Philip Langdale | 10 Jan 06:22 2008

xinput 1.3.0

This is the first xorg release of the xinput utility.

The big change is support for Xserver 1.4's new types
of XInput device.

Peter Hutterer (9):
      xinput as straight from the tarball.
      Autotool the lot.
      Death to RCS tags, remove compiler warning, get version from config.h.
      Let autoconf substitute the VERSION.
      Remove trailing whitespaces (buttonmap.c)
      Remove a few trailing whitespaces.
      Support GNU style options the dodgy way.
      Add --short argument to list. Only prints name and ID.
      Remove leftover trailing whitespaces.

Philip Langdale (8):
      Expand check to support XExtensionKeyboard/Pointer.
      Make dependency on inputproto >= 1.4 explicit.
      Update documentation
      Update man page.
      Add a warning when the user specifies an ambiguous device name
      Update news for 1.3.0 release.
      Update .gitignore
      Add ChangeLog rule.

git tag: xinput-1.3.0

http://xorg.freedesktop.org/archive/individual/app/xinput-1.3.0.tar.bz2
977d657e8d7b59f7d82c98ebef444b28  xinput-1.3.0.tar.bz2
(Continue reading)

Alan Coopersmith | 14 Jan 23:54 2008
Picon

libXmu 1.0.4


Alan Coopersmith:
      Add hooks for checking sources with tools like lint & sparse
      Clear sparse warnings: Using plain integer as NULL pointer
      Coverity #52: Dead code in get_os_name()
      Version bump: 1.0.4

James Cloos:
      Add *~ to .gitignore to skip patch/emacs droppings
      Replace static ChangeLog with dist-hook to generate from git log

git tag: libXmu-1.0.4

http://xorg.freedesktop.org/archive/individual/lib/libXmu-1.0.4.tar.bz2
MD5: fb372a5f3ab42b5ba16d7af4d833a0cb
SHA1: e2ecbce02184efd8899a34554575e1f3b6815295

http://xorg.freedesktop.org/archive/individual/lib/libXmu-1.0.4.tar.gz
MD5: 48b432e84035c664ece80a33695d5254
SHA1: 867b7adfb0e1f6fdf08f5403fecfd31143a3a7ad

--
	-Alan Coopersmith-           alan.coopersmith@...
	 Sun Microsystems, Inc. - X Window System Engineering

Matthieu Herrb | 17 Jan 15:05 2008
Picon
Picon

X.Org security advisory: multiple vulnerabilities in the X server


X.Org security advisory, January 17th, 2008
Multiple vulnerabilities in the X server
CVE IDs: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428,
         CVE-2007-6429, CVE-2008-0006

Overview

Several vulnerabilities have been identified in server code of the X
window system caused by lack of proper input validation on user
controlled data in various parts of the software, causing various
kinds of overflows.

Impact

Exploiting these overflows will crash the X server or,
under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case
for the Xorg server and for most kdrive based servers), these
vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited succesfully, require either
an already established connection to a running X server (and normally
running X servers are only accepting authenticated connections), or a
shell access with a valid user on the machine where the vulnerable
server is installed.

Affected versions

(Continue reading)

Aaron Plattner | 26 Jan 04:08 2008

xf86-video-nv 2.1.7 and 2.0.3

I've just pushed two new xf86-video-nv releases, one for X.org 7.2 and higher
and one based on version 2.0.2 for earlier servers.  Let me know if you run
into problems.

-- Aaron

---------------------------------------------------------------------------

xf86-video-nv 2.1.7

Aaron Plattner (9):
      GeForce 8800 GT.
      G80: Reduce load detection false positives.
      Bug #7309: Delay after disabling cursor to avoid wedging the cursor
        hardware on GeForce 6150.
      G80Create{Dac,Sor} return pointers, not Bools.
      New chips.
      Fix more load detection false positives.
      Update know card list date and add G92 to the manpage.
      Fix warning.
      Bump to 2.1.7.

Alan Coopersmith (1):
      xcalloc needs 2 args, Xcalloc takes one - yay for inconsistency!

Giuseppe Bilotta (2):
      Add macros to retrieve the subsystem vendor/device
      Enable backlight toggling for Dell Inspiron 8200 GeForce2 Go

Ian Romanick (1):
(Continue reading)

Matthieu Herrb | 21 Jan 11:08 2008
Picon
Picon

Re: X.Org security advisory: multiple vulnerabilities in the X server


Matthieu Herrb wrote:
| X.Org security advisory, January 17th, 2008
| Multiple vulnerabilities in the X server
| CVE IDs: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428,
|          CVE-2007-6429, CVE-2008-0006
|
| Overview
|
| Several vulnerabilities have been identified in server code of the X
| window system caused by lack of proper input validation on user
| controlled data in various parts of the software, causing various
| kinds of overflows.
|

Update: The patch for the MIT-SHM vulnerability (CVE-2007-6429)
introduced a regression for applications that allocate pixmaps with a
less than 8 bits depth. New patches are available for xserver 1.2 and
xserver 1.4:

ftp://ftp.freedesktop.org/pub/xorg/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows-v2.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows-v2.diff

MD5: 8e3f74c2cabddd3d629018924140e413
xorg-xserver-1.2-multiple-overflows-v2.diff[[BR]]
SHA1: 38ad95d97e83861c309276a27296787e6d0d1b54
xorg-xserver-1.2-multiple-overflows-v2.diff

MD5: ded4bc31104aedada0155514a968b45f
(Continue reading)

Tilman Sauerbeck | 18 Jan 19:42 2008
Picon

xf86-video-mga 1.4.8

This release makes Xinerama work again, which got broken in 1.4.7.

Adam Jackson (1):
      G200SE-A can't cope with bigger than 1600x1200.

Alan Coopersmith (1):
      Don't build or call init_dri if XF86DRI is undefined

Ian Romanick (1):
      Unmap the same size that was mapped

Tilman Sauerbeck (5):
      Use pci_device_map_range() instead of pci_device_map_region().
      Oops, don't access the "memory" field in struct pci_mem_region either.
      Fixed a typo.
      Bug #13926: Unbreak Xinerama.
      Bumped version to 1.4.8.

git tag: xf86-video-mga-1.4.8

http://xorg.freedesktop.org/archive/individual/driver/xf86-video-mga-1.4.8.tar.bz2
MD5: e7783c7609d441237d665b7fc47288c7  xf86-video-mga-1.4.8.tar.bz2
SHA1: 678a65acc395574bf5e5998d75864f49ceb42bbd  xf86-video-mga-1.4.8.tar.bz2

http://xorg.freedesktop.org/archive/individual/driver/xf86-video-mga-1.4.8.tar.gz
MD5: 96e4332efce6a04a87f7a98984fb8853  xf86-video-mga-1.4.8.tar.gz
SHA1: fb114534b3dff91fdc106e75fe8c1cc702a112c2  xf86-video-mga-1.4.8.tar.gz

Regards,
Tilman
(Continue reading)


Gmane