Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xorg-x11-server for openSUSE:Factory
checked in at 2023-02-08 17:19:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xorg-x11-server (Old)
and /work/SRC/openSUSE:Factory/.xorg-x11-server.new.4462 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xorg-x11-server"
Wed Feb 8 17:19:52 2023 rev:417 rq:1063640 version:21.1.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/xorg-x11-server/xorg-x11-server.changes
2023-01-26 14:12:07.964804959 +0100
+++
/work/SRC/openSUSE:Factory/.xorg-x11-server.new.4462/xorg-x11-server.changes
2023-02-08 17:19:57.125842706 +0100
@@ -1,0 +2,20 @@
+Tue Feb 7 14:35:33 UTC 2023 - Stefan Dirsch <[email protected]>
+
+- Update to version xorg-server-21.1.7:
+ * This release contains the fix for CVE-2023-0494 in today's security
+ advisory:
+ https://lists.x.org/archives/xorg-announce/2023-February/003320.html
+ It also fixes a second possible OOB access during EnqueueEvent and a
+ crasher caused by ResourceClientBits not correctly honouring the
+ MaxClients value in the configuration file.
+- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch,
+ U_xorg-server-oob-read-enqueue-event.patch
+
+-------------------------------------------------------------------
+Wed Feb 1 10:18:32 UTC 2023 - Stefan Dirsch <[email protected]>
+
+- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
+ * DeepCopyPointerClasses use-after-free (CVE-2023-0494,
+ ZDI-CAN-19596, bsc#1207783)
+
+-------------------------------------------------------------------
Old:
----
U_xorg-server-oob-read-enqueue-event.patch
xserver-xorg-server-21.1.6.tar.xz
New:
----
xorg-server-21.1.7.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xorg-x11-server.spec ++++++
--- /var/tmp/diff_new_pack.zE2Nwv/_old 2023-02-08 17:19:58.221848086 +0100
+++ /var/tmp/diff_new_pack.zE2Nwv/_new 2023-02-08 17:19:58.229848125 +0100
@@ -36,14 +36,14 @@
%endif
Name: xorg-x11-server
-Version: 21.1.6
+Version: 21.1.7
Release: 0
URL: http://xorg.freedesktop.org/
Summary: X
# Source URL: http://xorg.freedesktop.org/archive/individual/xserver/
License: MIT
Group: System/X11/Servers/XF86_4
-Source0: xserver-xorg-server-%{version}.tar.xz
+Source0: xorg-server-%{version}.tar.xz
Source1: sysconfig.displaymanager.template
Source2: README.updates
Source3: xorgcfg.tar.bz2
@@ -208,7 +208,6 @@
Patch100: u_01-Improved-ConfineToShape.patch
Patch101:
u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch
Patch104: u_xorg-server-xdmcp.patch
-Patch105: U_xorg-server-oob-read-enqueue-event.patch
Patch117: xorg-x11-server-byte-order.patch
@@ -348,7 +347,7 @@
This package contains patched sources of X.Org Server.
%prep
-%setup -q -n xserver-xorg-server-%{version} -a3
+%setup -q -n xorg-server-%{version} -a3
# Early verification if the ABI Defines are correct. Let's not waste build
cycles if the Provides are wrong at the end.
sh %{SOURCE92} --verify . %{SOURCE91}
@@ -370,7 +369,6 @@
%patch100 -p1
#%patch101 -p1
%patch104 -p1
-%patch105 -p1
%patch117 -p1
%patch160 -p1
%patch208 -p1
