forked from pool/xwayland
Compare commits
17 Commits
Author | SHA256 | Date | |
---|---|---|---|
dc62b27435 | |||
62d6613a2f | |||
3237f241c7 | |||
51a11c42c6 | |||
64a4180db5 | |||
1dd0f95fcc | |||
ed85a28b3f | |||
a3a5ea5a59 | |||
6c10e3edc4 | |||
78461b05b0 | |||
87cc4ccb4a | |||
2eb6dcad49 | |||
e6f2706b47 | |||
7970ce6100 | |||
978db30820 | |||
fc377560bf | |||
7d3a990aeb |
@@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:141eb76e7e422a3661c08782c70be40931084755042c04506e0d97dd463ef7d2
|
||||
size 1302068
|
Binary file not shown.
3
xwayland-24.1.8.tar.xz
Normal file
3
xwayland-24.1.8.tar.xz
Normal file
@@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c8908d57c8ed9ceb8293c16ba7ad5af522efaf1ba7e51f9e4cf3c0774d199907
|
||||
size 1303408
|
BIN
xwayland-24.1.8.tar.xz.sig
Normal file
BIN
xwayland-24.1.8.tar.xz.sig
Normal file
Binary file not shown.
168
xwayland.changes
168
xwayland.changes
@@ -1,3 +1,171 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 19 06:09:54 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
- Update to version 24.1.8:
|
||||
* This release contains an additional fix for CVE-2025-49176 from
|
||||
June 17 security advisory:
|
||||
https://lists.x.org/archives/xorg/2025-June/062055.html
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 17 20:01:39 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
- Update to version 24.1.7:
|
||||
* This release contains the fixes for the issues reported in
|
||||
today's security advisory:
|
||||
https://lists.x.org/archives/xorg/2025-June/062055.html
|
||||
CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178,
|
||||
CVE-2025-49179, CVE-2025-49180.
|
||||
* Additionally, this release includes several other various fixes.
|
||||
* Drop patches fixed upstream:
|
||||
- U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch
|
||||
- U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch
|
||||
- U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch
|
||||
- U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch
|
||||
- U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch
|
||||
- U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 5 12:55:30 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
- U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch
|
||||
* Out-of-bounds access in X Rendering extension (Animated cursors)
|
||||
(CVE-2025-49175, bsc#1244082)
|
||||
- U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch
|
||||
* Integer overflow in Big Requests Extension
|
||||
(CVE-2025-49176, bsc#1244084)
|
||||
- U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch
|
||||
* Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode)
|
||||
(CVE-2025-49177, bsc#1244085)
|
||||
- U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch
|
||||
* Unprocessed client request via bytes to ignore
|
||||
(CVE-2025-49178, bsc#1244087)
|
||||
- U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch
|
||||
* Integer overflow in X Record extension
|
||||
(CVE-2025-49179, bsc#1244089)
|
||||
- U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch
|
||||
* Integer overflow in RandR extension (RRChangeProviderProperty)
|
||||
(CVE-2025-49180, bsc#1244090)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 25 22:20:48 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
- Update to version 24.1.6:
|
||||
* This release contains the fixes for the issues reported in
|
||||
today's security advisory: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
|
||||
CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597,
|
||||
CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601.
|
||||
* Additionally, it reverts a recent Xkb change to fix an issue
|
||||
with gamescope.
|
||||
- Drop patches fixed upstream:
|
||||
* U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch
|
||||
* U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
|
||||
* U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
|
||||
* U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
|
||||
* U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
|
||||
* U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
|
||||
* U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
|
||||
* U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
|
||||
* U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
|
||||
* U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
|
||||
* U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
|
||||
* U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
|
||||
* U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 25 18:08:33 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
- U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch
|
||||
U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
|
||||
* Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
|
||||
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
|
||||
* Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
|
||||
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
|
||||
* Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
|
||||
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
|
||||
* Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
|
||||
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
|
||||
* Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
|
||||
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
|
||||
U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
|
||||
* Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
|
||||
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
|
||||
* Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
|
||||
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
|
||||
U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
|
||||
U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
|
||||
U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
|
||||
* Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 6 11:54:10 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
- Update to 24.1.5
|
||||
* os: NextDPMSTimeout: mark intentional fallthroughs in switch
|
||||
* Xi: avoid NULL pointer dereference if GetXTestDevice returns NULL
|
||||
* render: avoid NULL pointer dereference if PictureFindVisual returns NULL
|
||||
* dix: fix button offset when generating DeviceButtonStateNotify events
|
||||
* dix: limit checks to MAX_VALUATORS when generating Xi events
|
||||
* dix-config.h: add HAVE_SOCKLEN_T definition
|
||||
* xwayland: copy repeat settings from the compositor map
|
||||
* xwayland: Don't run key behaviors and actions
|
||||
* xwayland/glamor/gbm: Don't close fence_fd after xwl_glamor_wait_fence
|
||||
* xwayland/present: Check allow_commits in xwl_present_flip
|
||||
* xwayland/glamor: Drop expecting_event bailing from xwl_drm_handle_device
|
||||
* xwayland: Always decrement expecting_event in xwl_output_create
|
||||
* xwayland/glamor: Clean-up GBM's screen private on failure
|
||||
* xwayland: Do not keep the cursor's pixmap around
|
||||
* xkb: Always use MAP_LENGTH keymap size
|
||||
* os/connection: Make sure partial is initialized
|
||||
* xwayland/glamor: Disable GLAMOR after GBM cleanup
|
||||
* glamor: return the result of gbm_format_for_depth
|
||||
* glamor: use gbm_format_for_depth instead of open-coding it
|
||||
* glamor: reject configs using unsupported rgbBits size
|
||||
* xwayland: prevent potential null pointer dereference
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 29 19:29:21 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
- Security update 24.1.4
|
||||
This release addresses the following security issue
|
||||
* CVE-2024-9632: Heap-based buffer overflow privilege escalation
|
||||
in _XkbSetCompatMap (bsc#1231565)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 3 21:35:10 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
- Update to bugfix release 24.1.3
|
||||
* dix: check for calloc() failure in Xi event conversion routines
|
||||
* dix: PolyText: fully initialize local_closure
|
||||
* dix: SetFontPath: don't set errorValue on Success
|
||||
* dix: enterleave.c: fix implicit fallthrough warnings
|
||||
* dix: CreateScratchGC: avoid dereference of pointer we just set to NULL
|
||||
* dix: InitPredictableAccelerationScheme: avoid memory leak on failure
|
||||
* dix: dixChangeWindowProperty: don't call memcpy if malloc failed
|
||||
* dix: ProcListProperties: skip unneeded work if numProps is 0
|
||||
* dix: HashResourceID: use unsigned integers for bit shifting
|
||||
* dix: GetPairedDevice: check if GetMaster returned NULL
|
||||
* dix: FindBestPixel: fix implicit fallthrough warning
|
||||
* CI: clone libdecor from fd.o instead of gnome.org
|
||||
* CI: update libdecor from 0.1.0 to 0.1.1
|
||||
* Don't crash if the client argv or argv[0] is NULL.
|
||||
* Return NULL in *cmdname if the client argv or argv[0] is NULL
|
||||
* xwayland: connect to the wl display before calling into EGL
|
||||
* xwayland: Report correct mode size when rootful
|
||||
* build: Move epoll dependency check
|
||||
* build: Add epoll to Xwayland for DragonFly and OpenBSD
|
||||
* build: Fix DRI3 on DragonFly and OpenBSD
|
||||
* os: Fix NULL pointer dereference
|
||||
* dix: don't push the XKB state to a non-existing master keyboard
|
||||
* Xi: when removing a master search for a disabled paired device
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 24 11:24:48 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
- added conflicts to patterns-wsl-tmpfiles as this patterns package
|
||||
creates a symlink from /tmp/.X11-unix to /mnt/wslg/.X11-unix and
|
||||
therefore prevents Xwayland from creating this needed directory
|
||||
(bsc#1230755)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Aug 24 20:14:05 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
|
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package xwayland
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -22,7 +22,7 @@
|
||||
%endif
|
||||
|
||||
Name: xwayland
|
||||
Version: 24.1.2
|
||||
Version: 24.1.8
|
||||
Release: 0
|
||||
URL: http://xorg.freedesktop.org
|
||||
Summary: Xwayland Xserver
|
||||
@@ -31,6 +31,7 @@ Group: System/X11/Servers/XF86_4
|
||||
Source0: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz
|
||||
Source1: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz.sig
|
||||
Source2: xwayland.keyring
|
||||
|
||||
BuildRequires: meson
|
||||
BuildRequires: ninja
|
||||
BuildRequires: pkgconfig
|
||||
@@ -100,6 +101,7 @@ Requires: libpixman-1-0
|
||||
%endif
|
||||
Obsoletes: xorg-x11-server-wayland < %{version}
|
||||
Provides: xorg-x11-server-wayland = %{version}
|
||||
Conflicts: patterns-wsl-tmpfiles
|
||||
|
||||
%description
|
||||
This package contains the Xserver running on the Wayland Display Server.
|
||||
|
Reference in New Issue
Block a user