[ANNOUNCE] xorg-server 1.16.99.902
Keith Packard
keithp at keithp.com
Fri Jan 23 19:52:38 PST 2015
Ok, here's what I think we should release as 1.17. I plan on doing that
in a few days (Monday? Tuesday?), unless there's some good reason not
to. Let me know if there's some critical (i.e. crashing) fixes that I've
missed somehow. And, again, I think we can run a shorter 1.18 cycle,
given the pent-up list of fixes.
Sorry for not getting this wrapped up sooner. Turns out that switching
employers takes a bunch of time, especially if you're also busy enjoying
the sunshine in New Zealand.
-keith
Aaron Plattner (2):
xfree86: Bump ABI versions (video: 19, extension: 9)
os: "Server terminated successfully" is not an error
Adam Jackson (17):
mi: Fix regression in arc drawing
render: fix ChangePicture when Xinerama is active (v2) (#49170)
glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]
glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]
glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]
glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]
glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]
glx: Integer overflow protection for non-generated render requests (v3) [CVE-2014-8093 5/6]
glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]
glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8098 4/8]
glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]
glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8]
glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]
glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]
glx: Dynamically compute attribute slot in GetDrawableAttributes
glx: Add hack for GLX-1.2-style naked windows to GetDrawableAttributes
dix: make RegionInit legal C++
Alan Coopersmith (22):
Add -iglx & +iglx to Xserver.man
unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]
dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]
dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]
dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]
dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]
dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]
Xi: unvalidated lengths in Xinput extension [CVE-2014-8095]
xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]
Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]
dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103 1/2]
present: unvalidated lengths in Present extension procs [CVE-2014-8103 2/2]
randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]
render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100 2/2]
xfixes: unvalidated length in SProcXFixesSelectSelectionInput [CVE-2014-8102]
Add request length checking test cases for some Xinput 1.x requests
Add request length checking test cases for some Xinput 2.x requests
Add REQUEST_FIXED_SIZE testcases to test/misc.c
Solaris: delete undocumented, unuseful -protect0 flag
Move RTLD_DI_SETSIGNAL code into a separate block to quiet warning
Solaris: Move shared declarations to xf86_OSlib.h
Axel Davy (1):
Fix present_notify to return right away when querying current or past msc.
Carl Worth (1):
os/xsha1.c: Add license and copyright attribution.
Carlos Olmedo Escobar (1):
Avoid possible null pointer dereference.
Carlos Sánchez de La Lama (1):
randr: swap num-preferred field on RRGetOutputInfo reply
Chris Wilson (1):
dri2: SourceOffloads may be for DRI3 only
Colin Harrison (1):
hw/xwin: Don't allocate one wchar_t too much for unicode text placed on the Windows clipboard
Daniel Martin (5):
config/udev: Prefix and shift "removing GPU" message
modesetting: Move Bool glamor into drmmode struct
modesetting: Create new EGL screen in drmmode_xf86crtc_resize
modesetting: Fix ifdefs s/HAVE_UDEV/CONFIG_UDEV_KMS/
modesetting: Remove unused params from drmmode_output_init()
Dave Airlie (2):
glamor: Add an accessor for the GBM device.
glamor: use screen blockhandler rather than dix one (v3)
Dima Ryazanov (1):
Fix "Back", "Forward", and other special mouse buttons in XWayland.
Jason Ekstrand (4):
modesetting: Refactor drmmode_glamor_new_screen_pixmap
modesetting: Add drmmode_bo_has_bo and drmmode_bo_map helper function
modesetting: Add support for using RandR shadow buffers
modesetting: Return the crtc for a drawable even if it's rotated
Jasper St. Pierre (1):
modesetting: Update the cursor without hiding it
John Hunter (1):
fix an annotation mistake
Jon TURNEY (11):
hw/xwin: Remove some redundant clipboard externs, now defined in winglobals.h
hw/xwin: In SelectionNotify, delete the property containing returned data after we have retrieved it
hw/xwin: In SelectionNotify, don't pointlessly retrieve just the size of the property
hw/xwin: Retrieve TARGETS to avoid unnecessary failing conversion attempts
hw/xwin: Add controls for enabling/disabling monitoring of PRIMARY selection
hw/xwin: Improve reliability of clipboard X->Windows pastes
hw/xwin: Fix clipboard thread restart
hw/xwin: Fix hang on shutdown when we own the clipboard.
Revert "glx: Simplify glXDestroyContext"
glx: Flush context which is being made non-current due to drawable going away
glx: Fix crash when a client exits without deleting GL contexts
Julien Cristau (2):
render: check request size before reading it [CVE-2014-8100 1/2]
glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8]
Keith Packard (17):
glamor: Don't insert fbos from external objects into fbo cache
glamor: Always destroy EGL image associated with destroyed pixmap
glamor: Remove redundant reference to screen pixmap EGL image
glamor: Free existing EGL image when assigning new one
dbe: Call to DDX SwapBuffers requires address of int, not unsigned int [CVE-2014-8097 pt. 2]
glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt. 9]
Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]
modesetting: [v2] Don't re-enable the cursor when loading the image
modesetting: Enable Xv when using glamor
modesetting: Fix damage tracking auto-disable code
modesetting: Detect whether damage tracking is needed
glamor: Fix nlines in glamor_xv_put_image when src_y is odd
dix: Allow zero-height PutImage requests
doc: Create a script to filter xmlto output
drivers/modesetting: Save current BlockHandler on return in msBlockHandler
Update to version 1.16.99.902
Kenneth Graunke (13):
modesetting: Stop using glamor_egl_create_textured_screen_ext().
modesetting: Move ModifyPixmapHeader calls out of if/else branches.
modesetting: Create helper for glamor_egl_create_textured_screen call.
modesetting: Move dumb_bo into its own source files.
modesetting: Drop dumb_bo::map_count field and dead unmap code.
modesetting: Create a drmmode_bo wrapper; use it for front_bo.
modesetting: Use GBM for buffer allocations if Glamor supports it.
present: If present_queue_vblank() fails, do present_execute().
modesetting: Track the CRTC's DPMS mode.
modesetting: Check DPMS mode in ms_covering_crtc().
modesetting: Include glamor.h from driver.h.
modesetting: Add vblank synchronization support when using Present.
modesetting: Fix build with --disable-glamor.
Mario Kleiner (2):
present: Avoid crashes in DebugPresent(), a bit more info.
present: Fix use of vsynced pageflips and honor PresentOptionAsync. (v4)
Markus Wick (1):
xwayland: Set glamor filter to nearest
Michel Dänzer (8):
glamor: Reinstate glamor_(egl_)destroy_textured_pixmap
glamor: Fix use-after-free in glamor_destroy_textured_pixmap
glamor: Make glamor_set_pixmap_private not crash if the pixmap has no fbo
glamor: Make glamor_destroy_textured_pixmap idempotent
glamor: Make sure glamor_egl_close_screen wraps glamor_close_screen
glamor: Call glamor_pixmap_destroy_fbo from glamor_set_pixmap_private
glamor: Make glamor_purge_fbo static
glamor: Make sure Xvideo source image data is properly aligned
Michele Baldessari (2):
ephyr: Implement per-screen colormaps
ephyr: Implement per-screen colormaps
Neil Roberts (1):
glx: Add implementation of __GLXContext->loseCurrent for direct ctxts
Olivier Fourdan (3):
Remove explicit dependency on $(WAYLAND_LIBS)
Fix subwindow in Xi emulated events
Synchronize capslock in Xnest and Xephyr
Peter Harris (1):
Fix overflow of ConnectionOutput->size and ->count
Peter Hutterer (13):
include: fix compiler warning about casting int to uint16_t
include: fix documentation for list.h
include: change RegionSize() to take a size_t
Xext: fix clang compiler warning
xfree86: drop double-typedef of DBusConnection
xwayland: declare fatal log handler as noreturn
dix: silence compiler warning
dix: silence compiler warning comparing CARD32 to -1
Drop trailing whitespaces
mi: fix documentation for miPointerSetPosition
dix: offset touch root coordinates by ScreenRec origins (#86655)
xfree86: rename Xorg.bin to Xorg
mi: fix accidental x/y coordinate swap
Robert Morell (1):
glx: Fix mask truncation in __glXGetAnswerBuffer [CVE-2014-8093 6/6]
Thierry Reding (1):
xv: Add missing gcstruct.h include
git tag: xorg-server-1.16.99.902
http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.99.902.tar.bz2
MD5: 18e5d1dc739e657c785eed848b66ae2a xorg-server-1.16.99.902.tar.bz2
SHA1: a505f971b60e954d72770218de9938c70f557941 xorg-server-1.16.99.902.tar.bz2
SHA256: b25ec3a920d5a7f49ed3c44ec3a2189c333afc974eec6518839a14b968376115 xorg-server-1.16.99.902.tar.bz2
PGP: http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.99.902.tar.bz2.sig
http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.99.902.tar.gz
MD5: da1471e29ed2b61d9d8b9ccf401c3590 xorg-server-1.16.99.902.tar.gz
SHA1: e34708a520d666f22f028464cc518efbcd6b420b xorg-server-1.16.99.902.tar.gz
SHA256: ae7f2737dfc26046142bdd001304bc085ef78306d92524b14cd34fefda661ad2 xorg-server-1.16.99.902.tar.gz
PGP: http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.99.902.tar.gz.sig
--
-keith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 810 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20150123/975ddd26/attachment.sig>
More information about the xorg
mailing list