"needs updating to separate unshared distfile"
./x11/modular-xorg-xwayland, Server for running X clients under Wayland from modular X.org

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 21.1.4nb1, Package name: modular-xorg-xwayland-21.1.4nb1, Maintainer: nia

XWayland is a fully fledged X server implementation that acts as a proxy
between X11 clients and a Wayland compositor.

It runs as a specialized Wayland client, while optionally using a set of
XWayland specific Wayland protocols for implementing certain functionality.

The Wayland compositor acts both as the Wayland display server XWayland
connects to, as well as the window manager.


Required to run:
[graphics/MesaLib] [fonts/libfontenc] [x11/libdrm] [x11/xkbcomp] [x11/Xfixes] [x11/libXau] [x11/pixman] [x11/xkeyboard-config] [x11/xcb-util-keysyms] [graphics/libepoxy] [x11/libxshmfence] [x11/libXfont2] [devel/wayland-protocols] [devel/wayland]

Required to build:
[pkgtools/x11-links] [x11/xtrans] [x11/xcb-proto] [x11/fixesproto4] [devel/tradcpp] [pkgtools/cwrappers] [x11/xorgproto]

Package options: dri, inet6

Master sites:

Filesize: 4824.391 KB

Version history: (Expand)


CVS history: (Expand)


   2022-08-11 07:09:36 by David H. Gutteridge | Files touched by this commit (999)
Log message:
Bump all dependent packages of wayland (belatedly)

The package changed with the addition of its libepoll-shim dependency.
Otherwise, we can get:
ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
   2022-07-15 22:39:50 by Thomas Klausner | Files touched by this commit (9) | Package updated
Log message:
modular-xorg-server*: update to 21.1.4

modular-xorg-xwayland: mark as BROKEN for now, it has a separate distfile
in the 21.x series.

This release fixes 2 recently reported security vulnerabilities in xkb, several
regressions since 1.20.x and a number of miscellaneous bugs.

Błażej Szczygieł (1):
      present: Check for NULL to prevent crash

Jeremy Huddleston Sequoia (23):
      rootless: Dead code removal (ROOTLESS_REDISPLAY_DELAY is already defined)
      X11Application: Ensure TIS operations are done on the main thread
      os/connection: Improve abstraction for launchd secure sockets
      xquartz: Create a separate category for organizing user preferences
      xquartz pbproxy: Adopt NSUserDefaults+XQuartzDefaults for preferences
      xquartz: Fold spaces related preferences into NSUserDefaults+XQuartzDefaults
      XQuartz: Ensure scroll events are delivered to a single window (not both \ 
X11 and AppKit)
      meson: Bump requirement to meson-0.50.0
      xquartz: Update Sparkle configuration to use SUPublicEDKey
      xquartz: Update copyright for 2022
      meson: Provide options to set CFBundleVersion and CFBundleVersionString in \ 
XQuartz
      Revert "meson: Bump requirement to meson-0.50.0"
      xquartz: Update autotools-based builds of XQuartz to account for recent changes
      print_edid: Fix a format string error
      xf86-input-inputtest: Fix build on systems without SOCK_NONBLOCK
      tests: Fix build failure from missing micmap.c
      meson: Support building Xnest and Xorg on darwin
      XQuartz: Build the bundle trampoline when using meson
      XQuartz: Add TCC reason keys to Info.plist
      xquartz: Use correct defines when building to support Sparkle updates
      xquartz: Fix a possible crash when editing the Application menu due to \ 
mutaing immutable arrays
      XQuartz: Improve type safety for X11Controller's application menu editor
      xquartz: Add missing files to distribution tarball

Olivier Fourdan (1):
      render: Fix build with gcc 12

Peter Hutterer (3):
      xkb: switch to array index loops to moving pointers
      xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck
      xkb: add request length validation for XkbSetGeometry

Povilas Kanapickas (5):
      Revert "os: Try to discover the current seat with the XDG_SEAT var \ 
first"
      dix: Correctly save replayed event into GrabInfoRec
      dix: Don't send touch end to clients that do async grab without touches
      xfree86: Fix event data alignment in inputtest driver
      xserver 21.1.4

Samuel Thibault (1):
      xkb: fix XkbSetMap when changing a keysym without changing a keytype
   2021-12-16 00:35:00 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
modular-xorg-*: update to 1.20.14

Mario Kleiner (2):
      Fix RandR leasing for more than 1 simultaneously active lease.
      modesetting: Allow Present flips with mismatched stride on atomic drivers.

Matt Turner (1):
      xserver 1.20.14

Povilas Kanapickas (4):
      record: Fix out of bounds access in SwapCreateRegister()
      xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
      Xext: Fix out of bounds access in SProcScreenSaverSuspend()
      render: Fix out of bounds access in SProcRenderCompositeGlyphs()
   2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063)
Log message:
revbump for icu and libffi
   2020-08-26 12:29:07 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
modular-xorg-*: reset PKGREVISION after update
   2020-08-19 10:16:22 by Nia Alarie | Files touched by this commit (3)
Log message:
Skip building only-useful-with-Wayland packages on unsupported systems
   2020-07-31 18:50:57 by Maya Rashish | Files touched by this commit (5)
Log message:
modular-xorg-*: provide patch (making this package equivalent to
xorg-server 1.20.9, couldn't find a tarball).

X.Org security advisory: July 31, 2020

X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================

CVE-2020-14347

Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.

Patch
=====

A patch for this issue has been commited to the xorg server git
repository.  xorg-server 1.20.9 will be released shortly and will
include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
         return NullPixmap;

-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
         return NullPixmap;

Thanks
======

This vulnerability was discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.
   2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624)
Log message:
revbump after updating security/nettle