Log message:
modular-xorg-*: provide patch (making this package equivalent to
xorg-server 1.20.9, couldn't find a tarball).

X.Org security advisory: July 31, 2020

X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================

CVE-2020-14347

Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.

Patch
=====

A patch for this issue has been commited to the xorg server git
repository.  xorg-server 1.20.9 will be released shortly and will
include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
         return NullPixmap;

-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
         return NullPixmap;

Thanks
======

This vulnerability was discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.

Log message:
revbump after updating security/nettle

Log message:
modular-xorg-server: skip portability check hw/xquartz/bundle/mk_bundke.sh

Log message:
modular-xorg-server: Put back --enable-input-thread for SunOS

It's not possible to build without input-thread due to missing symbol
ddxInputThreadInit. input-thread seems to no longer crash the server.

Log message:
modular-xorg-server: fix build on aarch64

Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.

Log message:
modular-xorg-server: update to 1.20.7.

A variety of bugfixes, primarily in modesetting, glamor, and Solaris
support. This release also contains support for choosing the DRI driver
via EGL_MESA_query_driver. Thanks to all who contributed with testing
and fixes!

Aaron Plattner (1):
     modesetting: Check whether RandR was initialized before calling rrGetScrPriv

Alan Coopersmith (5):
     os-support/solaris: Drop ExtendedEnabled global variable
     Add ddxInputThread call from os layer into ddx layer
     Add xf86OSInputThreadInit call from common layer into os-support layer
     os-support/solaris: Set IOPL for input thread too
     ospoll: Fix Solaris ports implementation to build on Solaris 11.4

Kenneth Graunke (2):
     glamor: Add a function to get the driver name via EGL_MESA_query_driver
     modesetting: Use EGL_MESA_query_driver to select DRI driver if possible

Matt Turner (1):
     xserver 1.20.7

Michel Dänzer (5):
     modesetting: Call glamor_finish from drmmode_crtc_set_mode
     xfree86/modes: Call xf86RotateRedisplay from xf86CrtcRotate
     modesetting: Clear new screen pixmap storage on RandR resize
     xwayland: Do flush GPU work in xwl_present_flush
     glamor: Only use dual blending with GLSL >= 1.30

Peter Hutterer (1):
     Xi: return AlreadyGrabbed for key grabs > 255

Log message:
modular-xorg-server: Sync with current NetBSD xsrc

Match the modesetting driver on x86 and ARM NetBSD.

from maya

Bump PKGREVISION