lp:ubuntu/maverick-security/xorg-server

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

201. By Marc Deslauriers on 2011-10-20

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect input sanitization
  - debian/patches/212_CVE-2010-4818.patch: updated with missing
    commit to fix regression.
  - CVE-2010-4818

200. By Marc Deslauriers on 2011-10-14

* SECURITY UPDATE: file existence disclosure
  - debian/patches/210_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
    in os/utils.c.
  - CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
  - debian/patches/211_CVE-2011-4029.patch: use fchmod to prevent race
    in os/utils.c.
  - CVE-2011-4029
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect input sanitization
  - debian/patches/212_CVE-2010-4818.patch: validate sizes and arguments
    in glx/{glxcmds,glxcmdsswap,xfont}.c.
  - CVE-2010-4818

199. By Michael Vogt on 2010-09-16

* debian/control:
  - Tweak the breaks/conflicts for the virtual xserver-xorg-input
    breaks to help apt in lucid deal with the upgrade.
    With the apt in maverick this will be no longer needed ((LP: #614993)

198. By Chris Halse Rogers on 2010-09-13

[ Chase Douglas ]
* Fix udev USB product ID parsing (LP: #628214)
  - debian/patches:
    + 205_udev-product-ids.patch

[ Christopher James Halse Rogers ]
* debian/patches/206_intel_8xx_default_to_fbdev.patch:
  - Don't autoload the intel driver on i830, i845g and i855. These are
    still too unstable with KMS/GEM. X will autoload the fbdev driver
    (if using KMS) or the vesa driver instead. (LP: #633593)

197. By Michael Vogt on 2010-09-08

* debian/control:
  - fix duplicated breaks for xserver-xorg-video-v4l

196. By Michael Vogt on 2010-08-31

* debian/control:
  - add more "breaks" for leftover drivers that have no
    xserver 1.9 abi version, thanks to Jean-Baptiste Lallement
    (LP: #614993)

195. By Michael Vogt on 2010-08-31

* debian/control:
  - add additional breaks for video drivers that have no ABI for
    xserver 1.9 (LP: #614993)
  - merge the "breaks" list from the debian git tree

194. By Michael Vogt on 2010-08-30

* debian/control:
  - add explict breaks from xserver-xorg-core against
    xserver-xorg-video-v4l (<< 1:0.2.0-4ubuntu1) to ensure that
    upgrades with universe disabled work (LP: #614993)

193. By Chris Halse Rogers on 2010-08-24

* Merge from (unreleased) Debian experimental. Remaining Ubuntu changes:
  - rules, control:
    + Disable SELinux, libaudit-dev is not in main yet (LP 406226).
      Drop libaudit-dev from build-deps.
  - rules: Enable xcsecurity (LP 247537).
  - local/xvfb-run*: Add correct docs about error codes (LP 328205)
  - rules: Add --with-extra-module-dir to support GL alternatives.
  - control: Xvfb depends on xauth, x11-xkb-utils. (LP 500102)
  - rules, local/64-xorg-xkb.rules: Don't use keyboard-configuration
    until it's available.
  - control: Update some versioned Breaks for Ubuntu versions.
  - debian/patches:
    + 100_rethrow_signals.patch:
      When aborting, re-raise signals for apport
    + 109_fix-swcursor-crash.patch:
      Avoid dereferencing null pointer while reloading cursors during
      resume. (LP 371405)
    + 111_armel-drv-fallbacks.patch:
      Add support for armel driver fallbacks.
    + 121_only_switch_vt_when_active.diff:
      Add a check to prevent the X server from changing the VT when killing
      GDM from the console.
    + 122_xext_fix_card32_overflow_in_xauth.patch:
      Fix server crash when “xauth generate” is called with large timeout.
    + 157_check_null_modes.patch, 162_null_crtc_in_rotation.patch,
      166_nullptr_xinerama_keyrepeat.patch, 167_nullptr_xisbread.patch
      169_mipointer_nullptr_checks.patch,
      172_cwgetbackingpicture_nullptr_check.patch:
      Fix various segfaults in xserver by checking pointers for NULL
      values before dereferencing them.
    + 165_man_xorg_conf_no_device_ident.patch
      Correct man page
    + 168_glibc_trace_to_stderr.patch:
      Report abort traces to stderr instead of terminal
    + 184_virtual_devices_autodetect.patch:
      Use vesa for qemu device, which is not supported by cirrus
    + 187_edid_quirk_hp_nc8430.patch:
      Quirk for another LPL monitor (LP 380009)
    + 188_default_primary_to_first_busid.patch:
      Pick the first device and carry on (LP 459512)
    + 189_xserver_1.5.0_bg_none_root.patch:
      Create a root window with no background.
    + 190_cache-xkbcomp_output_for_fast_start_up.patch:
      Cache keyboard settings.
    + 191-Xorg-add-an-extra-module-path.patch:
      Add support for the alternatives module path.
    + 197_xvfb-randr.patch:
      Adds xrandr support to xvfb. (LP 516123)
    + 198_nohwaccess.patch:
      Adds a -nohwaccess argument to make X not access the hardware
      ports directly.
    + 200_randr-null.patch:
      Clarify a pointer initialization.
    + 203_gestures-extension.patch:
    + 202_xf86CoordinationsToWindows.patch:
      Add gesture extension support (LP: 616678)
    + debian/serverminver:
      Bump for gesture support
* New upstream release:
  - Fixes crash in DamageUnregister on session close (LP: #343694)
  - Fixes crash with extremely large windows exposed by xpdf (Closes: #320627)
* Drop 17-fix-DRI2-segfault-when-clientGone.diff: fixed upstream in more
  generality.
* debian/patches/204_fix-neg-sync-transition.patch:
  - Fix edge case in SYNC extension resulting in GNOME screensaver's
    fade-to-screensaver being uninteruptible. (LP: #595555)

192. By Chase Douglas on 2010-08-20

Bump debian/serverminver for gesture support