| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: CHANGES-7.0.2,v 1.1.2.14 2016/09/25 12:24:51 bouyer Exp $ | | 1 | # $NetBSD: CHANGES-7.0.2,v 1.1.2.15 2016/10/05 09:51:18 bouyer Exp $ |
2 | | | 2 | |
3 | A complete list of changes from the NetBSD 7.0.1 release to the NetBSD 7.0.2 | | 3 | A complete list of changes from the NetBSD 7.0.1 release to the NetBSD 7.0.2 |
4 | release: | | 4 | release: |
5 | | | 5 | |
6 | gnu/usr.bin/groff/tmac/mdoc.local patched by hand | | 6 | gnu/usr.bin/groff/tmac/mdoc.local patched by hand |
7 | sys/sys/param.h patched by hand | | 7 | sys/sys/param.h patched by hand |
8 | | | 8 | |
9 | Welcome to 7.0.1_PATCH. | | 9 | Welcome to 7.0.1_PATCH. |
10 | [snj] | | 10 | [snj] |
11 | | | 11 | |
12 | external/gpl3/gcc/dist/gcc/cp/Make-lang.in 1.6 | | 12 | external/gpl3/gcc/dist/gcc/cp/Make-lang.in 1.6 |
13 | external/gpl3/gcc/dist/gcc/cp/cfns.gperf 1.2 | | 13 | external/gpl3/gcc/dist/gcc/cp/cfns.gperf 1.2 |
14 | external/gpl3/gcc/dist/gcc/cp/cfns.h 1.2 | | 14 | external/gpl3/gcc/dist/gcc/cp/cfns.h 1.2 |
| @@ -263,13 +263,136 @@ etc/namedb/root.cache 1.21 | | | @@ -263,13 +263,136 @@ etc/namedb/root.cache 1.21 |
263 | Update root.cache to 2016/8/25 version. | | 263 | Update root.cache to 2016/8/25 version. |
264 | [taca, ticket #1246] | | 264 | [taca, ticket #1246] |
265 | | | 265 | |
266 | sys/lib/libsa/checkpasswd.c 1.10 | | 266 | sys/lib/libsa/checkpasswd.c 1.10 |
267 | | | 267 | |
268 | Check bounds on input. From Michael Plass. | | 268 | Check bounds on input. From Michael Plass. |
269 | [dholland, ticket #1250] | | 269 | [dholland, ticket #1250] |
270 | | | 270 | |
271 | sys/arch/sparc64/sparc64/locore.s 1.401 | | 271 | sys/arch/sparc64/sparc64/locore.s 1.401 |
272 | | | 272 | |
273 | Fix RAS for 32-bit kernels. trapframe is always 64-bit. | | 273 | Fix RAS for 32-bit kernels. trapframe is always 64-bit. |
274 | [nakayama, ticket #1257] | | 274 | [nakayama, ticket #1257] |
275 | | | 275 | |
| | | 276 | xsrc/external/mit/libX11/dist/src/FontNames.c patch |
| | | 277 | xsrc/external/mit/libX11/dist/src/GetImage.c patch |
| | | 278 | xsrc/external/mit/libX11/dist/src/ListExt.c patch |
| | | 279 | xsrc/external/mit/libX11/dist/src/ModMap.c patch |
| | | 280 | xsrc/external/mit/libXfixes/dist/src/Region.c patch |
| | | 281 | xsrc/external/mit/libXi/dist/src/XGMotion.c patch |
| | | 282 | xsrc/external/mit/libXi/dist/src/XGetBMap.c patch |
| | | 283 | xsrc/external/mit/libXi/dist/src/XGetDCtl.c patch |
| | | 284 | xsrc/external/mit/libXi/dist/src/XGetFCtl.c patch |
| | | 285 | xsrc/external/mit/libXi/dist/src/XGetKMap.c patch |
| | | 286 | xsrc/external/mit/libXi/dist/src/XGetMMap.c patch |
| | | 287 | xsrc/external/mit/libXi/dist/src/XIQueryDevice.c patch |
| | | 288 | xsrc/external/mit/libXi/dist/src/XListDev.c patch |
| | | 289 | xsrc/external/mit/libXi/dist/src/XOpenDev.c patch |
| | | 290 | xsrc/external/mit/libXi/dist/src/XQueryDv.c patch |
| | | 291 | xsrc/external/mit/libXrandr/dist/src/XrrConfig.c patch |
| | | 292 | xsrc/external/mit/libXrandr/dist/src/XrrCrtc.c patch |
| | | 293 | xsrc/external/mit/libXrandr/dist/src/XrrOutput.c patch |
| | | 294 | xsrc/external/mit/libXrandr/dist/src/XrrProvider.c patch |
| | | 295 | xsrc/external/mit/libXrandr/dist/src/XrrScreen.c patch |
| | | 296 | xsrc/external/mit/libXrender/dist/src/Filter.c patch |
| | | 297 | xsrc/external/mit/libXrender/dist/src/Xrender.c patch |
| | | 298 | xsrc/external/mit/libXtst/dist/src/XRecord.c patch |
| | | 299 | xsrc/external/mit/libXv/dist/src/Xv.c patch |
| | | 300 | xsrc/external/mit/libXvMC/dist/src/XvMC.c patch |
| | | 301 | |
| | | 302 | Fix (backported from upstream) the following issues in X client |
| | | 303 | libraries: |
| | | 304 | libX11 - insufficient validation of data from the X server |
| | | 305 | can cause out of boundary memory read (XGetImage()) |
| | | 306 | or write (XListFonts()). |
| | | 307 | Affected versions libX11 <= 1.6.3 |
| | | 308 | |
| | | 309 | libXfixes - insufficient validation of data from the X server |
| | | 310 | can cause an integer overflow on 32 bit architectures. |
| | | 311 | Affected versions : libXfixes <= 5.0.2 |
| | | 312 | |
| | | 313 | libXi - insufficient validation of data from the X server |
| | | 314 | can cause out of boundary memory access or |
| | | 315 | endless loops (Denial of Service). |
| | | 316 | Affected versions libXi <= 1.7.6 |
| | | 317 | |
| | | 318 | libXrandr - insufficient validation of data from the X server |
| | | 319 | can cause out of boundary memory writes. |
| | | 320 | Affected versions: libXrandr <= 1.5.0 |
| | | 321 | |
| | | 322 | libXrender - insufficient validation of data from the X server |
| | | 323 | can cause out of boundary memory writes. |
| | | 324 | Affected version: libXrender <= 0.9.9 |
| | | 325 | |
| | | 326 | XRecord - insufficient validation of data from the X server |
| | | 327 | can cause out of boundary memory access or |
| | | 328 | endless loops (Denial of Service). |
| | | 329 | Affected version libXtst <= 1.2.2 |
| | | 330 | |
| | | 331 | libXv - insufficient validation of data from the X server |
| | | 332 | can cause out of boundary memory and memory corruption. |
| | | 333 | CVE-2016-5407 |
| | | 334 | affected versions libXv <= 1.0.10 |
| | | 335 | |
| | | 336 | libXvMC - insufficient validation of data from the X server |
| | | 337 | can cause a one byte buffer read underrun. |
| | | 338 | Affected versions: libXvMC <= 1.0.9 |
| | | 339 | [mrg, ticket 1262] |
| | | 340 | |
| | | 341 | xsrc/xfree/xc/lib/X11/FontNames.c patch |
| | | 342 | xsrc/xfree/xc/lib/X11/GetImage.c patch |
| | | 343 | xsrc/xfree/xc/lib/X11/ListExt.c patch |
| | | 344 | xsrc/xfree/xc/lib/X11/ModMap.c patch |
| | | 345 | xsrc/xfree/xc/lib/X11/Xlibint.h patch |
| | | 346 | xsrc/xfree/xc/lib/Xi/XGMotion.c patch |
| | | 347 | xsrc/xfree/xc/lib/Xi/XGetBMap.c patch |
| | | 348 | xsrc/xfree/xc/lib/Xi/XGetDCtl.c patch |
| | | 349 | xsrc/xfree/xc/lib/Xi/XGetFCtl.c patch |
| | | 350 | xsrc/xfree/xc/lib/Xi/XGetKMap.c patch |
| | | 351 | xsrc/xfree/xc/lib/Xi/XGetMMap.c patch |
| | | 352 | xsrc/xfree/xc/lib/Xi/XOpenDev.c patch |
| | | 353 | xsrc/xfree/xc/lib/Xi/XQueryDv.c patch |
| | | 354 | xsrc/xfree/xc/lib/Xrender/Filter.c patch |
| | | 355 | xsrc/xfree/xc/lib/Xrender/Xrender.c patch |
| | | 356 | xsrc/xfree/xc/lib/Xtst/XRecord.c patch |
| | | 357 | xsrc/xfree/xc/lib/Xv/Xv.c patch |
| | | 358 | xsrc/xfree/xc/programs/Xserver/include/dix.h patch |
| | | 359 | |
| | | 360 | Fix (backported from upstream) the following issues in X client |
| | | 361 | libraries: |
| | | 362 | libX11 - insufficient validation of data from the X server |
| | | 363 | can cause out of boundary memory read (XGetImage()) |
| | | 364 | or write (XListFonts()). |
| | | 365 | Affected versions libX11 <= 1.6.3 |
| | | 366 | |
| | | 367 | libXfixes - insufficient validation of data from the X server |
| | | 368 | can cause an integer overflow on 32 bit architectures. |
| | | 369 | Affected versions : libXfixes <= 5.0.2 |
| | | 370 | |
| | | 371 | libXi - insufficient validation of data from the X server |
| | | 372 | can cause out of boundary memory access or |
| | | 373 | endless loops (Denial of Service). |
| | | 374 | Affected versions libXi <= 1.7.6 |
| | | 375 | |
| | | 376 | libXrandr - insufficient validation of data from the X server |
| | | 377 | can cause out of boundary memory writes. |
| | | 378 | Affected versions: libXrandr <= 1.5.0 |
| | | 379 | |
| | | 380 | libXrender - insufficient validation of data from the X server |
| | | 381 | can cause out of boundary memory writes. |
| | | 382 | Affected version: libXrender <= 0.9.9 |
| | | 383 | |
| | | 384 | XRecord - insufficient validation of data from the X server |
| | | 385 | can cause out of boundary memory access or |
| | | 386 | endless loops (Denial of Service). |
| | | 387 | Affected version libXtst <= 1.2.2 |
| | | 388 | |
| | | 389 | libXv - insufficient validation of data from the X server |
| | | 390 | can cause out of boundary memory and memory corruption. |
| | | 391 | CVE-2016-5407 |
| | | 392 | affected versions libXv <= 1.0.10 |
| | | 393 | |
| | | 394 | libXvMC - insufficient validation of data from the X server |
| | | 395 | can cause a one byte buffer read underrun. |
| | | 396 | Affected versions: libXvMC <= 1.0.9 |
| | | 397 | [mrg, ticket 1263] |
| | | 398 | |