|
|
|
|
Changelog for libX11-xcb1-32bit-1.8.10-lp156.132.3.x86_64.rpm :
* Tue Jul 30 2024 Stefan Dirsch - Update to 1.8.10; this release includes: * Re-fix XIM input sometimes jumbled (#205, #206, #207, #208, !246) * Fix various static analysis errors (!250) * Add compose sequences for Arabic hamza (!218), Ezh (!221), and hryvnia currency (!259) * Make colormap private interfaces thread safe (#215, !254) * Fix deadlock in XRebindKeysym() (!256) * Assorted memory handling cleanups (!251, !258) * Restore VAX support still in use by NetBSD (!257) * Sat Apr 06 2024 Stefan Dirsch - Update to 1.8.9 * Fix regressions introduced in 1.8.8 (!245, !248) - this includes reverting for now the previous \"Fix XIM input sometimes jumbled (#198, !236)\"- supersedes * U_0001-xlibi18n-restore-parse_line1-for-WIN32-builds.patch * U_0002-Revert-imDefLkup-Commit-first-info-in-XimCommitInfo.patch * U_0003-Revert-ximcp-Unmark-to-fabricate-key-events-with-XKe.patch * Fri Apr 05 2024 Stefan Dirsch - U_0001-xlibi18n-restore-parse_line1-for-WIN32-builds.patch U_0002-Revert-imDefLkup-Commit-first-info-in-XimCommitInfo.patch U_0003-Revert-ximcp-Unmark-to-fabricate-key-events-with-XKe.patch * fix regressions in 1.8.8 (issues #204, #205, #206, #207, #208) * Mon Mar 25 2024 Stefan Dirsch - update to 1.8.8 * Fix XIM input sometimes jumbled (#198, !236) * Fix _XkbReadGetDeviceInfoReply for nButtons == dev->buttons (!237) * Drop ifdefs for platforms that are no longer supported (!242, !243) * Assorted memory handling cleanups * Fri Mar 01 2024 Jan Engelhardt - Trim descriptions for size (keep the big one for the prominently installed libX11-6).- Spin documentation off to libX11-devel-doc, this saves buildroots 800+ files and time (mandb is run in %posttrans). * Fri Mar 01 2024 pgajdosAATTsuse.com- Use %patch -P N instead of deprecated %patchN. * Mon Nov 20 2023 Stefan Dirsch - this update is needed due to jsc#PED-7282; it includes the security fix for CVE-2022-3555 (bsc#1204425, bsc#1208881) and a fix for a race condition in libX11 that causes various applications to crash randomly (boo#1181963) * Tue Oct 03 2023 Stefan Dirsch - update to 1.8.7 This release contains fixes for the issues reported in security advisory here: https://lists.x.org/archives/xorg-announce/2023-October/003424.html * fixes CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms() (boo#1215683) * fixes CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() (boo#1215684) * fixes CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow (boo#1215685) along with: * Fail XOpenDisplay() if server-provided default visual is invalid (!233) * Bring XKB docs in line with actual implementation (!231, !228) * Xutil.h: declare XEmptyRegion() and XEqualRegion() as Bool (!225) * Assorted updates to en_US.UTF-8 compose keys (!213, !214, !215, !216, !217, !219, !220, !222, !223, !226, !227, !229) * Sat Jul 15 2023 Dirk Müller - update to 1.8.6: * InitExt.c: Add bounds checks for extension request, event, & error codes * Fixes CVE-2023-3138: X servers could return values from XQueryExtension that would cause Xlib to write entries out-of-bounds of the arrays to store them, though this would only overwrite other parts of the Display struct, not outside the bounds allocated for that structure.- drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream) * Mon Jun 12 2023 Stefan Dirsch - U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch * Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138) * Thu Jun 01 2023 Stefan Dirsch - Update to version 1.8.5 * gitlab CI: Add libtool to required packages * configure: raise minimum autoconf requirement to 2.70 * configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * gitlab CI: add workflow rules * nls: delete compose sequences that pointlessly mix upper and lower case * nls: remove four hundred and sixty untypable Greek compose sequences * nls: remove twenty two untypable Greek compose sequences * XSetScreenSaver.man: restore the part that was accidentally snipped * nls: make the Amharic compose sequences use the dead-vowel symbols * nls: sort three sequences alphabetically in their group, like all others * nls: delete six compose sequences that cannot be typed * nls: use a slash instead of a combining solidus in compose sequences * NLS: move long S compositions to respective blocks * NLS: implement the expansion of the six Breton N-graph keysyms * NLS: move dead-caron subscript compositions to the relevant Unicode block * NLS: Remove strange dead_cedilla cedi sign sequences * nls: add compose sequence for capital schwa, and delete a deviant one- Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11 will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order to keep those sequeunces working with this release. * Thu Mar 09 2023 llyyr - Update to version 1.8.4 This release fixes the regressions in previous 1.8.x related to the thread- - safety-constructor option. (boo#1209176)- supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * Mon Dec 05 2022 Stefan Dirsch - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157- let\'s hope this version doesn\'t suffer yet from the regressions reported in boo#1205778, boo#1205818 (reported against 1.8.2); we need libX11 thread safe for totem (GNOME 43) :-( * Mon Dec 05 2022 Stefan Dirsch - going back to version 1.7.5 for now to get rid of regressions, which were introduced by trying to get thread-safe in libX11 itself- re-introduced U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch which was not yet in 1.7.5- supersedes the following patches * U_0001-Add-XFreeThreads-function.patch * U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch * U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch * U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch * U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch * Sat Dec 03 2022 Stefan Dirsch - U_0001-Add-XFreeThreads-function.patch U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch * adding all patches since 1.8.2 release in order to try fixing regressions after introducing thread safety constructor with 1.8.1 (boo#1205778, boo#1205818)- supersedes U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch- re-enabled thread safe constructor * Fri Dec 02 2022 Stefan Dirsch - back to \"--disable-thread-safety-constructor\" for now; we see just too many regressions, e.g. firefox freezes and crashes, crashes with barrierc, crashes in Godot, assertions with vkquake (boo#1205818, boo#1205778) * Sat Nov 26 2022 Stefan Dirsch - U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch * fixed Firefox freezes (regression since 1.8.2) (boo#1205778) * Fri Nov 11 2022 Stefan Dirsch - Update to version 1.8.2 * This is primarily a bug fix release, including further work on improving the thread-safety-constructor and making it work with software which had incorrectly called libX11 functions from inside X *IfEvent() calls.- supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * Wed Oct 19 2022 Stefan Dirsch - U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * security update for CVE-2022-3554 (bsc#1204422) * Thu Jun 09 2022 Stefan Dirsch - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 . * Fri Apr 29 2022 Stefan Dirsch - Update to version 1.8 * The highlight of this release is that we now try to initialize thread safety ourselves, rather than hope the application does it. This should resolve a number of long-standing bugs with the libxcb integration, since the socket handoff mechanism essentially has to be thread-safe. * Sun Apr 03 2022 Stefan Dirsch - Update to version 1.7.4 * Don\'t try to destroy NULL condition variables * Thu Mar 31 2022 Stefan Dirsch - Update to version 1.7.4 * bugfix release- supersedes p_khmer-compose.diff * Fri Dec 10 2021 Stefan Dirsch - Update to version 1.7.3.1 * This release of libX11 corrects a packaging problem in 1.7.3 which caused the m4 files needed for autoreconf to not be included in the tarballs. * As a bonus, this release also includes one tiny typo fix in the XIM specs. * Tue Dec 07 2021 Stefan Dirsch - Update to version 1.7.3 * This release includes a number of bug fixes and adds support for the _EVDEVK keysyms added in xorgproto 2021.2. * Mon Nov 15 2021 Stefan Dirsch - u_no-longer-crash-in-XVisualIDFromVisual.patch * no longer crash in XVisualIDFromVisual() [boo#1191517] * Sun Jun 06 2021 Stefan Dirsch - Update to version 1.7.2 * bug fix release, correcting a regression introduced by and improving the checks from the fix for CVE-2021-31535.- supersedes U_Check-for-NULL-strings-before-getting-their-lengths.patch * Mon May 31 2021 Stefan Dirsch - U_Check-for-NULL-strings-before-getting-their-lengths.patch * regression in libX11 1.7.1 (boo#1186643) fixes segfaults for xforms applications like fdesign * Tue May 18 2021 Stefan Dirsch - Update to version 1.7.1 * security update for CVE-2021-31535 (bsc#1182506)- supersedes U_CVE-2021-31535.patch * Mon May 17 2021 Stefan Dirsch - U_CVE-2021-31535.patch * adds missing request length checks in libX11 (CVE-2021-31535, bsc#1182506) * Sat Nov 21 2020 Stefan Dirsch - Update to version 1.7.0 * libX11 version 1.7.0 includes a new API, hence the change from the 1.6 series to 1.7: XSetIOErrorExitHandler which provides a mechanism for applications to recover from I/O error conditions instead of being forced to exit. Thanks to Carlos Garnacho for this. * This release includes a bunch of bug fixes, some which have been pending for over three years: + A bunch of nls cleanups to remove obsolete entries and clean up formatting of the ist. Thanks to Benno Schulenberg for these. + Warning fixes and other cleanups across a huge swath of the library. Thanks to Alan Coopersmith for these. + Memory allocation bugs, including leaks and use after free in the locale code. Thanks to Krzesimir Nowak, Jacek Caban and Vittorio Zecca for these. + Thread safety fixes in the locale code. Thanks to Jacek Caban for these. + poll_for_response race condition fix. Thanks to Frediano Ziglio for the bulk of this effort, and to Peter Hutterer for careful review and improvements. * Version 1.7.0 includes a couple of new locales: ia and ie locales. Thanks to Carmina16 for these. * There are also numerous compose entries added, including: + |^ or ^| for ↑, |v or v| for ↓, ~~ for ≈. Thanks to Antti Savolainen for this. + Allowing use of \'v\' for caron, in addition to \'c\', so things like vC for Č, vc for č. Thanks to Benno Schulenberg for this. + Compose sequences LT, lt for \'<\', and GT, gt for \'>\' for keyboards where those are difficult to access. Thanks to Jonathan Belsewir for this.- refreshed patches en-locales.diff, p_khmer-compose.diff and p_xlib_skip_ext_env.diff * Tue Aug 25 2020 Stefan Dirsch - Update to version 1.6.12 * Fix an integer overflow in init_om() [CVE-2020-14363, boo#1175239] * Sat Aug 15 2020 Tobias Klausmann - Update to version 1.6.11: A collection of random and security fixes.- Remove patches included in this release: + U_001-ChangeTheData_lenParameterOf_XimAttributeToValueToCARD16.patch + U_002-FixIntegerOverflowsIn_XimAttributeToValue.patch + U_003-FixMoreUncheckedLengths.patch + U_004-FixSignedLengthValuesIn_XimGetAttributeID.patch + U_005-ZeroOutBuffersInFunctions.patch + U_006-Fix-size-calculation-in-_XimAttributeToValue.patch- Adapt patch p_xlib_skip_ext_env.diff to work with the new version * Tue Aug 04 2020 tiwaiAATTsuse.de- U_006-Fix-size-calculation-in-_XimAttributeToValue.patch: * Regression fix in previous XIM client head overflow fixes (CVE-2020-14344, bsc#1174628) * Fri Jul 31 2020 Stefan Dirsch - U_001-ChangeTheData_lenParameterOf_XimAttributeToValueToCARD16.patch, U_002-FixIntegerOverflowsIn_XimAttributeToValue.patch, U_003-FixMoreUncheckedLengths.patch, U_004-FixSignedLengthValuesIn_XimGetAttributeID.patch, U_005-ZeroOutBuffersInFunctions.patch, * XIM client heap overflows (CVE-2020-14344, bsc#1174628) * Sun Oct 20 2019 Stefan Brüns - Add conflicts for old xorgproto-devel, X11/extensions/XKBgeom.h was moved to libX11-devel. * Wed Oct 09 2019 Stefan Dirsch - Update to version 1.6.9 * A collection of build and documentation fixes, one preparatory change for a new xorgproto release, and a fix for a deadlock bug in _XReply. * Mon Jun 17 2019 Stefan Dirsch - Update to version 1.6.8 * bug fixes * Wed Oct 10 2018 sndirschAATTsuse.com- Update to version 1.6.7 * XcmsLookupColor: fully initialize XColor structs passed to _XColor_to_XcmsRGB * poll_for_response: Call poll_for_event again if xcb_poll_for_reply fails * poll_for_event: Allow using xcb_poll_for_queued_event * Mon Aug 27 2018 tchvatalAATTsuse.com- Format spec with spec-cleaner- Use %autopatch to not bother with one-by-one patch application- Remove autoreconf as we no longer patch any of the buildsystem- Explicitly disable silent rules during configuration * Wed Aug 22 2018 tobias.johannes.klausmannAATTmni.thm.de- Update to version 1.6.6: + Make Xkb{Get,Set}NamedIndicator spec & manpages match code + Clarify state parameter to XkbSetNamedDeviceIndicator + Improve table formatting in XkbChangeControls & XkbKeyNumGroups man pages + If XGetImage fails to create image, don\'t dereference it to bounds check + Use size_t for buffer sizes in SetHints.c + Change fall through comment in lcDB.c to match gcc\'s requirements + _XDefaultError: set XlibDisplayIOError flag before calling exit + Fix possible memory leak in cmsProp.c:140 + Don\'t rebuild ks_tables.h if nothing changed. + Remove statement with no effect. + Use flexible array member instead of fake size. + Valgrind fix for XStoreColor and XStoreColors. + XkbOpenDisplay.3: fix typo + Validation of server response in XListHosts. + Fixed off-by-one writes (CVE-2018-14599). + Fixed out of boundary write (CVE-2018-14600). + Fixed crash on invalid reply (CVE-2018-14598). + fix shadow warning + _XIOError(dpy); will never return so remore dead + remove argument check for free() adjust one inden + fix shadow char_size + fix more shadow warning + no need to check argument for _XkbFree() + remove stray extern + no need to check args for Xfree() + fix memleak in error path + fix memleak in error path + no need to check XFree arguments + mark _XDefaultIOError as no_return + Fixes: warning: variable \'req\' set but not,used + add _X_UNUSED to avoid unused variable warnings + remove empty line + silence gcc warning assignment discards \'const\' qualifier from pointer target type- Packaging changes: + Remove upstreamed u_Use-flexible-array-member-instead-of-fake-size.patch + Remove upstreamed u_off-by-one-write-in-XListExtensions.patch + Remove upstreamed u_out-of-boundary-write-in-XListExtensions.patch + Remove upstreamed u_crash-on-invalid-reply-in-XListExtensions.patch * Mon Aug 20 2018 sndirschAATTsuse.com- u_off-by-one-write-in-XListExtensions.patch * fixes off-by-one write in XListExtensions (bsc#1102062, CVE-2018-14599)- u_out-of-boundary-write-in-XListExtensions.patch * fixes out of boundary write in XListExtensions (bsc#1102068, CVE-2018-14600)- u_crash-on-invalid-reply-in-XListExtensions.patch * crash on invalid reply in XListExtensions (bsc#1102073, CVE-2018-14598) * Thu Mar 15 2018 msrbAATTsuse.com- u_Use-flexible-array-member-instead-of-fake-size.patch * Fixes build error with gcc8. (bnc#1084639) * Wed Mar 01 2017 tobias.johannes.klausmannAATTmni.thm.de- Update to version 1.6.5: + Revert \"Compose sequences for rouble sign\" + specs/libX11: More synopsis fixes + specs/libX11: Fix paramdef entries listing multiple parameters + specs/libX11: Make paramdef spacing more consistent + specs/libX11: Add missing parameter types for XGetWindowProperty() + specs/libX11: Fix broken synopsis for Data/Data16/Data32 + specs/libX11: Update Portability Considerations for the 21st century + autogen.sh: use quoted string variables + Plug a memory leak + Fix wrong Xfree in XListFonts failure path + Typos in \"Xlib - C Language X Interface\" document - Chapter 02 + autogen: add default patch prefix + Compose sequences for rouble sign + autogen.sh: use exec instead of waiting for configure to finish + Revert cs_CZ.UTF-8 XLC_LOCALE to en_US.UTF-8- supersedes u_nls-fix-handling-of-cs_CZ.UTF8_locale.patch * Tue Nov 08 2016 sndirschAATTsuse.com- u_nls-fix-handling-of-cs_CZ.UTF8_locale.patch * refix cs_CZ.UTF-locale (boo#1008951, fdo#81875, fdo#98219) * Sat Nov 05 2016 jengelhAATTinai.de- Run fdupes over at least the manpages * Sat Oct 29 2016 tobias.johannes.klausmannAATTmni.thm.de- Update to version 1.6.4: + Move Compose \\ o / to be with other emoji compose sequences + Replace Xmalloc+memset pairs with Xcalloc calls + Remove unused definition of XCONN_CHECK_FREQ + Bug 93184: read_EncodingInfo invalid free + Bug 93183: _XDefaultOpenIM memory leaks in out-of-memory error paths + Use strdup instead of Xmalloc+strcpy in _XDefaultOpenIM + XDefaultOMIF: replace strlen+Xmalloc+strcpy with strdup, code simplification + XlcDL.c: replace strcpy+strcat sequences with snprintf + XlcDL.c: reduce code duplication + lcPubWrap: replace malloc(strlen) + strcpy with strdup + Stop checking XTRANS_SECURE_RPC_FLAGS since we no longer use them + Stop checking for preferred order of local transports + Don\'t need to link libX11-xcb against libX11 + xcms: use size_t for strlen/sizeof values instead of converting to int & back + xcms: use unsigned indexes when looping through unsigned values + xcms: use size_t for pointer offsets passed to strncmp + omGeneric.c: Correct the parameter usage of sizeof + fix for Xlib 32-bit request number issues + Add Compose sequence for U+1F4A9. + Xlib.h: Fix macros imitating C functions. + Add compose file for pt_PT similar to pt_BR + Mark _XNextRequest as hidden + New compose keys for local languages in Togo + Fixup param specification for XChangeProperty()- Package changes: + Remove upstream patch U_fix_for_Xlib_32-bit_request_number_issues.patch * Mon Nov 23 2015 msrbAATTsuse.com- U_fix_for_Xlib_32-bit_request_number_issues.patch * Fix for overflow of requet number on 32bit platforms. (bnc#845916) * Thu Mar 12 2015 sndirschAATTsuse.com- marked baselibs.conf as source file in specfile * Wed Mar 11 2015 tobias.johannes.klausmannAATTmni.thm.de- Update to version 1.6.3: This release of libX11 looks bigger than it is, due to a lot of spec/doc cleanup work that doesn\'t affect the code itself. There is still a good deal of bug fixes, code cleanup, locale improvements, and compose key table additions, including new UTF-8 compose sequences for: + : \"\" U20b9 # INDIAN RUPEE SIGN + : \"Ș\" U0218 # LATIN CAPITAL LETTER S WITH COMMA BELOW + : \"ș\" U0219 # LATIN SMALL LETTER S WITH COMMA BELOW + : \"Ț\" U021A # LATIN CAPITAL LETTER T WITH COMMA BELOW + : \"ț\" U021B # LATIN SMALL LETTER T WITH COMMA BELOW + : \"\" U1F595 # REVERSED HAND WITH MIDDLE FINGER EXTENDED + : \"\" U1F596 # RAISED HAND WITH PART BETWEEN MIDDLE AND RING FINGERS- Changes to package: + remove Patch16: U_nls-en_US.UTF-8-Compose.pre-Fix-typo.patch
|
|
|