This release provides the fixes for the recently announced security issue
CVE-2013-2001 along with a number of other fixes to the error handling
code found while investigating that issue.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (10):
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
When Xcalloc() returns NULL, you don't need to Xfree() it
Improve error handling in XF86VidModeGetMonitor()
Unlock display before returning alloc error in XF86VidModeGetModeLine()
Unlock display before returning alloc error in XF86VidModeGetAllModeLines()
Unlock display before returning alloc error in XF86VidModeGetDotClocks()
Use _XEatDataWords to avoid overflow of length calculations
memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001]
avoid integer overflow in XF86VidModeGetModeLine()
libXxf86vm 1.1.3
Colin Walters (1):
autogen.sh: Honor NOCONFIGURE environment variable
This release provides the fixes for the recently announced security issues
CVE-2013-1991 & CVE-2013-2000, along with a couple build fixes.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (7):
Use _XEatDataWords to avoid overflow of rep.length shifting
integer overflow in XDGAQueryModes() [CVE-2013-1991 1/2]
buffer overflow in XDGAQueryModes() [CVE-2013-2000 1/2]
integer overflow & underflow in XDGASetMode() [CVE-2013-1991 2/2]
buffer overflow in XDGASetMode() [CVE-2013-2000 2/2]
integer overflow in XDGAOpenFramebuffer()
libXxf86dga 1.1.4
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Jeremy Huddleston (2):
Build fix when sizeof(off_t) > sizeof(void *)
Include <stdint.h> for uintptr_t
This release provides the fixes for the recently announced security issues
CVE-2013-2002 & CVE-2013-2005, along with other code & doc cleanups, build
fixes, automake compatibility changes, and packaging improvements.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (5):
unifdef -U__UNIXOS2__
Unchecked return values of XGetWindowProperty [CVE-2013-2005]
unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002]
Remove old strtoul workaround for SunOS 4
libXt 1.1.4
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Egbert Eich (2):
Install ErrorDB into a $datarootdir-path, not $libdir.
Add XtErrorDB directory to pkg-config file.
Eric S. Raymond (2):
Eliminate use of tab stops.
Remove unused macros that are temptations to presentation-level klugery.
Julien Cristau (1):
Add copyright notice and license from the X Consortium to COPYING
Thierry Reding (1):
Use AM_CPPFLAGS instead of INCLUDES
Thomas Klausner (2):
Avoid referencing something that isn't defined. Bring in the definition from another manual page.
Fix DEBUG build (TMparse.c:376:1: error: overflow in implicit constant conversion)
This release primarily provides the fix for the recently announced
security vulnerability CVE-2013-1988, along with improved compatibility
with future automake releases.
Alan Coopersmith (5):
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
Use _XEatDataWords to avoid overflow of rep.length shifting
integer overflow in XResQueryClients() [CVE-2013-1988 1/2]
integer overflow in XResQueryClientResources() [CVE-2013-1988 2/2]
libXres 1.0.7
This bug fix release delivers the fixes for the recently announced security
vulnerability CVE-2013-2062, alongside the last couple years accumulation
of janitorial cleanups, compiler warning fixes, and adjustments to remain
compatible with changes in new and future automake releases.
Alan Coopersmith (10):
Strip trailing whitespace
Stop trying to use NULL for Status values
Fix XpEventToWire arguments to match what libXext expects
Add const qualifiers to silence gcc -Wwrite-strings warnings
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
Use _XEatDataWords to avoid overflow of rep.length bit shifting
integer overflow in XpGetAttributes & XpGetOneAttribute [CVE-2013-2062 1/3]
integer overflows in XpGetPrinterList() [CVE-2013-2062 2/3]
integer overflows in XpQueryScreens() [CVE-2013-2062 3/3]
libXp 1.0.2
This bug fix release primarily provides the fix for the recently announced
security vulnerability CVE-2013-1985.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (3):
Use _XEatDataWords to avoid overflow of _XEatData calculations
integer overflow in XineramaQueryScreens() [CVE-2013-1985]
libXinerama 1.1.3
Colin Walters (1):
autogen.sh: Implement GNOME Build API
* Fix python code to work with python-3
* Security fix for integer overflow in read_packet() [CVE-2013-2064]
Alan Coopersmith (2):
integer overflow in read_packet() [CVE-2013-2064]
libxcb 1.9.1
Christian König (1):
whitespace fix in xcb_take_socket
Chí-Thanh Christopher Nguyễn (2):
c-client.py: Fix python-3 AttributeError: 'dict' object has no attribute 'iteritems'
c_client.py: Fix python-3 invalid except statement
Colin Walters (1):
autogen.sh: Implement GNOME Build API
This release delivers the fix for security vulnerability CVE-2013-2003
and makes the Makefile.am more compatible with future automake releases.
Alan Coopersmith (3):
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003]
libXcursor 1.1.14
Another release on schedule:
------------------------------------------
Andreas Wettstein (1):
Draft for German T3 layout.
Daniel Drake (1):
Fix AE00 alias in olpcm keycodes
Evgeny Bobkin (1):
Fix keyboard indicator for russian (germany, phonetic)
James M Leddy (1):
Add XF86AudioMicMute mappings
Michal Nazarewicz (1):
Add various compose:*-altgr options.
Peter Hutterer (1):
rules: fix iso639 code for irish
Sergey V. Udaltsov (16):
Fixing wrong iso639-3 codes
Fixing ISO codes
English Mali layouts have English language assigned to them
fr --> fra (ISO 639)
Fixed ru(ruu) - invalid keysym
Updates to Cameroon Keyboard
Map Alt to Win
Fixed fypo
Fixed UK Macbook Pro layouts
Fixed Congolese
Added ru(mac)
Added RAlt as 3rd level switcher to us(dvp)
prerelease
wrong location of de(legacy)
Updated translations, prerelease
release 2.9
Stephan Hilb (1):
Remove explicit virtual modifier setting for level3 and level5
Walter Bender (1):
add support for the OLPC mechanical non-membrane keyboard
This minor bugfix release includes the fix for the security issue recently
reported as CVE-2013-1996, as well as a number of other cleanups of the
memory allocation & error handling code noticed while working on that.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (9):
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
Get rid of unnecessary casts in FS*alloc calls
Get rid of unnecessary casts in FSfree calls
Use NULL instead of 0 for null pointers
Avoid reading outside bounds when _FSReply receives an Error response
Avoid accessing freed memory on realloc failure in FSListFontsWithXInfo
Get rid of more duplication in error cleanup code in FSListFontsWithXInfo
Sign extension issue and integer overflow in FSOpenServer() [CVE-2013-1996]
libFS 1.0.5
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Thomas Klausner (1):
Fix a prototype error
This bug fix release includes the fix for the recently announced
CVE-2013-1983, along with some other cleanups & warning fixes.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (7):
Strip trailing whitespace
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
Remove duplicate declaration of XFixesExtensionName in Xfixesint.h
XFixesFetchRegionAndBounds: use nread in call to XReadPad
Use _XEatDataWords to avoid overflow of _XEatData calculations
integer overflow in XFixesGetCursorImage() [CVE-2013-1983]
libXfixes 5.0.1
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Peter Hutterer (1):
man: remove "current", we're way past 1.0.
patches/patch-mkf_lib_mkf__ucs4__map.c
- mkf_ucs4_map.c: mkf_map_ucs4_to_jisx0213_2000_1 is not cached
in mkf_map_ucs4_to() to prefer JISX0208 to JISX0213 all the time.
8f6a1a9693 (chg-mkf)/lib/mkf_ucs4_map.c
patches/patch-xwindow_fb_x__window.c
- fb/x_display.c: Segfault in x_font_t::x_off > 0 is fixed.
7c4748b4e7 (chg-xwindow)/fb/x_window.c
Also put some tweaks for pkgsrc:
patches/patch-etc-configure
- regen to adjust line numbers in diff
patches/patch-etc_font-fb
- add commented out JISX0213_2000_1 and JISX0213_2000_2 examples
Bump PKGREVISION.
The xstdcmap utility can be used to selectively define standard colormap
properties. It is intended to be run from a user's X startup script to create
standard colormap definitions in order to facilitate sharing of scarce colormap
resources among clients using PseudoColor visuals.
xlsatoms lists the interned atoms defined on an X11 server. Version 1.1 and
later of xlsatoms use (and require) libxcb instead of libX11, for less latency
when communicating with the X server.
History
Luit was written by Juliusz Chroboczek for the XFree86 Project in
2001-2002. There were improvements and fixes by several people, in
particular Tomohiro Kubota's extensions for CJK encodings.
There was no maintainer for some time; I adopted it in 2006 to
ensure that it continued to support xterm (details are listed in
the luit.log.html file within the source).
Besides the maintenance issue that attracted my attention in 2005
(untested changes to compiled-in file locations by Xorg hackers),
Luit has had from the outset a technical issue: its associated
font-encoding library.
Juliusz Chroboczek used the font-encoding library to work around
performance issues with direct use of iconv. This solution has
proven to be a drawback:
the font-encoding library is little used (other than by luit),
and also lacks a maintainer. the font-encoding library does
not provide the full range of encodings that iconv does. the
Xorg configure scripting and other dependencies surrounding
the library have been subject to uncontrolled growth.
I solved the problem by implementing an efficient conversion using
iconv. Luit still supports the font-encoding library if it is found
by the configure script. If you choose, luit can easily be built
using iconv.
However, as of luit 2.0, the font-encoding library has been
deprecated:
Luit includes all of the relevant functionality for using the
".enc" files which are distributed separately. You may have
these files as a separate package, e.g., "xfonts-encodings",
or as part of "xfonts-x11-fonts-misc", "x11-font-encodings" or
even "encodings". If you have trouble finding the package, look
for a specific file such as adobe-standard.enc. The encoding
files are rarely packaged with luit, and oddly enough are never
made a package dependency. The only other use that I am aware
of for the files is for the defunct xprint program.
To see which ".enc" files luit may use, run
luit -list-fontenc
Here is sample output. The old version of luit can use only
about a third of these encodings, i.e.,
big5.eten-0, big5hkscs-0, dec-special, gb18030.2000-0,
gb18030.2000-1, gb2312.1980-0, gbk-0, ibm-cp437, ibm-cp850,
ibm-cp852, ibm-cp866, iso8859-11, iso8859-13, iso8859-16,
jisx0201.1976-0, jisx0208.1990-0, jisx0212.1990-0,
ksc5601.1987-0, microsoft-cp1250, microsoft-cp1251,
microsoft-cp1252, tcvn-0
With luit 2.0, the -encoding option permits you to use the
remaining files (as well as any you may have customized):
adobe-dingbats, adobe-standard, adobe-symbol, armscii-8,
ascii-0, big5-0, big5.cp950-0, cns11643-1, cns11643-2,
cns11643-3, gb18030-0, iso8859-6.16, iso8859-6.8x,
jisx0208.1983-0, ksc5601.1992-3, ksx1001.1997-0, ksx1001.1998-0,
ksx1001.1998-3, ksxjohab-1, microsoft-ansi, microsoft-cp1253,
microsoft-cp1254, microsoft-cp1255, microsoft-cp1256,
microsoft-cp1257, microsoft-cp1258, microsoft-win3.1,
mulearabic-0, mulearabic-1, mulearabic-2, mulelao-1,
sun.unicode.india-0, suneu-greek, tis620-0, tis620-2,
tis620.2529-1, tis620.2533-0, tis620.2533-1, viscii1.1-1
Some of the ".enc" files are unused by the old luit because
the font-encoding library has built-in tables of the ISO-8859-x
encodings and a few others. With luit 2.0, you can make a list
of the built-in tables as well as change luit's preference when
looking in the font-encoding files, built-in tables and iconv
tables. Luit 2.0 can use the data from iconv directly without
relying upon external ".enc" files. The ".enc" files (and
built-in tables) are preferred for performance reasons. Existing
users of luit would complain about the loss of 1- or 2-tenths
of a second for startup with CJK encodings. Really.
Normally luit uses your locale settings to determine the
corresponding character encoding. Use --list-iconv to see the
available choices, e.g.,
luit -list-iconv
Here is sample output on a suitably configured system. Your
system may have fewer (locale support generally has been made
more difficult to configure in systems geared toward novice
developers such as Ubuntu). But the portable iconv implementation
does support a wide range of encodings, and you may find
additional encodings using
iconv -l
On the Debian system where I am writing this, that gives a list
of 1168 encodings.
In this version, mlterm now supports NetBSD wsfb framebuffer
so NetBSD users can use a multi-lingual terminal without
Xserver on ports that support wsdisplay framebuffer console,
i.e. NetBSD/i386 with VESA framebuffer, NetBSD/dreamcast,
or even NetBSD/luna68k with 1bpp framebuffer.
Special thanks to Araki Ken, an auther of mlterm, for
various efforts and improvements for NetBSD wsfb support,
including dumb 1bpp optimizations on luna68k.
mlterm-fb demonstration movies are available on YouTube:
http://youtu.be/5IH1NYSVpHY (NetBSD/i386 6.1)
http://youtu.be/BP8AIceWgxA (NetBSD/luna68k 6.1)
pkgsrc changes:
- update descriptions per the framebuffer support
- add a MESSAGE file to mention miscellaneous configurations to use mlterm
- remove MAKE_JOBS_SAFE=no which has been fixed in upstream Makefiles
- split SUBST rules into ones for Makefiles, man page, and config files
- install misc README files in doc dirs which are useful after installation
- add "mlterm-fb" and "ibus" options and make mlterm-fb default
on supported platforms
- update PLIST per above changes (XXX tested only on NetBSD)
Upstream Changes per doc/en/ReleaseNote:
ver 3.2.0
* Support framebuffer on NetBSD.
* Support 1 bpp framebuffer.
* Support sixel graphics and wall pictures on 1 and 8 bpp framebuffer.
(See http://www.youtube.com/watch?v=djbEw0G_LMI and http://www.youtube.com/watch?v=5IH1NYSVpHY)
(Thanks to @tsutsuii san)
* Add "use_urgent_bell" option which is equivalent to "bellIsUrgent" option of
xterm and support CSI ? 1042.
* "only_use_unicode_font" and "not_use_unicode_font" options have an effect
on preedit and candidate characters of input method plugins.
* Add "sound|visual" to the value of "bel_mode" option.
* Enable to change "not_use_unicode_font" and "only_use_unicode_font" dynamically.
* Add "box_drawing_font" option.
* Support efont-unicode fonts for framebuffer.
* Bug fixes:
Fix the bug which disabled some shortcut keys in FreeBSD/framebuffer.
Fix the bug which ignored the specified encoding of "default_server" option
in opening a new pty.
Fix the bug which disabled sixel graphic images in framebuffer 16bpp.
Fix the bug which disabled inline pictures if use_dynamic_comb option is true.
Fix the bug of iBus input method plugin which disabled to erase the last
preedited character even if backspace key was pressed.
Fix the wrong height of the preediting cursor of the input method plugin
if the value of "inner_border" option isn't 2. (Thanks to @tsutsuii san)
Fix "use_dynamic_comb" option which didn't work anymore.
Fix the bug which disabled "UNUSED" key in ~/.mlterm/key.
Change key seuqences for modifier keys + cursor keys in application cursor key
mode. (e.g. Ctrl+Up: "\x1bO1;5A" -> "\x1b[1;5A") (Thanks to Mohammad Alsaleh)
This maintenance release brings happiness by getting rid of things
that make valgrind, clang, doclifter, automake, the GNOME build system,
various other static analyzers, and obsessive developers be unhappy.
Don't warn, be happy.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (10):
Clean up some clang warnings about sign conversion
Tell clang to shut up about the padding in struct xauth
unifdef -U__UNIXOS2__
Convert INCLUDES to AM_CPPFLAGS in preparation for automake-1.14 obsoletion
Use configure check for pathconf instead of X_NOT_POSIX #define
Check for configure's HAVE_UNISTD_H instead of X_NOT_POSIX
Replace strcpy+strcat pairs with snprintf calls
Call memcmp() instead of defining our own equivalent
Use remove() instead of unlink() to delete lock files
libXau 1.0.8
Chase Douglas (1):
Free XauFileName() static buffer at exit
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Eric S. Raymond (1):
Remove a use of tab stops.
XXX: these patches should go away, or be fed upstream.
A new major release 0.30.0 of the pixman rendering library is now
available. Highlights of this release:
- Support for high-quality image downscaling [Søren]
- Much improved ARMv6 assembly [Ben Avison]
- Improved rendering quality for gradients [Søren]
- Improvements to the SSE2 backend [Chris Wilson, Siarhei Siamashka]
- Improvements to MIPS DSPr2 backend [Nemanja Lukic]
- Improvements to test suite [Siarhei, Søren Sandmann]
This minor maintenance release adds a -version option to the command line,
and provides some minor code cleanups and build improvements.
Alan Coopersmith (9):
Mark usage() as _X_NORETURN
Declare 'len' as size_t to avoid unneccessary back-and-forth conversions
Combine usage messages into a single string
Add -version option to print version number
Add xrandr to SEE ALSO section of man page
Rename i & count in inner loop to avoid shadowing same named vars in outer loop
Convert sprintf calls to snprintf
Mark num_known_extensions as a const, since the size is fixed at compile time
xdpyinfo 1.3.1
Jon TURNEY (1):
Include Xwindows.h on WIN32 to avoid type clashes
* Require the mm-common version that actually allows avoiding
the dependency in the tarball as well as glibmm.
* Fix gtkmm-demo VS projects.
* Fix namespacing for Cairo.
Rename patch-gtk_a11y_gail.c to patch-gtk_a11y_gtkaccessibility.c
Many improvements, bug fixes and translation updates:
https://git.gnome.org/browse/gtk+/tree/NEWS?id=3.8.2
Highlights:
* Deprecations and removals:
- Custom CSS properties have been deprecated
- Support for color schemes has been removed
- gtk_style_provider_get_style, gtk_style_provider_get_icon_factory
- GtkGradient and GtkSymbolicColor
- All the padding style properties in menus
* CSS improvements:
- Add cycle detection to color resolving
* A lot of filechooser button fixes
* The print dialog now shows printers that are discovered
using avahi, if configured with --enable-avahi-browsing
* We now support the Window Manager frame synchronization protocol draft (when
running under a WM that supports it). This means applications will throttle
their drawing cycle to what the compositor is drawing, and the compositor
will never render half-updated windows, for seamless resizing and improved
smoothness in drawing.
See https://mail.gnome.org/archives/wm-spec-list/2013-January/msg00000.html
and the articles at http://blog.fishsoup.net/ for more details.
* We now support setting an opacity to any GtkWidget, not just toplevels:
gtk_window_set_opacity has been deprecated in favor of gtk_widget_set_opacity.
* GtkIconTheme gained asynchronous loaders for GtkIconInfo objects
* GtkIconInfo has changed from being a boxed type to a GObject. This
is technically an ABI change, but basically all existing code
will keep working if its used as a boxed type, and its not
possible to instantiate GtkIconInfos outside Gtk, so this is not
expected to be a big problem.
* GtkTreeView and GtkIconView allow single-click activation
* GtkImage can be set from a resource
* GdkWaylandDisplay is now public
* gdk_window_set_fullscreen_mode: new function to let windows
be fullscreened across multiple monitors
* We now use state flags for text direction: GTK_STATE_FLAG_LTR/RTL.
gtk_style_context_set_direction() has been deprecated.
* We install headers for accessible implementations of GTK+ widgets.
This makes it possible to implement accessibility for third-party
widgets by subclassing the proper GTK+ implementation. To do this,
include gtk/gtk-a11y.h.
* Invisible widgets now return a size of 0x0. This is an experimental
change that makes GtkWidget::visible essentially behave the same way
that "display: none" does in CSS. If you want the effect of CSS's
"visibility: hidden", you can use a GtkNotebook with an empty page.
* GtkFrame now draws a background.
* The Broadway backend now installs a separate server: broadwayd.
* GtkBuilder now lets you refer to external objects from a ui
file if the objects have been exported with the new function
gtk_builder_expose_object()
* Font handling has been improved:
- The default font is no longer handled like a custom style sheet
that overrides everything, but as the initial value. This is the
same behavior as in web browsers.
- It is now possible to set font-family and font-size like other
CSS properties, and relative font sizes are supported. Font
sizes in CSS can be specified as numbers or with keywords
like xx-small, medium, smaller, larger,...
* GTK+ now uses proper Unicode ellipses in strings.
A new version of libdrm has been released. The main motivation for this
release is the changes in the radeon surface allocator, which helps fix
multisample textures on the Radeon Cayman family chipsets.
Alex Deucher (4):
radeon: add new SI pci ids
radeon: add new richland pci ids
radeon: add HAINAN family
radeon: add HAINAN pci ids
Dave Airlie (1):
drm: add qxl drm header file
Marek Olšák (2):
radeon: add RADEON_SURF_FMASK flag which disables 2D->1D tiling transition
configure.ac: bump version to 2.4.45 for release
Rob Clark (3):
freedreno: add gpu-id property
Add exynos_fimg2d_test to .gitignore
freedreno: add synchronization between mesa and ddx
Xiang, Haihao (1):
intel: Add support for VEBOX ring (v2)
This minor maintenance release fixes some compiler warnings & man page
typos, and other code cleanups.
Alan Coopersmith (6):
Fix pixmap leak in error paths of BWGetUnzoomedPixmap
Combine usage messages into a single string
Fix genererate typo in bmtoa error messages
Simplify & unify error path between mktemp & mkstemp versions
Mark usage() functions as noreturn, as suggested by gcc
bitmap 1.0.7
Bjarni Ingi Gislason (1):
bitmap.man: Fix some typos.
