Julien Cristau | 20 Dec 13:34 2014
Picon

xorg-server 1.16.3

Here's X server 1.16.3.  Other than the version number, no changes since
RC1.  Below is the shortlog from 1.16.2, most of the changes are from
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

Cheers,
Julien

Adam Jackson (12):
      glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]
      glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]
      glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]
      glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]
      glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]
      glx: Integer overflow protection for non-generated render requests (v3) [CVE-2014-8093 5/6]
      glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]
      glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8098 4/8]
      glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]
      glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8]
      glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]
      glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]

Alan Coopersmith (19):
      Add -iglx & +iglx to Xserver.man
      unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]
      dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]
      dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]
      dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
      dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]
      dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]
      dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]
(Continue reading)

Aaron Plattner | 19 Dec 21:56 2014

vdpauinfo 0.9


vdpauinfo is a command line utility for querying the capabilities of a VDPAU
device.

This release adds support for the new profiles added in libvdpau 0.9.  It also
adds the ability to display which indexed color formats are supported by the
PutBits interface.

Finally, it adds the command line options --display and --screen, which can be
used to select which X server and screen to query rather than having to set the
$DISPLAY environment variable.

I've bumped the version number to 0.9 to match the version of libvdpau.  I plan
to keep the versions roughly in lockstep to indicate which version of libvdpau a
particular version of vdpauinfo is intended to support.

Aaron Plattner (6):
      Set the AM_INIT_AUTOMAKE foreign flag
      vdpauinfo: add option processing
      vdpauinfo: print supported PutBits indexed color formats
      Support new H.264 profiles added in libvdpau 0.9
      List profiles that are not supported as well
      Bump version to 0.9

git tag: vdpauinfo-0.9

http://people.freedesktop.org/~aplattner/vdpau/vdpauinfo-0.9.tar.gz
MD5:  f48e7ce838146021a138592ca9bdffc8  vdpauinfo-0.9.tar.gz
SHA1: e98a41b355e4729889d9f21874d8cc5c6da2ebaf  vdpauinfo-0.9.tar.gz
SHA256: a040fe3682db4cb6076179185a68559a62b908cd01f0aee086838eaf2923c8e3  vdpauinfo-0.9.tar.gz
(Continue reading)

Aaron Plattner | 19 Dec 20:09 2014

libvdpau 0.9


VDPAU is the Video Decode and Presentation API for Unix.  This
library provides a wrapper that loads the correct vendor-specific
implementation driver library, and a tracing library to help with
debugging VDPAU applications.

This release adds several new decoder profiles:

 VDP_DECODER_PROFILE_H264_CONSTRAINED_BASELINE
 VDP_DECODER_PROFILE_H264_EXTENDED
 VDP_DECODER_PROFILE_H264_PROGRESSIVE_HIGH
 VDP_DECODER_PROFILE_H264_CONSTRAINED_HIGH
 VDP_DECODER_PROFILE_H264_HIGH_444_PREDICTIVE

In addition, this release includes a number of packaging and compiler warning
fixes and clarifies the ABI policy to include the size of the data structures
defined in vdpau.h.  It also fixes a race condition that could be triggered when
two threads call VdpDeviceCreateX11 simultaneously.

Aaron Plattner (3):
      vdpau_x11.h: update stale comment about how libvdpau finds drivers
      vdpau.h: define a more strict ABI policy
      Bump version to 0.9

Emil Velikov (2):
      trace: properly annotate private functions as static
      vdpau: do not export _vdp_DRI2* functions

José Hiram Soltren (2):
      Clarify type of source_surface as VDP_INVALID_HANDLE
(Continue reading)

Thomas Wood | 12 Dec 17:40 2014
Picon

intel-gpu-tools 1.9

A new intel-gpu-tools quarterly release is available with the following changes:

- New test cases added: drm_import_export, gem_gpgpu_fill, gem_ppgtt,
  gem_tiled_wb, kms_pwrite_crc.

- New helper for interactive progress indicators (see igt_print_activity and
  igt_progress), which can be disabled by setting the log-level to warn (Thomas
  and Daniel).

- Basic skl support: pci ids, rendercopy & mediafill (Damien, Zhao Yakui).

- chv support for the iosf sideband tools and a few other improvements (Ville).

- Fence register support for intel_reg_dumper on bdw+ (Rodrigo).

- Support for skl in quick_dump (Damien).

- Golden state generation infrastructure (Mika).

- New skl watermark tool (Damien).

- New EDID test block that includes multiple display modes (Thomas).

- Individual test documentation available in generated documentation and from
  the test binaries (Thomas).

- New logging domains and log filtering (Thomas).

- Various API documentation fixes and improvements (Thomas).

(Continue reading)

Julien Cristau | 9 Dec 21:17 2014
Picon

xorg-server 1.16.2.901

This is the first RC for xserver 1.16.3.  It includes fixes for today's
security advisory (see
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/), plus
an fb fix for X.Org bug#54168, a few fixes for the present extension,
and a documentation update for the new -iglx/+iglx command-line flags.

Cheers,
Julien

Adam Jackson (12):
      glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]
      glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]
      glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]
      glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]
      glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]
      glx: Integer overflow protection for non-generated render requests (v3) [CVE-2014-8093 5/6]
      glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]
      glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8098 4/8]
      glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]
      glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8]
      glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]
      glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]

Alan Coopersmith (19):
      Add -iglx & +iglx to Xserver.man
      unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]
      dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]
      dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]
      dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
      dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]
(Continue reading)

Alan Coopersmith | 9 Dec 17:00 2014
Picon

X.Org Security Advisory: Protocol handling issues in X servers

X.Org Security Advisory:  Dec. 9, 2014
Protocol handling issues in X Window System servers
===================================================

Description:
============

Ilja van Sprundel, a security researcher with IOActive, has discovered
a large number of issues in the way the X server code base handles
requests from X clients, and has worked with X.Org's security team to 
analyze, confirm, and fix these issues.

Ilja's talk at the 30th Chaos Communication Congress (30C3) in Hamburg
last year ("X Security: it's worse than it looks") gave a preview of these 
issues and discussed the general form of many of these, but did not disclose
the exact details of them.

The vulnerabilities could be exploited to cause the X server to
access uninitialized memory or overwrite arbitrary memory in the X
server process.  This can cause a denial of service (e.g., an X server
segmentation fault), or could be exploited to achieve arbitrary code
execution.

How critical these vulnerabilities are to any given installation depends
on whether they run an X server with root privileges or reduced privileges;
whether they run X servers exposed to network clients or limited to local
connections; and whether or not they allow use of the affected protocol
extensions, especially the GLX extension.

The GLX extension to the X Window System allows an X client to send X
(Continue reading)

Peter Hutterer | 26 Nov 00:42 2014
Picon

xf86-input-evdev 2.9.1

This release fixes a couple of bugs with absolute devices that have scroll
wheels (such as the qemu tablets devices) and avoids the "unable
to find touch point 0" warnings previously caused by a touch starting before
the device was enabled.

Peter Hutterer (6):
      Make the slot-state per slot
      Fix axis initialization for devices with abs x/y and rel scrollwheels
      If only IgnoreRelativeAxes is set, init like a normal relative device
      Drop some unused #defines
      Remove three unused #defines
      evdev 2.9.1

Éric Brunet (1):
      Don't pass superfluous arguments to EvdevPost*Events

git tag: xf86-input-evdev-2.9.1

http://xorg.freedesktop.org/archive/individual/driver/xf86-input-evdev-2.9.1.tar.bz2
MD5:  8f73a98e32dccc9d054b54727cc4093f  xf86-input-evdev-2.9.1.tar.bz2
SHA1: 0bd822aef86918b847ac1c602835ed1e75d4b831  xf86-input-evdev-2.9.1.tar.bz2
SHA256: 0ce30328adfeac90a6f4b508d992fb834d8e50b484b29d3d58cf6683fa8502f9  xf86-input-evdev-2.9.1.tar.bz2
PGP:  http://xorg.freedesktop.org/archive/individual/driver/xf86-input-evdev-2.9.1.tar.bz2.sig

http://xorg.freedesktop.org/archive/individual/driver/xf86-input-evdev-2.9.1.tar.gz
MD5:  4b161da455ebed5a102db578d2b0caf6  xf86-input-evdev-2.9.1.tar.gz
SHA1: 8435ab6ba126d7eb0fd0df837367755edaae30b1  xf86-input-evdev-2.9.1.tar.gz
SHA256: 3b87bd833df68217447b38d448a573613bf5fe5250c6df785f4e59303a308d22  xf86-input-evdev-2.9.1.tar.gz
PGP:  http://xorg.freedesktop.org/archive/individual/driver/xf86-input-evdev-2.9.1.tar.gz.sig

(Continue reading)

Peter Hutterer | 24 Nov 09:00 2014
Picon

xf86-input-libinput 0.3.0

xf86-input-libinput is a libinput-based X.Org driver. The actual driver bit
is quite limited, most of the work is done by libinput, the driver itself
passes on the events (and wrangles them a bit where needed).

New in this version are properties for the configuration of left-handed
button mode, changing scroll methods and setting the scroll button (where
applicable).

Note that left-handed mode in this driver makes use of the underlying
libinput interface which is smarter than other drivers about which events to
apply it to. Specifically, setting a touchpad to left-handed will still send
the correct button events for tapping so no double-mapping is required here.

Peter Hutterer (7):
      Add support for left-handed button orientation
      Add support for switching scroll methods
      Add support for changing the button-scrolling button
      Use the button conversion helper for normal button events too
      Drop double empty lines
      Don't process events from devices that got removed already
      xf86-input-libinput 0.3.0

git tag: xf86-input-libinput-0.3.0

http://xorg.freedesktop.org/archive/individual/driver/xf86-input-libinput-0.3.0.tar.bz2
MD5:  ade058e7bed7776a8a631e7ba08f0a13  xf86-input-libinput-0.3.0.tar.bz2
SHA1: 0abd9e3f0542aa9c287846dba08bf8913ec01978  xf86-input-libinput-0.3.0.tar.bz2
SHA256: f36b1c128a903cf4d3e4be692571301af825d20a7a7f06d3feadb6b176912c5d  xf86-input-libinput-0.3.0.tar.bz2
PGP:  http://xorg.freedesktop.org/archive/individual/driver/xf86-input-libinput-0.3.0.tar.bz2.sig

(Continue reading)

Peter Hutterer | 20 Nov 23:28 2014
Picon

xkbcomp 1.3.0

In what is almost an olympic release schedule, here's a new version of
xkbcomp. Over the last two-and-a-bit years a number of patches have
accumulated, the most interesting one is support for multiple keysyms per
level (#25025).  I say "parsing support" for a reason, the symbol becomes a
NoSymbol, which is arguably still more useful than a parsing error. Plus,
multi-sym per key won't work in X anyway.

Other than that, misc fixes and changes all over the place. UNIXOS2 support
was dropped. Sorry guys, no multi-keysym parsing for you. I'll get a
bucket ready for the tears.

Adam Jackson (1):
      configure: Drop AM_MAINTAINER_MODE

Alan Coopersmith (10):
      unifdef -U__UNIXOS2__
      config: Add missing AC_CONFIG_SRCDIR
      Remove unused function entry/exit tracking framework
      Remove unused uASSERT macro
      Convert remaining sprintf calls to snprintf
      Fix many const char * warnings from gcc
      Remove useless checks for NULL before free in OverlayKeyCreate()
      Don't dereference the pointer whose allocation failed
      Remove useless assignment to 'outline' variable
      Initialize nMatch even if WIN32 is defined

Benno Schulenberg (1):
      Making sure that a copied string is always null-terminated (#66345).

Colin Walters (1):
(Continue reading)

Peter Hutterer | 19 Nov 06:13 2014
Picon

xf86-input-libinput 0.2.0

xf86-input-libinput is a libinput-based X.Org driver. The actual driver bit
is quite limited, most of the work is done by libinput, the driver itself
passes on the events (and wrangles them a bit where needed).

Unless you're already running a Wayland desktop, this driver is the easiest
way to test libinput and help us. However, in case the 0.2.0 version number
isn't enough of a hint: this is a very new driver, expect some rough edges
and bugs. The driver is now hosted on freedesktop.org, please file bugs in
the Input/libinput component of the xorg product.
https://bugs.freedesktop.org/enter_bug.cgi?product=xorg

For the time being, expect that you need the git version of libinput to
successfully compile/run this driver. For reference, libinput version
028513a0a723e97941c39c4aeb17433198723913 will work with this release.

Note that this driver works best when assigned to _all_ devices*. libinput
has a number of cross-device features such as top softwarebutton handling
that only work when all affected devices are managed by this libinput.

Note that desktop environments don't support this driver yet, you will have
to change configurations with an xorg.conf.d snippet or by poking around
with xinput list-props/xinput set-prop. If you don't know how to do that,
this driver isn't for you yet. Not all config options are exposed as
properties yet.

For the foreseeable future, libinput and this driver are Linux-only (evdev,
timerfd, epoll, ...).

Happy testing!

(Continue reading)

Julien Cristau | 10 Nov 16:55 2014
Picon

xorg-server 1.16.2

Other than the version number, no changes since last week's 1.16.1.901.

Julien Cristau (1):
      Bump to 1.16.2

git tag: xorg-server-1.16.2

http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.2.tar.bz2
MD5:  89620960b13515db8d0a8dbb92a1378a  xorg-server-1.16.2.tar.bz2
SHA1: f4dbb55534a9a3ce4c9a55547cadd0d6ab9bbec9  xorg-server-1.16.2.tar.bz2
SHA256: 446e0c3ebd556aced78ec0000ba9ae73f1e5317117d497f827afba48b787ce64  xorg-server-1.16.2.tar.bz2
PGP:  http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.2.tar.bz2.sig

http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.2.tar.gz
MD5:  7d3647f2717ce55c4a7b641800639304  xorg-server-1.16.2.tar.gz
SHA1: 5a22aaa38f17c81aa0c4ed84e5e34ae48c3e8092  xorg-server-1.16.2.tar.gz
SHA256: 90fe84005084d71a10fd16ab46175c39c0611adfcf897dd78f426146875f9f93  xorg-server-1.16.2.tar.gz
PGP:  http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.2.tar.gz.sig

_______________________________________________
xorg-announce mailing list
xorg-announce <at> lists.x.org
http://lists.x.org/mailman/listinfo/xorg-announce

Gmane