summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDonnie Berkholz <dberkholz@gentoo.org>2008-05-08 08:20:43 +0000
committerDonnie Berkholz <dberkholz@gentoo.org>2008-05-08 08:20:43 +0000
commit918c434b1bda444687508f7ac09244bf15c34a48 (patch)
tree4375a10678ffa28048da7757dfa356a508aca9ef /x11-base
parentAdd an unkeyworded new revision with tons of fixes from upstream's 1.4 branch... (diff)
downloadgentoo-2-918c434b1bda444687508f7ac09244bf15c34a48.tar.gz
gentoo-2-918c434b1bda444687508f7ac09244bf15c34a48.tar.bz2
gentoo-2-918c434b1bda444687508f7ac09244bf15c34a48.zip
Add an unkeyworded new revision with tons of fixes from upstream's 1.4 branch. More patches may be coming soon, and rekeywording is pending on that. I expect this to be a candidate for stable.
(Portage version: 2.1.5_rc7) (Signed Manifest commit)
Diffstat (limited to 'x11-base')
-rw-r--r--x11-base/xorg-server/Manifest52
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0001-Bug-13308-Verify-and-reject-obviously-broken-modes.patch30
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0002-bgPixel-unsigned-long-is-64-bit-on-x86_64-so-1.patch34
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0003-Xprint-Clean-up-generated-files.patch24
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0004-Config-D-Bus-Don-t-leak-timers.patch44
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0005-Config-HAL-Don-t-leak-options-on-failure-to-add-de.patch57
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0006-OS-Don-t-leak-connection-translation-table-on-regen.patch27
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0007-KDrive-Xephyr-Don-t-leak-screen-damage-structure.patch25
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0008-Input-Don-t-reinit-devices.patch29
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0009-include-never-overwrite-realInputProc-with-enqueueI.patch37
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0010-OS-IO-Zero-out-client-buffers.patch28
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0011-XKB-XkbCopyKeymap-Don-t-leak-all-the-sections.patch27
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0012-Xephyr-One-time-keyboard-leak-fix.patch26
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0013-Fix-for-CVE-2007-5760-XFree86-Misc-extension-out-o.patch27
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0014-Fix-for-CVE-2007-6428-TOG-cup-extension-memory-cor.patch26
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0015-Fix-for-CVE-2007-6427-Xinput-extension-memory-corr.patch262
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0016-Fix-for-CVE-2007-6429-MIT-SHM-and-EVI-extensions-i.patch210
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0017-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch30
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0018-Fix-for-CVE-2007-5958-File-existence-disclosure.patch34
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0019-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch86
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0020-dix-set-the-correct-number-of-valuators-in-valuator.patch29
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0021-xkb-don-t-update-LEDs-if-they-don-t-exist.-Bug-13.patch31
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0022-security-Fix-for-Bug-14480-untrusted-access-broke.patch25
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0023-Resize-composite-overlay-window-when-the-root-window.patch62
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0024-Fix-rotation-for-multi-monitor-situation.patch31
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0025-Don-t-break-grab-and-focus-state-for-a-window-when-r.patch40
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0026-CVE-2007-6429-Always-test-for-size-offset-wrapping.patch44
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0027-Fix-context-sharing-between-direct-indirect-contexts.patch38
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0028-Add-some-more-support-for-DragonFly.-From-Joerg-Sonn.patch83
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0029-configure.ac-DragonFly-BSD-support.patch53
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0030-Fixed-configure.ac-for-autoconf-2.62.patch28
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0031-EXA-Fix-off-by-one-in-polyline-drawing.patch26
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0032-XKB-Fix-processInputProc-wrapping.patch83
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0033-xfree86-fix-AlwaysCore-handling.-Bug-14256.patch29
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0034-Ignore-not-just-block-SIGALRM-around-Popen-Pcl.patch58
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0035-Fix-build-on-FreeBSD-after-Popen-changes.patch25
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0036-So-like-checking-return-codes-of-system-calls-sig.patch83
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0037-Check-for-sys-sdt.h-as-well-when-determining-to-en.patch39
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0038-dix-Always-add-valuator-information-if-present.patch47
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0039-Bug-10324-dix-Allow-arbitrary-value-ranges-in-Ge.patch40
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0040-Bug-10324-dix-Add-scaling-of-X-and-Y-on-the-repo.patch173
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0041-dix-Skip-call-to-clipAxis-for-relative-core-events.patch93
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0042-dix-Move-motion-history-update-until-after-screen-c.patch51
-rw-r--r--x11-base/xorg-server/files/1.4.0.90/0043-XKB-Actually-explain-keymap-failures.patch145
44 files changed, 2467 insertions, 4 deletions
diff --git a/x11-base/xorg-server/Manifest b/x11-base/xorg-server/Manifest
index 0304432545dd..d25c7ec9b25b 100644
--- a/x11-base/xorg-server/Manifest
+++ b/x11-base/xorg-server/Manifest
@@ -35,6 +35,49 @@ AUX 1.4-fix-xprint-link.patch 588 RMD160 4a5ec1cd69047a94917c0bf29f1f557ec05059c
AUX 1.4-fpic-libxf86config.patch 374 RMD160 614d69f83b7f4d4999efa906f2059b7f287e22c1 SHA1 1f113823c03f69e79b10965908945df629b73474 SHA256 017e7ba2954dcc2281f8626977d47fd8bd037f05e680e51b8e4ae7316455a237
AUX 1.4-ia64.patch 1872 RMD160 6bc82c87140ee81150c34df486b5b4d9620dde9c SHA1 b43aadafd7ce144790cf9eccf8a9840baf3205bd SHA256 950714ce230791ce9d54e21044961d9435e4eb774f82e5047f9adcd5fd4661ec
AUX 1.4.0.90-clean-generated-files.patch 595 RMD160 e4044e8c1f1b92db38a7e53b77109ff80fb4d22a SHA1 9eaf182c435946596462106547e9d52f819cb397 SHA256 8a57ddae701218b425bbe59c2d387c81d65af2d29c67ea9f8550c8201841f9a7
+AUX 1.4.0.90/0001-Bug-13308-Verify-and-reject-obviously-broken-modes.patch 1066 RMD160 7a7d2f10eba4e2f20ecf793a54faa22dabdde573 SHA1 e00b0e764771bddaf2541b6b8c2d0da4999733ca SHA256 aafce7a98dcfea631c44504ab5bff78e7010ca9899bfb8749d5190b3cb171d86
+AUX 1.4.0.90/0002-bgPixel-unsigned-long-is-64-bit-on-x86_64-so-1.patch 1115 RMD160 4fa84411171f2e6f965bd7a1911f603fdd4dbbf9 SHA1 60f5914ec97dec52e72a29cdfb36558f81ecda15 SHA256 55824948145bf996a43868dd93cdcd5df043e3ac3a672cdc5cf52abe06005eba
+AUX 1.4.0.90/0003-Xprint-Clean-up-generated-files.patch 719 RMD160 4bc21f3eac1c2ea737fbc5c46a4e6628795c6bcc SHA1 3803df8e78f91e0b069a87f2b1b8ab22da85b46e SHA256 f1afa2d771072bdb04e47228ef0067ed180f19e8967277e7aa0deab69104372c
+AUX 1.4.0.90/0004-Config-D-Bus-Don-t-leak-timers.patch 1353 RMD160 c745c7d25659d5d2a1694d4cd10e3e4af4385b33 SHA1 c3cb5a8f94c969825e6e4af83b082bc3fa754055 SHA256 22a3764f72cd888de7756965cdd7650c4bae1d34791604c7a073bbc2218668eb
+AUX 1.4.0.90/0005-Config-HAL-Don-t-leak-options-on-failure-to-add-de.patch 1919 RMD160 7d0f9d86e7eb5fe732203a7af52b9033e890ccad SHA1 bce54d3f452ea020e05ff012c279c6cc5d49cab9 SHA256 a46cafdfa293dc16b35a9977f449a84cc8deb347a1aabcb305546d9e3efc8711
+AUX 1.4.0.90/0006-OS-Don-t-leak-connection-translation-table-on-regen.patch 830 RMD160 fdd8a862086307bdfc3379ca24b94a6eb49b145c SHA1 41a08647dd535a45b0adb81401c8b8358b43cf7c SHA256 74b4171174d67ea019e961d562aff504704c815136d8bfff79ecbd166a017bcf
+AUX 1.4.0.90/0007-KDrive-Xephyr-Don-t-leak-screen-damage-structure.patch 872 RMD160 eaec47dfad778585659a4d6ba90dc67e94cb63a4 SHA1 be85ab848e1ad57076bf4852d2e7c8b88ed29c3c SHA256 bb950597d42649e799bca994c0a7958bdc28a64ac8e81e537e4ac10e2e5c7a0c
+AUX 1.4.0.90/0008-Input-Don-t-reinit-devices.patch 921 RMD160 4b7f1a8e27c65dee361aa75fc6738d823f0383b1 SHA1 8493c75328f58a882cc919541d4e0ecebed31852 SHA256 338b148789a84087f5208e2eda5925aa5e80e86c75e902640d0141e6034b619c
+AUX 1.4.0.90/0009-include-never-overwrite-realInputProc-with-enqueueI.patch 1489 RMD160 f17760b034b1e71dfe4a2e950d8624b973141ae8 SHA1 6467bfee92765e15355c3b7a4e7f45e86c265ba9 SHA256 d010e9bd9f5ecd47ca2de1995a390502dcfdbc9d73ac434e9e04229b7ba96365
+AUX 1.4.0.90/0010-OS-IO-Zero-out-client-buffers.patch 861 RMD160 0f6ac780a880dfab70159fbd770b7fbaf070e8f8 SHA1 36faf03d4133ae742479987ac90758aeedfa2193 SHA256 e220b704b72db42ea62c5a1b2fcf644137c4fd19dcb61f4b74d4b987222ff1a3
+AUX 1.4.0.90/0011-XKB-XkbCopyKeymap-Don-t-leak-all-the-sections.patch 941 RMD160 49d4dca11b70ae89ff21800fe85df7f82be34170 SHA1 20a243ba686462b857a022f2052988be9706593b SHA256 ac4fad50d2baf4988d53567d6a9ca59cd19aa9a5435ee4ad4a3b69a6c4028f9c
+AUX 1.4.0.90/0012-Xephyr-One-time-keyboard-leak-fix.patch 912 RMD160 75a735c8763090de987371cb13e76b2b12453d14 SHA1 62ca71d5f158f76edcab37e954b3b16798b82e61 SHA256 ea73a5ec0b0d75c88b852dbba533d0be66634f2df883ece2f938f250d47a4ec8
+AUX 1.4.0.90/0013-Fix-for-CVE-2007-5760-XFree86-Misc-extension-out-o.patch 980 RMD160 5088fb0cb840b9f6e77187a76bd2d48e397b9eba SHA1 8318fb14dee695e11771a3d83a669c63497f4c41 SHA256 22f66fb059e03e64d869d43aff6292271b830c64fd79d0d2a190f141f0da588d
+AUX 1.4.0.90/0014-Fix-for-CVE-2007-6428-TOG-cup-extension-memory-cor.patch 747 RMD160 3fc0e01aa2cf0f1f22691caff9001b35afb937ab SHA1 26b9473115e4e891364f0ef2d4f2702aa7654edf SHA256 31023b19e4731027b7f141da58a0b73e668f6479283d8d6a32b18c94dde5987e
+AUX 1.4.0.90/0015-Fix-for-CVE-2007-6427-Xinput-extension-memory-corr.patch 7342 RMD160 eca6339c9c94d3dba77a38ab5b18ba284db647ff SHA1 a018b5f3d83924c16c97a3f33ebf4c6244959210 SHA256 771f6f0b8d7db8df4a7a020684bd1f4bf67967e00fe18b8b178b0d396983380a
+AUX 1.4.0.90/0016-Fix-for-CVE-2007-6429-MIT-SHM-and-EVI-extensions-i.patch 6830 RMD160 4a5d691c978ad37440474710ed24c65a406ae77d SHA1 f5a8be495d0dcc97b2de9f63b92012e5b253982c SHA256 2b70079c797d3dee6ba7778f7abe86c9f2ffdef1e37cdbb02b5ca2ff49e82d5a
+AUX 1.4.0.90/0017-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch 912 RMD160 cbce0d132c50cca78c49e19452e191ef68814816 SHA1 d44cf3bb2d43a932599b013c0acb8dc7a9b67ff9 SHA256 9f7a61d4c27cf3212e0403f3815a0ee1aa9c9834d536b26637960e777deda65e
+AUX 1.4.0.90/0018-Fix-for-CVE-2007-5958-File-existence-disclosure.patch 870 RMD160 5a1590a2c0ff8fa05f42bc521c6ff4eab835ed1c SHA1 168f778221d4946d23916ee90b8b23cef2e384a1 SHA256 c0cbaf1b750b7b34cdc6ac759927bde2c10fb9358c6f792b6762a690755a3d2f
+AUX 1.4.0.90/0019-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch 2663 RMD160 df43d1007c2d7929cc905578ce16e9190f86e5f9 SHA1 e441902688afceb3a69743f983d0cf8757583e5d SHA256 5879807da70afa579ca3cb4950e05ea4753e5c04393ebdf67bf3aea472246b42
+AUX 1.4.0.90/0020-dix-set-the-correct-number-of-valuators-in-valuator.patch 1141 RMD160 46d0bbc11476b5387dc6f40dc6ed364b91ed85e9 SHA1 6ec2db7ab5875001d697072603f7bbb0dd5b0918 SHA256 c1bcd5408be9ec752a0e9fbefc446cfba66e175a68fec7bbb4784b2afd84e690
+AUX 1.4.0.90/0021-xkb-don-t-update-LEDs-if-they-don-t-exist.-Bug-13.patch 1018 RMD160 74973f08908b1886771918c0d09d74bc18973291 SHA1 33bcdf1f34438b82f2f49f1230c454d44db806f7 SHA256 f01010eb2ebb0004ca5021d7d82e4ca9a7ca97fc601575c75458186113c89e59
+AUX 1.4.0.90/0022-security-Fix-for-Bug-14480-untrusted-access-broke.patch 778 RMD160 583086061e91f8bcabc65e8ca532ca17f3b33f62 SHA1 057838b8e32b1372e7fe5e9cacd3db26a3170e63 SHA256 16239f6f3eede01a10fc188664d5ec65bfc7abe2323c6a69eb3ce15b8e463c94
+AUX 1.4.0.90/0023-Resize-composite-overlay-window-when-the-root-window.patch 2001 RMD160 564a712f423ed253f3cb81cf095501a2058db25a SHA1 a58feb741cbb822a9662348ea8955db84309a669 SHA256 f6a012697d9c82b70f79f15e40dcd15eda1ea3712837ea489924a2f174fc9fff
+AUX 1.4.0.90/0024-Fix-rotation-for-multi-monitor-situation.patch 1160 RMD160 5f73d797e973e5bf7725d4e1676e0cc382c40658 SHA1 d8addba81bae9a2150c162b896619bd42ca4397d SHA256 c8b90041b3b2d30cfe203690064a5d377613b4518e3baffd8657d275c58b98e4
+AUX 1.4.0.90/0025-Don-t-break-grab-and-focus-state-for-a-window-when-r.patch 1353 RMD160 45f37da1ee642fc182d9977a59bf7b45403b8467 SHA1 c10b77bed7f2f016cb2d43a097a431461915af8d SHA256 215cd3641d36511a1184cffd248e580e8411caaf865c53b37ab5b1e32d1291c9
+AUX 1.4.0.90/0026-CVE-2007-6429-Always-test-for-size-offset-wrapping.patch 1332 RMD160 63011b66b47f30a4426559bb68aafac152b7c037 SHA1 219ca0a2bb455192c1944b7b18d4963cef499545 SHA256 e3e23bfd39b0d16fb31bef0ef3218e8548de43eee2b011e0a5d9b409d7d15b02
+AUX 1.4.0.90/0027-Fix-context-sharing-between-direct-indirect-contexts.patch 1019 RMD160 1939ba0bf9ede3b4f4742a987d89e3f3d85d0edf SHA1 d6125ad5ee945417fdf4c7adc1e9624d00e425a7 SHA256 caf657582c25de122ddebc930ebea9c0535a162192ac1338fcb6721485ef1627
+AUX 1.4.0.90/0028-Add-some-more-support-for-DragonFly.-From-Joerg-Sonn.patch 2993 RMD160 e843dd1b627bc669337b4de0fd2202c861897f8c SHA1 69e312c2687cfe2278ad57ab438808ba79ef9f37 SHA256 f7d2a501e60cf0f9eab3866a14852df8d4bfa57c12236506b5866fb77a7e733f
+AUX 1.4.0.90/0029-configure.ac-DragonFly-BSD-support.patch 1570 RMD160 10234d211dc79ac71bcef7606700db66d6f2dc5b SHA1 54b7ebe23e4efb9276b9413d2dde9c9d4edc7dcd SHA256 918d5a558afa80ad0c179652d23e6ef36f7316c5444ca3836540081ec4518d25
+AUX 1.4.0.90/0030-Fixed-configure.ac-for-autoconf-2.62.patch 780 RMD160 3c59fbd4af8344349bdd7c6c2b06a017a41946fe SHA1 2878663b1794200bae152631b63e3b26ffd9e94f SHA256 857e61a19a0acfb4e4ed4dca8943e72c2d0859b33c4968f5a48393e0ceea8423
+AUX 1.4.0.90/0031-EXA-Fix-off-by-one-in-polyline-drawing.patch 862 RMD160 ee5b9ed8ed0ac4499704a008c6e79254a6e508e7 SHA1 4bdad4e4a8100e18ae511292b34ca4bdf9bd45c9 SHA256 a00c0ebb2a523a5ecbe79b78af040df95ea25fb93c313507137add7530e35439
+AUX 1.4.0.90/0032-XKB-Fix-processInputProc-wrapping.patch 3158 RMD160 7aecd1b497f126ae520c2dff358ea7db762d9e37 SHA1 91ab28e5f463c22142112d3c0f03c205fe39be11 SHA256 9cc487dba264d9c170e8deae56ab42860fb40f9503b13b5b5b07ff84a0956fe7
+AUX 1.4.0.90/0033-xfree86-fix-AlwaysCore-handling.-Bug-14256.patch 1119 RMD160 9afa1abfa053ce22cf9106536b32367b963e2f15 SHA1 e8af7f18d14373e1b64f42a0af6cf51c9ac15a58 SHA256 6fca5d008038282ac4ea05ae80b68709be5902a5e6cfbb604636e3d454400173
+AUX 1.4.0.90/0034-Ignore-not-just-block-SIGALRM-around-Popen-Pcl.patch 1718 RMD160 81c0003858710177ddd879b67c301a1442996a98 SHA1 031231c784f39940281a2cf68387c09c821fa487 SHA256 4c7d930aa63f4e91e069552246097e6e3318718e740b8fa23bc8159e566d8bb9
+AUX 1.4.0.90/0035-Fix-build-on-FreeBSD-after-Popen-changes.patch 643 RMD160 22b1f3f586856c511ed6a4504c19623a22b53a81 SHA1 511eb3b79ce670a7246080989e778713e384de5c SHA256 943bedf7d50aa2edfdc863956c6d8aa421a8bcc117ee27553a9aa399b36493d2
+AUX 1.4.0.90/0036-So-like-checking-return-codes-of-system-calls-sig.patch 2084 RMD160 d88362f0aded245643a0983191b577a43a798326 SHA1 c46f7a38e1cdcc2ac8fca295dea84282ba2ba2a8 SHA256 b01b028be25c1732cf89c8d26dd563d44430d93b4d0ef5ec5cf64c31904581a3
+AUX 1.4.0.90/0037-Check-for-sys-sdt.h-as-well-when-determining-to-en.patch 1364 RMD160 efdb7e51394df787de77b19fcf2a671e5745c55b SHA1 56a4de5277f41692470eb7f5232abf370915e088 SHA256 01d007f64c4bf8ae70c62cd4fa0fa1b3d598f8776368edbd5e03be4ce680d84b
+AUX 1.4.0.90/0038-dix-Always-add-valuator-information-if-present.patch 1953 RMD160 3323165b1e1bac4975125c4484a3b189a9895c44 SHA1 17bb9013d53dcd062c3945af96c7876e2d05c9d0 SHA256 e4d5fad4931d37eedbb1056bc2cc3a45593b850a071851be4ef56ef39a9c3c2b
+AUX 1.4.0.90/0039-Bug-10324-dix-Allow-arbitrary-value-ranges-in-Ge.patch 1350 RMD160 7abec3b4353b95022c5a76cc38493866d2d44381 SHA1 0842a62ed2d0bed558dea0a3df696cc041d4d6e7 SHA256 20a2dc688886de6ac6516c9c15a493fb847460b4c67adf1a247cf104d23c90f6
+AUX 1.4.0.90/0040-Bug-10324-dix-Add-scaling-of-X-and-Y-on-the-repo.patch 7279 RMD160 4d3fe2057ccf82b001a3736b3bccbb956f9f3704 SHA1 1930d8d19b2afbd157349199a327548139b3d857 SHA256 3426664369211568b91fb0204b44327600d727efac7467fe7f0021ed64f7b5d9
+AUX 1.4.0.90/0041-dix-Skip-call-to-clipAxis-for-relative-core-events.patch 3670 RMD160 465cffebdcde7dc52022ae7133ff335347fd7605 SHA1 c311b2e4b5874718698671f56f89a269a9ebbaf7 SHA256 640f5b876364047fce4754615c159f7f9f527afb3deab5246b86853defb639ec
+AUX 1.4.0.90/0042-dix-Move-motion-history-update-until-after-screen-c.patch 2022 RMD160 d192c17c794335a6397dba46b61afaed60c47152 SHA1 8bd14bc6f88268657d010dbb82572cb8af13ea7e SHA256 4eb5b8066908d1d7b9b359a915bd3e08b6a5cf438459d100ebf5241029dc6408
+AUX 1.4.0.90/0043-XKB-Actually-explain-keymap-failures.patch 4163 RMD160 f9747730ee551ec64dd386aab41d4f560b313407 SHA1 29c45125eea26dc0a2163f19e0180e47fb886494 SHA256 bc9ca4b91b89a18db0fba597a0673f5b747a9fd79b1e046c769fca50239acea1
AUX avoid-crash-on-minimized-xv-window.patch 1970 RMD160 a41e37359a05b4dc4c796e569b3f00e9dcb210d4 SHA1 54447e96f4f10e2993e0e675091f6026e63b56b6 SHA256 6e1cbe4f588674d70d3564962a79b4b7d271162040f9a2390f29f03cfeac87bd
AUX use-composite-for-unequal-depths.patch 3528 RMD160 be7b5b07e8c890d596c5e2c49152f7df833487ea SHA1 1ade1846c1549c5a7eb3775d86973eb87bdb48ff SHA256 b38c079aaac0d8168cd4b45d2c1b8020338918c96855989dce89324c800622c0
AUX xorg-server-1.4.0.90-automake-1.10.1-fixup.patch 357 RMD160 06d03313a419fcad6b3668888e32dad28defb3a4 SHA1 3bdd2a6faa808445b2b365b420a9ce5882501035 SHA256 afb9593b3cedfdc9c768436df64b4878504804e93984672a58d96660b2b87afc
@@ -48,12 +91,13 @@ DIST xorg-server-1.4.0.90.tar.bz2 6315011 RMD160 181b3c682710265df3c6ed30e164be9
EBUILD xorg-server-1.3.0.0-r4.ebuild 17872 RMD160 caf61a35a2486a3248dab00dc2a928dd2e11e015 SHA1 2552f8fc12bc8b446e65b912dbd86f7cf4019ec5 SHA256 fcf3d38047d812e887769b17ffe7c94035fc6376bc6b307b04190851bb3ed19c
EBUILD xorg-server-1.3.0.0-r5.ebuild 18114 RMD160 e6fffcc39506db21aafee5e70b8bb043026d5290 SHA1 3e716d92bc096757eb29c3e1e7ae9365a1925f07 SHA256 bb90fb9650d061d42625d99aefefe4de9e032c0b8e517be7c19a5b9ea15a742d
EBUILD xorg-server-1.4.0.90-r3.ebuild 19018 RMD160 1079fe20b0de68e0677071ac70e878f7096bc385 SHA1 47cd9165b2da82a910e87ed14ee0da30fbd20ebe SHA256 7e21429ca3c6bfe57fddeb3c5d7d57d3e5a50108a5c1c4bb6b987014bc08923e
-MISC ChangeLog 70149 RMD160 7338e7aeebc3c67c5ece0d06b3cf678a55bd2024 SHA1 bf9227b46545dc4f9ad83bef95dc4cac483e12bc SHA256 ef8822669d767d601a05ff2440119f7954875b6ae2210d477a23034bd9a84e25
+EBUILD xorg-server-1.4.0.90-r4.ebuild 18261 RMD160 b4a517b86a0c7fd391a1b5727abcc1f50164058c SHA1 3f42930920c1b5afa8b4c4e75f881bf402fcfe31 SHA256 8563be846f91086ff956e0f82fa9ffe7e1b3065028ab886cb4f08550d808443f
+MISC ChangeLog 73809 RMD160 829919b01b938c44de56c292a4863fcf2cf1b5b6 SHA1 30f4bdac8b250da957eb90c3165ff9427e89408d SHA256 567f3574d6df135f7abc5fb1d86838e7b6f91ffe43dd0bbb67d7b11766ea309a
MISC metadata.xml 156 RMD160 c1274bdccf57603d580de0075ba07a35b7509560 SHA1 6f78f604e3d079d39189b40aaaa1ddb06182ad91 SHA256 5101ab0d4cc8c7125eea733c44e86962769bd77acaf53b69223b9cadcdd29055
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
-iEYEARECAAYFAkghInEACgkQXVaO67S1rtu8egCeMezAyUwfwcZC19yIBdGyXjG/
-ku8AoOPAwDkFaKDo5Nxt1XkDDCTon64c
-=tNxx
+iEYEARECAAYFAkgit9YACgkQXVaO67S1rtvkQQCffpdqcFCqXroNLyk6I9OYivqr
+RugAoNbDEnPDMzD5DAzkVlNWDgMlbiVz
+=JB3/
-----END PGP SIGNATURE-----
diff --git a/x11-base/xorg-server/files/1.4.0.90/0001-Bug-13308-Verify-and-reject-obviously-broken-modes.patch b/x11-base/xorg-server/files/1.4.0.90/0001-Bug-13308-Verify-and-reject-obviously-broken-modes.patch
new file mode 100644
index 000000000000..5a7c1aad6058
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0001-Bug-13308-Verify-and-reject-obviously-broken-modes.patch
@@ -0,0 +1,30 @@
+From f4bcb53e86bb103b6bcf8a3a170a36137c34d272 Mon Sep 17 00:00:00 2001
+From: Hong Liu <hong.liu@intel.com>
+Date: Wed, 5 Dec 2007 17:48:28 +0100
+Subject: [PATCH] Bug 13308: Verify and reject obviously broken modes.
+ (cherry picked from commit c6cfcd408df3e44d0094946c0a7d2fa944b4d2d1)
+
+---
+ hw/xfree86/modes/xf86EdidModes.c | 6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/hw/xfree86/modes/xf86EdidModes.c b/hw/xfree86/modes/xf86EdidModes.c
+index 8b5e69d..e2ae665 100644
+--- a/hw/xfree86/modes/xf86EdidModes.c
++++ b/hw/xfree86/modes/xf86EdidModes.c
+@@ -239,6 +239,12 @@ DDCModeFromDetailedTiming(int scrnIndex, struct detailed_timings *timing,
+ Mode->VSyncEnd = Mode->VSyncStart + timing->v_sync_width;
+ Mode->VTotal = timing->v_active + timing->v_blanking;
+
++ /* perform basic check on the detail timing */
++ if (Mode->HSyncEnd > Mode->HTotal || Mode->VSyncEnd > Mode->VTotal) {
++ xfree(Mode);
++ return NULL;
++ }
++
+ xf86SetModeDefaultName(Mode);
+
+ /* We ignore h/v_size and h/v_border for now. */
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0002-bgPixel-unsigned-long-is-64-bit-on-x86_64-so-1.patch b/x11-base/xorg-server/files/1.4.0.90/0002-bgPixel-unsigned-long-is-64-bit-on-x86_64-so-1.patch
new file mode 100644
index 000000000000..9ec86c51e4b0
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0002-bgPixel-unsigned-long-is-64-bit-on-x86_64-so-1.patch
@@ -0,0 +1,34 @@
+From 41f735fbe02f59bc7bcca335c6e743c72c2fc44c Mon Sep 17 00:00:00 2001
+From: Hong Liu <hong.liu@intel.com>
+Date: Tue, 4 Sep 2007 08:46:46 +0100
+Subject: [PATCH] bgPixel (unsigned long) is 64-bit on x86_64, so -1 != 0xffffffff
+
+This patch should fix bug 8080.
+(cherry picked from commit 9adea807038b64292403ede982075fe1dcfd4c9a)
+---
+ hw/xfree86/xaa/xaaGC.c | 9 +++++----
+ 1 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/hw/xfree86/xaa/xaaGC.c b/hw/xfree86/xaa/xaaGC.c
+index f3434c9..b3dc83a 100644
+--- a/hw/xfree86/xaa/xaaGC.c
++++ b/hw/xfree86/xaa/xaaGC.c
+@@ -80,10 +80,11 @@ XAAValidateGC(
+ }
+
+ if(pGC->depth != 32) {
+- if(pGC->bgPixel == -1) /* -1 is reserved for transparency */
+- pGC->bgPixel = 0x7fffffff;
+- if(pGC->fgPixel == -1) /* -1 is reserved for transparency */
+- pGC->fgPixel = 0x7fffffff;
++ /* 0xffffffff is reserved for transparency */
++ if(pGC->bgPixel == 0xffffffff)
++ pGC->bgPixel = 0x7fffffff;
++ if(pGC->fgPixel == 0xffffffff)
++ pGC->fgPixel = 0x7fffffff;
+ }
+
+ if((pDraw->type == DRAWABLE_PIXMAP) && !IS_OFFSCREEN_PIXMAP(pDraw)){
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0003-Xprint-Clean-up-generated-files.patch b/x11-base/xorg-server/files/1.4.0.90/0003-Xprint-Clean-up-generated-files.patch
new file mode 100644
index 000000000000..79d927ea6e0c
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0003-Xprint-Clean-up-generated-files.patch
@@ -0,0 +1,24 @@
+From d988da6eee8422774dff364050bf431b843a714a Mon Sep 17 00:00:00 2001
+From: Arkadiusz Miskiewicz <arekm@maven.pl>
+Date: Thu, 13 Dec 2007 00:09:08 +0200
+Subject: [PATCH] Xprint: Clean up generated files
+
+Remember to clean generated wrapper files.
+(cherry picked from commit 977fcdea8198906936a64b8117e6a6d027c617e3)
+---
+ hw/xprint/Makefile.am | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/hw/xprint/Makefile.am b/hw/xprint/Makefile.am
+index dc8764a..f834966 100644
+--- a/hw/xprint/Makefile.am
++++ b/hw/xprint/Makefile.am
+@@ -41,3 +41,5 @@ Xprt_SOURCES = \
+ $(top_srcdir)/fb/fbcmap_mi.c
+
+ EXTRA_DIST = ValTree.c
++
++CLEANFILES = miinitext-wrapper.c dpmsstubs-wrapper.c
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0004-Config-D-Bus-Don-t-leak-timers.patch b/x11-base/xorg-server/files/1.4.0.90/0004-Config-D-Bus-Don-t-leak-timers.patch
new file mode 100644
index 000000000000..badf8a4bab30
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0004-Config-D-Bus-Don-t-leak-timers.patch
@@ -0,0 +1,44 @@
+From 81c5950d0af8d5859f850b98c98a532784e9a757 Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Fri, 28 Dec 2007 15:47:21 +0200
+Subject: [PATCH] Config: D-Bus: Don't leak timers
+
+TimerCancel doesn't free the timer: you need TimerFree for that.
+(cherry picked from commit 25deaa7e6b29b3913b35efa39b9c8b25de5e6d95)
+---
+ config/dbus-core.c | 5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/config/dbus-core.c b/config/dbus-core.c
+index eab72a5..9cf1530 100644
+--- a/config/dbus-core.c
++++ b/config/dbus-core.c
+@@ -76,7 +76,7 @@ teardown(void)
+ struct config_dbus_core_hook *hook;
+
+ if (bus_info.timer) {
+- TimerCancel(bus_info.timer);
++ TimerFree(bus_info.timer);
+ bus_info.timer = NULL;
+ }
+
+@@ -116,6 +116,8 @@ message_filter(DBusConnection *connection, DBusMessage *message, void *data)
+ bus_info.connection = NULL;
+ teardown();
+
++ if (bus_info.timer)
++ TimerFree(bus_info.timer);
+ bus_info.timer = TimerSet(NULL, 0, 1, reconnect_timer, NULL);
+
+ return DBUS_HANDLER_RESULT_HANDLED;
+@@ -186,6 +188,7 @@ static CARD32
+ reconnect_timer(OsTimerPtr timer, CARD32 time, pointer arg)
+ {
+ if (connect_to_bus()) {
++ TimerFree(bus_info.timer);
+ bus_info.timer = NULL;
+ return 0;
+ }
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0005-Config-HAL-Don-t-leak-options-on-failure-to-add-de.patch b/x11-base/xorg-server/files/1.4.0.90/0005-Config-HAL-Don-t-leak-options-on-failure-to-add-de.patch
new file mode 100644
index 000000000000..bd49b58cbbf6
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0005-Config-HAL-Don-t-leak-options-on-failure-to-add-de.patch
@@ -0,0 +1,57 @@
+From 30fc8053a5e734c3b70156bdae94fd7d5d7865a5 Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Fri, 28 Dec 2007 15:47:57 +0200
+Subject: [PATCH] Config: HAL: Don't leak options on failure to add device
+
+This showed up in Xephyr in particular, which denies new device requests.
+(cherry picked from commit 2bb199056edf6c63cf978d1a8ad49a57ce1938f3)
+---
+ config/hal.c | 11 ++++++++++-
+ 1 files changed, 10 insertions(+), 1 deletions(-)
+
+diff --git a/config/hal.c b/config/hal.c
+index 4427deb..16f16ec 100644
+--- a/config/hal.c
++++ b/config/hal.c
+@@ -92,6 +92,8 @@ add_option(InputOption **options, const char *key, const char *value)
+ for (; *options; options = &(*options)->next)
+ ;
+ *options = xcalloc(sizeof(**options), 1);
++ if (!*options) /* Yeesh. */
++ return;
+ (*options)->key = xstrdup(key);
+ (*options)->value = xstrdup(value);
+ (*options)->next = NULL;
+@@ -156,7 +158,7 @@ device_added(LibHalContext *hal_ctx, const char *udi)
+ char *path = NULL, *driver = NULL, *name = NULL, *xkb_rules = NULL;
+ char *xkb_model = NULL, *xkb_layout = NULL, *xkb_variant = NULL;
+ char *xkb_options = NULL, *config_info = NULL;
+- InputOption *options = NULL;
++ InputOption *options = NULL, *tmpo = NULL;
+ DeviceIntPtr dev;
+ DBusError error;
+ int type = TYPE_NONE;
+@@ -232,6 +234,7 @@ device_added(LibHalContext *hal_ctx, const char *udi)
+
+ if (NewInputDeviceRequest(options, &dev) != Success) {
+ DebugF("[config/hal] NewInputDeviceRequest failed\n");
++ dev = NULL;
+ goto unwind;
+ }
+
+@@ -255,6 +258,12 @@ unwind:
+ xfree(xkb_options);
+ if (config_info)
+ xfree(config_info);
++ while (!dev && (tmpo = options)) {
++ options = tmpo->next;
++ xfree(tmpo->key);
++ xfree(tmpo->value);
++ xfree(tmpo);
++ }
+
+ out_error:
+ dbus_error_free(&error);
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0006-OS-Don-t-leak-connection-translation-table-on-regen.patch b/x11-base/xorg-server/files/1.4.0.90/0006-OS-Don-t-leak-connection-translation-table-on-regen.patch
new file mode 100644
index 000000000000..d688b5bea13f
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0006-OS-Don-t-leak-connection-translation-table-on-regen.patch
@@ -0,0 +1,27 @@
+From 38d8cfaaff0ae6273d9e921aae08b2706355f0d2 Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Fri, 28 Dec 2007 15:48:25 +0200
+Subject: [PATCH] OS: Don't leak connection translation table on regeneration
+ (cherry picked from commit e868e0bc0d2318e62707d3ae68532b0029959154)
+
+---
+ os/connection.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/os/connection.c b/os/connection.c
+index b944593..d1ba845 100644
+--- a/os/connection.c
++++ b/os/connection.c
+@@ -353,7 +353,8 @@ InitConnectionLimits(void)
+ #endif
+
+ #if !defined(WIN32)
+- ConnectionTranslation = (int *)xnfalloc(sizeof(int)*(lastfdesc + 1));
++ if (!ConnectionTranslation)
++ ConnectionTranslation = (int *)xnfalloc(sizeof(int)*(lastfdesc + 1));
+ #else
+ InitConnectionTranslation();
+ #endif
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0007-KDrive-Xephyr-Don-t-leak-screen-damage-structure.patch b/x11-base/xorg-server/files/1.4.0.90/0007-KDrive-Xephyr-Don-t-leak-screen-damage-structure.patch
new file mode 100644
index 000000000000..73b0fdb7302b
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0007-KDrive-Xephyr-Don-t-leak-screen-damage-structure.patch
@@ -0,0 +1,25 @@
+From a304fc1d4a7062f65161ef8748fd358639ec73de Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Fri, 28 Dec 2007 15:48:57 +0200
+Subject: [PATCH] KDrive: Xephyr: Don't leak screen damage structure
+ (cherry picked from commit 0b03d97a244540824c922c300adbc3d3ae4855d5)
+
+---
+ hw/kdrive/ephyr/ephyr.c | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/hw/kdrive/ephyr/ephyr.c b/hw/kdrive/ephyr/ephyr.c
+index e8001df..27165a5 100644
+--- a/hw/kdrive/ephyr/ephyr.c
++++ b/hw/kdrive/ephyr/ephyr.c
+@@ -394,6 +394,7 @@ ephyrUnsetInternalDamage (ScreenPtr pScreen)
+
+ pPixmap = (*pScreen->GetScreenPixmap) (pScreen);
+ DamageUnregister (&pPixmap->drawable, scrpriv->pDamage);
++ DamageDestroy (scrpriv->pDamage);
+
+ RemoveBlockAndWakeupHandlers (ephyrInternalDamageBlockHandler,
+ ephyrInternalDamageWakeupHandler,
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0008-Input-Don-t-reinit-devices.patch b/x11-base/xorg-server/files/1.4.0.90/0008-Input-Don-t-reinit-devices.patch
new file mode 100644
index 000000000000..1ecac07ccb57
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0008-Input-Don-t-reinit-devices.patch
@@ -0,0 +1,29 @@
+From 102c012c206cbb3bbf0fa5b0c8f0ce2ce9bba72a Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Fri, 28 Dec 2007 15:49:50 +0200
+Subject: [PATCH] Input: Don't reinit devices
+
+If a device is already initialised (i.e. the virtual core devices) during
+IASD, don't init them again. This fixes a leak.
+(cherry picked from commit 1f6015c8fe62c28cfaa82cc855b5b9c28fd34607)
+---
+ dix/devices.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/dix/devices.c b/dix/devices.c
+index 287d730..f6f3c8e 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -473,7 +473,8 @@ InitAndStartDevices(void)
+
+ for (dev = inputInfo.off_devices; dev; dev = dev->next) {
+ DebugF("(dix) initialising device %d\n", dev->id);
+- ActivateDevice(dev);
++ if (!dev->inited)
++ ActivateDevice(dev);
+ }
+ for (dev = inputInfo.off_devices; dev; dev = next)
+ {
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0009-include-never-overwrite-realInputProc-with-enqueueI.patch b/x11-base/xorg-server/files/1.4.0.90/0009-include-never-overwrite-realInputProc-with-enqueueI.patch
new file mode 100644
index 000000000000..aa9019b64f2e
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0009-include-never-overwrite-realInputProc-with-enqueueI.patch
@@ -0,0 +1,37 @@
+From 60144ac814ee26e151186f7c93cb1a273468d497 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter@cs.unisa.edu.au>
+Date: Wed, 19 Dec 2007 16:20:36 +1030
+Subject: [PATCH] include: never overwrite realInputProc with enqueueInputProc. Bug #13511
+
+In some cases (triggered by a key repeat during a sync grab) XKB unwrapping
+can overwrite the device's realInputProc with the enqueueInputProc. When the
+grab is released and the events are replayed, we end up in an infinite loop.
+Each event is replayed and in replaying pushed to the end of the queue again.
+
+This fix is a hack only. It ensures that the realInputProc is never
+overwritten with the enqueueInputProc.
+
+This fixes Bug #13511 (https://bugs.freedesktop.org/show_bug.cgi?id=13511)
+(cherry picked from commit eace88989c3b65d5c20e9f37ea9b23c7c8e19335)
+(cherry picked from commit 50e80c39870adfdc84fdbc00dddf1362117ad443)
+---
+ include/xkbsrv.h | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/include/xkbsrv.h b/include/xkbsrv.h
+index 167dbec..9174eb6 100644
+--- a/include/xkbsrv.h
++++ b/include/xkbsrv.h
+@@ -258,7 +258,8 @@ typedef struct
+ device->public.processInputProc = proc; \
+ oldprocs->processInputProc = \
+ oldprocs->realInputProc = device->public.realInputProc; \
+- device->public.realInputProc = proc; \
++ if (proc != device->public.enqueueInputProc) \
++ device->public.realInputProc = proc; \
+ oldprocs->unwrapProc = device->unwrapProc; \
+ device->unwrapProc = unwrapproc;
+
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0010-OS-IO-Zero-out-client-buffers.patch b/x11-base/xorg-server/files/1.4.0.90/0010-OS-IO-Zero-out-client-buffers.patch
new file mode 100644
index 000000000000..2102d4bef552
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0010-OS-IO-Zero-out-client-buffers.patch
@@ -0,0 +1,28 @@
+From 02e805f0ff4b6af551372ba5fc5fb369c8834d1d Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Sat, 5 Jan 2008 10:38:16 +0200
+Subject: [PATCH] OS: IO: Zero out client buffers
+
+For alignment reasons, we can write out uninitialised bytes, so allocate
+the whole thing with xcalloc.
+(cherry picked from commit b99a43dfe97c1813e1c61f298b1c83c5d5ca88a2)
+---
+ os/io.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/os/io.c b/os/io.c
+index 9de75ee..a8b84fb 100644
+--- a/os/io.c
++++ b/os/io.c
+@@ -1197,7 +1197,7 @@ AllocateOutputBuffer(void)
+ oco = (ConnectionOutputPtr)xalloc(sizeof(ConnectionOutput));
+ if (!oco)
+ return (ConnectionOutputPtr)NULL;
+- oco->buf = (unsigned char *) xalloc(BUFSIZE);
++ oco->buf = (unsigned char *) xcalloc(1, BUFSIZE);
+ if (!oco->buf)
+ {
+ xfree(oco);
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0011-XKB-XkbCopyKeymap-Don-t-leak-all-the-sections.patch b/x11-base/xorg-server/files/1.4.0.90/0011-XKB-XkbCopyKeymap-Don-t-leak-all-the-sections.patch
new file mode 100644
index 000000000000..9aa87c8a9985
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0011-XKB-XkbCopyKeymap-Don-t-leak-all-the-sections.patch
@@ -0,0 +1,27 @@
+From 8a3acd3ec41b887b4aeaa0b2932265522c1e2836 Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Sat, 5 Jan 2008 10:43:53 +0200
+Subject: [PATCH] XKB: XkbCopyKeymap: Don't leak all the sections
+
+Previously, we'd just keep num_sections at 0, which would break the
+geometry and lead us to leak sections. Don't do that.
+(cherry picked from commit 0137b0394a248f694448a7d97c9a1a3efcf24e81)
+---
+ xkb/xkbUtils.c | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c
+index c7f9a26..e90df0d 100644
+--- a/xkb/xkbUtils.c
++++ b/xkb/xkbUtils.c
+@@ -1770,6 +1770,7 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr dst, Bool sendNotifies)
+ if (!tmp)
+ return FALSE;
+ dst->geom->sections = tmp;
++ dst->geom->num_sections = src->geom->num_sections;
+
+ for (i = 0,
+ ssection = src->geom->sections,
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0012-Xephyr-One-time-keyboard-leak-fix.patch b/x11-base/xorg-server/files/1.4.0.90/0012-Xephyr-One-time-keyboard-leak-fix.patch
new file mode 100644
index 000000000000..a26dce5bf835
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0012-Xephyr-One-time-keyboard-leak-fix.patch
@@ -0,0 +1,26 @@
+From 636aa9e7be2822a0148067a11499ad48fe682cd9 Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Sat, 5 Jan 2008 10:47:39 +0200
+Subject: [PATCH] Xephyr: One-time keyboard leak fix
+
+Don't leak the originally-allocated keysym map.
+(cherry picked from commit e85130c85f727466fc27be1cfa46c88b257499fb)
+---
+ hw/kdrive/ephyr/ephyr.c | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/hw/kdrive/ephyr/ephyr.c b/hw/kdrive/ephyr/ephyr.c
+index 27165a5..86e8f1f 100644
+--- a/hw/kdrive/ephyr/ephyr.c
++++ b/hw/kdrive/ephyr/ephyr.c
+@@ -915,6 +915,7 @@ EphyrKeyboardInit (KdKeyboardInfo *ki)
+ ki->minScanCode = ki->keySyms.minKeyCode;
+ ki->maxScanCode = ki->keySyms.maxKeyCode;
+ ki->keySyms.mapWidth = ephyrKeySyms.mapWidth;
++ xfree(ki->keySyms.map);
+ ki->keySyms.map = ephyrKeySyms.map;
+ ki->name = KdSaveString("Xephyr virtual keyboard");
+ ephyrKbd = ki;
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0013-Fix-for-CVE-2007-5760-XFree86-Misc-extension-out-o.patch b/x11-base/xorg-server/files/1.4.0.90/0013-Fix-for-CVE-2007-5760-XFree86-Misc-extension-out-o.patch
new file mode 100644
index 000000000000..e63fc49b8378
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0013-Fix-for-CVE-2007-5760-XFree86-Misc-extension-out-o.patch
@@ -0,0 +1,27 @@
+From 59a3b83922c810316a374a19484b24901c7437ae Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@bluenote.herrb.com>
+Date: Thu, 17 Jan 2008 15:26:41 +0100
+Subject: [PATCH] Fix for CVE-2007-5760 - XFree86 Misc extension out of bounds array index
+
+---
+ hw/xfree86/common/xf86MiscExt.c | 4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86MiscExt.c b/hw/xfree86/common/xf86MiscExt.c
+index c1b9c60..40c196a 100644
+--- a/hw/xfree86/common/xf86MiscExt.c
++++ b/hw/xfree86/common/xf86MiscExt.c
+@@ -548,6 +548,10 @@ MiscExtPassMessage(int scrnIndex, const char *msgtype, const char *msgval,
+ {
+ ScrnInfoPtr pScr = xf86Screens[scrnIndex];
+
++ /* should check this in the protocol, but xf86NumScreens isn't exported */
++ if (scrnIndex >= xf86NumScreens)
++ return BadValue;
++
+ if (*pScr->HandleMessage == NULL)
+ return BadImplementation;
+ return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr);
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0014-Fix-for-CVE-2007-6428-TOG-cup-extension-memory-cor.patch b/x11-base/xorg-server/files/1.4.0.90/0014-Fix-for-CVE-2007-6428-TOG-cup-extension-memory-cor.patch
new file mode 100644
index 000000000000..c5d0a946ea4f
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0014-Fix-for-CVE-2007-6428-TOG-cup-extension-memory-cor.patch
@@ -0,0 +1,26 @@
+From 4848d49d05a318559afe7a17a19ba055947ee1f5 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@bluenote.herrb.com>
+Date: Thu, 17 Jan 2008 15:28:03 +0100
+Subject: [PATCH] Fix for CVE-2007-6428 - TOG-cup extension memory corruption.
+
+---
+ Xext/cup.c | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/Xext/cup.c b/Xext/cup.c
+index 6bfa278..781b9ce 100644
+--- a/Xext/cup.c
++++ b/Xext/cup.c
+@@ -196,6 +196,9 @@ int ProcGetReservedColormapEntries(
+
+ REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq);
+
++ if (stuff->screen >= screenInfo.numScreens)
++ return BadValue;
++
+ #ifndef HAVE_SPECIAL_DESKTOP_COLORS
+ citems[CUP_BLACK_PIXEL].pixel =
+ screenInfo.screens[stuff->screen]->blackPixel;
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0015-Fix-for-CVE-2007-6427-Xinput-extension-memory-corr.patch b/x11-base/xorg-server/files/1.4.0.90/0015-Fix-for-CVE-2007-6427-Xinput-extension-memory-corr.patch
new file mode 100644
index 000000000000..b69a980f7f76
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0015-Fix-for-CVE-2007-6427-Xinput-extension-memory-corr.patch
@@ -0,0 +1,262 @@
+From d244c8272e0ac47c41a9416e37293903b842a78b Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@bluenote.herrb.com>
+Date: Thu, 17 Jan 2008 15:27:34 +0100
+Subject: [PATCH] Fix for CVE-2007-6427 - Xinput extension memory corruption.
+
+---
+ Xi/chgfctl.c | 7 +------
+ Xi/chgkmap.c | 13 ++++++-------
+ Xi/chgprop.c | 10 +++-------
+ Xi/grabdev.c | 12 +++++-------
+ Xi/grabdevb.c | 10 +++-------
+ Xi/grabdevk.c | 9 ++-------
+ Xi/selectev.c | 11 ++++-------
+ Xi/sendexev.c | 14 ++++++++------
+ 8 files changed, 32 insertions(+), 54 deletions(-)
+
+diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c
+index 2e0e13c..235d659 100644
+--- a/Xi/chgfctl.c
++++ b/Xi/chgfctl.c
+@@ -327,18 +327,13 @@ ChangeStringFeedback(ClientPtr client, DeviceIntPtr dev,
+ xStringFeedbackCtl * f)
+ {
+ char n;
+- long *p;
+ int i, j;
+ KeySym *syms, *sup_syms;
+
+ syms = (KeySym *) (f + 1);
+ if (client->swapped) {
+ swaps(&f->length, n); /* swapped num_keysyms in calling proc */
+- p = (long *)(syms);
+- for (i = 0; i < f->num_keysyms; i++) {
+- swapl(p, n);
+- p++;
+- }
++ SwapLongs((CARD32 *) syms, f->num_keysyms);
+ }
+
+ if (f->num_keysyms > s->ctrl.max_symbols) {
+diff --git a/Xi/chgkmap.c b/Xi/chgkmap.c
+index eac520f..f8f85bc 100644
+--- a/Xi/chgkmap.c
++++ b/Xi/chgkmap.c
+@@ -79,18 +79,14 @@ int
+ SProcXChangeDeviceKeyMapping(ClientPtr client)
+ {
+ char n;
+- long *p;
+- int i, count;
++ unsigned int count;
+
+ REQUEST(xChangeDeviceKeyMappingReq);
+ swaps(&stuff->length, n);
+ REQUEST_AT_LEAST_SIZE(xChangeDeviceKeyMappingReq);
+- p = (long *)&stuff[1];
+ count = stuff->keyCodes * stuff->keySymsPerKeyCode;
+- for (i = 0; i < count; i++) {
+- swapl(p, n);
+- p++;
+- }
++ REQUEST_FIXED_SIZE(xChangeDeviceKeyMappingReq, count * sizeof(CARD32));
++ SwapLongs((CARD32 *) (&stuff[1]), count);
+ return (ProcXChangeDeviceKeyMapping(client));
+ }
+
+@@ -106,10 +102,13 @@ ProcXChangeDeviceKeyMapping(ClientPtr client)
+ int ret;
+ unsigned len;
+ DeviceIntPtr dev;
++ unsigned int count;
+
+ REQUEST(xChangeDeviceKeyMappingReq);
+ REQUEST_AT_LEAST_SIZE(xChangeDeviceKeyMappingReq);
+
++ count = stuff->keyCodes * stuff->keySymsPerKeyCode;
++ REQUEST_FIXED_SIZE(xChangeDeviceKeyMappingReq, count * sizeof(CARD32));
+ dev = LookupDeviceIntRec(stuff->deviceid);
+ if (dev == NULL) {
+ SendErrorToClient(client, IReqCode, X_ChangeDeviceKeyMapping, 0,
+diff --git a/Xi/chgprop.c b/Xi/chgprop.c
+index 59a93c6..21bda5b 100644
+--- a/Xi/chgprop.c
++++ b/Xi/chgprop.c
+@@ -81,19 +81,15 @@ int
+ SProcXChangeDeviceDontPropagateList(ClientPtr client)
+ {
+ char n;
+- long *p;
+- int i;
+
+ REQUEST(xChangeDeviceDontPropagateListReq);
+ swaps(&stuff->length, n);
+ REQUEST_AT_LEAST_SIZE(xChangeDeviceDontPropagateListReq);
+ swapl(&stuff->window, n);
+ swaps(&stuff->count, n);
+- p = (long *)&stuff[1];
+- for (i = 0; i < stuff->count; i++) {
+- swapl(p, n);
+- p++;
+- }
++ REQUEST_FIXED_SIZE(xChangeDeviceDontPropagateListReq,
++ stuff->count * sizeof(CARD32));
++ SwapLongs((CARD32 *) (&stuff[1]), stuff->count);
+ return (ProcXChangeDeviceDontPropagateList(client));
+ }
+
+diff --git a/Xi/grabdev.c b/Xi/grabdev.c
+index e2809ef..d0b4ae7 100644
+--- a/Xi/grabdev.c
++++ b/Xi/grabdev.c
+@@ -82,8 +82,6 @@ int
+ SProcXGrabDevice(ClientPtr client)
+ {
+ char n;
+- long *p;
+- int i;
+
+ REQUEST(xGrabDeviceReq);
+ swaps(&stuff->length, n);
+@@ -91,11 +89,11 @@ SProcXGrabDevice(ClientPtr client)
+ swapl(&stuff->grabWindow, n);
+ swapl(&stuff->time, n);
+ swaps(&stuff->event_count, n);
+- p = (long *)&stuff[1];
+- for (i = 0; i < stuff->event_count; i++) {
+- swapl(p, n);
+- p++;
+- }
++
++ if (stuff->length != (sizeof(xGrabDeviceReq) >> 2) + stuff->event_count)
++ return BadLength;
++
++ SwapLongs((CARD32 *) (&stuff[1]), stuff->event_count);
+
+ return (ProcXGrabDevice(client));
+ }
+diff --git a/Xi/grabdevb.c b/Xi/grabdevb.c
+index df62d0c..18db1f7 100644
+--- a/Xi/grabdevb.c
++++ b/Xi/grabdevb.c
+@@ -80,8 +80,6 @@ int
+ SProcXGrabDeviceButton(ClientPtr client)
+ {
+ char n;
+- long *p;
+- int i;
+
+ REQUEST(xGrabDeviceButtonReq);
+ swaps(&stuff->length, n);
+@@ -89,11 +87,9 @@ SProcXGrabDeviceButton(ClientPtr client)
+ swapl(&stuff->grabWindow, n);
+ swaps(&stuff->modifiers, n);
+ swaps(&stuff->event_count, n);
+- p = (long *)&stuff[1];
+- for (i = 0; i < stuff->event_count; i++) {
+- swapl(p, n);
+- p++;
+- }
++ REQUEST_FIXED_SIZE(xGrabDeviceButtonReq,
++ stuff->event_count * sizeof(CARD32));
++ SwapLongs((CARD32 *) (&stuff[1]), stuff->event_count);
+
+ return (ProcXGrabDeviceButton(client));
+ }
+diff --git a/Xi/grabdevk.c b/Xi/grabdevk.c
+index b74592f..429b2f7 100644
+--- a/Xi/grabdevk.c
++++ b/Xi/grabdevk.c
+@@ -80,8 +80,6 @@ int
+ SProcXGrabDeviceKey(ClientPtr client)
+ {
+ char n;
+- long *p;
+- int i;
+
+ REQUEST(xGrabDeviceKeyReq);
+ swaps(&stuff->length, n);
+@@ -89,11 +87,8 @@ SProcXGrabDeviceKey(ClientPtr client)
+ swapl(&stuff->grabWindow, n);
+ swaps(&stuff->modifiers, n);
+ swaps(&stuff->event_count, n);
+- p = (long *)&stuff[1];
+- for (i = 0; i < stuff->event_count; i++) {
+- swapl(p, n);
+- p++;
+- }
++ REQUEST_FIXED_SIZE(xGrabDeviceKeyReq, stuff->event_count * sizeof(CARD32));
++ SwapLongs((CARD32 *) (&stuff[1]), stuff->event_count);
+ return (ProcXGrabDeviceKey(client));
+ }
+
+diff --git a/Xi/selectev.c b/Xi/selectev.c
+index d52db1b..19415c5 100644
+--- a/Xi/selectev.c
++++ b/Xi/selectev.c
+@@ -131,19 +131,16 @@ int
+ SProcXSelectExtensionEvent(ClientPtr client)
+ {
+ char n;
+- long *p;
+- int i;
+
+ REQUEST(xSelectExtensionEventReq);
+ swaps(&stuff->length, n);
+ REQUEST_AT_LEAST_SIZE(xSelectExtensionEventReq);
+ swapl(&stuff->window, n);
+ swaps(&stuff->count, n);
+- p = (long *)&stuff[1];
+- for (i = 0; i < stuff->count; i++) {
+- swapl(p, n);
+- p++;
+- }
++ REQUEST_FIXED_SIZE(xSelectExtensionEventReq,
++ stuff->count * sizeof(CARD32));
++ SwapLongs((CARD32 *) (&stuff[1]), stuff->count);
++
+ return (ProcXSelectExtensionEvent(client));
+ }
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index eac9abe..9803cf3 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -83,7 +83,7 @@ int
+ SProcXSendExtensionEvent(ClientPtr client)
+ {
+ char n;
+- long *p;
++ CARD32 *p;
+ int i;
+ xEvent eventT;
+ xEvent *eventP;
+@@ -94,6 +94,11 @@ SProcXSendExtensionEvent(ClientPtr client)
+ REQUEST_AT_LEAST_SIZE(xSendExtensionEventReq);
+ swapl(&stuff->destination, n);
+ swaps(&stuff->count, n);
++
++ if (stuff->length != (sizeof(xSendExtensionEventReq) >> 2) + stuff->count +
++ (stuff->num_events * (sizeof(xEvent) >> 2)))
++ return BadLength;
++
+ eventP = (xEvent *) & stuff[1];
+ for (i = 0; i < stuff->num_events; i++, eventP++) {
+ proc = EventSwapVector[eventP->u.u.type & 0177];
+@@ -103,11 +108,8 @@ SProcXSendExtensionEvent(ClientPtr client)
+ *eventP = eventT;
+ }
+
+- p = (long *)(((xEvent *) & stuff[1]) + stuff->num_events);
+- for (i = 0; i < stuff->count; i++) {
+- swapl(p, n);
+- p++;
+- }
++ p = (CARD32 *)(((xEvent *) & stuff[1]) + stuff->num_events);
++ SwapLongs(p, stuff->count);
+ return (ProcXSendExtensionEvent(client));
+ }
+
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0016-Fix-for-CVE-2007-6429-MIT-SHM-and-EVI-extensions-i.patch b/x11-base/xorg-server/files/1.4.0.90/0016-Fix-for-CVE-2007-6429-MIT-SHM-and-EVI-extensions-i.patch
new file mode 100644
index 000000000000..48448dd550ba
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0016-Fix-for-CVE-2007-6429-MIT-SHM-and-EVI-extensions-i.patch
@@ -0,0 +1,210 @@
+From 8b14f7b74284900b95a319ec80c4333e63af2296 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@bluenote.herrb.com>
+Date: Thu, 17 Jan 2008 15:28:42 +0100
+Subject: [PATCH] Fix for CVE-2007-6429 - MIT-SHM and EVI extensions integer overflows.
+
+---
+ Xext/EVI.c | 15 ++++++++++++++-
+ Xext/sampleEVI.c | 29 ++++++++++++++++++++++++-----
+ Xext/shm.c | 46 ++++++++++++++++++++++++++++++++++++++--------
+ 3 files changed, 76 insertions(+), 14 deletions(-)
+
+diff --git a/Xext/EVI.c b/Xext/EVI.c
+index 8fe3481..13bd32a 100644
+--- a/Xext/EVI.c
++++ b/Xext/EVI.c
+@@ -34,6 +34,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ #include <X11/extensions/XEVIstr.h>
+ #include "EVIstruct.h"
+ #include "modinit.h"
++#include "scrnintstr.h"
+
+ #if 0
+ static unsigned char XEVIReqCode = 0;
+@@ -87,10 +88,22 @@ ProcEVIGetVisualInfo(ClientPtr client)
+ {
+ REQUEST(xEVIGetVisualInfoReq);
+ xEVIGetVisualInfoReply rep;
+- int n, n_conflict, n_info, sz_info, sz_conflict;
++ int i, n, n_conflict, n_info, sz_info, sz_conflict;
+ VisualID32 *conflict;
++ unsigned int total_visuals = 0;
+ xExtendedVisualInfo *eviInfo;
+ int status;
++
++ /*
++ * do this first, otherwise REQUEST_FIXED_SIZE can overflow. we assume
++ * here that you don't have more than 2^32 visuals over all your screens;
++ * this seems like a safe assumption.
++ */
++ for (i = 0; i < screenInfo.numScreens; i++)
++ total_visuals += screenInfo.screens[i]->numVisuals;
++ if (stuff->n_visual > total_visuals)
++ return BadValue;
++
+ REQUEST_FIXED_SIZE(xEVIGetVisualInfoReq, stuff->n_visual * sz_VisualID32);
+ status = eviPriv->getVisualInfo((VisualID32 *)&stuff[1], (int)stuff->n_visual,
+ &eviInfo, &n_info, &conflict, &n_conflict);
+diff --git a/Xext/sampleEVI.c b/Xext/sampleEVI.c
+index 7508aa7..b871bfd 100644
+--- a/Xext/sampleEVI.c
++++ b/Xext/sampleEVI.c
+@@ -34,6 +34,13 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ #include <X11/extensions/XEVIstr.h>
+ #include "EVIstruct.h"
+ #include "scrnintstr.h"
++
++#if HAVE_STDINT_H
++#include <stdint.h>
++#elif !defined(UINT32_MAX)
++#define UINT32_MAX 0xffffffffU
++#endif
++
+ static int sampleGetVisualInfo(
+ VisualID32 *visual,
+ int n_visual,
+@@ -42,24 +49,36 @@ static int sampleGetVisualInfo(
+ VisualID32 **conflict_rn,
+ int *n_conflict_rn)
+ {
+- int max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens;
++ unsigned int max_sz_evi;
+ VisualID32 *temp_conflict;
+ xExtendedVisualInfo *evi;
+- int max_visuals = 0, max_sz_conflict, sz_conflict = 0;
++ unsigned int max_visuals = 0, max_sz_conflict, sz_conflict = 0;
+ register int visualI, scrI, sz_evi = 0, conflictI, n_conflict;
+- *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi);
+- if (!*evi_rn)
+- return BadAlloc;
++
++ if (n_visual > UINT32_MAX/(sz_xExtendedVisualInfo * screenInfo.numScreens))
++ return BadAlloc;
++ max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens;
++
+ for (scrI = 0; scrI < screenInfo.numScreens; scrI++) {
+ if (screenInfo.screens[scrI]->numVisuals > max_visuals)
+ max_visuals = screenInfo.screens[scrI]->numVisuals;
+ }
++
++ if (n_visual > UINT32_MAX/(sz_VisualID32 * screenInfo.numScreens
++ * max_visuals))
++ return BadAlloc;
+ max_sz_conflict = n_visual * sz_VisualID32 * screenInfo.numScreens * max_visuals;
++
++ *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi);
++ if (!*evi_rn)
++ return BadAlloc;
++
+ temp_conflict = (VisualID32 *)xalloc(max_sz_conflict);
+ if (!temp_conflict) {
+ xfree(*evi_rn);
+ return BadAlloc;
+ }
++
+ for (scrI = 0; scrI < screenInfo.numScreens; scrI++) {
+ for (visualI = 0; visualI < n_visual; visualI++) {
+ evi[sz_evi].core_visual_id = visual[visualI];
+diff --git a/Xext/shm.c b/Xext/shm.c
+index ac587be..5633be9 100644
+--- a/Xext/shm.c
++++ b/Xext/shm.c
+@@ -711,6 +711,8 @@ ProcPanoramiXShmCreatePixmap(
+ int i, j, result, rc;
+ ShmDescPtr shmdesc;
+ REQUEST(xShmCreatePixmapReq);
++ unsigned int width, height, depth;
++ unsigned long size;
+ PanoramiXRes *newPix;
+
+ REQUEST_SIZE_MATCH(xShmCreatePixmapReq);
+@@ -724,11 +726,26 @@ ProcPanoramiXShmCreatePixmap(
+ return rc;
+
+ VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client);
+- if (!stuff->width || !stuff->height)
++
++ width = stuff->width;
++ height = stuff->height;
++ depth = stuff->depth;
++ if (!width || !height || !depth)
+ {
+ client->errorValue = 0;
+ return BadValue;
+ }
++ if (width > 32767 || height > 32767)
++ return BadAlloc;
++ size = PixmapBytePad(width, depth) * height;
++ if (sizeof(size) == 4) {
++ if (size < width * height)
++ return BadAlloc;
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
++ }
++
+ if (stuff->depth != 1)
+ {
+ pDepth = pDraw->pScreen->allowedDepths;
+@@ -739,9 +756,7 @@ ProcPanoramiXShmCreatePixmap(
+ return BadValue;
+ }
+ CreatePmap:
+- VERIFY_SHMSIZE(shmdesc, stuff->offset,
+- PixmapBytePad(stuff->width, stuff->depth) * stuff->height,
+- client);
++ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+
+ if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes))))
+ return BadAlloc;
+@@ -1040,6 +1055,8 @@ ProcShmCreatePixmap(client)
+ register int i, rc;
+ ShmDescPtr shmdesc;
+ REQUEST(xShmCreatePixmapReq);
++ unsigned int width, height, depth;
++ unsigned long size;
+
+ REQUEST_SIZE_MATCH(xShmCreatePixmapReq);
+ client->errorValue = stuff->pid;
+@@ -1052,11 +1069,26 @@ ProcShmCreatePixmap(client)
+ return rc;
+
+ VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client);
+- if (!stuff->width || !stuff->height)
++
++ width = stuff->width;
++ height = stuff->height;
++ depth = stuff->depth;
++ if (!width || !height || !depth)
+ {
+ client->errorValue = 0;
+ return BadValue;
+ }
++ if (width > 32767 || height > 32767)
++ return BadAlloc;
++ size = PixmapBytePad(width, depth) * height;
++ if (sizeof(size) == 4) {
++ if (size < width * height)
++ return BadAlloc;
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
++ }
++
+ if (stuff->depth != 1)
+ {
+ pDepth = pDraw->pScreen->allowedDepths;
+@@ -1067,9 +1099,7 @@ ProcShmCreatePixmap(client)
+ return BadValue;
+ }
+ CreatePmap:
+- VERIFY_SHMSIZE(shmdesc, stuff->offset,
+- PixmapBytePad(stuff->width, stuff->depth) * stuff->height,
+- client);
++ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+ pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
+ pDraw->pScreen, stuff->width,
+ stuff->height, stuff->depth,
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0017-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch b/x11-base/xorg-server/files/1.4.0.90/0017-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch
new file mode 100644
index 000000000000..c16294c055f4
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0017-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch
@@ -0,0 +1,30 @@
+From f09b8007e7f6e60e0b9c9665ec632b578ae08b6f Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@bluenote.herrb.com>
+Date: Thu, 17 Jan 2008 15:29:06 +0100
+Subject: [PATCH] Fix for CVE-2008-0006 - PCF Font parser buffer overflow.
+
+---
+ dix/dixfonts.c | 7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/dix/dixfonts.c b/dix/dixfonts.c
+index c21b3ec..7bb2404 100644
+--- a/dix/dixfonts.c
++++ b/dix/dixfonts.c
+@@ -325,6 +325,13 @@ doOpenFont(ClientPtr client, OFclosurePtr c)
+ err = BadFontName;
+ goto bail;
+ }
++ /* check values for firstCol, lastCol, firstRow, and lastRow */
++ if (pfont->info.firstCol > pfont->info.lastCol ||
++ pfont->info.firstRow > pfont->info.lastRow ||
++ pfont->info.lastCol - pfont->info.firstCol > 255) {
++ err = AllocError;
++ goto bail;
++ }
+ if (!pfont->fpe)
+ pfont->fpe = fpe;
+ pfont->refcnt++;
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0018-Fix-for-CVE-2007-5958-File-existence-disclosure.patch b/x11-base/xorg-server/files/1.4.0.90/0018-Fix-for-CVE-2007-5958-File-existence-disclosure.patch
new file mode 100644
index 000000000000..889e57adc3e7
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0018-Fix-for-CVE-2007-5958-File-existence-disclosure.patch
@@ -0,0 +1,34 @@
+From 19b95cdd1d14a1e7d1abba1880ab023c96f19bf5 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@bluenote.herrb.com>
+Date: Thu, 17 Jan 2008 17:03:39 +0100
+Subject: [PATCH] Fix for CVE-2007-5958 - File existence disclosure.
+
+---
+ Xext/security.c | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Xext/security.c b/Xext/security.c
+index ba057de..e9d48c9 100644
+--- a/Xext/security.c
++++ b/Xext/security.c
+@@ -1563,7 +1563,7 @@ SecurityLoadPropertyAccessList(void)
+ if (!SecurityPolicyFile)
+ return;
+
+- f = fopen(SecurityPolicyFile, "r");
++ f = Fopen(SecurityPolicyFile, "r");
+ if (!f)
+ {
+ ErrorF("error opening security policy file %s\n",
+@@ -1646,7 +1646,7 @@ SecurityLoadPropertyAccessList(void)
+ }
+ #endif /* PROPDEBUG */
+
+- fclose(f);
++ Fclose(f);
+ } /* SecurityLoadPropertyAccessList */
+
+
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0019-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch b/x11-base/xorg-server/files/1.4.0.90/0019-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch
new file mode 100644
index 000000000000..bd5758fbf908
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0019-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch
@@ -0,0 +1,86 @@
+From b6d4cdf64f43ae805beada6122c8be2ed138742c Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Fri, 18 Jan 2008 14:41:20 -0500
+Subject: [PATCH] CVE-2007-6429: Don't spuriously reject <8bpp shm pixmaps.
+
+Move size validation after depth validation, and only validate size if
+the bpp of the pixmap format is > 8. If bpp < 8 then we're already
+protected from overflow by the width and height checks.
+(cherry picked from commit e9fa7c1c88a8130a48f772c92b186b8b777986b5)
+---
+ Xext/shm.c | 36 ++++++++++++++++++++----------------
+ 1 files changed, 20 insertions(+), 16 deletions(-)
+
+diff --git a/Xext/shm.c b/Xext/shm.c
+index 5633be9..6f99e90 100644
+--- a/Xext/shm.c
++++ b/Xext/shm.c
+@@ -737,14 +737,6 @@ ProcPanoramiXShmCreatePixmap(
+ }
+ if (width > 32767 || height > 32767)
+ return BadAlloc;
+- size = PixmapBytePad(width, depth) * height;
+- if (sizeof(size) == 4) {
+- if (size < width * height)
+- return BadAlloc;
+- /* thankfully, offset is unsigned */
+- if (stuff->offset + size < size)
+- return BadAlloc;
+- }
+
+ if (stuff->depth != 1)
+ {
+@@ -755,7 +747,17 @@ ProcPanoramiXShmCreatePixmap(
+ client->errorValue = stuff->depth;
+ return BadValue;
+ }
++
+ CreatePmap:
++ size = PixmapBytePad(width, depth) * height;
++ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
++ if (size < width * height)
++ return BadAlloc;
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
++ }
++
+ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+
+ if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes))))
+@@ -1080,14 +1082,6 @@ ProcShmCreatePixmap(client)
+ }
+ if (width > 32767 || height > 32767)
+ return BadAlloc;
+- size = PixmapBytePad(width, depth) * height;
+- if (sizeof(size) == 4) {
+- if (size < width * height)
+- return BadAlloc;
+- /* thankfully, offset is unsigned */
+- if (stuff->offset + size < size)
+- return BadAlloc;
+- }
+
+ if (stuff->depth != 1)
+ {
+@@ -1098,7 +1092,17 @@ ProcShmCreatePixmap(client)
+ client->errorValue = stuff->depth;
+ return BadValue;
+ }
++
+ CreatePmap:
++ size = PixmapBytePad(width, depth) * height;
++ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
++ if (size < width * height)
++ return BadAlloc;
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
++ }
++
+ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+ pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
+ pDraw->pScreen, stuff->width,
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0020-dix-set-the-correct-number-of-valuators-in-valuator.patch b/x11-base/xorg-server/files/1.4.0.90/0020-dix-set-the-correct-number-of-valuators-in-valuator.patch
new file mode 100644
index 000000000000..12bdac48926c
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0020-dix-set-the-correct-number-of-valuators-in-valuator.patch
@@ -0,0 +1,29 @@
+From e98027c3ac7195fec665ef393d980b02870ca1b8 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter@cs.unisa.edu.au>
+Date: Tue, 18 Dec 2007 13:57:07 +1030
+Subject: [PATCH] dix: set the correct number of valuators in valuator events.
+
+(first_valuator + num_valuators) must never be larger than the number of axes,
+otherwise DIX freaks out. And from looking at libXI, anything larger than 6 is
+wrong too.
+(cherry picked from commit 9f6ae61ad12cc2813d04405458e1ca5aed8a539e)
+---
+ dix/getevents.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/dix/getevents.c b/dix/getevents.c
+index 12d8189..b7ba69b 100644
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -344,7 +344,7 @@ getValuatorEvents(xEvent *events, DeviceIntPtr pDev, int first_valuator,
+ for (i = first_valuator; i < final_valuator; i += 6, xv++, events++) {
+ xv->type = DeviceValuator;
+ xv->first_valuator = i;
+- xv->num_valuators = num_valuators;
++ xv->num_valuators = ((num_valuators - i) > 6) ? 6 : (num_valuators - i);
+ xv->deviceid = pDev->id;
+ switch (final_valuator - i) {
+ case 6:
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0021-xkb-don-t-update-LEDs-if-they-don-t-exist.-Bug-13.patch b/x11-base/xorg-server/files/1.4.0.90/0021-xkb-don-t-update-LEDs-if-they-don-t-exist.-Bug-13.patch
new file mode 100644
index 000000000000..5bbcfc33dcc5
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0021-xkb-don-t-update-LEDs-if-they-don-t-exist.-Bug-13.patch
@@ -0,0 +1,31 @@
+From bc72ef3a159efd67067322c043bba444869dc356 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter@cs.unisa.edu.au>
+Date: Wed, 30 Jan 2008 10:39:54 +1030
+Subject: [PATCH] xkb: don't update LEDs if they don't exist. (Bug #13961)
+
+In some weird cases we call this function when there is no SrvLedInfo on the
+device. And it turns out null-pointer dereferences are bad.
+
+X.Org Bug 13961 <http://bugs.freedesktop.org/show_bug.cgi?id=13961>
+(cherry picked from commit d954f9c80348de294602d931d387e5cd1ef4b9a5)
+---
+ xkb/xkbLEDs.c | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/xkb/xkbLEDs.c b/xkb/xkbLEDs.c
+index d607d90..d28973c 100644
+--- a/xkb/xkbLEDs.c
++++ b/xkb/xkbLEDs.c
+@@ -63,6 +63,9 @@ XkbSrvLedInfoPtr sli;
+
+ sli= XkbFindSrvLedInfo(dev,XkbDfltXIClass,XkbDfltXIId,0);
+
++ if (!sli)
++ return update;
++
+ if (state_changes&(XkbModifierStateMask|XkbGroupStateMask))
+ update|= sli->usesEffective;
+ if (state_changes&(XkbModifierBaseMask|XkbGroupBaseMask))
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0022-security-Fix-for-Bug-14480-untrusted-access-broke.patch b/x11-base/xorg-server/files/1.4.0.90/0022-security-Fix-for-Bug-14480-untrusted-access-broke.patch
new file mode 100644
index 000000000000..0df2277305d0
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0022-security-Fix-for-Bug-14480-untrusted-access-broke.patch
@@ -0,0 +1,25 @@
+From 74b40bba327a2e97780e8e3f995f784add2d6231 Mon Sep 17 00:00:00 2001
+From: Eamon Walsh <ewalsh@tycho.nsa.gov>
+Date: Thu, 14 Feb 2008 19:47:44 -0500
+Subject: [PATCH] security: Fix for Bug #14480: untrusted access broken in 7.3.
+
+---
+ Xext/security.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/Xext/security.c b/Xext/security.c
+index e9d48c9..14ad354 100644
+--- a/Xext/security.c
++++ b/Xext/security.c
+@@ -1014,7 +1014,7 @@ CALLBACK(SecurityCheckResourceIDAccess)
+ }
+ else /* server-owned resource - probably a default colormap or root window */
+ {
+- if (RT_WINDOW == rtype || RC_DRAWABLE == rtype)
++ if (RC_DRAWABLE & rtype)
+ {
+ switch (reqtype)
+ { /* the following operations are allowed on root windows */
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0023-Resize-composite-overlay-window-when-the-root-window.patch b/x11-base/xorg-server/files/1.4.0.90/0023-Resize-composite-overlay-window-when-the-root-window.patch
new file mode 100644
index 000000000000..53864528fa3d
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0023-Resize-composite-overlay-window-when-the-root-window.patch
@@ -0,0 +1,62 @@
+From 3db5930c61aeb849de3b21e7ba0d86d3c0cf72bb Mon Sep 17 00:00:00 2001
+From: Maarten Maathuis <madman2003@gmail.com>
+Date: Sun, 17 Feb 2008 11:21:01 +0100
+Subject: [PATCH] Resize composite overlay window when the root window changes.
+
+- This allows some compositing managers to work, even after randr12 has changed the root window size.
+- Thanks to ajax for figuring out the best place to put this.
+- Example:
+ - xf86RandR12SetMode() calls EnableDisableFBAccess().
+ - That calls xf86SetRootClip() which in turn calls ResizeChildrenWinSize().
+ - The final step is the call to PositionWindow().
+(cherry picked from commit 70c0592a97c7dc9db0576d32b3bdbe4766520509)
+---
+ composite/compwindow.c | 25 +++++++++++++++++++++++++
+ 1 files changed, 25 insertions(+), 0 deletions(-)
+
+diff --git a/composite/compwindow.c b/composite/compwindow.c
+index bfd2946..33192ad 100644
+--- a/composite/compwindow.c
++++ b/composite/compwindow.c
+@@ -165,6 +165,29 @@ compCheckRedirect (WindowPtr pWin)
+ return TRUE;
+ }
+
++static int
++updateOverlayWindow(ScreenPtr pScreen)
++{
++ CompScreenPtr cs;
++ WindowPtr pWin; /* overlay window */
++ XID vlist[2];
++
++ cs = GetCompScreen(pScreen);
++ if ((pWin = cs->pOverlayWin) != NULL) {
++ if ((pWin->drawable.width == pScreen->width) &&
++ (pWin->drawable.height == pScreen->height))
++ return Success;
++
++ /* Let's resize the overlay window. */
++ vlist[0] = pScreen->width;
++ vlist[1] = pScreen->height;
++ return ConfigureWindow(pWin, CWWidth | CWHeight, vlist, wClient(pWin));
++ }
++
++ /* Let's be on the safe side and not assume an overlay window is always allocated. */
++ return Success;
++}
++
+ Bool
+ compPositionWindow (WindowPtr pWin, int x, int y)
+ {
+@@ -203,6 +226,8 @@ compPositionWindow (WindowPtr pWin, int x, int y)
+ cs->PositionWindow = pScreen->PositionWindow;
+ pScreen->PositionWindow = compPositionWindow;
+ compCheckTree (pWin->drawable.pScreen);
++ if (updateOverlayWindow(pScreen) != Success)
++ ret = FALSE;
+ return ret;
+ }
+
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0024-Fix-rotation-for-multi-monitor-situation.patch b/x11-base/xorg-server/files/1.4.0.90/0024-Fix-rotation-for-multi-monitor-situation.patch
new file mode 100644
index 000000000000..33a9cc04f728
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0024-Fix-rotation-for-multi-monitor-situation.patch
@@ -0,0 +1,31 @@
+From dc30ade6496c7cc24e38c419e229159525fe042f Mon Sep 17 00:00:00 2001
+From: Maarten Maathuis <madman2003@gmail.com>
+Date: Sun, 17 Feb 2008 18:47:28 +0100
+Subject: [PATCH] Fix rotation for multi-monitor situation.
+
+- The (x,y)-coordinates of the crtc were not being passed as xFixed values, which made it an obscure bug to find.
+- Fix bug #13787.
+(cherry picked from commit a48cc88ea2674c28b69b8d738b168cbafcf4001f)
+---
+ hw/xfree86/modes/xf86Rotate.c | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xfree86/modes/xf86Rotate.c b/hw/xfree86/modes/xf86Rotate.c
+index 380478f..dd0e659 100644
+--- a/hw/xfree86/modes/xf86Rotate.c
++++ b/hw/xfree86/modes/xf86Rotate.c
+@@ -579,9 +579,9 @@ xf86CrtcRotate (xf86CrtcPtr crtc, DisplayModePtr mode, Rotation rotation)
+ }
+ else
+ {
+- PictureTransformTranslate (&crtc_to_fb, &fb_to_crtc, crtc->x, crtc->y);
++ PictureTransformTranslate (&crtc_to_fb, &fb_to_crtc, F(crtc->x), F(crtc->y));
+ PictureTransformIsInverse ("offset", &crtc_to_fb, &fb_to_crtc);
+-
++
+ /*
+ * these are the size of the shadow pixmap, which
+ * matches the mode, not the pre-rotated copy in the
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0025-Don-t-break-grab-and-focus-state-for-a-window-when-r.patch b/x11-base/xorg-server/files/1.4.0.90/0025-Don-t-break-grab-and-focus-state-for-a-window-when-r.patch
new file mode 100644
index 000000000000..9e5904dd2110
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0025-Don-t-break-grab-and-focus-state-for-a-window-when-r.patch
@@ -0,0 +1,40 @@
+From bcbfd619f8da888224afd80ee3a2db7d500523eb Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Kristian=20H=C3=B8gsberg?= <krh@redhat.com>
+Date: Wed, 16 Jan 2008 20:24:11 -0500
+Subject: [PATCH] Don't break grab and focus state for a window when redirecting it.
+
+Composite uses an unmap/map cycle to trigger backing pixmap allocation
+and cliprect recomputation when a window is redirected or unredirected.
+To avoid protocol visible side effects, map and unmap events are
+disabled temporarily. However, when a window is unmapped it is also
+removed from grabs and loses focus, but these state changes are not
+disabled.
+
+This change supresses the unmap side effects during the composite
+unmap/map cycle and fixes this bug:
+
+ http://bugzilla.gnome.org/show_bug.cgi?id=488264
+
+where compiz would cause gnome-screensaver to lose its grab when
+compiz unredirects the fullscreen lock window.
+---
+ dix/window.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/dix/window.c b/dix/window.c
+index be4ea2c..961c02a 100644
+--- a/dix/window.c
++++ b/dix/window.c
+@@ -3023,7 +3023,8 @@ UnrealizeTree(
+ }
+ #endif
+ (* Unrealize)(pChild);
+- DeleteWindowFromAnyEvents(pChild, FALSE);
++ if (MapUnmapEventsEnabled(pWin))
++ DeleteWindowFromAnyEvents(pChild, FALSE);
+ if (pChild->viewable)
+ {
+ #ifdef DO_SAVE_UNDERS
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0026-CVE-2007-6429-Always-test-for-size-offset-wrapping.patch b/x11-base/xorg-server/files/1.4.0.90/0026-CVE-2007-6429-Always-test-for-size-offset-wrapping.patch
new file mode 100644
index 000000000000..aa4900834e0d
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0026-CVE-2007-6429-Always-test-for-size-offset-wrapping.patch
@@ -0,0 +1,44 @@
+From 44f46bfb981ca69515dafc520f62f33654711194 Mon Sep 17 00:00:00 2001
+From: Matthias Hopf <mhopf@suse.de>
+Date: Mon, 21 Jan 2008 16:13:21 +0100
+Subject: [PATCH] CVE-2007-6429: Always test for size+offset wrapping.
+
+---
+ Xext/shm.c | 12 ++++++------
+ 1 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/Xext/shm.c b/Xext/shm.c
+index 6f99e90..376f123 100644
+--- a/Xext/shm.c
++++ b/Xext/shm.c
+@@ -753,10 +753,10 @@ CreatePmap:
+ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
+ if (size < width * height)
+ return BadAlloc;
+- /* thankfully, offset is unsigned */
+- if (stuff->offset + size < size)
+- return BadAlloc;
+ }
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
+
+ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+
+@@ -1098,10 +1098,10 @@ CreatePmap:
+ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
+ if (size < width * height)
+ return BadAlloc;
+- /* thankfully, offset is unsigned */
+- if (stuff->offset + size < size)
+- return BadAlloc;
+ }
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
+
+ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+ pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0027-Fix-context-sharing-between-direct-indirect-contexts.patch b/x11-base/xorg-server/files/1.4.0.90/0027-Fix-context-sharing-between-direct-indirect-contexts.patch
new file mode 100644
index 000000000000..07642e134f94
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0027-Fix-context-sharing-between-direct-indirect-contexts.patch
@@ -0,0 +1,38 @@
+From a65d4aed06acd839fb21153f74144498abda3e18 Mon Sep 17 00:00:00 2001
+From: Alan Hourihane <alanh@tungstengraphics.com>
+Date: Wed, 27 Feb 2008 16:49:34 +0000
+Subject: [PATCH] Fix context sharing between direct/indirect contexts
+
+---
+ GL/glx/glxdri.c | 8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/GL/glx/glxdri.c b/GL/glx/glxdri.c
+index 685683d..09abca3 100644
+--- a/GL/glx/glxdri.c
++++ b/GL/glx/glxdri.c
+@@ -598,6 +598,9 @@ __glXDRIscreenCreateContext(__GLXscreen *baseScreen,
+ else
+ sharePrivate = NULL;
+
++ if (baseShareContext && baseShareContext->isDirect)
++ return NULL;
++
+ context = xalloc(sizeof *context);
+ if (context == NULL)
+ return NULL;
+@@ -617,6 +620,11 @@ __glXDRIscreenCreateContext(__GLXscreen *baseScreen,
+ 0, /* render type */
+ sharePrivate,
+ &context->driContext);
++
++ if (!context->driContext.private) {
++ xfree(context);
++ return NULL;
++ }
+
+ context->driContext.mode = modes;
+
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0028-Add-some-more-support-for-DragonFly.-From-Joerg-Sonn.patch b/x11-base/xorg-server/files/1.4.0.90/0028-Add-some-more-support-for-DragonFly.-From-Joerg-Sonn.patch
new file mode 100644
index 000000000000..7f1e0dda5d80
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0028-Add-some-more-support-for-DragonFly.-From-Joerg-Sonn.patch
@@ -0,0 +1,83 @@
+From 76b950cd6e03f0060afe463871de4570fca90213 Mon Sep 17 00:00:00 2001
+From: Jeremy C. Reed <reed@glacier.reedmedia.net>
+Date: Thu, 16 Aug 2007 11:20:12 -0500
+Subject: [PATCH] Add some more support for DragonFly. From Joerg Sonnenberger
+ and pkgsrc.
+ (cherry picked from commit 1d4bea6106d7a1c83e1dfe37fad8268589feaa0b)
+
+---
+ Xext/shm.c | 2 +-
+ Xext/xf86bigfont.c | 2 +-
+ hw/xfree86/loader/os.c | 2 ++
+ hw/xfree86/os-support/bus/Pci.h | 2 +-
+ hw/xfree86/os-support/bus/freebsdPci.c | 2 +-
+ 5 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/Xext/shm.c b/Xext/shm.c
+index 376f123..3c0d1ee 100644
+--- a/Xext/shm.c
++++ b/Xext/shm.c
+@@ -154,7 +154,7 @@ static ShmFuncs fbFuncs = {fbShmCreatePixmap, fbShmPutImage};
+ }
+
+
+-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__CYGWIN__)
++#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__CYGWIN__) || defined(__DragonFly__)
+ #include <sys/signal.h>
+
+ static Bool badSysCall = FALSE;
+diff --git a/Xext/xf86bigfont.c b/Xext/xf86bigfont.c
+index f50481f..c2f891a 100644
+--- a/Xext/xf86bigfont.c
++++ b/Xext/xf86bigfont.c
+@@ -104,7 +104,7 @@ static unsigned int pagesize;
+
+ static Bool badSysCall = FALSE;
+
+-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__CYGWIN__)
++#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__CYGWIN__) || defined(__DragonFly__)
+
+ #include <sys/signal.h>
+
+diff --git a/hw/xfree86/loader/os.c b/hw/xfree86/loader/os.c
+index fdddce8..12cf3d8 100644
+--- a/hw/xfree86/loader/os.c
++++ b/hw/xfree86/loader/os.c
+@@ -42,6 +42,8 @@
+ #define OSNAME "linux"
+ #elif defined(__FreeBSD__)
+ #define OSNAME "freebsd"
++#elif defined(__DragonFly__)
++#define OSNAME "dragonfly"
+ #elif defined(__NetBSD__)
+ #define OSNAME "netbsd"
+ #elif defined(__OpenBSD__)
+diff --git a/hw/xfree86/os-support/bus/Pci.h b/hw/xfree86/os-support/bus/Pci.h
+index f0cb916..5ebbdd5 100644
+--- a/hw/xfree86/os-support/bus/Pci.h
++++ b/hw/xfree86/os-support/bus/Pci.h
+@@ -235,7 +235,7 @@
+ # if defined(linux)
+ # define ARCH_PCI_INIT axpPciInit
+ # define INCLUDE_XF86_MAP_PCI_MEM
+-# elif defined(__FreeBSD__) || defined(__OpenBSD__)
++# elif defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
+ # define ARCH_PCI_INIT freebsdPciInit
+ # define INCLUDE_XF86_MAP_PCI_MEM
+ # define INCLUDE_XF86_NO_DOMAIN
+diff --git a/hw/xfree86/os-support/bus/freebsdPci.c b/hw/xfree86/os-support/bus/freebsdPci.c
+index 61cb405..63c00b2 100644
+--- a/hw/xfree86/os-support/bus/freebsdPci.c
++++ b/hw/xfree86/os-support/bus/freebsdPci.c
+@@ -83,7 +83,7 @@ static pciBusInfo_t freebsdPci0 = {
+ /* bridge */ NULL
+ };
+
+-#if !defined(__OpenBSD__) && !defined(__FreeBSD__)
++#if !defined(__OpenBSD__) && !defined(__FreeBSD__) && !defined(__DragonFly__)
+ #if X_BYTE_ORDER == X_BIG_ENDIAN
+ #ifdef __sparc__
+ #ifndef ASI_PL
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0029-configure.ac-DragonFly-BSD-support.patch b/x11-base/xorg-server/files/1.4.0.90/0029-configure.ac-DragonFly-BSD-support.patch
new file mode 100644
index 000000000000..27320bdd19ea
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0029-configure.ac-DragonFly-BSD-support.patch
@@ -0,0 +1,53 @@
+From dd6b0de38d649617600a8357e576955c9b831328 Mon Sep 17 00:00:00 2001
+From: Hasso Tepper <hasso@estpak.ee>
+Date: Mon, 7 Apr 2008 14:09:04 +0300
+Subject: [PATCH] configure.ac: DragonFly BSD support
+
+Add support for DragonFly BSD, which is just the same as FreeBSD for all
+of these cases.
+(cherry picked from commit 0f87b41a432a6472a15ec0c9dee997e3bddbd0f2)
+---
+ configure.ac | 6 ++++--
+ 1 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 72d9819..dfb2950 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -291,6 +291,7 @@ case $host_cpu in
+ darwin*) use_x86_asm="no" ;;
+ *linux*) DEFAULT_INT10=vm86 ;;
+ *freebsd*) AC_DEFINE(USE_DEV_IO) ;;
++ *dragonfly*) AC_DEFINE(USE_DEV_IO) ;;
+ *netbsd*) AC_DEFINE(USE_I386_IOPL)
+ SYS_LIBS=-li386
+ ;;
+@@ -316,6 +317,7 @@ case $host_cpu in
+ case $host_os in
+ darwin*) use_x86_asm="no" ;;
+ *freebsd*) AC_DEFINE(USE_DEV_IO, 1, [BSD /dev/io]) ;;
++ *dragonfly*) AC_DEFINE(USE_DEV_IO, 1, [BSD /dev/io]) ;;
+ *netbsd*) AC_DEFINE(USE_I386_IOPL, 1, [BSD i386 iopl])
+ SYS_LIBS=-lx86_64
+ ;;
+@@ -337,7 +339,7 @@ DRI=no
+ KDRIVE_HW=no
+ dnl it would be nice to autodetect these *CONS_SUPPORTs
+ case $host_os in
+- *freebsd*)
++ *freebsd* | *dragonfly*)
+ case $host_os in
+ kfreebsd*-gnu) ;;
+ *) AC_DEFINE(CSRG_BASED, 1, [System is BSD-like]) ;;
+@@ -1363,7 +1365,7 @@ return 0;}
+ ;;
+ esac
+ ;;
+- freebsd* | kfreebsd*-gnu)
++ freebsd* | kfreebsd*-gnu | dragonfly*)
+ XORG_OS="freebsd"
+ XORG_OS_SUBDIR="bsd"
+ case $host_cpu in
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0030-Fixed-configure.ac-for-autoconf-2.62.patch b/x11-base/xorg-server/files/1.4.0.90/0030-Fixed-configure.ac-for-autoconf-2.62.patch
new file mode 100644
index 000000000000..cd4ba964abb2
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0030-Fixed-configure.ac-for-autoconf-2.62.patch
@@ -0,0 +1,28 @@
+From 9e9eeca2b094fa9edb9c20002d42aeafb14ad1e4 Mon Sep 17 00:00:00 2001
+From: Tilman Sauerbeck <tilman@code-monkey.de>
+Date: Thu, 10 Apr 2008 21:36:19 +0200
+Subject: [PATCH] Fixed configure.ac for autoconf 2.62.
+ (cherry picked from commit 3c337e18b933881e22b0d03312511f1d23a8640b)
+
+---
+ configure.ac | 4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index dfb2950..4841d26 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1964,7 +1964,9 @@ DIX_CFLAGS="-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"
+
+ AC_SUBST([DIX_CFLAGS])
+
+-AC_SUBST([libdir exec_prefix prefix])
++AC_SUBST([libdir])
++AC_SUBST([exec_prefix])
++AC_SUBST([prefix])
+
+ # Man page sections - used in config utils & generating man pages
+ XORG_MANPAGE_SECTIONS
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0031-EXA-Fix-off-by-one-in-polyline-drawing.patch b/x11-base/xorg-server/files/1.4.0.90/0031-EXA-Fix-off-by-one-in-polyline-drawing.patch
new file mode 100644
index 000000000000..07ea963dcb90
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0031-EXA-Fix-off-by-one-in-polyline-drawing.patch
@@ -0,0 +1,26 @@
+From 6afcf996cade0c9464d6af9b04b177b1de138cfd Mon Sep 17 00:00:00 2001
+From: Pierre Willenbrock <pierre@pirsoft.dnsalias.org>
+Date: Tue, 23 Oct 2007 16:45:13 +0200
+Subject: [PATCH] EXA: Fix off-by-one in polyline drawing.
+ (cherry picked from commit d502521c3669f3f22b94c39a64ab63bfd92c6a97)
+
+---
+ exa/exa_accel.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/exa/exa_accel.c b/exa/exa_accel.c
+index aed4e42..e8444c6 100644
+--- a/exa/exa_accel.c
++++ b/exa/exa_accel.c
+@@ -535,7 +535,7 @@ exaPolylines(DrawablePtr pDrawable, GCPtr pGC, int mode, int npt,
+ x1 = ppt[0].x;
+ y1 = ppt[0].y;
+ /* If we have any non-horizontal/vertical, fall back. */
+- for (i = 0; i < npt; i++) {
++ for (i = 0; i < npt - 1; i++) {
+ if (mode == CoordModePrevious) {
+ x2 = x1 + ppt[i + 1].x;
+ y2 = y1 + ppt[i + 1].y;
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0032-XKB-Fix-processInputProc-wrapping.patch b/x11-base/xorg-server/files/1.4.0.90/0032-XKB-Fix-processInputProc-wrapping.patch
new file mode 100644
index 000000000000..e3efcdad3724
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0032-XKB-Fix-processInputProc-wrapping.patch
@@ -0,0 +1,83 @@
+From fdfb57d342da0ace14eed635804ebc31441240c5 Mon Sep 17 00:00:00 2001
+From: Thomas Jaeger <thjaeger@gmail.com>
+Date: Tue, 1 Apr 2008 15:27:06 +0300
+Subject: [PATCH] XKB: Fix processInputProc wrapping
+
+If input processing is frozen, only wrap realInputProc: don't smash
+processInputProc as well. When input processing is thawed, pIP will be
+rewrapped correctly.
+
+This supersedes the previous workaround in 50e80c9.
+
+Signed-off-by: Daniel Stone <daniel@fooishbar.org>
+(cherry picked from commit 37b1258f0a288a79ce6a3eef3559e17a67c4dd96)
+---
+ include/xkbsrv.h | 16 ++++++++++++----
+ xkb/xkbActions.c | 9 ++++-----
+ 2 files changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/include/xkbsrv.h b/include/xkbsrv.h
+index 9174eb6..acf3bb0 100644
+--- a/include/xkbsrv.h
++++ b/include/xkbsrv.h
+@@ -241,6 +241,14 @@ typedef struct _XkbSrvLedInfo {
+ typedef struct
+ {
+ ProcessInputProc processInputProc;
++ /* If processInputProc is set to something different than realInputProc,
++ * UNWRAP and COND_WRAP will not touch processInputProc and update only
++ * realInputProc. This ensures that
++ * processInputProc == (frozen ? EnqueueEvent : realInputProc)
++ *
++ * WRAP_PROCESS_INPUT_PROC should only be called during initialization,
++ * since it may destroy this invariant.
++ */
+ ProcessInputProc realInputProc;
+ DeviceUnwrapProc unwrapProc;
+ } xkbDeviceInfoRec, *xkbDeviceInfoPtr;
+@@ -258,14 +266,14 @@ typedef struct
+ device->public.processInputProc = proc; \
+ oldprocs->processInputProc = \
+ oldprocs->realInputProc = device->public.realInputProc; \
+- if (proc != device->public.enqueueInputProc) \
+- device->public.realInputProc = proc; \
++ device->public.realInputProc = proc; \
+ oldprocs->unwrapProc = device->unwrapProc; \
+ device->unwrapProc = unwrapproc;
+
+ #define UNWRAP_PROCESS_INPUT_PROC(device, oldprocs, backupproc) \
+- backupproc = device->public.processInputProc; \
+- device->public.processInputProc = oldprocs->processInputProc; \
++ backupproc = device->public.realInputProc; \
++ if (device->public.processInputProc == device->public.realInputProc)\
++ device->public.processInputProc = oldprocs->realInputProc; \
+ device->public.realInputProc = oldprocs->realInputProc; \
+ device->unwrapProc = oldprocs->unwrapProc;
+
+diff --git a/xkb/xkbActions.c b/xkb/xkbActions.c
+index 6edac29..59d34c5 100644
+--- a/xkb/xkbActions.c
++++ b/xkb/xkbActions.c
+@@ -50,15 +50,14 @@ xkbUnwrapProc(DeviceIntPtr device, DeviceHandleProc proc,
+ pointer data)
+ {
+ xkbDeviceInfoPtr xkbPrivPtr = XKBDEVICEINFO(device);
+- ProcessInputProc tmp = device->public.processInputProc;
+- ProcessInputProc dummy; /* unused, but neede for macro */
++ ProcessInputProc backupproc;
+ if(xkbPrivPtr->unwrapProc)
+ xkbPrivPtr->unwrapProc = NULL;
+
+- UNWRAP_PROCESS_INPUT_PROC(device,xkbPrivPtr, dummy);
++ UNWRAP_PROCESS_INPUT_PROC(device,xkbPrivPtr, backupproc);
+ proc(device,data);
+- WRAP_PROCESS_INPUT_PROC(device,xkbPrivPtr,
+- tmp,xkbUnwrapProc);
++ COND_WRAP_PROCESS_INPUT_PROC(device,xkbPrivPtr,
++ backupproc,xkbUnwrapProc);
+ }
+
+
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0033-xfree86-fix-AlwaysCore-handling.-Bug-14256.patch b/x11-base/xorg-server/files/1.4.0.90/0033-xfree86-fix-AlwaysCore-handling.-Bug-14256.patch
new file mode 100644
index 000000000000..4f99da55be7b
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0033-xfree86-fix-AlwaysCore-handling.-Bug-14256.patch
@@ -0,0 +1,29 @@
+From ff4006bd5a71d39cc5655679447c5c47a99a2751 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter@cs.unisa.edu.au>
+Date: Tue, 29 Jan 2008 10:01:37 +1030
+Subject: [PATCH] xfree86: fix AlwaysCore handling. (Bug #14256)
+
+Assume AlwaysCore being set by default, just like the other options.
+
+X.Org Bug 14256 <http://bugs.freedesktop.org/show_bug.cgi?id=14256>
+(cherry picked from commit 5b8641a5fdc112c19e78ca2954878712e328d403)
+---
+ hw/xfree86/common/xf86Xinput.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c
+index b939fb7..ca2be5c 100644
+--- a/hw/xfree86/common/xf86Xinput.c
++++ b/hw/xfree86/common/xf86Xinput.c
+@@ -116,7 +116,7 @@ _X_EXPORT void
+ xf86ProcessCommonOptions(LocalDevicePtr local,
+ pointer list)
+ {
+- if (xf86SetBoolOption(list, "AlwaysCore", 0) ||
++ if (!xf86SetBoolOption(list, "AlwaysCore", 1) ||
+ !xf86SetBoolOption(list, "SendCoreEvents", 1) ||
+ !xf86SetBoolOption(list, "CorePointer", 1) ||
+ !xf86SetBoolOption(list, "CoreKeyboard", 1)) {
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0034-Ignore-not-just-block-SIGALRM-around-Popen-Pcl.patch b/x11-base/xorg-server/files/1.4.0.90/0034-Ignore-not-just-block-SIGALRM-around-Popen-Pcl.patch
new file mode 100644
index 000000000000..da020faa9bf0
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0034-Ignore-not-just-block-SIGALRM-around-Popen-Pcl.patch
@@ -0,0 +1,58 @@
+From 6a5066c2e9e872d4ef85ec70745c34d93580177e Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@benzedrine.nwnk.net>
+Date: Tue, 11 Sep 2007 11:37:06 -0400
+Subject: [PATCH] Ignore - not just block - SIGALRM around Popen()/Pclose().
+
+Because our "popen" implementation uses stdio, and because nobody's stdio
+library is capable of surviving signals, we need to make absolutely sure
+that we hide the SIGALRM from the smart scheduler. Otherwise, when you
+open a menu in openoffice, and it recompiles XKB to deal with the
+accelerators, and you popen xkbcomp because we suck, then the scheduler
+will tell you you're taking forever doing something stupid, and the
+wait() code will get confused, and input will hang and your CPU usage
+slams to 100%. Down, not across.
+---
+ os/utils.c | 8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/os/utils.c b/os/utils.c
+index 3bb7dbe..afcaae4 100644
+--- a/os/utils.c
++++ b/os/utils.c
+@@ -1720,6 +1720,8 @@ static struct pid {
+ int pid;
+ } *pidlist;
+
++static sighandler_t old_alarm = NULL; /* XXX horrible awful hack */
++
+ pointer
+ Popen(char *command, char *type)
+ {
+@@ -1741,11 +1743,15 @@ Popen(char *command, char *type)
+ return NULL;
+ }
+
++ /* Ignore the smart scheduler while this is going on */
++ old_alarm = signal(SIGALRM, SIG_IGN);
++
+ switch (pid = fork()) {
+ case -1: /* error */
+ close(pdes[0]);
+ close(pdes[1]);
+ xfree(cur);
++ signal(SIGALRM, old_alarm);
+ return NULL;
+ case 0: /* child */
+ if (setgid(getgid()) == -1)
+@@ -1921,6 +1927,8 @@ Pclose(pointer iop)
+ /* allow EINTR again */
+ OsReleaseSignals ();
+
++ signal(SIGALRM, old_alarm);
++
+ return pid == -1 ? -1 : pstat;
+ }
+
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0035-Fix-build-on-FreeBSD-after-Popen-changes.patch b/x11-base/xorg-server/files/1.4.0.90/0035-Fix-build-on-FreeBSD-after-Popen-changes.patch
new file mode 100644
index 000000000000..9436d951964b
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0035-Fix-build-on-FreeBSD-after-Popen-changes.patch
@@ -0,0 +1,25 @@
+From a02b989c68864a7388553fb96e4fbaf91f941c4a Mon Sep 17 00:00:00 2001
+From: Eric Anholt <eric@anholt.net>
+Date: Wed, 12 Sep 2007 13:23:13 +0000
+Subject: [PATCH] Fix build on FreeBSD after Popen changes.
+
+---
+ os/utils.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/os/utils.c b/os/utils.c
+index afcaae4..144098b 100644
+--- a/os/utils.c
++++ b/os/utils.c
+@@ -1720,7 +1720,7 @@ static struct pid {
+ int pid;
+ } *pidlist;
+
+-static sighandler_t old_alarm = NULL; /* XXX horrible awful hack */
++void (*old_alarm)(int) = NULL; /* XXX horrible awful hack */
+
+ pointer
+ Popen(char *command, char *type)
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0036-So-like-checking-return-codes-of-system-calls-sig.patch b/x11-base/xorg-server/files/1.4.0.90/0036-So-like-checking-return-codes-of-system-calls-sig.patch
new file mode 100644
index 000000000000..72379f3c2c91
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0036-So-like-checking-return-codes-of-system-calls-sig.patch
@@ -0,0 +1,83 @@
+From 0fab9843c7b553bb59d57e68d9c3ea2d754bf809 Mon Sep 17 00:00:00 2001
+From: Ben Byer <bbyer@bbyer.apple.com>
+Date: Fri, 21 Sep 2007 17:07:36 -0700
+Subject: [PATCH] So, like, checking return codes of system calls (signal, etc) is good.
+ Also, only restore an old signal handler if one was actually set
+ (prevents the server from dying on OS X).
+
+---
+ os/utils.c | 24 ++++++++++++++++++++----
+ 1 files changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/os/utils.c b/os/utils.c
+index 144098b..36c8dfe 100644
+--- a/os/utils.c
++++ b/os/utils.c
+@@ -285,7 +285,8 @@ OsSignal(sig, handler)
+ sigaddset(&act.sa_mask, sig);
+ act.sa_flags = 0;
+ act.sa_handler = handler;
+- sigaction(sig, &act, &oact);
++ if (sigaction(sig, &act, &oact))
++ perror("sigaction");
+ return oact.sa_handler;
+ #endif
+ }
+@@ -1684,6 +1685,10 @@ System(char *command)
+
+ #ifdef SIGCHLD
+ csig = signal(SIGCHLD, SIG_DFL);
++ if (csig == SIG_ERR) {
++ perror("signal");
++ return -1;
++ }
+ #endif
+
+ #ifdef DEBUG
+@@ -1708,7 +1713,10 @@ System(char *command)
+ }
+
+ #ifdef SIGCHLD
+- signal(SIGCHLD, csig);
++ if (signal(SIGCHLD, csig) == SIG_ERR) {
++ perror("signal");
++ return -1;
++ }
+ #endif
+
+ return p == -1 ? -1 : status;
+@@ -1745,13 +1753,18 @@ Popen(char *command, char *type)
+
+ /* Ignore the smart scheduler while this is going on */
+ old_alarm = signal(SIGALRM, SIG_IGN);
++ if (old_alarm == SIG_ERR) {
++ perror("signal");
++ return NULL;
++ }
+
+ switch (pid = fork()) {
+ case -1: /* error */
+ close(pdes[0]);
+ close(pdes[1]);
+ xfree(cur);
+- signal(SIGALRM, old_alarm);
++ if (signal(SIGALRM, old_alarm) == SIG_ERR)
++ perror("signal");
+ return NULL;
+ case 0: /* child */
+ if (setgid(getgid()) == -1)
+@@ -1927,7 +1940,10 @@ Pclose(pointer iop)
+ /* allow EINTR again */
+ OsReleaseSignals ();
+
+- signal(SIGALRM, old_alarm);
++ if (old_alarm && signal(SIGALRM, old_alarm) == SIG_ERR) {
++ perror("signal");
++ return -1;
++ }
+
+ return pid == -1 ? -1 : pstat;
+ }
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0037-Check-for-sys-sdt.h-as-well-when-determining-to-en.patch b/x11-base/xorg-server/files/1.4.0.90/0037-Check-for-sys-sdt.h-as-well-when-determining-to-en.patch
new file mode 100644
index 000000000000..bac9999a9428
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0037-Check-for-sys-sdt.h-as-well-when-determining-to-en.patch
@@ -0,0 +1,39 @@
+From b95befdfd2c9bcb6b0cd896f2b8dfaaeb129dbff Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@sun.com>
+Date: Fri, 7 Dec 2007 17:28:37 -0800
+Subject: [PATCH] Check for <sys/sdt.h> as well when determining to enable dtrace probes
+
+Avoids auto-detecting dtrace is present on systems with the ISDN trace tool
+named dtrace installed, but not the dynamic tracing facility named dtrace
+---
+ configure.ac | 7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 4841d26..c73f4a7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -66,6 +66,8 @@ AC_SYS_LARGEFILE
+ XORG_PROG_RAWCPP
+
+ dnl Check for dtrace program (needed to build Xserver dtrace probes)
++dnl Also checks for <sys/sdt.h>, since some Linux distros have an
++dnl ISDN trace program named dtrace
+ AC_ARG_WITH(dtrace, AS_HELP_STRING([--with-dtrace=PATH],
+ [Enable dtrace probes (default: enabled if dtrace found)]),
+ [WDTRACE=$withval], [WDTRACE=auto])
+@@ -76,6 +78,11 @@ if test "x$WDTRACE" = "xyes" -o "x$WDTRACE" = "xauto" ; then
+ AC_MSG_FAILURE([dtrace requested but not found])
+ fi
+ WDTRACE="no"
++ else
++ AC_CHECK_HEADER(sys/sdt.h, [HAS_SDT_H="yes"], [HAS_SDT_H="no"])
++ if test "x$WDTRACE" = "xauto" -a "x$HAS_SDT_H" = "xno" ; then
++ WDTRACE="no"
++ fi
+ fi
+ fi
+ if test "x$WDTRACE" != "xno" ; then
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0038-dix-Always-add-valuator-information-if-present.patch b/x11-base/xorg-server/files/1.4.0.90/0038-dix-Always-add-valuator-information-if-present.patch
new file mode 100644
index 000000000000..76f0dd8c6641
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0038-dix-Always-add-valuator-information-if-present.patch
@@ -0,0 +1,47 @@
+From 7fa7031cfa9145f55881b87bc39f6e2c8a49ff76 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Magnus=20Vigerl=C3=B6f?= <Magnus.Vigerlof@ipbo.se>
+Date: Sat, 2 Feb 2008 22:44:31 +0100
+Subject: [PATCH] dix: Always add valuator information if present
+
+Send valuator information for all event types, not only for
+MotionEvents and absolute button events.
+(cherry picked from commit 12e532403210c15a25200ef448bfe9701735ab20)
+---
+ dix/getevents.c | 7 ++-----
+ 1 files changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/dix/getevents.c b/dix/getevents.c
+index b7ba69b..36c1bcf 100644
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -523,9 +523,6 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ int num_events = 0, final_valuator = 0;
+ CARD32 ms = 0;
+ deviceKeyButtonPointer *kbp = NULL;
+- /* Thanks to a broken lib, we _always_ have to chase DeviceMotionNotifies
+- * with DeviceValuators. */
+- Bool sendValuators = (type == MotionNotify || flags & POINTER_ABSOLUTE);
+ DeviceIntPtr cp = inputInfo.pointer;
+ int x = 0, y = 0;
+ Bool coreOnly = (pDev == inputInfo.pointer);
+@@ -551,7 +548,7 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ return 0;
+
+ /* Do we need to send a DeviceValuator event? */
+- if (!coreOnly && sendValuators) {
++ if (!coreOnly && num_valuators) {
+ if ((((num_valuators - 1) / 6) + 1) > MAX_VALUATOR_EVENTS)
+ num_valuators = MAX_VALUATOR_EVENTS * 6;
+ num_events += ((num_valuators - 1) / 6) + 1;
+@@ -682,7 +679,7 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ kbp->root_y = y;
+
+ events++;
+- if (sendValuators) {
++ if (num_valuators) {
+ kbp->deviceid |= MORE_EVENTS;
+ clipValuators(pDev, first_valuator, num_valuators, valuators);
+ events = getValuatorEvents(events, pDev, first_valuator,
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0039-Bug-10324-dix-Allow-arbitrary-value-ranges-in-Ge.patch b/x11-base/xorg-server/files/1.4.0.90/0039-Bug-10324-dix-Allow-arbitrary-value-ranges-in-Ge.patch
new file mode 100644
index 000000000000..7bcedb804e64
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0039-Bug-10324-dix-Allow-arbitrary-value-ranges-in-Ge.patch
@@ -0,0 +1,40 @@
+From 1d79ba8193e9584370ffaaa8dffb4db604125dea Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Magnus=20Vigerl=C3=B6f?= <Magnus.Vigerlof@ipbo.se>
+Date: Sat, 2 Feb 2008 22:45:31 +0100
+Subject: [PATCH] Bug # 10324: dix: Allow arbitrary value ranges in GetPointerEvents
+
+Don't use a possitive value as a marker for if a max-value
+is defined on the valuators. Use the existence of a valid
+value range instead. This will also make it possible to
+define arbitrary start and end-values for min and max as
+long as min < max.
+(cherry picked from commit f04c0838699f1a733735838e74cfbb1677b15dc4)
+---
+ dix/getevents.c | 11 +++++++----
+ 1 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/dix/getevents.c b/dix/getevents.c
+index 36c1bcf..8595eaf 100644
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -306,10 +306,13 @@ clipAxis(DeviceIntPtr pDev, int axisNum, int *val)
+ {
+ AxisInfoPtr axes = pDev->valuator->axes + axisNum;
+
+- if (*val < axes->min_value)
+- *val = axes->min_value;
+- if (axes->max_value >= 0 && *val > axes->max_value)
+- *val = axes->max_value;
++ /* No clipping if the value-range <= 0 */
++ if(axes->min_value < axes->min_value) {
++ if (*val < axes->min_value)
++ *val = axes->min_value;
++ if (*val > axes->max_value)
++ *val = axes->max_value;
++ }
+ }
+
+ /**
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0040-Bug-10324-dix-Add-scaling-of-X-and-Y-on-the-repo.patch b/x11-base/xorg-server/files/1.4.0.90/0040-Bug-10324-dix-Add-scaling-of-X-and-Y-on-the-repo.patch
new file mode 100644
index 000000000000..560aad1f7957
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0040-Bug-10324-dix-Add-scaling-of-X-and-Y-on-the-repo.patch
@@ -0,0 +1,173 @@
+From b51ca35a7578b64190f663dc825d7fb551b92e73 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Magnus=20Vigerl=C3=B6f?= <Magnus.Vigerlof@ipbo.se>
+Date: Sat, 2 Feb 2008 22:57:32 +0100
+Subject: [PATCH] Bug # 10324: dix: Add scaling of X and Y on the reported pointer-events
+
+Restore the rescaling code for x and y axis when generating
+motion events.
+(cherry picked from commit d9e23c4ff1607a62164b34717ef9afd352ce2b94)
+---
+ dix/getevents.c | 97 +++++++++++++++++++++++++++++++++++++++++++------------
+ 1 files changed, 76 insertions(+), 21 deletions(-)
+
+diff --git a/dix/getevents.c b/dix/getevents.c
+index 8595eaf..e0bc326 100644
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -529,6 +529,7 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ DeviceIntPtr cp = inputInfo.pointer;
+ int x = 0, y = 0;
+ Bool coreOnly = (pDev == inputInfo.pointer);
++ ScreenPtr scr = miPointerGetScreen(pDev);
+
+ /* Sanity checks. */
+ if (type != MotionNotify && type != ButtonPress && type != ButtonRelease)
+@@ -572,20 +573,39 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ x = valuators[0];
+ }
+ else {
+- if (pDev->coreEvents)
+- x = cp->valuator->lastx;
+- else
+- x = pDev->valuator->lastx;
++ /* If we're sending core events but didn't provide a value,
++ * translate the core value (but use the device coord if
++ * it translates to the same coord to preserve sub-pixel
++ * coord information). If we're not sending core events use
++ * whatever value we have */
++ x = pDev->valuator->lastx;
++ if(pDev->coreEvents) {
++ int min = pDev->valuator->axes[0].min_value;
++ int max = pDev->valuator->axes[0].max_value;
++ if(min < max) {
++ if((int)((float)(x-min)*scr->width/(max-min+1)) != cp->valuator->lastx)
++ x = (int)((float)(cp->valuator->lastx)*(max-min+1)/scr->width)+min;
++ }
++ else
++ x = cp->valuator->lastx;
++ }
+ }
+
+ if (first_valuator <= 1 && num_valuators >= (2 - first_valuator)) {
+ y = valuators[1 - first_valuator];
+ }
+ else {
+- if (pDev->coreEvents)
+- y = cp->valuator->lasty;
+- else
+- y = pDev->valuator->lasty;
++ y = pDev->valuator->lasty;
++ if(pDev->coreEvents) {
++ int min = pDev->valuator->axes[1].min_value;
++ int max = pDev->valuator->axes[1].max_value;
++ if(min < max) {
++ if((int)((float)(y-min)*scr->height/(max-min+1)) != cp->valuator->lasty)
++ y = (int)((float)(cp->valuator->lasty)*(max-min+1)/scr->height)+min;
++ }
++ else
++ y = cp->valuator->lasty;
++ }
+ }
+ }
+ else {
+@@ -594,15 +614,35 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ valuators);
+
+ if (pDev->coreEvents) {
+- if (first_valuator == 0 && num_valuators >= 1)
+- x = cp->valuator->lastx + valuators[0];
++ /* Get and convert the core pointer coordinate space into
++ * device coordinates. Use the device coords if it translates
++ * into the same position as the core to preserve relative sub-
++ * pixel movements from the device. */
++ int min = pDev->valuator->axes[0].min_value;
++ int max = pDev->valuator->axes[0].max_value;
++ if(min < max) {
++ x = pDev->valuator->lastx;
++ if((int)((float)(x-min)*scr->width/(max-min+1)) != cp->valuator->lastx)
++ x = (int)((float)(cp->valuator->lastx)*(max-min+1)/scr->width)+min;
++ }
+ else
+ x = cp->valuator->lastx;
+
+- if (first_valuator <= 1 && num_valuators >= (2 - first_valuator))
+- y = cp->valuator->lasty + valuators[1 - first_valuator];
++ min = pDev->valuator->axes[1].min_value;
++ max = pDev->valuator->axes[1].max_value;
++ if(min < max) {
++ y = pDev->valuator->lasty;
++ if((int)((float)(y-min)*scr->height/(max-min+1)) != cp->valuator->lasty)
++ y = (int)((float)(cp->valuator->lasty)*(max-min+1)/scr->height)+min;
++ }
+ else
+ y = cp->valuator->lasty;
++
++ /* Add relative movement */
++ if (first_valuator == 0 && num_valuators >= 1)
++ x += valuators[0];
++ if (first_valuator <= 1 && num_valuators >= (2 - first_valuator))
++ y += valuators[1 - first_valuator];
+ }
+ else {
+ if (first_valuator == 0 && num_valuators >= 1)
+@@ -621,11 +661,6 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ clipAxis(pDev, 0, &x);
+ clipAxis(pDev, 1, &y);
+
+- /* This takes care of crossing screens for us, as well as clipping
+- * to the current screen. Right now, we only have one history buffer,
+- * so we don't set this for both the device and core.*/
+- miPointerSetPosition(pDev, &x, &y, ms);
+-
+ /* Drop x and y back into the valuators list, if they were originally
+ * present. */
+ if (first_valuator == 0 && num_valuators >= 1)
+@@ -635,12 +670,32 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+
+ updateMotionHistory(pDev, ms, first_valuator, num_valuators, valuators);
+
++ pDev->valuator->lastx = x;
++ pDev->valuator->lasty = y;
++ /* Convert the dev coord back to screen coord if we're
++ * sending core events */
++ if (pDev->coreEvents) {
++ int min = pDev->valuator->axes[0].min_value;
++ int max = pDev->valuator->axes[0].max_value;
++ if(min < max)
++ x = (int)((float)(x-min)*scr->width/(max-min+1));
++ cp->valuator->lastx = x;
++ min = pDev->valuator->axes[1].min_value;
++ max = pDev->valuator->axes[1].max_value;
++ if(min < max)
++ y = (int)((float)(y-min)*scr->height/(max-min+1));
++ cp->valuator->lasty = y;
++ }
++
++ /* This takes care of crossing screens for us, as well as clipping
++ * to the current screen. Right now, we only have one history buffer,
++ * so we don't set this for both the device and core.*/
++ miPointerSetPosition(pDev, &x, &y, ms);
++
+ if (pDev->coreEvents) {
+ cp->valuator->lastx = x;
+ cp->valuator->lasty = y;
+ }
+- pDev->valuator->lastx = x;
+- pDev->valuator->lasty = y;
+
+ /* for some reason inputInfo.pointer does not have coreEvents set */
+ if (coreOnly || pDev->coreEvents) {
+@@ -678,8 +733,8 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ kbp->detail = pDev->button->map[buttons];
+ }
+
+- kbp->root_x = x;
+- kbp->root_y = y;
++ kbp->root_x = pDev->valuator->lastx;
++ kbp->root_y = pDev->valuator->lasty;
+
+ events++;
+ if (num_valuators) {
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0041-dix-Skip-call-to-clipAxis-for-relative-core-events.patch b/x11-base/xorg-server/files/1.4.0.90/0041-dix-Skip-call-to-clipAxis-for-relative-core-events.patch
new file mode 100644
index 000000000000..b9e56ce3733c
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0041-dix-Skip-call-to-clipAxis-for-relative-core-events.patch
@@ -0,0 +1,93 @@
+From a68d0ef4a65bcd52c52ba54e6925082a9145fad3 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Magnus=20Vigerl=C3=B6f?= <Magnus.Vigerlof@ipbo.se>
+Date: Sat, 2 Feb 2008 23:03:51 +0100
+Subject: [PATCH] dix: Skip call to clipAxis for relative core-events
+
+Relative events that generates both core and extention
+events will have its axis cliped and screen changed by
+miPointerSetPosition when the events are processed. For
+absolute and non core-generating relative events the
+axis must be clipped if we shouldn't end up completely
+outside the defined ranges (if any).
+(cherry picked from commit a0284d577aabea8406b72dd63773e341430ebe56)
+---
+ dix/getevents.c | 44 +++++++++++++++++++++++++++++++++-----------
+ 1 files changed, 33 insertions(+), 11 deletions(-)
+
+diff --git a/dix/getevents.c b/dix/getevents.c
+index e0bc326..c33371b 100644
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -607,6 +607,10 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ y = cp->valuator->lasty;
+ }
+ }
++
++ /* Clip both x and y to the defined limits (usually co-ord space limit). */
++ clipAxis(pDev, 0, &x);
++ clipAxis(pDev, 1, &y);
+ }
+ else {
+ if (flags & POINTER_ACCELERATE)
+@@ -645,22 +649,22 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ y += valuators[1 - first_valuator];
+ }
+ else {
++ x = pDev->valuator->lastx;
++ y = pDev->valuator->lasty;
+ if (first_valuator == 0 && num_valuators >= 1)
+- x = pDev->valuator->lastx + valuators[0];
+- else
+- x = pDev->valuator->lastx;
+-
++ x += valuators[0];
+ if (first_valuator <= 1 && num_valuators >= (2 - first_valuator))
+- y = pDev->valuator->lasty + valuators[1 - first_valuator];
+- else
+- y = pDev->valuator->lasty;
++ y += valuators[1 - first_valuator];
++
++ if(!coreOnly) {
++ /* Since we're not sending core-events we must clip both x and y
++ * to the defined limits so we don't run outside the box. */
++ clipAxis(pDev, 0, &x);
++ clipAxis(pDev, 1, &y);
++ }
+ }
+ }
+
+- /* Clip both x and y to the defined limits (usually co-ord space limit). */
+- clipAxis(pDev, 0, &x);
+- clipAxis(pDev, 1, &y);
+-
+ /* Drop x and y back into the valuators list, if they were originally
+ * present. */
+ if (first_valuator == 0 && num_valuators >= 1)
+@@ -693,6 +697,24 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ miPointerSetPosition(pDev, &x, &y, ms);
+
+ if (pDev->coreEvents) {
++ /* miPointerSetPosition may have changed screen */
++ scr = miPointerGetScreen(pDev);
++ if(x != cp->valuator->lastx) {
++ int min = pDev->valuator->axes[0].min_value;
++ int max = pDev->valuator->axes[0].max_value;
++ cp->valuator->lastx = pDev->valuator->lastx = x;
++ if(min < max)
++ pDev->valuator->lastx = (int)((float)(x)*(max-min+1)/scr->width)+min;
++ }
++ if(y != cp->valuator->lasty) {
++ int min = pDev->valuator->axes[1].min_value;
++ int max = pDev->valuator->axes[1].max_value;
++ cp->valuator->lasty = pDev->valuator->lasty = y;
++ if(min < max)
++ pDev->valuator->lasty = (int)((float)(y)*(max-min+1)/scr->height)+min;
++ }
++ }
++ else if (coreOnly) {
+ cp->valuator->lastx = x;
+ cp->valuator->lasty = y;
+ }
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0042-dix-Move-motion-history-update-until-after-screen-c.patch b/x11-base/xorg-server/files/1.4.0.90/0042-dix-Move-motion-history-update-until-after-screen-c.patch
new file mode 100644
index 000000000000..766c9f2fe42d
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0042-dix-Move-motion-history-update-until-after-screen-c.patch
@@ -0,0 +1,51 @@
+From b1145a6b428db2037c79ffb36116e7183f30829f Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Magnus=20Vigerl=C3=B6f?= <Magnus.Vigerlof@ipbo.se>
+Date: Sat, 2 Feb 2008 23:04:46 +0100
+Subject: [PATCH] dix: Move motion history update until after screen crossing and clipping
+
+Cross screen and clip the coordinates before updating the motion history
+so that it will have the same contents as the events that are reported.
+(cherry picked from commit a56ef7aaa4b6ac13c8181f68fc7dad3ca89e6973)
+---
+ dix/getevents.c | 18 +++++++++---------
+ 1 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/dix/getevents.c b/dix/getevents.c
+index c33371b..d0fe2db 100644
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -665,15 +665,6 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ }
+ }
+
+- /* Drop x and y back into the valuators list, if they were originally
+- * present. */
+- if (first_valuator == 0 && num_valuators >= 1)
+- valuators[0] = x;
+- if (first_valuator <= 1 && num_valuators >= (2 - first_valuator))
+- valuators[1 - first_valuator] = y;
+-
+- updateMotionHistory(pDev, ms, first_valuator, num_valuators, valuators);
+-
+ pDev->valuator->lastx = x;
+ pDev->valuator->lasty = y;
+ /* Convert the dev coord back to screen coord if we're
+@@ -719,6 +710,15 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
+ cp->valuator->lasty = y;
+ }
+
++ /* Drop x and y back into the valuators list, if they were originally
++ * present. */
++ if (first_valuator == 0 && num_valuators >= 1)
++ valuators[0] = pDev->valuator->lastx;
++ if (first_valuator <= 1 && num_valuators >= (2 - first_valuator))
++ valuators[1 - first_valuator] = pDev->valuator->lasty;
++
++ updateMotionHistory(pDev, ms, first_valuator, num_valuators, valuators);
++
+ /* for some reason inputInfo.pointer does not have coreEvents set */
+ if (coreOnly || pDev->coreEvents) {
+ events->u.u.type = type;
+--
+1.5.5.1
+
diff --git a/x11-base/xorg-server/files/1.4.0.90/0043-XKB-Actually-explain-keymap-failures.patch b/x11-base/xorg-server/files/1.4.0.90/0043-XKB-Actually-explain-keymap-failures.patch
new file mode 100644
index 000000000000..14ac3f9d448b
--- /dev/null
+++ b/x11-base/xorg-server/files/1.4.0.90/0043-XKB-Actually-explain-keymap-failures.patch
@@ -0,0 +1,145 @@
+From 104048501f37b139d4113562ef1711978cc76018 Mon Sep 17 00:00:00 2001
+From: Daniel Stone <daniel@fooishbar.org>
+Date: Wed, 7 May 2008 23:11:31 +0300
+Subject: [PATCH] XKB: Actually explain keymap failures
+
+When something went wrong building a keymap, try to explain to the user
+what it actually was, instead of the dreaded 'Failed to load XKB keymap'
+catch-all.
+(cherry picked from commit cf20df39cc78203d17b99223908af388ecbf7d0e)
+
+Conflicts:
+ xkb/ddxLoad.c
+---
+ xkb/ddxLoad.c | 69 ++++++++++++++++++++++++++++-----------------------------
+ 1 files changed, 34 insertions(+), 35 deletions(-)
+
+diff --git a/xkb/ddxLoad.c b/xkb/ddxLoad.c
+index d79ae7a..ea9c3ff 100644
+--- a/xkb/ddxLoad.c
++++ b/xkb/ddxLoad.c
+@@ -385,24 +385,20 @@ char tmpname[PATH_MAX];
+ xfree (buf);
+ return True;
+ }
+-#ifdef DEBUG
+ else
+- ErrorF("Error compiling keymap (%s)\n",keymap);
+-#endif
++ LogMessage(X_ERROR, "Error compiling keymap (%s)\n", keymap);
+ #ifdef WIN32
+ /* remove the temporary file */
+ unlink(tmpname);
+ #endif
+ }
+-#ifdef DEBUG
+ else {
+ #ifndef WIN32
+- ErrorF("Could not invoke keymap compiler\n");
++ LogMessage(X_ERROR, "XKB: Could not invoke xkbcomp\n");
+ #else
+- ErrorF("Could not open file %s\n", tmpname);
++ LogMessage(X_ERROR, "Could not open file %s\n", tmpname);
+ #endif
+ }
+-#endif
+ if (nameRtrn)
+ nameRtrn[0]= '\0';
+ if (buf != NULL)
+@@ -477,17 +473,14 @@ unsigned missing;
+ return 0;
+ }
+ else if (!XkbDDXCompileNamedKeymap(xkb,names,nameRtrn,nameRtrnLen)) {
+-#ifdef NOISY
+- ErrorF("Couldn't compile keymap file\n");
+-#endif
++ LogMessage(X_ERROR, "Couldn't compile keymap file %s\n",
++ names->keymap);
+ return 0;
+ }
+ }
+ else if (!XkbDDXCompileKeymapByNames(xkb,names,want,need,
+- nameRtrn,nameRtrnLen)){
+-#ifdef NOISY
+- ErrorF("Couldn't compile keymap file\n");
+-#endif
++ nameRtrn,nameRtrnLen)){
++ LogMessage(X_ERROR, "XKB: Couldn't compile keymap\n");
+ return 0;
+ }
+ file= XkbDDXOpenConfigFile(nameRtrn,fileName,PATH_MAX);
+@@ -502,11 +495,9 @@ unsigned missing;
+ (void) unlink (fileName);
+ return 0;
+ }
+-#ifdef DEBUG
+- else if (xkbDebugFlags) {
+- ErrorF("Loaded %s, defined=0x%x\n",fileName,finfoRtrn->defined);
++ else {
++ DebugF("XKB: Loaded %s, defined=0x%x\n",fileName,finfoRtrn->defined);
+ }
+-#endif
+ fclose(file);
+ (void) unlink (fileName);
+ return (need|want)&(~missing);
+@@ -525,32 +516,40 @@ XkbRF_RulesPtr rules;
+
+ if (!rules_name)
+ return False;
+- if (XkbBaseDirectory==NULL) {
+- if (strlen(rules_name)+7 > PATH_MAX)
+- return False;
+- sprintf(buf,"rules/%s",rules_name);
+- }
+- else {
+- if (strlen(XkbBaseDirectory)+strlen(rules_name)+8 > PATH_MAX)
+- return False;
+- sprintf(buf,"%s/rules/%s",XkbBaseDirectory,rules_name);
++
++ if (strlen(XkbBaseDirectory) + strlen(rules_name) + 8 > PATH_MAX) {
++ LogMessage(X_ERROR, "XKB: Rules name is too long\n");
++ return False;
+ }
+- if ((file= fopen(buf,"r"))==NULL)
++ sprintf(buf,"%s/rules/%s", XkbBaseDirectory, rules_name);
++
++ file = fopen(buf, "r");
++ if (!file) {
++ LogMessage(X_ERROR, "XKB: Couldn't open rules file %s\n", file);
+ return False;
+- if ((rules= XkbRF_Create(0,0))==NULL) {
++ }
++
++ rules = XkbRF_Create(0, 0);
++ if (!rules) {
++ LogMessage(X_ERROR, "XKB: Couldn't create rules struct\n");
+ fclose(file);
+ return False;
+ }
+- if (!XkbRF_LoadRules(file,rules)) {
++
++ if (!XkbRF_LoadRules(file, rules)) {
++ LogMessage(X_ERROR, "XKB: Couldn't parse rules file %s\n", rules_name);
+ fclose(file);
+ XkbRF_Free(rules,True);
+ return False;
+ }
+- bzero((char *)names,sizeof(XkbComponentNamesRec));
+- complete= XkbRF_GetComponents(rules,defs,names);
++
++ memset(names, 0, sizeof(*names));
++ complete = XkbRF_GetComponents(rules,defs,names);
+ fclose(file);
+- XkbRF_Free(rules,True);
+- return complete;
+-}
++ XkbRF_Free(rules, True);
+
++ if (!complete)
++ LogMessage(X_ERROR, "XKB: Rules returned no components\n");
+
++ return complete;
++}
+--
+1.5.5.1
+