Maintenance
- Avoid using some of the deprecated Qt APIs
- Missing includes of QPainterPath ( Qt 5.15 ) added
- QwtPlotSpectroCurve: missing public inheritance
- QwtPlotTradingCurve: missing public inheritance
Bug fixes
- QwtLinearColorMap: handling of alpha values in color stops fixed
- QwtPlotRasterItem: missing color table initialization for
QImage::Format_Indexed8
- QwtScaleWidget: missing QEvent::LayoutRequest added
- QwtSetSample: bound rectangle fixed for empty sets
Starting with Bison 3.7, the generated C++ file #include's the header
by default, instead of duplicating it. So we should not delete it.
Remove the code to add #ifdef guards to the header, since Bison adds
them itself since version 2.6.3.
From Dmitry Shachnev via Debian.
Aaron Ma (1):
xfree86: add drm modes on non-GTF panels
Adam Jackson (2):
linux: Make platform device probe less fragile
linux: Fix platform device PCI detection for complex bus topologies
Alan Coopersmith (2):
Update URL's in man pages
doc: Update URLs in Xserver-DTrace.xml
Alex Goins (1):
randr: Check rrPrivKey in RRHasScanoutPixmap()
Hans de Goede (1):
modesetting: Disable pageflipping when using a swcursor
Huacai Chen (1):
linux: Fix platform device probe for DT-based PCI
Jose Maria Casanova Crespo (1):
modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation
Lyude Paul (1):
xwayland: Store xwl_tablet_pad in its own private key
Martin Weber (1):
hw/xfree86: Avoid cursor use after free
Matt Turner (1):
xserver 1.20.9
Matthieu Herrb (5):
fix for ZDI-11426
Correct bounds checking in XkbSetNames()
Fix XIChangeHierarchy() integer underflow
Fix XkbSelectEvents() integer underflow
Fix XRecordRegisterClients() Integer underflow
Michel Dänzer (7):
present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip
present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip
xwayland: Always use xwl_present_free_event for freeing Present events
xwayland: Free all remaining events in xwl_present_cleanup
xwayland: Hold a pixmap reference in struct xwl_present_event
xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip
xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp
Olivier Fourdan (4):
xwayland: Fix infinite loop at startup
xwayland: Clear private on device removal
xwayland: Disable the MIT-SCREEN-SAVER extension when rootless
xwayland: Use a fixed DPI value for core protocol
Roman Gilg (1):
present: Check valid region in window mode flips
Samuel Thibault (1):
dix: do not send focus event when grab actually does not change
Simon Ser (2):
xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only
xwayland: only use linux-dmabuf if format/modifier was advertised
SimonP (1):
xwayland: Initialise values in xwlVidModeGetGamma()
Sjoerd Simons (1):
xwayland: Fix crashes when there is no pointer
Christopher Chavez (1):
Fix typo GCCLipYOrigin -> GCClipYOrigin in XCreateGC() manpage
Felix Yan (1):
Correct a typo in GetStCmap.c
Matthieu Herrb (2):
Fix an integer overflow in init_om()
libX11 1.6.12
Maya Rashish (1):
Avoid the use of "register" keyword in XkbTranslateKeySym.
Niclas Zeising (1):
Fix input clients connecting to server
Change log:
0.3.0
=====
- Fix jpeg thumbnail orientation when fallback code is taken place (Bug #28).
- Use AC_CONFIG_MACRO_DIRS instead of AC_CONFIG_MACRO_DIR
- Fix GTimeVal deprecation
- Drop support of GLib < 2.32
- Use guint32 for request handle and fix its further occurrences of 0
- Implement Excludes paths in tumbler.rc
- Translation Updates: be, da, el, es, he, hu, hye, it, nl, pl, sq, zh_TW, zh_HK
As of 1.24, MATE requires GNU-specific msgfmt features. meta-pkgs/mate/
Makefile.common r. 1.10 expressed this tool dependency using
USE_BUILTIN.gettext=no, but this exposed pkgsrc gettext-libs in the
build environment as well, which some MATE packages then linked
against, but gettext-libs didn't end up being declared as a run-time
dependency, so binary package installations were broken (with the
workaround of manually installing the undeclared gettext-libs
dependency). Express this dependency differently, so GNU msgfmt is
used as a tool without exposing pkgsrc gettext-libs.
(The pkgsrc tooling infrastruture could be altered to provide a
distinct "gmsgfmt" tool, same with "gxgettext", and perhaps others.
Here I'm just immediately concerned with fixing this packaging issue.)
Addresses PR pkg/55503 by Jay Patel.
Patch #359 - 2020/08/17
-add special case in WriteText to allow colors 8-15 to -override colorBDMode
(patch by Ingo Brückl).
-add utf8Weblike resource, to provide an alternate scheme for handling ill-formed
UTF-8 sequences (adapted from patch by Dan Gohman).
-improve computation for the number of lines needed to scroll-up a SIXEL graphic
(report/patch by Ben Wong).
-correct manpage description for default value of disallowWindowOps from changes
in xterm #331 (patch by Ben Wong).
-correct a loop starting-point in refresh_graphics from optimization in patch #358
changes (report by Ben Wong).
-add a new mouse mode 1016, which uses the same format as mode 1006, but sends
the mouse's position in pixels (suggested by Igor van den Hoven).
-fix an issue from patch #338 changes where only the first selection buffer
specified in the request would be updated using OSC 52 (patch by Michael Gulick).
-modify makefile/scripts to allow DESTDIR to prefix the target directory for
desktop-file-install (report by Fred Heitkamp).
-enable SIXEL feature by default.
-update config.guess, config.sub
Note: sixel-graphics should now be enabled by default.
Hence, I've removed the corresponding CONFIGURE_ARGS.
If you experience any issues please report and I'll add it back if needed.
The distfile changed on the MASTER_SITE back in 2006 so the checksum
didn't match for the past 14 years or so.
Change seems to be to fix a float cast warning.
Overview of Changes in GTK+ 3.24.22
===================================
* GtkTextView:
- Fix some corner cases of pixelcache invalidation
- Make select-all work on touch
* Fix print portal support
* Adwaita:
- Tweak title style class
- Add a public color for text view background
* Windows:
- Limit the size of the corner mask cache
- Use native API for keycode conversion
- Use GLES on arm64
* Wayland: Add a way to change the application id
* Quartz: Add axes to master devices
* Add --enable-tracker3 option to configure
* Translation updates:
Catalan
German
Indonesian
Italian
Kazakh
Spanish
Turkish
xorg-server 1.20.9, couldn't find a tarball).
X.Org security advisory: July 31, 2020
X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================
CVE-2020-14347
Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.
This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.
Patch
=====
A patch for this issue has been commited to the xorg server git
repository. xorg-server 1.20.9 will be released shortly and will
include this patch.
https://gitlab.freedesktop.org/xorg/xserver.git
diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
return NullPixmap;
- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
if (!pPixmap)
return NullPixmap;
Thanks
======
This vulnerability was discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.
Heap corruption in the X input method client in libX11
======================================================
CVE-2020-14344
The X Input Method (XIM) client implementation in libX11 has some
integer overflows and signed/unsigned comparison issues that can lead
to heap corruption when handling malformed messages from an input
method.
Patches
=======
Patches for these issues have been commited to the libX11 git repository.
libX11 1.6.10 will be released shortly and will include those patches.
https://gitlab.freedesktop.org/xorg/lib/libx11
commit 1703b9f3435079d3c6021e1ee2ec34fd4978103d (HEAD -> master)
Change the data_len parameter of _XimAttributeToValue() to CARD16
It's coming from a length in the protocol (unsigned) and passed
to functions that expect unsigned int parameters (_XCopyToArg()
and memcpy()).
commit 1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
Zero out buffers in functions
It looks like uninitialized stack or heap memory can leak
out via padding bytes.
commit 2fcfcc49f3b1be854bb9085993a01d17c62acf60
Fix more unchecked lengths
commit 388b303c62aa35a245f1704211a023440ad2c488
fix integer overflows in _XimAttributeToValue()
commit 0e6561efcfaa0ae7b5c74eac7e064b76d687544e
Fix signed length values in _XimGetAttributeID()
The lengths are unsigned according to the specification. Passing
negative values can lead to data corruption.
Thanks
======
X.Org thanks Todd Carson for reporting these issues to our security
team and assisting them in understanding them and providing fixes.
## 1.5.0 - 2020-07-23
### Added
- `min_icon_size` option to automatically scale up icons to a desired value (#674)
- `vertical_alignment` option to control the text/icon alignment within the notification (#684)
- Ability to configure multiple actions for each mouse event (#705)
- `dunstctl` command line control client (#651)
- RGBA support for all color strings (#717)
- Ability to run multiple scripts for each notification
- `ignore_dbusclose` setting (#732)
### Changed
- `dunstify` notification client is now installed by default (#701)
- Keyboard follow mode falls back to the monitor with the mouse if no window has keyboard focus (#708)
### Fixed
- Overflow when setting a >=40 minute timeout (#646)
- Unset configuration options not falling back to default values (#649)
- Crash when `$HOME` environment variable is unset (#693)
- Lack of antialiasing with round corners enabled (#713)
Patch #358 - 2020/07/12
-correct logic for decodeTerminalID changes in patch #357 (report by "Chartreuse").
-modify makefile to use plink.sh when linking test-programs, to fix build when
using pcre (report by H Merijn Brand)
-build-fix for test_ptydata program (patch by H Merijn Brand)
Patch #357 - 2020/07/05
-several minor optimizations for the ReGIS and SIXEL features, improving
performance by 10%.
-add resource decGraphicsID to allow displaying graphics when the emulation
level would ordinarily disallow this (prompted by discussion with Thomas Wolff).
-add control sequences for fast switching of color palettes: XTPUSHCOLORS,
XTPOPCOLORS, XTREPORTCOLORS
-amend change for soft-hyphen from patch #328 to avoid stripping replacement-
characters which would be shown with malformed or overlong UTF-8 input.
-corrected an error-handling case in decodeUtf8, matching a similar fix in patch
#268 (report/patch by Dan Gohman).
-add a test-driver for ptydata.c
-minor cleanup of macros (adapted from patch by Walter Harms).
-fix some errata in ctlseqs.ms (report by Thomas Wolff).
-allow immediate repaint-on-palette-changed if double-buffering is enabled.
-deprecate codes 10/11 in sgr push controls, changing those to 30/31, to avoid
confusion with sgr 10-19.
-modify SGR parameter handling to stop if an unrecognized parameter is
encountered, to guard against malformed or nonstandard sequences
(report by Bram Moolenaar).
-modify DECERA color for consistency with other erasures/clearing
(report by Thomas Wolff).
-ECH should not be masked by DECSCA (report by Thomas Wolff).
-extend DECFRA and REP to accept any graphic character rather than just
Latin1, etc. (report by Thomas Wolff).
-add -C option to 256colors2.pl and 88colors2.pl, to demonstrate mixed semicolon
/colon separators which are implied by ECMA-48.
-update sample terminfo to reflect the documentation improvements.
-update description of 88/256/direct color in ctlseqs.ms to point out that using
semicolons is a deprecated legacy feature, and standard terminal applications
should use colons (prompted by discussion with Bram Moolenaar).
-modify configure-check for tgetent to conditionally include termcap.h, enabling
configuration using clang's pedantic-errors option (report by Dennis Clarke).
See Other Compatibility in ncurses' curs_termcap(3X).
-remove some unnecessary pointer checks (patch by Walter Harms).
-accept terminal-id and add DA response for VT131, VT132.
Patch #356 - 2020/05/02
-revise fix for Debian #954730, which interfered with wheel mouse events
(report by Gabriele Balducci).
Patch #355 - 2020/05/01
-revise fix for Debian #954730, which interfered with wheel mouse events
(report by Henri Menke).
-fix typos in documentation (reports by Stephen Hurd, Stefan Assmann).
-add mapping for decTerminalID for 100 overlooked in patch #354.
-update tables in wcwidth.c based on Unicode 13.0.0
-build-fix for make check when building out-of-tree (report by Sven Joachim).
Patch #354 - 2020/04/26
-work around performance problems of XDrawImageString and XDrawImageString16
functions (Debian #954845).
-add a control sequence which reports xterm's version (patch by Nicholas
Marriott, mintty #881).
-temporarily set numeric locale category to "C" when parsing resources, so that
scaleHeight and faceSize settings do not depend on locale (Debian #820803).
-improve DA/DA2 response by ensuring that the decTerminalID maps to one of the
known identifiers, as well as providing DA2 response for VT241 and VT382.
-terminfo improvements:
-add (my) comments from ncurses which explain the keypad layouts.
-add vt52+keypad from ncurses
-use improved xm example for xterm+x11mouse, xterm+sm+1006 from ncurses 6.2
terminfo.src
-two fixes for left/right wheel mouse event reporting (Debian #954730):
filter identical button-events
correct order of button-range versus protocol type (see patch #345)
-change make check makefile-rule to use test-drivers for charclass and wcwidth
data.
-quiet did not find a usable xxx TrueType font warnings by making fontWarnings
apply to these messages (report by Jim Rees).
-improve reinitialization of parameter list (report/testcase by James Holderness).
-temporarily set numeric locale category to "C" when formatting SVG or XHTML
screendumps, to make the radix separator used in RGB values consistent
(adapted from patch by George Kouryachy).
-add resource forceXftHeight to control whether workaround from Debian #880407
is used.
-apply updated ascent/descent in workaround from Debian #880407 to fix a 1-pixel
gap in built-in vertical lines (report/testcase by Stefan Assmann).
-improve round-off of scaling for built-in line-drawing (prompted by discussion
with Stefan Assmann).
-adjust fonts in svg-icon files to accommodate reduced functionality of new pango
(report/analysis by YOKOTA Hiroshi).
-improve configure check for X Toolkit library.
-correct Y-coordinate transformation in ClearCurBackground, overlooked in changes
for patch #334 (report/analysis by Chuck Silvers).
-remove --vendor option from test-packages' install of desktop files; the feature
is badly broken in gnome-shell.
-modify uxterm to make it possible to select nonstandard locale C.UTF-8, e.g, if
the user's locale is set to C (Debian #940626).
-re-save/tweak .svg icon-files to work around breakage in toolset since the
files were created in patch #283.
Patch #353 - 2020/02/01
-amend change in patch #352 for button-events to fix a case where some followup
events were not processed soon enough (report/patch by Jimmy Aguilar Mena).
-handle MappingNotify X event, to improve recovery when switching keyboard
configurations using xkbcomp (prompted by discussion with Frank Mosch, Debian
#661295). There is more work needed here, possibly in the X libraries.
improve discussion of mouse-mode in ctlseqs.ms (suggested by Igor van den Hoven).
-further improve checks for Xft max-advance-width to take into account fonts
which use two cells for ambiguous width characters. Also improve the time used
for these checks (reports by Yuri Pankov, Frank Mosch).
-fix a few spelling errors reported by codespell (report by Jens Schleusener).
-modify run-tic.sh to prefer development version of ncurses since changes to
terminfo file in patch #345 rely upon bug-fixes in ncurses (prompted by discussion
with Will Senn).
Patch #352 - 2020/01/16
-adjust fontsize data to handle a minor inconsistency from recent Xft versions
(Debian #880407, adapted from patch by Vincent Lefèvre).
-add a table to the manual page description of forceBoxChars to alert the reader
to the special characters aside from line-drawing which are drawn directly
when this resource is set (Debian #931305).
-improve checkXft logic which attempts to detect fonts whose max-advance-width
is inconsistent with the actual glyph widths. For some fonts, it is necessary to
check additional characters (report/analysis by Jan Engelhardt).
-improve configure-checks for X headers and libraries on recent MacOS, which has
moved those files under /usr/X11.
-improve portability of iconify/deiconify feature by taking into account some
window managers which manipulate the EWMH _NET_WM_STATE property,
adding/removing _NET_WM_STATE_HIDDEN rather than actually minimizing the window
(pon with Jörg Breitbart).
-improve workaround from patch #287 fo postponing the extra request for minimizing the window to the key by itself can generate button-events
(report/analysis by Maal page (patch by Larry Hynes).
-add definitions in xterm_io.h updated autoconf macros
-update config.guess
Patch #351 - 2019-add -report-icons to help-message.
-improved autoconf macros:
update config.guess, config.sub
-correct status in XTGETXRES resize from the struct-notify event handler to prevent
-recursion(report by Stefan Assmann).
-improve the note on the xterm-rep not ignore zero'd/blank cells.
-align terminfo file with ncurs-add vttests/modify-keys.pl script to illustrate the modifyOtheines resource default value
(Branden Robinson, Debian #913815).n is complete.
-add a control sequence which, like tcap-query, in the imake configuration as they
would be by default via the Sven Joachim).
-build-fix for the case when configure --enableSven Joachim).
-fix a few minor bugs found with Coverity.
-add the --disable-doublechars configure option (report by Brian Lin-document window properties in the manual page.
-improve title-le-string encoded in UTF-8, check if that is the case, and if iencoding (FreeBSD #240393).
-Make sameName resource work for thn UTF-8 is active.
-reorganize text-drawing to make it possiblen switching from 132 to 80 columns.
-improve font-warning messafont-warning messages, to accommodate broken X configurations.
ont (Redhat #1679790). That relies upon the :unscaled
property configurations.
-set a graphic-context for border when double-bg when switching to reverse-video.
-build-fix for --disable-zic(report by Scott Bertilson).
Patch #348 - 2019/07/22
-update wos types, to improve compiler-warnings.
-ensure that when resetgins), and DECSTR.
-corrected order of reset/move when setting ing margins, rather than only when the mode is changed
(report fering configuration.
-correct logic for filtering scrollbar-updescription of 1006 and 1005 mouse modes, to avoid implying thawere xterm extensions
rather than VT100/VT220 terminal featuresnse (suggested by Thomas Wolff).
-fix a typo, improve wording iolff).
-fix off-by-one in VT52 graphics character mapping (patcarnings when building with imake.
-update config.sub
Patch #34esource to control the maximum rate of screen updates
(report bed by report by Martin Hostettler).
-correct off-by-one in paraestcase by Thomas Wolff).
-add resource buffered to allow enablthat the needSwap flag is set after drawing TrueType text
-corr video attributes. The attribute to use is
in the left-half (reomas Wolff).
-reset flags including wraparound and reverse-wrap(report by Thomas Wolff).
-ensure that italic font is turned ofth
binary-search table generated using updated uniset (report b name comparisons work when active-icon is enabled,
since CSI13e since 2008 (see patch #238).
Patch #346 - 2019/05/27
.update#862042).
-account for internalBorder in useBorderClipping (repcharacters in wcwidth.c based on Unicode 12.1.0
(prompted by diort by Bram Moolenaar).
-fix a sign-extension when reporting of run-tic.sh for HPUX, whose mktemp prints the name of a temporalation is VT420 (suggested by Thomas Wolff).
-modify treatment discussion
with Ben Wong, lsix #20).
-modify button-handling tor after
a direct-color to be ignored.
-add resource useBorderClRobert Ross).
-improve logic for displaying xterm's built-in li, as well as to
demonstrate push/pop of the various color typesof indexed-colors, contrary to documentation.
-reduce buffer-fl for OSC 5 use the 5 in the response; formerly
it was mapped to request.
-update tables of combining and unknown-width charact-add vttests/query-dynamic.pl
-modify vttests/query-color.pl towhether to use OSC 5 rather than OSC 4.
-modify cursor coloringmouse responses from patch #342 changes; the legacy
protocol suy.pl to demonstrate batch queries with -q option.
-increase reslation of predefined symbols
-check for updated X Toolkit, whicrt by Emile LeBlanc).
-documentation errata (patch by Larry Hynfull-screen mode.
-window's border-size was incorrectly added t
3.0.5.1
This is a patch release updating the soname of the shared libraries for Unix/ELF systems which was forgotten in 3.0.5. Because of this, please use the source archives from this release if you're building wxWidgets shared libraries from source under these systems, but please refer to 3.0.5 files for all the rest, i.e. MSW binaries and the documentation.
For completeness, the only other changes compared to 3.0.5 are:
- Workaround for the problem with overflowing maximum command line length in MinGW builds not using configure.
- Fix for a problem with wxSpinCtrl in wxGTK
3.0.5
All:
- Support nullptr in wxPrintf() and other pseudo-vararg functions.
- Fix problem with wx-config installation and use under NetBSD (wiz).
- Avoid spurious errors on thread creation under NetBSD.
All (GUI):
- Improve stock items consistency and aesthetics (dhowland).
- Implement wxTextCtrl::HitTest() for single line controls.
- Improve wxSVGFileDC to support more of wxDC API (Maarten Bent).
wxMSW:
- Fix handling of AUX2 mouse button events (Trylz).
- Honour alignment flags for multiline buttons using custom colours too.
- Fix crash when using wxCHMHelpController() in 64 bit builds (Xlord2).
wxGTK:
- Fix position of popup menus shown in wxListCtrl.
- Fix not showing wxInfoBar with GTK+ 3 < 3.22.29.
- Potentially incompatible change: wxDataViewModel::Cleared() now works as
documented cross-platform. Previously on wxGTK it just emptied the model
rather than triggering a reload of the model. If you are working around the
broken behaviour with wxGTK-specific code in your application you should
check that your application works correctly with this change.
- Return appropriate values for some previously hard-coded system colours.