pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/modular-xorg-server modular-xorg-server-1.3.0nb5:
details: https://anonhg.NetBSD.org/pkgsrc/rev/0cd3ec2161f7
branches: trunk
changeset: 539035:0cd3ec2161f7
user: joerg <joerg%pkgsrc.org@localhost>
date: Mon Feb 25 15:39:16 2008 +0000
description:
modular-xorg-server-1.3.0nb5:
Fix a number of buffer-overflows, privacy-leaks and memory corruptions.
diffstat:
x11/modular-xorg-server/Makefile | 4 +-
x11/modular-xorg-server/distinfo | 17 ++++-
x11/modular-xorg-server/patches/patch-ea | 36 +++++++++++
x11/modular-xorg-server/patches/patch-eb | 14 ++++
x11/modular-xorg-server/patches/patch-ec | 60 ++++++++++++++++++
x11/modular-xorg-server/patches/patch-ed | 25 +++++++
x11/modular-xorg-server/patches/patch-ef | 100 +++++++++++++++++++++++++++++++
x11/modular-xorg-server/patches/patch-eg | 24 +++++++
x11/modular-xorg-server/patches/patch-eh | 41 ++++++++++++
x11/modular-xorg-server/patches/patch-ei | 27 ++++++++
x11/modular-xorg-server/patches/patch-ej | 30 +++++++++
x11/modular-xorg-server/patches/patch-ek | 28 ++++++++
x11/modular-xorg-server/patches/patch-el | 27 ++++++++
x11/modular-xorg-server/patches/patch-em | 28 ++++++++
x11/modular-xorg-server/patches/patch-en | 39 ++++++++++++
x11/modular-xorg-server/patches/patch-eo | 18 +++++
x11/modular-xorg-server/patches/patch-ep | 15 ++++
17 files changed, 530 insertions(+), 3 deletions(-)
diffs (truncated from 617 to 300 lines):
diff -r 29c972f16272 -r 0cd3ec2161f7 x11/modular-xorg-server/Makefile
--- a/x11/modular-xorg-server/Makefile Mon Feb 25 09:01:53 2008 +0000
+++ b/x11/modular-xorg-server/Makefile Mon Feb 25 15:39:16 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.24 2008/01/16 00:28:36 joerg Exp $
+# $NetBSD: Makefile,v 1.25 2008/02/25 15:39:16 joerg Exp $
DISTNAME= xorg-server-1.3.0.0
PKGNAME= modular-${DISTNAME}
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= x11
MASTER_SITES= http://xorg.freedesktop.org/releases/individual/xserver/
EXTRACT_SUFX= .tar.bz2
diff -r 29c972f16272 -r 0cd3ec2161f7 x11/modular-xorg-server/distinfo
--- a/x11/modular-xorg-server/distinfo Mon Feb 25 09:01:53 2008 +0000
+++ b/x11/modular-xorg-server/distinfo Mon Feb 25 15:39:16 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2008/01/23 03:19:33 tnn Exp $
+$NetBSD: distinfo,v 1.20 2008/02/25 15:39:16 joerg Exp $
SHA1 (MesaLib-6.5.2.tar.bz2) = ba860bb6ee57c02202342dfd5927464a068ea18f
RMD160 (MesaLib-6.5.2.tar.bz2) = 9a92d69110c066ae6734bcaafb78f222ac2df6d3
@@ -18,6 +18,21 @@
SHA1 (patch-dc) = 75df6f37b1cbc9574adb5ee66cb84d0f5ebac853
SHA1 (patch-dd) = cfb7c9d470098b0fcfcddbe9a1363a14f762fe19
SHA1 (patch-de) = f887f3fd09406006b6165779b74be780b7fddd18
+SHA1 (patch-ea) = 435ac0e1795c68fa6e125deceb4624564f7ce0dd
+SHA1 (patch-eb) = 925a8a7e7880e545feac439850372548d04e8f87
+SHA1 (patch-ec) = 86959d152174cbc8a03dbe6bde32545b824bfd74
+SHA1 (patch-ed) = dfe8f08c0e061c572e0299cba020da20519b87c2
+SHA1 (patch-ef) = 94cd889105a416f9d72adbc247d00b568207a02f
+SHA1 (patch-eg) = 6953b53d41af088b855d22c6459aa1eefd0d25eb
+SHA1 (patch-eh) = 5e1dbbf82c01bc340d1ef4029cd5352b9fcf775e
+SHA1 (patch-ei) = 893b23b9e67ad640d984c962b93b5db639a780b3
+SHA1 (patch-ej) = 0719d0fa6fb55739a58b157e31f0ae442d57c211
+SHA1 (patch-ek) = de8ee96433a65b9f59804c4e78d6b04496e30d37
+SHA1 (patch-el) = cc7f39c82d017657bb72ff332b65f797bdbdd6fc
+SHA1 (patch-em) = 25ec7e56ceb87ea5bfc53f5734dab84ad15b88ca
+SHA1 (patch-en) = 447e7f996ab7e0179227676a9f7f2c4b51a69d62
+SHA1 (patch-eo) = 499b6d47db383acb0e7fcb90faebf4ede1ccd2a9
+SHA1 (patch-ep) = 0beae9b5cbc5e87c757e22796aed82c1c4436f0e
SHA1 (patch-sa) = 5586e998e2239b6851291b5f79b2e6009c78b174
SHA1 (patch-sb) = b769780b446e4f10bc99ccd3373d666daf44f863
SHA1 (patch-sc) = 33c4d4731e3732032f84946fc17e28d0cba389a6
diff -r 29c972f16272 -r 0cd3ec2161f7 x11/modular-xorg-server/patches/patch-ea
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/modular-xorg-server/patches/patch-ea Mon Feb 25 15:39:16 2008 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-ea,v 1.1 2008/02/25 15:39:16 joerg Exp $
+
+--- Xext/EVI.c.orig 2006-09-18 08:04:17.000000000 +0200
++++ Xext/EVI.c
+@@ -34,6 +34,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ #include <X11/extensions/XEVIstr.h>
+ #include "EVIstruct.h"
+ #include "modinit.h"
++#include "scrnintstr.h"
+
+ #if 0
+ static unsigned char XEVIReqCode = 0;
+@@ -87,10 +88,22 @@ ProcEVIGetVisualInfo(ClientPtr client)
+ {
+ REQUEST(xEVIGetVisualInfoReq);
+ xEVIGetVisualInfoReply rep;
+- int n, n_conflict, n_info, sz_info, sz_conflict;
++ int i, n, n_conflict, n_info, sz_info, sz_conflict;
+ VisualID32 *conflict;
++ unsigned int total_visuals = 0;
+ xExtendedVisualInfo *eviInfo;
+ int status;
++
++ /*
++ * do this first, otherwise REQUEST_FIXED_SIZE can overflow. we assume
++ * here that you don't have more than 2^32 visuals over all your screens;
++ * this seems like a safe assumption.
++ */
++ for (i = 0; i < screenInfo.numScreens; i++)
++ total_visuals += screenInfo.screens[i]->numVisuals;
++ if (stuff->n_visual > total_visuals)
++ return BadValue;
++
+ REQUEST_FIXED_SIZE(xEVIGetVisualInfoReq, stuff->n_visual * sz_VisualID32);
+ status = eviPriv->getVisualInfo((VisualID32 *)&stuff[1], (int)stuff->n_visual,
+ &eviInfo, &n_info, &conflict, &n_conflict);
diff -r 29c972f16272 -r 0cd3ec2161f7 x11/modular-xorg-server/patches/patch-eb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/modular-xorg-server/patches/patch-eb Mon Feb 25 15:39:16 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-eb,v 1.1 2008/02/25 15:39:16 joerg Exp $
+
+--- Xext/cup.c.orig 2006-09-18 08:04:17.000000000 +0200
++++ Xext/cup.c
+@@ -196,6 +196,9 @@ int ProcGetReservedColormapEntries(
+
+ REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq);
+
++ if (stuff->screen >= screenInfo.numScreens)
++ return BadValue;
++
+ #ifndef HAVE_SPECIAL_DESKTOP_COLORS
+ citems[CUP_BLACK_PIXEL].pixel =
+ screenInfo.screens[stuff->screen]->blackPixel;
diff -r 29c972f16272 -r 0cd3ec2161f7 x11/modular-xorg-server/patches/patch-ec
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/modular-xorg-server/patches/patch-ec Mon Feb 25 15:39:16 2008 +0000
@@ -0,0 +1,60 @@
+$NetBSD: patch-ec,v 1.1 2008/02/25 15:39:16 joerg Exp $
+
+--- Xext/sampleEVI.c.orig 2006-09-18 08:04:17.000000000 +0200
++++ Xext/sampleEVI.c
+@@ -35,6 +35,13 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ #include <X11/extensions/XEVIstr.h>
+ #include "EVIstruct.h"
+ #include "scrnintstr.h"
++
++#if HAVE_STDINT_H
++#include <stdint.h>
++#elif !defined(UINT32_MAX)
++#define UINT32_MAX 0xffffffffU
++#endif
++
+ static int sampleGetVisualInfo(
+ VisualID32 *visual,
+ int n_visual,
+@@ -43,24 +50,36 @@ static int sampleGetVisualInfo(
+ VisualID32 **conflict_rn,
+ int *n_conflict_rn)
+ {
+- int max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens;
++ unsigned int max_sz_evi;
+ VisualID32 *temp_conflict;
+ xExtendedVisualInfo *evi;
+- int max_visuals = 0, max_sz_conflict, sz_conflict = 0;
++ unsigned int max_visuals = 0, max_sz_conflict, sz_conflict = 0;
+ register int visualI, scrI, sz_evi = 0, conflictI, n_conflict;
+- *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi);
+- if (!*evi_rn)
+- return BadAlloc;
++
++ if (n_visual > UINT32_MAX/(sz_xExtendedVisualInfo * screenInfo.numScreens))
++ return BadAlloc;
++ max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens;
++
+ for (scrI = 0; scrI < screenInfo.numScreens; scrI++) {
+ if (screenInfo.screens[scrI]->numVisuals > max_visuals)
+ max_visuals = screenInfo.screens[scrI]->numVisuals;
+ }
++
++ if (n_visual > UINT32_MAX/(sz_VisualID32 * screenInfo.numScreens
++ * max_visuals))
++ return BadAlloc;
+ max_sz_conflict = n_visual * sz_VisualID32 * screenInfo.numScreens * max_visuals;
++
++ *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi);
++ if (!*evi_rn)
++ return BadAlloc;
++
+ temp_conflict = (VisualID32 *)xalloc(max_sz_conflict);
+ if (!temp_conflict) {
+ xfree(*evi_rn);
+ return BadAlloc;
+ }
++
+ for (scrI = 0; scrI < screenInfo.numScreens; scrI++) {
+ for (visualI = 0; visualI < n_visual; visualI++) {
+ evi[sz_evi].core_visual_id = visual[visualI];
diff -r 29c972f16272 -r 0cd3ec2161f7 x11/modular-xorg-server/patches/patch-ed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/modular-xorg-server/patches/patch-ed Mon Feb 25 15:39:16 2008 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ed,v 1.1 2008/02/25 15:39:16 joerg Exp $
+
+--- Xext/security.c.orig 2006-11-16 18:39:03.000000000 +0100
++++ Xext/security.c
+@@ -1567,9 +1567,9 @@ SecurityLoadPropertyAccessList(void)
+ return;
+
+ #ifndef __UNIXOS2__
+- f = fopen(SecurityPolicyFile, "r");
++ f = Fopen(SecurityPolicyFile, "r");
+ #else
+- f = fopen((char*)__XOS2RedirRoot(SecurityPolicyFile), "r");
++ f = Fopen((char*)__XOS2RedirRoot(SecurityPolicyFile), "r");
+ #endif
+ if (!f)
+ {
+@@ -1653,7 +1653,7 @@ SecurityLoadPropertyAccessList(void)
+ }
+ #endif /* PROPDEBUG */
+
+- fclose(f);
++ Fclose(f);
+ } /* SecurityLoadPropertyAccessList */
+
+
diff -r 29c972f16272 -r 0cd3ec2161f7 x11/modular-xorg-server/patches/patch-ef
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/modular-xorg-server/patches/patch-ef Mon Feb 25 15:39:16 2008 +0000
@@ -0,0 +1,100 @@
+$NetBSD: patch-ef,v 1.1 2008/02/25 15:39:16 joerg Exp $
+
+--- Xext/shm.c.orig 2008-02-25 15:43:05.000000000 +0100
++++ Xext/shm.c
+@@ -723,6 +723,8 @@ ProcPanoramiXShmCreatePixmap(
+ int i, j, result;
+ ShmDescPtr shmdesc;
+ REQUEST(xShmCreatePixmapReq);
++ unsigned int width, height, depth;
++ unsigned long size;
+ PanoramiXRes *newPix;
+
+ REQUEST_SIZE_MATCH(xShmCreatePixmapReq);
+@@ -732,11 +734,26 @@ ProcPanoramiXShmCreatePixmap(
+ LEGAL_NEW_RESOURCE(stuff->pid, client);
+ VERIFY_GEOMETRABLE(pDraw, stuff->drawable, client);
+ VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client);
+- if (!stuff->width || !stuff->height)
++
++ width = stuff->width;
++ height = stuff->height;
++ depth = stuff->depth;
++ if (!width || !height || !depth)
+ {
+ client->errorValue = 0;
+ return BadValue;
+ }
++ if (width > 32767 || height > 32767)
++ return BadAlloc;
++ size = PixmapBytePad(width, depth) * height;
++ if (sizeof(size) == 4) {
++ if (size < width * height)
++ return BadAlloc;
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
++ }
++
+ if (stuff->depth != 1)
+ {
+ pDepth = pDraw->pScreen->allowedDepths;
+@@ -747,9 +764,7 @@ ProcPanoramiXShmCreatePixmap(
+ return BadValue;
+ }
+ CreatePmap:
+- VERIFY_SHMSIZE(shmdesc, stuff->offset,
+- PixmapBytePad(stuff->width, stuff->depth) * stuff->height,
+- client);
++ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+
+ if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes))))
+ return BadAlloc;
+@@ -1047,6 +1062,8 @@ ProcShmCreatePixmap(client)
+ register int i;
+ ShmDescPtr shmdesc;
+ REQUEST(xShmCreatePixmapReq);
++ unsigned int width, height, depth;
++ unsigned long size;
+
+ REQUEST_SIZE_MATCH(xShmCreatePixmapReq);
+ client->errorValue = stuff->pid;
+@@ -1055,11 +1072,26 @@ ProcShmCreatePixmap(client)
+ LEGAL_NEW_RESOURCE(stuff->pid, client);
+ VERIFY_GEOMETRABLE(pDraw, stuff->drawable, client);
+ VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client);
+- if (!stuff->width || !stuff->height)
++
++ width = stuff->width;
++ height = stuff->height;
++ depth = stuff->depth;
++ if (!width || !height || !depth)
+ {
+ client->errorValue = 0;
+ return BadValue;
+ }
++ if (width > 32767 || height > 32767)
++ return BadAlloc;
++ size = PixmapBytePad(width, depth) * height;
++ if (sizeof(size) == 4) {
++ if (size < width * height)
++ return BadAlloc;
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
++ }
++
+ if (stuff->depth != 1)
+ {
+ pDepth = pDraw->pScreen->allowedDepths;
+@@ -1070,9 +1102,7 @@ ProcShmCreatePixmap(client)
+ return BadValue;
+ }
+ CreatePmap:
+- VERIFY_SHMSIZE(shmdesc, stuff->offset,
+- PixmapBytePad(stuff->width, stuff->depth) * stuff->height,
+- client);
++ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+ pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
+ pDraw->pScreen, stuff->width,
+ stuff->height, stuff->depth,
Home |
Main Index |
Thread Index |
Old Index