Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

xwayland-23.2.4-slfo.1.2.6 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: xwayland Distribution: SUSE Linux Framework One
Version: 23.2.4 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.2.6 Build date: Wed Apr 10 15:50:16 2024
Group: System/X11/Servers/XF86_4 Build host: reproducible
Size: 2268909 Source RPM: xwayland-23.2.4-slfo.1.2.6.src.rpm
Packager: https://www.suse.com/
Url: http://xorg.freedesktop.org
Summary: Xwayland Xserver
This package contains the Xserver running on the Wayland Display Server.

Provides

Requires

License

MIT

Changelog

* Wed Apr 10 2024 sndirsch@suse.com
  - U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
    * fixes regression for security fix for CVE-2024-31083 (bsc#1222312,
      boo#1222442, gitlab xserver issue #1659)
* Thu Apr 04 2024 sndirsch@suse.com
  - U_CVE-2024-31080-Xi-ProcXIGetSelectedEvents-needs-to-use-unswapped-le.patch
    * Xi: ProcXIGetSelectedEvents needs to use unswapped length
      (CVE-2024-31080, bsc#1222309)
  - U_CVE-2024-31081-Xi-ProcXIPassiveGrabDevice-needs-to-use-unswapped-le.patch
    * Xi: ProcXIPassiveGrabDevice needs to use unswapped length to send reply
      (CVE-2024-31081, bsc#1222310)
  - U_CVE-2024-31083-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch
    * render: fix refcounting of glyphs during ProcRenderAddGlyphs
      (CVE-2024-31083, bsc#1222312)
* Wed Jan 17 2024 sndirsch@suse.com
  - This release contains also the following patches mentioned in
    previous sle15 releases
    * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
    * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
    * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
    * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
    * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
    * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
    * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
* Tue Jan 16 2024 sndirsch@suse.com
  - This release contains also the missing fixes of initial
    U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
    (bsc#1217765)
* Tue Jan 16 2024 sndirsch@suse.com
  - Update to version 23.2.4
    * This release contains fixes for the issues reported in today's
      security advisory:
      https://lists.x.org/archives/xorg/2024-January/061525.html
    * CVE-2023-6816  (bsc#1218582)
    * CVE-2024-0229  (bsc#1218583)
    * CVE-2024-21885 (bsc#1218584)
    * CVE-2024-21886 (bsc#1218585)
    * CVE-2024-0408
    * CVE-2024-0409
  - supersedes the patches mentioned below:
    * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
    * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
* Mon Dec 04 2023 sndirsch@suse.com
  - U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
    * Out-of-bounds memory write in XKB button actions (CVE-2023-6377,
      ZDI-CAN-22412, ZDI-CAN-22413, bsc#1217765)
  - U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
    * Out-of-bounds memory read in RRChangeOutputProperty and
      RRChangeProviderProperty (CVE-2023-6478, ZDI-CAN-22561,
      bsc#1217766)
* Fri Nov 24 2023 sndirsch@suse.com
  - This release contains the following patches mentioned in previous
    sle15 releases
    * U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch:
      fixes regression introduced with security update for
      CVE-2022-46340 (bsc#1205874)
    * U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch:
      fix handling of PropModeAppend/Prepend ((CVE-2023-5367, ZDI-CAN-22153,
      bsc#1216135)
    * U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch,
      U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch:
      Server Damage Object Use-After-Free Local Privilege Escalation
      Vulnerability (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
    * U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch:
      fixes a regresion, which can trigger a segfault in Xwayland on
      exit, introduced by
      U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
      (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
* Wed Oct 25 2023 sndirsch@suse.com
  - Update to version 23.2.2
    * This release contains the fix for CVE-2023-5367 and CVE-2023-5574
      in today's security advisory:
      https://lists.x.org/archives/xorg-announce/2023-October/003430.html
      Xwayland does not support multiple protocol screens (Zaphod) and is thus
      not affected by CVE-2023-5380.
    * Additionally, there is a change in the default behaviour of Xwayland:
      Since version 23.2.0 Xwayland (via liboeffis) automatically tries to
      connect to the XDG Desktop Portal's RemoteDesktop interface to obtain
      the EI socket. That socket is used to send XTest events to the
      compositor.
    * However, the connection to the session-wide Portal is unsuitable when
      Xwayland is running in a nested compositor. Xwayland cannot tell whether
      it's running on a nested compositor and to keep backwards compatibility
      with Xwayland prior to 23.2.0, Xwayland must now be started with
      "-enable-ei-portal" to connect to the portal.
    * Compositors (who typically spawn Xwayland rootless) must now pass this
      option to get the same behaviour as 23.2.x.
    * Finally, Xwayland now uses libbsd-overlay instead of libbsd.
* Wed Sep 20 2023 sndirsch@suse.com
  - Update to version 23.2.1:
    * glamor: Ignore destination alpha as necessary for composite operation
    * xtest: Check whether there is a sendEventsProc to call
  - supersedes xwayland-glamor-Ignore-destination-alpha-as-necessary-for-com.patch
* Mon Sep 18 2023 joan.torres@suse.com
  - xwayland-glamor-Ignore-destination-alpha-as-necessary-for-com.patch
    * Fix when vncviewer fades to white on xwayland (bsc#1215385,
      https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1154)
* Sat Aug 26 2023 sndirsch@suse.com
  - enable libei and libdecor only for TW, since it does not exist
    yet on sle15-sp5
* Thu Aug 17 2023 bjorn.lie@gmail.com
  - Update to version 23.2.0:
    * Optional support for emulated input (EI) via the libei library,
      support for the tearing control protocol, and the XWayland
      rootful mode is now resizable with libdecor.
  - Add pkgconfig(libei-1.0) BuildRequires, build new optional
    emulated input support.
  - Add pkgconfig(libdecor-0) BuildRequires, build optional CSD
    support.
* Sat Jun 10 2023 sndirsch@suse.com
  - Update to version 23.1.2
    * This release includes improved DMA-BUF v4 feedback support for
      direct scanout, relaxed CVT modes for non-standard modes, fixes
      for the CHERI/Morello platform and other various fixes.
* Sat Apr 01 2023 bjorn.lie@gmail.com
  - Update to version 23.1.1 (CVE-2023-1393):
    + This release contains the fix for CVE-2023-1393.
    + xkbUtils: use existing symbol names instead of deleted
      deprecated ones
    + glamor: Don't glFlush/ctx switch unless any work has been
      performed
    + xwayland:
    - Refactor xwl_present_for_each_frame_callback helper
    - Prevent nested xwl_present_for_each_frame_callback calls
    + composite: Fix use-after-free of the COW
  - Drop U_xserver-composite-Fix-use-after-free-of-the-COW.patch:
    Fixed upstream.
* Thu Mar 23 2023 sndirsch@suse.com
  - U_xserver-composite-Fix-use-after-free-of-the-COW.patch
    * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866,
      bsc#1209543)
* Wed Mar 22 2023 bjorn.lie@gmail.com
  - Update to version 23.1.0:
    * test: Use either wayland-info or weston-info.
  - Changes from version 23.1.0.rc2:
    * A regression with keymaps which were not applied anymore.
    * Various regressions with DRM format modifiers.
  - Changes from version 23.1.0.rc1:
    * Support for linux_dmabuf v4 protocol.
    * Support for wl_pointer.axis_v120 (high-resolution scrolling).
    * Support for xwayland_shell protocol.
    * Improved "rootful" mode for using Xwayland as a nested Xserver.
    * Improved emulated XRandR support exposing the output names.
    * Support for byte-swapped clients is now disabled by default.
* Tue Feb 07 2023 sndirsch@suse.com
  - Update to version 22.1.8
    * This release contains the fix for CVE-2023-0494 in today's
      security advisory:
      https://lists.x.org/archives/xorg-announce/2023-February/003320.html
    * It also fixes a second possible OOB access during EnqueueEvent.
  - supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
* Thu Feb 02 2023 sndirsch@suse.com
  - improved summary and description
  - added requires to xkeyboard-config
  - added recommends to xorg-x11-fonts-core
  - removed unused 'package' section
* Wed Feb 01 2023 sndirsch@suse.com
  - U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
    * DeepCopyPointerClasses use-after-free (CVE-2023-0494,
      ZDI-CAN-19596, bsc#1207783)
* Sat Dec 31 2022 sndirsch@suse.com
  - Update to version 22.1.7
    * This release fixes an invalid event type mask in
      XTestSwapFakeInput which was inadvertently changed from octal
      0177 to hexadecimal 0x177 in the fix for CVE-2022-46340.
* Thu Dec 15 2022 bjorn.lie@gmail.com
  - Update to version 22.1.6:
    * Fixes CVE-2022-46340, CVE-2022-46341, CVE-2022-46342,
      CVE-2022-46343, CVE-2022-46344, CVE-2022-4283.
    * Xtest: disallow GenericEvents in XTestSwapFakeInput
    * Xi: disallow passive grabs with a detail > 255
    * Xext: free the XvRTVideoNotify when turning off from the same
      client
    * Xext: free the screen saver resource when replacing it
    * Xi: return an error from XI property changes if verification
      failed
    * Xi: avoid integer truncation in length check of
      ProcXIChangeProperty
    * xkb: reset the radio_groups pointer to NULL after freeing it
  - Drop patches fixed upstream:
    * U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
    * U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
    * U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
    * U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
    * U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
    * U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
    * U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
* Tue Dec 06 2022 sndirsch@suse.com
  - U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
    * XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283,
      bsc#1206017)
* Wed Nov 30 2022 sndirsch@suse.com
  - U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
    * Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265,
      CVE-2022-46340, bsc#1205874)
  - U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
    * Xi: return an error from XI property changes if verification
      failed (no ZDI-CAN id, no CVE id, bsc#1205875)
  - U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
    * Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405,
      CVE-2022-46344, bsc#1205876)
  - U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
    * Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381,
      CVE-2022-46341, bsc#1205877)
  - U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
    * Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404,
      CVE-2022-46343, bsc#1205878)
  - U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
    * Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400,
      CVE-2022-46342, bsc#1205879)
* Wed Nov 02 2022 sndirsch@suse.com
  - Update to version 22.1.5
    * This is a follow-up release to address a couple of regressions
      which found their way into the recent xwayland-22.1.4 release,
      namely:
      + Double scroll wheel events with some Wayland compositors
      https://gitlab.freedesktop.org/xorg/xserver/-/issues/1392
      + Key keeps repeating when a window is closed while a key is pressed
      https://gitlab.freedesktop.org/xorg/xserver/-/issues/1395
  - supersedes U_Do-not-ignore-leave-events.patch
* Mon Oct 24 2022 sndirsch@suse.com
  - U_Do-not-ignore-leave-events.patch
    * fixes xwayland issue#1397, issue#1395
* Thu Oct 20 2022 sndirsch@suse.com
  - Update to version 22.1.4
    * xwayland: Aggregate scroll axis events to fix kinetic scrolling
    * Forbid server grabs by non-WM on *rootless* XWayland
    * xkb: Avoid length-check failure on empty strings.
    * ci: remove redundant slash in libxcvt repository url
    * dix: Skip more code in SetRootClip for ROOT_CLIP_INPUT_ONLY
    * dix: Fix overzealous caching of ResourceClientBits()
    * xwayland: Prevent Xserver grabs with rootless
    * xwayland: Delay wl_surface destruction
    * build: Bump wayland requirement to 1.18
    * xwayland: set tag on our surfaces
    * xwayland: Clear the "xwl-window" tag on unrealize
    * xwayland: correct the type for the discrete scroll events
    * xkb: fix some possible memleaks in XkbGetKbdByName
    * xkb: length-check XkbGetKbdByName before accessing the fields
    * xkb: length-check XkbListComponents before accessing the fields
    * xkb: proof GetCountedString against request length attacks
  - supersedes security patches:
    * U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
    * U_xkb-proof-GetCountedString-against-request-length-at.patch
* Wed Oct 19 2022 sndirsch@suse.com
  - U_xkb-proof-GetCountedString-against-request-length-at.patch
    * security update for CVE-2022-3550 (bsc#1204412)
  - U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
    * security update for CVE-2022-3551 (bsc#1204416)
* Tue Jul 12 2022 sndirsch@suse.com
  - Update to version 22.1.3
    * os: print <signal handler called> if unw_is_signal_frame()
    * os: print registers in the libunwind version of xorg_backtrace()
    * xwayland/present: Do not send two idle notify events for flip pixmaps
    * xwayland: Fix check logic in sprite_check_lost_focus()
    * xwayland: Change randr_output status when call xwl_output_remove()
    * xkb: switch to array index loops to moving pointers
    * xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck
    * xkb: add request length validation for XkbSetGeometry
* Wed May 25 2022 sndirsch@suse.com
  - Update to version 22.1.2
    * randr: Add "RANDR Emulation" property
    * xwayland/output: Set the "RANDR Emulation" property
    * xwayland: Fix invalid pointer access in drm_lease_device_handle_released.
* Thu Mar 31 2022 sndirsch@suse.com
  - Update to version 22.1.1
    * xwayland: Clear timer_armed in xwl_present_unrealize_window
    * xwayland: Always hook up frame_callback_list in xwl_present_queue_vblank
    * Xwayland: Do not map the COW by default when rootless
    * xwayland/present: Fix use-after-free in xwl_unrealize_window()
* Wed Feb 16 2022 sndirsch@suse.com
  - Update to version 22.1.0
    * xwayland: Fix cursor color
* Thu Feb 03 2022 bjorn.lie@gmail.com
  - Update to version 22.0.99.902
    * render: Fix build with gcc 12
* Thu Jan 20 2022 bjorn.lie@gmail.com
  - Update to version 22.0.99.901
    * DRM lease support
    * Enables sRGB fbconfigs in GLX
    * Requires libxcvt
    * Refactoring of the present code in Xwayland
    * Implements support for touchpad gestures
    * Support for xfixes's ClientDisconnectMode and optional
      terminate delay
  - Add pkgconfig(libxcvt) BuildRequires: New dependency.
  - Add xwayland.keyring, use url for sources, validate sig.
  - Move man pages from devel to main binary package.
  - Enable LTO, no longer disable LTO via macro.
* Tue Dec 14 2021 sndirsch@suse.com
  - Update to version 21.1.4
    * Fixes for multiple input validation failures in X server extensions:
      + CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds access (boo#1193030)
      + CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds access (boo#1190487)
      + CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access (boo#1190488)
      + CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access (boo#1190489)
    * This release also includes other fixes such as:
      + Store EGLcontext to avoid superfluous eglMakeCurrent() calls
      + Prefer EGLStream with NVIDIA proprietary driver if both GBM and EGLstream are available
* Mon Nov 08 2021 sndirsch@suse.com
  - Update to version 21.1.3
    * Most notable change is a fix for the GBM backend to work with
      the Nvidia driver series 495.
  - supersedes U_glamor-Fix-handling-of-1-bit-pixmaps.patch
* Thu Oct 07 2021 joan.torres@suse.com
  - Specfile cleanup
* Tue Sep 28 2021 sndirsch@suse.com
  - U_glamor-Fix-handling-of-1-bit-pixmaps.patch
    * glamor: Fix handling of 1-bit pixmaps; fixes e.g. issues with
      gimp on Wayland (which needs Xwayland) (boo#1189310)
* Mon Sep 27 2021 sndirsch@suse.com
  - covers jira#SLE/SLE-18653
* Thu Jul 15 2021 macie.mckitrick@protonmail.com
  - xwayland pc is required for S390x and S390
* Fri Jul 09 2021 sndirsch@suse.com
  - Update to version 21.1.2
    * The only change compared to the release candidate is a fix for
      a long standing issue where Xwayland wouldn't send events to
      notify clients of RandR configuration changes in some cases.
* Thu Jul 01 2021 sndirsch@suse.com
  - Update to version 21.1.1.901 (21.1.2 RC1)
    * It's a bit special, as most of the changes are not the usual
      stable branch fixes material, but are needed for HW accelerated
      direct rendering with the Nvidia 470 driver (which is currently
      in open beta).
    * changes are mostly specific to the EGLStream backend and do not
      affect the GBM backend. And they make a big difference for users
      of the EGLStream backend.
    * See
      https://lists.fedoraproject.org/archives/list/desktop@lists.fedoraproject.org/thread/BBZVDNST67I2AQOCPSHKYAY6D5Z66JIP/
      for more information about testing the EGLStream changes
  - enabled Wayland eglstreams (needs new packages egl-wayland and
    eglexternalplatform)
* Tue Apr 13 2021 sndirsch@suse.com
  - Update to version 21.1.1
    * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472,
      ZDI-CAN-1259, bsc#1180128)
* Mon Apr 12 2021 tobias.klausmann@freenet.de
  - Additionally to not packing /usr/lib64/xorg/protocol.txt, delete it to fix
    the build
* Mon Apr 12 2021 gmbr3@opensuse.org
  - Make vendor name the same as xorg-x11-server
* Mon Apr 12 2021 sndirsch@suse.com
  - removed conflicting /usr/lib64/xorg/protocol.txt (already in
    xorg-x11-server package)
* Wed Apr 07 2021 sndirsch@suse.com
  - added summary for -devel package
  - some cleanup
* Wed Mar 17 2021 tobias.klausmann@freenet.de
  - Update to version 21.1.0:
    * meson: Make sure XKM_OUTPUT_DIR has a trailing slash
    * xwayland: Fix LeaveNotify for relative pointer
  - Highlights compared to xserver 1.20.10:
    * Xwayland's XVideo support (via glamor) now supports NV12
    * glamor can now accelerate some more RENDER extension formats
    * Xwayland's GLX provider now uses the EGL implementation instead of Mesa's
      swrast_dri.so directly
    * Xwayland can now use the wp_viewport Wayland protocol for up-scaling of
      fullscreen applications setting lower resolutions via the RandR /
      XFree86-VidModeExtension extensions
    * Xwayland now alternates between multiple buffers for all Wayland surfaces,
      making it less of a special case compared to other Wayland clients
    * Xwayland can now use memfd_create for creating buffers shared with the
      Wayland compositor when glamor hardware acceleration is disabled
    * Xwayland has better support for clients using relative mouse input and
      keyboard grabs
    * An Xwayland.1 manpage is now installed
    * Xwayland now supports -listenfd, -version and -verbose command line options
    * Xwayland now installs an xwayland.pc file which helps discovering the path
      of the installed Xwayland binary and the features it supports
    * Only meson is supported for building
    * Only Xwayland and Xvfb can be built, only Xwayland can be installed
* Thu Mar 04 2021 sndirsch@suse.com
  - update to 21.0.99.902
    * second release candidate for the standalone Xwayland 21.1.0 release
    * meson.build: Keep the protocol version looking like xserver 1.20.x did
    * xwayland: Delay cursor visibility update
* Fri Feb 26 2021 sndirsch@suse.com
  - added Buildrequires to pkgconfig(glproto) and pkgconfig(gl) to
    fix build on Leap
* Fri Feb 19 2021 tobias.klausmann@freenet.de
  - Initial stand-alone Xwayland package version 21.0.99.901 (boo#1182677)

Files

/usr/bin/Xwayland
/usr/share/applications/org.freedesktop.Xwayland.desktop
/usr/share/man/man1/Xwayland.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 12 00:02:43 2024