Change logs for xorg-server source package in Xenial

  • xorg-server (2:1.18.4-0ubuntu0.10) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Out-Of-Bounds access in XkbSetNames function
        - debian/patches/CVE-2020-14345.patch: correct bounds checking in
          xkb/xkb.c.
        - CVE-2020-14345
    
     -- Marc Deslauriers <email address hidden>  Fri, 04 Sep 2020 09:35:30 -0400
  • xorg-server (2:1.18.4-0ubuntu0.9) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Integer underflow in the X input extension protocol
        - debian/patches/CVE-2020-14346.patch: properly calculate length in
          Xi/xichangehierarchy.c.
        - CVE-2020-14346
      * SECURITY UPDATE: server memory leak
        - debian/patches/CVE-2020-14347.patch: initialize memory in
          dix/pixmap.c.
        - CVE-2020-14347
      * SECURITY UPDATE: Integer Underflow Privilege Escalation
        - debian/patches/CVE-2020-14361.patch: fix dataLeft calculation in
          xkb/xkbSwap.c.
        - CVE-2020-14361
      * SECURITY UPDATE: Integer Underflow Privilege Escalation
        - debian/patches/CVE-2020-14362.patch: properly calculate lengths in
          record/record.c.
        - CVE-2020-14362
    
     -- Marc Deslauriers <email address hidden>  Mon, 31 Aug 2020 10:20:00 -0400
  • xorg-server (2:1.18.4-0ubuntu0.8) xenial; urgency=medium
    
      * glx-do-not-pick-srgb-config-for-32bit-rgba-visual.diff: Fix a
        regression with newer mesa. (LP: #1780664)
    
     -- Timo Aaltonen <email address hidden>  Sat, 14 Jul 2018 01:28:30 +0300
  • xorg-server (2:1.18.4-0ubuntu0.7) xenial-security; urgency=medium
    
      * SECURITY UPDATE: unvalidated extra length in ProcEstablishConnection
        - debian/patches/CVE-2017-12176.patch: add check to dix/dispatch.c.
        - CVE-2017-12176
      * SECURITY UPDATE: Unvalidated variable-length request in
        ProcDbeGetVisualInfo
        - debian/patches/CVE-2017-12177.patch: add check to dbe/dbe.c.
        - CVE-2017-12177
      * SECURITY UPDATE: wrong extra length check in ProcXIChangeHierarchy
        - debian/patches/CVE-2017-12178.patch: fix length check in
          Xi/xichangehierarchy.c.
        - CVE-2017-12178
      * SECURITY UPDATE: integer overflow and unvalidated length in
        ProcXIBarrierReleasePointer
        - debian/patches/CVE-2017-12179-1.patch: test exact size of
          XIBarrierReleasePointer in Xi/xibarriers.c.
        - debian/patches/CVE-2017-12179-2.patch: add checks to Xi/xibarriers.c.
        - CVE-2017-12179
      * SECURITY UPDATE: various unvalidated lengths
        - debian/patches/CVE-2017-12180-12182.patch: add more checks to
          Xext/vidmode.c, hw/xfree86/common/xf86DGA.c,
          hw/xfree86/dri/xf86dri.c.
        - CVE-2017-12180
        - CVE-2017-12181
        - CVE-2017-12182
      * SECURITY UPDATE: more unvalidated lengths
        - debian/patches/CVE-2017-12183.patch: add checks to xfixes/cursor.c,
          xfixes/region.c, xfixes/saveset.c, xfixes/xfixes.c.
        - CVE-2017-12183
      * SECURITY UPDATE: even more unvalidated lengths
        - debian/patches/CVE-2017-12184-12187.patch: add more checks to
          Xext/panoramiX.c, Xext/saver.c, Xext/xres.c, Xext/xvdisp.c,
          hw/dmx/dmxpict.c, pseudoramiX/pseudoramiX.c, render/render.c.
        - CVE-2017-12184
        - CVE-2017-12185
        - CVE-2017-12186
        - CVE-2017-12187
      * debian/patches/os_big_requests.patch: make sure big requests have
        sufficient length in os/io.c.
      * debian/patches/xkb_escape_fix.patch: escape non-printable characters
        correctly in xkb/xkbtext.c.
    
     -- Marc Deslauriers <email address hidden>  Fri, 13 Oct 2017 08:40:17 -0400
  • xorg-server (2:1.18.4-0ubuntu0.6) xenial-security; urgency=medium
    
      * SECURITY UPDATE: DoS or segment overwrite via shmseg resource id
        - debian/patches/CVE-2017-13721.patch: validate shmseg resource id in
          Xext/shm.c.
        - CVE-2017-13721
      * SECURITY UPDATE: buffer overflow via XKB data
        - debian/patches/CVE-2017-13723.patch: handle xkb formatted string
          output safely in xkb/xkbtext.c.
        - CVE-2017-13723
      * This update does _not_ contain the changes from 2:1.18.4-0ubuntu0.5 in
        xenial-proposed.
    
     -- Marc Deslauriers <email address hidden>  Wed, 11 Oct 2017 13:27:20 -0400
  • xorg-server (2:1.18.4-0ubuntu0.5) xenial; urgency=medium
    
      * Fix shrinking behavior in rrCheckPixmapBounding. (LP: #1715586)
    
     -- Kai-Heng Feng <email address hidden>  Thu, 07 Sep 2017 17:23:55 +0800
  • xorg-server (2:1.18.4-0ubuntu0.4) xenial; urgency=medium
    
      * control: Build against libxfont1-dev. (LP: #1687981, #1707691)
      * disable-rotation-transform-gpuscreens.patch: Dropped, NVIDIA driver
        supports rotation now. (LP: #1706287)
    
     -- Timo Aaltonen <email address hidden>  Mon, 26 Jun 2017 14:53:19 +0300
  • xorg-server (2:1.18.4-0ubuntu0.3) xenial-security; urgency=medium
    
      * SECURITY UPDATE: DoS and possible code execution in endianness
        conversion of X Events
        - debian/patches/CVE-2017-10971-1.patch: do not try to swap
          GenericEvent in Xi/sendexev.c.
        - debian/patches/CVE-2017-10971-2.patch: verify all events in
          ProcXSendExtensionEvent in Xi/sendexev.c.
        - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
          SendEvent request in dix/events.c, dix/swapreq.c.
        - CVE-2017-10971
      * SECURITY UPDATE: information leak in XEvent handling
        - debian/patches/CVE-2017-10972.patch: zero target buffer in
          SProcXSendExtensionEvent in Xi/sendexev.c.
        - CVE-2017-10972
      * SECURITY UPDATE: MIT-MAGIC-COOKIES timing attack
        - debian/patches/CVE-2017-2624.patch: use timingsafe_memcmp() in
          configure.ac, include/dix-config.h.in, include/os.h,
          os/mitauth.c, os/timingsafe_memcmp.c.
        - CVE-2017-2624
    
     -- Marc Deslauriers <email address hidden>  Mon, 17 Jul 2017 09:38:58 -0400
  • xorg-server (2:1.18.4-0ubuntu0.2) xenial; urgency=medium
    
      * modesetting-unifdef-slave-support.diff: Fix modesetting slave output
        names. (LP: #1636397)
    
     -- Timo Aaltonen <email address hidden>  Tue, 01 Nov 2016 10:08:51 +0200
  • xorg-server (2:1.18.4-0ubuntu0.1) xenial; urgency=medium
    
      * New upstream bugfix release. (LP: #1619142)
      * randr-adjust-masters-last-set-time.diff,
        randr-do-not-check-the-screen-size.diff:
        Fix issues changing display mode on prime setups. (LP: #1586260)
      * os-treat-ssh-as-a-non-local-client.diff: Dropped, upstream.
      * drm_device_keep_trying.patch: Dropped, shouldn't be needed anymore,
        and causes issues on non-x86 archs. (LP: #1581076)
      * debian/patches/xmir.patch: backport XMir fixes from Ubuntu "Yakkety Yak"
        - fix button/menu focus failures (lp: #1590553)
        - ignore 'unnkown 11 event' (lp: #1617925)
        - don't call epoxy every frame (lp: #1617932)
        - fix unclickable parts of the screen after rotation (lp: #1613708)
        - fix key repeat issues (lp: #1591356)
    
     -- Timo Aaltonen <email address hidden>  Thu, 01 Sep 2016 10:28:26 +0300
  • xorg-server (2:1.18.3-1ubuntu2.3) xenial; urgency=medium
    
      [ Timo Aaltonen ]
      * control: Add Conflicts/Replaces on xserver-xorg-video-glamoregl.
        (LP: #1574320)
    
      [ Ɓukasz 'sil2100' Zemczak ]
      * debian/control, debian/rules:
        - Build xmir for arm64 (LP: #1604851).
    
     -- Timo Aaltonen <email address hidden>  Thu, 21 Jul 2016 08:27:07 +0300
  • xorg-server (2:1.18.3-1ubuntu2.2) xenial; urgency=medium
    
      * debian/patches/xmir.patch:
        - Fix recently added keymap code
      * debian/patches/xmir-fixes.diff:
        - Merged into xmir.patch
    
    xorg-server (2:1.18.3-1ubuntu2.1) xenial; urgency=medium
    
      * debian/patches/xmir.patch:
        - Pass keymap from Mir to Xkb (LP: #1566487)
    
     -- Robert Ancell <email address hidden>  Wed, 04 May 2016 12:19:14 +1200
  • xorg-server (2:1.18.3-1ubuntu2.1) xenial; urgency=medium
    
      * debian/patches/xmir.patch:
        - Pass keymap from Mir to Xkb (LP: #1566487)
    
     -- Robert Ancell <email address hidden>  Fri, 29 Apr 2016 15:43:38 +0200
  • xorg-server (2:1.18.3-1ubuntu2) xenial; urgency=medium
    
      * Disable 190_cache-xkbcomp_output_for_fast_start_up.patch for now,
        compiling the keymap fails in current xenial for some reason.
        (LP: #1566878)
    
     -- Timo Aaltonen <email address hidden>  Thu, 07 Apr 2016 12:10:12 +0300
  • xorg-server (2:1.18.3-1ubuntu1) xenial; urgency=medium
    
      * Merge from Debian.
      * fix-xineramaqueryscreens-for-reverse-prime.diff,
        glamor-factor-out-glamor-set-color.diff,
        glamor-source-pictures-are-always-depth-32.diff:
        Deleted, upstream.
      * xmir-fixes.diff: Updated for glamor changes.
      * 105_nvidia_autodetect.patch: Modified and renamed since it doesn't
        need to handle fglrx anymore.
    
    xorg-server (2:1.18.3-1) unstable; urgency=medium
    
      * New upstream release.
      * Drop patches included upstream.
    
    xorg-server (2:1.18.2-3) unstable; urgency=medium
    
      * regression fixes part2:
        - replace revert-eb5108b870.diff with patch from upstream
        - make-sure-hw-cursor-is-hidden-when-it-should.diff: Don't show an
          extra cursor in some cases
      * os-treat-ssh-as-a-non-local-client.diff: Allow remote clients to work
        with DRI3.
    
    xorg-server (2:1.18.2-2) unstable; urgency=medium
    
      * regression fixes/workarounds:
        vidmode-reduce-verbosity-of-getmodeline.diff (Closes: #818634)
        glamor-swizzle-red-to-0-for-alpha-textures.diff
        revert-eb5108b870.diff (Closes: #818172)
    
    xorg-server (2:1.18.2-1) unstable; urgency=medium
    
      * New upstream release. (Closes: #814982)
    
     -- Timo Aaltonen <email address hidden>  Sat, 12 Mar 2016 08:59:43 +0200
  • xorg-server (2:1.18.1-1ubuntu4) xenial; urgency=medium
    
      * glamor: Fix font rendering issue. (LP: #1555960)
    
     -- Timo Aaltonen <email address hidden>  Fri, 11 Mar 2016 09:36:40 +0200
  • xorg-server (2:1.18.1-1ubuntu3) xenial; urgency=medium
    
      * Merge xmir changes from 2:1.17.3-2ubuntu4.
      * fix-xineramaqueryscreens-for-reverse-prime.diff: Fix unity-greeter
        crash with nvidia prime.
    
     -- Timo Aaltonen <email address hidden>  Thu, 25 Feb 2016 11:49:23 +0200
  • xorg-server (2:1.17.3-2ubuntu4) xenial; urgency=medium
    
      * debian/patches/xmir.patch:
        - Revert swapinterval 0 change
    
     -- Robert Ancell <email address hidden>  Tue, 16 Feb 2016 09:35:17 -0800
  • xorg-server (2:1.17.3-2ubuntu3) xenial; urgency=medium
    
      * debian/patches/xmir.patch:
        - Add ability to set title for XMir (LP: #1542028)
        - Use swapinterval 0 (LP: #1502738)
        - Add sufficient traversal hacks for Matchbox
    
     -- Robert Ancell <email address hidden>  Mon, 15 Feb 2016 17:32:21 -0800
  • xorg-server (2:1.17.3-2ubuntu2) xenial; urgency=medium
    
      * Disable mir on s390x.
    
     -- Dimitri John Ledkov <email address hidden>  Wed, 25 Nov 2015 16:11:38 +0000
  • xorg-server (2:1.17.3-2ubuntu1) xenial; urgency=medium
    
      [ Robert Ancell ]
      * debian/patches/xmir.patch:
        - Update to latest version
      * debian/patches/xmir-rootless.patch:
        - Merged into xmir.patch
    
      [ Timo Aaltonen ]
      * Merge from Debian. (LP: #1511649)
      * glamor-make-current-in-prepare-paths.diff,
        linux-Do-not-call-FatalError-from-xf86CloseConsole.patch:
        Dropped, upstream.
    
    xorg-server (2:1.17.3-2) unstable; urgency=medium
    
      * Finalize xserver-xorg-core.NEWS.  Thanks, Michael Biebl!
    
    xorg-server (2:1.17.3-1) unstable; urgency=medium
    
      [ Julien Cristau ]
      * New upstream release
        - mi: fix typo in warning about overflowing queue (closes: #726041)
      * Refresh 02_kbsd-input-devd.diff and 03_static-nettle.diff.
      * Replace xorg-wrapper-envp.diff with a cherry-pick from master.
      * New patch xext-fix-udeb-build.diff to fix build regression in 1.17.3.
      * Add NEWS file for xserver-xorg-core with info about the -legacy split
        (closes: #801487).
      * Recommend libpam-systemd (closes:  #802544, #802618, #802327, #802566,
        probably others)
    
      [ Andreas Boll ]
      * Use the correct repository for the Vcs-Git field (Closes: #801340).
        Thanks, Vagrant Cascadian.
      * Document new location for non-root Xorg log in the NEWS file.
    
      [ Samuel Thibault ]
      * Fix xorg-wrapper on hurd (cherry-picked from master).
    
    xorg-server (2:1.17.2-3) unstable; urgency=medium
    
      * Team upload.
      [ Laurent Bigonville ]
      * Move Xorg.wrap.1 man page from the xserver-xorg-core to
        xserver-xorg-legacy package (Closes: #797661)
      * Add a Breaks against systemd (<< 226-4~), before that version logind was
        restarted on upgrade which makes the X server crash (See #798097)
      * Bump Standards-Version to 3.9.6 (no further changes)
    
      [ Andreas Boll ]
      * Update Vcs-* fields.
      * Add upstream url.
    
      [ Julien Cristau ]
      * Only reset environment in the Xorg wrapper if we didn't drop privileges.
    
    xorg-server (2:1.17.2-2) experimental; urgency=medium
    
      [ Laurent Bigonville ]
      * Enable logind support for the main build on Linux.
      * Build and ship the setuid root wrapper from upstream, replacing
        xserver-xorg's.
    
      [ Julien Cristau ]
      * Take over x11-common's handling of the X wrapper; ship the wrapper in a
        new xserver-xorg-legacy package.
      * Patch the wrapper to reset Xorg's environment.  I don't believe it needs
        any variable there, and if that turns out to be wrong we can add a
        whitelist or hardcode some values.
    
    xorg-server (2:1.17.2-1.1) unstable; urgency=medium
    
      * Non-Maintainer Upload.
    
      [ Sven Joachim ]
      * Install the whole usr/share/man/man4 directory into xserver-xorg-core,
        fixes FTBFS on hurd where modesetting.4 does not exist (Closes: #794644).
    
     -- Timo Aaltonen <email address hidden>  Tue, 10 Nov 2015 18:20:55 +0200
  • xorg-server (2:1.17.2-1ubuntu10) xenial; urgency=medium
    
      * debian/patches:
        - linux-Do-not-call-FatalError-from-xf86CloseConsole.patch: Fix crashers
          often occuring on shutdown (LP: #1237904)
        - xmir.patch: Fix typo causing FTBFS
    
     -- Tim Lunn <email address hidden>  Mon, 26 Oct 2015 12:24:30 +1100
  • xorg-server (2:1.17.2-1ubuntu9) wily; urgency=medium
    
      * debian/patches/xmir.patch:
        - Fix FTBFS due to change in Mir headers
    
     -- Robert Ancell <email address hidden>  Wed, 30 Sep 2015 16:15:39 +1300