CVS commit: xsrc/xfree/xc/programs/Xserver

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: xsrc/xfree/xc/programs/Xserver
From: "matthew green" <mrg%netbsd.org@localhost>
Date: Thu, 11 Dec 2014 09:46:17 +0000

Module Name:    xsrc
Committed By:   mrg
Date:           Thu Dec 11 09:46:17 UTC 2014

Modified Files:
        xsrc/xfree/xc/programs/Xserver/GL/glx: glxcmds.c glxcmdsswap.c
            glxserver.h rensize.c single2.c single2swap.c singlepix.c
            singlepixswap.c unpack.h
        xsrc/xfree/xc/programs/Xserver/Xext: xcmisc.c xvdisp.c
        xsrc/xfree/xc/programs/Xserver/Xi: chgdctl.c chgfctl.c sendexev.c
        xsrc/xfree/xc/programs/Xserver/dbe: dbe.c
        xsrc/xfree/xc/programs/Xserver/dix: dispatch.c
        xsrc/xfree/xc/programs/Xserver/include: dix.h misc.h
        xsrc/xfree/xc/programs/Xserver/os: access.c rpcauth.c
        xsrc/xfree/xc/programs/Xserver/randr: randr.c
        xsrc/xfree/xc/programs/Xserver/render: render.c

Log Message:
pull over from xorg-server, porting as necessary.

--
apply fixes for:

X.Org Security Advisory:  Dec. 9, 2014
Protocol handling issues in X Window System servers

backported to 1.10.x by myself.

included are fixes for:

denial of service due to unchecked malloc in client authentication
        CVE-2014-8091
integer overflows calculating memory needs for requests
        CVE-2014-8092
        CVE-2014-8093
        CVE-2014-8094
out of bounds access due to not validating length or offset values in requests
        CVE-2014-8095
        CVE-2014-8096
        CVE-2014-8097
        CVE-2014-8098
        CVE-2014-8099
        CVE-2014-8100
        CVE-2014-8101
        CVE-2014-8102
        CVE-2014-8103
--
apply two more parts of CVE-2014-8092:
  Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
  dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]
--


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6 -r1.2 xsrc/xfree/xc/programs/Xserver/GL/glx/glxcmds.c \
    xsrc/xfree/xc/programs/Xserver/GL/glx/glxcmdsswap.c \
    xsrc/xfree/xc/programs/Xserver/GL/glx/glxserver.h \
    xsrc/xfree/xc/programs/Xserver/GL/glx/single2.c \
    xsrc/xfree/xc/programs/Xserver/GL/glx/single2swap.c \
    xsrc/xfree/xc/programs/Xserver/GL/glx/unpack.h
cvs rdiff -u -r1.1.1.7 -r1.2 xsrc/xfree/xc/programs/Xserver/GL/glx/rensize.c
cvs rdiff -u -r1.1.1.3 -r1.2 \
    xsrc/xfree/xc/programs/Xserver/GL/glx/singlepix.c
cvs rdiff -u -r1.1.1.4 -r1.2 \
    xsrc/xfree/xc/programs/Xserver/GL/glx/singlepixswap.c
cvs rdiff -u -r1.2 -r1.3 xsrc/xfree/xc/programs/Xserver/Xext/xcmisc.c
cvs rdiff -u -r1.1.1.5 -r1.2 xsrc/xfree/xc/programs/Xserver/Xext/xvdisp.c
cvs rdiff -u -r1.1.1.4 -r1.2 xsrc/xfree/xc/programs/Xserver/Xi/chgdctl.c \
    xsrc/xfree/xc/programs/Xserver/Xi/chgfctl.c \
    xsrc/xfree/xc/programs/Xserver/Xi/sendexev.c
cvs rdiff -u -r1.2 -r1.3 xsrc/xfree/xc/programs/Xserver/dbe/dbe.c
cvs rdiff -u -r1.1.1.7 -r1.2 xsrc/xfree/xc/programs/Xserver/dix/dispatch.c
cvs rdiff -u -r1.1.1.6 -r1.2 xsrc/xfree/xc/programs/Xserver/include/dix.h \
    xsrc/xfree/xc/programs/Xserver/include/misc.h
cvs rdiff -u -r1.6 -r1.7 xsrc/xfree/xc/programs/Xserver/os/access.c
cvs rdiff -u -r1.1.1.5 -r1.2 xsrc/xfree/xc/programs/Xserver/os/rpcauth.c
cvs rdiff -u -r1.1.1.3 -r1.2 xsrc/xfree/xc/programs/Xserver/randr/randr.c
cvs rdiff -u -r1.3 -r1.4 xsrc/xfree/xc/programs/Xserver/render/render.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-5] src/doc
Next by Date: CVS commit: src/usr.sbin/cpuctl/arch
Previous by Thread: CVS commit: [netbsd-5] src/doc
Next by Thread: CVS commit: src/usr.sbin/cpuctl/arch
Indexes:

Home | Main Index | Thread Index | Old Index