xorg-server (2:21.1.7-3+deb12u7) bookworm-security; urgency=high
* render: Avoid possible double-free in ProcRenderAddGlyphs()
-- Julien Cristau <jcristau@debian.org> Wed, 10 Apr 2024 11:02:46 +0200
xorg-server (2:21.1.7-3+deb12u6) bookworm-security; urgency=high
* CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
* CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
* CVE-2024-31082: Heap buffer overread/data leakage in ProcAppleDRICreatePixmap
* CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
-- Julien Cristau <jcristau@debian.org> Thu, 04 Apr 2024 11:59:35 +0200
xorg-server (2:21.1.7-3+deb12u5) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
* Xi: require a pointer and keyboard device for XIAttachToMaster
* dix: allocate enough space for logical button maps (CVE-2023-6816)
* dix: Allocate sufficient xEvents for our DeviceStateNotify (CVE-2024-0229)
* dix: fix DeviceStateNotify event calculation (CVE-2024-0229)
* Xi: when creating a new ButtonClass, set the number of buttons
(CVE-2024-0229)
* Xi: flush hierarchy events after adding/removing master devices
(CVE-2024-21885)
* Xi: do not keep linked list pointer during recursion (CVE-2024-21886)
* dix: when disabling a master, float disabled slaved devices too
(CVE-2024-21886)
* ephyr,xwayland: Use the proper private key for cursor
* glx: Call XACE hooks on the GLX buffer
* dix: Fix use after free in input device shutdown
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 22 Jan 2024 07:19:15 +0100
xorg-server (2:21.1.7-3+deb12u4) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
* Sync "Xi: allocate enough XkbActions for our buttons" (CVE-2023-6377)
The original upstream patch applied for CVE-2023-6377 was incomplete and
still allows OOM access.
This update syncs the patch with the upstream applied patch.
-- Salvatore Bonaccorso <carnil@debian.org> Fri, 15 Dec 2023 06:00:53 +0100
xorg-server (2:21.1.7-3+deb12u3) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
* Xi: allocate enough XkbActions for our buttons (CVE-2023-6377)
* randr: avoid integer truncation in length check of ProcRRChange*Property
(CVE-2023-6478)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 09 Dec 2023 12:06:17 +0100
xorg-server (2:21.1.7-3+deb12u2) bookworm-security; urgency=high
* 0003-mi-fix-CloseScreen-initialization-order.patch,
0004-fb-properly-wrap-unwrap-CloseScreen.patch: drop, causes other
bugs that are worse than CVE-2023-5574.
-- Julien Cristau <jcristau@debian.org> Wed, 25 Oct 2023 09:35:47 +0200
xorg-server (2:21.1.7-3+deb12u1) bookworm-security; urgency=medium
* present-Check-for-NULL-to-prevent-crash.patch: drop, applied upstream since 21.1.4
* Xi/randr: fix handling of PropModeAppend/Prepend (CVE-2023-5367)
* mi: reset the PointerWindows reference on screen switch (CVE-2023-5380)
* mi: fix CloseScreen initialization order
* fb: properly wrap/unwrap CloseScreen (CVE-2023-5574)
-- Julien Cristau <jcristau@debian.org> Mon, 23 Oct 2023 19:26:14 +0200
xorg-server (2:21.1.7-3) unstable; urgency=medium
* Enable DRI2 for the udeb build, needed in addition to DRM support
since 9c81b8f5b5 to build the modesetting driver. This fixes failures
to start X in the graphical installer under UTM (Closes: #1035014).
Thanks to Keith Toh for the report and the follow-up tests!
-- Cyril Brulebois <kibi@debian.org> Wed, 03 May 2023 03:41:41 +0200
xorg-server (2:21.1.7-2) unstable; urgency=high
* composite: Fix use-after-free of the COW
ZDI-CAN-19866/CVE-2023-1393
-- Julien Cristau <jcristau@debian.org> Wed, 29 Mar 2023 15:11:07 +0200
xorg-server (2:21.1.7-1) unstable; urgency=medium
* New upstream release
+ Xi: fix potential use-after-free in DeepCopyPointerClasses
(CVE-2023-0494, closes: #1030777)
-- Julien Cristau <jcristau@debian.org> Tue, 07 Feb 2023 14:15:45 +0100
xorg-server (2:21.1.6-1) unstable; urgency=medium
* New upstream release.
* patches: Drop upstreamed patches.
* Add signing-key from Olivier Fourdan.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 05 Jan 2023 16:02:46 +0200
xorg-server (2:21.1.5-1) unstable; urgency=medium
* New upstream release.
- CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343,
CVE-2022-46344, CVE-2022-46283
* Add signing-key from Peter Hutterer.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 14 Dec 2022 11:10:24 +0200
xorg-server (2:21.1.4-3) unstable; urgency=medium
* xkb: proof GetCountedString against request length attacks (CVE-2022-3550)
* xkb: fix some possible memleaks in XkbGetKbdByName (CVE-2022-3551)
-- Emilio Pozuelo Monfort <pochu@debian.org> Fri, 11 Nov 2022 13:35:13 +0100
xorg-server (2:21.1.4-2) unstable; urgency=medium
* 001_fedora_extramodes.patch: Dropped, apparently obsolete since
1.5.0. (LP: #1990456)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 22 Sep 2022 08:53:59 +0300
xorg-server (2:21.1.4-1) unstable; urgency=medium
* New upstream release.
- CVE-2022-2319, CVE-2022-2320 (Closes: #1014903)
-- Timo Aaltonen <tjaalton@debian.org> Mon, 25 Jul 2022 12:46:43 +0300
xorg-server (2:21.1.3-2) unstable; urgency=medium
* present-Check-for-NULL-to-prevent-crash.patch: Fix a crash with
nvidia 495.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 09 Feb 2022 12:19:09 +0200
xorg-server (2:21.1.3-1) experimental; urgency=medium
* New upstream release.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 10 Jan 2022 17:54:12 +0200
xorg-server (2:21.1.1-2) experimental; urgency=medium
* Fix serverminver.
* control: Add libxcvt-dev to xserver-xorg-dev depends.
-- Timo Aaltonen <tjaalton@debian.org> Sat, 27 Nov 2021 11:18:56 +0200
xorg-server (2:21.1.1-1) experimental; urgency=medium
* New upstream release.
* 04_compiler_h_inb_outb_mips.diff: Dropped, upstream.
* Xwayland is dropped from this souce, don't try to build it.
* Xdmx is gone, drop it from the build.
* serverminver: Bump versions.
* control: Bump x11proto-dev and libx1-dev depends.
* control: Add libxcvt-dev to build-depends, xcvt to -core Recommends.
* control: Bump libdrm-dev build-depends.
* Update signing-key.asc.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 17 Nov 2021 16:31:46 +0200
xorg-server (2:1.20.14-1) unstable; urgency=medium
* New upstream release.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 11 Jan 2022 16:21:08 +0200
xorg-server (2:1.20.13-3) unstable; urgency=high
* Team upload.
* record: Fix out of bounds access in SwapCreateRegister() [CVE-2021-4011]
* xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() [CVE-2021-4009]
* Xext: Fix out of bounds access in SProcScreenSaverSuspend() [CVE-2021-4010]
* render: Fix out of bounds access in SProcRenderCompositeGlyphs() [CVE-2021-4008]
-- Julien Cristau <jcristau@debian.org> Tue, 14 Dec 2021 14:38:21 +0100
xorg-server (2:1.20.13-2) unstable; urgency=medium
* Upload to unstable.
* Disable building xwayland.
-- Timo Aaltonen <tjaalton@debian.org> Sat, 27 Nov 2021 13:03:35 +0200
xorg-server (2:1.20.13-1) experimental; urgency=medium
* New upstream release.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 10 Aug 2021 12:27:00 +0300
xorg-server (2:1.20.11-1) unstable; urgency=medium
* New upstream release.
- CVE-2021-3472
* Add signing key for Matt Turner.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 13 Apr 2021 19:07:31 +0300
xorg-server (2:1.20.10-3) unstable; urgency=medium
[ Julien Cristau ]
* Drop workaround for mips* FTBFS added in 2:1.20.10-1, shouldn't be
necessary anymore with the change in 2:1.20.10-2.
[ Sven Joachim ]
* Recommend default-logind | logind rather than libpam-systemd in
xserver-xorg-core (Closes: #923198).
* Use mktemp rather than tempfile in xserver-xorg-legacy.postinst
(Closes: #979751).
* Use dpkg-vendor to get the vendor name, drop lsb-release from
Build-Depends.
[ Vagrant Cascadian ]
* Avoid embedding the running kernel version (Closes: #976898).
-- Timo Aaltonen <tjaalton@debian.org> Wed, 17 Feb 2021 11:17:43 +0200
xorg-server (2:1.20.10-2) unstable; urgency=medium
* Stop defining inb/outb on mips, to fix FTBFS in some drivers with GCC 10
(closes: #978670).
-- Julien Cristau <jcristau@debian.org> Wed, 06 Jan 2021 10:33:33 +0100
xorg-server (2:1.20.10-1) unstable; urgency=medium
[ Timo Aaltonen ]
* New upstream release.
- CVE-2020-14360, CVE-2020-25712 (Closes: #976216)
* Drop patches:
- 0001-Revert-*: Reverted upstream in this version
- revert-hw-xfree86-avoid-cursor-use-after-free.diff: Issue fixed in this version
- revert-disabling-xss-for-rootless-xwayland.diff: Was resolved upstream as
being a client bug
* control: Add libnvidia-egl-wayland-dev to build-depends, enables
EGLStream support in xwayland.
[ Adrian Bunk ]
* rules: Add a workaround to fix build on mips*. (Closes: #975579)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 02 Dec 2020 12:41:35 +0200
xorg-server (2:1.20.9-2) unstable; urgency=medium
* fix-pci-probing-segfault.diff: Dropped and revert three commits
instead. (Closes: #969739)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 24 Sep 2020 12:19:06 +0300
xorg-server (2:1.20.9-1) unstable; urgency=medium
* New upstream release.
- CVE-2020-14347 (Closes: #968986)
* fix-pci-probing-segfault.diff: Fix a regression in 1.20.9 when
probing the GPU.
* revert-hw-xfree86-avoid-cursor-use-after-free.diff: Revert a commit
which is causing server crashes.
* revert-disabling-xss-for-rootless-xwayland.diff: Fix a regression
where apps crash under Xwayland.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 31 Aug 2020 18:49:48 +0300
xorg-server (2:1.20.8-2) unstable; urgency=medium
* rules: Exclude udeb/ from indep dh_missing. (Closes: #955399)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 31 Mar 2020 13:14:40 +0300
xorg-server (2:1.20.8-1) unstable; urgency=medium
* New upstream release.
* patches: Dropped patches applied upstream:
- fix-modesetting-build.diff
- add-EGL_QUERY_DRIVER-check.diff
- fix-rotate-crash.diff
* control: Use debhelper-compat, bump to 12.
* rules: Migrate to dh_missing.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 30 Mar 2020 15:48:38 +0300
xorg-server (2:1.20.7-4) unstable; urgency=medium
[ Jordan Justen ]
* add-EGL_QUERY_DRIVER-check.diff: Add missing change from upstream
to fix glamor getting the driver name from EGL.
-- Timo Aaltonen <tjaalton@debian.org> Sat, 29 Feb 2020 07:05:06 +0200
xorg-server (2:1.20.7-3) unstable; urgency=medium
* fix-rotate-crash.diff: Fix a crash if rotation is set on xorg.conf.
(Closes: #949257)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 05 Feb 2020 18:27:36 +0200
xorg-server (2:1.20.7-2) unstable; urgency=medium
* add-EGL_QUERY_DRIVER-check.diff: Add a check for EGL_QUERY_DRIVER to
autotools.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 14 Jan 2020 12:13:49 +0200
xorg-server (2:1.20.7-1) unstable; urgency=medium
* New upstream release.
* 07_use-modesetting-driver-by-default-on-GeForce.diff: Modified to
not include xf86drm.h on Hurd. (Closes: #947746)
* control: Add mesa-common-dev and libx11-xcb-dev to build-depends.
(Closes: #947748)
* serverminver: Bump video abi minor.
* fix-modesetting-build.diff: Add a missing include to fix the build.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 14 Jan 2020 10:50:19 +0200
xorg-server (2:1.20.6-1) unstable; urgency=medium
[ Sven Joachim ]
* Remove the explicit build and build-indep targets (Closes: #941128).
* Exclude the directory where xorg-server.tar.xz is built from it
(Closes: #930405).
* Make the xorg-server-source binary package reproducible by specifying
suitable options to tar when creating /tmp/xorg-server.tar.xz.
* Set Rules-Requires-Root to binary-targets.
* Drop dependency on dummy package libegl1-mesa (Closes: #930608).
* Remove no longer used lintian overrides from version 2:1.11.2.901-1.
* Bump debhelper compat level to 11.
- Drop autoreconf and --parallel from the dh sequence, default since
compat level 10. Remove dh-autoreconf from Build-Depends, redundant.
* Drop dpkg-dev build dependency, already fulfilled in wheezy.
* Add xz-utils to Build-Depends-Indep.
* Fix a typo in the xvfb-run manpage.
[ Timo Aaltonen ]
* New upstream release.
* Add signing key from Matt Turner.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 25 Nov 2019 11:49:09 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog xserver-common`.
Generated by dwww version 1.15 on Thu May 23 02:11:39 CEST 2024.