head 1.33; access; symbols pkgsrc-2023Q4:1.33.0.6 pkgsrc-2023Q4-base:1.33 pkgsrc-2023Q3:1.33.0.4 pkgsrc-2023Q3-base:1.33 pkgsrc-2023Q2:1.33.0.2 pkgsrc-2023Q2-base:1.33 pkgsrc-2023Q1:1.32.0.12 pkgsrc-2023Q1-base:1.32 pkgsrc-2022Q4:1.32.0.10 pkgsrc-2022Q4-base:1.32 pkgsrc-2022Q3:1.32.0.8 pkgsrc-2022Q3-base:1.32 pkgsrc-2022Q2:1.32.0.6 pkgsrc-2022Q2-base:1.32 pkgsrc-2022Q1:1.32.0.4 pkgsrc-2022Q1-base:1.32 pkgsrc-2021Q4:1.32.0.2 pkgsrc-2021Q4-base:1.32 pkgsrc-2021Q3:1.30.0.2 pkgsrc-2021Q3-base:1.30 pkgsrc-2021Q2:1.29.0.18 pkgsrc-2021Q2-base:1.29 pkgsrc-2021Q1:1.29.0.16 pkgsrc-2021Q1-base:1.29 pkgsrc-2020Q4:1.29.0.14 pkgsrc-2020Q4-base:1.29 pkgsrc-2020Q3:1.29.0.12 pkgsrc-2020Q3-base:1.29 pkgsrc-2020Q2:1.29.0.10 pkgsrc-2020Q2-base:1.29 pkgsrc-2020Q1:1.29.0.6 pkgsrc-2020Q1-base:1.29 pkgsrc-2019Q4:1.29.0.8 pkgsrc-2019Q4-base:1.29 pkgsrc-2019Q3:1.29.0.4 pkgsrc-2019Q3-base:1.29 pkgsrc-2019Q2:1.29.0.2 pkgsrc-2019Q2-base:1.29 pkgsrc-2019Q1:1.28.0.20 pkgsrc-2019Q1-base:1.28 pkgsrc-2018Q4:1.28.0.18 pkgsrc-2018Q4-base:1.28 pkgsrc-2018Q3:1.28.0.16 pkgsrc-2018Q3-base:1.28 pkgsrc-2018Q2:1.28.0.14 pkgsrc-2018Q2-base:1.28 pkgsrc-2018Q1:1.28.0.12 pkgsrc-2018Q1-base:1.28 pkgsrc-2017Q4:1.28.0.10 pkgsrc-2017Q4-base:1.28 pkgsrc-2017Q3:1.28.0.8 pkgsrc-2017Q3-base:1.28 pkgsrc-2017Q2:1.28.0.4 pkgsrc-2017Q2-base:1.28 pkgsrc-2017Q1:1.28.0.2 pkgsrc-2017Q1-base:1.28 pkgsrc-2016Q4:1.27.0.2 pkgsrc-2016Q4-base:1.27 pkgsrc-2016Q3:1.25.0.6 pkgsrc-2016Q3-base:1.25 pkgsrc-2016Q2:1.25.0.4 pkgsrc-2016Q2-base:1.25 pkgsrc-2016Q1:1.25.0.2 pkgsrc-2016Q1-base:1.25 pkgsrc-2015Q4:1.24.0.2 pkgsrc-2015Q4-base:1.24 pkgsrc-2015Q3:1.23.0.2 pkgsrc-2015Q3-base:1.23 pkgsrc-2015Q2:1.22.0.8 pkgsrc-2015Q2-base:1.22 pkgsrc-2015Q1:1.22.0.6 pkgsrc-2015Q1-base:1.22 pkgsrc-2014Q4:1.22.0.4 pkgsrc-2014Q4-base:1.22 pkgsrc-2014Q3:1.22.0.2 pkgsrc-2014Q3-base:1.22 pkgsrc-2014Q2:1.20.0.8 pkgsrc-2014Q2-base:1.20 pkgsrc-2014Q1:1.20.0.6 pkgsrc-2014Q1-base:1.20 pkgsrc-2013Q4:1.20.0.4 pkgsrc-2013Q4-base:1.20 pkgsrc-2013Q3:1.20.0.2 pkgsrc-2013Q3-base:1.20 pkgsrc-2013Q2:1.19.0.2 pkgsrc-2013Q2-base:1.19 pkgsrc-2013Q1:1.18.0.2 pkgsrc-2013Q1-base:1.18 pkgsrc-2012Q4:1.15.0.4 pkgsrc-2012Q4-base:1.15 pkgsrc-2012Q3:1.15.0.2 pkgsrc-2012Q3-base:1.15 pkgsrc-2012Q2:1.14.0.10 pkgsrc-2012Q2-base:1.14 pkgsrc-2012Q1:1.14.0.8 pkgsrc-2012Q1-base:1.14 pkgsrc-2011Q4:1.14.0.6 pkgsrc-2011Q4-base:1.14 pkgsrc-2011Q3:1.14.0.4 pkgsrc-2011Q3-base:1.14 pkgsrc-2011Q2:1.14.0.2 pkgsrc-2011Q2-base:1.14 pkgsrc-2011Q1:1.13.0.6 pkgsrc-2011Q1-base:1.13 pkgsrc-2010Q4:1.13.0.4 pkgsrc-2010Q4-base:1.13 pkgsrc-2010Q3:1.13.0.2 pkgsrc-2010Q3-base:1.13 pkgsrc-2010Q2:1.12.0.2 pkgsrc-2010Q2-base:1.12 pkgsrc-2010Q1:1.11.0.10 pkgsrc-2010Q1-base:1.11 pkgsrc-2009Q4:1.11.0.8 pkgsrc-2009Q4-base:1.11 pkgsrc-2009Q3:1.11.0.6 pkgsrc-2009Q3-base:1.11 pkgsrc-2009Q2:1.11.0.4 pkgsrc-2009Q2-base:1.11 pkgsrc-2009Q1:1.11.0.2 pkgsrc-2009Q1-base:1.11 pkgsrc-2008Q4:1.9.0.2 pkgsrc-2008Q4-base:1.9 pkgsrc-2008Q3:1.8.0.10 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.8.0.8 cube-native-xorg-base:1.8 pkgsrc-2008Q2:1.8.0.6 pkgsrc-2008Q2-base:1.8 cwrapper:1.8.0.4 pkgsrc-2008Q1:1.8.0.2 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.7.0.4 pkgsrc-2007Q4-base:1.7 pkgsrc-2007Q3:1.7.0.2 pkgsrc-2007Q3-base:1.7 pkgsrc-2007Q2:1.2.0.4 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.2 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.1.1.1.0.2 pkgsrc-2006Q4-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.33 date 2023.05.04.09.43.56; author wiz; state Exp; branches; next 1.32; commitid rYRri9UuwikA2DnE; 1.32 date 2021.10.26.11.34.06; author nia; state Exp; branches; next 1.31; commitid MHqjP6oNOKJ4ujeD; 1.31 date 2021.10.07.15.13.51; author nia; state Exp; branches; next 1.30; commitid P2riI8QJYhdyjTbD; 1.30 date 2021.09.16.08.39.06; author wiz; state Exp; branches; next 1.29; commitid ilx4eaN4KnjaO99D; 1.29 date 2019.06.19.17.30.51; author wiz; state Exp; branches; next 1.28; commitid cNfTk50aaRsL6PrB; 1.28 date 2017.01.23.07.41.27; author wiz; state Exp; branches; next 1.27; commitid 6LrocdnrEowk24Dz; 1.27 date 2016.10.25.12.30.02; author wiz; state Exp; branches; next 1.26; commitid mYvUdi7U6pyywwrz; 1.26 date 2016.10.04.22.00.01; author wiz; state Exp; branches; next 1.25; commitid lJZZGsSeva63mSoz; 1.25 date 2015.12.27.11.31.35; author wiz; state Exp; branches; next 1.24; commitid KNb91H3rBnttWzOy; 1.24 date 2015.11.04.03.28.46; author agc; state Exp; branches; next 1.23; commitid lW4FTm8V2IrjYIHy; 1.23 date 2015.09.09.17.55.39; author wiz; state Exp; branches; next 1.22; commitid c2kLC7z40GbtzBAy; 1.22 date 2014.07.19.06.12.44; author wiz; state Exp; branches; next 1.21; commitid aF2Q6Zia43ya5XIx; 1.21 date 2014.07.12.14.38.18; author wiz; state Exp; branches; next 1.20; commitid NeK9BgORyNjD66Ix; 1.20 date 2013.07.03.06.27.03; author wiz; state Exp; branches; next 1.19; commitid 5MzuM9CDNog4pZVw; 1.19 date 2013.04.05.09.11.57; author wiz; state Exp; branches 1.19.2.1; next 1.18; 1.18 date 2013.03.12.11.39.49; author wiz; state Exp; branches; next 1.17; 1.17 date 2013.03.07.06.36.28; author wiz; state Exp; branches; next 1.16; 1.16 date 2013.01.21.13.59.14; author wiz; state Exp; branches; next 1.15; 1.15 date 2012.07.13.15.14.42; author wiz; state Exp; branches; next 1.14; 1.14 date 2011.06.12.00.21.53; author dholland; state Exp; branches; next 1.13; 1.13 date 2010.09.10.18.52.06; author joerg; state Exp; branches; next 1.12; 1.12 date 2010.04.09.08.46.32; author tnn; state Exp; branches; next 1.11; 1.11 date 2009.02.27.21.36.10; author wiz; state Exp; branches; next 1.10; 1.10 date 2009.01.07.21.58.09; author wiz; state Exp; branches; next 1.9; 1.9 date 2008.11.17.11.30.31; author wiz; state Exp; branches; next 1.8; 1.8 date 2008.01.29.03.45.36; author bjs; state Exp; branches; next 1.7; 1.7 date 2007.09.21.20.47.14; author joerg; state Exp; branches; next 1.6; 1.6 date 2007.09.21.19.39.11; author joerg; state Exp; branches; next 1.5; 1.5 date 2007.09.21.19.28.47; author bjs; state Exp; branches; next 1.4; 1.4 date 2007.08.05.21.49.26; author joerg; state Exp; branches; next 1.3; 1.3 date 2007.07.12.17.11.58; author joerg; state Exp; branches; next 1.2; 1.2 date 2007.01.23.14.30.17; author joerg; state Exp; branches; next 1.1; 1.1 date 2006.11.03.18.24.38; author joerg; state Exp; branches 1.1.1.1; next ; 1.19.2.1 date 2013.07.15.19.41.34; author tron; state Exp; branches; next ; commitid CNOvJnGBLfafqBXw; 1.1.1.1 date 2006.11.03.18.24.38; author joerg; state Exp; branches; next ; desc @@ 1.33 log @libXi: update to 1.8.1. Alan Coopersmith (6): Build xz tarballs instead of bzip2 Fix spelling/wording issues gitlab CI: enable commit & merge request checks gitlab CI: enable gitlab's builtin static analysis XInput_find_display: Don't dereference NULL dpyinfo configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL Peter Hutterer (2): Initialize a few stack vars to zero libXi 1.8.1 @ text @$NetBSD: distinfo,v 1.32 2021/10/26 11:34:06 nia Exp $ BLAKE2s (libXi-1.8.1.tar.xz) = 667e58b8de067f64e571766348d4e7552d64fb19f7cca34c83f874cbf8bc860d SHA512 (libXi-1.8.1.tar.xz) = a30b1a07e6d710f5196e7477415d68074736f89d954e8f2d5ccc9b5f349e7d1d440c90fb512508176b5db5ecad55608cfb540872936b731963fd83343db3a0b9 Size (libXi-1.8.1.tar.xz) = 404252 bytes @ 1.32 log @x11: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./x11/py-qt4/distinfo PyQt4_gpl_mac-4.12.3.tar.gz @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31 2021/10/07 15:13:51 nia Exp $ d3 3 a5 3 BLAKE2s (libXi-1.8.tar.bz2) = b6f3552f121ff262b17bacecce1aa5788500ec96d5e0f1334d5171ad1e22ebe7 SHA512 (libXi-1.8.tar.bz2) = 4b2c667a8466eb389f253d77285c3f506c4a2b6c75054c722974a864565d565cc0c5701f8ea773eb929ceb94adfeb737ecd7a0bfc2c240157416a5f343c07aba Size (libXi-1.8.tar.bz2) = 494579 bytes @ 1.31 log @x11: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.30 2021/09/16 08:39:06 wiz Exp $ d3 1 a3 1 RMD160 (libXi-1.8.tar.bz2) = a625441d87c45b34f9678fd6b634911d29e67b88 @ 1.30 log @libXi: update to 1.8. This release of libXi marks the support of XI 2.4 touchpad gesture events official. This feature is the only difference between libXi 1.8 and the latest release in the 1.7.x series (1.7.10). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.29 2019/06/19 17:30:51 wiz Exp $ a2 1 SHA1 (libXi-1.8.tar.bz2) = 7a3de1135ddb81f30735cb8772aa4819d27a9c1f @ 1.29 log @libXi: update to 1.7.10. Alan Coopersmith (2): Update README for gitlab migration Update configure.ac bug URL for gitlab migration Alexander Bersenev (1): Fix the FIXME in XIValuatorClass case of copy_classes function in XExtInt.c Emil Velikov (1): autogen.sh: use quoted string variables Jeff Smith (1): _XIPassiveGrabDevice needs to set time value Matt Turner (2): Replace open-coded FP3232_TO_DOUBLE libXi 1.7.10 Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (2): autogen.sh: use exec instead of waiting for configure to finish man: add a bunch of missing spaces Raphaël Droz (1): Update XIChangeHierarchy.txt @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.28 2017/01/23 07:41:27 wiz Exp $ d3 4 a6 4 SHA1 (libXi-1.7.10.tar.bz2) = 79052e50ea07ce2431f8988a60553d9091d46207 RMD160 (libXi-1.7.10.tar.bz2) = 28fa5b4378ba4cc2ffcfd6bdea073a1b28ecf817 SHA512 (libXi-1.7.10.tar.bz2) = 591f0860bf5904897587c4990d6c852f3729a212d1ef390362d41242440e078221877c31db2232d5cc81727fe97f4e194b077f7de917e251e60641bbd06ee218 Size (libXi-1.7.10.tar.bz2) = 484519 bytes @ 1.28 log @Updated libXi to 1.7.9. A few minor bugfixes, nothing exciting. Emilio Pozuelo Monfort (3): Plug a memory leak Check that allocating a buffer succeeded Fix possible free of uninitialized pointer Peter Hutterer (1): libXi 1.7.9 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.27 2016/10/25 12:30:02 wiz Exp $ d3 4 a6 4 SHA1 (libXi-1.7.9.tar.bz2) = 70d1148c39c0eaa7d7c18370f20709383271f669 RMD160 (libXi-1.7.9.tar.bz2) = 68ccceac3fe2c26fcc93b7190d26a0a5d319ad15 SHA512 (libXi-1.7.9.tar.bz2) = 9f1536944fcd232ba725addbc3afb1154c4e0df3c4380f4a54bada31371029ce3714fe0458529cd6b2787e3283f3bd35366420bca15fedfbd41f2f6b10eddce5 Size (libXi-1.7.9.tar.bz2) = 486312 bytes @ 1.27 log @Updated libXi to 1.7.8. This release fixes a crash introduced in the 1.7.7 release. If a device has no classes, a wrong error was returned, eventually causing some applications to crash. This is fixed now. Niels Ole Salscheider (1): SizeClassInfo can return 0 even without an error Peter Hutterer (2): XListInputDevices: don't touch ndevices in case of error libXi 1.7.8 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2016/10/04 22:00:01 wiz Exp $ d3 4 a6 4 SHA1 (libXi-1.7.8.tar.bz2) = 8a07a2ff4cb39c87aeebbac3118f10e87b854637 RMD160 (libXi-1.7.8.tar.bz2) = 3df3dc45f1a9b7be66d5f3fc19044e7dc375bd3d SHA512 (libXi-1.7.8.tar.bz2) = 36d8b48a4f98d3d41a65ba30c19506f776d72093380e66192048a72bb24868edb9fc7304071ca9207e9ac5c389398da59c639bb17abab5d6ef7a905ecd4c8816 Size (libXi-1.7.8.tar.bz2) = 486332 bytes @ 1.26 log @Updated libXi to 1.7.7. Matthieu Herrb (1): libXi 1.7.7 Tobias Stoeckmann (1): Properly validate server responses. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2015/12/27 11:31:35 wiz Exp $ d3 4 a6 4 SHA1 (libXi-1.7.7.tar.bz2) = 37d150d7cc7061612643a3b8f458ff004edc6f2d RMD160 (libXi-1.7.7.tar.bz2) = 8d56d45488ab9e9705b8d2f30e5c79aab90f8798 SHA512 (libXi-1.7.7.tar.bz2) = 2501ee104753c54cc067b71c07d8add35c4c2f961eb8041cc6aa1963ec34032fa827c2db4d88097ec3e667a591c759b75007f92daa3b6834db5c5485fc243557 Size (libXi-1.7.7.tar.bz2) = 460047 bytes @ 1.25 log @Update libXi to 1.7.6. One significant change here: libXi was using raw serial numbers in event cookies, the one read off the wire. All other events don't use that number but a Xlib-internal serial number which is similar but not always the same. This could cause events to look out of order. With this release, libXi is now using the same serial number for event cookies as it uses for all other events. Javier Pello (1): Fix const compiler warnings Peter Hutterer (2): Don't use raw serial numbers in XIEvents libXi 1.7.6 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2015/11/04 03:28:46 agc Exp $ d3 4 a6 4 SHA1 (libXi-1.7.6.tar.bz2) = 0bf1c2b8279915d8c94e45cd0b9ec064f7a177a9 RMD160 (libXi-1.7.6.tar.bz2) = 1eb67ecfd38d3faec64472c62c167a44d2ee894e SHA512 (libXi-1.7.6.tar.bz2) = 229e1e6e1486808ffad9610a8fd7930bd3348fa5d11709adcb6239b5c01af877ac549072e8d3aec605a3835d8278fd48146db50577fa031407d20c1e871d8f4a Size (libXi-1.7.6.tar.bz2) = 484485 bytes @ 1.24 log @Add SHA512 digests for distfiles for x11 category Problems found locating distfiles: Package modular-xorg-server: missing distfile xorg-server-1.17.4.tar.bz2 Package py-qt4: missing distfile PyQt-mac-gpl-4.11.1.tar.gz Package xservers: missing distfile xservers-3.3.6.5.tar.bz2 Package xview-clients: missing distfile xview3.2p1-X11R6.tar.gz Package xview-lib: missing distfile xview3.2p1-X11R6.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2015/09/09 17:55:39 wiz Exp $ d3 4 a6 4 SHA1 (libXi-1.7.5.tar.bz2) = 00fa8883c5297b9bf1a87f37cba9a15f6f026d9d RMD160 (libXi-1.7.5.tar.bz2) = a7b25be5e5ceae7bd55536b2c94d2dd5d57029fd SHA512 (libXi-1.7.5.tar.bz2) = 5dfdf872399a85692ef681f4fb8632866783317971e72b046685a906d98007c6b19d1650270861b3457d0a817365ce57e532481b682dd2e36558c815f8919a59 Size (libXi-1.7.5.tar.bz2) = 464719 bytes @ 1.23 log @Update to 1.7.5: A couple of important bugfixes that have accumulated over the last year. Cosimo Cecchi (1): Fix version check in _XIAllowEvents Julien Cristau (1): Advance the request buffer by the right amount in XIChangeHierarchy Michal Srb (7): Fix double unlock when _XiCheckExtInit return -1. XIChangeHierarchy: Add missing unlock. Do not return NoSuchExtension casted to pointer as an error. XIGetClientPointer: Return False on error. Fix logic in _XIAllowEvents and prevent double unlock. Refactor XGetExtensionVersion. XIGrabDevice: Unlock display in error path. Peter Hutterer (1): libXi 1.7.5 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2014/07/19 06:12:44 wiz Exp $ d5 1 @ 1.22 log @Update to 1.7.4: More locking bugs fixed, so here's a minor release to make packaging easier. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2014/07/12 14:38:18 wiz Exp $ d3 3 a5 3 SHA1 (libXi-1.7.4.tar.bz2) = d206af66ca9472784a6f05e719121e4d21a1adb1 RMD160 (libXi-1.7.4.tar.bz2) = e6b5dae869f56fe04e82e926de88b068c95b9c2b Size (libXi-1.7.4.tar.bz2) = 458378 bytes @ 1.21 log @Update to 1.7.3: Two important patches fixing deadlocks when using XIPassiveGrab requests. You're recommended to updated. Note that we now require libX11 1.6, that's a new dependency over 1.7.2 but it's over a year old by now anyway. Jasper St. Pierre (2): XIPassiveGrab: Fix display locking inside _XIPassiveGrabDevice for error paths XIPassiveGrab: Fix completely broken locking in XIGrabTouchBegin Keith Packard (1): man: Update XIQueryVersion docs to match new version compatibility semantics Michael Joost (1): Remove fallback for _XEatDataWords, require libX11 1.6 for it Peter Hutterer (1): libXi 1.7.3 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2013/07/03 06:27:03 wiz Exp $ d3 3 a5 3 SHA1 (libXi-1.7.3.tar.bz2) = 45457f1775e9dc5bb18b88bf812c7784a14cfd6a RMD160 (libXi-1.7.3.tar.bz2) = 148df6688c648d7da8da7d8d9182fc8b973eb44d Size (libXi-1.7.3.tar.bz2) = 458202 bytes @ 1.20 log @Update to 1.7.2. Changes in 1.7.2: Only one minor change since the RC. Again, this release contains the fixes for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995 so you're encouraged to update. Peter Hutterer (1): libXi 1.7.2 Thomas Klausner (1): Remove check that can never be true. Changses in 1.7.1.901: First and likely only RC for libXi 1.7.2. This one has a bunch of changes for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various integer overflows and other corruption that happens if we trust the server a bit too much on the data we're being sent. On top of those fixes, the sequence number in XI2 events is now set propertly too (#64687). Please test, if you find any issues let me know. Alan Coopersmith (14): Expand comment on the memory vs. reply ordering in XIGetSelectedEvents() Use _XEatDataWords to avoid overflow of rep.length bit shifting Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3] memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3] unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3] integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8] integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8] integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8] integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8] integer overflow in XIGetProperty() [CVE-2013-1984 5/8] integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8] Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8] Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8] sign extension issue in XListInputDevices() [CVE-2013-1995] Peter Hutterer (7): Copy the sequence number into the target event too (#64687) Don't overwrite the cookies serial number Fix potential corruption in mask_len handling Change size += to size = in XGetDeviceControl If the XGetDeviceDontPropagateList reply has an invalid length, return 0 Include limits.h to prevent build error: missing INT_MAX libXi 1.7.1.901 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2013/04/05 09:11:57 wiz Exp $ d3 3 a5 3 SHA1 (libXi-1.7.2.tar.bz2) = 53c90cd52e40065e04886f046383c1e5c507e0c4 RMD160 (libXi-1.7.2.tar.bz2) = 514199e00894f280400f86b613b4f208133d7ee1 Size (libXi-1.7.2.tar.bz2) = 440969 bytes @ 1.19 log @Update to 1.7.1: Only a single fix: including the XFixes header to get the typedef for PointerBarrier. Naturally, this adds a pkgconfig build-time dependency on XFixes. Why? The header shipped with 1.7 typedef'd PointerBarrier. If you #include both XI and Xfixes headers, you will end up with a duplicate typedef. This is not an issue on gcc >= 4.6 since the two typedef's are the same. On earlier versions this will trigger an error. gcc 4.6 -pedantic-errors will trigger the same error. Peter Hutterer (2): Require XFixes for PointerBarrier, remove duplicate typedef libXi 1.7.1 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2013/03/12 11:39:49 wiz Exp $ d3 3 a5 3 SHA1 (libXi-1.7.1.tar.bz2) = 0737f2344c661523bd5903a727c3371cebb2b0f3 RMD160 (libXi-1.7.1.tar.bz2) = 7e871fead6d1c276480868a1099fbd05b519df30 Size (libXi-1.7.1.tar.bz2) = 434569 bytes @ 1.19.2.1 log @Pullup ticket #4177 - requested by taca x11/libXi: security update Revisions pulled up: - x11/libXi/Makefile 1.24 - x11/libXi/distinfo 1.20 --- Module Name: pkgsrc Committed By: wiz Date: Wed Jul 3 06:27:03 UTC 2013 Modified Files: pkgsrc/x11/libXi: Makefile distinfo Log Message: Update to 1.7.2. Changes in 1.7.2: Only one minor change since the RC. Again, this release contains the fixes for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995 so you're encouraged to update. Peter Hutterer (1): libXi 1.7.2 Thomas Klausner (1): Remove check that can never be true. Changses in 1.7.1.901: First and likely only RC for libXi 1.7.2. This one has a bunch of changes for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various integer overflows and other corruption that happens if we trust the server a bit too much on the data we're being sent. On top of those fixes, the sequence number in XI2 events is now set propertly too (#64687). Please test, if you find any issues let me know. Alan Coopersmith (14): Expand comment on the memory vs. reply ordering in XIGetSelectedEvents() Use _XEatDataWords to avoid overflow of rep.length bit shifting Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3] memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3] unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3] integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8] integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8] integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8] integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8] integer overflow in XIGetProperty() [CVE-2013-1984 5/8] integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8] Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8] Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8] sign extension issue in XListInputDevices() [CVE-2013-1995] Peter Hutterer (7): Copy the sequence number into the target event too (#64687) Don't overwrite the cookies serial number Fix potential corruption in mask_len handling Change size += to size = in XGetDeviceControl If the XGetDeviceDontPropagateList reply has an invalid length, return 0 Include limits.h to prevent build error: missing INT_MAX libXi 1.7.1.901 @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 SHA1 (libXi-1.7.2.tar.bz2) = 53c90cd52e40065e04886f046383c1e5c507e0c4 RMD160 (libXi-1.7.2.tar.bz2) = 514199e00894f280400f86b613b4f208133d7ee1 Size (libXi-1.7.2.tar.bz2) = 440969 bytes @ 1.18 log @redefinition of PointerBarrier. gcc 4.6 won't complain about that, but earlier versions do: http://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=ce3765bf44e49ef0568a1ad4a0b7f807591d6412 gcc 4.6 with -pedantic-errors shows: /opt/xorg/include/X11/extensions/XInput2.h:172:13: error: redefinition of typedef ‘PointerBarrier’ [-pedantic] In file included from test.c:1:0: /opt/xorg/include/X11/extensions/Xfixes.h:255:13: note: previous declaration of ‘PointerBarrier’ was here PointerBarriers is defined in XFixes.h and here. So hook onto the only thing we can in Xfixes.h and use that to figure out if we need to typedef ourselves. XFIXES_MAJOR is defined in xfixeswire.h, so we can't hook onto it directly. Adding this ifdef here means we have include order dependency of XFixes.h before XInput2.h unless we add a similar ifdef to the fixes headers. Signed-off-by: Peter Hutterer --- Nasty, but can't think of a better way atm. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2013/03/07 06:36:28 wiz Exp $ d3 3 a5 4 SHA1 (libXi-1.7.tar.bz2) = 1c4e992094f71103660f16329b228b081f48d48c RMD160 (libXi-1.7.tar.bz2) = 368ed28a1562dff67ebdb6e7433205e04c62c0a0 Size (libXi-1.7.tar.bz2) = 433745 bytes SHA1 (patch-include_X11_extensions_XInput2.h) = 6e1e5dd3aa8c4b0507aca44c8b7ae51a45cf1b69 @ 1.17 log @Update to 1.7: The feature added in this revision is pointer barrier events and releases. Pointer barriers themselves are an XFixes 5 feature, XI 2.3 adds two disctinct features to barriers: * the ability for clients to get notified if pointer movement is restricted by a barrier * the ability for clients to allow a pointer to move through a barrier after it was constrained by the barrier For a more verbose explanation of these features please refer to: http://who-t.blogspot.com.au/2012/12/whats-new-in-xi-23-pointer-barrier.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2013/01/21 13:59:14 wiz Exp $ d6 1 @ 1.16 log @Update to 1.6.2: Two man page fixes and a fix to enable generic event copying for raw touch events (using in e.g. XPeekEvent()) Benjamin Tissoires (1): Add missing XI_RawTouch* in XInputCopyCookie Peter Hutterer (3): man: fix formatting issues in XGetDeviceControl(3) man: add generation of missing man pages for XIGrabTouchBegin libXi 1.6.2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2012/07/13 15:14:42 wiz Exp $ d3 3 a5 3 SHA1 (libXi-1.6.2.tar.bz2) = ac00cf9790648c17815860b10c9a6abbe32bb175 RMD160 (libXi-1.6.2.tar.bz2) = 3e7c9f36ef6aa6be6af355b8f64f31c1b9823e10 Size (libXi-1.6.2.tar.bz2) = 428938 bytes @ 1.15 log @Update to 1.6.1. meta-pkgs/modular-xorg still builds. 1.6.1: Major bugs fixed: - wrong button and mask copy (doesn't just affect OS X, despite the commit log) - raw event sourceid is now set Chase Douglas (1): Destroy extension record after last display is removed Peter Hutterer (5): Fix wrong button label and mask copy on OS X Move version comparison into a helper function. Set the RawEvent sourceid (#34240) man: update XIQueryVersion for current server behaviour libXi 1.6.1 1.6.0: The main fix that libXi 1.6 brings is support for XI 2.2 multitouch events and the matching protocol changes. Chase Douglas (1): Fix XIScrollClass increment value on 32-bit machines Cyril Brulebois (1): configure.ac: Fix a typo in comments. Michał Masłowski (1): Fix bus error on MIPS N32 for bug #38331. Peter Hutterer (8): Bump to 1.5.99.1 Implement support for XI 2.2 libXi 1.5.99.2 man: fix typo Mappiing → Mapping Force class alignment to a multiple of sizeof(XID). Handle new XIAllowEvent request size libXi 1.5.99.3 libXi 1.6.0 1.5.0: libXi 1.5.0 is an interim version of libXi that includes the smooth scrolling support that XI 2.1 brings. Note that no servers released by X.Org currently supports smooth scrolling, this feature is still limited to the 1.12 development versions. In addition to the smooth scrolling support, this release brings a number of cleanups, bugfixes (most of which were on 1.4.5) and a set of man page improvements. Alan Coopersmith (3): Move Xinput server API documentation from libXi to xserver Fix the FIXME output in man page .TH macros generated by asciidoc Make shadow man pages generated by asciidoc work with Solaris man Gaetan Nadon (13): Documentation: add Docbook external references support make: remove unneeded AM_V_GEN silent rule directive. make: use AM_V_at rather than AM_V_GEN to prefix the mv command Install target dbs alongside generated documents Install xml versions of specs even if HAVE_XMLTO is false docbook.am: global maintenance update - entities, images and olinking docbook.am: embed css styles inside the HTML HEAD element docs: remove which is not used by default docs: use the &fullrelvers; entity to set X11 release information inputlib: fix copyright statements inputlib: prefix 1.0 with the word Version inputlib: restore original title "X Input Device Extension Library" specs: refactor and complete copyright legal text Jeremy Huddleston (1): Use AM_CPPFLAGS to use in tree headers before installed headers Matt Dew (2): Add id attributes to funcsynopsis to allow other docs to olink to them. 1 - fix the capitalization of the ID attriutes to match either the Matthieu Herrb (1): Fix XISelectEvents on 64 bits, strict alignement architectures. Peter Hutterer (34): Allocate enough memory for raw events + extra data. XIChangeHierarchy: Return Success early if no actual changes are requested. Remove a few unused assignments. man: fix typo, layout in XGetExtensionVersion.man Silence compiler warning in XListDProp.c Silence compiler warning due to differnent event conversion procs man: fix missing comma in XIGrabEnter man page Use Data, not Data32 in XIPassiveGrabDevice man: Fix wrong event names in XIGrabButton. man: Fix typo in XIChangeProperty Bump to 1.4.99 man: Fix formatting in XGetFeedbackControl Add XI2 library-internal array offsets to XIint.h Don't use the protocol defines for 2.0 versioning. Handle unknown device classes. man: fix typo in XIQueryDevice man page man: update property and grab man pages for new constants Handle unknown device classes. man: fix typo in XIQueryDevice man page man: update property and grab man pages for new constants Require inputproto 2.0.99.1 or later Support XI 2.1 internally Support XI 2.1 XIScrollClass Use a separate nclasses variable in XIQueryDevice Remove superfluous assignment of lib->classes in XIQueryDevices. Bump to 1.4.99.1 man: fix #include for XIGrabButton man: XIGrabButton returns error codes, not status codes man: passive grabs return the number of failed modifier combinations Fix duplicate sizeof in copy_classes Stop unnecessary calls to size_classes Include config.h from source files man: minor formatting fix in XIGrabButton libXi 1.5.0 1.4.5: libXi 1.4.4 caused requests to fail if the library was built against 2.1 or 2.2 protocol headers. Instead of requiring 2.0 for XI2 requests, the library required the protocol version (2.1 or 2.2 depending on the proto) and failed if the server did not support that version. This again caused virtually all XI2 requests to fail if you didn't happen to run an X server from git. The patch below hardcodes 2.0 for those requests that require 2.0, regardless of the protocol version. You are strongly enocuraged to update. This issue is not visible when built against inputproto 2.0.x Peter Hutterer (2): Don't use the protocol defines for 2.0 versioning. libXi 1.4.5 1.4.4: libXi 1.4.4 comes with two memory fixes that can cause crashes in clients. Commit "Handle unknown device classes" can only be triggered when libXi 1.4.x runs against the git X server. If the XIQueryDevice() reply contained classes unknown to libXi, we didn't allocate memory for these classes and ended up overwriting valid ones. Commit "Fix duplicate sizeof in copy_classes" fixes a typo, instead of malloc(X * sizeof(Y)) the code called malloc(sizeof(X * sizeof(Y))). This could lead to memory corruption. Peter Hutterer (8): man: Fix formatting in XGetFeedbackControl man: fix typo in XIQueryDevice man page Handle unknown device classes. man: fix #include for XIGrabButton man: XIGrabButton returns error codes, not status codes man: passive grabs return the number of failed modifier combinations Fix duplicate sizeof in copy_classes libXi 1.4.4 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2011/06/12 00:21:53 dholland Exp $ d3 3 a5 3 SHA1 (libXi-1.6.1.tar.bz2) = 4b53b41fdaa3acc86606c696c68d5eed11454612 RMD160 (libXi-1.6.1.tar.bz2) = 2e368991d370d5696f55ef4bfa25306a5b44c214 Size (libXi-1.6.1.tar.bz2) = 427062 bytes @ 1.14 log @Update to libXi-1.4.3: bug and doc fixes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2010/09/10 18:52:06 joerg Exp $ d3 3 a5 3 SHA1 (libXi-1.4.3.tar.bz2) = c66cfdee74e8d169a7992b5f257395e653ca761b RMD160 (libXi-1.4.3.tar.bz2) = 142d44e8e13abbb8a41826b7005f8ede1807e3ff Size (libXi-1.4.3.tar.bz2) = 422637 bytes @ 1.13 log @Update to libXi-1.3.2: Viarous bug fixes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2010/04/09 08:46:32 tnn Exp $ d3 3 a5 3 SHA1 (libXi-1.3.2.tar.bz2) = 50fdac374d45feb4fe39938d3530bd4f314f3a85 RMD160 (libXi-1.3.2.tar.bz2) = c3811a4c3ed3b8d216ba1ac53b7d51fc2beaa449 Size (libXi-1.3.2.tar.bz2) = 362340 bytes @ 1.12 log @Update to libXi-1.3. Most notable change is that this brings XI2 support, matching changes noted in the inputproto-2.0 update. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2009/02/27 21:36:10 wiz Exp $ d3 3 a5 3 SHA1 (libXi-1.3.tar.bz2) = 7685f2881ce40b13028d9409eedbb9cf1ed0d8ef RMD160 (libXi-1.3.tar.bz2) = d7848e8dc9a6a3882bf722eccf75f21b5f99fecd Size (libXi-1.3.tar.bz2) = 350827 bytes @ 1.11 log @Update to 1.2.1: libXi 1.2.1. Fixes a potential memory overflow in XGetDeviceControl. Alan Coopersmith (1): Add README with pointers to mailing list, bugzilla & git repos Paulo Cesar Pereira de Andrade (1): Return NULL on error, and match LockDisplay with UnlockDisplay. Peter Hutterer (3): XGetDeviceControl: Add a missing break leading to wrong length calculation. XGetDeviceControl: size the libXi structs, not the wire structs (#20293) libXi 1.2.1 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2009/01/07 21:58:09 wiz Exp $ d3 3 a5 3 SHA1 (libXi-1.2.1.tar.bz2) = 47a1141bfafbdc4eca0d742acd7b978f98c7a749 RMD160 (libXi-1.2.1.tar.bz2) = 7d26b207e79c5bb220f69af040974d1039c62ab5 Size (libXi-1.2.1.tar.bz2) = 279752 bytes @ 1.10 log @Update to 1.2.0: Following the inputproto 1.5 release adding input device properties, here's the matching client-side libraries. Peter Hutterer (4): Bump to 1.1.99.2. Add XI_JOYSTICK to list of defined types. Add support for XI 1.5 device properties. libXi 1.2.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2008/11/17 11:30:31 wiz Exp $ d3 3 a5 3 SHA1 (libXi-1.2.0.tar.bz2) = 2395265b87556bd60216d0e5b56080380d0a3bd5 RMD160 (libXi-1.2.0.tar.bz2) = ddece023214031fde872da707d0ffeeec9996fc7 Size (libXi-1.2.0.tar.bz2) = 278230 bytes @ 1.9 log @Update to 1.1.4: (pkgsrc already contained the Coverity and GetDeviceControl patches) Alan Coopersmith (1): Coverity #743/744: Returned without freeing storage bufp/savp Matthieu Herrb (1): nuke RCS Ids Peter Hutterer (2): GetDeviceControl: calculate the length field correctly. libXi 1.1.4 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2008/01/29 03:45:36 bjs Exp $ d3 3 a5 3 SHA1 (libXi-1.1.4.tar.bz2) = ee9fdfc55b44926d76b39c5ee58670f5ab0fafef RMD160 (libXi-1.1.4.tar.bz2) = 25069b7e4519d2170b63b1832b28cca6c77ca984 Size (libXi-1.1.4.tar.bz2) = 272734 bytes @ 1.8 log @ Add two bug fixes from GIT (see patch headings for more info). Bump rev. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2007/09/21 20:47:14 joerg Exp $ d3 3 a5 5 SHA1 (libXi-1.1.3.tar.bz2) = 60608bcbebadc5fe0b51b5012e9301eb720988fe RMD160 (libXi-1.1.3.tar.bz2) = e6446f28a903eed54eccc5d4df685f9623942a0b Size (libXi-1.1.3.tar.bz2) = 248007 bytes SHA1 (patch-aa) = 2bf138eb5f8fa4e9602579a6842278a7e5446fc5 SHA1 (patch-ab) = 169dc342cb2631f10b9390568e9e39c91b595303 @ 1.7 log @Remove patch, XInputCheckExtension has some magic for that. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2007/09/21 19:39:11 joerg Exp $ d6 2 @ 1.6 log @Fix locking bug in upstream code. Ride on the initial update. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2007/09/21 19:28:47 bjs Exp $ a5 1 SHA1 (patch-aa) = f4709b631db41d00302d520b3507dd74e7fe1b4a @ 1.5 log @ Update to version 1.1.3. The most important feature of this release is a set of locking fixes, which unbreak this library for threaded apps. The lock issues were exposed by libxcb. -- XChangeDeviceControl: Fix completely broken locking -- XSetDeviceFocus: Add missing extension check -- XGetSelectedExtensionEvents: Still more locking bugs -- Bug #9659: Bad markup on XListInputDevices.3x @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2007/08/05 21:49:26 joerg Exp $ d6 1 @ 1.4 log @Update to libXi-1.1.2: Unstatic a function again. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2007/07/12 17:11:58 joerg Exp $ d3 3 a5 3 SHA1 (libXi-1.1.2.tar.bz2) = 01df09f3e3e3c157dbf04e72f7b0bf985410151f RMD160 (libXi-1.1.2.tar.bz2) = a9f039725e0001a6deb08d8b79df8b9df30fcf0a Size (libXi-1.1.2.tar.bz2) = 267367 bytes @ 1.3 log @Update libXi to 1.1.1: Fix _XiCheckExtInit to always drop the Display lock. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2007/01/23 14:30:17 joerg Exp $ d3 3 a5 3 SHA1 (libXi-1.1.1.tar.bz2) = 74e546ac1db4382d964edda9d539844085035250 RMD160 (libXi-1.1.1.tar.bz2) = e70eaf04d19f25b9ecacfbbe6ca636c4b220ad52 Size (libXi-1.1.1.tar.bz2) = 244748 bytes @ 1.2 log @Update to libXi-1.1.0: 1.0.0 -> 1.0.1: non-functional 1.0.1 -> 1.0.2: don't call XInput_find_display with the Display lock held, saves time as well 1.0.2 -> 1.1.0: use interface for device presense notification. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1.1.1 2006/11/03 18:24:38 joerg Exp $ d3 3 a5 3 SHA1 (libXi-1.1.0.tar.bz2) = 8dc380408dfea6357ea68ee375d0c5368d56066f RMD160 (libXi-1.1.0.tar.bz2) = a3d9d1a14b426c1716a251f59db404d2462c395a Size (libXi-1.1.0.tar.bz2) = 246381 bytes @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 SHA1 (libXi-1.0.0.tar.bz2) = a423bbd03c06ca87e04d9ef2cdddedd2b9a7c59c RMD160 (libXi-1.0.0.tar.bz2) = 855b782280cdabcdc0c955dab62da7458d3bf62d Size (libXi-1.0.0.tar.bz2) = 245848 bytes @ 1.1.1.1 log @Import libXi-1.0.0 from pkgsrc: This package contains the Xi extension. This is the X Input extension library. This is part of the X Libraries and Protocol Headers Project at freedesktop.org. @ text @@