[ubuntu/xenial-security] xorg-server-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Fri Oct 26 14:23:37 UTC 2018

xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Privilege escalation and file overwrite
    - debian/patches/CVE-2018-14665.patch: disable -logfile and -modulepath
      when running with elevated privileges in
    - CVE-2018-14665

xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.1) xenial; urgency=medium

  * prime-sync-refactor.diff: Fix crash on modesetting+amdgpu hybrid.
    (LP: #1789913)

xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4~16.04.1) xenial; urgency=medium

  * Backport to xenial (LP: #1772632)
    - Revert dropping patches 105, 188, 191, and disable
      improve-outputclass.diff, in order not to regress nvidia

xorg-server (2:1.19.6-1ubuntu4) bionic; urgency=medium

  * debian/patches/fix-default-permissions.patch: fix default permissions
    when creating the log directory. (LP: #1735929)

xorg-server (2:1.19.6-1ubuntu3) bionic; urgency=medium

  * dri2-Sync-i965_pci_ids.h-from-Mesa.patch: Update i965_pci_ids.h to
    include latest CFL. (LP: #1753954)
  * server-1.19.diff: Pull fixes from upstream stable branch.
    (LP: #1748926)

xorg-server (2:1.19.6-1ubuntu2) bionic; urgency=medium

  * improve-outputclass.diff: Backport commits from upstream to improve
    OutputClass to support options and overriding primary GPU.
  * 191-Xorg-add-an-extra-module-path.patch, rules.flags: Drop adding
    extra-modules dir, not necessary anymore with outputclass additions.
  * 105_nvidia_autodetect.patch: Dropped, obsolete now.
  * 188_default_primary_to_first_busid.patch: Dropped, obsolete now.

xorg-server (2:1.19.6-1ubuntu1) bionic; urgency=medium

  * Merge with Debian.
  * XShmGetImage_fix_censoring.patch: Dropped, upstream.

xorg-server (2:1.19.6-1) unstable; urgency=medium

  [ Emilio Pozuelo Monfort ]
  * Use --sourcedir=debian/tmp/udeb for the udeb package and
    --sourcedir=debian/tmp/main for the rest, so that we don't have
    to specify where the files come from as well as where they should
    be installed to in *.install.
  * Install xorg-server.pc to a multiarch location. Based on a patch
    from Helmut Grohne. Closes: #836453.
  * Move xserver-xorg-legacy to priority optional, as priority extra is
  * Make calculation of xserver-xorg-core's xinput/video ABI provides more
  * Use ${prefix} rather than ${libexecdir} for --with-module-dir, as the
    module dir ends up in the pkg-config file, where libexecdir is not

  [ Timo Aaltonen ]
  * New upstream release.
  * 07-glx-do-not-pick-srgb-config-for-32bit-rgba-visual.diff: Add a
    patch from upstream to fix potential issues with mesa git.

xorg-server (2:1.19.5-1) unstable; urgency=high

  [ Emilio Pozuelo Monfort ]
  * rules: Try to simplify a bit flags handling and move them
    to rules.flags.
  * rules: Remove --disable-silent-rules, dh passes that for us.

  [ Andreas Boll ]
  * New upstream release.
    - CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179,
    - CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183,
    - CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187

xorg-server-hwe-16.04 (2:1.19.5-0ubuntu2~16.04.1) xenial; urgency=medium

  * Backport to xenial. (LP: #1716203)
    - disable xwayland-tablet.diff, not needed on xenial
  * control, rules: Drop -dbg package as it got mistakenly added back due
    to a merge. This package had migrated to -dbgsym earlier.

xorg-server (2:1.19.5-0ubuntu2) artful; urgency=medium

  * Backport upstream patch to fix cropping in XShmGetImage (LP: #1723732).

xorg-server (2:1.19.5-0ubuntu1) artful; urgency=medium

  * New upstream release
    - Fix CVE's:
      CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179,
      CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183,
      CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187
    - Revert a commit that regressed PRIME sync
    - os: Make sure big requests have sufficient length.

xorg-server (2:1.19.4-1ubuntu2) artful; urgency=medium

  * xvfb-run: Keep redirecting stderr to stdout, autopkgtests need it.

xorg-server (2:1.19.4-1ubuntu1) artful; urgency=medium

  * Merge from Debian.
    - new bugfix release

xorg-server (2:1.19.4-1) unstable; urgency=medium

  [ Sven Joachim ]
  * xvfb-run: Do not redirect stderr to stdout when running the program
    (Closes: #868876, LP: #1059947).

  [ Timo Aaltonen ]
  * New upstream release. (Closes: #855206, #857983, #860886)
    - CVE-2017-13721, CVE-2017-13723
  * rules: Drop dh_strip override, dbgsym transition is done
    (Closes: #876690).
  * signing-key.asc: Update Adam Jackson's key.

  [ Julien Cristau ]
  * Restore definition of DEB_HOST_ARCH_OS in debian/rules, lost in dh
    conversion (2:1.19.1-1).  Thanks, Helmut Grohne!

xorg-server (2:1.19.3-2) unstable; urgency=high

  * CVE-2017-10972: information leak out of the X server due to an
    uninitialized stack area when swapping:
    - Xi: Zero target buffer in SProcXSendExtensionEvent
  * CVE-2017-10971: stack overflow due to missing GenericEvent handling in
    - dix: Disallow GenericEvent in SendEvent request
    - Xi: Verify all events in ProcXSendExtensionEvent
    - Xi: Do not try to swap GenericEvent
  * With both those fixes, this closes: #867492

xorg-server (2:1.19.3-1ubuntu7) artful; urgency=medium

  * Sync from xserver-1.19-branch, drop upstreamed patches:

xorg-server (2:1.19.3-1ubuntu6) artful; urgency=medium

  * xwayland-add-grab-protocol-support.diff: Dropped, causes issues with
    kvm. (LP: #1713981)

xorg-server (2:1.19.3-1ubuntu5) artful; urgency=medium

  * add-cfl-cnl-ids.diff: Add Coffee Lake and Cannonlake pci-ids.

xorg-server (2:1.19.3-1ubuntu4) artful; urgency=medium

  * xwayland-tablet.diff: Add support for Wacom tablets in xwayland.
    (LP: #1712571)
  * xwayland-pointer-confine.diff: Add pointer locking/confinement fixes
    to xwayland.
  * xwayland-add-grab-protocol-support.diff: Add support for keyboard
    grabbing to xwayland. Bump wayland-protocols build-dependency to 1.9.

xorg-server (2:1.19.3-1ubuntu3) artful; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution in endianness
    conversion of X Events
    - debian/patches/CVE-2017-10971-1.patch: do not try to swap
      GenericEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-2.patch: verify all events in
      ProcXSendExtensionEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
      SendEvent request in dix/events.c, dix/swapreq.c.
    - CVE-2017-10971
  * SECURITY UPDATE: information leak in XEvent handling
    - debian/patches/CVE-2017-10972.patch: zero target buffer in
      SProcXSendExtensionEvent in Xi/sendexev.c.
    - CVE-2017-10972

xorg-server (2:1.19.3-1ubuntu2) artful; urgency=medium

  * sync-i965-ids.diff: Sync i965 pci-id's from mesa.

Date: 2018-10-25 16:07:33.031594+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list