IABSD.fr/xenocara/xserver/Xi
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
b48f2471 | 2025-11-03 09:57:22 | Update to xserver 21.1.20. | |
|
dd403c0a | 2025-06-29 05:21:57 | Update to xserver 21.1.18. The security fixes have already been committed. | |
|
3cfba106 | 2025-03-02 09:09:28 | Update to xserver 21.1.16. The security fixes were committed earlier. This is the rest of the 21.1.16 update. | |
|
04a5e9b4 | 2025-02-25 15:52:12 | Security fixes from X.Org advisory o February 25, 2025: CVE-2025-26594: Use-after-free of the root cursor CVE-2025-26595: Buffer overflow in XkbVModMaskText() CVE-2025-26596: Heap overflow in XkbWriteKeySyms() CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() CVE-2025-26600: Use-after-free in PlayReleasedEvents() CVE-2025-26601: Use-after-free in SyncInitTrigger() | |
|
72350a05 | 2024-04-07 11:42:56 | Update to xserver 21.1.12 The security patches were already commited, sync with the rest of the 21.1.12 relase. | |
|
a56b04ec | 2024-04-03 16:26:45 | Need to use unswapped length to send reply in ProcXIGetSelectedEvents() (CVE-2024-31080) and ProcXiPassiveGrabDevice() (CVE-2024-31081) | |
|
a6312240 | 2024-01-16 12:34:23 | Multiple issues have been found in the X server and Xwayland implementations: 1) CVE-2023-6816 can be triggered by passing an invalid array index to DeviceFocusEvent or ProcXIQueryPointer. 2) CVE-2024-0229 can be triggered if a device has both a button and a key class and zero buttons. 3) CVE-2024-21885 can be triggered if a device with a given ID was removed and a new device with the same ID added both in the same operation. 4) CVE-2024-21886 can be triggered by disabling a master device with disabled slave devices. 5) CVE-2024-0409 can be triggered by enabling SELinux xserver_object_manager and running a client. 6) CVE-2024-0408 can be triggered by enabling SELinux xserver_object_manager and creating a GLX PBuffer. | |
|
f33da8b9 | 2023-12-13 06:34:18 | The previous fix from X.Org was incorrect. This fixes it. Xi: allocate enough XkbActions for our buttons CVE-2023-6377 | |
|
1df28399 | 2023-12-13 06:20:16 | Xi: allocate enough XkbActions for our buttons CVE-2023-6377 | |
|
f9c3f64c | 2023-10-29 16:45:32 | Update to xserver 21.1.9. All the security patches have already been committed. Udated autoconf to 2.71 explains the large build infrastructure diff. | |
|
39b52207 | 2023-10-25 05:16:39 | Fix several input validation errors in the X server CVE-2023-5367 CVE-2023-5380 CVE-2023-5574 | |
|
1322100d | 2023-02-07 06:32:18 | Xi: fix use-after-free in DeepCopyPointerClasses CVE-2023-0494, ZDI-CAN-19596 | |
|
8c4424dd | 2023-01-22 09:21:08 | Add back the meson build system to xserver. Not having those file only create noise when merging upstream releases. | |
|
49a16717 | 2022-12-14 10:29:00 | Fix serveral X server input validation errors that can cause varios issues: * CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes use-after-free * CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty out-of-bounds access * CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free | |
|
68328bb5 | 2022-08-31 11:25:18 | Update xserver to version 21.1.4. The security patches were already committed as part of july 24 errata. This brings a few other bug fixes. Tested by Walter Alejandro Iglesias. | |
|
c82bd5db | 2021-11-17 19:46:39 | Use the InternalEvent event structure in more places in events handlers. This fixes a crash when a DeviceEvent struct converted to InteralEvent was beeing copied as InternalEvent (and thus causing out of bounds reads) in ActivateGrabNoDelivery() | |
|
e086cf5a | 2021-11-11 09:03:02 | Update to xserver 21.1.0 | |
|
e26c45de | 2021-04-13 14:11:12 | Fix XChangeFeedbackControl() request underflow. CVE-2021-3472 / ZDI-CAN-1259 Reported by Jan-Niklas Sohn via Trend Micro. | |
|
56c8d99a | 2020-12-12 09:30:50 | Update X server to version 1.20.10. Tested by jsg@ and naddy@ | |
|
77c86a28 | 2020-08-25 15:41:59 | Fix an integer underflow in XIChangeHierarchy() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
40d42722 | 2020-01-26 13:48:54 | Update to xserver 1.20.7 plus 2 extra fixes from upstream. ok jsg@ | |
|
9a532c54 | 2019-12-12 06:05:17 | Update to X server 1.20.6. Tested by naddy@ | |
|
a77e9959 | 2019-07-27 07:57:06 | Update to xserver 1.20.5. Tested by jsg@ | |
|
1a66cad3 | 2017-12-08 15:01:59 | Update to xserver 1.19.5. Tested by bru@, jsg@ and others | |
|
394a8aee | 2017-10-14 09:32:30 | MFC: Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) | |
|
74d10c41 | 2017-10-14 09:30:50 | MFC: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer [jcristau: originally this patch fixed the same issue as commit 211e05ac85 "Xi: Test exact size of XIBarrierReleasePointer", with the addition of these checks] This addresses CVE-2017-12179 | |
|
792e23cc | 2017-10-14 09:29:01 | MFC: Xi: Test exact size of XIBarrierReleasePointer Otherwise a client can send any value of num_barriers and cause reading or swapping of values on heap behind the receive buffer. | |
|
1862f548 | 2017-07-07 06:22:19 | Merge upstream fixes to the X event swapping code. (CVE-2017-10971 and CVE-2017-10972). | |
|
fd18c20e | 2016-10-11 22:14:30 | regen | |
|
6e1bcfb3 | 2016-08-09 18:59:50 | Update to xserver 1.18.4 tested by krw@ and dcoppa@ ok dcoppa@ | |
|
e927c03e | 2016-05-29 12:02:34 | Update to xserver 1.18.3. Tested by shadchin@ and naddy@. Note that indirect GLX is now disbled by default. | |
|
4c6a4e1e | 2015-11-07 16:48:51 | Update to xserver 1.17.4. tested by naddy@ | |
|
86ea9f12 | 2015-09-16 19:10:19 | Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@ | |
|
797ed933 | 2014-12-09 17:58:52 | Protocol handling issues in X Window System servers One year after Ilja van Sprundel, discovered and reported a large number of issues in the way the X server code base handles requests from X clients, they have been fixed. | |
|
4f58590a | 2014-09-27 17:52:59 | Update to xserver 1.16.1. Tested by naddy@, jsg@ & kettenis@ | |
|
4f333b16 | 2014-07-11 08:13:43 | Update to xorg-server 1.15.2. bug fixes. | |
|
3bbfe7b1 | 2014-05-02 19:27:46 | Update to xserver 1.15.1. Tested by at least ajacoutot@, dcoppa@ & jasper@ | |
|
511a911d | 2013-12-08 10:53:01 | Update to xserver 1.14.4 | |
|
5ae225f3 | 2013-09-28 15:36:30 | Update to xserver 1.14.3 | |
|
577763cd | 2013-08-24 19:44:25 | Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@ | |
|
adec87cf | 2013-06-07 17:28:45 | Update to X server 1.14.1. Tested by many during t2k13. Thanks. | |
 |
5a95941c | 2013-05-19 07:20:38 | Merge the following commit from upstream: Touch: Fix duplicate TouchBegin selection with virtual devices http://cgit.freedesktop.org/xorg/xserver/commit/?id=314776eb369ca2e438907795ae030dd743c281fc This fixes gtk+3 applications crashing with 'BadImplementation' error. ok matthieu@ | |
|
e26a212f | 2012-10-27 14:52:25 | Regen autotools build system with a clean environment. It was previously generated with a config pointing to OpenBSD's libtool which is not ready yet. | |
|
58d9658d | 2012-10-14 08:59:33 | regen | |
|
eb59960f | 2012-08-05 18:14:29 | regen autotools | |
|
fe11647d | 2012-08-05 18:11:37 | Update to xserver 1.12.3. | |
|
e60da745 | 2012-06-10 13:21:05 | Update to xserver 1.12.2. tested by naddy@, krw@, mpi@. | |
|
9576ef22 | 2012-01-31 07:52:35 | Update to xserver 1.11.4. tested by krw@, shadchin@. | |
|
4344ac39 | 2011-12-18 16:08:59 | Bugfix Update to xserver 1.11.3 | |
|
289590f6 | 2011-11-15 00:09:30 | Merge patch from http://patchwork.freedesktop.org/patch/7707/, Xi: allow passive keygrabs on the XIAll(Master)Devices fake deviceslogin. Amongst other things, this fixes a regression that can be seen in media keys handling under gnome-settings-daemon. ok matthieu@ | |
|
61a7d542 | 2011-11-05 13:32:40 | Update to xserver 1.11.2 | |
|
a4d630d0 | 2011-06-29 19:57:45 | regen | |
|
4a238ea6 | 2011-04-02 16:08:38 | Update to xserver 1.9.5. Tested by jasper@, ajacoutot@ and krw@ | |
|
eb61d3c9 | 2011-04-01 21:28:00 | Xi: add XI_Focus{In,Out} to swapped events. | |
|
e03328b4 | 2011-04-01 21:27:04 | Use the array size for checking the validity of request numbers instead of hard-coded constants. Suggested by Julien Cristau. | |
|
a282fbce | 2011-03-28 21:10:15 | WriteReplyToClient() swaps rep contents if client and server endianess differ. Cache rep.length so that it can be used after returning from WriteReplyToClient(). Fixes xinput --list when client and server have different endianess. gtk3-demo now fails a bit further in this case. | |
|
6e1b78e4 | 2011-03-27 19:51:09 | Give XI2 requests a chance if server and client endianess differ. There are more bugs in this code though. | |
|
dd56fb17 | 2010-12-21 20:10:44 | Update to xorg-server 1.9.3. Tested by japser@, landry@ and ajacoutot@ in various configurations. | |
|
42826119 | 2010-12-05 15:36:02 | Upgrade to xorg-server 1.9.2. Tested by ajacoutot@, krw@, shadchin@ and jasper@ on various configurations including multihead with both zaphod and xrandr. | |
|
d57b1a14 | 2010-09-01 13:43:24 | regen (yes lots of files, since util-macros has been updated). | |
|
95d684a0 | 2010-07-27 19:02:24 | Update to xserver 1.8. Tested by many. Ok oga@, todd@. | |
|
88f6f3ea | 2009-09-06 19:44:18 | update to xserver 1.6.4rc1. Tested by many, ok oga@. | |
|
60021fe9 | 2008-11-02 15:26:08 | xserver 1.5.2. tested by ckuethe@, oga@, and others. | |
|
97eda178 | 2008-06-15 00:17:32 | Update to xserver 1.4.2. Tested by landry@, ckuethe@, jsing@ mbalmer@. | |
|
48bc8229 | 2008-05-24 20:39:01 | regen. | |
|
868ab3f2 | 2008-01-17 15:42:19 | Fix from X.Org for CVE-2007-6427 - Xinput extension memory corruption. | |
 |
6189593a | 2008-01-04 14:01:04 | regen | |
|
67952fe2 | 2007-12-13 21:51:47 | Add back files that I removed before import to minimize cvs noise. That was a mistake. sorry. | |
|
b29102d7 | 2007-12-13 21:47:48 | Merge xserver 1.4.0.90. This includes fixes for some of the regressions introduced by xserver 1.4, such as the keyboad caps/num-lock leds updates. Tested by many. | |
|
2fcd9ee6 | 2007-12-13 21:06:02 | xserver 1.4.0.90 | |
|
fa710f40 | 2007-11-24 19:04:00 | merge xserver 1.4, 1st pass | |
|
b14d6de7 | 2007-11-24 17:55:21 | xserver 1.4 | |
|
c7ebbd40 | 2007-05-25 16:20:45 | regen | |
|
fdc55d19 | 2007-04-17 22:06:12 | regen | |
|
6637a9a3 | 2007-03-18 22:29:12 | regen with automake 1.9.6p2 | |
|
9dc39873 | 2007-03-03 11:33:26 | regen | |
|
c3d03022 | 2006-12-16 20:59:13 | - merge xserver 1.1.99.903 - regen generated files | |
|
11e9fb01 | 2006-11-28 20:33:06 | regen | |
|
97bfc260 | 2006-11-26 19:09:56 | regen with OpenBSD autotools | |
|
889b8606 | 2006-11-26 18:13:41 | Importing xserver from X.Org 7.2RC2 |