- Update to 23.2.6
  * This is a quick bug fix release to address a regression
    introduced by the fix for CVE-2024-31083 in xwayland-23.2.5.

• Files Changed
• Browse Source

- Security update 23.2.5 
  This release contains the 3 security fixes that actually apply to
  Xwayland reported in the security advisory of April 3rd 2024
  * CVE-2024-31080
  * CVE-2024-31081
  * CVE-2024-31083
  Additionally, it also contains a couple of other fixes, a copy/paste
  error in the DeviceStateNotify event and a fix to enable buttons with
  pointer gestures for backward compatibility with legacy X11 clients.

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- This release contains also the following patches mentioned in
  previous sle15 releases
  * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
  * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
  * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
  * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
  * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
  * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
  * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch

- This release contains also the missing fixes of initial
  U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
  (bsc#1217765)

- Update to version 23.2.4
  * This release contains fixes for the issues reported in today's
    security advisory: 
    https://lists.x.org/archives/xorg/2024-January/061525.html
  * CVE-2023-6816  (bsc#1218582)
  * CVE-2024-0229  (bsc#1218583)
  * CVE-2024-21885 (bsc#1218584)
  * CVE-2024-21886 (bsc#1218585)
  * CVE-2024-0408
  * CVE-2024-0409
- supersedes the patches mentioned below:
  * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
  * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch

• Files Changed
• Browse Source

- U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
  * Out-of-bounds memory write in XKB button actions (CVE-2023-6377, 
    ZDI-CAN-22412, ZDI-CAN-22413, bsc#1217765)
- U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
  * Out-of-bounds memory read in RRChangeOutputProperty and
    RRChangeProviderProperty (CVE-2023-6478, ZDI-CAN-22561,
    bsc#1217766)

• Files Changed
• Browse Source

- This release contains the following patches mentioned in previous
  sle15 releases
  * U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch:
    fixes regression introduced with security update for
    CVE-2022-46340 (bsc#1205874)     
  * U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch:
    fix handling of PropModeAppend/Prepend ((CVE-2023-5367, ZDI-CAN-22153,
    bsc#1216135)
  * U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch,
    U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch:
    Server Damage Object Use-After-Free Local Privilege Escalation
    Vulnerability (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
  * U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch:
    fixes a regresion, which can trigger a segfault in Xwayland on
    exit, introduced by 
    U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch 
    (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)

• Files Changed
• Browse Source

- Update to version 23.2.2
  * This release contains the fix for CVE-2023-5367 and CVE-2023-5574
    in today's security advisory: 
      https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    Xwayland does not support multiple protocol screens (Zaphod) and is thus
    not affected by CVE-2023-5380.
  * Additionally, there is a change in the default behaviour of Xwayland:
    Since version 23.2.0 Xwayland (via liboeffis) automatically tries to
    connect to the XDG Desktop Portal's RemoteDesktop interface to obtain
    the EI socket. That socket is used to send XTest events to the
    compositor.
  * However, the connection to the session-wide Portal is unsuitable when
    Xwayland is running in a nested compositor. Xwayland cannot tell whether
    it's running on a nested compositor and to keep backwards compatibility
    with Xwayland prior to 23.2.0, Xwayland must now be started with
    "-enable-ei-portal" to connect to the portal.
  * Compositors (who typically spawn Xwayland rootless) must now pass this
    option to get the same behaviour as 23.2.x.
  * Finally, Xwayland now uses libbsd-overlay instead of libbsd.

• Files Changed
• Browse Source

- Update to version 23.2.1:
  * glamor: Ignore destination alpha as necessary for composite operation
  * xtest: Check whether there is a sendEventsProc to call
- supersedes xwayland-glamor-Ignore-destination-alpha-as-necessary-for-com.patch

- xwayland-glamor-Ignore-destination-alpha-as-necessary-for-com.patch
  * Fix when vncviewer fades to white on xwayland (bsc#1215385,
    https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1154)
------------------------------------------------------------------

• Files Changed
• Browse Source

- enable libei and libdecor only for TW, since it does not exist
  yet on sle15-sp5

- Update to version 23.2.0:
  * Optional support for emulated input (EI) via the libei library,
    support for the tearing control protocol, and the XWayland
    rootful mode is now resizable with libdecor.
- Add pkgconfig(libei-1.0) BuildRequires, build new optional
  emulated input support.
- Add pkgconfig(libdecor-0) BuildRequires, build optional CSD
  support.

• Files Changed
• Browse Source

- Update to version 23.1.2
  * This release includes improved DMA-BUF v4 feedback support for
    direct scanout, relaxed CVT modes for non-standard modes, fixes
    for the CHERI/Morello platform and other various fixes.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to version 22.1.8
  * This release contains the fix for CVE-2023-0494 in today's
    security advisory: 
    https://lists.x.org/archives/xorg-announce/2023-February/003320.html
  * It also fixes a second possible OOB access during EnqueueEvent.
- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch

- improved summary and description 
- added requires to xkeyboard-config
- added recommends to xorg-x11-fonts-core
- removed unused 'package' section

- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
  * DeepCopyPointerClasses use-after-free (CVE-2023-0494, 
    ZDI-CAN-19596, bsc#1207783)

• Files Changed
• Browse Source

- Update to version 22.1.7
  * This release fixes an invalid event type mask in 
    XTestSwapFakeInput which was inadvertently changed from octal
    0177 to hexadecimal 0x177 in the fix for CVE-2022-46340.

- Update to version 22.1.6:
  * Fixes CVE-2022-46340, CVE-2022-46341, CVE-2022-46342,
    CVE-2022-46343, CVE-2022-46344, CVE-2022-4283.
  * Xtest: disallow GenericEvents in XTestSwapFakeInput
  * Xi: disallow passive grabs with a detail > 255
  * Xext: free the XvRTVideoNotify when turning off from the same
    client
  * Xext: free the screen saver resource when replacing it
  * Xi: return an error from XI property changes if verification
    failed
  * Xi: avoid integer truncation in length check of
    ProcXIChangeProperty
  * xkb: reset the radio_groups pointer to NULL after freeing it
- Drop patches fixed upstream:
  * U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
  * U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
  * U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
  * U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
  * U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
  * U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
  * U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch

• Files Changed
• Browse Source

- U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
  * XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283,
    bsc#1206017)

- U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
  * Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265,
    CVE-2022-46340, bsc#1205874)
- U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
  * Xi: return an error from XI property changes if verification
    failed (no ZDI-CAN id, no CVE id, bsc#1205875)
- U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
  * Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405,
    CVE-2022-46344, bsc#1205876)
- U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
  * Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381,
    CVE-2022-46341, bsc#1205877)
- U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
  * Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404,
    CVE-2022-46343, bsc#1205878)
- U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
  * Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400,
    CVE-2022-46342, bsc#1205879)

• Files Changed
• Browse Source

- Update to version 22.1.5
  * This is a follow-up release to address a couple of regressions
    which found their way into the recent xwayland-22.1.4 release,
    namely:
    + Double scroll wheel events with some Wayland compositors
      https://gitlab.freedesktop.org/xorg/xserver/-/issues/1392
    + Key keeps repeating when a window is closed while a key is pressed
      https://gitlab.freedesktop.org/xorg/xserver/-/issues/1395
- supersedes U_Do-not-ignore-leave-events.patch

• Files Changed
• Browse Source

- U_Do-not-ignore-leave-events.patch
  * fixes xwayland issue#1397, issue#1395

- Update to version 22.1.4
  * xwayland: Aggregate scroll axis events to fix kinetic scrolling
  * Forbid server grabs by non-WM on *rootless* XWayland
  * xkb: Avoid length-check failure on empty strings.
  * ci: remove redundant slash in libxcvt repository url
  * dix: Skip more code in SetRootClip for ROOT_CLIP_INPUT_ONLY
  * dix: Fix overzealous caching of ResourceClientBits()
  * xwayland: Prevent Xserver grabs with rootless
  * xwayland: Delay wl_surface destruction
  * build: Bump wayland requirement to 1.18
  * xwayland: set tag on our surfaces
  * xwayland: Clear the "xwl-window" tag on unrealize
  * xwayland: correct the type for the discrete scroll events
  * xkb: fix some possible memleaks in XkbGetKbdByName
  * xkb: length-check XkbGetKbdByName before accessing the fields
  * xkb: length-check XkbListComponents before accessing the fields
  * xkb: proof GetCountedString against request length attacks
- supersedes security patches:
  * U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
  * U_xkb-proof-GetCountedString-against-request-length-at.patch

• Files Changed
• Browse Source

- U_xkb-proof-GetCountedString-against-request-length-at.patch
  * security update for CVE-2022-3550 (bsc#1204412)
- U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
  * security update for CVE-2022-3551 (bsc#1204416)

• Files Changed
• Browse Source

- Update to version 22.1.3
  * os: print <signal handler called> if unw_is_signal_frame()
  * os: print registers in the libunwind version of xorg_backtrace()
  * xwayland/present: Do not send two idle notify events for flip pixmaps
  * xwayland: Fix check logic in sprite_check_lost_focus()
  * xwayland: Change randr_output status when call xwl_output_remove()
  * xkb: switch to array index loops to moving pointers
  * xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck
  * xkb: add request length validation for XkbSetGeometry

• Files Changed
• Browse Source

- Update to version 22.1.2
  * randr: Add "RANDR Emulation" property
  * xwayland/output: Set the "RANDR Emulation" property
  * xwayland: Fix invalid pointer access in drm_lease_device_handle_released.

• Files Changed
• Browse Source