lp://staging/ubuntu/natty-security/xorg-server

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/natty-security/xorg-server
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

216. By Marc Deslauriers

* SECURITY UPDATE: file existence disclosure
  - debian/patches/505_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
    in os/utils.c.
  - CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
  - debian/patches/506_CVE-2011-4029.patch: use fchmod to prevent race
    in os/utils.c.
  - CVE-2011-4029

215. By Timo Aaltonen

Merge from Debian experimental (LP: #757972)

214. By Timo Aaltonen

* Merge from Debian experimental.
  - dropped patches, included upstream:
    213_xichangehierarchy-check-oom.patch
    216_fix_sdksyms_build.diff, included upstream.
    218_getValuatorEvents_cleanup.patch
    219_xi1_handle_noncontinuous_valuator_data.patch

213. By Bryce Harrington

[ Bryce Harrington ]
* patches/111_armel-drv-fallbacks.patch: Always fallback to -fbdev,
  not just when no other X driver matches. (Thanks jcristau)

[ Chase Douglas ]
* Fix jumpy cursor in XI 1.x applications.
  (LP: #736500)
  - Added 218_getValuatorEvents_cleanup.patch
  - Added 219_xi1_handle_noncontinuous_valuator_data.patch

212. By Bryce Harrington

[Chase Douglas]
* patches/500_xi2.1.patch: Process ownership properly when activating an
  async passive grab (LP: #733483)

[Bryce Harrington]
* 217_revert_bgnonevisitwindow.patch: Cherrypick from upstream. Drops
  recent change that inhibits drawing backfill for non-bg-None windows.
  This causes a regression on -ati (at least) where menus and other
  windows display graphical corruption briefly.
  (LP: #726807)

211. By Chris Halse Rogers

* Update to new upstream final release.
  + Drop 16-construct-paths-in-doxygen.conf.diff; included in new upstream.
* debian/patches/216_fix_sdksyms_build.diff:
  + Cherry-pick from 1.10 branch, fixing the stale sdksyms.c file picked up
    in the udeb build, causing the udeb build to fail with missing symbols.
* Merge from unreleased Debian experimental. Remaining Ubuntu changes:
  - rules:
    + Disable SELinux, libaudit-dev is not in main yet. (LP #406226)
    + Enable xcsecurity. (LP #247537)
    + Add --with-extra-module-dir to support GL alternatives.
    + Mention Ubuntu support in builderstring rather than package uploader's
      email address.
  - control:
    + Xvfb depends on xauth, x11-xkb-utils. (LP #500102)
    + Add breaks for incompatible drivers. (LP #614993)
    + Drop libaudit-dev from build-deps.
    + Build-depend on newer mesa to pick up DRI search paths variable.
    + Bump dependency on x11proto-input-dev for Xi 2.1
    + Drop linux-any specifier to make pbuilder less narky.
    + Bump build-depends on mesa-common-dev to pick up dri.pc DRI search
      paths change for 214_glx_dri_searchdirs.patch
  - local/xvfb-run*: Add correct docs about error codes. (LP #328205)
  - debian/patches:
    + 100_rethrow_signals.patch:
      When aborting, re-raise signals for apport
    + 105_nvidia_fglrx_autodetect.patch:
      Load proprietary drivers automatically when installed.
    + 109_fix-swcursor-crash.patch:
      Avoid dereferencing null pointer while reloading cursors during
      resume. (LP #371405)
    + 111_armel-drv-fallbacks.patch:
      Add support for armel driver fallbacks.
    + 121_only_switch_vt_when_active.diff:
      Add a check to prevent the X server from changing the VT when killing
      GDM from the console.
    + 122_xext_fix_card32_overflow_in_xauth.patch:
      Fix server crash when “xauth generate” is called with large timeout.
    + 157_check_null_modes.patch, 162_null_crtc_in_rotation.patch,
      166_nullptr_xinerama_keyrepeat.patch, 167_nullptr_xisbread.patch
      172_cwgetbackingpicture_nullptr_check.patch:
      Fix various segfaults in xserver by checking pointers for NULL
      values before dereferencing them.
    + 165_man_xorg_conf_no_device_ident.patch
      Correct man page
    + 168_glibc_trace_to_stderr.patch:
      Report abort traces to stderr instead of terminal
    + 184_virtual_devices_autodetect.patch:
      Use vesa for qemu device, which is not supported by cirrus
    + 188_default_primary_to_first_busid.patch:
      Pick the first device and carry on (LP #459512)
    + 190_cache-xkbcomp_output_for_fast_start_up.patch:
    + 191-Xorg-add-an-extra-module-path.patch:
      Add support for the alternatives module path.
    + 198_nohwaccess.patch:
      Adds a -nohwaccess argument to make X not access the hardware
      ports directly.
    + 200_randr-null.patch:
      Clarify a pointer initialization.
    + 206_intel_8xx_default_to_fbdev.patch:
      Makes 8xx class intel GPUs default to fbdev for stability. (LP #633593)
    + 208_switch_on_release.diff:
      Switch keyboard layouts on key-release rather than key-press
 (LP #36812)
    + 209_add_legacy_bgnone_option.patch:
      Add -nr as a synonym for -background none until all ?DM are updated for
 the new option.
    + 210_pixman_null_ptr_check.patch:
      Catch NULL pointer access after pixman_image_create_bits() failure
 (LP #705078)
    + 213_xichangehierarchy-check-oom.patch:
      Add NULL pointer check for out-of-memory conditions. (LP #720445)
    + 214_glx_dri_searchdirs.patch:
      Search in same paths as mesa for DRI drivers for AIGLX so we can handle
      UMS fallback for radeon gracefully.
    + 215_glx_drawable_refcounting.diff:
      Prevents segfault on logout and server regenerate, and possibly other
      times. (LP #711422)
    + 500_xi2.1.patch:
    + 501_xf86CoordinatesToWindow.patch:
    + 502_gestures-extension.patch:
      Add Xi 2.1 and Gesture extension support.
* debian/serverminver:
  - Bump to 1.10.0-0ubuntu1~ for Xi 2.1 ABI
* New upstream release fixes crash in Record, trigerred by x11vnc
  (LP: #525066)
* Refresh 500_xi2.1.patch for new upstream version
* debian/videoabiver:
  - Bump to 10 for XRandR 1.4 revert.

210. By Chase Douglas

[ Timo Aaltonen ]
* Remove 169_mipointer_nullptr_checks.patch, fixed in another way
  upstream since 1.6.1.901.

[ Chase Douglas ]
* Cancel touch clients if emulated button press is delivered.
  (LP: #725191)
* Check slave device touch selection mask during implicit grab.
  (LP: #725241)
* Cancel slave touch selections when attached to master device.
  (LP: #723904)
* Check for touch selections only when there are active clients.
  (LP: #723900)
* Prevent pointer motion when more than one touch on touchpad.
  (LP: #730881)

[ Bryce Harrington ]
* Drop specification for linux-any. Breaks pbuilder test builds.

209. By Chris Halse Rogers

[ Christopher James Halse Rogers ]
* Merge from Debian experimental. Remaining Ubuntu changes:
  - rules:
    + Disable SELinux, libaudit-dev is not in main yet. (LP #406226)
    + Enable xcsecurity. (LP #247537)
    + Add --with-extra-module-dir to support GL alternatives.
    + Mention Ubuntu support in builderstring rather than package uploader's
      email address.
  - control:
    + Xvfb depends on xauth, x11-xkb-utils. (LP #500102)
    + Add breaks for incompatible drivers. (LP #614993)
    + Drop libaudit-dev from build-deps.
    + Build-depend on newer mesa to pick up DRI search paths variable.
  - local/xvfb-run*: Add correct docs about error codes. (LP #328205)
  - debian/patches:
    + 100_rethrow_signals.patch:
      When aborting, re-raise signals for apport
    + 105_nvidia_fglrx_autodetect.patch:
      Load proprietary drivers automatically when installed.
    + 109_fix-swcursor-crash.patch:
      Avoid dereferencing null pointer while reloading cursors during
      resume. (LP: #371405)
    + 111_armel-drv-fallbacks.patch:
      Add support for armel driver fallbacks.
    + 121_only_switch_vt_when_active.diff:
      Add a check to prevent the X server from changing the VT when killing
      GDM from the console.
    + 122_xext_fix_card32_overflow_in_xauth.patch:
      Fix server crash when “xauth generate” is called with large timeout.
    + 157_check_null_modes.patch, 162_null_crtc_in_rotation.patch,
      166_nullptr_xinerama_keyrepeat.patch, 167_nullptr_xisbread.patch
      169_mipointer_nullptr_checks.patch,
      172_cwgetbackingpicture_nullptr_check.patch:
      Fix various segfaults in xserver by checking pointers for NULL
      values before dereferencing them.
    + 165_man_xorg_conf_no_device_ident.patch
      Correct man page
    + 168_glibc_trace_to_stderr.patch:
      Report abort traces to stderr instead of terminal
    + 184_virtual_devices_autodetect.patch:
      Use vesa for qemu device, which is not supported by cirrus
    + 188_default_primary_to_first_busid.patch:
      Pick the first device and carry on (LP: #459512)
    + 190_cache-xkbcomp_output_for_fast_start_up.patch:
    + 191-Xorg-add-an-extra-module-path.patch:
      Add support for the alternatives module path.
    + 198_nohwaccess.patch:
      Adds a -nohwaccess argument to make X not access the hardware
      ports directly.
    + 200_randr-null.patch:
      Clarify a pointer initialization.
    + 206_intel_8xx_default_to_fbdev.patch:
      Makes 8xx class intel GPUs default to fbdev for stability. (LP: #633593)
    + 208_switch_on_release.diff:
      Switch keyboard layouts on key-release rather than key-press
 (LP #36812)
    + 209_add_legacy_bgnone_option.patch:
      Add -nr as a synonym for -background none until all ?DM are updated for
 the new option.
    + 210_pixman_null_ptr_check.patch:
      Catch NULL pointer access after pixman_image_create_bits() failure
 (LP #705078)
    + Add 213_xichangehierarchy-check-oom.patch:
      Add NULL pointer check for out-of-memory conditions. (LP #720445)
    + debian/patches/214_glx_dri_searchdirs.patch:
      Search in same paths as mesa for DRI drivers for AIGLX so we can handle
      UMS fallback for radeon gracefully.
* 211_glx_fix_bindtextimageext_length_check.patch:
* 212_fix_request_length_check_for_createglxpbuffersgix.patch:
  - Drop; these cherry-picks are included in 1.10RC2
* debian/patches/214_glx_dri_searchdirs.patch:
  - Fix nouveau check to downgrade missing DRI error messages to info.
    We don't support nouveau's 3D, so let's not complain too strenuously
    when it's not installed.
* debian/patches/215_glx_drawable_refcounting.diff:
  - Refcount GLXDrawables to avoid use-after-free crashes. Patch from
    xorg-devel mailing list. Prevents segfault on logout and server
    regenerate, and possibly other times. (LP: #711422)
* 214_glx_dri_searchdirs.patch:
  - Fix dlclose/free snafu. (LP: #722563)
* debian/inputabiver:
* debian/videoabiver:
* debian/xserver-xorg-dev.install
  - Temporarily re-add these to xserver-xorg-dev so we don't need to merge
    all the driver changes from Debian en masse. These should be dropped
    once all drivers have been merged from Debian, and certainly in Natty+1.
* debian/serverminver:
  - Include 2ubuntu1 string; Xi 2.1 bumps the minor input ABI, so drivers
    built against it need the Xi 2.1 patched server.

[ Timo Aaltonen ]
* debian/patches/216_dix-valuator-count-of-0-is-valid.diff:
  - For all but motion and proximity events, having no valuators is ok.
    Regression from 1.9, keyboard events are not converted to protocol
    events. (LP: #714696)

[ Chase Douglas ]
* Add in preliminary xi2.1 support
  - Added 500_xi2.1.patch
  - Moved 202_xf86CoordinationsToWindows.patch to
    501_xf86CoordinatesToWindow.patch
  - Moved 203_gestures-extension.patch to 502_gestures-extension.patch
  - Bump dependency on x11proto-input for xi 2.1

208. By Chris Halse Rogers

* debian/patches/214_glx_dri_searchdirs.patch:
  - Search for DRI drivers for AIGLX in the same set of directories as mesa.
    Allows us to fall back to the classic radeon drivers when KMS is not
    available.
* debian/rules:
  - --disable-builddocs → --disable-devel-docs to match upstream rename.
    Makes local builds faster and less prone to doxygen errors.
* debian/control:
  - Bump build-depends on mesa to pick up new drisearchdirs variable in
    dri.pc

207. By Bryce Harrington

Add 213_xichangehierarchy-check-oom.patch: Another NULL pointer check
for out-of-memory conditions, this time leading to a segfault in an
unchecked calloc in XISendDeviceHierarchyEvent().
(LP: #720445)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/precise/xorg-server
This branch contains Public information 
Everyone can see this information.

Subscribers