./x11/modular-xorg-server, Modular X11 server from modular X.org

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.20.9, Package name: modular-xorg-server-1.20.9, Maintainer: pkgsrc-users

The X.org X11 Server from the modularized source tree of
X.org X11.


Required to run:
[graphics/MesaLib] [fonts/libfontenc] [x11/libdrm] [x11/xkbcomp] [x11/Xfixes] [x11/libXau] [x11/pixman] [x11/xkeyboard-config] [x11/xcb-util-keysyms] [graphics/libepoxy] [x11/libxshmfence] [x11/libXfont2]

Required to build:
[pkgtools/x11-links] [x11/xtrans] [x11/xcb-proto] [x11/fixesproto4] [devel/tradcpp] [pkgtools/cwrappers] [x11/xorgproto]

Package options: dri, inet6

Master sites:

SHA1: 4b70ac63fa864f0569712d634a61496d015c3b86
RMD160: 33a2370d1d9ce68774d0ac6fa803f2a4ce19b698
Filesize: 6155.178 KB

Version history: (Expand)


CVS history: (Expand)


   2020-09-28 03:08:15 by Pierre Pronchery | Files touched by this commit (3)
Log message:
modular-xorg-xephyr: fix Xephyr visual with -parent option

This patch was imported from
https://gitlab.freedesktop.org/xorg/xse … ssues/128.

It notably fixes embedding Xephyr into Gtk+ 3 applications, such as
simulator(1) from devel/deforaos-coder.

Tested on netbsd-9/amd64.
   2020-08-26 12:28:39 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
modular-xorg-server: update to 1.20.9.

Aaron Ma (1):
      xfree86: add drm modes on non-GTF panels

Adam Jackson (2):
      linux: Make platform device probe less fragile
      linux: Fix platform device PCI detection for complex bus topologies

Alan Coopersmith (2):
      Update URL's in man pages
      doc: Update URLs in Xserver-DTrace.xml

Alex Goins (1):
      randr: Check rrPrivKey in RRHasScanoutPixmap()

Hans de Goede (1):
      modesetting: Disable pageflipping when using a swcursor

Huacai Chen (1):
      linux: Fix platform device probe for DT-based PCI

Jose Maria Casanova Crespo (1):
      modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation

Lyude Paul (1):
      xwayland: Store xwl_tablet_pad in its own private key

Martin Weber (1):
      hw/xfree86: Avoid cursor use after free

Matt Turner (1):
      xserver 1.20.9

Matthieu Herrb (5):
      fix for ZDI-11426
      Correct bounds checking in XkbSetNames()
      Fix XIChangeHierarchy() integer underflow
      Fix XkbSelectEvents() integer underflow
      Fix XRecordRegisterClients() Integer underflow

Michel Dänzer (7):
      present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip
      present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip
      xwayland: Always use xwl_present_free_event for freeing Present events
      xwayland: Free all remaining events in xwl_present_cleanup
      xwayland: Hold a pixmap reference in struct xwl_present_event
      xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip
      xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp

Olivier Fourdan (4):
      xwayland: Fix infinite loop at startup
      xwayland: Clear private on device removal
      xwayland: Disable the MIT-SCREEN-SAVER extension when rootless
      xwayland: Use a fixed DPI value for core protocol

Roman Gilg (1):
      present: Check valid region in window mode flips

Samuel Thibault (1):
      dix: do not send focus event when grab actually does not change

Simon Ser (2):
      xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only
      xwayland: only use linux-dmabuf if format/modifier was advertised

SimonP (1):
      xwayland: Initialise values in xwlVidModeGetGamma()

Sjoerd Simons (1):
      xwayland: Fix crashes when there is no pointer
   2020-07-31 18:50:57 by Maya Rashish | Files touched by this commit (5)
Log message:
modular-xorg-*: provide patch (making this package equivalent to
xorg-server 1.20.9, couldn't find a tarball).

X.Org security advisory: July 31, 2020

X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================

CVE-2020-14347

Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.

Patch
=====

A patch for this issue has been commited to the xorg server git
repository.  xorg-server 1.20.9 will be released shortly and will
include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
         return NullPixmap;

-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
         return NullPixmap;

Thanks
======

This vulnerability was discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.
   2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624)
Log message:
revbump after updating security/nettle
   2020-03-13 12:16:59 by Tobias Nygren | Files touched by this commit (1)
Log message:
modular-xorg-server: skip portability check hw/xquartz/bundle/mk_bundke.sh
   2020-03-08 17:12:31 by Tobias Nygren | Files touched by this commit (1)
Log message:
modular-xorg-server: Put back --enable-input-thread for SunOS

It's not possible to build without input-thread due to missing symbol
ddxInputThreadInit. input-thread seems to no longer crash the server.
   2020-02-05 21:18:27 by Tobias Nygren | Files touched by this commit (2)
Log message:
modular-xorg-server: fix build on aarch64
   2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046)
Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.