Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xorg-x11-server for openSUSE:Factory checked in at 2023-02-08 17:19:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xorg-x11-server (Old) and /work/SRC/openSUSE:Factory/.xorg-x11-server.new.4462 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xorg-x11-server" Wed Feb 8 17:19:52 2023 rev:417 rq:1063640 version:21.1.7 Changes: -------- --- /work/SRC/openSUSE:Factory/xorg-x11-server/xorg-x11-server.changes 2023-01-26 14:12:07.964804959 +0100 +++ /work/SRC/openSUSE:Factory/.xorg-x11-server.new.4462/xorg-x11-server.changes 2023-02-08 17:19:57.125842706 +0100 @@ -1,0 +2,20 @@ +Tue Feb 7 14:35:33 UTC 2023 - Stefan Dirsch <sndir...@suse.com> + +- Update to version xorg-server-21.1.7: + * This release contains the fix for CVE-2023-0494 in today's security + advisory: + https://lists.x.org/archives/xorg-announce/2023-February/003320.html + It also fixes a second possible OOB access during EnqueueEvent and a + crasher caused by ResourceClientBits not correctly honouring the + MaxClients value in the configuration file. +- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch, + U_xorg-server-oob-read-enqueue-event.patch + +------------------------------------------------------------------- +Wed Feb 1 10:18:32 UTC 2023 - Stefan Dirsch <sndir...@suse.com> + +- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch + * DeepCopyPointerClasses use-after-free (CVE-2023-0494, + ZDI-CAN-19596, bsc#1207783) + +------------------------------------------------------------------- Old: ---- U_xorg-server-oob-read-enqueue-event.patch xserver-xorg-server-21.1.6.tar.xz New: ---- xorg-server-21.1.7.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xorg-x11-server.spec ++++++ --- /var/tmp/diff_new_pack.zE2Nwv/_old 2023-02-08 17:19:58.221848086 +0100 +++ /var/tmp/diff_new_pack.zE2Nwv/_new 2023-02-08 17:19:58.229848125 +0100 @@ -36,14 +36,14 @@ %endif Name: xorg-x11-server -Version: 21.1.6 +Version: 21.1.7 Release: 0 URL: http://xorg.freedesktop.org/ Summary: X # Source URL: http://xorg.freedesktop.org/archive/individual/xserver/ License: MIT Group: System/X11/Servers/XF86_4 -Source0: xserver-xorg-server-%{version}.tar.xz +Source0: xorg-server-%{version}.tar.xz Source1: sysconfig.displaymanager.template Source2: README.updates Source3: xorgcfg.tar.bz2 @@ -208,7 +208,6 @@ Patch100: u_01-Improved-ConfineToShape.patch Patch101: u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch Patch104: u_xorg-server-xdmcp.patch -Patch105: U_xorg-server-oob-read-enqueue-event.patch Patch117: xorg-x11-server-byte-order.patch @@ -348,7 +347,7 @@ This package contains patched sources of X.Org Server. %prep -%setup -q -n xserver-xorg-server-%{version} -a3 +%setup -q -n xorg-server-%{version} -a3 # Early verification if the ABI Defines are correct. Let's not waste build cycles if the Provides are wrong at the end. sh %{SOURCE92} --verify . %{SOURCE91} @@ -370,7 +369,6 @@ %patch100 -p1 #%patch101 -p1 %patch104 -p1 -%patch105 -p1 %patch117 -p1 %patch160 -p1 %patch208 -p1