summaryrefslogtreecommitdiff
path: root/lib/libX11
AgeCommit message (Collapse)Author
2024-08-04Update to libX11 1.8.10. tested by and ok rsadowski@Matthieu Herrb
2024-07-11Update to libX11 1.8.9 part 6/6: enable threads by defaultMatthieu Herrb
& build system refresh. Minor library version bump
2006-11-25import from X.Org 7.2RC2Matthieu Herrb
2024-07-10Update to libX11 1.8.9 part 5: various bug fixesMatthieu Herrb
2024-07-10Update to libX11 1.8.9 part 4: input methods and NLS fixesMatthieu Herrb
2024-07-10Update to libX11 1.8.9 part 3: unifdef legacy systemsMatthieu Herrb
2024-07-10Update to libX11 1.8.9 part 2: Copyright notices updatesMatthieu Herrb
2024-07-10Update to libX11 1.8.9 part 1 : documentation updatesMatthieu Herrb
2023-10-03Fix several input validation errors in libX11 and libXpm.Alexander Bluhm
CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789
2023-06-15Fixes CVE-2023-3138: X servers could return values from XQueryExtensionMatthieu Herrb
that would cause Xlib to write entries out-of-bounds of the arrays to store them, though this would only overwrite other parts of the Display struct, not outside the bounds allocated for that structure.
2022-09-03Document the XIfEvent(3) and friends callbacks are not allowedMatthieu Herrb
to call function that can take the Display lock.
2022-09-03Disable the constructor that calls XInitThreads() at load time.Matthieu Herrb
It triggers bugs in some applications. In particular x11/fvwm{2,3} in ports for which the fix is not straitforward. Tested by Walter Alejandro Iglesias.
2022-07-23Update to libX11 1.8.1Matthieu Herrb
2022-04-25Update to libX11 1.7.5. No API / ABI changes. ok tb@Matthieu Herrb
2022-02-21Update to libX11 1.7.3.1. ok jsg@ who noticed this requires a major bump.Matthieu Herrb
2021-08-30Upate to libX11 1.7.2Matthieu Herrb
2021-05-22Check strlen(spec) only once at the beginning of XLookupColor().Alexander Bluhm
Also remove a superfluous include. This synchronises -current with upstream and the code we shipped in the errata. OK matthieu@
2021-05-18Reject string longer than USHRT_MAX before sending them on the wireMatthieu Herrb
The X protocol uses CARD16 values to represent the length so this would overflow. CVE-2021-31535
2020-11-28Update to libX11 1.7.0. Tested by gkoehler@ and jsg@Matthieu Herrb
2020-08-25Fix an integer overflow in init_om() that could lead to a double free.Matthieu Herrb
Reported by Jayden Rivers.
2020-08-20Fix a bug where some input clients can't connect to the input server.Matthieu Herrb
FreeBSD bugzilla reference: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248549
2020-08-06Merge from upstream X.Org : Fix size calculation in `_XimAttributeToValue`Matthieu Herrb
The check here guards the read below. For `XimType_XIMStyles`, these are `num` of `CARD32` and for `XimType_XIMHotKeyTriggers` these are `num` of `XIMTRIGGERKEY` ref[1] which is defined as 3 x `CARD32`. (There are data after the `XIMTRIGGERKEY` according to the spec but they are not read by this function and doesn't need to be checked.) The old code here used the native datatype size instead of the wire protocol size causing the check to always fail. Also fix the size calculation for the header (size). It is 2 x CARD16 for both types despite the unused `CARD16` for `XimType_XIMStyles`. This fixes a regression caused by previous commit.
2020-07-31Fixes for Heap corruption in the X input method client in libX11Matthieu Herrb
CVE-2020-14344 These where reported to X.Org and patches proposed by Todd Carson. Thanks.
2020-01-04Uppdate to libX11 1.6.9. Tested by krw@ and naddy@Matthieu Herrb
2019-09-05Fix gcc3 specific error. The diff is based on latest upstream change.Kenji Aoyama
suggested by jsg@, tested on luna88k by me, ok by jsg@ and matthieu@
2019-08-04Update to libX11 1.6.8 riding the major bump caused by xtrans 1.4.0Matthieu Herrb
2019-08-04Update to libxtrans 1.4.0. Major bumps for libX11 and libICE.Matthieu Herrb
no objections from naddy@, espie@ and ajacoutot@
2018-10-20Update to libX11 1.6.7Matthieu Herrb
2018-08-23Udate to libX11 1.6.6. bug fixes release - no API/ABI changes.Matthieu Herrb
2017-10-23This file isn't built anymore. So remove diffs with upstreams.Matthieu Herrb
2017-02-28Update to libX11 1.6.5Matthieu Herrb
2016-11-03Update to libX11 1.6.4Matthieu Herrb
2016-11-03Remove stale filesMatthieu Herrb
2016-10-11regenMatthieu Herrb
2016-10-08ks_tables.h is always considered out of date due to the forced rebuildMartin Natano
of the makekeys util. This means it's also rebuilt during install. First as root during build, later by the BUILDUSER during release, which won't be able to rewrite it, because it's now owned by root. With this result: override rw-r--r-- root/wheel for ks_tables.h? One step closer towards noperm release builds for xenocara. ok matthieu
2016-10-04Validation of server responses in XGetImage()Matthieu Herrb
Check if enough bytes were received for specified image type and geometry. Otherwise GetPixel and other functions could trigger an out of boundary read later on. From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04The validation of server responses avoids out of boundary accesses.Matthieu Herrb
From Tobias Stoeckmann / Xorg Securiry adrvisory Oct 4, 2016.
2016-03-11Remove support vax and XENOCARA_HAVE_SHARED_LIBS scaffolding.Okan Demirmen
ok matthieu@
2015-04-06update to libX11 1.6.3Matthieu Herrb
2015-01-01Fix bad merges.Matthieu Herrb
2014-12-09fix wrong name in .TH, NAME, and SYNOPSIS (obviously bad pastos...)Ingo Schwarze
ok matthieu@
2013-09-28Update to libX11 1.6.2. No API change.Matthieu Herrb
2013-08-26Update to libX11 1.6.1.Matthieu Herrb
2013-08-13Repair guenther's damage that I didn't ok.Matthieu Herrb
2013-08-13Bump major on libX11-xcb to match the 64bit time_t changePhilip Guenther
2013-08-13Bump the major on every single base library. There are a couplePhilip Guenther
not bumped by this that will be corrected soon. heavy lifting by todd@
2013-06-04Update to libX11 1.6.0Matthieu Herrb
2013-05-31Update to libX11 1.5.99.902 aka 1.6rc2Matthieu Herrb
2013-05-23Merge upstream fixes for several X libs vulnerabilitiesMatthieu Herrb
discovered by Ilja van Sprundel. CVE-2013-1981 X.org libX11 1.5.99.901 (1.6 RC1) integer overflows CVE-2013-1982 X.org libXext 1.3.1 integer overflows CVE-2013-1983 X.org libXfixes 5.0 integer overflows CVE-2013-1984 X.org libXi 1.7.1 integer overflows CVE-2013-1985 X.org libXinerama 1.1.2 integer overflows CVE-2013-1986 X.org libXrandr 1.4.0 integer overflows CVE-2013-1987 X.org libXrender 0.9.7 integer overflows CVE-2013-1988 X.org libXRes 1.0.6 integer overflows CVE-2013-1989 X.org libXv 1.0.7 integer overflows CVE-2013-1990 X.org libXvMC 1.0.7 integer overflows CVE-2013-1991 X.org libXxf86dga 1.1.3 integer overflows CVE-2013-1992 X.org libdmx 1.1.2 integer overflows CVE-2013-1994 X.org libchromeXvMC & libchromeXvMCPro in openChrome 0.3.2 integer overflows CVE-2013-1995 X.org libXi 1.7.1 sign extension issues CVE-2013-1996 X.org libFS 1.0.4 sign extension issues CVE-2013-1997 X.org libX11 1.5.99.901 (1.6 RC1) buffer overflows CVE-2013-1998 X.org libXi 1.7.1 buffer overflows CVE-2013-1999 X.org libXvMC 1.0.7 buffer overflows CVE-2013-2000 X.org libXxf86dga 1.1.3 buffer overflows CVE-2013-2001 X.org libXxf86vm 1.1.2 buffer overflows CVE-2013-2002 X.org libXt 1.1.3 buffer overflows CVE-2013-2003 X.org libXcursor 1.1.13 integer overflows CVE-2013-2004 X.org libX11 1.5.99.901 (1.6 RC1) unbounded recursion CVE-2013-2005 X.org libXt 1.1.3 memory corruption CVE-2013-2066 X.org libXv 1.0.7 buffer overflows
2013-04-28Update to libX11 1.6RC. No bump needed.Matthieu Herrb
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 07:43:22 +0000