head 1.5; access; symbols pkgsrc-2026Q2:1.4.0.2 pkgsrc-2026Q2-base:1.4; locks; strict; comment @# @; 1.5 date 2026.07.08.07.41.45; author wiz; state Exp; branches; next 1.4; commitid kHFg3KzFUjVW2PMG; 1.4 date 2026.06.02.11.51.56; author kikadf; state Exp; branches; next 1.3; commitid Js6BYcZL1K9VzdIG; 1.3 date 2026.04.27.13.40.03; author wiz; state Exp; branches; next 1.2; commitid BCok6U40lShllBDG; 1.2 date 2026.04.15.19.03.17; author wiz; state Exp; branches; next 1.1; commitid c7xJWYHO3SQ7w5CG; 1.1 date 2026.04.13.16.52.50; author kikadf; state Exp; branches; next ; commitid oUG6JZREbEt6LOBG; desc @@ 1.5 log @xwayland: update to 24.1.13. This release contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2026-July/003716.html - CVE-2026-55999: glamor Font Atlas Heap Buffer Overflow - CVE-2026-56000: GLX contextTags Use-After-Free in CommonMakeCurrent() In addition we have a few other smaller cleanup fixes. @ text @$NetBSD: distinfo,v 1.4 2026/06/02 11:51:56 kikadf Exp $ BLAKE2s (xwayland-24.1.13.tar.xz) = 8acb10044600ab6f02969337a30d84dac6585d45c6d91e0a352d8b8376abcf8c SHA512 (xwayland-24.1.13.tar.xz) = e06e58025b441892fdd17ac55fd5c7e137bffc941b76ad784dc008047c778c6ee2895fcc47b9e8c74b1d8372491e69c39933c4186aec4df55571614f8ba98e3c Size (xwayland-24.1.13.tar.xz) = 1306456 bytes @ 1.4 log @ xwayland: update to 24.1.12 This release contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2026-June/003702.html - Font Alias Stack-based Buffer Overflow - XSYNC Use-After-Free in miSyncDestroyFence() - XKB Key Types Stack-based Buffer Overflow - XKB SetMap Request Stack-based Buffer Overflow - XSYNC Use-After-Free in FreeCounter() - XSYNC Use-After-Free in SyncChangeCounter() - GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write - CreateSaverWindow Use-After-Free Information Disclosure Additionally, it contains a number of other various fixes from the stable xwayland-24.1 branch. Mikhail Dmitrichenko (2): xkb: fix incorrect size check when growing doodads in a section xkb: fix potential buff overflow in XkbVModIndexText for XkbCFile format Peter Hutterer (15): Xi: add missing gesture grab type checks in ProcXIPassiveUngrabDevice xkb: Fix out-of-bounds array access in _CheckSetShapes() xkb: Fix off-by-one in color index validation in _CheckSetGeom() xkb: Fix off-by-one and NULL dereferences in _CheckSetOverlay() xkb: Add bounds check for action data in CheckKeyActions() present: actually return the created notifies glx: reject negative size in FeedbackBuffer and SelectBuffer requests sync: fix deletion of counters and fences sync: restart trigger list iteration in SyncChangeCounter after TriggerFired xkb: reject key types with num_levels exceeding XkbMaxShiftLevel xkb: clamp nMaps to mapWidths buffer size in CheckKeyTypes glx: fix reversed length check in ChangeDrawableAttributes saver: re-fetch screen private after CheckScreenPrivate in CreateSaverWindow dix: increase XLFDMAXFONTNAMELEN to match libXfont2's MAXFONTNAMELEN Bump version to 24.1.11 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2026/04/27 13:40:03 wiz Exp $ d3 3 a5 3 BLAKE2s (xwayland-24.1.12.tar.xz) = de8f10ad55dc063e3d0649b8ddd3a42db3d687677aec19a1e692161078321923 SHA512 (xwayland-24.1.12.tar.xz) = b4ee41761c2caa7332573be07d9143b60015bb4a7910c90b6ae079dde0a1bf6b0b4773ff4e6fba48279cdee83b4de5eb4a19b9369b5753e4147b94fa2deece96 Size (xwayland-24.1.12.tar.xz) = 1306052 bytes @ 1.3 log @xwayland: update to 24.1.11. This release addresses a number of regressions found in Xwayland 24.1.10: * Avoids spurious focus changes with KDE when listening for mouse buttons is enabled for legacy X11 application support * Fix tablet tools not working anymore as "slave" devices * Fix a crash when running some XTS tests * Fix a crash in window damage handling caused a NULL pointer dereference @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2026/04/15 19:03:17 wiz Exp $ d3 3 a5 3 BLAKE2s (xwayland-24.1.11.tar.xz) = 8b1c18c9b5436a5d1828a5c7b48369f1d4f3f95b9f333b247a67234951495662 SHA512 (xwayland-24.1.11.tar.xz) = 586d7e60c8bf0d92cec66451284c6c43b960010f14a1e204b5de722c610dc067481fd6ece0ffae615ca53ca2d0262e2a3dbb916d04811b8d57c1085bc363f5e9 Size (xwayland-24.1.11.tar.xz) = 1305372 bytes @ 1.2 log @This release contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2026-April/003677.html * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() Additionally, it contains a number of other various fixes from the stable xwayland-24.1 branch: Alan Coopersmith (18): xf86bigfont: fix -Wimplicit-function-declaration error dix: Fix builds with meson -Dxace=false -Dwerror=true meson: don't build xselinux if xace is disabled xwayland: fix builds with xace disabled panoramix: avoid null dereference in PanoramiXMaybeAddDepth() panoramix: avoid null dereference in PanoramiXConsolidate() glamor: handle potential NULL return from GetPictureScreenIfSet() glamor: handle allocation failure in glamor_create_pixmap() glamor: silence false positive in glamor_validate_gc() glamor: handle allocation failures in glamor_largepixmap.c glamor: avoid null dereference in glamor_dash_setup() glamor: avoid null dereference in glamor_composite_clipped_region() glamor: avoid double free in glamor_make_pixmap_exportable() Create a SECURITY.md file dix: set errorValue correctly when XID lookup fails in ChangeGCXIDs() os: make FormatInt64() handle LONG_MIN correctly os: fix sha1 build error with Nettle 4.0 os: include in ospoll.c Alexander Melnyk (1): xkb: Fix locked/latched indicator desync across multiple keyboards Liu Heng (2): xwayland: Fix incorrect pointer coordinates in enter events xwayland: prevent X11 get enter event when pointer is over Wayland client Michel Dänzer (3): xwayland: Update surface window from xwl_unrealize_window xwayland: Use WindowPtr for damage closure again Revert "xwayland: Call register_damage depending on ensure_surface_for_window" Mikhail Dmitrichenko (3): os: avoid closing null fd at Fopen render: fix multiple mem leaks on err paths dix: avoid null ptr deref at doListFontsAndAliases Olivier Fourdan (9): xwayland: Do not pretend leaving the X11 surface if buttons are down xwayland: Expunge the SECURITY.md file xwayland: Use viewport scale for warping coordinates xkb: Fix bounds check in _CheckSetGeom() miext/sync: Fix use-after-free in miSyncTriggerFence() xkb: Fix out-of-bounds read in CheckModifierMap() xkb: Add additional bound checking in CheckKeyTypes() xkb: Add more _XkbCheckRequestBounds() Bump version to 24.1.10 Peter Harris (1): xkb: fix buffer re-use in _XkbSetCompatMap Pierre Le Marre (2): xkb: Fix key type without level names in XkbCopyKeymap xkb: Fix serialization of key type without level names Twaik Yont (1): os: use close-on-exec for X server socket to prevent fd leaks Yixue Wang (1): xwayland: wrong expecting_event hongao (1): randr: clear primary screen's primaryOutput when the output is deleted quantenzitrone (2): COPYING: add missing paragraph to SGI-B-2.0 COPYING: add author to HPND-sell-MIT-disclaimer-xserver @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2026/04/13 16:52:50 kikadf Exp $ d3 3 a5 3 BLAKE2s (xwayland-24.1.10.tar.xz) = 1cdf441a7279fa29114e1bed06f2c09912bc1b853d41b7d96a7154140798740b SHA512 (xwayland-24.1.10.tar.xz) = bceba1db7f4d7ac92d2b2a3c8f6f7ab0cc093f396fe89406f8dba25e32ffc3edfa552df246cbfb3b0708c1d28b3e179694d11870b063d5b8f9ab2db9fb861a8f Size (xwayland-24.1.10.tar.xz) = 1305612 bytes @ 1.1 log @ xwayland: move and rename x11/modular-xorg-xwayland package update to 24.1.9 The modular-xorg-xwayland package is not used by any pkgsrc package, and it is not usable on its own. Therefore, instead of following the usual move and rename steps, it has been removed, and a new xwayland package has been added. This change is justified by the fact that xwayland can be built against native X11, making it usable with Wayland compositors. @@kikadf @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2023/03/30 08:45:19 wiz Exp $ d3 3 a5 3 BLAKE2s (xwayland-24.1.9.tar.xz) = 9ef10ae97beac77d8681f8d926c6d088fae122f3e4767604ddcb5bb85d816add SHA512 (xwayland-24.1.9.tar.xz) = 7438a572651dc77c1fd749879abccdc9a245c7b75143668d5561a8e99d41063f042a8eb3f9b931a2a12be1fc3cb9d197eee6794d0702a19e56c20f55acb35a26 Size (xwayland-24.1.9.tar.xz) = 1304268 bytes @