Received: by mail.netbsd.org (Postfix, from userid 605) id 8BE0B14A25E; Fri, 12 Dec 2014 06:56:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id F3C7614A25D for ; Fri, 12 Dec 2014 06:56:55 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 2pY6QkNLA7Aw for ; Fri, 12 Dec 2014 06:56:54 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 9006314A257 for ; Fri, 12 Dec 2014 06:56:54 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 8DD4098; Fri, 12 Dec 2014 06:56:54 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Fri, 12 Dec 2014 06:56:54 +0000 From: "Soren Jacobsen" Subject: CVS commit: [netbsd-5-1] xsrc/xfree/xc/programs/Xserver To: source-changes@NetBSD.org X-Mailer: log_accum Message-Id: <20141212065654.8DD4098@cvs.netbsd.org> Sender: source-changes-owner@NetBSD.org List-Id: source-changes.NetBSD.org Precedence: bulk Reply-To: source-changes-d@NetBSD.org Mail-Reply-To: "Soren Jacobsen" Mail-Followup-To: source-changes-d@NetBSD.org Module Name: xsrc Committed By: snj Date: Fri Dec 12 06:56:54 UTC 2014 Modified Files: xsrc/xfree/xc/programs/Xserver/GL/glx [netbsd-5-1]: glxcmds.c glxcmdsswap.c glxserver.h rensize.c single2.c single2swap.c singlepix.c singlepixswap.c unpack.h xsrc/xfree/xc/programs/Xserver/Xext [netbsd-5-1]: xcmisc.c xvdisp.c xsrc/xfree/xc/programs/Xserver/Xi [netbsd-5-1]: chgdctl.c chgfctl.c sendexev.c xsrc/xfree/xc/programs/Xserver/dbe [netbsd-5-1]: dbe.c xsrc/xfree/xc/programs/Xserver/dix [netbsd-5-1]: dispatch.c xsrc/xfree/xc/programs/Xserver/include [netbsd-5-1]: dix.h misc.h xsrc/xfree/xc/programs/Xserver/os [netbsd-5-1]: access.c rpcauth.c xsrc/xfree/xc/programs/Xserver/randr [netbsd-5-1]: randr.c xsrc/xfree/xc/programs/Xserver/render [netbsd-5-1]: render.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1935): xfree/xc/programs/Xserver/dix/dispatch.c: revision 1.2 xfree/xc/programs/Xserver/Xext/xvdisp.c: revision 1.2 xfree/xc/programs/Xserver/include/misc.h: revision 1.2 xfree/xc/programs/Xserver/render/render.c: revision 1.4 xfree/xc/programs/Xserver/GL/glx/singlepixswap.c: revision 1.2 xfree/xc/programs/Xserver/Xi/sendexev.c: revision 1.2 xfree/xc/programs/Xserver/include/dix.h: revision 1.2 xfree/xc/programs/Xserver/os/access.c: revision 1.7 xfree/xc/programs/Xserver/GL/glx/glxserver.h: revision 1.2 xfree/xc/programs/Xserver/GL/glx/rensize.c: revision 1.2 xfree/xc/programs/Xserver/GL/glx/unpack.h: revision 1.2 xfree/xc/programs/Xserver/GL/glx/singlepix.c: revision 1.2 xfree/xc/programs/Xserver/Xi/chgfctl.c: revision 1.2 xfree/xc/programs/Xserver/Xi/chgdctl.c: revision 1.2 xfree/xc/programs/Xserver/GL/glx/glxcmds.c: revision 1.2 xfree/xc/programs/Xserver/Xext/xcmisc.c: revision 1.3 xfree/xc/programs/Xserver/randr/randr.c: revision 1.2 xfree/xc/programs/Xserver/GL/glx/glxcmdsswap.c: revision 1.2 xfree/xc/programs/Xserver/os/rpcauth.c: revision 1.2 xfree/xc/programs/Xserver/dbe/dbe.c: revision 1.3 xfree/xc/programs/Xserver/GL/glx/single2.c: revision 1.2 xfree/xc/programs/Xserver/GL/glx/single2swap.c: revision 1.2 pull over from xorg-server, porting as necessary. - -- apply fixes for: X.Org Security Advisory: Dec. 9, 2014 Protocol handling issues in X Window System servers backported to 1.10.x by myself. included are fixes for: denial of service due to unchecked malloc in client authentication CVE-2014-8091 integer overflows calculating memory needs for requests CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 out of bounds access due to not validating length or offset values in requests CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 - -- apply two more parts of CVE-2014-8092: Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5] dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6] - -- To generate a diff of this commit: cvs rdiff -u -r1.1.1.6 -r1.1.1.6.12.1 \ xsrc/xfree/xc/programs/Xserver/GL/glx/glxcmds.c \ xsrc/xfree/xc/programs/Xserver/GL/glx/glxcmdsswap.c \ xsrc/xfree/xc/programs/Xserver/GL/glx/glxserver.h \ xsrc/xfree/xc/programs/Xserver/GL/glx/single2.c \ xsrc/xfree/xc/programs/Xserver/GL/glx/single2swap.c \ xsrc/xfree/xc/programs/Xserver/GL/glx/unpack.h cvs rdiff -u -r1.1.1.7 -r1.1.1.7.12.1 \ xsrc/xfree/xc/programs/Xserver/GL/glx/rensize.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.26.1 \ xsrc/xfree/xc/programs/Xserver/GL/glx/singlepix.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.26.1 \ xsrc/xfree/xc/programs/Xserver/GL/glx/singlepixswap.c cvs rdiff -u -r1.2 -r1.2.6.1 xsrc/xfree/xc/programs/Xserver/Xext/xcmisc.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.24.1 \ xsrc/xfree/xc/programs/Xserver/Xext/xvdisp.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.26.1 \ xsrc/xfree/xc/programs/Xserver/Xi/chgdctl.c \ xsrc/xfree/xc/programs/Xserver/Xi/chgfctl.c \ xsrc/xfree/xc/programs/Xserver/Xi/sendexev.c cvs rdiff -u -r1.2 -r1.2.6.1 xsrc/xfree/xc/programs/Xserver/dbe/dbe.c cvs rdiff -u -r1.1.1.7 -r1.1.1.7.12.1 \ xsrc/xfree/xc/programs/Xserver/dix/dispatch.c cvs rdiff -u -r1.1.1.6 -r1.1.1.6.24.1 \ xsrc/xfree/xc/programs/Xserver/include/dix.h cvs rdiff -u -r1.1.1.6 -r1.1.1.6.12.1 \ xsrc/xfree/xc/programs/Xserver/include/misc.h cvs rdiff -u -r1.6 -r1.6.12.1 xsrc/xfree/xc/programs/Xserver/os/access.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.24.1 \ xsrc/xfree/xc/programs/Xserver/os/rpcauth.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.24.1 \ xsrc/xfree/xc/programs/Xserver/randr/randr.c cvs rdiff -u -r1.3 -r1.3.6.1 xsrc/xfree/xc/programs/Xserver/render/render.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.