Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libX11-6-1.8.7-150600.1.2 RPM for x86_64

From OpenSuSE Leap 15.6 for x86_64

Name: libX11-6 Distribution: SUSE Linux Enterprise 15
Version: 1.8.7 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150600.1.2 Build date: Fri Mar 8 19:33:01 2024
Group: System/Libraries Build host: h01-ch3c
Size: 1317248 Source RPM: libX11-1.8.7-150600.1.2.src.rpm
Packager: https://www.suse.com/
Url: http://xorg.freedesktop.org/
Summary: Core X11 protocol client library
The X Window System is a network-transparent window system that was
designed at MIT. X display servers run on computers with either
monochrome or color bitmap display hardware. The server distributes
user input to and accepts output requests from various client
programs located either on the same machine or elsewhere in the
network. Xlib is a C subroutine library that application programs
(clients) use to interface with the window system by means of a
stream connection.

Provides

Requires

License

MIT

Changelog

* Mon Nov 20 2023 sndirsch@suse.com
  - this update is needed due to jsc#PED-7282; it includes the
    security fix for CVE-2022-3555 (bsc#1204425, bsc#1208881) and
    a fix for a race condition in libX11 that causes various
    applications to crash randomly (boo#1181963)
* Tue Oct 03 2023 sndirsch@suse.com
  - update to 1.8.7
    This release contains fixes for the issues reported in security
    advisory here:
      https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    * fixes CVE-2023-43785 libX11: out-of-bounds memory access in
      _XkbReadKeySyms() (boo#1215683)
    * fixes CVE-2023-43786 libX11: stack exhaustion from infinite recursion
    in PutSubImage() (boo#1215684)
    * fixes CVE-2023-43787 libX11: integer overflow in XCreateImage()
      leading to a heap overflow (boo#1215685)
    along with:
    * Fail XOpenDisplay() if server-provided default visual is invalid (!233)
    * Bring XKB docs in line with actual implementation (!231, !228)
    * Xutil.h: declare XEmptyRegion() and XEqualRegion() as Bool (!225)
    * Assorted updates to en_US.UTF-8 compose keys (!213, !214, !215, !216,
      !217, !219, !220, !222, !223, !226, !227, !229)
* Sat Jul 15 2023 dmueller@suse.com
  - update to 1.8.6:
    * InitExt.c: Add bounds checks for extension request,
      event, & error codes
    * Fixes CVE-2023-3138: X servers could return values from
      XQueryExtension that would cause Xlib to write entries
      out-of-bounds of the arrays to store them, though this
      would only overwrite other parts of the Display
      struct, not outside the bounds allocated for that
      structure.
  - drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream)
* Mon Jun 12 2023 sndirsch@suse.com
  - U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
    * Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138)
* Thu Jun 01 2023 sndirsch@suse.com
  - Update to version 1.8.5
    * gitlab CI: Add libtool to required packages
    * configure: raise minimum autoconf requirement to 2.70
    * configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING
    * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
    * gitlab CI: add workflow rules
    * nls: delete compose sequences that pointlessly mix upper and lower case
    * nls: remove four hundred and sixty untypable Greek compose sequences
    * nls: remove twenty two untypable Greek compose sequences
    * XSetScreenSaver.man: restore the part that was accidentally snipped
    * nls: make the Amharic compose sequences use the dead-vowel symbols
    * nls: sort three sequences alphabetically in their group, like all others
    * nls: delete six compose sequences that cannot be typed
    * nls: use a slash instead of a combining solidus in compose sequences
    * NLS: move long S compositions to respective blocks
    * NLS: implement the expansion of the six Breton N-graph keysyms
    * NLS: move dead-caron subscript compositions to the relevant Unicode block
    * NLS: Remove strange dead_cedilla cedi sign sequences
    * nls: add compose sequence for capital schwa, and delete a deviant one
  - Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11
    will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order
    to keep those sequeunces working with this release.
* Thu Mar 09 2023 llyyr.public@gmail.com
  - Update to version 1.8.4
    This release fixes the regressions in previous 1.8.x related to the thread-
    - safety-constructor option. (boo#1209176)
  - supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* Mon Dec 05 2022 sndirsch@suse.com
  - Update to version 1.8.1
    This release fixes the --enable-thread-safety-constructor option to the
    configure script to work as intended.  In the previous release, the changes
    for this option may not have been enabled when the option was not specified
    or when the --enable option was specified.
    While we have enabled it by default, believing that doing so will reduce
    the number of bugs users encounter running libX11 clients, in some cases
    it may expose bugs in which clients had previously gotten away with calling
    libX11 functions while a libX11 lock is already held, and thus now deadlock,
    as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157
  - let's hope this version doesn't suffer yet from the regressions
    reported in boo#1205778, boo#1205818 (reported against 1.8.2);
    we need libX11 thread safe for totem (GNOME 43) :-(
* Mon Dec 05 2022 sndirsch@suse.com
  - going back to version 1.7.5 for now to get rid of regressions,
    which were introduced by trying to get thread-safe in libX11
    itself
  - re-introduced U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
    which was not yet in 1.7.5
  - supersedes the following patches
    * U_0001-Add-XFreeThreads-function.patch
    * U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch
    * U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch
    * U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch
    * U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch
* Sat Dec 03 2022 sndirsch@suse.com
  - U_0001-Add-XFreeThreads-function.patch
    U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch
    U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch
    U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch
    U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch
    * adding all patches since 1.8.2 release in order to try fixing
      regressions after introducing thread safety constructor with
      1.8.1 (boo#1205778, boo#1205818)
  - supersedes U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch
  - re-enabled thread safe constructor
* Fri Dec 02 2022 sndirsch@suse.com
  - back to "--disable-thread-safety-constructor" for now; we see just
    too many regressions, e.g. firefox freezes and crashes, crashes with
    barrierc, crashes in Godot, assertions with vkquake (boo#1205818,
    boo#1205778)
* Sat Nov 26 2022 sndirsch@suse.com
  - U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch
    * fixed Firefox freezes (regression since 1.8.2) (boo#1205778)
* Fri Nov 11 2022 sndirsch@suse.com
  - Update to version 1.8.2
    * This is primarily a bug fix release, including further work on
      improving the thread-safety-constructor and making it work with
      software which had incorrectly called libX11 functions from
      inside X*IfEvent() calls.
  - supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* Wed Oct 19 2022 sndirsch@suse.com
  - U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
    * security update for CVE-2022-3554 (bsc#1204422)
* Thu Jun 09 2022 sndirsch@suse.com
  - Update to version 1.8.1
    This release fixes the --enable-thread-safety-constructor option to the
    configure script to work as intended.  In the previous release, the changes
    for this option may not have been enabled when the option was not specified
    or when the --enable option was specified.
    While we have enabled it by default, believing that doing so will reduce
    the number of bugs users encounter running libX11 clients, in some cases
    it may expose bugs in which clients had previously gotten away with calling
    libX11 functions while a libX11 lock is already held, and thus now deadlock,
    as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 .
* Fri Apr 29 2022 sndirsch@suse.com
  - Update to version 1.8
    * The highlight of this release is that we now try to initialize
      thread safety ourselves, rather than hope the application does it.
      This should resolve a number of long-standing bugs with the libxcb
      integration, since the socket handoff mechanism essentially has to
      be thread-safe.
* Sun Apr 03 2022 sndirsch@suse.com
  - Update to version 1.7.4
    * Don't try to destroy NULL condition variables
* Thu Mar 31 2022 sndirsch@suse.com
  - Update to version 1.7.4
    * bugfix release
  - supersedes p_khmer-compose.diff
* Fri Dec 10 2021 sndirsch@suse.com
  - Update to version 1.7.3.1
    * This release of libX11 corrects a packaging problem in 1.7.3
      which caused the m4 files needed for autoreconf to not be
      included in the tarballs.
    * As a bonus, this release also includes one tiny typo fix in the
      XIM specs.
* Tue Dec 07 2021 sndirsch@suse.com
  - Update to version 1.7.3
    * This release includes a number of bug fixes and adds support for
      the _EVDEVK keysyms added in xorgproto 2021.2.
* Mon Nov 15 2021 sndirsch@suse.com
  - u_no-longer-crash-in-XVisualIDFromVisual.patch
    * no longer crash in XVisualIDFromVisual() [boo#1191517]
* Sun Jun 06 2021 sndirsch@suse.com
  - Update to version 1.7.2
    * bug fix release, correcting a regression introduced by and
      improving the checks from the fix for CVE-2021-31535.
  - supersedes U_Check-for-NULL-strings-before-getting-their-lengths.patch
* Mon May 31 2021 sndirsch@suse.com
  - U_Check-for-NULL-strings-before-getting-their-lengths.patch
    * regression in libX11 1.7.1 (boo#1186643)
      fixes segfaults for xforms applications like fdesign
* Tue May 18 2021 sndirsch@suse.com
  - Update to version 1.7.1
    * security update for CVE-2021-31535 (bsc#1182506)
  - supersedes U_CVE-2021-31535.patch
* Mon May 17 2021 sndirsch@suse.com
  - U_CVE-2021-31535.patch
    * adds missing request length checks in libX11 (CVE-2021-31535,
      bsc#1182506)
* Sat Nov 21 2020 sndirsch@suse.com
  - Update to version 1.7.0
    * libX11 version 1.7.0 includes a new API, hence the change from
      the 1.6 series to 1.7:
      XSetIOErrorExitHandler which provides a mechanism for applications
      to recover from I/O error conditions instead of being forced to
      exit. Thanks to Carlos Garnacho for this.
    * This release includes a bunch of bug fixes, some which have been
      pending for over three years:
      + A bunch of nls cleanups to remove obsolete entries and clean up
      formatting of the ist. Thanks to Benno Schulenberg for these.
      + Warning fixes and other cleanups across a huge swath of the
      library. Thanks to Alan Coopersmith for these.
      + Memory allocation bugs, including leaks and use after free in the
      locale code. Thanks to Krzesimir Nowak, Jacek Caban and Vittorio
      Zecca for these.
      + Thread safety fixes in the locale code. Thanks to Jacek Caban for
      these.
      + poll_for_response race condition fix. Thanks to Frediano Ziglio for
      the bulk of this effort, and to Peter Hutterer for careful review
      and improvements.
    * Version 1.7.0 includes a couple of new locales:
      ia and ie locales. Thanks to Carmina16 for these.
    * There are also numerous compose entries added, including:
      + |^ or ^| for ↑, |v or v| for ↓, ~~ for ≈. Thanks to Antti
      Savolainen for this.
      + Allowing use of 'v' for caron, in addition to 'c', so things like
      vC for Č, vc for č. Thanks to Benno Schulenberg for this.
      + Compose sequences LT, lt for '<', and GT, gt for '>' for keyboards
      where those are difficult to access. Thanks to Jonathan Belsewir
      for this.
  - refreshed patches en-locales.diff, p_khmer-compose.diff and
    p_xlib_skip_ext_env.diff
* Tue Aug 25 2020 sndirsch@suse.com
  - Update to version 1.6.12
    * Fix an integer overflow in init_om() [CVE-2020-14363, boo#1175239]
* Sat Aug 15 2020 tobias.klausmann@freenet.de
  - Update to version 1.6.11:
    A collection of random and security fixes.
  - Remove patches included in this release:
    + U_001-ChangeTheData_lenParameterOf_XimAttributeToValueToCARD16.patch
    + U_002-FixIntegerOverflowsIn_XimAttributeToValue.patch
    + U_003-FixMoreUncheckedLengths.patch
    + U_004-FixSignedLengthValuesIn_XimGetAttributeID.patch
    + U_005-ZeroOutBuffersInFunctions.patch
    + U_006-Fix-size-calculation-in-_XimAttributeToValue.patch
  - Adapt patch p_xlib_skip_ext_env.diff to work with the new version
* Tue Aug 04 2020 tiwai@suse.de
  - U_006-Fix-size-calculation-in-_XimAttributeToValue.patch:
    * Regression fix in previous XIM client head overflow fixes
      (CVE-2020-14344, bsc#1174628)
* Fri Jul 31 2020 sndirsch@suse.com
  - U_001-ChangeTheData_lenParameterOf_XimAttributeToValueToCARD16.patch,
    U_002-FixIntegerOverflowsIn_XimAttributeToValue.patch,
    U_003-FixMoreUncheckedLengths.patch,
    U_004-FixSignedLengthValuesIn_XimGetAttributeID.patch,
    U_005-ZeroOutBuffersInFunctions.patch,
    * XIM client heap overflows (CVE-2020-14344, bsc#1174628)
* Sun Oct 20 2019 stefan.bruens@rwth-aachen.de
  - Add conflicts for old xorgproto-devel, X11/extensions/XKBgeom.h
    was moved to libX11-devel.
* Wed Oct 09 2019 sndirsch@suse.com
  - Update to version 1.6.9
    * A collection of build and documentation fixes, one preparatory
      change for a new xorgproto release, and a fix for a deadlock
      bug in _XReply.
* Mon Jun 17 2019 sndirsch@suse.com
  - Update to version 1.6.8
    * bug fixes
* Wed Oct 10 2018 sndirsch@suse.com
  - Update to version 1.6.7
    * XcmsLookupColor: fully initialize XColor structs passed to
      _XColor_to_XcmsRGB
    * poll_for_response: Call poll_for_event again if xcb_poll_for_reply fails
    * poll_for_event: Allow using xcb_poll_for_queued_event
* Mon Aug 27 2018 tchvatal@suse.com
  - Format spec with spec-cleaner
  - Use %autopatch to not bother with one-by-one patch application
  - Remove autoreconf as we no longer patch any of the buildsystem
  - Explicitly disable silent rules during configuration
* Wed Aug 22 2018 tobias.johannes.klausmann@mni.thm.de
  - Update to version 1.6.6:
    + Make Xkb{Get,Set}NamedIndicator spec & manpages match code
    + Clarify state parameter to XkbSetNamedDeviceIndicator
    + Improve table formatting in XkbChangeControls & XkbKeyNumGroups man pages
    + If XGetImage fails to create image, don't dereference it to bounds check
    + Use size_t for buffer sizes in SetHints.c
    + Change fall through comment in lcDB.c to match gcc's requirements
    + _XDefaultError: set XlibDisplayIOError flag before calling exit
    + Fix possible memory leak in cmsProp.c:140
    + Don't rebuild ks_tables.h if nothing changed.
    + Remove statement with no effect.
    + Use flexible array member instead of fake size.
    + Valgrind fix for XStoreColor and XStoreColors.
    + XkbOpenDisplay.3: fix typo
    + Validation of server response in XListHosts.
    + Fixed off-by-one writes (CVE-2018-14599).
    + Fixed out of boundary write (CVE-2018-14600).
    + Fixed crash on invalid reply (CVE-2018-14598).
    + fix shadow warning
    + _XIOError(dpy); will never return so remore dead
    + remove argument check for free() adjust one inden
    + fix shadow char_size
    + fix more shadow warning
    + no need to check argument for _XkbFree()
    + remove stray extern
    + no need to check args for Xfree()
    + fix memleak in error path
    + fix memleak in error path
    + no need to check XFree arguments
    + mark _XDefaultIOError as no_return
    + Fixes: warning: variable 'req' set but not,used
    + add _X_UNUSED to avoid unused variable warnings
    + remove empty line
    + silence gcc warning assignment discards 'const' qualifier from pointer target type
  - Packaging changes:
    + Remove upstreamed u_Use-flexible-array-member-instead-of-fake-size.patch
    + Remove upstreamed u_off-by-one-write-in-XListExtensions.patch
    + Remove upstreamed u_out-of-boundary-write-in-XListExtensions.patch
    + Remove upstreamed u_crash-on-invalid-reply-in-XListExtensions.patch
* Mon Aug 20 2018 sndirsch@suse.com
  - u_off-by-one-write-in-XListExtensions.patch
    * fixes off-by-one write in XListExtensions (bsc#1102062, CVE-2018-14599)
  - u_out-of-boundary-write-in-XListExtensions.patch
    * fixes out of boundary write in XListExtensions (bsc#1102068, CVE-2018-14600)
  - u_crash-on-invalid-reply-in-XListExtensions.patch
    * crash on invalid reply in XListExtensions (bsc#1102073, CVE-2018-14598)
* Thu Mar 15 2018 msrb@suse.com
  - u_Use-flexible-array-member-instead-of-fake-size.patch
    * Fixes build error with gcc8. (bnc#1084639)
* Wed Mar 01 2017 tobias.johannes.klausmann@mni.thm.de
  - Update to version 1.6.5:
    + Revert "Compose sequences for rouble sign"
    + specs/libX11: More synopsis fixes
    + specs/libX11: Fix paramdef entries listing multiple parameters
    + specs/libX11: Make paramdef spacing more consistent
    + specs/libX11: Add missing parameter types for XGetWindowProperty()
    + specs/libX11: Fix broken synopsis for Data/Data16/Data32
    + specs/libX11: Update Portability Considerations for the 21st century
    + autogen.sh: use quoted string variables
    + Plug a memory leak
    + Fix wrong Xfree in XListFonts failure path
    + Typos in "Xlib - C Language X Interface" document - Chapter 02
    + autogen: add default patch prefix
    + Compose sequences for rouble sign
    + autogen.sh: use exec instead of waiting for configure to finish
    + Revert cs_CZ.UTF-8 XLC_LOCALE to en_US.UTF-8
  - supersedes u_nls-fix-handling-of-cs_CZ.UTF8_locale.patch
* Tue Nov 08 2016 sndirsch@suse.com
  - u_nls-fix-handling-of-cs_CZ.UTF8_locale.patch
    * refix cs_CZ.UTF-locale (boo#1008951, fdo#81875, fdo#98219)
* Sat Nov 05 2016 jengelh@inai.de
  - Run fdupes over at least the manpages
* Sat Oct 29 2016 tobias.johannes.klausmann@mni.thm.de
  - Update to version 1.6.4:
    + Move Compose \ o / to be with other emoji compose sequences
    + Replace Xmalloc+memset pairs with Xcalloc calls
    + Remove unused definition of XCONN_CHECK_FREQ
    + Bug 93184: read_EncodingInfo invalid free
    + Bug 93183: _XDefaultOpenIM memory leaks in out-of-memory error paths
    + Use strdup instead of Xmalloc+strcpy in _XDefaultOpenIM
    + XDefaultOMIF: replace strlen+Xmalloc+strcpy with strdup, code simplification
    + XlcDL.c: replace strcpy+strcat sequences with snprintf
    + XlcDL.c: reduce code duplication
    + lcPubWrap: replace malloc(strlen) + strcpy with strdup
    + Stop checking XTRANS_SECURE_RPC_FLAGS since we no longer use them
    + Stop checking for preferred order of local transports
    + Don't need to link libX11-xcb against libX11
    + xcms: use size_t for strlen/sizeof values instead of converting to int & back
    + xcms: use unsigned indexes when looping through unsigned values
    + xcms: use size_t for pointer offsets passed to strncmp
    + omGeneric.c: Correct the parameter usage of sizeof
    + fix for Xlib 32-bit request number issues
    + Add Compose sequence for U+1F4A9.
    + Xlib.h: Fix macros imitating C functions.
    + Add compose file for pt_PT similar to pt_BR
    + Mark _XNextRequest as hidden
    + New compose keys for local languages in Togo
    + Fixup param specification for XChangeProperty()
  - Package changes:
    + Remove upstream patch U_fix_for_Xlib_32-bit_request_number_issues.patch
* Mon Nov 23 2015 msrb@suse.com
  - U_fix_for_Xlib_32-bit_request_number_issues.patch
    * Fix for overflow of requet number on 32bit platforms.
      (bnc#845916)
* Thu Mar 12 2015 sndirsch@suse.com
  - marked baselibs.conf as source file in specfile
* Wed Mar 11 2015 tobias.johannes.klausmann@mni.thm.de
  - Update to version 1.6.3:
    This release of libX11 looks bigger than it is, due to a lot of spec/doc
    cleanup work that doesn't affect the code itself.  There is still a good
    deal of bug fixes, code cleanup, locale improvements, and compose key table
    additions, including new UTF-8 compose sequences for:
    + <Multi_key> <R> <equal>      : "<U+20B9>" U20b9 # INDIAN RUPEE SIGN
    + <Multi_key> <S> <semicolon>  : "Ș"   U0218  # LATIN CAPITAL LETTER S WITH COMMA BELOW
    + <Multi_key> <s> <semicolon>  : "ș"   U0219  # LATIN SMALL LETTER S WITH COMMA BELOW
    + <Multi_key> <T> <semicolon>  : "Ț"   U021A  # LATIN CAPITAL LETTER T WITH COMMA BELOW
    + <Multi_key> <t> <semicolon>  : "ț"   U021B  # LATIN SMALL LETTER T WITH COMMA BELOW
    + <Multi_key> <F> <U>          : "<U+1F595>"  U1F595 # REVERSED HAND WITH MIDDLE FINGER EXTENDED
    + <Multi_key> <L> <L> <A> <P>  : "<U+1F596>"  U1F596 # RAISED HAND WITH PART BETWEEN MIDDLE AND RING FINGERS
  - Changes to package:
    + remove Patch16: U_nls-en_US.UTF-8-Compose.pre-Fix-typo.patch

Files

/usr/lib64/libX11.so.6
/usr/lib64/libX11.so.6.4.0


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 20:06:21 2024