[ANNOUNCE] xorg-server

Keith Packard keithp at keithp.com
Fri Jan 23 19:52:38 PST 2015

Ok, here's what I think we should release as 1.17. I plan on doing that
in a few days (Monday? Tuesday?), unless there's some good reason not
to. Let me know if there's some critical (i.e. crashing) fixes that I've
missed somehow. And, again, I think we can run a shorter 1.18 cycle,
given the pent-up list of fixes.

Sorry for not getting this wrapped up sooner. Turns out that switching
employers takes a bunch of time, especially if you're also busy enjoying
the sunshine in New Zealand.


Aaron Plattner (2):
      xfree86: Bump ABI versions (video: 19, extension: 9)
      os: "Server terminated successfully" is not an error

Adam Jackson (17):
      mi: Fix regression in arc drawing
      render: fix ChangePicture when Xinerama is active (v2) (#49170)
      glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]
      glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]
      glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]
      glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]
      glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]
      glx: Integer overflow protection for non-generated render requests (v3) [CVE-2014-8093 5/6]
      glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]
      glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8098 4/8]
      glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]
      glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8]
      glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]
      glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]
      glx: Dynamically compute attribute slot in GetDrawableAttributes
      glx: Add hack for GLX-1.2-style naked windows to GetDrawableAttributes
      dix: make RegionInit legal C++

Alan Coopersmith (22):
      Add -iglx & +iglx to Xserver.man
      unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]
      dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]
      dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]
      dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
      dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]
      dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]
      dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]
      Xi: unvalidated lengths in Xinput extension [CVE-2014-8095]
      xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]
      Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]
      dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103 1/2]
      present: unvalidated lengths in Present extension procs [CVE-2014-8103 2/2]
      randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]
      render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100 2/2]
      xfixes: unvalidated length in SProcXFixesSelectSelectionInput [CVE-2014-8102]
      Add request length checking test cases for some Xinput 1.x requests
      Add request length checking test cases for some Xinput 2.x requests
      Add REQUEST_FIXED_SIZE testcases to test/misc.c
      Solaris: delete undocumented, unuseful -protect0 flag
      Move RTLD_DI_SETSIGNAL code into a separate block to quiet warning
      Solaris: Move shared declarations to xf86_OSlib.h

Axel Davy (1):
      Fix present_notify to return right away when querying current or past msc.

Carl Worth (1):
      os/xsha1.c: Add license and copyright attribution.

Carlos Olmedo Escobar (1):
      Avoid possible null pointer dereference.

Carlos Sánchez de La Lama (1):
      randr: swap num-preferred field on RRGetOutputInfo reply

Chris Wilson (1):
      dri2: SourceOffloads may be for DRI3 only

Colin Harrison (1):
      hw/xwin: Don't allocate one wchar_t too much for unicode text placed on the Windows clipboard

Daniel Martin (5):
      config/udev: Prefix and shift "removing GPU" message
      modesetting: Move Bool glamor into drmmode struct
      modesetting: Create new EGL screen in drmmode_xf86crtc_resize
      modesetting: Fix ifdefs s/HAVE_UDEV/CONFIG_UDEV_KMS/
      modesetting: Remove unused params from drmmode_output_init()

Dave Airlie (2):
      glamor: Add an accessor for the GBM device.
      glamor: use screen blockhandler rather than dix one (v3)

Dima Ryazanov (1):
      Fix "Back", "Forward", and other special mouse buttons in XWayland.

Jason Ekstrand (4):
      modesetting: Refactor drmmode_glamor_new_screen_pixmap
      modesetting: Add drmmode_bo_has_bo and drmmode_bo_map helper function
      modesetting: Add support for using RandR shadow buffers
      modesetting: Return the crtc for a drawable even if it's rotated

Jasper St. Pierre (1):
      modesetting: Update the cursor without hiding it

John Hunter (1):
      fix an annotation mistake

Jon TURNEY (11):
      hw/xwin: Remove some redundant clipboard externs, now defined in winglobals.h
      hw/xwin: In SelectionNotify, delete the property containing returned data after we have retrieved it
      hw/xwin: In SelectionNotify, don't pointlessly retrieve just the size of the property
      hw/xwin: Retrieve TARGETS to avoid unnecessary failing conversion attempts
      hw/xwin: Add controls for enabling/disabling monitoring of PRIMARY selection
      hw/xwin: Improve reliability of clipboard X->Windows pastes
      hw/xwin: Fix clipboard thread restart
      hw/xwin: Fix hang on shutdown when we own the clipboard.
      Revert "glx: Simplify glXDestroyContext"
      glx: Flush context which is being made non-current due to drawable going away
      glx: Fix crash when a client exits without deleting GL contexts

Julien Cristau (2):
      render: check request size before reading it [CVE-2014-8100 1/2]
      glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8]

Keith Packard (17):
      glamor: Don't insert fbos from external objects into fbo cache
      glamor: Always destroy EGL image associated with destroyed pixmap
      glamor: Remove redundant reference to screen pixmap EGL image
      glamor: Free existing EGL image when assigning new one
      dbe: Call to DDX SwapBuffers requires address of int, not unsigned int [CVE-2014-8097 pt. 2]
      glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt. 9]
      Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
      dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]
      modesetting: [v2] Don't re-enable the cursor when loading the image
      modesetting: Enable Xv when using glamor
      modesetting: Fix damage tracking auto-disable code
      modesetting: Detect whether damage tracking is needed
      glamor: Fix nlines in glamor_xv_put_image when src_y is odd
      dix: Allow zero-height PutImage requests
      doc: Create a script to filter xmlto output
      drivers/modesetting: Save current BlockHandler on return in msBlockHandler
      Update to version

Kenneth Graunke (13):
      modesetting: Stop using glamor_egl_create_textured_screen_ext().
      modesetting: Move ModifyPixmapHeader calls out of if/else branches.
      modesetting: Create helper for glamor_egl_create_textured_screen call.
      modesetting: Move dumb_bo into its own source files.
      modesetting: Drop dumb_bo::map_count field and dead unmap code.
      modesetting: Create a drmmode_bo wrapper; use it for front_bo.
      modesetting: Use GBM for buffer allocations if Glamor supports it.
      present: If present_queue_vblank() fails, do present_execute().
      modesetting: Track the CRTC's DPMS mode.
      modesetting: Check DPMS mode in ms_covering_crtc().
      modesetting: Include glamor.h from driver.h.
      modesetting: Add vblank synchronization support when using Present.
      modesetting: Fix build with --disable-glamor.

Mario Kleiner (2):
      present: Avoid crashes in DebugPresent(), a bit more info.
      present: Fix use of vsynced pageflips and honor PresentOptionAsync. (v4)

Markus Wick (1):
      xwayland: Set glamor filter to nearest

Michel Dänzer (8):
      glamor: Reinstate glamor_(egl_)destroy_textured_pixmap
      glamor: Fix use-after-free in glamor_destroy_textured_pixmap
      glamor: Make glamor_set_pixmap_private not crash if the pixmap has no fbo
      glamor: Make glamor_destroy_textured_pixmap idempotent
      glamor: Make sure glamor_egl_close_screen wraps glamor_close_screen
      glamor: Call glamor_pixmap_destroy_fbo from glamor_set_pixmap_private
      glamor: Make glamor_purge_fbo static
      glamor: Make sure Xvideo source image data is properly aligned

Michele Baldessari (2):
      ephyr: Implement per-screen colormaps
      ephyr: Implement per-screen colormaps

Neil Roberts (1):
      glx: Add implementation of __GLXContext->loseCurrent for direct ctxts

Olivier Fourdan (3):
      Remove explicit dependency on $(WAYLAND_LIBS)
      Fix subwindow in Xi emulated events
      Synchronize capslock in Xnest and Xephyr

Peter Harris (1):
      Fix overflow of ConnectionOutput->size and ->count

Peter Hutterer (13):
      include: fix compiler warning about casting int to uint16_t
      include: fix documentation for list.h
      include: change RegionSize() to take a size_t
      Xext: fix clang compiler warning
      xfree86: drop double-typedef of DBusConnection
      xwayland: declare fatal log handler as noreturn
      dix: silence compiler warning
      dix: silence compiler warning comparing CARD32 to -1
      Drop trailing whitespaces
      mi: fix documentation for miPointerSetPosition
      dix: offset touch root coordinates by ScreenRec origins (#86655)
      xfree86: rename Xorg.bin to Xorg
      mi: fix accidental x/y coordinate swap

Robert Morell (1):
      glx: Fix mask truncation in __glXGetAnswerBuffer [CVE-2014-8093 6/6]

Thierry Reding (1):
      xv: Add missing gcstruct.h include

git tag: xorg-server-

MD5:  18e5d1dc739e657c785eed848b66ae2a  xorg-server-
SHA1: a505f971b60e954d72770218de9938c70f557941  xorg-server-
SHA256: b25ec3a920d5a7f49ed3c44ec3a2189c333afc974eec6518839a14b968376115  xorg-server-
PGP:  http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-

MD5:  da1471e29ed2b61d9d8b9ccf401c3590  xorg-server-
SHA1: e34708a520d666f22f028464cc518efbcd6b420b  xorg-server-
SHA256: ae7f2737dfc26046142bdd001304bc085ef78306d92524b14cd34fefda661ad2  xorg-server-
PGP:  http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 810 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20150123/975ddd26/attachment.sig>

More information about the xorg mailing list