IABSD.fr/xenocara/xserver
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
12582828 | 2025-11-11 17:39:11 | Add -lpthread to GLX_SYS_LIBS (fix build with CFLAGS=-O0) | |
|
17008e3f | 2025-11-06 06:28:13 | constify sparcDriverName(), missed in xserver 21.1.20 merge. | |
|
b48f2471 | 2025-11-03 09:57:22 | Update to xserver 21.1.20. | |
|
6c30322d | 2025-11-01 11:03:43 | Remove files removed upstreams some time ago but missed. | |
|
de505649 | 2025-10-28 13:16:49 | Merge fixes from upstream for multiple Xserver issues: CVE-2025-62229 present: Fix use-after-free in present_create_notifies() CVE-2025-62230 xkb: Free the XKB resource when freeing XkbInterest CVE-2025-62231 xkb: Prevent overflow in XkbSetCompatMap() | |
|
dd403c0a | 2025-06-29 05:21:57 | Update to xserver 21.1.18. The security fixes have already been committed. | |
|
4607666e | 2025-06-19 05:16:21 | Check for integer overflow on BigRequest length. Related to CVE-2025-49176. | |
|
e8f2e774 | 2025-06-17 13:10:07 | Merge fixes from upstream for multiple Xserver issues: CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors) CVE-2025-49176: Integer overflow in Big Requests Extension CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode) CVE-2025-49178: Unprocessed client request via bytes to ignore CVE-2025-49179: Integer overflow in X Record extension CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty) | |
|
c466e1c7 | 2025-06-14 12:29:51 | Backport the remaining bits of the modesetting driver in X.org master. Work done by tedu@. | |
|
dd8895c0 | 2025-06-14 12:22:29 | Backport TearFree page flips for the modesetting driver from X.Org maaster. Work done by jcs@ and naddy@. This is the TearFree code alone as of 2023-12-17. | |
|
9cdf3166 | 2025-06-14 12:16:56 | Revert the tearfree commit. It contains a merge error noticed by nadd@ It will be re-done without the merge error. | |
|
b454d6cc | 2025-06-09 18:18:36 | Backport TearFree page flips for the modesetting driver from X.Org maaster. Work done by tedu@ based on previous diffs by jcs@ and stsp@. One bug fix in master by me. tested and ok tb@. commit on behalf of tedu@ | |
|
3cfba106 | 2025-03-02 09:09:28 | Update to xserver 21.1.16. The security fixes were committed earlier. This is the rest of the 21.1.16 update. | |
|
04a5e9b4 | 2025-02-25 15:52:12 | Security fixes from X.Org advisory o February 25, 2025: CVE-2025-26594: Use-after-free of the root cursor CVE-2025-26595: Buffer overflow in XkbVModMaskText() CVE-2025-26596: Heap overflow in XkbWriteKeySyms() CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() CVE-2025-26600: Use-after-free in PlayReleasedEvents() CVE-2025-26601: Use-after-free in SyncInitTrigger() | |
|
443f1bf9 | 2024-12-22 08:26:03 | Update to xserver 21.1.15 | |
|
8886fdf6 | 2024-11-05 08:13:05 | Update to xserver 21.1.14. tested by tb@ The xkb security fix was committed earlier. This is the rest of the 21.1.14 update. | |
 |
2be848d4 | 2024-10-31 11:54:14 | Don't log DDC modelines (after hotplug events/xrandr) or "Using XX ranges from config file" messages. These were printed after hotplug events which could be frequent in some cases (I have machines where this happens every 10 seconds when the monitor is in a dpms power-saving mode resulting in a full /var/log filesystem). EDID vendor/product ID still logged, giving an indication that events are happening, but reduced from ~3.5KB per event to <100 bytes. based on a diff from / ok matthieu@ | |
|
81fd4372 | 2024-10-29 17:58:22 | xkb: Fix buffer overflow in _XkbSetCompatMap() The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. CVE-2024-9632 | |
|
84e81534 | 2024-08-16 07:45:15 | Reduce diff with upstream. | |
|
d80f4a53 | 2024-08-16 07:24:52 | Ansify function declarations. These are all simple () -> (void) cases. | |
|
3cb0af10 | 2024-08-15 19:07:07 | Reduce white space diff with upstream. | |
|
1a4fe3ee | 2024-08-04 08:06:49 | Remove 2 files that were missed on xserver 21.1 update (which removed Xdmx) | |
|
fd4bb1c6 | 2024-08-04 08:02:04 | Replace __OpenBSD__ with X_PRIVSEP in check for priv_open_device() | |
|
22034bbc | 2024-08-04 07:53:57 | Remove white space only diff with upstream | |
|
d7073078 | 2024-04-27 17:37:14 | Update to xserver 21.1.13. | |
|
72350a05 | 2024-04-07 11:42:56 | Update to xserver 21.1.12 The security patches were already commited, sync with the rest of the 21.1.12 relase. | |
|
a9b0c256 | 2024-04-07 06:31:07 | The DMX extension was removed in xserver 21.1. | |
|
300e0e3c | 2024-04-03 16:27:34 | Fix refcounting of glyphs during ProcRenderAddGlyphs() (CVE-2024-31083) | |
|
a56b04ec | 2024-04-03 16:26:45 | Need to use unswapped length to send reply in ProcXIGetSelectedEvents() (CVE-2024-31080) and ProcXiPassiveGrabDevice() (CVE-2024-31081) | |
|
9ad627f7 | 2024-01-28 09:58:04 | Update to xserver 21.1.11. All the security fixes have already been committed. | |
 |
669d3297 | 2024-01-19 17:52:03 | WSDISPLAY_TYPE_RKDRM was renamed to WSDISPLAY_TYPE_KMS | |
|
a6312240 | 2024-01-16 12:34:23 | Multiple issues have been found in the X server and Xwayland implementations: 1) CVE-2023-6816 can be triggered by passing an invalid array index to DeviceFocusEvent or ProcXIQueryPointer. 2) CVE-2024-0229 can be triggered if a device has both a button and a key class and zero buttons. 3) CVE-2024-21885 can be triggered if a device with a given ID was removed and a new device with the same ID added both in the same operation. 4) CVE-2024-21886 can be triggered by disabling a master device with disabled slave devices. 5) CVE-2024-0409 can be triggered by enabling SELinux xserver_object_manager and running a client. 6) CVE-2024-0408 can be triggered by enabling SELinux xserver_object_manager and creating a GLX PBuffer. | |
|
6367cbe2 | 2024-01-07 11:11:57 | Update xserver to 21.1.10. The security fixes have already been committed. | |
|
f33da8b9 | 2023-12-13 06:34:18 | The previous fix from X.Org was incorrect. This fixes it. Xi: allocate enough XkbActions for our buttons CVE-2023-6377 | |
|
679d2a4f | 2023-12-13 06:21:57 | randr: avoid integer truncation in length check of ProcRRChange*Property CVE-2023-6478 | |
|
1df28399 | 2023-12-13 06:20:16 | Xi: allocate enough XkbActions for our buttons CVE-2023-6377 | |
|
f9c3f64c | 2023-10-29 16:45:32 | Update to xserver 21.1.9. All the security patches have already been committed. Udated autoconf to 2.71 explains the large build infrastructure diff. | |
|
39b52207 | 2023-10-25 05:16:39 | Fix several input validation errors in the X server CVE-2023-5367 CVE-2023-5380 CVE-2023-5574 | |
|
d65f6ec6 | 2023-09-20 18:27:00 | Fix out of bounds write in glamor_xv_query_image_attributes for NV12 image format. This is a format with num_planes == 2, so we have only 2 elements in offsets[] and pitches[]. Bug found by otto@ using his strict malloc checking. | |
|
fb763cc6 | 2023-09-08 05:44:27 | Revert previous: unbreak build with clang-16 by fixing up function definitions to match the whole CARD64 vs uint64_t issue needs more thinking. Suggested by kettenis@ | |
 |
09bc3281 | 2023-09-06 11:42:37 | unbreak build with clang-16 by fixing up function definitions to match our uint64_t is an unsinged long long, but CARD64 is defined as unsigned long so the function pointer types in both glamor and xf86-video-amdgpu were mismatched and clang-16 treats that as an error ok matthieu@ | |
 |
a012b5de | 2023-08-12 16:16:25 | Make sure we don't close(-1); buglet introduced in 1.26. ok matthieu@ | |
|
737e223e | 2023-05-01 07:41:17 | Merge X server 21.1.8. tested by kn@ and op@. | |
|
1a68187e | 2023-03-29 12:12:13 | composite: Fix use-after-free of the COW CVE-2023-1393, ZDI-CAN-19866 | |
|
1322100d | 2023-02-07 06:32:18 | Xi: fix use-after-free in DeepCopyPointerClasses CVE-2023-0494, ZDI-CAN-19596 | |
|
6c8ea4fe | 2023-01-22 09:44:41 | Merge xserver 21.1.6. Includes a few fixes to the security patches already committed. | |
|
8c4424dd | 2023-01-22 09:21:08 | Add back the meson build system to xserver. Not having those file only create noise when merging upstream releases. | |
|
49a16717 | 2022-12-14 10:29:00 | Fix serveral X server input validation errors that can cause varios issues: * CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes use-after-free * CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty out-of-bounds access * CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free | |
|
fd3c33be | 2022-11-11 13:56:12 | Don't crash if the client argv or argv[0] is NULL. Report from bauerm at pestilenz dot org. With help from and ok millert@ | |
|
68328bb5 | 2022-08-31 11:25:18 | Update xserver to version 21.1.4. The security patches were already committed as part of july 24 errata. This brings a few other bug fixes. Tested by Walter Alejandro Iglesias. | |
|
6bd883d1 | 2022-07-12 19:18:14 | MFC: Multiple input validation failures in X server extensions CVE-2022-2319/ZDI-CAN-16062 ProcXkbSetGeometry Out-Of-Bounds Access CVE-2022-2320/ZDI-CAN-16070 ProcXkbSetDeviceInfo Out-Of-Bounds Access | |
|
8a0d473d | 2022-02-20 17:41:34 | Sync with xorg-server 21.1.3. This does *not* include the commit that reverts the new computation of the screen resolution from dimensions returned by the screen since many of you told they prefer the new behaviour from 21.1.1. This is going to be discussed again before 7.1 | |
 |
f2d69a35 | 2022-02-03 23:48:52 | remove 0x2972 from the intel gen 2 and 3 list 0x2972 is 946GZ which is gen 4 | |
 |
40f054ff | 2021-12-27 04:58:36 | Recommit: compiler.h: don't define inb/outb and friends on mips From Julien Cristau 0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git without arm_video.c changes. OK matthieu@ | |
|
c9b690e6 | 2021-12-14 13:42:47 | render: Fix out of bounds access in SProcRenderCompositeGlyphs() ZDI-CAN-14192, CVE-2021-4008 | |
|
d016d47a | 2021-12-14 13:42:21 | Xext: Fix out of bounds access in SProcScreenSaverSuspend() ZDI-CAN-14951, CVE-2021-4010 | |
|
e66a5369 | 2021-12-14 13:41:38 | xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() ZDI-CAN-14950, CVE-2021-4009 | |
|
43df8065 | 2021-12-14 13:41:00 | record: Fix out of bounds access in SwapCreateRegister() ZDI-CAN-14952, CVE-2021-4011 | |
|
bf770420 | 2021-12-06 19:41:55 | when xf86CrtcConfigPrivateIndex==-1 XF86_CRTC_CONFIG_PTR() causes an out of bounds read. White-space fix and ok jsg@ | |
|
7910ce0f | 2021-12-06 19:38:32 | Initialize mode->name for modes generated by libxcvt. ok jsg@ on the upstream merge request. | |
|
20ddf00a | 2021-12-03 09:34:04 | don't free uninitialised pointers in glamor Attempting to run fvwm on a x61/965gm with xserver 1.21.1 with the modesetting driver on amd64 would cause the xserver to reliably crash. problem introduced upstream in 2906ee5e4 ("glamor: Fix leak in glamor_build_program()") which was backported to the 1.21 branch. ok matthieu@ | |
|
c82bd5db | 2021-11-17 19:46:39 | Use the InternalEvent event structure in more places in events handlers. This fixes a crash when a DeviceEvent struct converted to InteralEvent was beeing copied as InternalEvent (and thus causing out of bounds reads) in ActivateGrabNoDelivery() | |
|
a406534d | 2021-11-11 09:10:04 | Update to xserver 21.1.1 | |
|
e086cf5a | 2021-11-11 09:03:02 | Update to xserver 21.1.0 | |
 |
9c065891 | 2021-09-06 13:33:11 | missing pathnames on unveil() error | |
|
5bd77e16 | 2021-09-03 13:19:11 | Update to xserver 1.20.13. | |
|
04380bf4 | 2021-08-11 05:44:01 | GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid() This adds the pid of the local clients to LocalLientCred. ok espie@ | |
|
cbb2480f | 2021-06-30 08:50:48 | Close the console fd after probing if it's a wscons, even it fails. This avoids keeping an open file descriptor on machines where /dev/console is not a wsdisplay device. | |
 |
be6f9bdd | 2021-06-15 13:57:42 | Initial attempt to build xserver for riscv64 ok matthieu@ | |
|
e26c45de | 2021-04-13 14:11:12 | Fix XChangeFeedbackControl() request underflow. CVE-2021-3472 / ZDI-CAN-1259 Reported by Jan-Niklas Sohn via Trend Micro. | |
|
d9345257 | 2021-03-13 13:42:26 | compiler.h: don't define inb/outb and friends on mips From Julien Cristau 0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git without arm_video.c changes. Fixes clang 11 build on mips64. Input and OK jsg@ | |
|
a3d4d205 | 2021-03-13 09:43:58 | Avoid sequences of malloc(0) / free() by checking the length. b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git originally from deraadt@ | |
|
589df086 | 2021-02-26 14:10:26 | record: Fix undefined memcpy in RecordAClientStateChange From Adam Jackson f44ac101c523a0439bd1a864850e3c1a4e154549 in xserver git avoids a large number of malloc(0) calls ok deraadt@ who had almost the same diff | |
|
9d1e1e28 | 2021-02-20 05:47:46 | change from /dev/drm to /dev/dri/ in xenocara ok matthieu@ kettenis@ | |
|
93548c7a | 2021-02-12 12:51:53 | don't fatally error if unveil(2) sets ENOENT This occurs when trying to unveil a /dev/dri/ node when the directory does not exist. | |
|
dc62af50 | 2021-02-12 10:40:15 | add /dev/dri/card[0-3] to allowed devices | |
 |
3af997a6 | 2021-01-21 22:46:18 | Safer workaround for the "kame hack": only override sin6_scope_id if zero The assumption is that if sin6_scope_id is set, then the interface index is no longer embedded in the address. ok claudio@ matthieu@ | |
|
1b93d477 | 2021-01-10 19:33:10 | try to handle running out of file descriptors by refusing client connections in case the X server is near the limit and only allow connections again if there are resources freed up this is done by checking the amount of currently used FDs + a reserve and comparing that to the FD limit with help from benno@, millert@, florian@ ok matthieu@, benno@ | |
|
5b5b8e1a | 2021-01-10 09:14:48 | Add a root window property with the console device. | |
|
56c8d99a | 2020-12-12 09:30:50 | Update X server to version 1.20.10. Tested by jsg@ and naddy@ | |
|
dbbfd611 | 2020-12-01 15:25:39 | Check SetMap request length carefully. Avoid out of bounds memory accesses on too short requests. ZDI-CAN 11572 / CVE-2020-14360 Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | |
|
dd9addae | 2020-12-01 15:21:28 | Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows ZDI-CAN 11389 / CVE-2020-25712 Fix from Jan-Niklas Sohn working with Trend Micro. | |
|
851807c7 | 2020-08-28 02:20:19 | build with --disable-dri3 when XENOCARA_BUILD_DRI is "no" fixes build breakage on alpha reported by deraadt@ | |
|
bc29ab78 | 2020-08-25 15:43:26 | Fix integer underflow in XRecordRegisterClients() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
83d462e2 | 2020-08-25 15:42:52 | Fix integer underflow in XkbSelectEvents() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
77c86a28 | 2020-08-25 15:41:59 | Fix an integer underflow in XIChangeHierarchy() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
02b8f735 | 2020-08-25 15:40:59 | Correct bounds checking in XkbSetNames() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
0a2f4bc7 | 2020-07-31 14:00:21 | fix for X Server Pixel Data Uninitialized Memory Information Disclosure CVE-2020-14347 This vulnerability was discovered and reported to X.Org by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
60964e1b | 2020-06-14 16:02:38 | sync white space with upstream. No code change. | |
 |
6b6f9124 | 2020-06-12 14:45:55 | revert local change which removed -retro flag and adjust -br to properly override our default behavior of stippled root. no objection from deraadt and kettenis | |
|
ad9a065c | 2020-04-20 18:17:25 | Release unused filedescriptors in the privileged X server process. There is no reason to keep /dev/pci* and /dev/ttyC* open in this process. pointed to by deraadt. ok kettenis@ deraadt@ | |
|
806accb3 | 2020-04-18 09:41:18 | Remove unused files. | |
|
ac0e12b4 | 2020-04-14 17:29:21 | dix: do not send focus event when grab actually does not change upstream commit 364d64981549544213e2bca8de6ff8a5b2b5a69e Fixes an issue in xserver 1.20 where some applications were loosing focus. Naddy@ reported it appeards in SDL 1.2 games (burgerspace). tested and ok naddy@ | |
|
9064f8ee | 2020-04-13 08:06:58 | Update to xserver 1.20.8. ok jsg@ robert@ | |
|
fb24e5a8 | 2020-03-04 21:07:12 | Use modesetting driver as the default for rkdrm(4). ok patrick@, jsg@ | |
|
40d42722 | 2020-01-26 13:48:54 | Update to xserver 1.20.7 plus 2 extra fixes from upstream. ok jsg@ | |
|
9a532c54 | 2019-12-12 06:05:17 | Update to X server 1.20.6. Tested by naddy@ | |
|
35220e47 | 2019-09-15 12:31:08 | Add modesetting driver as a fall-back when appropriate such that we can use it when running withour root privileges which prevents us from scanning the PCI bus. This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)). ok jsg@, matthieu@ | |
|
5e779230 | 2019-08-24 01:20:16 | sync i965 pci ids with xserver git master ok matthieu@ | |
|
38e2fafc | 2019-08-24 01:15:31 | remove duplicate ids added by patch in xserver 1.20.5 update ok matthieu@ |