* Sat Feb 22 2025 sndirsch@suse.com
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey()
(CVE-2025-26597, bsc#1237431)
* Tue Jul 30 2024 sndirsch@suse.com
- Update to 1.8.10; this release includes:
* Re-fix XIM input sometimes jumbled (#205, #206, #207, #208, !246)
* Fix various static analysis errors (!250)
* Add compose sequences for Arabic hamza (!218), Ezh (!221), and
hryvnia currency (!259)
* Make colormap private interfaces thread safe (#215, !254)
* Fix deadlock in XRebindKeysym() (!256)
* Assorted memory handling cleanups (!251, !258)
* Restore VAX support still in use by NetBSD (!257)
* Sat Apr 06 2024 sndirsch@suse.com
- Update to 1.8.9
* Fix regressions introduced in 1.8.8 (!245, !248) - this includes
reverting for now the previous "Fix XIM input sometimes jumbled
(#198, !236)"
- supersedes
* U_0001-xlibi18n-restore-parse_line1-for-WIN32-builds.patch
* U_0002-Revert-imDefLkup-Commit-first-info-in-XimCommitInfo.patch
* U_0003-Revert-ximcp-Unmark-to-fabricate-key-events-with-XKe.patch
* Fri Apr 05 2024 sndirsch@suse.com
- U_0001-xlibi18n-restore-parse_line1-for-WIN32-builds.patch
U_0002-Revert-imDefLkup-Commit-first-info-in-XimCommitInfo.patch
U_0003-Revert-ximcp-Unmark-to-fabricate-key-events-with-XKe.patch
* fix regressions in 1.8.8 (issues #204, #205, #206, #207, #208)
* Mon Mar 25 2024 sndirsch@suse.com
- update to 1.8.8
* Fix XIM input sometimes jumbled (#198, !236)
* Fix _XkbReadGetDeviceInfoReply for nButtons == dev->buttons (!237)
* Drop ifdefs for platforms that are no longer supported (!242, !243)
* Assorted memory handling cleanups
* Fri Mar 01 2024 jengelh@inai.de
- Trim descriptions for size (keep the big one for the prominently
installed libX11-6).
- Spin documentation off to libX11-devel-doc, this saves buildroots
800+ files and time (mandb is run in %posttrans).
* Fri Mar 01 2024 pgajdos@suse.com
- Use %patch -P N instead of deprecated %patchN.
* Mon Nov 20 2023 sndirsch@suse.com
- this update is needed due to jsc#PED-7282; it includes the
security fix for CVE-2022-3555 (bsc#1204425, bsc#1208881) and
a fix for a race condition in libX11 that causes various
applications to crash randomly (boo#1181963)
* Tue Oct 03 2023 sndirsch@suse.com
- update to 1.8.7
This release contains fixes for the issues reported in security
advisory here:
https://lists.x.org/archives/xorg-announce/2023-October/003424.html
* fixes CVE-2023-43785 libX11: out-of-bounds memory access in
_XkbReadKeySyms() (boo#1215683)
* fixes CVE-2023-43786 libX11: stack exhaustion from infinite recursion
in PutSubImage() (boo#1215684)
* fixes CVE-2023-43787 libX11: integer overflow in XCreateImage()
leading to a heap overflow (boo#1215685)
along with:
* Fail XOpenDisplay() if server-provided default visual is invalid (!233)
* Bring XKB docs in line with actual implementation (!231, !228)
* Xutil.h: declare XEmptyRegion() and XEqualRegion() as Bool (!225)
* Assorted updates to en_US.UTF-8 compose keys (!213, !214, !215, !216,
!217, !219, !220, !222, !223, !226, !227, !229)
* Sat Jul 15 2023 dmueller@suse.com
- update to 1.8.6:
* InitExt.c: Add bounds checks for extension request,
event, & error codes
* Fixes CVE-2023-3138: X servers could return values from
XQueryExtension that would cause Xlib to write entries
out-of-bounds of the arrays to store them, though this
would only overwrite other parts of the Display
struct, not outside the bounds allocated for that
structure.
- drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream)