lp:ubuntu/lucid-updates/xorg-server

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

191. By Marc Deslauriers on 2013-04-11

* SECURITY UPDATE: input event leak via inactive VT
  - debian/patches/CVE-2013-1940.patch: fix flush input to work with
    Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
  - CVE-2013-1940

190. By Jose Plans on 2012-02-22

Add 209_fixes-crash-XIQueryDevice.patch fixing a crash in XIQueryDevice
which calls strlen on a NULL pointer.
(LP #933745)

189. By Marc Deslauriers on 2011-10-20

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect input sanitization
  - debian/patches/207_CVE-2010-4818.patch: updated with missing
    commit to fix regression.
  - CVE-2010-4818

188. By Marc Deslauriers on 2011-10-19

SECURITY REGRESSION: disable 207_CVE-2010-4818.patch for now.

187. By Marc Deslauriers on 2011-10-14

* SECURITY UPDATE: file existence disclosure
  - debian/patches/205_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
    in os/utils.c.
  - CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
  - debian/patches/206_CVE-2011-4029.patch: use fchmod to prevent race
    in os/utils.c.
  - CVE-2011-4029
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect input sanitization
  - debian/patches/207_CVE-2010-4818.patch: validate sizes and arguments
    in glx/{glxcmds,glxcmdsswap,xfont}.c.
  - CVE-2010-4818
* SECURITY UPDATE: denial of service or possible memory leak
  - debian/patches/208_CVE-2010-4819.patch: protect against bad nglyphs
    in render/render.c.
  - CVE-2010-4819

186. By Bryce Harrington on 2010-04-22

* Drop 117_fix_crash_with_createglyphset.patch
  - Dupe of patch 110
* Drop 03_fedora_glx_versioning.diff, 04_fedora_glx14-swrast.diff
  - These patches were brought in by Debian to provide glx 1.4 support
    which Fedora backported from xserver 1.8, however testing in
    Ubuntu showed they caused a crash when closing Clutter apps (#550218),
    and graphics corruption when opening windows. Dropping these patches
    returns us to GLX 1.2, which has been found to be stable; Debian has
    also dropped these two patches.
    (Fixes #565903).
* Drop 114_dri2_make_sure_x_drawable_exists.patch
  - This was an early attempt by upstream which fixed the aforementioned
    Clutter crash, but which introduced a memory leak.
    (Fixes #565981)

185. By Bryce Harrington on 2010-04-15

Update patches in previous upload to fix FTBS issue.

184. By Bryce Harrington on 2010-04-14

* Add several cherrypicks of fixes from upstream git tree which fix various
  issues and that look safe with low or no risk of regression.
  + 115_xext_fix_cursor_ref_counting.patch: Xext: Fix cursor reference
    counting hazard.
  + 116_fix_typos_in_swap_functions.patch: Fixes typos in several of the
    glxcmdsswap routines.
  + 117_fix_crash_with_createglyphset.patch: Fixes crash introduced in
    FindGlyphsByHash() if one client disconnects while a second is in
    the middle of doing certain Glyph operations.
  + 118_xkb_fix_garbage_init.patch: Fixes typo that can cause garbage
    bits to get appended on the xkbControlsNotify changedControls mask
    because it was uninitialized on the stack.

183. By Alexander Sack on 2010-04-12

add support for omapfb to 111_armel-drv-fallbacks.patch

182. By Bryce Harrington on 2010-03-31

[Bryce Harrington]
* Add 113_quell_nouveau_aiglx.patch: Don't emit error message about
  AIGLX on nouveau. 3D is not supported yet on -nouveau so this error
  message serves only to confuse bug reporters.
  (LP: #529590)

[Robert Sarvatt]
* Add 114_dri2_make_sure_x_drawable_exists.patch: Makes sure
  a corresponding X drawable exists before trying to use it, fixing
  xserver segfaults under DRI2 when closing down GLX apps.
  (LP: #550218)