo9AhsCBQkCpuv9AOIJEA/daC2XTKcqwBYgBBkWCAB9FiEE
Xq8hBJqGuKVMyxv6rOspdAyaTpcFAmEK+j1fFIAAAAAALgAoaXNzdWVyLWZwckBu
b3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVFQUYyMTA0OUE4NkI4
QTU0Q0NCMUJGQUFDRUIyOTc0MEM5QTRFOTcACgkQrOspdAyaTpd8VgD/W62JJ3LI
p3ioR5mct+W/PlpbzxNW5KXOh0o6FdLo+gsA/3hzO18EKNwzh/WGn7IUZJADUK06
qrV1VYESOOoy/9EDx8wQALWnnrbr4xK+u7vNdM6LJ+RJ5yB4M2+k9dkIsPeRNX4a
rF4ZJogevXdeUUWxpws9PXd6/uaRaL+4ZO4kUEUkTZ2Z8KGQQjcKlRvfR/S48YtP
u5FlybnRlS61T0GOKkq98xuV8X3Y9NAXuh1tF7Mkj57JOGlQ2TIzmvECQ00pBlDv
JftvkECI99ARsoVGdL52HPRaKYI+/xvpParGLru4yP/mzP6Qqu0C0It6s1ubu1Ep
q1jLKjLFMnRAPtud3hyZv6C0a1IWIFGCRM/soPAuRmhOWGgTV3YdmJA9rVbVHKLS
bFwOaftKO27jU41JoI/FaYRkIqFCT3Xb0b9haOb1sDdKMno/33IGiSDEBKt13pjW
GgkGN5ze9GF8honGLpu3ikAMWsci9XK9CsAs5fvt7cu4r1EYH0qN+6Q36ThqK8li
1VujRFvd3pdagPt9/NKm5BLv3MdmKsh9R+7JHBwc2ySua/HS/fi57xQEuclaG1Hx
mT2wIlaIJ1BB28ka8YLx0ewdQRIWmXlmiUrcQ7dnf3HGcWdWnLFH6h+nDMC1CkDJ
YZhu80pTQQFItMUlA9jLIxAATLyjDYtwNvivGifOGdd2dNIXaY4IFDTylKu5q0M+
C8oYM75HKaNQt2GgTyJMm+3rNB5Z6iQFoi5B1iTVp8n1vxtJtO2TRJa/kdtpEAOp
zjMEW1bTOBYJKwYBBAHaRw8BAQdAWdZbhOMXjKG6SWXC57x6luZZ+vWgQa8UDN+k
oldIeiTCwZ8EKAEIAEkWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUCYCm+5ysdAVN1
cGVyc2VkZWQgYnkgbmlzdHAyNTYvMHhGNDVDMjQzMUVGOEI1QTY2AAoJEA/daC2X
TKcqPdAP/1NaVDqG8KlGQSqxY7SZsNsNm6IbQq0rHAET4uxyAaZ2n2yIw9azMJ0P
cbhWABCNGhd9XLpZ1QMuWR158oEby0dVGi4e6ADglTazj0304CId7oDWnCtQBgth
zIEM9PKm/gcfHmS5zPaOHwpxExQB0FhsosSQyrk3M3kUS9zhx++pty35YPlHXIv7
PdXBy+vIVJEIYBzdNs8v8yG/bQg9dqdL6ZZuHef8h9A/XyUxRh+g11TAxdNgg89P
EofyVLHXNAYx/z3CmRN8/K+qfpdKDcnSEbAEsWX6MhughzG7MaJ3u3bgzpEYysFA
s9jn/Ena6Ga0nZV1wZ2e1lKXKgY5I6zYAw5+Nq2pBb8pprWVS1od5cBCtb0+pvYJ
l7zTmXucPsrKh8KumTuEbqJenrNEL1kP6hUV/j8u6CZ2WVF+mAW6wfTrkHyUGU8Z
0kNx/8QAO5jJUbKaO5fL/cF/jdnz6zaK45BDUz4EBRRUKcwxmYwtkwUOg9xD3DCJ
7vBTJAHJF9kITvJ/QiptHmiE1+bFWnUC/blSDtwBUU0Zs2hcAyzQ9fB/1WY6SCl7
epgt1ee+PElMku/l1OZAdrjhPuPYY3KghGhWR2132szP+8sp/aoiDR2anK2tzDZb
l0fdaTWN8CxfEZkeAN3blaTkM0x0l+c8B6FsEUNbMPkQkc9a+gVvwsJUBBgBCAAm
AhsCFiEEO7Y55W+GH6LoZQVpD91oLZdMpyoFAmAEt1MFCQhZ+coA4gkQD91oLZdM
pyrAFiAEGRYIAH0WIQSzlptPDvl9ch5jjr2cglpmBdQLvgUCW1bTOF8UgAAAAAAu
AChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0
QjM5NjlCNEYwRUY5N0Q3MjFFNjM4RUJEOUM4MjVBNjYwNUQ0MEJCRQAKCRCcglpm
BdQLvvxeAP0aN62ICWyuU9/3bf7LwkTAqWsLvaRBhkGpnMVb+wSejAD+Ox/xS68i
fix/LK8+4+UhWpWHpP9OAv7L8UoAbSGnKw2R8A//Sur1uLcfLSremmadErwZYVHw
SoA0iEGBEqqBt88pb8pklFeOQds4I2knaeYQQ2RLRtRc/AFAeBe1Rst+3vhq6iMz
WRIA2hqc+QuMdiT2bKrj09Zf5HrfpIdC4ZXJE/02Ty67TCU0RZ8OFR0JEl+4K4by
pxShI2fyF3uXeW5iL205cxqM0QsedvbvQwFzdBWzuNcz6LfnJlXTmyGvQnPmUtwR
DQkeuOWM7RNsqaMbFwQjQe373kA1Bu81dmoXxFBcg+Z/l7bcg8Kp8p+r7SjtJsmo
Lqs0wMBSKreaVoGCQ1HxbiXPZ1bjk5wu7artks81bw+tXoBLcLCxTun9sLUlD+8h
oFaR40KaFMTJ9aOTKhRzYQqgmS4zSIMwBBIBzzDjL298630JcdPOA0yAZwICf9Bz
Y6uZ1jtsfAzAYT1w1M+wl6ZFR0PrjekIzMC+XczFdR52W4S0hYVMujxeaI3tOcbq
UNQ7B34ThuYKn9e6H3IS4S98+f9JkhCjiQ2Jr7NGJW1AhYuA/SP0Ox7Nxvvyf9be
zIgvHu9azsox4LljqskB8MHXiMJeJ1L8XGIpNjxn0ZkNpt+2yFOneCF8QkG+pfa4
H7cH9SzV5l3L5qlCjzuxUHQAM108gBytjKICXZ9NaPxiO00S8gmxPHsywr3krvBH
+of9L0sxPc5i2yWndLjCwlQEGAEIACYCGwIWIQQ7tjnlb4YfouhlBWkP3Wgtl0yn
KgUCXSZCZgUJBaWQBQDiCRAP3Wgtl0ynKsAWIAQZFggAfRYhBLOWm08O+X1yHmOO
vZyCWmYF1Au+BQJbVtM4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCMzk2OUI0RjBFRjk3RDcyMUU2MzhFQkQ5
QzgyNUE2NjA1RDQwQkJFAAoJEJyCWmYF1Au+/F4A/Ro3rYgJbK5T3/dt/svCRMCp
awu9pEGGQamcxVv7BJ6MAP47H/FLryJ+LH8srz7j5SFalYek/04C/svxSgBtIacr
DU/eEACi38kVyfwgiydrIku+0Eo/aQxxrcOT3Uakjii2m0v3IjgP1YX/JfQKfMv9
Pu+UjeKO6GJ2L/HMjOmAnPdPgXgYlJaf/oSiGirmp+faTCXWwDoGPN+W0YBVX8yA
a/UhGbbNKvP/WFfLjqm3LxFkhZzqIDyVg6BubGHDXkcQa/eAUkffk9TLcl1viKR4
plnDEIa1sUDtUPLd/yyPwtxXvgYSj9vd2xKnx6yciWFouyx3sJaGwydGHakCVCsF
KePOYcM0B3VWGTtkBocruOlkN9YKJ8U27l9C993h7HyjhSlqx/mimGQEKCYHmUMO
XOOBYIzm36Of74n3hjDmzTui1AUwBMNDJLHQr6U7mJVhVbG/HgfTXCxAh+6lrs7X
L4UtwaDm/P3Eqjr7+jxUL45xuAwMmKhRXmr43/TzAwPV35ABvMv87VFlK4v+HotN
KfXIvwOpghsAwnwfPVivG+LYo/5qqWdq1gSgj/3NpBQa7L6u7xqLMMcI3tyrHpIT
I13pucUXCu+KXoAgZaRPW+294MZMhU0ZZkmMaaubBqZ/2J2ZBP2pjJ1T7LSmBG8z
SfYMoKpWUy3AdmKGDJLAHQOV0sg7l0CGhx8LmR8Q0QKX6qQidKJxR00/4FBPyu2s
pRlnDrc0QLY90escgF54S8Jcrwmnum3Y38Q/H271CXDpVXIL28LCVAQYAQgAJhYh
BDu2OeVvhh+i6GUFaQ/daC2XTKcqBQJbVtM4AhsCBQkB4TOAAOIJEA/daC2XTKcq
wBYgBBkWCAB9FiEEs5abTw75fXIeY469nIJaZgXUC74FAltW0zhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEIz
OTY5QjRGMEVGOTdENzIxRTYzOEVCRDlDODI1QTY2MDVENDBCQkUACgkQnIJaZgXU
C778XgD9GjetiAlsrlPf923+y8JEwKlrC72kQYZBqZzFW/sEnowA/jsf8UuvIn4s
fyyvPuPlIVqVh6T/TgL+y/FKAG0hpysN+agP/i2u9IrLzlEiW03VDBjNh7YwqT09
Lyv2VXgy+TRLDyVjH9+PqZM0OtWWE7NpDqo0/hxMWwCDNXk/OM8kn6Rl6VrUOVfF
i2UhNYo494ABX5tLW7BIGkuK4YsT/OlfIsgdgRFEs1FpgzeelWRByZV3Im1nIfJg
w5suSN3FcLIBWSMiL0V9id7qa9XutytUkP5ojZ2FiaOIKSFMaZhql3aMWOOBa/rY
Cfbj4CjRY8ge2YuJLfLQqz+0pdeTVAadV/A6VS/skf1K7IQ1Mxkoqiiws+qaDjsv
VGSpoK8SUb8n864wHjXl8M/1BMEycZi6rji7Hp27Nf+FRzXnKC8sMHb/KidtOdnN
KjP/RSbFPYkzWS++UqrWQFOkzsjPASgOFYRJLWDI561rjX1DlES67a26+QDZvaRz
dJETS0TBuMMPU5QYRIsbAx4qyjuEFVxlKPBKSpZqAly2eaJGetBzQWrxRJtbZ0nt
QeM9V438Oom4cBo8C1PgbCpRoOI5k7JyjK8DheJfd+E+oGSEDYzJlZoeZLCMXTTL
iCloDmtLd/qGLPJEcSd7xhVXwxfaAA2dzovLUvDozN17eARpmZjgl8Xgq927nT29
0FAw7RuUnf2UMGItdVFb8Go1prSprdsjJp3ILSwB8IbisdZZyoS3XGWQijxQ805e
5kgaT6lR2jj2Se8lzjMEYO5NlxYJKwYBBAHaRw8BAQdAkbyieR2bp5LOFNfrhJNc
TJcGEVlGcitKxci4PNBZHCLCwXYEGAEIACAWIQQ7tjnlb4YfouhlBWkP3Wgtl0yn
KgUCYO5NlwIbIAAKCRAP3Wgtl0ynKvhEEAC5jtMbuThN91sGy8NCjTDnR0lRN/4J
A74SB4tqyAeDMuLtnOX2MXtoGs+vho9TdylvUiKQABwBUCdR03eXEUlrDSTxqIYc
riJYm1uNmlS8GigEClCtn7+xhNaBOYTkUcaXWDLKYmJQIlrKJ4p+Cw7JHVp1g+cK
h5E+INSMHEx8zwxkjgjzhq4b0V0Exxa1Nkrj0hrhk3TxEv654yOF0+Q4RBnKC0rF
DTba1+Scw00HVzoxynHfWWmO097zJnW9cXmcRCFln13zi/eMiXsw5B0ft6Fq++2A
EZlgA/iM+Q9st3Li3aaf4PzEOccpQRoWoBvyGCSysrpjHNIhyU+0whKm+LqsiM7X
JGpd2Uydb7480yooTGdGKgvD5XZSFRSk8P99zhYSNjf3FxBLC+EFCvZvLIRZMPUP
OFz+MfKEtSOzZu7VZZLrLhAjeadFf066m3sXq85PDSNX+wIdH1FBWyZMNp/7HERp
jKMGukv+JhKpGAehhiW4EPGK9GmcX2iDDbCWeIdYtcutbpQRFWpC4uiMZsq9Jg79
gTh0NiKtbalgGxndOKFY0rU+ADcTqD7YwGd7BnqZ4JXSHDNODxVNaI+BRn1WuPnk
iHx5mtagik6zSIJflr97nMiw79/zT2uNyxxHVoJDFZCP9qcmsKOfhIYtcFCiMG8o
fYL6con2NyuagM4zBGWi5RcWCSsGAQQB2kcPAQEHQP0NYuYpl8kVkR9eL4JWEo0M
M9cS1yPzvboMoBbAoUEwwsJUBBgBCAAmAhsCFiEEO7Y55W+GH6LoZQVpD91oLZdM
pyoFAmdcur8FCQWU9n4A4gkQD91oLZdMpyrAFiAEGRYIAH0WIQQWI4p9kkSLArex
A0S2sc6uUQPbBwUCZaLlF18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5v
cGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MTYyMzhBN0Q5MjQ0OEIwMkI3QjEwMzQ0
QjZCMUNFQUU1MTAzREIwNwAKCRC2sc6uUQPbB9XaAQDbJ2l9rBYW4cR7TIJukyNz
MVZEomGD3xccJTegABXMswD/SG6c8g4pV55WHegiR6hgNS9QQe/CIs9ic6vIhM1v
2QtqlRAAhX/z18MMOMT/9aVUpszJ8bNYVx/VkXDuoohHRvj9tAucVNntn2Xms+iW
AZTiG/w1noJ6sBVHEXLR9f8IYOG2z5Q9q28NHglAH9D4B0sPdEiMU3IUn0C4WkS+
vc7D+M/rEqlH604wMftXOYYHfTFmm9w+hEtpfaZ1n8ZjD4V3qs2Td7a76zM85VVY
KYpehsd4x3pfRCLHHt73OuRwcW9Y/HzCRRXfshcN/4a4C2b6iDFQdUxThK/RsE7f
Y0xnPMnoS/k5di0R/aWJjbxYpjBZc+usmmGxFkusNjelKJy0BujoX4EhJJKaaKcQ
NvVamXzywkJofT6HB1G7bDjGYcaiySvBCbsPX8HQec7YCQVY05O7EcCz503EXInv
iI0Xf5tpKKeR+oVoQf8jC/AiTVLIhqV6MFuhtqQJM/xUYlTJU//WbgokE5rQ0+4E
XWL9/ORhwWZODnAkwriT72pH43i2PrPS+DblSTgGAVAwgFHtGAch1ZZ6GjmdrFpR
PNU6/u3aGjEPmrxtg8gH/nabC0EERdhUnlBUSo6eclyp+Nl+NAdtxggh7lR4oS3h
j9uAt7GmUu1Ke9BVZKzEFUj8H4s2SQdQYmuiZF1N82oUKKSt3atOM+ByuAP2bUv0
cyvFlaAJNBALq/jlEf5R+1tKgUWarp7bhXL+DJHjtsG1VZNjlsLCwlQEGAEIACYW
IQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUCZaLlFwIbAgUJA8JnAADiCRAP3Wgtl0yn
KsAWIAQZFggAfRYhBBYjin2SRIsCt7EDRLaxzq5RA9sHBQJlouUXXxSAAAAAAC4A
KGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQx
NjIzOEE3RDkyNDQ4QjAyQjdCMTAzNDRCNkIxQ0VBRTUxMDNEQjA3AAoJELaxzq5R
A9sH1doBANsnaX2sFhbhxHtMgm6TI3MxVkSiYYPfFxwlN6AAFcyzAP9IbpzyDilX
nlYd6CJHqGA1L1BB78Iiz2Jzq8iEzW/ZCxUMD/4gwF8wMlDqxgq7WwCtOiqKrRnH
TgEtB16yC+mDpeGjiQpWSfJYHKCDKTP/T52KwTRB5X42XiybqKv5aooOBGIQ5F7H
2VQyLqUGWaZiVN2faf/HXhPz7wDCFwf34etz1QslQyPRhv9z24mn10I4XJ5aWTBO
i7XkGzoz0laqn2+Sb25+E1/uYyqpTc95qKsZZwSpMqqzjOw58fGPNXtnyzy+tn7k
veRvXoCb+Yrs0xkZrQ1EigrvBuuemABqOmvyJAET0E+hRgVEYuIijTjsOLytPUHB
YWXywgBiGq0RgJ6O4Jx4hhc/Nk3ONOslPby+0wVsDLdKb9enQoHs2apVoWX3iWoE
JmmJEuj9wpzy1n72+TyPXlprwZ29GKtEOe3Wo1VyZ04lvxbvr1RUY0QEe//zx3jP
g4djltQc6eY+nwEds4WCZVw4ymqkH6HmQhGPhMEP+je49xDgn+qbAzyAthswgp24
pHe8XGeItzhaAoJ7c6KzSy3KZPgNAvkV2xH9UQ7V3mGqnfsJH/n5Jaz0DE+To/Xn
iQ/sRArCY+ga1yJPj48y2fz0kzGYfRCjoVuViwKAGUrYfWUttaA88n/dSwku4EKw
ITLZhpXeR6aHgIvmfA3BagIB7O1P4xiyhDf43dKbm3C1H043e7z2G+1drobwRU3j
QDz8mvXQmv+ROdCCGc5SBGApvpsTCCqGSM49AwEHAgME1AThRI63qY5pPs6baKeL
2rdbZsAycCcoV5/h+eP8+khefenG18V62TIwJs7tqfNu0so4ZKity5U0roOP04Ig
T8LBlgQoAQgAQBYhBDu2OeVvhh+i6GUFaQ/daC2XTKcqBQJgKx/uIh0BU3VwZXJz
ZWRlZCBieSAweEVEMkVEMTlGODVCMzY4MkMACgkQD91oLZdMpyrkPxAAhqdxxeQR
1D9Qs6KBWD32GdnbySIdYJNZd8eqF85zaC9G5YFe27lRH8d8DsG0zZDg9bYuLLm7
J86Jq+21SIjuD1hHxLDd0cMelG2UwtW63M169+J7Al/ZaPDFEDmpqukFi8TvJkVY
ubebAkoKEdHWohHnbIHfNLe5m6JnQ0UY3+WzyQmliRUmEzk6/fkagtHIqF98MmVN
jvv7gb69YKhJbVKUy/deRnlOy/rgOLOueaQ+ieNpjOB6cPq1Y0PJklXEdIP350Ix
oxDsoXuAYiPCcHGqvs9FtL8Jcpa4AuK+Pd30b0gSUiOJnzSyQnbXe6eJUROlEXCi
W+5j7FreDFh6bKM5nAgGsM6PiPrAJP1FygG5q5XKhtoJOynFdVoKHz5vKBfG9rTU
o7Gt6hVHGZhFY4aXI/4lIsHLSo2DsCVB+qJa1zxtCPvzfv9sdzHveIhfUkOKx2o+
Pj1qKqYqij+ZwEV2/vrM2VlXkj5c2SkkAQB+EUxcmD61baHEVxq1W1nu3ND6VpzB
Fc8XytZH5ILPr7ffI2DZgmsnrFdzf0uXaKe2qAe2an3hlwIdvZlZJLM3RK+CxQHP
uFTCPIEuMA2H0NSnd40CAwAJrgJMQg6JGtFxytk/Se55X3OyPOpl1ixz7MYKgloZ
hMob/essPnrQvYrWcHC/GJ87DnMqo2pXTGfCwlQEGAEIACYWIQQ7tjnlb4Yfouhl
BWkP3Wgtl0ynKgUCYCm+mwIbAgUJA4f9bADiCRAP3Wgtl0ynKsAWIAQZEwgAfRYh
BFU7mh9yi+pV+GNfB/RcJDHvi1pmBQJgKb6bXxSAAAAAAC4AKGlzc3Vlci1mcHJA
bm90YXRpb25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1NTNCOUExRjcyOEJF
QTU1Rjg2MzVGMDdGNDVDMjQzMUVGOEI1QTY2AAoJEPRcJDHvi1pmfaoA/iw6DRx4
1LbeezZ+TETZ+h4ZPnMecPSKrkFsECv4k3DsAQDbMt9ULddPUjkMnKElW5V+hQ1X
mvHBiOUuwXv2eeA9rQpcEACH9phSbfq/zjuK8BeEJfkKkoXFcA27LsqOsV5TQ2+X
3IKjpB0BkqRzILACVbfix1x2DucaH2z1QO/TgDpyqmdq6YoZ1w1QXSmftOppeAxM
+rVieVvu3/HyEh5i1WphZpOz2T6kC6p4wF8mNjtcwQycSU32Nk3wInPNNzcnKRGp
dP/sanOTwrd9CmxoAH9pVtFomsgiWUBsPYKAj7/DhQMb2cBhTN252RDSLMvGADaK
nMekCSMLQ5TyCP4G7m+vHdgbrpdUI/IuvQ/Uw5ejzaURTJqKt5+s0E81KYYu8uBX
GhufLwNTfIGh16ooEkY6wegGkmRvU3v5kiWVuz5+gma24g7Z1Lan4UWLNMBzQxYQ
LFZ4AAOicVbpEb0o1LTvKBW8a1xe5tQ2odoR4/6lngQQU0eTh2w7kJkAxlXF9OSN
0NJnLWNR8E+7nKZo1IhYl2EwiN4PDokgnPaq8YBeM1sI6lbsBb5RpCoR/+yKXxRU
YJEd57dNtcZ6mcQv9twR9plw4z71FroLgkT/2C65fE6Z/o3h7HCjjhbwgpQ0J8QY
MgalgmUykW5Vid7z2ZfMxyewIjSS2SWRPfG5kPU6OvjNuDaGPSOkDQUBQ6U9H9b3
Lu2WtVai5PcwU+G5SukpK8RcBN4S0B9ULpW12CiCdY+Bg+y+MQTdDxSEI46tQ8Ol
u844BFtzwQwSCisGAQQBl1UBBQEBB0Byc8gV5gBy7ESPa7yI6vEI0trYdHpjKZXr
HTGA+TWvaAMBCAfCwXwEGAEIACYCGwwWIQQ7tjnlb4YfouhlBWkP3Wgtl0ynKgUC
Y6C+kgUJDAGzhgAKCRAP3Wgtl0ynKoJAEAC/NgLKDURYBP0oNcq5v8bERj0bM3f8
p6sOTUdLpxLAx+cg9xt6PLOisUuBgMbMqmrsYgAX8QJNr+pfy52ahFHdzQkB7fcZ
hXjNGdlFCvQh4JhCWuGqti8Pdht/2A2X9pTtlROWC4GErvkrpx7sqfmictSQKFFF
asqyHINIW3tcrodTysrlsYjOuxXIht3HI+L7b3Ox81eiAKfF6I6tuTBlT/v9Gv40
rl4md/sl9uGotNSNOLBl7yNl4AGJDINUxeadJ4yC6SB4NMdx0O62r2qbMHkmcUKB
DpcyZaZ21cfCVhAROkbvcXgcWQTifDwU0IiqjZRF83RsXVb9CUnlwp6jKeD2NKQR
eX6vX3/CmzyX75fg18gvb7KgUU3CwRUir+0uRM0m52d5W+rV4vAEB5Flxwu427GX
pE4OdgJ6g3qnpR5l/zI7mNfYh4a+ptSSogoXNmZWkkk+gGgKP2J4sL1L8loZps0c
OTYBZbyieiULKD7q2IvIPF3Kqv2akMN+tsc06TO93GqJ5e+2ztaik6+Cvuelbq6H
OIwm0hDaMjlVFNtUe6FqFxS4G0J/MOaYDKxrz2OdURYIP8trp0+diwpaaC3wHsSt
2bpgz06dlzlS7hX0E5/+LxXT1f12Mq6U/rfKRfUIIC3jAZlEmng9oJqV8TK+0aSq
f5N+/nzqJvql18LBfAQYAQgAJgIbDBYhBDu2OeVvhh+i6GUFaQ/daC2XTKcqBQJg
BLdTBQkIPQv2AAoJEA/daC2XTKcqifUP/j3okRd2BtwrQ8du8pl3ilmmMcSP7h2m
SWcvNx82eEurQRjJISrS9lSOTJ8kOMatkDRGM9gO2NHuI4VAX8PuFYCY5+yWN8eE
dgT/VrQgGBbjMl7amiG0QaRH4DLFSDtHSU9zZyUSkupVbvw+wEyfYZVzZTMhi6v2
E7SCdH+/cyF6PsR+whRp5y+zNaSTWA2fBF0fU6qYV5oy8XgBVj4PnX6w8kaI2Vvz
O2IzApF8bsUGw+5uNLYyWW/yaAurtMUDgMiMKJ1sBmta5iHuovLLjD2ZtRbu4cLM
BfTCDLe41YtFC7loeK16Rzv6BfV/dw+FBhMm10qChd7Viryy8HwxTdmGpgs50Ign
ZVkbJN+OuDw8jpCtH2fBFYQK+f0P1q6H6GbZCnNdQKl/yTXiixlA0F9VY1EDAYbi
B+U/vOQ5zUompSivqHyd1VESfLsmmVLUB3OZ5KTHVT/mfjhsthChvf4HbYOpfpvv
EpD6G/d1MiQtg0Bfm1V2gIsWOp1BqUz346YuYBTUxFtgiEjMnkjq5zcpte567rsS
fmXjGei1W6qqWHIQYg7nW+GcDsCxsSOIaTZE1CHlRvNDu2GovwJUDK9aDvBF3zCR
I9kEDTlS2gZz2LMSHTFjdinnWZCWOxS+useZpNL6ffBepCWMk2zZT/7s065ulM1T
28ENgq12oDCawsF8BBgBCAAmFiEEO7Y55W+GH6LoZQVpD91oLZdMpyoFAltzwQwC
GwwFCQWjmoAACgkQD91oLZdMpyrt9w//bj+BrIL0EelDgYvV7Nx7OniXLxKIfhaw
Qrv+PayPERt5NfGEGC25nRt7dVJxHfkmT+wEZeY89lzXugd3APBlA9zh9HmMyqou
GMZlItc8G8GqPG7iqCfnYe3KL88selRvXOEB9nw4KtFYWpgdE6KfAecuGUa0JLhr
lwmMen5pmvjY1ej6AuRXKLIMAU+l1bS2cfsveRGGAgc2OczW5L5HgY2puCOMaNIo
yI0xFmIwe+9u+f5HB6yayUBWxIB2dJ1ZmPtFdOtQSESjiTnAblZKN5VozeYWyGY0
KljFK1jYZ3/4um2c2TmkjQwVEUJcfuxM6RWChdoNjQVfMkuUUqMP2HdliCpKr7xO
LHh5i3CWf99Gkx1zgtD+I4jRkwpqKqPtbhsSSfBlzDX2OEtYsnEtdB/LSASdFB2U
xj+EpZORnc1anbYmdd6QSu/h3BQVK6/zxOdYhkMn6gN4PlK+l0xuHWi0Koishjaq
wUSwTNmWyu/tbbovH5Ay00/XOTNTav4N6im2H1iLfXUSvgX8zz4s67qSM22c2eou
XS/8S5wPgT4C8D8khYg0bygRX6Fhehw50SRcfOydq6u/O/IH1Fj0KMI+Ff4BROl7
7exmRzdCB3P3+LM9lbD52VC73Hf0b9K6u0JaAjj1ScVA8/175uglgYUfa4UHS08U
ZcjFqHwkPNnOOARlouUkEgorBgEEAZdVAQUBAQdA1soMQmqIneKfcTyZ8R/8mqwQ
id8wf8UrxnSJSGaZSw8DAQgHwsF8BBgBCAAmAhsMFiEEO7Y55W+GH6LoZQVpD91o
LZdMpyoFAmdcur8FCQWU9nEACgkQD91oLZdMpypNchAAhJ1XqFK6XkILu5Pdj+aO
yxdqOSX+L/BIcP4DLJ42GvfVkK02ZRGfJCZ6MUi8VEiMNklsjqTE4xF5/cjoImsu
LLHUJ/9tG/vriTOfw4RxUAQuC2fBrb5bFCUpz4whXyz/NDqtmTsaqgX7ioQ+f/hk
aEgpyCGrb260851j7DagBFEzDg+Y9a1oa+WFJityMvQ2r93Na4pbp6ark26jEKaD
3F+1Z8ykm5kj6iU0G2s6vZRHzSVXS/imyzvMfKu8RxckdIsFbZWa39A4UvMBS4ES
k05OREI5WCWdtQa937ED7IK9rXSBHcw8iP7sD+YNZLl64tUupz5IzTAOy+agcPtB
p4NFy9FGVnCwJSbqE5kzzSLMRZlj2N9/SvCpi3VJ1EmBGds3/IT4uabCVEml4XIJ
95TKqaTW4ivqnmQq7paiO2yMDxsNK3ekvkwiM3P3cbj6UGkd3Jd8aHwjgZBtQWx6
QGS+89i1zT1XvuxF+mYGloYufdm36yaTnvYfHImBq0Vka+s0LFqlqQuuk3zwo2Bp
zwAog5kF0/3+gryIXXbBEymS0hS2RgabKiWJkudN6DdkSBeIh76L9NPL5hHxNjCe
VROIF9Vs4yJHdwyQTDwRBUaVRDBSB08zj9MbSe4yuVEfhF9Yygi9bp2Khm5hO42r
EovB2Y/kIMPgSQCtpv3l3xbCwXwEGAEIACYWIQQ7tjnlb4YfouhlBWkP3Wgtl0yn
KgUCZaLlJAIbDAUJA8JnAAAKCRAP3Wgtl0ynKuG8EACE22cOYw4fpu/leUt/Z4pR
0UR0D+dtcd80vzr2EiPFon9emfdvcHgcszPFyiEreZEjJjTxDUQIxfiUG2l5PPTl
t58Y0R/nmXuH8p7YTaoSNZpC8uQDB9+pQtAqxh/bXWD7rpkln1tac8OZYI3jInJa
y/VWHhewK9dL3Fp2uuemmFl8d0ahx3CSqJZVDIyYu14j+jUB0OSHxU6s/CJAiakJ
Kn/pBV4u2cdbMPZRa/I8wl9QC9Oq5dmeHteq7XgNyXaffHQcyn1r0wNBU2R0Ylxr
XhAgfKBVMR6rgzdmjtmvZqpL7J40v2avlsQNBpqsVFNT3vd9h1JhlE2ncSgHGoPt
+8V3sD2bdKjkZtemX933fYt6ofQ2JI1qG9uvVoFy8dNFnoQP/5WQR0WwZsGfZ95Y
SD8/ILSdm0A+giBM2JJni5+spvJuu+rqdkQLNF82ClrqQ8JM2D1aNLQRRcptHfzg
NfLtf6KyN+6UCfLYNSysPfG5GsHTkxjiF6jiMk9sB7xOkfyT6ijtCmR8AdKkm6QF
z7fLInTVdrZNDALCDpMzyAk+uhjI7hMgTYufdYGyWioHVWq24yD6TVoWWqI71/CA
b/K/q4Asnslt4AuUrlbvJ1k4uCgR2xxMOxrZ/UZI7ErH18dBh8S1bHmU5nmRJYe/
WpctaxNBrOefSak1yUrvCg==
=t8ib
-----END PGP PUBLIC KEY BLOCK-----

79
xorg-x11-server.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package xorg-x11-server
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -36,7 +36,7 @@
%endif
Name: xorg-x11-server
Version: 21.1.12
Version: 21.1.15
Release: 0
URL: http://xorg.freedesktop.org/
Summary: X
@@ -147,7 +147,7 @@ Requires: libpixman-1-0 >= 0.24
Requires: Mesa
%if 0%{?suse_version} >= 1315
Requires(post): update-alternatives
Requires(postun):update-alternatives
Requires(postun): update-alternatives
%endif
Provides: xorg-x11-server-glx
Obsoletes: xorg-x11-server-glx
@@ -191,6 +191,7 @@ Requires: xkeyboard-config
# Unfortunately we need a requires here due to OBS not installing 'recommended'
# packages :-(
Requires: xorg-x11-server-Xvfb
Conflicts: patterns-wsl-tmpfiles
# PATCH-FEATURE-OPENSUSE n_xorg-x11-server-rpmmacros.patch dimstar@opensuse.org -- Provide RPM macros to require correct ABI Versions.
Patch1: N_default-module-path.diff
@@ -219,8 +220,6 @@ Patch210: u_os-connections-Check-for-stale-FDs.patch
Patch215: u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
Patch1000: n_xserver-optimus-autoconfig-hack.patch
Patch1162: b_cache-xkbcomp-output-for-fast-start-up.patch
Patch1211: b_0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch
Patch1222: b_sync-fix.patch
@@ -243,9 +242,29 @@ Patch1960: u_sync-pci-ids-with-Mesa.patch
Patch2000: u_fbdevhw_kernel6.9_break_fbdev_open.patch
Patch1218176: u_miCloseScreen_check_for_null_pScreen_dev_private.patch
Patch1222442: U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
Patch1222443: U_xorg-xserver-e89edec497ba.patch
Patch1237451: U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch
Patch1237452: U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
Patch1237453: U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
Patch1237454: U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
Patch1237455: U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
Patch1237456: U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
Patch1237457: U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
Patch1237458: U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
Patch1237459: U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
Patch1237460: U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
Patch1237461: U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
Patch1237462: U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
Patch1237463: U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
Patch1239750: U_CVE-2022-49737-dix-Hold-input-lock-for-AttachDevice.patch
Patch1244082: U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch
Patch1244084: U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch
Patch1244085: U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch
Patch1244087: U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch
Patch1244089: U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch
Patch1244090: U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch
Patch1244091: U_CVE-2025-49180-xfree86-Check-for-RandR-provider-functions.patch
Patch1244092: U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch
%description
This package contains the X.Org Server.
@@ -258,6 +277,7 @@ Requires: xkeyboard-config
Recommends: xorg-x11-fonts-core
Provides: xorg-x11-Xnest
Obsoletes: xorg-x11-Xnest
Conflicts: patterns-wsl-tmpfiles
%description extra
This package contains additional Xservers (Xephyr, Xnest).
@@ -273,6 +293,7 @@ Recommends: xorg-x11-fonts-core
Provides: xorg-x11-Xvfb
Provides: xorg-x11-server:/usr/bin/Xvfb
Obsoletes: xorg-x11-Xvfb
Conflicts: patterns-wsl-tmpfiles
%description Xvfb
This package contains the virtual Xserver Xvfb.
@@ -369,29 +390,21 @@ sh %{SOURCE92} --verify . %{SOURCE91}
%patch -P 12 -p1
#
%patch -P 100 -p1
#%patch -P 101 -p1
#patch -P 101 -p1
%patch -P 104 -p1
%patch -P 117 -p1
%patch -P 160 -p1
%patch -P 208 -p1
%patch -P 209 -p1
### not applicable anymore
#%patch -P 210 -p1
#patch -P 210 -p1
%patch -P 215 -p1
### apparently supersed by upstream
### commit 078277e4d92f05a90c4715d61b89b9d9d38d68ea
### Author: Dave Airlie <airlied@redhat.com>
### Date: Fri Aug 17 09:49:24 2012 +1000
###
### xf86: autobind GPUs to the screen
#%patch -P 1000 -p1
### disabled for now
#%patch -P 1162 -p1
#patch -P 1162 -p1
### disabled for now
#%patch -P 1211 -p1
#patch -P 1211 -p1
### patch222 might not be applicable anymore
#%patch -P 1222 -p1
#patch -P 1222 -p1
%patch -P 1401 -p1
%patch -P 1503 -p1
%patch -P 1900 -p1
@@ -404,8 +417,30 @@ sh %{SOURCE92} --verify . %{SOURCE91}
%patch -P 1218176 -p1
%patch -P 1222442 -p1
%patch -P 1222443 -p1
%patch -P 1237451 -p1
%patch -P 1237452 -p1
%patch -P 1237453 -p1
%patch -P 1237454 -p1
%patch -P 1237455 -p1
%patch -P 1237456 -p1
%patch -P 1237457 -p1
%patch -P 1237458 -p1
%patch -P 1237459 -p1
%patch -P 1237460 -p1
%patch -P 1237461 -p1
%patch -P 1237462 -p1
%patch -P 1237463 -p1
%patch -P 1239750 -p1
%patch -P 1244082 -p1
%patch -P 1244084 -p1
%patch -P 1244085 -p1
%patch -P 1244087 -p1
%patch -P 1244089 -p1
%patch -P 1244090 -p1
%patch -P 1244091 -p1
%patch -P 1244092 -p1
%build
# We have some -z now related errors during X default startup (boo#1197994):