pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q4]: pkgsrc/x11 Pullup ticket 1998 - requested by joerg
details: https://anonhg.NetBSD.org/pkgsrc/rev/64c16789bd6f
branches: pkgsrc-2006Q4
changeset: 522974:64c16789bd6f
user: salo <salo%pkgsrc.org@localhost>
date: Wed Jan 17 19:29:39 2007 +0000
description:
Pullup ticket 1998 - requested by joerg
security fix for xorg-server
Revisions pulled up:
- pkgsrc/x11/xorg-server/Makefile 1.50
- pkgsrc/x11/xorg-libs/distinfo 1.58
- pkgsrc/x11/xorg-libs/patches/patch-cv 1.1
- pkgsrc/x11/xorg-libs/patches/patch-cw 1.1
Module Name: pkgsrc
Committed By: joerg
Date: Wed Jan 17 16:32:35 UTC 2007
Modified Files:
pkgsrc/x11/xorg-libs: distinfo
pkgsrc/x11/xorg-server: Makefile
Added Files:
pkgsrc/x11/xorg-libs/patches: patch-cv patch-cw
Log Message:
Add vendor patch for CVE-2006-6101, CVE-2006-6102 and CVE-2006-6103;
this fixes possible overflows in the extensions dbe and render.
diffstat:
x11/xorg-libs/distinfo | 4 +-
x11/xorg-libs/patches/patch-cv | 131 +++++++++++++++++++++++++++++++++++++++++
x11/xorg-libs/patches/patch-cw | 49 +++++++++++++++
x11/xorg-server/Makefile | 4 +-
4 files changed, 185 insertions(+), 3 deletions(-)
diffs (217 lines):
diff -r f03f7c2e37d7 -r 64c16789bd6f x11/xorg-libs/distinfo
--- a/x11/xorg-libs/distinfo Wed Jan 17 17:52:21 2007 +0000
+++ b/x11/xorg-libs/distinfo Wed Jan 17 19:29:39 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.57 2006/12/16 11:32:44 abs Exp $
+$NetBSD: distinfo,v 1.57.2.1 2007/01/17 19:29:39 salo Exp $
SHA1 (X11R6.9.0-src1.tar.gz) = a6c077ed8fdeee5fe1956a427c4cb0bc266e1bef
RMD160 (X11R6.9.0-src1.tar.gz) = d12270a4f41a3ceee4bfd5da22d387a3aa707df8
@@ -74,3 +74,5 @@
SHA1 (patch-cs) = 686c444c42acbbae4030ff198bcd4fbd08e7a0e3
SHA1 (patch-ct) = 96084456c2d7d4aaf05b2eebd13be2e575cead29
SHA1 (patch-cu) = 99e0ec0a7119ccc8d0df72dec67ee5e4fe0dd5c7
+SHA1 (patch-cv) = a314b92adeadc66481ecfe5893f104640dbc2228
+SHA1 (patch-cw) = f57f4436817fbc73f758f48e83062bf8b4a716b2
diff -r f03f7c2e37d7 -r 64c16789bd6f x11/xorg-libs/patches/patch-cv
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/xorg-libs/patches/patch-cv Wed Jan 17 19:29:39 2007 +0000
@@ -0,0 +1,131 @@
+$NetBSD: patch-cv,v 1.1.2.2 2007/01/17 19:29:39 salo Exp $
+
+--- programs/Xserver/dbe/dbe.c.orig 2005-07-03 07:01:17.000000000 +0000
++++ programs/Xserver/dbe/dbe.c
+@@ -55,6 +55,10 @@
+ #include "xf86_ansic.h"
+ #endif
+
++#if !defined(UINT32_MAX)
++#define UINT32_MAX 0xffffffffU
++#endif
++
+ /* GLOBALS */
+
+ /* Per-screen initialization functions [init'ed by DbeRegisterFunction()] */
+@@ -733,11 +737,14 @@ ProcDbeSwapBuffers(client)
+ return(Success);
+ }
+
++ if (nStuff > UINT32_MAX / sizeof(DbeSwapInfoRec))
++ return BadAlloc;
++
+ /* Get to the swap info appended to the end of the request. */
+ dbeSwapInfo = (xDbeSwapInfo *)&stuff[1];
+
+ /* Allocate array to record swap information. */
+- swapInfo = (DbeSwapInfoPtr)ALLOCATE_LOCAL(nStuff * sizeof(DbeSwapInfoRec));
++ swapInfo = (DbeSwapInfoPtr)Xalloc(nStuff * sizeof(DbeSwapInfoRec));
+ if (swapInfo == NULL)
+ {
+ return(BadAlloc);
+@@ -752,14 +759,14 @@ ProcDbeSwapBuffers(client)
+ if (!(pWin = SecurityLookupWindow(dbeSwapInfo[i].window, client,
+ SecurityWriteAccess)))
+ {
+- DEALLOCATE_LOCAL(swapInfo);
++ Xfree(swapInfo);
+ return(BadWindow);
+ }
+
+ /* Each window must be double-buffered - BadMatch. */
+ if (DBE_WINDOW_PRIV(pWin) == NULL)
+ {
+- DEALLOCATE_LOCAL(swapInfo);
++ Xfree(swapInfo);
+ return(BadMatch);
+ }
+
+@@ -768,7 +775,7 @@ ProcDbeSwapBuffers(client)
+ {
+ if (dbeSwapInfo[i].window == dbeSwapInfo[j].window)
+ {
+- DEALLOCATE_LOCAL(swapInfo);
++ Xfree(swapInfo);
+ return(BadMatch);
+ }
+ }
+@@ -779,7 +786,7 @@ ProcDbeSwapBuffers(client)
+ (dbeSwapInfo[i].swapAction != XdbeUntouched ) &&
+ (dbeSwapInfo[i].swapAction != XdbeCopied ))
+ {
+- DEALLOCATE_LOCAL(swapInfo);
++ Xfree(swapInfo);
+ return(BadValue);
+ }
+
+@@ -809,12 +816,12 @@ ProcDbeSwapBuffers(client)
+ error = (*pDbeScreenPriv->SwapBuffers)(client, &nStuff, swapInfo);
+ if (error != Success)
+ {
+- DEALLOCATE_LOCAL(swapInfo);
++ Xfree(swapInfo);
+ return(error);
+ }
+ }
+
+- DEALLOCATE_LOCAL(swapInfo);
++ Xfree(swapInfo);
+ return(Success);
+
+ } /* ProcDbeSwapBuffers() */
+@@ -898,10 +905,12 @@ ProcDbeGetVisualInfo(client)
+
+ REQUEST_AT_LEAST_SIZE(xDbeGetVisualInfoReq);
+
++ if (stuff->n > UINT32_MAX / sizeof(DrawablePtr))
++ return BadAlloc;
+ /* Make sure any specified drawables are valid. */
+ if (stuff->n != 0)
+ {
+- if (!(pDrawables = (DrawablePtr *)ALLOCATE_LOCAL(stuff->n *
++ if (!(pDrawables = (DrawablePtr *)Xalloc(stuff->n *
+ sizeof(DrawablePtr))))
+ {
+ return(BadAlloc);
+@@ -914,7 +923,7 @@ ProcDbeGetVisualInfo(client)
+ if (!(pDrawables[i] = (DrawablePtr)SecurityLookupDrawable(
+ drawables[i], client, SecurityReadAccess)))
+ {
+- DEALLOCATE_LOCAL(pDrawables);
++ Xfree(pDrawables);
+ return(BadDrawable);
+ }
+ }
+@@ -926,7 +935,7 @@ ProcDbeGetVisualInfo(client)
+ {
+ if (pDrawables)
+ {
+- DEALLOCATE_LOCAL(pDrawables);
++ Xfree(pDrawables);
+ }
+
+ return(BadAlloc);
+@@ -953,7 +962,7 @@ ProcDbeGetVisualInfo(client)
+ /* Free pDrawables if we needed to allocate it above. */
+ if (pDrawables)
+ {
+- DEALLOCATE_LOCAL(pDrawables);
++ Xfree(pDrawables);
+ }
+
+ return(BadAlloc);
+@@ -1034,7 +1043,7 @@ ProcDbeGetVisualInfo(client)
+
+ if (pDrawables)
+ {
+- DEALLOCATE_LOCAL(pDrawables);
++ Xfree(pDrawables);
+ }
+
+ return(client->noClientException);
diff -r f03f7c2e37d7 -r 64c16789bd6f x11/xorg-libs/patches/patch-cw
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/xorg-libs/patches/patch-cw Wed Jan 17 19:29:39 2007 +0000
@@ -0,0 +1,49 @@
+$NetBSD: patch-cw,v 1.1.2.2 2007/01/17 19:29:39 salo Exp $
+
+--- programs/Xserver/render/render.c.orig 2005-08-28 19:47:39.000000000 +0000
++++ programs/Xserver/render/render.c
+@@ -52,6 +52,10 @@
+ #include "xf86_ansic.h"
+ #endif
+
++#if !defined(UINT32_MAX)
++#define UINT32_MAX 0xffffffffU
++#endif
++
+ static int ProcRenderQueryVersion (ClientPtr pClient);
+ static int ProcRenderQueryPictFormats (ClientPtr pClient);
+ static int ProcRenderQueryPictIndexValues (ClientPtr pClient);
+@@ -1108,11 +1112,14 @@ ProcRenderAddGlyphs (ClientPtr client)
+ }
+
+ nglyphs = stuff->nglyphs;
++ if (nglyphs > UINT32_MAX / sizeof(GlyphNewRec))
++ return BadAlloc;
++
+ if (nglyphs <= NLOCALGLYPH)
+ glyphsBase = glyphsLocal;
+ else
+ {
+- glyphsBase = (GlyphNewPtr) ALLOCATE_LOCAL (nglyphs * sizeof (GlyphNewRec));
++ glyphsBase = (GlyphNewPtr) Xalloc (nglyphs * sizeof (GlyphNewRec));
+ if (!glyphsBase)
+ return BadAlloc;
+ }
+@@ -1169,7 +1176,7 @@ ProcRenderAddGlyphs (ClientPtr client)
+ }
+
+ if (glyphsBase != glyphsLocal)
+- DEALLOCATE_LOCAL (glyphsBase);
++ Xfree (glyphsBase);
+ return client->noClientException;
+ bail:
+ while (glyphs != glyphsBase)
+@@ -1178,7 +1185,7 @@ bail:
+ xfree (glyphs->glyph);
+ }
+ if (glyphsBase != glyphsLocal)
+- DEALLOCATE_LOCAL (glyphsBase);
++ Xfree (glyphsBase);
+ return err;
+ }
+
diff -r f03f7c2e37d7 -r 64c16789bd6f x11/xorg-server/Makefile
--- a/x11/xorg-server/Makefile Wed Jan 17 17:52:21 2007 +0000
+++ b/x11/xorg-server/Makefile Wed Jan 17 19:29:39 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2006/12/15 20:33:06 joerg Exp $
+# $NetBSD: Makefile,v 1.49.2.1 2007/01/17 19:29:39 salo Exp $
DISTNAME= ${DISTFILES}
PKGNAME= xorg-server-${XORG_VER}
-PKGREVISION= 13
+PKGREVISION= 14
CATEGORIES= x11
MASTER_SITES= ${MASTER_SITE_XORG}
DISTFILES= X11R${XORG_VER}-src1.tar.gz \
Home |
Main Index |
Thread Index |
Old Index