Age | Commit message (Collapse) | Author |
|
|
|
The security patches were already commited, sync with the rest
of the 21.1.12 relase.
|
|
|
|
|
|
ProcXIGetSelectedEvents() (CVE-2024-31080) and
ProcXiPassiveGrabDevice() (CVE-2024-31081)
|
|
All the security fixes have already been committed.
|
|
|
|
implementations:
1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.
2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.
3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.
4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.
5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.
6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.
|
|
The security fixes have already been committed.
|
|
Xi: allocate enough XkbActions for our buttons
CVE-2023-6377
|
|
CVE-2023-6478
|
|
CVE-2023-6377
|
|
All the security patches have already been committed.
Udated autoconf to 2.71 explains the large build infrastructure diff.
|
|
CVE-2023-5367 CVE-2023-5380 CVE-2023-5574
|
|
image format. This is a format with num_planes == 2, so we have only 2
elements in offsets[] and pitches[].
Bug found by otto@ using his strict malloc checking.
|
|
unbreak build with clang-16 by fixing up function definitions to match
the whole CARD64 vs uint64_t issue needs more thinking.
Suggested by kettenis@
|
|
our uint64_t is an unsinged long long, but CARD64 is defined as unsigned long
so the function pointer types in both glamor and xf86-video-amdgpu were
mismatched and clang-16 treats that as an error
ok matthieu@
|
|
ok matthieu@
|
|
|
|
CVE-2023-1393, ZDI-CAN-19866
|
|
CVE-2023-0494, ZDI-CAN-19596
|
|
Includes a few fixes to the security patches already committed.
|
|
Not having those file only create noise when merging upstream releases.
|
|
* CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack
overflow
* CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab
out-of-bounds access
* CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify
use-after-free
* CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes
use-after-free
* CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty
out-of-bounds access
* CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free
|
|
Report from bauerm at pestilenz dot org.
With help from and ok millert@
|
|
The security patches were already committed as part of july 24 errata.
This brings a few other bug fixes.
Tested by Walter Alejandro Iglesias.
|
|
CVE-2022-2319/ZDI-CAN-16062 ProcXkbSetGeometry Out-Of-Bounds Access
CVE-2022-2320/ZDI-CAN-16070 ProcXkbSetDeviceInfo Out-Of-Bounds Access
|
|
This does *not* include the commit that reverts the new computation
of the screen resolution from dimensions returned by the screen since
many of you told they prefer the new behaviour from 21.1.1.
This is going to be discussed again before 7.1
|
|
0x2972 is 946GZ which is gen 4
|
|
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.
OK matthieu@
|
|
ZDI-CAN-14192, CVE-2021-4008
|
|
ZDI-CAN-14951, CVE-2021-4010
|
|
ZDI-CAN-14950, CVE-2021-4009
|
|
ZDI-CAN-14952, CVE-2021-4011
|
|
bounds read. White-space fix and ok jsg@
|
|
ok jsg@ on the upstream merge request.
|
|
Attempting to run fvwm on a x61/965gm with xserver 1.21.1 with the
modesetting driver on amd64 would cause the xserver to
reliably crash.
problem introduced upstream in
2906ee5e4 ("glamor: Fix leak in glamor_build_program()")
which was backported to the 1.21 branch.
ok matthieu@
|
|
This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This adds the pid of the local clients to LocalLientCred.
ok espie@
|
|
This avoids keeping an open file descriptor on machines
where /dev/console is not a wsdisplay device.
|
|
ok matthieu@
|
|
CVE-2021-3472 / ZDI-CAN-1259
Reported by Jan-Niklas Sohn via Trend Micro.
|
|
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.
Fixes clang 11 build on mips64.
Input and OK jsg@
|
|
b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git
originally from deraadt@
|