-
xorg-server (1:1.0.2-0ubuntu10.13) dapper-security; urgency=low
* Fix multiple security issues:
+ CVE-2008-2360 - RENDER Extension heap buffer overflow
+ CVE-2008-2361 - RENDER Extension crash
+ CVE-2008-2362 - RENDER Extension memory corruption
+ CVE-2008-1379 - MIT-SHM arbitrary memory read
+ CVE-2008-1377 - RECORD and Security extensions memory corruption
-- Bryce Harrington <email address hidden> Wed, 11 Jun 2008 12:19:38 -0700
-
xorg-server (1:1.0.2-0ubuntu10.12) dapper-proposed; urgency=low
* Fix the previous patch to use sig_t instead of sighandler_t. Thanks to
Andrew Pollock! (LP: #113679)
-- Timo Aaltonen <email address hidden> Mon, 26 May 2008 15:03:43 +0300
-
xorg-server (1:1.0.2-0ubuntu10.11) dapper-proposed; urgency=low
* xkb-and-loathing.dpatch:
Ignore SIGALRM around calls to Popen()/Pclose() to fix a hang
when opening menus in OpenOffice.org. (LP: #113679)
-- Timo Aaltonen <email address hidden> Thu, 24 Apr 2008 14:49:30 +0300
-
xorg-server (1:1.0.2-0ubuntu10.10) dapper-security; urgency=low
* SECURITY UPDATE: multiple memory corruption flaws.
* Re-applied security patches from 1:1.0.2-0ubuntu10.8.
* Updated fix_CVE-2007-6429.dpatch: upstream fixes for bbp < 8
crash regressions.
* References
http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=e9fa7c1c88a8130a48f772c92b186b8b777986b5
-- Kees Cook <email address hidden> Fri, 18 Jan 2008 11:59:21 -0800
-
xorg-server (1:1.0.2-0ubuntu10.9) dapper-security; urgency=low
* Revert previous security update since it causes severe regressions.
(LP: #183969)
-- Timo Aaltonen <email address hidden> Fri, 18 Jan 2008 17:42:01 +0200
-
xorg-server (1:1.0.2-0ubuntu10.8) dapper-security; urgency=low
* SECURITY UPDATE: multiple memory corruption flaws.
* Added fix_CVE-2007-5958.dpatch: upstream fix from Matthieu Herrb.
* Added fix_CVE-2007-5760.dpatch: backported upstream fixes
(bbde5b62a137ba726a747b838d81e92d72c1b42b) for XFree86 Misc extension out
of bounds array index.
* Added fix_CVE-2007-6427.dpatch: backported upstream fixes
(dd5e0f5cd5f3a87fee86d99c073ffa7cf89b0a27) for Xinput extension memory
corruption.
* Added fix_CVE-2007-6428.dpatch: backported upstream fixes
(7dc1717ff0f96b99271a912b8948dfce5164d5ad) for TOG-cup extension memory
corruption.
* Added fix_CVE-2007-6429.dpatch: backported upstream fixes
(6de61f82728df22ea01f9659df6581b87f33f11d) for MIT-SHM and EVI extensions
integer overflows.
* Added fix_CVE-2008-0006.dpatch: backported upstream fixes
(8e133d96740d010a4fd969a8188e6e71fb2cafe2) for PCF Font parser buffer
overflow.
-- Kees Cook <email address hidden> Thu, 17 Jan 2008 11:26:41 -0800
-
xorg-server (1:1.0.2-0ubuntu10.7) dapper-security; urgency=low
* SECURITY UPDATE: local root code execution via heap buffer overflow in
Composite extension.
* Add debian/patches/995_composite_copy_overflow.dpatch: upstream fixes.
* References
CVE-2007-4730
-- Kees Cook <email address hidden> Tue, 18 Sep 2007 11:22:56 -0700
-
xorg-server (1:1.0.2-0ubuntu10.6) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution with root privileges via
integer overflows in MISC-XC.
* Add debian/patches/994_misc_xc_overflows.dpatch: upstream fixes.
* References
CVE-2007-1003
-- Kees Cook <email address hidden> Thu, 29 Mar 2007 18:18:37 -0700
-
xorg-server (1:1.0.2-0ubuntu10.5) dapper-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution with root privileges via heap
overflows in DBE and Render extensions.
* Add 'debian/patches/993_ubuntu_dbe-render_overflows.dpatch' from upstream
* References
CVE-2006-6101 CVE-2006-6102 CVE-2006-6103
-- Kees Cook <email address hidden> Mon, 8 Jan 2007 12:32:04 -0800
-
xorg-server (1:1.0.2-0ubuntu10.4) dapper-updates; urgency=low
* Reverted patch 005_pci_domain.dpatch -> breaks PCI setup for many users.
This patch will need further work before it is reintegrated into
xorg-server again.
-- Rodrigo Parra Novo <email address hidden> Tue, 22 Aug 2006 11:27:58 +0200
-
xorg-server (1:1.0.2-0ubuntu10.3) dapper-updates; urgency=low
* Added 992_linux_bios_bug_6751.dpatch (Closes Malone #36461)
-- Rodrigo Parra Novo <email address hidden> Fri, 11 Aug 2006 14:00:07 -0300
-
xorg-server (1:1.0.2-0ubuntu10.2) dapper-updates; urgency=low
* Added 004_xf86dri_byte_swapped_clients.dpatch (Closes Malone #27459)
* Added 005_pci_domain.dpatch (Closes Malone #54880)
-- Rodrigo Parra Novo <email address hidden> Thu, 10 Aug 2006 16:31:53 -0300
-
xorg-server (1:1.0.2-0ubuntu10.1) dapper-updates; urgency=low
* Do actually ship xdmx-tools instead of an empty package.
* Apply setuid fix:
- Add patch 003_fix_setuid_handling.dpatch.
-- Fabio M. Di Nitto <email address hidden> Mon, 10 Jul 2006 12:26:29 +0200
-
xorg-server (1:1.0.2-0ubuntu10) dapper; urgency=low
* Backport a fix for Intel bridge handling:
debian/patches/002_fix_for_certain_intel_chipsets.patch
(Closes Ubuntu: #29880)
-- Paul Sladen <email address hidden> Sun, 14 May 2006 19:01:32 +0100
-
xorg-server (1:1.0.2-0ubuntu9) dapper; urgency=low
* Add 1680x1050 60 and 85Hz Modelines. Thanks to Bart Verwilst for the data.
(Closes Ubuntu: #6096)
-- Fabio M. Di Nitto <email address hidden> Fri, 05 May 2006 12:38:22 +0200
-
xorg-server (1:1.0.2-0ubuntu8) dapper; urgency=low
* Fix "XCB rendertest crashes server":
- Add patch 001-CVE-2006-1526.patch.dpatch.
(CVE-2006-1526)
-- Fabio M. Di Nitto <email address hidden> Wed, 03 May 2006 09:01:09 +0200
-
xorg-server (1:1.0.2-0ubuntu7) dapper; urgency=low
* Ship again xorg.conf(5)
(Closes Ubuntu: #33703)
-- Fabio M. Di Nitto <email address hidden> Mon, 01 May 2006 13:37:40 +0200
-
xorg-server (1:1.0.2-0ubuntu6) dapper; urgency=low
* Fix severe internal memory corruption:
- Add patch: 000-fix-read-kernel-mapping.patch.dpatch.
(freedesktop bugzilla: #6472)
-- Fabio M. Di Nitto <email address hidden> Fri, 21 Apr 2006 08:07:33 +0200
-
xorg-server (1:1.0.2-0ubuntu5) dapper; urgency=low
* Fix CPU load when using -sharevts:
- Add patch: 991_sharevts-load-cpu.patch
(Thanks for the initial patch to Michael Witrant)
(Closes Ubuntu: #33611)
-- Fabio M. Di Nitto <email address hidden> Mon, 10 Apr 2006 13:30:26 +0200
-
xorg-server (1:1.0.2-0ubuntu4) dapper; urgency=low
* Fix SecurityPolicy path to /etc/X11/xserver/SecurityPolicy
and ship an example. NOTE: this file is NOT installed by default,
the WARNING you see in Xorg.0.log is an harmless WARNING.
Add patch: 990_ubuntu_fix_security_policy_path.patch.
(Close Ubuntu: #31608)
* Readd manpages to the different packages.
* Ship again ioport, gtf, pcitweak and scanpci.
(Closes Ubuntu: #37720)
-- Fabio M. Di Nitto <email address hidden> Tue, 04 Apr 2006 16:33:00 +0200
-
xorg-server (1:1.0.2-0ubuntu3) dapper; urgency=low
* What about shipping xorg-server.m4 to make developer life easier?
-- Fabio M. Di Nitto <email address hidden> Thu, 23 Mar 2006 10:32:55 +0100
-
xorg-server (1:1.0.2-0ubuntu2) dapper; urgency=low
* xserver-xorg-dev Depends: x11proto-randr-dev.
(Closes Ubuntu: #35594)
-- Fabio M. Di Nitto <email address hidden> Wed, 22 Mar 2006 08:09:46 +0100
-
xorg-server (1:1.0.2-0ubuntu1) dapper; urgency=low
* New upstream release:
- Drop patches:
+ CVE-2006-0745
+ add-missing-sparc-include
+ fix-backtrace
+ fix-crash-on-null-addr
* UVF execption granted by mdz.
-- Fabio M. Di Nitto <email address hidden> Tue, 21 Mar 2006 05:39:01 +0100
-
xorg-server (1:1.0.1-0ubuntu8) dapper; urgency=low
* [SECURITY] Fix CVE-2006-0745.
-- Fabio M. Di Nitto <email address hidden> Tue, 21 Mar 2006 05:33:50 +0100
-
xorg-server (1:1.0.1-0ubuntu7) dapper; urgency=low
* debian/control:
- xvfb Depends on xfonts-base too, fix pointed by fabbione
-- Sebastien Bacher <email address hidden> Fri, 3 Mar 2006 22:21:56 +0100
-
xorg-server (1:1.0.1-0ubuntu6) dapper; urgency=low
* debian/control:
- xvfb Depends on xauth instead of Recommends it
-- Sebastien Bacher <email address hidden> Fri, 17 Feb 2006 16:39:49 +0100
-
xorg-server (1:1.0.1-0ubuntu5) dapper; urgency=low
* Add missing include on sparc. Fix FTBFS.
-- Fabio M. Di Nitto <email address hidden> Wed, 01 Feb 2006 13:45:41 +0100
-
xorg-server (1:1.0.1-0ubuntu4) dapper; urgency=low
* Backport from upstream HEAD at Daniel's request:
- Add forgotten HAVE_BACKTRACE define, so that we actually get
backtraces when Xorg segfaults.
-- Colin Watson <email address hidden> Fri, 27 Jan 2006 13:47:56 +0000
-
xorg-server (1:1.0.1-0ubuntu3) dapper; urgency=low
* Depend on x11-common rather than xorg-common and xserver-common
-- Tollef Fog Heen <email address hidden> Wed, 18 Jan 2006 17:13:12 +0100
-
xorg-server (1:1.0.1-0ubuntu1) dapper; urgency=low
* New upstream release.
-- Daniel Stone <email address hidden> Fri, 6 Jan 2006 08:00:52 +1100
-
xorg-server (1:1.0.0-0ubuntu1) dapper; urgency=low
* New upstream release.
+ fbCompositeGeneral is now around 97.3% less stuffed (closes:
Ubuntu#20286).
+ 'Fix' mouse issues in the DIX by adding XFree86Server defines (sigh;
closes: Ubuntu#20200).
+ Fix Emulate3Buttons mouse posting (closes: Ubuntu#11308).
* Bump Build-Depends on libxt-dev (appdefaultdir), libdrm-dev (libdrm2), and
mesa-swrast-source (new files).
* Add --with-fontdir and scotch --with-default-font-path to fix font paths
for non-Xorg servers (closes: Ubuntu#20157).
* Fix path to SecurityPolicy and RGB_DB.
* Move update-linux-hardened-support call to xserver-xorg-core postinst
(from xserver-xorg postinst).
* Add patch to os/access.c so we don't crash on a null-addressed interface
(closes: Ubuntu#20414).
-- Daniel Stone <email address hidden> Tue, 13 Dec 2005 07:27:13 +1100
-
xorg-server (1:0.99.3-0ubuntu6) dapper; urgency=low
* Fix xserver-xorg-dev Depends field to only depend on the headers this
this package actually uses.
* Re-add xvfb-run to xfvb (closes: Ubuntu#20157).
-- Daniel Stone <email address hidden> Mon, 5 Dec 2005 15:04:14 +1100
