|
|
|
|
Changelog for libX11-devel-1.8.7-3.1.i586.rpm :
* Fri Mar 01 2024 Jan Engelhardt - Trim descriptions for size (keep the big one for the prominently installed libX11-6).- Spin documentation off to libX11-devel-doc, this saves buildroots 800+ files and time (mandb is run in %posttrans). * Fri Mar 01 2024 pgajdosAATTsuse.com- Use %patch -P N instead of deprecated %patchN. * Mon Nov 20 2023 Stefan Dirsch - this update is needed due to jsc#PED-7282; it includes the security fix for CVE-2022-3555 (bsc#1204425, bsc#1208881) and a fix for a race condition in libX11 that causes various applications to crash randomly (boo#1181963) * Tue Oct 03 2023 Stefan Dirsch - update to 1.8.7 This release contains fixes for the issues reported in security advisory here: https://lists.x.org/archives/xorg-announce/2023-October/003424.html * fixes CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms() (boo#1215683) * fixes CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() (boo#1215684) * fixes CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow (boo#1215685) along with: * Fail XOpenDisplay() if server-provided default visual is invalid (!233) * Bring XKB docs in line with actual implementation (!231, !228) * Xutil.h: declare XEmptyRegion() and XEqualRegion() as Bool (!225) * Assorted updates to en_US.UTF-8 compose keys (!213, !214, !215, !216, !217, !219, !220, !222, !223, !226, !227, !229) * Sat Jul 15 2023 Dirk Müller - update to 1.8.6: * InitExt.c: Add bounds checks for extension request, event, & error codes * Fixes CVE-2023-3138: X servers could return values from XQueryExtension that would cause Xlib to write entries out-of-bounds of the arrays to store them, though this would only overwrite other parts of the Display struct, not outside the bounds allocated for that structure.- drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream) * Mon Jun 12 2023 Stefan Dirsch - U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch * Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138) * Thu Jun 01 2023 Stefan Dirsch - Update to version 1.8.5 * gitlab CI: Add libtool to required packages * configure: raise minimum autoconf requirement to 2.70 * configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * gitlab CI: add workflow rules * nls: delete compose sequences that pointlessly mix upper and lower case * nls: remove four hundred and sixty untypable Greek compose sequences * nls: remove twenty two untypable Greek compose sequences * XSetScreenSaver.man: restore the part that was accidentally snipped * nls: make the Amharic compose sequences use the dead-vowel symbols * nls: sort three sequences alphabetically in their group, like all others * nls: delete six compose sequences that cannot be typed * nls: use a slash instead of a combining solidus in compose sequences * NLS: move long S compositions to respective blocks * NLS: implement the expansion of the six Breton N-graph keysyms * NLS: move dead-caron subscript compositions to the relevant Unicode block * NLS: Remove strange dead_cedilla cedi sign sequences * nls: add compose sequence for capital schwa, and delete a deviant one- Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11 will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order to keep those sequeunces working with this release. * Thu Mar 09 2023 llyyr - Update to version 1.8.4 This release fixes the regressions in previous 1.8.x related to the thread- - safety-constructor option. (boo#1209176)- supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * Mon Dec 05 2022 Stefan Dirsch - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157- let\'s hope this version doesn\'t suffer yet from the regressions reported in boo#1205778, boo#1205818 (reported against 1.8.2); we need libX11 thread safe for totem (GNOME 43) :-( * Mon Dec 05 2022 Stefan Dirsch - going back to version 1.7.5 for now to get rid of regressions, which were introduced by trying to get thread-safe in libX11 itself- re-introduced U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch which was not yet in 1.7.5- supersedes the following patches * U_0001-Add-XFreeThreads-function.patch * U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch * U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch * U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch * U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch * Sat Dec 03 2022 Stefan Dirsch - U_0001-Add-XFreeThreads-function.patch U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch * adding all patches since 1.8.2 release in order to try fixing regressions after introducing thread safety constructor with 1.8.1 (boo#1205778, boo#1205818)- supersedes U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch- re-enabled thread safe constructor * Fri Dec 02 2022 Stefan Dirsch - back to \"--disable-thread-safety-constructor\" for now; we see just too many regressions, e.g. firefox freezes and crashes, crashes with barrierc, crashes in Godot, assertions with vkquake (boo#1205818, boo#1205778) * Sat Nov 26 2022 Stefan Dirsch - U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch * fixed Firefox freezes (regression since 1.8.2) (boo#1205778) * Fri Nov 11 2022 Stefan Dirsch - Update to version 1.8.2 * This is primarily a bug fix release, including further work on improving the thread-safety-constructor and making it work with software which had incorrectly called libX11 functions from inside X *IfEvent() calls.- supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * Wed Oct 19 2022 Stefan Dirsch - U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * security update for CVE-2022-3554 (bsc#1204422) * Thu Jun 09 2022 Stefan Dirsch - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 . * Fri Apr 29 2022 Stefan Dirsch - Update to version 1.8 * The highlight of this release is that we now try to initialize thread safety ourselves, rather than hope the application does it. This should resolve a number of long-standing bugs with the libxcb integration, since the socket handoff mechanism essentially has to be thread-safe. * Sun Apr 03 2022 Stefan Dirsch - Update to version 1.7.4 * Don\'t try to destroy NULL condition variables * Thu Mar 31 2022 Stefan Dirsch - Update to version 1.7.4 * bugfix release- supersedes p_khmer-compose.diff * Fri Dec 10 2021 Stefan Dirsch - Update to version 1.7.3.1 * This release of libX11 corrects a packaging problem in 1.7.3 which caused the m4 files needed for autoreconf to not be included in the tarballs. * As a bonus, this release also includes one tiny typo fix in the XIM specs. * Tue Dec 07 2021 Stefan Dirsch - Update to version 1.7.3 * This release includes a number of bug fixes and adds support for the _EVDEVK keysyms added in xorgproto 2021.2. * Mon Nov 15 2021 Stefan Dirsch - u_no-longer-crash-in-XVisualIDFromVisual.patch * no longer crash in XVisualIDFromVisual() [boo#1191517] * Sun Jun 06 2021 Stefan Dirsch - Update to version 1.7.2 * bug fix release, correcting a regression introduced by and improving the checks from the fix for CVE-2021-31535.- supersedes U_Check-for-NULL-strings-before-getting-their-lengths.patch * Mon May 31 2021 Stefan Dirsch - U_Check-for-NULL-strings-before-getting-their-lengths.patch * regression in libX11 1.7.1 (boo#1186643) fixes segfaults for xforms applications like fdesign * Tue May 18 2021 Stefan Dirsch - Update to version 1.7.1 * security update for CVE-2021-31535 (bsc#1182506)- supersedes U_CVE-2021-31535.patch * Mon May 17 2021 Stefan Dirsch - U_CVE-2021-31535.patch * adds missing request length checks in libX11 (CVE-2021-31535, bsc#1182506)
|
|
|