-
xorg-server (2:1.20.13-1ubuntu1~20.04.17) focal-security; urgency=medium
* SECURITY REGRESSION: Avoid possible double-free
- debian/patches/CVE-2024-31083-regression.patch:
fix a regression caused for a double-free at the last
changes fixed by CVE-2024-31083 (LP: #2060354)
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 08 Apr 2024 22:36:10 -0300
-
xorg-server (2:1.20.13-1ubuntu1~20.04.16) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer over read
- debian/patches/CVE-2024-31080.patch: fixes byte
swapping in replies in Xi/xiselectev.c.
- CVE-2024-31080
* SECURITY UPDATE: Heap buffer over read
- debian/patches/CVE-2024-31081.patch: fixes byte
swapping in replies in Xi/xipassivegrab.c.
- CVE-2024-31081
* SECURITY UPDATE: Heap buffer over read
- debian/patches/CVE-2024-31082.patch: makes
ProcAppleDRICreatePixmap use unswapped length to
send reply in hw/xquartz/xpr/appledir.c.
- CVE-2024-31082
* SECURITY UPDATE: User-after-free
- debian/patches/CVE-2024-31083.patch: fix recounting of glyphs
during ProcRenderAddGlyphs in render/glyph.c.
- CVE-2024-31083
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 01 Apr 2024 17:17:12 -0300
-
xorg-server (2:1.20.13-1ubuntu1~20.04.15) focal-security; urgency=medium
* SECURITY REGRESSION: memory leak due to incomplete fix (LP: #2051536)
- debian/patches/CVE-2024-21886-3.patch: fix use after free in input
device shutdown in dix/devices.c.
-- Marc Deslauriers <email address hidden> Mon, 29 Jan 2024 07:44:21 -0500
-
xorg-server (2:1.20.13-1ubuntu1~20.04.14) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in DeviceFocusEvent and
ProcXIQueryPointer
- debian/patches/CVE-2023-6816.patch: allocate enough space for logical
button maps in Xi/xiquerypointer.c, dix/enterleave.c.
- CVE-2023-6816
* SECURITY UPDATE: Reattaching to different master device may lead to
out-of-bounds memory access
- debian/patches/CVE-2024-0229-1.patch: allocate sufficient xEvents for
our DeviceStateNotify in dix/enterleave.c.
- debian/patches/CVE-2024-0229-2.patch: fix DeviceStateNotify event
calculation in dix/enterleave.c.
- debian/patches/CVE-2024-0229-3.patch: when creating a new
ButtonClass, set the number of buttons in Xi/exevents.c.
- debian/patches/CVE-2024-0229-4.patch: require a pointer and keyboard
device for XIAttachToMaster in Xi/xichangehierarchy.c.
- CVE-2024-0229
* SECURITY UPDATE: SELinux unlabeled GLX PBuffer
- debian/patches/CVE-2024-0408.patch: call XACE hooks on the GLX buffer
in glx/glxcmds.c.
- CVE-2024-0408
* SECURITY UPDATE: SELinux context corruption
- debian/patches/CVE-2024-0409.patch: use the proper private key for
cursor in hw/kdrive/ephyr/ephyrcursor.c,
hw/xwayland/xwayland-cursor.c.
- CVE-2024-0409
* SECURITY UPDATE: Heap buffer overflow in XISendDeviceHierarchyEvent
- debian/patches/CVE-2024-21885.patch: flush hierarchy events after
adding/removing master devices in Xi/xichangehierarchy.c.
- CVE-2024-21885
* SECURITY UPDATE: Heap buffer overflow in DisableDevice
- debian/patches/CVE-2024-21886-1.patch: do not keep linked list
pointer during recursion in dix/devices.c.
- debian/patches/CVE-2024-21886-2.patch: when disabling a master, float
disabled slaved devices too in dix/devices.c.
- CVE-2024-21886
-- Marc Deslauriers <email address hidden> Mon, 15 Jan 2024 10:45:41 -0500
-
xorg-server (2:1.20.13-1ubuntu1~20.04.12) focal-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds memory write in XKB button actions
- debian/patches/CVE-2023-6377.patch: allocate enough XkbActions for
our buttons in Xi/exevents.c, dix/devices.c.
- CVE-2023-6377
* SECURITY UPDATE: Out-of-bounds memory read in RRChangeOutputProperty
and RRChangeProviderProperty
- debian/patches/CVE-2023-6478.patch: avoid integer truncation in
length check of ProcRRChange*Property in randr/rrproperty.c,
randr/rrproviderproperty.c.
- CVE-2023-6478
-- Marc Deslauriers <email address hidden> Tue, 12 Dec 2023 20:29:21 -0500
-
xorg-server (2:1.20.13-1ubuntu1~20.04.9) focal-security; urgency=medium
* SECURITY UPDATE: OOB write in XIChangeDeviceProperty and
RRChangeOutputProperty
- debian/patches/CVE-2023-5367.patch: fix handling of PropModeAppend
and PropModePrepend in Xi/xiproperty.c, randr/rrproperty.c.
- CVE-2023-5367
* SECURITY UPDATE: Use-after-free bug in DestroyWindow
- debian/patches/CVE-2023-5380.patch: reset the PointerWindows
reference on screen switch in dix/enterleave.h, include/eventstr.h,
mi/mipointer.c.
- CVE-2023-5380
-- Marc Deslauriers <email address hidden> Mon, 23 Oct 2023 12:31:55 -0400
-
xorg-server (2:1.20.13-1ubuntu1~20.04.8) focal-security; urgency=medium
* SECURITY UPDATE: Overlay Window Use-After-Free
- debian/patches/CVE-2023-1393.patch: fix use-after-free of the COW in
composite/compwindow.c.
- CVE-2023-1393
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2023 08:53:02 -0400
-
xorg-server (2:1.20.13-1ubuntu1~20.04.7) focal; urgency=medium
* d/p/lp2007746-fix-pdev-null-deref.patch: fix potential pdev null
deref in xf86platformBus.c (LP: #2007746)
-- Mustafa Kemal GILOR <email address hidden> Sat, 18 Feb 2023 15:17:01 +0300
-
xorg-server (2:1.20.13-1ubuntu1~20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: DeepCopyPointerClasses use-after-free
- debian/patches/CVE-2023-0494.patch: fix potential use-after-free in
Xi/exevents.c.
- CVE-2023-0494
-- Marc Deslauriers <email address hidden> Tue, 07 Feb 2023 07:48:13 -0500
-
xorg-server (2:1.20.13-1ubuntu1~20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: XTestSwapFakeInput stack overflow
- debian/patches/CVE-2022-46340.patch: disallow GenericEvents in
XTestSwapFakeInput in Xext/xtest.c.
- CVE-2022-46340
* SECURITY UPDATE: XIPassiveUngrabDevice out-of-bounds access
- debian/patches/CVE-2022-46341.patch: disallow passive grabs with a
detail > 255 in Xi/xipassivegrab.c.
- CVE-2022-46341
* SECURITY UPDATE: XvdiSelectVideoNotify use-after-free
- debian/patches/CVE-2022-46342.patch: free the XvRTVideoNotify when
turning off from the same client in Xext/xvmain.c.
- CVE-2022-46342
* SECURITY UPDATE: ScreenSaverSetAttributes use-after-free
- debian/patches/CVE-2022-46343.patch: free the screen saver resource
when replacing it in Xext/saver.c.
- CVE-2022-46343
* SECURITY UPDATE: XIChangeProperty out-of-bounds access
- debian/patches/CVE-2022-46344-1.patch: return an error from XI
property changes if verification failed in Xi/xiproperty.c.
- debian/patches/CVE-2022-46344-2.patch: avoid integer truncation in
length check of ProcXIChangeProperty in Xi/xiproperty.c.
- CVE-2022-46344
* SECURITY UPDATE: XkbGetKbdByName use-after-free
- debian/patches/CVE-2022-4283.patch: reset the radio_groups pointer to
NULL after freeing it in xkb/xkbUtils.c.
- CVE-2022-4283
-- Marc Deslauriers <email address hidden> Wed, 07 Dec 2022 08:02:34 -0500
-
xorg-server (2:1.20.13-1ubuntu1~20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: GetCountedString Buffer Overflow
- debian/patches/CVE-2022-3550.patch: add a check for client->req_len
size for _GetCountedString in xkb/xkb.c.
- CVE-2022-3550
* SECURITY UPDATE: ProcXkbGetKbdByName Memory Leak
- debian/patches/CVE-2022-3551.patch: add calls to free allocated
memory if the execution reaches failures in ProcXkbGetKbdByName
in xkb/xkb.c.
- CVE-2022-3551
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 22 Nov 2022 11:24:11 -0300
-
xorg-server (2:1.20.13-1ubuntu1~20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: ProcXkbSetGeometry Out-Of-Bounds Access
- debian/patches/CVE-2022-2319-pre1.patch: switch to array index loops
to moving pointers in xkb/xkb.c.
- debian/patches/CVE-2022-2319.patch: add request length validation for
XkbSetGeometry in xkb/xkb.c.
- CVE-2022-2319
* SECURITY UPDATE: ProcXkbSetDeviceInfo Out-Of-Bounds Access
- debian/patches/CVE-2022-2320.patch: swap XkbSetDeviceInfo and
XkbSetDeviceInfoCheck in xkb/xkb.c.
- CVE-2022-2320
-- Marc Deslauriers <email address hidden> Wed, 06 Jul 2022 09:53:24 -0400
-
xorg-server (2:1.20.13-1ubuntu1~20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: SProcRenderCompositeGlyphs out-of-bounds access
- debian/patches/CVE-2021-4008.patch: check lengths in render/render.c.
- CVE-2021-4008
* SECURITY UPDATE: SProcXFixesCreatePointerBarrier out-of-bounds access
- debian/patches/CVE-2021-4009.patch: use sizes in xfixes/cursor.c.
- CVE-2021-4009
* SECURITY UPDATE: SProcScreenSaverSuspend out-of-bounds access
- debian/patches/CVE-2021-4010.patch: fix logic in Xext/saver.c.
- CVE-2021-4010
* SECURITY UPDATE: SwapCreateRegister out-of-bounds access
- debian/patches/CVE-2021-4011.patch: fix length in record/record.c.
- CVE-2021-4011
-- Marc Deslauriers <email address hidden> Tue, 14 Dec 2021 09:14:13 -0500
-
xorg-server (2:1.20.13-1ubuntu1~20.04.1) focal; urgency=medium
* Backport to focal. (LP: #1947820, LP: #1949553)
- don't disable building xwayland
-- Timo Aaltonen <email address hidden> Thu, 18 Nov 2021 14:55:16 +0200
-
xorg-server (2:1.20.11-1ubuntu1~20.04.2) focal; urgency=medium
* modesetting-disable-reverse-prime-offload-udl.diff: Fix a regression
on displaylink devices after mesa update. (LP: #1931547)
xorg-server (2:1.20.11-1ubuntu1~20.04.1) focal; urgency=medium
* Backport to focal. (LP: #1925320)
- don't disable building xwayland
-- Timo Aaltonen <email address hidden> Tue, 06 Jul 2021 13:17:51 +0300
-
xorg-server (2:1.20.11-1ubuntu1~20.04.1) focal; urgency=medium
* Backport to focal. (LP: #1925320)
- don't disable building xwayland
-- Timo Aaltonen <email address hidden> Mon, 31 May 2021 18:24:16 +0300
-
xorg-server (2:1.20.9-2ubuntu1.2~20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: XChangeFeedbackControl Integer Underflow
- debian/patches/CVE-2021-3472.patch: add check to Xi/chgfctl.c.
- CVE-2021-3472
-- Marc Deslauriers <email address hidden> Thu, 08 Apr 2021 08:29:22 -0400
-
xorg-server (2:1.20.9-2ubuntu1.2~20.04.1) focal-security; urgency=medium
* Backport to focal; Reintroduce CVE fixes from focal 1.20.8-2ubuntu2.6
/ groovy 1.20.9-2ubuntu1.1.
-- Timo Aaltonen <email address hidden> Sun, 17 Jan 2021 11:13:31 +0200
-
xorg-server (2:1.20.9-2ubuntu1.1~20.04.1) focal; urgency=medium
* Backport to focal. (LP: #1902244)
-- Timo Aaltonen <email address hidden> Fri, 18 Dec 2020 15:08:03 +0200
-
xorg-server (2:1.20.8-2ubuntu2.6) focal-security; urgency=medium
* SECURITY UPDATE: out of bounds memory accesses on too short request
- debian/patches/CVE-2020-14360.patch: check SetMap request length
carefully in xkb/xkb.c.
- CVE-2020-14360
* SECURITY UPDATE: multiple heap overflows
- debian/patches/CVE-2020-25712.patch: add bounds checks in xkb/xkb.c.
- CVE-2020-25712
-- Marc Deslauriers <email address hidden> Mon, 30 Nov 2020 12:56:33 -0500
-
xorg-server (2:1.20.8-2ubuntu2.5) focal; urgency=medium
* modesetting-do-not-stop-on-entervt.diff: Dropped in favor of two
upstream commits that got merged. (LP: #1897530)
-- Timo Aaltonen <email address hidden> Wed, 04 Nov 2020 15:56:43 +0200
-
xorg-server (2:1.20.8-2ubuntu2.4) focal-security; urgency=medium
* SECURITY UPDATE: Out-Of-Bounds access in XkbSetNames function
- debian/patches/CVE-2020-14345.patch: correct bounds checking in
xkb/xkb.c.
- CVE-2020-14345
-- Marc Deslauriers <email address hidden> Fri, 04 Sep 2020 09:34:27 -0400
-
xorg-server (2:1.20.8-2ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: Integer underflow in the X input extension protocol
- debian/patches/CVE-2020-14346.patch: properly calculate length in
Xi/xichangehierarchy.c.
- CVE-2020-14346
* SECURITY UPDATE: server memory leak
- debian/patches/CVE-2020-14347.patch: initialize memory in
dix/pixmap.c.
- CVE-2020-14347
* SECURITY UPDATE: Integer Underflow Privilege Escalation
- debian/patches/CVE-2020-14361.patch: fix dataLeft calculation in
xkb/xkbSwap.c.
- CVE-2020-14361
* SECURITY UPDATE: Integer Underflow Privilege Escalation
- debian/patches/CVE-2020-14362.patch: properly calculate lengths in
record/record.c.
- CVE-2020-14362
-- Marc Deslauriers <email address hidden> Mon, 31 Aug 2020 09:45:37 -0400
-
xorg-server (2:1.20.8-2ubuntu2.2) focal; urgency=medium
* xfree86-add-drm-modes-on-non-GTF-panels.patch: Add GTF modes on
continuous-frequency monitors. (LP: #1883497)
-- Timo Aaltonen <email address hidden> Wed, 24 Jun 2020 09:00:21 +0300
-
xorg-server (2:1.20.8-2ubuntu2.1) focal; urgency=medium
* modesetting-do-not-stop-on-entervt.diff: Don't crash if connectors
go missing. (LP: #1879893)
-- Timo Aaltonen <email address hidden> Thu, 21 May 2020 11:22:15 +0300
-
xorg-server (2:1.20.8-2ubuntu2) focal; urgency=medium
* randr-auto-bind-of-gpu-is-a-config-change.diff: Backport GPU hotplug
RandR fix. (LP: #1862753)
xorg-server (2:1.20.8-2ubuntu1) focal; urgency=medium
* Merge from Debian.
* modesetting-Disable-atomic-support-by-default.patch: Dropped,
upstream.
xorg-server (2:1.20.8-2) unstable; urgency=medium
* rules: Exclude udeb/ from indep dh_missing. (Closes: #955399)
xorg-server (2:1.20.8-1) unstable; urgency=medium
* New upstream release.
* patches: Dropped patches applied upstream:
- fix-modesetting-build.diff
- add-EGL_QUERY_DRIVER-check.diff
- fix-rotate-crash.diff
* control: Use debhelper-compat, bump to 12.
* rules: Migrate to dh_missing.
xorg-server (2:1.20.7-4) unstable; urgency=medium
[ Jordan Justen ]
* add-EGL_QUERY_DRIVER-check.diff: Add missing change from upstream
to fix glamor getting the driver name from EGL.
xorg-server (2:1.20.7-3) unstable; urgency=medium
* fix-rotate-crash.diff: Fix a crash if rotation is set on xorg.conf.
(Closes: #949257)
-- Timo Aaltonen <email address hidden> Mon, 06 Apr 2020 12:39:29 +0300
-
xorg-server (2:1.20.7-2ubuntu2) focal; urgency=medium
* No-change rebuild with fixed binutils on arm64.
-- Matthias Klose <email address hidden> Sat, 08 Feb 2020 11:21:37 +0000
-
xorg-server (2:1.20.7-2ubuntu1) focal; urgency=medium
* Merge from debian.
* use-EGL_MESA_query_driver.diff: Dropped, upstream.
-- Timo Aaltonen <email address hidden> Tue, 14 Jan 2020 15:43:13 +0200
-
xorg-server (2:1.20.6-1ubuntu1) focal; urgency=medium
* Merge from Debian.
* compiler.h-Do-not-include-sys-io.h-on-ARM-with-glibc.patch:
Dropped, upstream.
-- Timo Aaltonen <email address hidden> Tue, 26 Nov 2019 11:25:06 +0200
-
xorg-server (2:1.20.5+git20191008-0ubuntu1) eoan; urgency=medium
* Sync with current server-1.20-branch.
- includes Xwayland, abi fixes
- fix-abi-for-1.20.diff: Dropped, upstream
* rules: Fix ftbfs, remove the explicit build and build-indep targets.
-- Timo Aaltonen <email address hidden> Tue, 08 Oct 2019 12:43:30 +0300