xorg-server (1:1.0.2-0ubuntu10.13) dapper-security; urgency=low * Fix multiple security issues: + CVE-2008-2360 - RENDER Extension heap buffer overflow + CVE-2008-2361 - RENDER Extension crash + CVE-2008-2362 - RENDER Extension memory corruption + CVE-2008-1379 - MIT-SHM arbitrary memory read + CVE-2008-1377 - RECORD and Security extensions memory corruption -- Bryce Harrington Wed, 11 Jun 2008 12:19:38 -0700 xorg-server (1:1.0.2-0ubuntu10.12) dapper-proposed; urgency=low * Fix the previous patch to use sig_t instead of sighandler_t. Thanks to Andrew Pollock! (LP: #113679) -- Timo Aaltonen Mon, 26 May 2008 15:03:43 +0300 xorg-server (1:1.0.2-0ubuntu10.11) dapper-proposed; urgency=low * xkb-and-loathing.dpatch: Ignore SIGALRM around calls to Popen()/Pclose() to fix a hang when opening menus in OpenOffice.org. (LP: #113679) -- Timo Aaltonen Thu, 24 Apr 2008 14:49:30 +0300 xorg-server (1:1.0.2-0ubuntu10.10) dapper-security; urgency=low * SECURITY UPDATE: multiple memory corruption flaws. * Re-applied security patches from 1:1.0.2-0ubuntu10.8. * Updated fix_CVE-2007-6429.dpatch: upstream fixes for bbp < 8 crash regressions. * References http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=e9fa7c1c88a8130a48f772c92b186b8b777986b5 -- Kees Cook Fri, 18 Jan 2008 11:59:21 -0800 xorg-server (1:1.0.2-0ubuntu10.9) dapper-security; urgency=low * Revert previous security update since it causes severe regressions. (LP: #183969) -- Timo Aaltonen Fri, 18 Jan 2008 17:42:01 +0200 xorg-server (1:1.0.2-0ubuntu10.8) dapper-security; urgency=low * SECURITY UPDATE: multiple memory corruption flaws. * Added fix_CVE-2007-5958.dpatch: upstream fix from Matthieu Herrb. * Added fix_CVE-2007-5760.dpatch: backported upstream fixes (bbde5b62a137ba726a747b838d81e92d72c1b42b) for XFree86 Misc extension out of bounds array index. * Added fix_CVE-2007-6427.dpatch: backported upstream fixes (dd5e0f5cd5f3a87fee86d99c073ffa7cf89b0a27) for Xinput extension memory corruption. * Added fix_CVE-2007-6428.dpatch: backported upstream fixes (7dc1717ff0f96b99271a912b8948dfce5164d5ad) for TOG-cup extension memory corruption. * Added fix_CVE-2007-6429.dpatch: backported upstream fixes (6de61f82728df22ea01f9659df6581b87f33f11d) for MIT-SHM and EVI extensions integer overflows. * Added fix_CVE-2008-0006.dpatch: backported upstream fixes (8e133d96740d010a4fd969a8188e6e71fb2cafe2) for PCF Font parser buffer overflow. -- Kees Cook Thu, 17 Jan 2008 11:26:41 -0800 xorg-server (1:1.0.2-0ubuntu10.7) dapper-security; urgency=low * SECURITY UPDATE: local root code execution via heap buffer overflow in Composite extension. * Add debian/patches/995_composite_copy_overflow.dpatch: upstream fixes. * References CVE-2007-4730 -- Kees Cook Tue, 18 Sep 2007 11:22:56 -0700 xorg-server (1:1.0.2-0ubuntu10.6) dapper-security; urgency=low * SECURITY UPDATE: arbitrary code execution with root privileges via integer overflows in MISC-XC. * Add debian/patches/994_misc_xc_overflows.dpatch: upstream fixes. * References CVE-2007-1003 -- Kees Cook Thu, 29 Mar 2007 18:18:37 -0700 xorg-server (1:1.0.2-0ubuntu10.5) dapper-security; urgency=low * SECURITY UPDATE: Arbitrary code execution with root privileges via heap overflows in DBE and Render extensions. * Add 'debian/patches/993_ubuntu_dbe-render_overflows.dpatch' from upstream * References CVE-2006-6101 CVE-2006-6102 CVE-2006-6103 -- Kees Cook Mon, 8 Jan 2007 12:32:04 -0800 xorg-server (1:1.0.2-0ubuntu10.4) dapper-updates; urgency=low * Reverted patch 005_pci_domain.dpatch -> breaks PCI setup for many users. This patch will need further work before it is reintegrated into xorg-server again. -- Rodrigo Parra Novo Tue, 22 Aug 2006 11:27:58 +0200 xorg-server (1:1.0.2-0ubuntu10.3) dapper-updates; urgency=low * Added 992_linux_bios_bug_6751.dpatch (Closes Malone #36461) -- Rodrigo Parra Novo Fri, 11 Aug 2006 14:00:07 -0300 xorg-server (1:1.0.2-0ubuntu10.2) dapper-updates; urgency=low * Added 004_xf86dri_byte_swapped_clients.dpatch (Closes Malone #27459) * Added 005_pci_domain.dpatch (Closes Malone #54880) -- Rodrigo Parra Novo Thu, 10 Aug 2006 16:31:53 -0300 xorg-server (1:1.0.2-0ubuntu10.1) dapper-updates; urgency=low * Do actually ship xdmx-tools instead of an empty package. * Apply setuid fix: - Add patch 003_fix_setuid_handling.dpatch. -- Fabio M. Di Nitto Mon, 10 Jul 2006 12:26:29 +0200 xorg-server (1:1.0.2-0ubuntu10) dapper; urgency=low * Backport a fix for Intel bridge handling: debian/patches/002_fix_for_certain_intel_chipsets.patch (Closes Ubuntu: #29880) -- Paul Sladen Sun, 14 May 2006 19:01:32 +0100 xorg-server (1:1.0.2-0ubuntu9) dapper; urgency=low * Add 1680x1050 60 and 85Hz Modelines. Thanks to Bart Verwilst for the data. (Closes Ubuntu: #6096) -- Fabio M. Di Nitto Fri, 05 May 2006 12:38:22 +0200 xorg-server (1:1.0.2-0ubuntu8) dapper; urgency=low * Fix "XCB rendertest crashes server": - Add patch 001-CVE-2006-1526.patch.dpatch. (CVE-2006-1526) -- Fabio M. Di Nitto Wed, 03 May 2006 09:01:09 +0200 xorg-server (1:1.0.2-0ubuntu7) dapper; urgency=low * Ship again xorg.conf(5) (Closes Ubuntu: #33703) -- Fabio M. Di Nitto Mon, 01 May 2006 13:37:40 +0200 xorg-server (1:1.0.2-0ubuntu6) dapper; urgency=low * Fix severe internal memory corruption: - Add patch: 000-fix-read-kernel-mapping.patch.dpatch. (freedesktop bugzilla: #6472) -- Fabio M. Di Nitto Fri, 21 Apr 2006 08:07:33 +0200 xorg-server (1:1.0.2-0ubuntu5) dapper; urgency=low * Fix CPU load when using -sharevts: - Add patch: 991_sharevts-load-cpu.patch (Thanks for the initial patch to Michael Witrant) (Closes Ubuntu: #33611) -- Fabio M. Di Nitto Mon, 10 Apr 2006 13:30:26 +0200 xorg-server (1:1.0.2-0ubuntu4) dapper; urgency=low * Fix SecurityPolicy path to /etc/X11/xserver/SecurityPolicy and ship an example. NOTE: this file is NOT installed by default, the WARNING you see in Xorg.0.log is an harmless WARNING. Add patch: 990_ubuntu_fix_security_policy_path.patch. (Close Ubuntu: #31608) * Readd manpages to the different packages. * Ship again ioport, gtf, pcitweak and scanpci. (Closes Ubuntu: #37720) -- Fabio M. Di Nitto Tue, 04 Apr 2006 16:33:00 +0200 xorg-server (1:1.0.2-0ubuntu3) dapper; urgency=low * What about shipping xorg-server.m4 to make developer life easier? -- Fabio M. Di Nitto Thu, 23 Mar 2006 10:32:55 +0100 xorg-server (1:1.0.2-0ubuntu2) dapper; urgency=low * xserver-xorg-dev Depends: x11proto-randr-dev. (Closes Ubuntu: #35594) -- Fabio M. Di Nitto Wed, 22 Mar 2006 08:09:46 +0100 xorg-server (1:1.0.2-0ubuntu1) dapper; urgency=low * New upstream release: - Drop patches: + CVE-2006-0745 + add-missing-sparc-include + fix-backtrace + fix-crash-on-null-addr * UVF execption granted by mdz. -- Fabio M. Di Nitto Tue, 21 Mar 2006 05:39:01 +0100 xorg-server (1:1.0.1-0ubuntu8) dapper; urgency=low * [SECURITY] Fix CVE-2006-0745. -- Fabio M. Di Nitto Tue, 21 Mar 2006 05:33:50 +0100 xorg-server (1:1.0.1-0ubuntu7) dapper; urgency=low * debian/control: - xvfb Depends on xfonts-base too, fix pointed by fabbione -- Sebastien Bacher Fri, 3 Mar 2006 22:21:56 +0100 xorg-server (1:1.0.1-0ubuntu6) dapper; urgency=low * debian/control: - xvfb Depends on xauth instead of Recommends it -- Sebastien Bacher Fri, 17 Feb 2006 16:39:49 +0100 xorg-server (1:1.0.1-0ubuntu5) dapper; urgency=low * Add missing include on sparc. Fix FTBFS. -- Fabio M. Di Nitto Wed, 01 Feb 2006 13:45:41 +0100 xorg-server (1:1.0.1-0ubuntu4) dapper; urgency=low * Backport from upstream HEAD at Daniel's request: - Add forgotten HAVE_BACKTRACE define, so that we actually get backtraces when Xorg segfaults. -- Colin Watson Fri, 27 Jan 2006 13:47:56 +0000 xorg-server (1:1.0.1-0ubuntu3) dapper; urgency=low * Depend on x11-common rather than xorg-common and xserver-common -- Tollef Fog Heen Wed, 18 Jan 2006 17:13:12 +0100 xorg-server (1:1.0.1-0ubuntu2) dapper; urgency=low * Add flex to build-deps, fixing FTBFS. -- Tollef Fog Heen Wed, 18 Jan 2006 12:34:03 +0100 xorg-server (1:1.0.1-0ubuntu1) dapper; urgency=low * New upstream release. -- Daniel Stone Fri, 6 Jan 2006 08:00:52 +1100 xorg-server (1:1.0.0-0ubuntu1) dapper; urgency=low * New upstream release. + fbCompositeGeneral is now around 97.3% less stuffed (closes: Ubuntu#20286). + 'Fix' mouse issues in the DIX by adding XFree86Server defines (sigh; closes: Ubuntu#20200). + Fix Emulate3Buttons mouse posting (closes: Ubuntu#11308). * Bump Build-Depends on libxt-dev (appdefaultdir), libdrm-dev (libdrm2), and mesa-swrast-source (new files). * Add --with-fontdir and scotch --with-default-font-path to fix font paths for non-Xorg servers (closes: Ubuntu#20157). * Fix path to SecurityPolicy and RGB_DB. * Move update-linux-hardened-support call to xserver-xorg-core postinst (from xserver-xorg postinst). * Add patch to os/access.c so we don't crash on a null-addressed interface (closes: Ubuntu#20414). -- Daniel Stone Tue, 13 Dec 2005 07:27:13 +1100 xorg-server (1:0.99.3-0ubuntu6) dapper; urgency=low * Fix xserver-xorg-dev Depends field to only depend on the headers this this package actually uses. * Re-add xvfb-run to xfvb (closes: Ubuntu#20157). -- Daniel Stone Mon, 5 Dec 2005 15:04:14 +1100 xorg-server (1:0.99.3-0ubuntu5) dapper; urgency=low * Add -ffunction-sections where needed * Depend: xserver-common: needed for dexconf and /usr/X11R6/bin/X -- LaMont Jones Sat, 26 Nov 2005 05:15:36 +0000 xorg-server (1:0.99.3-0ubuntu4) dapper; urgency=low * Add two more dependencies to build the other half of the video drivers: - x11proto-xext-dev, x11proto-video-dev -- Adam Conrad Fri, 25 Nov 2005 02:36:44 +1100 xorg-server (1:0.99.3-0ubuntu3) dapper; urgency=low * Add a few dependencies to xorg-server-dev as the path of least resistance to get all the various input and video drivers to build again: - For the video drivers: x11proto-randr-dev, x11proto-render-dev, x11proto-fonts-dev, x11proto-xf86dri-dev, libdrm-dev - For the input drivers: x11proto-core-dev, x11proto-input-dev, x11proto-randr-dev (why do input drivers want randr?) -- Adam Conrad Thu, 24 Nov 2005 18:51:25 +1100 xorg-server (1:0.99.3-0ubuntu2) dapper; urgency=low * Add missing libfreetype6-dev build-depends. -- Daniel Stone Thu, 24 Nov 2005 10:26:44 +1100 xorg-server (1:0.99.3-0ubuntu1) dapper; urgency=low * New upstream release. -- Daniel Stone Mon, 21 Nov 2005 14:13:41 +1100 xorg-server (1:0.99.2+cvs.20051025-3) dapper; urgency=low * Version mesa-swrast-source Build-Dep to 6.4.0 or higher, so GLcore is a little less crash-happy (e.g. when moving your glxgears window). * Export /usr/share/xserver-xorg/serverabiver to xserver-xorg-dev, which describes the relationship needed from a driver on xserver-xorg-core. -- Daniel Stone Fri, 28 Oct 2005 13:00:26 +1000 xorg-server (1:0.99.2+cvs.20051025-2) dapper; urgency=low * Add Build-Deps on libxaw7-dev, libxmu-dev, libxt-dev, libxpm-dev, libx11-dev, libxtst-dev, and libxres-dev for DMX utils. -- Daniel Stone Wed, 26 Oct 2005 14:34:40 +1000 xorg-server (1:0.99.2+cvs.20051025-1) dapper; urgency=low * Update to new upstream version. * All applicable patches have been committed upstream, bar #989 and #990. -- Daniel Stone Thu, 20 Oct 2005 10:26:33 +1000 xorg-server (1:0.99.0+cvs.20050901-1) breezy; urgency=low * First xorg-server release. -- Daniel Stone Wed, 6 Jul 2005 15:48:17 +1000