Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xtrans for openSUSE:Factory checked in at 2023-06-12 15:25:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xtrans (Old) and /work/SRC/openSUSE:Factory/.xtrans.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xtrans" Mon Jun 12 15:25:02 2023 rev:17 rq:1091972 version:1.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/xtrans/xtrans.changes 2020-10-03 18:54:26.141411393 +0200 +++ /work/SRC/openSUSE:Factory/.xtrans.new.15902/xtrans.changes 2023-06-12 15:25:38.722765876 +0200 @@ -1,0 +2,29 @@ +Sat Jun 10 10:39:31 UTC 2023 - Stefan Dirsch <sndir...@suse.com> + +- Update to 1.5.0 +xtrans is a library of code that is shared among various X packages to handle +network protocol transport in a modular fashion, allowing a single place to +add new transport types - but it is *not* a shared library, more like a \ +"header-only" library. It is used by the X server, the XIM support in libX11, +libICE, the X font server, and related components. Because this is not a +shared library, the changes in this release will only take effect in consumers +that are rebuilt on a system with this release of xtrans installed. + +This release makes progress towards resolving CVE-2020-25697, reported in +https://www.openwall.com/lists/oss-security/2020/11/09/3 . Clients will no +longer attempt to connect to sockets in the abstract namespace, though +servers will still bind to them to prevent other programs binding to those +names to intercept connections from clients using libraries built with older +versions of libxtrans or libxcb while the servers are running. Clients can +also now specify a full Unix domain socket pathname to connect to, instead +of relying on built-in defaults under /tmp. (Note that libX11 1.4.0 and later +relies on libxcb for making connections instead of libxtrans, so X11 protocol +clients will get this support in an upcoming release of libxcb, and the changes +in xtrans will only affect clients of other protocols using libxtrans, such as +XIM, ICE, SM, and the font service protocols.) + +This release also removes support for System V UNIX platforms other than +Solaris and the illumos family - OS'es from SCO, AT&T's Unix Systems Group, +Novell, and NCR are no longer supported. + +------------------------------------------------------------------- Old: ---- xtrans-1.4.0.tar.bz2 New: ---- xtrans-1.5.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xtrans.spec ++++++ --- /var/tmp/diff_new_pack.Ih4zEE/_old 2023-06-12 15:25:39.786772171 +0200 +++ /var/tmp/diff_new_pack.Ih4zEE/_new 2023-06-12 15:25:39.798772242 +0200 @@ -1,7 +1,7 @@ # # spec file for package xtrans # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: xtrans -Version: 1.4.0 +Version: 1.5.0 Release: 0 Summary: Library to handle network protocol transport in X License: MIT Group: Development/Libraries/X11 URL: https://xorg.freedesktop.org/ -Source: http://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.bz2 +Source: http://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.xz Patch0: p_xauth.diff Patch1: n_unifdef-LBXPROXY_t-and-TEST_t.patch Patch2: u_xtrans-noarch-pkgconfig.patch
