lp:ubuntu/gutsy-security/xorg-server

Created by James Westby on 2010-02-22 and last modified on 2010-02-22
Get this branch:
bzr branch lp:ubuntu/gutsy-security/xorg-server
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

62. By Bryce Harrington on 2008-06-11

 * Fix multiple security issues:
   + CVE-2008-2360 - RENDER Extension heap buffer overflow
   + CVE-2008-2361 - RENDER Extension crash
   + CVE-2008-2362 - RENDER Extension memory corruption
   + CVE-2008-1379 - MIT-SHM arbitrary memory read
   + CVE-2008-1377 - RECORD and Security extensions memory corruption

61. By Kees Cook on 2008-01-18

* SECURITY UPDATE: multiple memory corruption flaws.
* Re-applied security patches from 2:1.3.0.0.dfsg-12ubuntu8.1.
* Updated fix_CVE-2007-6429.patch: upstream fixes for bbp < 8
  crash regressions.
* References
  http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=e9fa7c1c88a8130a48f772c92b186b8b777986b5

60. By Martin Pitt on 2008-01-18

Revert previous security patch since it causes regressions.
(LP: #183969)

59. By Kees Cook on 2008-01-17

* SECURITY UPDATE: multiple memory corruption flaws.
* Added fix_CVE-2007-5958.patch: upstream fix from Matthieu Herrb.
* Added fix_CVE-2007-5760.patch: backported upstream fixes
  (bbde5b62a137ba726a747b838d81e92d72c1b42b) for XFree86 Misc extension out
  of bounds array index.
* Added fix_CVE-2007-6427.patch: backported upstream fixes
  (dd5e0f5cd5f3a87fee86d99c073ffa7cf89b0a27) for Xinput extension memory
  corruption.
* Added fix_CVE-2007-6428.patch: backported upstream fixes
  (7dc1717ff0f96b99271a912b8948dfce5164d5ad) for TOG-cup extension memory
  corruption.
* Added fix_CVE-2007-6429.patch: backported upstream fixes
  (6de61f82728df22ea01f9659df6581b87f33f11d) for MIT-SHM and EVI extensions
  integer overflows.
* Added fix_CVE-2008-0006.patch: backported upstream fixes
  (8e133d96740d010a4fd969a8188e6e71fb2cafe2) for PCF Font parser buffer
  overflow.

58. By Bryce Harrington on 2007-09-28

Add 145_glx_visuals_bound_check.patch to fix issue where mesa
incorrectly counts its visuals and can free too many of them during
video mode changes (VT switch, restart, hibernate, etc.) such as
when running Compiz. (closes LP: #127101)

57. By Bryce Harrington on 2007-09-25

Drop 143_fedora_xserver-1.3.0-randr12-config-hack.patch
as it causes failure to detect proper resolution on some intel
hardware. (closes LP: #144956)

56. By Bryce Harrington on 2007-09-20

Drop 214_Bug_9680-_Remove_bogus_blank_length_limiting_in_xf86SetModeCrtc.patch
as it is causing black bars to appear on screen for i810 users.
(closes LP: #137604several dupes)

55. By Bryce Harrington on 2007-09-18

[ Kees Cook ]
* debian/patches/132_composite-no-clipping.diff: Adjusted WindowRec
  structure order and RedirectDraw logic to avoid nvidia crashes
  (fixes LP: #130325).
* debian/patches/100_security_fdo-bug-7447.diff: Composite used for
  pixmap population on redirect. [CVE-2007-4730]

54. By Bryce Harrington on 2007-09-07

* debian/patches/133_psb_auto.patch: Add automatic detection of
  Poulsbo hardware when running without a Device definition.
* Added some cherry-picked patches from fedora:
  - 134_fedorda_xorg-x11-server-1.1.1-vt-activate-is-a-terrible-api.patch:
    Fixes race condition where someone does a VT_ACTIVATE
    between another ACTIVATE/WAITACTIVE by adding a fail.
    (Potentially might address Ubuntu bugs 134478 and/or 134982)
  - 135_fedora_xorg-x11-server-1.1.1-xkb-in-xnest.patch: Fixes issue when
    starting a session in an xnest nest environment as a different user,
    where keyboard map does not get preserved. Removes
    NO_HW_ONLY_EXTS check to address this issue. (RedHat bug 193431;
    Potentially may address Ubuntu bug 44846)
  - 136_fedora_xserver-1.2.0-honor-displaysize.patch: Fixes issue if monitor
    width and height have been specified, xserver would override them
    with the hsize/vsize detected from DDC.
  - 137_fedora_xserver-1.2.0-vfprintf.patch: Fixes typo 'vfprinf'
  - 138_fedora_xserver-1.3.0-default-dpi.patch: Changes default dpi to 100.
    (Addresses Ubuntu bugs 118745, 107320, many others...)
  - 139_fedora_xserver-1.3.0-document-fontpath-correctly.patch: Fixes
    document fontpaths shown in the man page.
  - 140_fedora_xserver-1.3.0-domain-obiwan.patch: Fixes longstanding bug in
    domain support.
  - 141_fedora_xserver-1.3.0-edid-quirk-backports.patch: Adds quirk for
    Samsung SyncMaster 225BW.
  - 142_fedora_xserver-1.3.0-no-pseudocolor-composite.patch: Composite on
    8bpp pseudocolor root windows appears to fail, so just disable it
    on anything pseudocolor for safety.
  - 143_fedora_xserver-1.3.0-randr12-config-hack.patch: Adds check to use
    the screen's xrandr modes if a preferred mode was not specified.
  - 144_fedora_xserver-1.3.0-xnest-exposures.patch: Only collect xnest
    exposures for xexposes with non-zero height and width.

53. By Bryce Harrington on 2007-08-31

* Added some cherry-picked patches from xserver 1.3.99:
  - 202_Add_quirk_for_Acer_AL1706_monitor_to_force_60hz_refresh.patch:
    The Acer AL1706 monitor reports support for 75hz via EDID, but
    does not sync when this range is given, so force it to 60hz.
  - 205_Bug_10770-_Inputdevs_isnt_a_valid_config_file_keyword.patch:
    Fixes typo in config file parser.
  - 208_Bug_6620-_Fixed_a_missing_else_in_ATIPseudoDMAInit.patch:
    Fixes issue where registers were written twice on R200, sometimes
    also putting bad values in atis->cce_pri_size.
  - 214_Bug_9680-_Remove_bogus_blank_length_limiting_in_xf86SetModeCrtc.patch:
    Fixes situation where when a specific mode is requested by monitor
    or user, xorg would tweak it to something incorrect.
  - 216_Bug_9041-_Check_the_return_code_in_xf86MapDomainMemory.patch:
    Fixes issue where mmap return value was being ignored and failing
    to issue fatal error as it should.
  - 221_ExaOffscreenMarkUsed-_Dont_crash_when_theres_no_offscreen_memory.patch:
    Fixes crash when there is no offscreen memory for EXA.
  - 222_Fix_a_crash_when_rotating_the_screen.patch:
    Fixes crash when rotating screen with xrandr.
  - 223_Fix_bug_8871-scrolling_corruption_with_a_compositing_manager.patch:
    Fixes scrolling corruption with composite due to incorrectly
    generated GraphicsExposes.
  - 224_Fix_calculations_in_x86_emulator_for_the_long_long_case_Andreas_Schwab.patch:
    Fixes long long multiplication when in x86 emulator.
  - 227_Fix_sync_polarity_on_Samsung_SyncMaster_205BW_monitor.patch:
    Adds quirk for Samsung SyncMaster 205BW
  - 230_In___glXCreateARGBConfig_insert_the_new_GL_mode_at_the__end__of_the_linked_list.patch:
    Fixes insertion order of linked list that can cause GLX clients to
    fail when attempting to use the last GLX mode/visual.
  - 231_In_dmxBackendMouGetInfo_initialize_the_info-minval_maxval_arrays_to_the_size_of_the_backend_display.patch:
    Fixes potential issue in X input where axis clipping code in
    GetPointerEvents() constrains the pointer's coordinate range to a
    max of 0, causing the mouse to not move.
  - 234_Reapply_patch_to_fix_AMD_CPU_detection.patch:
    Fixes AMD Geode CPU detection.
  - 236_Syncmaster_226_monitor_needs_60Hz_refresh_10545.patch:
    Adds quirk for Samsung SyncMaster 226BW.
  - 238_Update_pci.ids_to_2007-07-16_snapshot.patch:
    Updates our pci ids to support more current hardware.
    Remove nvidia ids in extrapci.ids that are now in pci.ids.
    Add nvidia ids to extrapci.ids that are in xf86-video-nv but not pci.ids
  - 241_XFree86-_Treat_evdev_and_vmmouse_as_mouse_drivers_bug_10512_10559.patch:
    Fix issue where a default mouse device gets automatically added
    when an evdev or vmmouse section has already been specified.
  - 243_exaDriverInit-_Fail_if_pScreenInfo_or_a_member_of_it_is_invalid.patch:
    Fix crash in EXA when pScreenInfo or a member of it is invalid.
  - 244_fix_an_occasional_crash_in_GetWindowName_bug-_9798.patch:
    Fixes crash by adding check of XmbTextPropertyToTextList()'s
    return code.
  - 245_regenerated_to_fix_bug_10371.patch:
    Fixes issue where if DRI is disabled, GL_MAX_TEXTURE_COORDS_ARB
    value is not returned correctly from glGetIntegerv().

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/xorg-server
This branch contains Public information 
Everyone can see this information.

Subscribers