| 2f76b07d |
24-Jun-2025 |
mrg <mrg@NetBSD.org> |
merge xorg-server 21.1.18. |
| 54b5899c |
24-Jun-2025 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.18 |
| f2346221 |
26-Feb-2025 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.16 |
| 875c6e4f |
04-Jul-2024 |
mrg <mrg@NetBSD.org> |
merge xorg-server 21.1.13. |
| eee80088 |
25-Oct-2023 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.9 |
| d36a1693 |
08-Jan-2023 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.6 |
| c82838c1 |
19-Dec-2022 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.5 |
| dc61d50d |
15-Jul-2022 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.4 |
| 5a112b11 |
15-Jul-2022 |
mrg <mrg@NetBSD.org> |
merge xorg-serer 21.1.3. |
| ed6184df |
15-Jul-2022 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-21.1.3 |
| a035e2b2 |
11-Jul-2021 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.12 |
| c8548ba8 |
27-Apr-2021 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.11 |
| 5a7dfde8 |
05-Dec-2020 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.10 |
| 4e185dc0 |
23-Feb-2020 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.20.6. |
| e23ec014 |
03-Mar-2019 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.4 |
| 2f159765 |
10-Jan-2019 |
maya <maya@NetBSD.org> |
Remove duplicate length check (undo diff to upstream) |
| 7e31ba66 |
31-Dec-2018 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.20.3. |
| 1b5d61b8 |
31-Dec-2018 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.20.3 |
| 6e78d31f |
04-Nov-2017 |
mrg <mrg@NetBSD.org> |
apply fixes for CVEs 2017-12176 to 2017-12187.
--
From 1b1d4c04695dced2463404174b50b3581dbd857b Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Sun, 21 Dec 2014 01:10:03 -0500
Subject: hw/xfree86: unvalidated lengths
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
--
From 211e05ac85a294ef361b9f80d689047fa52b9076 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@suse.com>
Date: Fri, 7 Jul 2017 17:21:46 +0200
Subject: Xi: Test exact size of XIBarrierReleasePointer
Otherwise a client can send any value of num_barriers and cause reading or swapping of values on heap behind the receive buffer.
--
From 4ca68b878e851e2136c234f40a25008297d8d831 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Fri, 9 Jan 2015 10:09:14 -0500
Subject: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo
(CVE-2017-12177)
v2: Protect against integer overflow (Alan Coopersmith)
--
From 55caa8b08c84af2b50fbc936cf334a5a93dd7db5 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Fri, 9 Jan 2015 11:43:05 -0500
Subject: xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
--
From 859b08d523307eebde7724fd1a0789c44813e821 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Wed, 24 Dec 2014 16:22:18 -0500
Subject: Xi: fix wrong extra length check in ProcXIChangeHierarchy
(CVE-2017-12178)
--
From 9c23685009aa96f4b861dcc5d2e01dbee00c4dd9 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@suse.com>
Date: Fri, 7 Jul 2017 17:04:03 +0200
Subject: os: Make sure big requests have sufficient length.
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF. Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
--
From b747da5e25be944337a9cd1415506fc06b70aa81 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Fri, 9 Jan 2015 10:15:46 -0500
Subject: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) |
| f7df2e56 |
11-Aug-2016 |
mrg <mrg@NetBSD.org> |
first merge of netbsd changes. not tested yet. |
| 35c4bbdf |
10-Aug-2016 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.18.4 |
| 188eae84 |
25-Jan-2015 |
prlw1 <prlw1@NetBSD.org> |
Remove some redundant function redeclarations, as noted in
http://mail-index.netbsd.org/tech-x11/2015/01/09/msg001452.html
The changes come from upstream in commits:
* xserver:
ecf62755 Define prototypes for hw/xfree86/modes/xf86Modes.c only in xf86Modes.h.
- didn't add xf86SaveModeContents which isn't defined in our version
0bc41d5f Remove redundant redeclarations of functions in the same header file
5595e7ce randr: Remove redundant declaration.
471e5373 Remove duplicate declaration of xf86ValidateModesFlags in xf86Modes.h
9ef53e22 include: GetClientResolutions is declared in font.h
8b6a7500 Fix gcc warnings about redundant declarations of fallback functions
- just took ffs() #ifdef defense, so most not applied
* xf86-video-nv:
49ee1c26 Include xf86Modes.h to use functions from hw/xfree86/modes/xf86Modes.c.
* xf86-video-savage:
2e9217bb Include xf86Modes.h to use functions from hw/xfree86/modes/xf86Modes.c. |
| 90fc26f8 |
22-Dec-2014 |
mrg <mrg@NetBSD.org> |
fixes for CVE CVE-2013-6424:
If t->bottom is close to MIN_INT, removing top can wraparound, so do the check properly. |
| 0b0d8713 |
09-Dec-2014 |
mrg <mrg@NetBSD.org> |
apply fixes for:
X.Org Security Advisory: Dec. 9, 2014
Protocol handling issues in X Window System servers
backported to 1.10.x by myself.
included are fixes for:
denial of service due to unchecked malloc in client authentication
CVE-2014-8091
integer overflows calculating memory needs for requests
CVE-2014-8092
CVE-2014-8093
CVE-2014-8094
out of bounds access due to not validating length or offset values in requests
CVE-2014-8095
CVE-2014-8096
CVE-2014-8097
CVE-2014-8098
CVE-2014-8099
CVE-2014-8100
CVE-2014-8101
CVE-2014-8102
CVE-2014-8103 |
| 475c125c |
03-Jun-2013 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.10.6 |
| 65b04b38 |
02-Aug-2011 |
mrg <mrg@NetBSD.org> |
merge cornflakes with xorg-server 1.10.3 |
| 9ace9065 |
02-Aug-2011 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server 1.10.3. highlights include:
- fixes xorg bugs 29969, 30367, 30527, 30267, 30260, 29046,
30260, 31548, 28672, 24887, 32115, 21457, 32436, 21827,
28414, 24703, 32803, 16318, 33449, 33324, 33929, 35082,
35209, 36146, 36119
- many additional NULL checks
- adjustments related to input ABI 12
- *lots* of dead code removal
- vga arbitrator fixes
- GL fixes
- EDID fixes
- conversion to using asprintf() in many places
- many fixes from valgrind, compiler warnings
see these for more details:
http://lists.freedesktop.org/archives/xorg-announce/2011-February/001612.html
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001646.html
http://lists.freedesktop.org/archives/xorg-announce/2011-May/001675.html
http://lists.freedesktop.org/archives/xorg-announce/2011-July/001710.html |
| 8223e2f2 |
24-Jul-2011 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server 1.9.5
fixes for FDO bugs 33929, 32803, 24703, 28414, 24887, 30260, 31093, 29046, 30267
memory leak fixes
EDID and modes fixes for multi-screen
dri2 fixes
randr vs invalid size fixes
fixes for Xext triggers
fix for a black-screen after VT switch back (redhat bug 533217)
fixes for x86emu |
| 4202a189 |
23-Nov-2010 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.9.2. |
| 6747b715 |
23-Nov-2010 |
mrg <mrg@NetBSD.org> |
import xorg-server 1.9.2. important changes since 1.6.5 include:
- built-in symbol visibility, default not export
- fixes for various crashes
- many fixes for XI2, EXA, dix, render, glx, xkb, EDID, randr, Xv,
resource handling, Xext, vfb, xfree86 / vga and composite support.
- fixes several memory leaks
- many many documentation updates
- record extension enabled
- no longer looks for XF86Config files |
| ad5464f4 |
01-Apr-2010 |
mrg <mrg@NetBSD.org> |
import fdo git change 185185eeb44a277c324be0f58a4b4a469b56b69b, which
i've seen twice in the last two days:
Fix crash when all glyphs of a given depth are freed, but not all glyphsets
This is how the crash can be triggered with only two clients on the system:
Client A: (already running)
Client B: Connect
Client B: CreateGlyphSet(depthN)
Client A: Disconnect
Server: free globalGlyphs(depthN)
Client B: AddGlyphs(depthN)
Server: SEGV
This crash was introduced with the FindGlyphsByHash function
in 516b96387b0e57b524a37a96da22dbeeeb041712. Before that revision,
ResizeGlyphSet was always called before FindGlyphRef, which would
re-create globalGlyphs(depthN) if necessary.
X.Org Bug 20718 <http://bugs.freedesktop.org/show_bug.cgi?id=20718>
XXX: needs netbsd-5 pullup. |
| b1d344b3 |
09-Nov-2009 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.6.5 |
| b86d567b |
22-Aug-2009 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.6.3 |
| 637ac9ab |
11-Jun-2009 |
mrg <mrg@NetBSD.org> |
merge xorg-server 1.6.1.190.
XXX: our Pci.[ch] changes need to be re-looked at, i think. |
| 4642e01f |
11-Jun-2009 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.6.1.901 |
| 05b261ec |
31-Jul-2008 |
mrg <mrg@NetBSD.org> |
initial import of xorg-server-1.4.2 |