AgeCommit message (Expand)AuthorFilesLines
2015-02-11Bump to 1.16.4xorg-server-1.16.4server-1.16-branchJulien Cristau1-1/+1
2015-02-11xkb: Check strings length against request sizeOlivier Fourdan1-25/+40
2015-02-11xkb: Don't swap XkbSetGeometry data in the input bufferOlivier Fourdan1-16/+19
2015-02-01dri2: SourceOffloads may be for DRI3 onlyChris Wilson1-0/+3
2015-02-01dix: make RegionInit legal C++Adam Jackson1-1/+1
2015-02-01config/udev: Respect seat assignments when assigned devicesDave Airlie1-9/+21
2015-02-01randr: attempt to fix primary on slave output (v2)Dave Airlie3-7/+33
2015-02-01os: Fix timer race conditionsNikhil Mahale1-15/+26
2015-01-05dix: Allow zero-height PutImage requestsKeith Packard1-1/+1
2014-12-20Bump to 1.16.3xorg-server-1.16.3Julien Cristau1-2/+2
2014-12-09Bump to Cristau1-2/+2
2014-12-09dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]Keith Packard1-1/+1
2014-12-09Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]Keith Packard1-1/+1
2014-12-09glx: Can't mix declarations and code in sources [CVE-2014-8098 pt. 9]Keith Packard1-1/+2
2014-12-09dbe: Call to DDX SwapBuffers requires address of int, not unsigned int [CVE-2...Keith Packard1-2/+4
2014-12-09glx: Fix mask truncation in __glXGetAnswerBuffer [CVE-2014-8093 6/6]Robert Morell1-1/+1
2014-12-09glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]Adam Jackson5-154/+205
2014-12-09glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]Adam Jackson5-29/+95
2014-12-09glx: Length-checking for non-generated vendor private requests [CVE-2014-8098...Adam Jackson2-0/+4
2014-12-09glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]Adam Jackson1-5/+14
2014-12-09glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8...Adam Jackson1-0/+4
2014-12-09glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]Adam Jackson1-23/+34
2014-12-09glx: Integer overflow protection for non-generated render requests (v3) [CVE-...Adam Jackson1-36/+41
2014-12-09glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8]Julien Cristau1-11/+10
2014-12-09glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]Adam Jackson1-0/+41
2014-12-09glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]Adam Jackson1-0/+10
2014-12-09glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v...Adam Jackson2-2/+8
2014-12-09glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]Adam Jackson2-16/+16
2014-12-09glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]Adam Jackson1-2/+2
2014-12-09Add REQUEST_FIXED_SIZE testcases to test/misc.cAlan Coopersmith1-0/+37
2014-12-09Add request length checking test cases for some Xinput 2.x requestsAlan Coopersmith4-0/+20
2014-12-09Add request length checking test cases for some Xinput 1.x requestsAlan Coopersmith4-1/+158
2014-12-09xfixes: unvalidated length in SProcXFixesSelectSelectionInput [CVE-2014-8102]Alan Coopersmith1-0/+1
2014-12-09render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100 2/2]Alan Coopersmith1-1/+15
2014-12-09render: check request size before reading it [CVE-2014-8100 1/2]Julien Cristau1-2/+2
2014-12-09randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]Alan Coopersmith1-0/+4
2014-12-09present: unvalidated lengths in Present extension procs [CVE-2014-8103 2/2]Alan Coopersmith1-0/+6
2014-12-09dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103 1/2]Alan Coopersmith1-0/+6
2014-12-09Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]Alan Coopersmith1-0/+20
2014-12-09xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]Alan Coopersmith1-0/+1
2014-12-09Xi: unvalidated lengths in Xinput extension [CVE-2014-8095]Alan Coopersmith17-18/+94
2014-12-09dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]Alan Coopersmith1-3/+8
2014-12-09dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]Alan Coopersmith1-0/+3
2014-12-09dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]Alan Coopersmith1-1/+2
2014-12-09dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]Alan Coopersmith2-10/+20
2014-12-09dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]Alan Coopersmith1-0/+6
2014-12-09dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]Alan Coopersmith1-0/+3
2014-12-09unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]Alan Coopersmith1-0/+4
2014-12-09glx: check return from __glXGetAnswerBufferKeith Packard2-0/+51
2014-12-09present: Fix use of vsynced pageflips and honor PresentOptionAsync. (v4)Mario Kleiner1-1/+4