IABSD.fr/xenocara/xserver/xkb
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
c3768d1e | 2026-06-02 05:31:48 | Merge fixes from upstream for multiple Xserver issues: * Font Alias Stack-based Buffer Overflow * XSYNC Use-After-Free in miSyncDestroyFence() * XKB Key Types Stack-based Buffer Overflow * XKB SetMap Request Stack-based Buffer Overflow * XSYNC Use-After-Free in FreeCounter() * XSYNC Use-After-Free in SyncChangeCounter() * GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write * CreateSaverWindow Use-After-Free Information Disclosure * DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write | |
|
f0e0a48c | 2026-05-08 11:12:08 | Update to xserver 21.1.22. The security fixes were already committed. | |
|
c3a7d62f | 2026-04-14 13:52:41 | Merge fixes from upstream for multiple Xserver issues: * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() | |
|
b48f2471 | 2025-11-03 09:57:22 | Update to xserver 21.1.20. | |
|
de505649 | 2025-10-28 13:16:49 | Merge fixes from upstream for multiple Xserver issues: CVE-2025-62229 present: Fix use-after-free in present_create_notifies() CVE-2025-62230 xkb: Free the XKB resource when freeing XkbInterest CVE-2025-62231 xkb: Prevent overflow in XkbSetCompatMap() | |
|
dd403c0a | 2025-06-29 05:21:57 | Update to xserver 21.1.18. The security fixes have already been committed. | |
|
3cfba106 | 2025-03-02 09:09:28 | Update to xserver 21.1.16. The security fixes were committed earlier. This is the rest of the 21.1.16 update. | |
|
04a5e9b4 | 2025-02-25 15:52:12 | Security fixes from X.Org advisory o February 25, 2025: CVE-2025-26594: Use-after-free of the root cursor CVE-2025-26595: Buffer overflow in XkbVModMaskText() CVE-2025-26596: Heap overflow in XkbWriteKeySyms() CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() CVE-2025-26600: Use-after-free in PlayReleasedEvents() CVE-2025-26601: Use-after-free in SyncInitTrigger() | |
|
81fd4372 | 2024-10-29 17:58:22 | xkb: Fix buffer overflow in _XkbSetCompatMap() The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. CVE-2024-9632 | |
|
f9c3f64c | 2023-10-29 16:45:32 | Update to xserver 21.1.9. All the security patches have already been committed. Udated autoconf to 2.71 explains the large build infrastructure diff. | |
|
737e223e | 2023-05-01 07:41:17 | Merge X server 21.1.8. tested by kn@ and op@. | |
|
6c8ea4fe | 2023-01-22 09:44:41 | Merge xserver 21.1.6. Includes a few fixes to the security patches already committed. | |
|
8c4424dd | 2023-01-22 09:21:08 | Add back the meson build system to xserver. Not having those file only create noise when merging upstream releases. | |
|
49a16717 | 2022-12-14 10:29:00 | Fix serveral X server input validation errors that can cause varios issues: * CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes use-after-free * CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty out-of-bounds access * CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free | |
|
6bd883d1 | 2022-07-12 19:18:14 | MFC: Multiple input validation failures in X server extensions CVE-2022-2319/ZDI-CAN-16062 ProcXkbSetGeometry Out-Of-Bounds Access CVE-2022-2320/ZDI-CAN-16070 ProcXkbSetDeviceInfo Out-Of-Bounds Access | |
|
8a0d473d | 2022-02-20 17:41:34 | Sync with xorg-server 21.1.3. This does *not* include the commit that reverts the new computation of the screen resolution from dimensions returned by the screen since many of you told they prefer the new behaviour from 21.1.1. This is going to be discussed again before 7.1 | |
|
e086cf5a | 2021-11-11 09:03:02 | Update to xserver 21.1.0 | |
|
5bd77e16 | 2021-09-03 13:19:11 | Update to xserver 1.20.13. | |
|
56c8d99a | 2020-12-12 09:30:50 | Update X server to version 1.20.10. Tested by jsg@ and naddy@ | |
|
dbbfd611 | 2020-12-01 15:25:39 | Check SetMap request length carefully. Avoid out of bounds memory accesses on too short requests. ZDI-CAN 11572 / CVE-2020-14360 Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | |
|
dd9addae | 2020-12-01 15:21:28 | Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows ZDI-CAN 11389 / CVE-2020-25712 Fix from Jan-Niklas Sohn working with Trend Micro. | |
|
83d462e2 | 2020-08-25 15:42:52 | Fix integer underflow in XkbSelectEvents() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
02b8f735 | 2020-08-25 15:40:59 | Correct bounds checking in XkbSetNames() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
9a532c54 | 2019-12-12 06:05:17 | Update to X server 1.20.6. Tested by naddy@ | |
|
95df71af | 2019-08-03 16:56:01 | Remove files that are no longer part of upstream tarballs. They accumulated over releases for various reasons. No build change. | |
|
a77e9959 | 2019-07-27 07:57:06 | Update to xserver 1.20.5. Tested by jsg@ | |
|
857585fc | 2018-02-18 17:16:37 | Update to xserver 1.19.6. bug fix release | |
|
1a66cad3 | 2017-12-08 15:01:59 | Update to xserver 1.19.5. Tested by bru@, jsg@ and others | |
|
9b9efb1b | 2017-10-14 09:15:11 | MFC: xkb: Handle xkb formated string output safely (CVE-2017-13723) Generating strings for XKB data used a single shared static buffer, which offered several opportunities for errors. Use a ring of resizable buffers instead, to avoid problems when strings end up longer than anticipated. | |
|
fd77a349 | 2017-10-14 09:12:44 | MFC: xkb: Escape non-printable characters correctly XkbStringText escapes non-printable characters using octal numbers. Such escape sequence would be at most 5 characters long ("\0123"), so it reserves 5 bytes in the buffer. Due to char->unsigned int conversion, it would print much longer string for negative numbers. | |
|
fd18c20e | 2016-10-11 22:14:30 | regen | |
|
6e1bcfb3 | 2016-08-09 18:59:50 | Update to xserver 1.18.4 tested by krw@ and dcoppa@ ok dcoppa@ | |
|
e927c03e | 2016-05-29 12:02:34 | Update to xserver 1.18.3. Tested by shadchin@ and naddy@. Note that indirect GLX is now disbled by default. | |
|
86ea9f12 | 2015-09-16 19:10:19 | Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@ | |
|
5b19f6d7 | 2015-02-11 20:58:46 | Update to xserver 1.16.4. Contains fix for CVE-2015-0255. ok dcoppa@ | |
|
4f58590a | 2014-09-27 17:52:59 | Update to xserver 1.16.1. Tested by naddy@, jsg@ & kettenis@ | |
|
3bbfe7b1 | 2014-05-02 19:27:46 | Update to xserver 1.15.1. Tested by at least ajacoutot@, dcoppa@ & jasper@ | |
|
577763cd | 2013-08-24 19:44:25 | Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@ | |
|
adec87cf | 2013-06-07 17:28:45 | Update to X server 1.14.1. Tested by many during t2k13. Thanks. | |
|
e26a212f | 2012-10-27 14:52:25 | Regen autotools build system with a clean environment. It was previously generated with a config pointing to OpenBSD's libtool which is not ready yet. | |
|
58d9658d | 2012-10-14 08:59:33 | regen | |
|
eb59960f | 2012-08-05 18:14:29 | regen autotools | |
|
fe11647d | 2012-08-05 18:11:37 | Update to xserver 1.12.3. | |
|
e60da745 | 2012-06-10 13:21:05 | Update to xserver 1.12.2. tested by naddy@, krw@, mpi@. | |
|
61a7d542 | 2011-11-05 13:32:40 | Update to xserver 1.11.2 | |
|
a4d630d0 | 2011-06-29 19:57:45 | regen | |
|
dd56fb17 | 2010-12-21 20:10:44 | Update to xorg-server 1.9.3. Tested by japser@, landry@ and ajacoutot@ in various configurations. | |
|
42826119 | 2010-12-05 15:36:02 | Upgrade to xorg-server 1.9.2. Tested by ajacoutot@, krw@, shadchin@ and jasper@ on various configurations including multihead with both zaphod and xrandr. | |
|
d57b1a14 | 2010-09-01 13:43:24 | regen (yes lots of files, since util-macros has been updated). | |
|
95d684a0 | 2010-07-27 19:02:24 | Update to xserver 1.8. Tested by many. Ok oga@, todd@. | |
|
88f6f3ea | 2009-09-06 19:44:18 | update to xserver 1.6.4rc1. Tested by many, ok oga@. | |
|
369cc172 | 2009-01-12 20:17:47 | Update to xserver 1.5.3 + latests commits on server-1.5-branch. tested by stsp@, david@, form@, ckuethe@, oga@. thanks. | |
|
60021fe9 | 2008-11-02 15:26:08 | xserver 1.5.2. tested by ckuethe@, oga@, and others. | |
|
97eda178 | 2008-06-15 00:17:32 | Update to xserver 1.4.2. Tested by landry@, ckuethe@, jsing@ mbalmer@. | |
|
48bc8229 | 2008-05-24 20:39:01 | regen. | |
|
682a69eb | 2008-02-20 21:32:39 | Fix from X.Org repository: xkb: don't update LEDs if they don't exist (which would trigger an NULL pointer dereference). | |
 |
6189593a | 2008-01-04 14:01:04 | regen | |
|
67952fe2 | 2007-12-13 21:51:47 | Add back files that I removed before import to minimize cvs noise. That was a mistake. sorry. | |
|
b29102d7 | 2007-12-13 21:47:48 | Merge xserver 1.4.0.90. This includes fixes for some of the regressions introduced by xserver 1.4, such as the keyboad caps/num-lock leds updates. Tested by many. | |
|
2fcd9ee6 | 2007-12-13 21:06:02 | xserver 1.4.0.90 | |
|
fa710f40 | 2007-11-24 19:04:00 | merge xserver 1.4, 1st pass | |
|
b14d6de7 | 2007-11-24 17:55:21 | xserver 1.4 | |
|
c7ebbd40 | 2007-05-25 16:20:45 | regen | |
|
fdc55d19 | 2007-04-17 22:06:12 | regen | |
|
6637a9a3 | 2007-03-18 22:29:12 | regen with automake 1.9.6p2 | |
|
9dc39873 | 2007-03-03 11:33:26 | regen | |
|
c3d03022 | 2006-12-16 20:59:13 | - merge xserver 1.1.99.903 - regen generated files | |
|
11e9fb01 | 2006-11-28 20:33:06 | regen | |
|
97bfc260 | 2006-11-26 19:09:56 | regen with OpenBSD autotools | |
|
889b8606 | 2006-11-26 18:13:41 | Importing xserver from X.Org 7.2RC2 |