Next | Query returned 27 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2024-10-29 21:50:53 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
modular-xorg-{server,xephyr}: update to 21.1.14

Security bugfix release.
   2024-05-06 10:40:34 by Jonathan Perkin | Files touched by this commit (113)
Log message:
*: Revision bumps for ncurses 6.5 overhaul.
   2023-12-13 08:45:07 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
modular-xorg-{server,xephyr}: update to 21.1.10

This release contains fixes for CVE-2023-6377 and CVE-2023-6478 as
reported in today's security advisory:
https://lists.x.org/archives/xorg-announce/2023-December/003435.html

Peter Hutterer (3):
      randr: avoid integer truncation in length check of ProcRRChange*Property
      Xi: allocate enough XkbActions for our buttons
      xserver 21.1.10

nerdopolis (1):
      xephyr: Don't check for SeatId anymore
   2023-11-12 14:24:43 by Thomas Klausner | Files touched by this commit (2570)
Log message:
*: revebump for new brotli option for freetype2

Addresses PR 57693
   2023-01-29 22:18:34 by Ryo ONODERA | Files touched by this commit (2527)
Log message:
*: Recursive revbup from graphics/freetype2
   2020-12-01 22:03:16 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
modular-xorg-server and friends: update to 1.20.10

Alex Goins (1):
      glamor: Update pixmap's devKind when making it exportable

Arthur Williams (1):
      include: Increase the number of max. input devices to 256.

Bernhard Übelacker (1):
      os: Fix instruction pointer written in xorg_backtrace

Greg V (1):
      xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one

Kishore Kadiyala (1):
      modesetting: keep going if a modeset fails on EnterVT

Martin Peres (1):
      modesetting: check the kms state on EnterVT

Matt Turner (1):
      xserver 1.20.10

Matthieu Herrb (2):
      Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows
      Check SetMap request length carefully.

Michel Dänzer (10):
      glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling
      xfree86: Take second reference for SavedCursor in xf86CursorSetCursor
      present/wnmd: Can't use page flipping for windows clipped by children
      xwayland: Check window pixmap in xwl_present_check_flip2
      present/wnmd: Remove dead check from present_wnmd_check_flip
      present: Move flip target_msc adjustment out of present_vblank_create
      present: Add present_vblank::exec_msc field
      present/wnmd: Move up present_wnmd_queue_vblank
      present/wnmd: Execute copies at target_msc-1 already
      present/wnmd: Translate update region to screen space

Olivier Fourdan (8):
      Revert "linux: Fix platform device probe for DT-based PCI"
      Revert "linux: Fix platform device PCI detection for complex bus \ 
topologies"
      Revert "linux: Make platform device probe less fragile"
      xwayland: Do not discard frame callbacks on allow commits
      xwayland: Remove pending stream reference when freeing
      xwayland: non-rootless requires the wl_shell protocol
      xwayland: Create an xwl_window for toplevel only
      configure: Build hashtable for Xres and glvnd
   2020-09-28 03:08:15 by Pierre Pronchery | Files touched by this commit (3)
Log message:
modular-xorg-xephyr: fix Xephyr visual with -parent option

This patch was imported from
https://gitlab.freedesktop.org/xorg/xserver/-/issues/128.

It notably fixes embedding Xephyr into Gtk+ 3 applications, such as
simulator(1) from devel/deforaos-coder.

Tested on netbsd-9/amd64.
   2020-08-26 12:29:07 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
modular-xorg-*: reset PKGREVISION after update
   2020-07-31 18:50:57 by Maya Rashish | Files touched by this commit (5)
Log message:
modular-xorg-*: provide patch (making this package equivalent to
xorg-server 1.20.9, couldn't find a tarball).

X.Org security advisory: July 31, 2020

X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================

CVE-2020-14347

Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.

Patch
=====

A patch for this issue has been commited to the xorg server git
repository.  xorg-server 1.20.9 will be released shortly and will
include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
         return NullPixmap;

-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
         return NullPixmap;

Thanks
======

This vulnerability was discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.
   2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624)
Log message:
revbump after updating security/nettle

Next | Query returned 27 messages, browsing 1 to 10 | Previous