| 2f76b07d |
24-Jun-2025 |
mrg <mrg@NetBSD.org> |
merge xorg-server 21.1.18. |
| 54b5899c |
24-Jun-2025 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.18 |
| d566a54b |
26-Feb-2025 |
mrg <mrg@NetBSD.org> |
merge xorg-server 21.1.16. |
| f2346221 |
26-Feb-2025 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.16 |
| 59ca590c |
30-Oct-2024 |
mrg <mrg@NetBSD.org> |
merge xorg-server 21.1.14. |
| 58cf2af7 |
30-Oct-2024 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.14 |
| 875c6e4f |
04-Jul-2024 |
mrg <mrg@NetBSD.org> |
merge xorg-server 21.1.13. |
| eee80088 |
25-Oct-2023 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.9 |
| 3138c4c0 |
07-Feb-2023 |
mrg <mrg@NetBSD.org> |
merge xorg-server 21.1.7. |
| a1e1cf94 |
07-Feb-2023 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.7 |
| d36a1693 |
08-Jan-2023 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.6 |
| c82838c1 |
19-Dec-2022 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.5 |
| 90bea6a0 |
15-Jul-2022 |
mrg <mrg@NetBSD.org> |
merge xorg-server 21.1.4. |
| dc61d50d |
15-Jul-2022 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.4 |
| 5a112b11 |
15-Jul-2022 |
mrg <mrg@NetBSD.org> |
merge xorg-serer 21.1.3. |
| ed6184df |
15-Jul-2022 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.3 |
| d44ca368 |
11-Jul-2021 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.20.12 and xkeyboard-config 2.33. |
| a035e2b2 |
11-Jul-2021 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.12 |
| c8548ba8 |
27-Apr-2021 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.11 |
| 806e81e9 |
05-Dec-2020 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.20.10. |
| 5a7dfde8 |
05-Dec-2020 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.10 |
| 32414907 |
31-Jul-2020 |
maya <maya@NetBSD.org> |
Backport the only patch from xorg-server 1.20.9 as I can't find a tarball.
From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Sat, 25 Jul 2020 19:33:50 +0200
Subject: [PATCH] fix for ZDI-11426
Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> |
| 4e185dc0 |
23-Feb-2020 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.20.6. |
| 25da500f |
23-Feb-2020 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.6 |
| 15af7600 |
01-Jun-2019 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.20.5. |
| 3517b66b |
01-Jun-2019 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.5 |
| e23ec014 |
03-Mar-2019 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.4 |
| 7e31ba66 |
31-Dec-2018 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.20.3. |
| 1b5d61b8 |
31-Dec-2018 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.3 |
| 6e78d31f |
04-Nov-2017 |
mrg <mrg@NetBSD.org> |
apply fixes for CVEs 2017-12176 to 2017-12187.
--
From 1b1d4c04695dced2463404174b50b3581dbd857b Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Sun, 21 Dec 2014 01:10:03 -0500
Subject: hw/xfree86: unvalidated lengths
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
--
From 211e05ac85a294ef361b9f80d689047fa52b9076 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@suse.com>
Date: Fri, 7 Jul 2017 17:21:46 +0200
Subject: Xi: Test exact size of XIBarrierReleasePointer
Otherwise a client can send any value of num_barriers and cause reading or swapping of values on heap behind the receive buffer.
--
From 4ca68b878e851e2136c234f40a25008297d8d831 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Fri, 9 Jan 2015 10:09:14 -0500
Subject: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo
(CVE-2017-12177)
v2: Protect against integer overflow (Alan Coopersmith)
--
From 55caa8b08c84af2b50fbc936cf334a5a93dd7db5 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Fri, 9 Jan 2015 11:43:05 -0500
Subject: xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
--
From 859b08d523307eebde7724fd1a0789c44813e821 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Wed, 24 Dec 2014 16:22:18 -0500
Subject: Xi: fix wrong extra length check in ProcXIChangeHierarchy
(CVE-2017-12178)
--
From 9c23685009aa96f4b861dcc5d2e01dbee00c4dd9 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@suse.com>
Date: Fri, 7 Jul 2017 17:04:03 +0200
Subject: os: Make sure big requests have sufficient length.
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF. Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
--
From b747da5e25be944337a9cd1415506fc06b70aa81 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Fri, 9 Jan 2015 10:15:46 -0500
Subject: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) |
| 0679523a |
07-Jul-2017 |
mrg <mrg@NetBSD.org> |
CVE-2017-10971 and CVE-2017-10972: apply fixes to the event loop from
https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
XXX: pullup-[678] (6/7 also need xfree port.) |
| f7df2e56 |
11-Aug-2016 |
mrg <mrg@NetBSD.org> |
first merge of netbsd changes. not tested yet. |
| 35c4bbdf |
10-Aug-2016 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.18.4 |
| 0b0d8713 |
09-Dec-2014 |
mrg <mrg@NetBSD.org> |
apply fixes for:
X.Org Security Advisory: Dec. 9, 2014
Protocol handling issues in X Window System servers
backported to 1.10.x by myself.
included are fixes for:
denial of service due to unchecked malloc in client authentication
CVE-2014-8091
integer overflows calculating memory needs for requests
CVE-2014-8092
CVE-2014-8093
CVE-2014-8094
out of bounds access due to not validating length or offset values in requests
CVE-2014-8095
CVE-2014-8096
CVE-2014-8097
CVE-2014-8098
CVE-2014-8099
CVE-2014-8100
CVE-2014-8101
CVE-2014-8102
CVE-2014-8103 |
| 2717a907 |
08-Oct-2013 |
spz <spz@NetBSD.org> |
Fix CVE-2013-4396 using a patch from:
--- snip ---
From a4d9bf1259ad28f54b6d59a480b2009cc89ca623 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Mon, 16 Sep 2013 21:47:16 -0700
Subject: [PATCH] Avoid use-after-free in dix/dixfonts.c: doImageText()
Save a pointer to the passed in closure structure before copying it
and overwriting the *c pointer to point to our copy instead of the
original. If we hit an error, once we free(c), reset c to point to
the original structure before jumping to the cleanup code that
references *c.
Since one of the errors being checked for is whether the server was
able to malloc(c->nChars * itemSize), the client can potentially pass
a number of characters chosen to cause the malloc to fail and the
error path to be taken, resulting in the read from freed memory.
Since the memory is accessed almost immediately afterwards, and the
X server is mostly single threaded, the odds of the free memory having
invalid contents are low with most malloc implementations when not using
memory debugging features, but some allocators will definitely overwrite
the memory there, leading to a likely crash.
Reported-by: Pedro Ribeiro <pedrib@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
--- snip ---
the patch is shifted but otherwise applies. mrg@ to test (thanks) |
| 45bb0b75 |
03-Jun-2013 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.10.6. |
| 475c125c |
03-Jun-2013 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.10.6 |
| 65b04b38 |
02-Aug-2011 |
mrg <mrg@NetBSD.org> |
merge cornflakes with xorg-server 1.10.3 |
| 9ace9065 |
02-Aug-2011 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server 1.10.3. highlights include:
- fixes xorg bugs 29969, 30367, 30527, 30267, 30260, 29046,
30260, 31548, 28672, 24887, 32115, 21457, 32436, 21827,
28414, 24703, 32803, 16318, 33449, 33324, 33929, 35082,
35209, 36146, 36119
- many additional NULL checks
- adjustments related to input ABI 12
- *lots* of dead code removal
- vga arbitrator fixes
- GL fixes
- EDID fixes
- conversion to using asprintf() in many places
- many fixes from valgrind, compiler warnings
see these for more details:
http://lists.freedesktop.org/archives/xorg-announce/2011-February/001612.html
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001646.html
http://lists.freedesktop.org/archives/xorg-announce/2011-May/001675.html
http://lists.freedesktop.org/archives/xorg-announce/2011-July/001710.html |
| 1b684552 |
24-Jul-2011 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.9.5 |
| 8223e2f2 |
24-Jul-2011 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server 1.9.5
fixes for FDO bugs 33929, 32803, 24703, 28414, 24887, 30260, 31093, 29046, 30267
memory leak fixes
EDID and modes fixes for multi-screen
dri2 fixes
randr vs invalid size fixes
fixes for Xext triggers
fix for a black-screen after VT switch back (redhat bug 533217)
fixes for x86emu |
| 4202a189 |
23-Nov-2010 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.9.2. |
| 6747b715 |
23-Nov-2010 |
mrg <mrg@NetBSD.org> |
import xorg-server 1.9.2. important changes since 1.6.5 include:
- built-in symbol visibility, default not export
- fixes for various crashes
- many fixes for XI2, EXA, dix, render, glx, xkb, EDID, randr, Xv,
resource handling, Xext, vfb, xfree86 / vga and composite support.
- fixes several memory leaks
- many many documentation updates
- record extension enabled
- no longer looks for XF86Config files |
| a0d10bb6 |
09-Nov-2009 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.6.5 |
| b1d344b3 |
09-Nov-2009 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.6.5 |
| fd6e873b |
09-Nov-2009 |
mrg <mrg@NetBSD.org> |
handle Xinerama update for now.
XXX: back out when the rest is updated |
| daf23d7f |
21-Sep-2009 |
snj <snj@NetBSD.org> |
By default, use the old X server background and cursor mode (option
"-retro"). Add a "-noretro" option to get the new (black background
and no cursor) behavior.
Addresses part of PR xsrc/41870 |
| f241d193 |
22-Aug-2009 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.6.3. |
| b86d567b |
22-Aug-2009 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.6.3 |
| a1818c9d |
09-Jul-2009 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.6.2 |
| 52397711 |
09-Jul-2009 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.6.2 |
| eb61724e |
12-Jun-2009 |
mrg <mrg@NetBSD.org> |
avoid a bunch of int/ptr warnings. |
| 637ac9ab |
11-Jun-2009 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.6.1.190.
XXX: our Pci.[ch] changes need to be re-looked at, i think. |
| 4642e01f |
11-Jun-2009 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.6.1.901 |
| 03418e9a |
17-Jan-2009 |
ahoka <ahoka@NetBSD.org> |
Revert last change. |
| c8da46d7 |
17-Jan-2009 |
ahoka <ahoka@NetBSD.org> |
Set the default color of the root window to plain black due to
popular demand. It looks much better that way. |
| c4d0b717 |
15-Sep-2008 |
cube <cube@NetBSD.org> |
Use a sane default for xkb rules, "xorg", which is actually provided in the
distribution, unlike "base". |
| 05b261ec |
31-Jul-2008 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.4.2 |