-
xorg-server (2:1.11.4-0ubuntu10.17) precise-security; urgency=medium
* SECURITY UPDATE: information leak and denial of service in
XkbSetGeometry
- debian/patches/CVE-2015-0255.patch: properly check lengths in
xkb/xkb.c.
- CVE-2015-0255
* SECURITY UPDATE: denial of service via invalid trapezoid (LP: #1197921)
- debian/patches/CVE-2013-6424.patch: don't render invalid trapezoids
in exa/exa_render.c, fix underflow in render/picture.h.
- CVE-2013-6424
* debian/patches/CVE-2014-8xxx/0038-CVE-2014-8092-*: fix regression in
previous security update by allowing zero-height PutImage requests in
dix/dispatch.c.
-- Marc Deslauriers <email address hidden> Thu, 12 Feb 2015 08:57:17 -0500
-
xorg-server (2:1.11.4-0ubuntu10.16) precise-security; urgency=medium
* SECURITY UPDATE: Dec 2014 security issues - additional fixes
- debian/patches/CVE-2014-8xxx/003[467]*.patch: add additional fixes
not included in original pre-advisory bundle.
-- Marc Deslauriers <email address hidden> Tue, 09 Dec 2014 17:22:41 -0500
-
xorg-server (2:1.11.4-0ubuntu10.15) precise-security; urgency=medium
* SECURITY UPDATE: Dec 2014 protocol handling security issues
- debian/patches/CVE-2014-8xxx/*.patch: patches from upstream to fix
a multitude of security issues, including a couple of pre-requisite
fixes from git.
- CVE-2014-8091
- CVE-2014-8092
- CVE-2014-8093
- CVE-2014-8094
- CVE-2014-8095
- CVE-2014-8096
- CVE-2014-8097
- CVE-2014-8098
- CVE-2014-8099
- CVE-2014-8100
- CVE-2014-8101
- CVE-2014-8102
-- Marc Deslauriers <email address hidden> Fri, 05 Dec 2014 12:48:25 -0500
-
xorg-server (2:1.11.4-0ubuntu10.14) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
use after free in ImageText request handling.
- debian/patches/CVE-2013-4396.patch: avoid use after free in
dix/dixfonts.c.
- CVE-2013-4396
* SECURITY UPDATE: unsafe use of xkb cache files
- debian/patches/190_cache-xkbcomp_output_for_fast_start_up.patch:
updated to not use xkb cache files in /tmp when running a non-root
server.
- CVE-2013-1056
-- Marc Deslauriers <email address hidden> Wed, 16 Oct 2013 07:31:05 -0400
-
xorg-server (2:1.11.4-0ubuntu10.13) precise-security; urgency=low
* SECURITY UPDATE: input event leak via inactive VT
- debian/patches/CVE-2013-1940.patch: fix flush input to work with
Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
- CVE-2013-1940
-- Marc Deslauriers <email address hidden> Thu, 11 Apr 2013 08:18:09 -0400
-
xorg-server (2:1.11.4-0ubuntu10.12) precise-proposed; urgency=low
* debian/patches/238-xrandr-fix-panning.patch: disable CRTC cursor
confinement when panning is enabled. (LP: #883319)
-- Marc Deslauriers <email address hidden> Tue, 12 Feb 2013 16:45:02 -0500
-
xorg-server (2:1.11.4-0ubuntu10.11) precise-proposed; urgency=low
* Drop 237-dix-set-the-device-transformation-matrix.patch:
Bug was targeted to precise, but is only confirmed to affect xserver
1.13 and newer.
(LP: 1041063)
xorg-server (2:1.11.4-0ubuntu10.10) precise-proposed; urgency=low
* Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
jumping with absolute pointing device. Initializes device
transformation matrix to an identity matrix. Thanks to a7x.
(LP: #1041063)
xorg-server (2:1.11.4-0ubuntu10.9) precise-proposed; urgency=low
[ Maarten Lankhorst ]
* add 233-xf86events-valgrind.patch to fix a xserver corruption
when acpid is stopped before Xorg is. (LP: #1070481)
* add 235-composite-tracking.diff to fix exa corruption. (LP: #1010794)
-- Bryce Harrington <email address hidden> Wed, 19 Dec 2012 16:39:23 -0800
-
xorg-server (2:1.11.4-0ubuntu10.10) precise-proposed; urgency=low
* Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
jumping with absolute pointing device. Initializes device
transformation matrix to an identity matrix. Thanks to a7x.
(LP: #1041063)
xorg-server (2:1.11.4-0ubuntu10.9) precise-proposed; urgency=low
[ Maarten Lankhorst ]
* add 233-xf86events-valgrind.patch to fix a xserver corruption
when acpid is stopped before Xorg is. (LP: #1070481)
* add 235-composite-tracking.diff to fix exa corruption. (LP: #1010794)
-- Bryce Harrington <email address hidden> Fri, 16 Nov 2012 16:04:30 -0800
-
xorg-server (2:1.11.4-0ubuntu10.8) precise-proposed; urgency=low
* Add upstream patches to avoid seg fault in case the user is running with
multiple screens and xrandr is only enabled at one (LP: #1015292):
- 229_randr_first_check_pScrPriv_before_using_the_pointer.patch
- 230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch
-- Ricardo Salveti de Araujo <email address hidden> Thu, 19 Jul 2012 22:57:12 -0300
-
xorg-server (2:1.11.4-0ubuntu10.7) precise-proposed; urgency=low
* Re-enable 516-dix-dont-emulate-scroll-events-for-non-existing-axes.patch
from upstream 1.12.2. Fixes the server from entering in an infinite
loop in certain situations. (LP: #921236)
-- Timo Aaltonen <email address hidden> Thu, 02 Aug 2012 17:14:39 +0300
-
xorg-server (2:1.11.4-0ubuntu10.6) precise-security; urgency=low
* Revert changes from 10.2 and 10.3 (and the unreleased SRU 10.4). 10.2
attempted to fix bug 968845, but this caused the xserver to crash
under rare conditions (1009629). 10.3 attempted to fix that crash,
but resulted in a more commonly seen crash such as when using GIMP.
(LP: #1021517)
* Rename patch 509_log-format-fix.patch to 228_log-format-fix.patch,
to reserve the 5xx numbering for input stack patches.
-- Bryce Harrington <email address hidden> Mon, 16 Jul 2012 10:42:25 -0700
-
xorg-server (2:1.11.4-0ubuntu10.5) precise-security; urgency=low
* SECURITY UPDATE: do not use input device names in logging format
strings (LP: #996250):
- debian/patches/509_log-format-fix.patch: backported upstream changes.
- CVE-2012-2118
-- Steve Beattie <email address hidden> Mon, 09 Jul 2012 15:24:55 -0700
-
xorg-server (2:1.11.4-0ubuntu10.4) precise-proposed; urgency=low
* Add 516-dix-dont-emulate-scroll-events-for-non-existing-axes.patch
from upstream 1.12.2. Fixes the server from entering in an infinite
loop in certain situations. (LP: #921236)
-- Timo Aaltonen <email address hidden> Thu, 05 Jul 2012 23:07:06 +0300
-
xorg-server (2:1.11.4-0ubuntu10.3) precise-proposed; urgency=low
[ Maarten Lankhorst ]
* Add upstream patches for proper device disabling (LP: #1009629)
- 510-dix-return-early-from-DisableDevice-if-the-device-is.patch
- 511-dix-move-freeing-the-sprite-into-a-function.patch
- 512-dix-free-the-sprite-when-disabling-the-device.patch
- 513-dix-disable-non-sprite-owners-first-when-disabling-p.patch
- 514-Xi-drop-forced-unpairing-when-changing-the-hierarchy.patch
- 515-dix-disable-all-devices-before-shutdown.patch
-- Chase Douglas <email address hidden> Wed, 20 Jun 2012 09:12:44 -0700
-
xorg-server (2:1.11.4-0ubuntu10.2) precise-proposed; urgency=low
* Release buttons when device is disabled on suspend (LP: #968845)
- Add temporary patch 508_device_off_release_buttons.patch from upstream
-- Chase Douglas <email address hidden> Sat, 05 May 2012 13:17:34 -0700
-
xorg-server (2:1.11.4-0ubuntu10.1) precise-proposed; urgency=low
[ Bryce Harrington ]
* Enable 227_null_ptr_midispcur.patch to apply
[ Chase Douglas ]
* Update to xserver 1.12.1 for the input stack
* Drop patches merged upstream in 1.12.1:
- 501_touch_accept_end.patch
- 502_indirect_touch_window_set.patch
- 503_fix_mouse_warp.patch
- 504_implement_passive_touch_ungrab.patch
* Fix patch 506_touchscreen_pointer_emulation_checks.patch after upstream
review
* Fix various touchscreen issues (LP: #974887)
- Add temporary patch 506_touchscreen_fixes.patch, which is a combination of
multiple upstream patches
-- Chase Douglas <email address hidden> Thu, 19 Apr 2012 12:34:54 -0700
-
xorg-server (2:1.11.4-0ubuntu10) precise; urgency=low
* Fix touchscreen pointer emulation (LP: #949791)
- Add temporary patch 506_touchscreen_pointer_emulation_checks.patch
-- Chase Douglas <email address hidden> Wed, 04 Apr 2012 16:53:33 -0700
-
xorg-server (2:1.11.4-0ubuntu9) precise; urgency=low
* Report button press when touchscreen touch is active (LP: #972985)
- Add temporary patch 505_query_pointer_touchscreen.patch
- Fixes some compiz/unity touchscreen issues
-- Chase Douglas <email address hidden> Tue, 03 Apr 2012 19:04:01 -0700
-
xorg-server (2:1.11.4-0ubuntu8) precise; urgency=low
[ Chase Douglas ]
* Fix crash at startup due to input option abi break (LP: #931397)
- Revert two commits from upstream 1.12 input stack
[ Bryce Harrington ]
* debian/patches/227_null_ptr_midispcur.patch:
- Check for NULL pointer before dereferencing pointer from
miGetDCDevice. Fixes crash after connecting a bluetooth keyboard.
(LP: #930936)
[ Chase Douglas ]
* Fix mouse warping and clipping (LP: #948938)
- Add temporary patch 503_fix_mouse_warp.patch
* Implement passive touch ungrab (LP: #968726)
- Add temporary patch 503_implement_passive_touch_ungrab.patch
* Bump lintian standards to 3.9.3
-- Chase Douglas <email address hidden> Thu, 29 Mar 2012 18:09:19 -0700
-
xorg-server (2:1.11.4-0ubuntu7) precise; urgency=low
* debian/patches/111_armel-drv-fallbacks.patch:
- Avoid loading the driver to test if it's available. Xorg will later load
and validate the module, and if it's already loaded it'll trigger an
error and invalidate the driver (LP: #959928)
-- Ricardo Salveti de Araujo <email address hidden> Tue, 20 Mar 2012 02:09:18 -0300
-
xorg-server (2:1.11.4-0ubuntu6) precise; urgency=low
* debian/patches/500_pointer_barrier_thresholds.diff:
- Don't try to send events from the context of the SIGIO handler. That
leads to the dark side, or at least to server freezes when trying to
reveal the launcher in Unity (LP: #946954). May also fix other seemingly
random X server crashes.
- Add build-time tests to make check for barrier behaviour. These are
disabled, pending gtest, xorg-gtest, and xserver-xorg-video-dummy MIRs.
-- Christopher James Halse Rogers <email address hidden> Fri, 09 Mar 2012 19:16:02 +1100
-
xorg-server (2:1.11.4-0ubuntu5) precise; urgency=low
* Update to 1.12 input stack
* Drop input patches that have been merged upstream:
- 600-Revert-dix-deduplicate-callers-of-DeliverDeviceEvent.patch
- 601-Store-window-pointer-in-touch-listener-record.patch
- 602-Factor-out-TouchEnd-generation-and-delivery.patch
- 603-Export-TouchEventRejected-as-TouchRejected.patch
- 604-Move-AllowTouch-to-dix-touch.c-and-rename-to-TouchAc.patch
- 605-Check-for-proper-window-ID-when-processing-touch-all.patch
- 606-Implement-early-touch-reject.patch
- 607-Implement-touch-early-accept.patch
- 608-dix-fix-an-out-of-memory-crash.patch
- 609-Xi-handle-new-XIAllowEvents-request-in-inputproto-2..patch
- 610-Fix-scrolling.patch
- 611-Fix-touch-punt-crash.patch
- 612-Fix-vcp-touches-corruption.patch
- 613-Keep-vcp-touch-class.patch
* Fix indirect touch grab handling (LP: #929408)
- Add temporary patch 501_touch_accept_end.patch
- Add temporary patch 502_indirect_touch_window_set.patch
-- Chase Douglas <email address hidden> Wed, 07 Mar 2012 15:36:20 -0800
-
xorg-server (2:1.11.4-0ubuntu4) precise; urgency=low
* debian/patches/500_pointer_barrier_thresholds.diff:
- Make the velocity calculation more robust on screen edges. Fixes reveal
behaviour on nVidia 295.20 driver, which now clamps the pointer to the
visible screen area. (LP: #937792)
-- Christopher James Halse Rogers <email address hidden> Tue, 21 Feb 2012 17:04:41 +1100
-
xorg-server (2:1.11.4-0ubuntu3) precise; urgency=low
* Fix touch class memory corruption
- Add 612-Fix-vcp-touches-corruption.patch
- Add 613-Keep-vcp-touch-class.patch
-- Chase Douglas <email address hidden> Mon, 13 Feb 2012 15:54:04 -0800
-
xorg-server (2:1.11.4-0ubuntu2) precise; urgency=low
* Fix crash when punting a touch to a non-existent owner
- Add 611-Fix-touch-punt-crash.patch
-- Chase Douglas <email address hidden> Mon, 13 Feb 2012 12:10:02 -0800
-
xorg-server (2:1.11.4-0ubuntu1) precise; urgency=low
[ Chase Douglas ]
* Allow for non-root config paths so xorg-gtest can be run without root
- Add 225_non-root_config_paths.patch backported from upstream
[ Alberto Milone]
* debian/patches/226_fall_back_to_autoconfiguration.patch:
- Fall back to autoconfiguration for graphics drivers in some cases
instead of letting X fail when configuration files are available.
[ Chase Douglas ]
* Update to 1.11.99.902 input stack
* Update to 1.11.4 for everything else
* Drop input patches that have been merged upstream:
- 220_dont_scale_indirect.patch
- 221_pointer_motion_update_fix.patch
- 222_touch_valuators_absolute.patch
- 223_indirect_touch_x_y_valuators.patch
* Add reviewed input patches that have not been merged upstream yet:
- 600-Revert-dix-deduplicate-callers-of-DeliverDeviceEvent.patch
- 601-Store-window-pointer-in-touch-listener-record.patch
- 602-Factor-out-TouchEnd-generation-and-delivery.patch
- 603-Export-TouchEventRejected-as-TouchRejected.patch
- 604-Move-AllowTouch-to-dix-touch.c-and-rename-to-TouchAc.patch
- 605-Check-for-proper-window-ID-when-processing-touch-all.patch
- 606-Implement-early-touch-reject.patch
- 607-Implement-touch-early-accept.patch
- 608-dix-fix-an-out-of-memory-crash.patch
- 609-Xi-handle-new-XIAllowEvents-request-in-inputproto-2..patch
- 610-Fix-scrolling.patch (LP: #925785)
* Bump deps on x11proto-input-dev to 2.1.99.6
-- Chase Douglas <email address hidden> Fri, 10 Feb 2012 16:27:25 -0800
-
xorg-server (2:1.11.3-0ubuntu10) precise; urgency=low
* Drop 214_glx_dri_searchdirs.patch, drisearchdirs is no longer
exported in mesa's dri.pc because of multiarch and the only consumer
(dri-alternates) is no longer used.
-- Robert Hooker <email address hidden> Thu, 02 Feb 2012 12:08:55 -0500
-
xorg-server (2:1.11.3-0ubuntu9) precise; urgency=low
* debian/patches/500_pointer_barrier_thresholds.diff:
- Implement proposed XFIXES 6.0 protocol. This protocol is subject to
change, use at own risk!
* debian/control:
- Bump build-dep on x11proto-fixes to pick up new protocol definition
-- Christopher James Halse Rogers <email address hidden> Fri, 27 Jan 2012 20:05:42 +1100
-
xorg-server (2:1.11.3-0ubuntu8) precise; urgency=low
* debian/patches/224_return_BadWindow_not_BadMatch.diff:
- Fix the error values of a whole slew of window-related calls.
Fixes some gnome-settings-daemon aborts in XLib (LP: #903973)
-- Christopher James Halse Rogers <email address hidden> Mon, 23 Jan 2012 16:09:29 +1100
-
xorg-server (2:1.10.4-1ubuntu6) precise; urgency=low
* control: Move input & video virtual package Breaks as Conflicts,
because some of the old drivers were demoted to universe which might
not be available on upgrade. Add Conflicts on -nv and -v4l as well,
since they are gone from the archive. (LP: #902077)
-- Timo Aaltonen <email address hidden> Fri, 09 Dec 2011 12:46:55 +0200
-
xorg-server (2:1.10.4-1ubuntu5) precise; urgency=low
* debian/patches/511_Update_border_clip_in_compAllocPixmap.patch:
patch from upstream to fix window border traces left behind when
switching windows in metacity. LP: #759203.
-- Steve Langasek <email address hidden> Fri, 21 Oct 2011 23:04:54 -0700
-
xorg-server (2:1.10.4-1ubuntu4.1) oneiric-security; urgency=low
* SECURITY UPDATE: file existence disclosure
- debian/patches/508_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
in os/utils.c.
- CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
- debian/patches/509_CVE-2011-4029.patch: use fchmod to prevent race
in os/utils.c.
- CVE-2011-4029
-- Marc Deslauriers <email address hidden> Thu, 13 Oct 2011 10:55:35 -0400
-
xorg-server (2:1.10.4-1ubuntu4) oneiric; urgency=low
* Send touch ownership event for subsequent touch grabs (LP: #861906)
- Added 507_touch_grab_reject_send_ownership.patch
-- Chase Douglas <email address hidden> Wed, 28 Sep 2011 15:57:59 -0700
