Received: by mail.netbsd.org (Postfix, from userid 605)
	id 08DCB85EC2; Wed,  5 Oct 2016 09:50:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 892E985EAF
	for <source-changes@NetBSD.org>; Wed,  5 Oct 2016 09:50:00 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id pJMuQ_aCNr4R for <source-changes@netbsd.org>;
	Wed,  5 Oct 2016 09:50:00 +0000 (UTC)
Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id F317485E8A
	for <source-changes@NetBSD.org>; Wed,  5 Oct 2016 09:49:59 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id E8548FBD2; Wed,  5 Oct 2016 09:49:59 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Wed, 5 Oct 2016 09:49:59 +0000
From: "Manuel Bouyer" <bouyer@netbsd.org>
Subject: CVS commit: [netbsd-7-0] xsrc/xfree/xc
To: source-changes@NetBSD.org
X-Mailer: log_accum
Message-Id: <20161005094959.E8548FBD2@cvs.NetBSD.org>
Sender: source-changes-owner@NetBSD.org
List-Id: source-changes.NetBSD.org
Precedence: bulk
Reply-To: source-changes-d@NetBSD.org
Mail-Reply-To: "Manuel Bouyer" <bouyer@netbsd.org>
Mail-Followup-To: source-changes-d@NetBSD.org

Module Name:	xsrc
Committed By:	bouyer
Date:		Wed Oct  5 09:49:59 UTC 2016

Modified Files:
	xsrc/xfree/xc/lib/X11 [netbsd-7-0]: FontNames.c GetImage.c ListExt.c
	    ModMap.c Xlibint.h
	xsrc/xfree/xc/lib/Xi [netbsd-7-0]: XGMotion.c XGetBMap.c XGetDCtl.c
	    XGetFCtl.c XGetKMap.c XGetMMap.c XOpenDev.c XQueryDv.c
	xsrc/xfree/xc/lib/Xrender [netbsd-7-0]: Filter.c Xrender.c
	xsrc/xfree/xc/lib/Xtst [netbsd-7-0]: XRecord.c
	xsrc/xfree/xc/lib/Xv [netbsd-7-0]: Xv.c
	xsrc/xfree/xc/programs/Xserver/include [netbsd-7-0]: dix.h

Log Message:
Apply patch, requested my mrg in ticket 1263:
	xsrc/xfree/xc/lib/X11/FontNames.c		patch
	xsrc/xfree/xc/lib/X11/GetImage.c		patch
	xsrc/xfree/xc/lib/X11/ListExt.c			patch
	xsrc/xfree/xc/lib/X11/ModMap.c			patch
	xsrc/xfree/xc/lib/X11/Xlibint.h			patch
	xsrc/xfree/xc/lib/Xi/XGMotion.c			patch
	xsrc/xfree/xc/lib/Xi/XGetBMap.c			patch
	xsrc/xfree/xc/lib/Xi/XGetDCtl.c			patch
	xsrc/xfree/xc/lib/Xi/XGetFCtl.c			patch
	xsrc/xfree/xc/lib/Xi/XGetKMap.c			patch
	xsrc/xfree/xc/lib/Xi/XGetMMap.c			patch
	xsrc/xfree/xc/lib/Xi/XOpenDev.c			patch
	xsrc/xfree/xc/lib/Xi/XQueryDv.c			patch
	xsrc/xfree/xc/lib/Xrender/Filter.c		patch
	xsrc/xfree/xc/lib/Xrender/Xrender.c		patch
	xsrc/xfree/xc/lib/Xtst/XRecord.c		patch
	xsrc/xfree/xc/lib/Xv/Xv.c			patch
	xsrc/xfree/xc/programs/Xserver/include/dix.h	patch

Fix (backported from upstream) the following issues in X client
libraries:
libX11 - insufficient validation of data from the X server
	 can cause out of boundary memory read (XGetImage())
	 or write (XListFonts()).
	 Affected versions libX11 <= 1.6.3

libXfixes - insufficient validation of data from the X server
	can cause an integer overflow on 32 bit architectures.
	Affected versions : libXfixes <= 5.0.2

libXi - insufficient validation of data from the X server
	can cause out of boundary memory access or
	endless loops (Denial of Service).
	Affected versions libXi <= 1.7.6

libXrandr - insufficient validation of data from the X server
	can cause out of boundary memory writes.
	Affected versions: libXrandr <= 1.5.0

libXrender - insufficient validation of data from the X server
	can cause out of boundary memory writes.
	Affected version: libXrender <= 0.9.9

XRecord - insufficient validation of data from the X server
	can cause out of boundary memory access or
	endless loops (Denial of Service).
	 Affected version libXtst <= 1.2.2

libXv - insufficient validation of data from the X server
	can cause out of boundary memory and memory corruption.
	CVE-2016-5407
	affected versions libXv <= 1.0.10

libXvMC - insufficient validation of data from the X server
	can cause a one byte buffer read underrun.
	Affected versions: libXvMC <= 1.0.9


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.38.1 xsrc/xfree/xc/lib/X11/FontNames.c \
    xsrc/xfree/xc/lib/X11/GetImage.c xsrc/xfree/xc/lib/X11/ModMap.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.40.1 xsrc/xfree/xc/lib/X11/ListExt.c
cvs rdiff -u -r1.1.1.7.24.1 -r1.1.1.7.24.1.2.1 \
    xsrc/xfree/xc/lib/X11/Xlibint.h
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.40.1 xsrc/xfree/xc/lib/Xi/XGMotion.c \
    xsrc/xfree/xc/lib/Xi/XGetBMap.c xsrc/xfree/xc/lib/Xi/XGetDCtl.c \
    xsrc/xfree/xc/lib/Xi/XGetFCtl.c xsrc/xfree/xc/lib/Xi/XGetMMap.c \
    xsrc/xfree/xc/lib/Xi/XOpenDev.c xsrc/xfree/xc/lib/Xi/XQueryDv.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.38.1 xsrc/xfree/xc/lib/Xi/XGetKMap.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.40.1 xsrc/xfree/xc/lib/Xrender/Filter.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.40.1 xsrc/xfree/xc/lib/Xrender/Xrender.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.26.1 xsrc/xfree/xc/lib/Xtst/XRecord.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.26.1 xsrc/xfree/xc/lib/Xv/Xv.c
cvs rdiff -u -r1.1.1.6.36.1 -r1.1.1.6.36.1.2.1 \
    xsrc/xfree/xc/programs/Xserver/include/dix.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.