Package Release Info

xorg-x11-server-21.1.15-160000.2.2

Update Info: Base Release
Available in Package Hub : 16.0

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

xorg-x11-server

xorg-x11-server-extra

xorg-x11-server-sdk

xorg-x11-server-source

xorg-x11-server-wrapper

xorg-x11-server-Xvfb

Change Logs

* Sun Jun 22 2025 sndirsch@suse.com

- U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch
  * additional fix for CVE-2025-49176

* Thu Jun 05 2025 sndirsch@suse.com

- U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch
  * Out-of-bounds access in X Rendering extension (Animated cursors)
    (CVE-2025-49175, bsc#1244082)
- U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch
  * Integer overflow in Big Requests Extension
    (CVE-2025-49176, bsc#1244084)
- U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch
  * Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode)
    (CVE-2025-49177, bsc#1244085)
- U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch
  * Unprocessed client request via bytes to ignore
    (CVE-2025-49178, bsc#1244087)
- U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch
  * Integer overflow in X Record extension
    (CVE-2025-49179, bsc#1244089)
- U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch
  U_CVE-2025-49180-xfree86-Check-for-RandR-provider-functions.patch
  * Integer overflow in RandR extension (RRChangeProviderProperty)
    (CVE-2025-49180, bsc#1244090)

* Tue Mar 18 2025 sndirsch@suse.com

- U_CVE-2022-49737-dix-Hold-input-lock-for-AttachDevice.patch
  * Xorg may crash when client applications use easystroke for
    mouse gestures (CVE-2022-49737, bsc#1239750)

* Tue Feb 25 2025 sndirsch@suse.com

- U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch
  U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
  * Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
  * Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
  * Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
  * Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
  * Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
  U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
  * Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
  * Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
  U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
  U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
  U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
  * Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)

* Sat Jan 04 2025 sndirsch@suse.com

- get rid of %dnl usage (fails on SP7 due to unkonwn macro); also
  after latest change I now got an autodecline that patches in
  sources are not mentioned in specfile; just use '#patch ...'
  now for not applying a patch ...

* Sat Jan 04 2025 sndirsch@suse.com

- properly comment out also "PatchXX:" lines; since
  'osc service runall source_validator' failed with latest change

* Mon Dec 23 2024 dimstar@opensuse.org

- Properly comment out %patch lines: '#' still expands the macro, which
  makes build fail with rpm 4.20. Use %dnl instead.

* Wed Dec 18 2024 sndirsch@suse.com

- Update to relesae 21.1.15
  * dix-config.h: add HAVE_SOCKLEN_T definition
  * config: add a quirk for Apple Silicon appledrm
  * os: Fix assignment with incompatible pointer type
  * os: Fix siHostnameAddrMatch in the case where h_addr isn't defined
  * hw/xfree86: Fix -Wmissing-prototypes warnings
  * hw/xfree86: Fix -Wincompatible-pointer-types sbus compile failure

* Sun Dec 08 2024 sndirsch@suse.com

- re-added and re-enabled u_xfree86-activate-GPU-screens-on-autobind.patch
  in order to fix the regression of a black screen in login screen
  (SDDM) on some hybrid graphics Laptop (Intel Meteor Lake-P/
  NVIDIA GeForce RTX 4060) (boo#1234301)

* Wed Dec 04 2024 sndirsch@suse.com

- no longer apply and remove
  u_xfree86-activate-GPU-screens-on-autobind.patch since it's
  no longer needed and might be harmful even ... (tested
  successfully on Thinkpad P16 with Intel/NVIDIA hybrid graphics)
- remove no longer applied and no longer needed patch
  n_xserver-optimus-autoconfig-hack.patch (feature implemented
  upstream)