Overview Repositories Revisions Requests Users Attributes Meta

Revisions of xorg-x11-server

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1166666 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 430) 
- U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
  * fixes regression for security fix for CVE-2024-31083 (bsc#1222312, 
    boo#1222442, gitlab xserver issue #1659)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1164516 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 429) 
- Security update 21.1.12
  This release addresses the following 4 security issues:
  * CVE-2024-31080
  * CVE-2024-31081
  * CVE-2024-31082
  * CVE-2024-31083
  Additionally it provides a way to disable byte-swapped clients either by
  command line flag or config option. This allows to turn off byte swapping
  code that has been a source of security problems lately.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1148344 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 427) 
- fix permissions of files in xorg-x11-server-source for tigervnc
  build later (needed since latest autoconf)

- Provide again xorg-x11-server-source
  * xwayland sources are not meant for a generic server.
  * https://github.com/TigerVNC/tigervnc/issues/1728

- Stop providing xorg-x11-server-source from xorg-x11-server
  * Now the sources are provided by xwayland because it is more updated.
  * Fixes bsc#1219892.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1146120 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 426) 
- Release 21.1.11 also covers fixes for security issue CVE-2022-46340
  and bug numbers bsc#1205874, bsc#1217765

- Release 21.1.11 covers fixes for the following bug numbers, which
  are not mentioned in this changelog before: bsc#1218845,
  bsc#1218846, bsc#1216261, bsc#1216133, bsc#1216135

- Release 21.1.11 supersedes the following patches still used with
  xorg-x11-server 21.1.4 on sle15-sp5/Leap 15.5 and not mentioned in
  this changelog as superseded before:
  * U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
  * U_bsc1216133-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
  * U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
  * U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch
  * U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
  * U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch
  * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
  * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
  * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
  * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
  * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
  * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
  * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
  * U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
  * U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch

- xserver sources of this release fixes segfault in Xvnc (bsc#1219311)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1142261 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 425) 
- no longer (build-)require obsolete Xprint/XprintUtil
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1139223 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 424) 
- Update to version 21.1.11
  * This release contains fixes for the issues reported in today's security
    advisory: https://lists.x.org/archives/xorg/2024-January/061525.html
  * CVE-2023-6816  (bsc#1218582)
  * CVE-2024-0229  (bsc#1218583)
  * CVE-2024-21885 (bsc#1218584)
  * CVE-2024-21886 (bsc#1218585)
  * CVE-2024-0408
  * CVE-2024-0409
- supersedes the following patches
  * U_xephyr-Don-t-check-for-SeatId-anymore.patch
  * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
  * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1137765 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 423) 
- u_miCloseScreen_check_for_null_pScreen_dev_private.patch
  * miCloseScreen check for null pScreen dev private (bsc#1218176); 
    another regression introduced by 
    U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1137260 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 422) 
- n_xserver-optimus-autoconfig-hack.patch
  u_randr-Do-not-crash-if-slave-screen-does-not-have-pro.patch
  u_xfree86-activate-GPU-screens-on-autobind.patch
  * check dixPrivateKeyRegistered(rrPrivKey) before calling
    rrGetScrPriv() to avoid xserver crash when Xinerama is enabled
    (boo#1218240)
 -------------------------------------------------------------------
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1132834 from Joan Torres's avatar Joan Torres (jtorres) (revision 421) 
- U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
  * Out-of-bounds memory write in XKB button actions (CVE-2023-6377, 
    ZDI-CAN-22412, ZDI-CAN-22413, bsc#1217765)
- U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
  * Out-of-bounds memory read in RRChangeOutputProperty and
    RRChangeProviderProperty (CVE-2023-6478, ZDI-CAN-22561,
    bsc#1217766)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1120244 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 420) 
- Update to version 21.1.9
  * This release contains fixes for CVE-2023-5367, CVE-2023-5380
    and CVE-2023-5574 as reported in today's security advisory:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
- adjusted u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1075267 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 418) 
This can be checked in now https://lists.x.org/archives/xorg-announce/2023-March/003374.html

- U_xserver-composite-Fix-use-after-free-of-the-COW.patch
  * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866,
    bsc#1209543)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1063640 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 417) 
- Update to version xorg-server-21.1.7:
  * This release contains the fix for CVE-2023-0494 in today's security
    advisory: 
    https://lists.x.org/archives/xorg-announce/2023-February/003320.html
    It also fixes a second possible OOB access during EnqueueEvent and a
    crasher caused by ResourceClientBits not correctly honouring the
    MaxClients value in the configuration file.
- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch,
  U_xorg-server-oob-read-enqueue-event.patch

- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
  * DeepCopyPointerClasses use-after-free (CVE-2023-0494, 
    ZDI-CAN-19596, bsc#1207783)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1060975 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 416) 
- rename u_xorg-server-oob-read-enqueue-event.patch to 
  U_xorg-server-oob-read-enqueue-event.patch since it's already
  upstream

- Add u_xorg-server-oob-read-enqueue-event.patch: fix an
  out-of-bounds read in EnqueueEvent.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1042895 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 414) 
- U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
  * XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283,
    bsc#1206017)

- U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
  * Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265,
    CVE-2022-46340, bsc#1205874)
- U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
  * Xi: return an error from XI property changes if verification
    failed (no ZDI-CAN id, no CVE id, bsc#1205875)
- U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
  * Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405,
    CVE-2022-46344, bsc#1205876)
- U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
  * Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381,
    CVE-2022-46341, bsc#1205877)
- U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
  * Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404,
    CVE-2022-46343, bsc#1205878)
- U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
  * Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400,
    CVE-2022-46342, bsc#1205879)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1034269 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 413) 
- Release 21.1 covers bugfixes and JIRA tickets for bsc#1176015,bsc#1182510,bsc#1182884,bsc#1184072,bsc#1184543,bsc#1184906,bsc#1186092,bsc#1188970,bsc#1194159,bsc#1196577,bsc#1197046,bsc#1197269,bsc#1200076,fdo#574,jsc#SLE-18653,jsc#SLE-8470
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1034184 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 412) 
- Release 21.1 supersedes the following patches still used with
  xorg-x11-server 1.20.3 on sle15-sp4/Leap 15.4:
  * U_0002-DRI2-Add-another-Coffeelake-PCI-ID.patch
  * U_0002-Fix-crash-on-XkbSetMap.patch
  * U_0003-Fix-crash-on-XkbSetMap.patch
  * U_0003-dri2-Sync-i965_pci_ids.h-from-mesa.patch
  * U_0004-dri2-Set-fallback-driver-names-for-Intel-and-AMD-chi.patch
  * U_0005-dri2-Sync-i965_pci_ids.h-from-mesa-iris_pci_ids.h.patch
  * U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch
  * U_glamor-Make-pixmap-exportable-from-gbm_bo_from_pixma.patch
  * U_hw_do-not-include-sys-io-with-glibc.patch
  * U_meson-Fix-another-reference-to-gl-9.2.0.patch
  * U_modesetting-Fix-broken-manpage-in-autoconf-build.patch
  * U_present-wnmd-Fix-use-after-free-on-CRTC-removal.patch
  * U_present-wnmd-Relax-assertion-on-CRTC-on-abort_vblank.patch
  * U_xfree86-Change-displays-array-to-pointers-array-to-f.patch
  * U_xfree86-Fix-NULL-pointer-dereference-crash.patch
  * U_xkbsetdeviceinfo.patch
  * u_sync-pci-ids-with-Mesa-21.2.4.patch
  * u_xf86-Accept-devices-with-the-simpledrm-driver.patch
  * u_xichangehierarchy-CVE-2020-14346.patch
  * u_xkb-CVE-2020-14345.patch
  * u_xkb-CVE-2020-14360.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1032921 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 411) 
- removed N_Disable-HW-Cursor-for-cirrus-and-mgag200-kernel-modules.patch 
  * meanwhile cirrus and mgag200 Kernel drivers have been rewritten
    multiple times and no longer have (broken) hardware cursor

- u_xf86-Accept-devices-with-the-kernels-ofdrm-driver.patch
  * Add workaround to support ofdrm
Displaying revisions 1 - 20 of 430
openSUSE Build Service is sponsored by
Places