Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: xsrc/external/mit/xorg-server/dist



Module Name:    xsrc
Committed By:   mrg
Date:           Sat Nov  4 21:49:33 UTC 2017

Modified Files:
        xsrc/external/mit/xorg-server/dist/Xext: panoramiX.c saver.c vidmode.c
            xres.c xvdisp.c
        xsrc/external/mit/xorg-server/dist/Xi: xibarriers.c xichangehierarchy.c
        xsrc/external/mit/xorg-server/dist/dbe: dbe.c
        xsrc/external/mit/xorg-server/dist/dix: dispatch.c
        xsrc/external/mit/xorg-server/dist/hw/dmx: dmxpict.c
        xsrc/external/mit/xorg-server/dist/hw/xfree86/common: xf86DGA.c
        xsrc/external/mit/xorg-server/dist/hw/xfree86/dri: xf86dri.c
        xsrc/external/mit/xorg-server/dist/pseudoramiX: pseudoramiX.c
        xsrc/external/mit/xorg-server/dist/render: render.c
        xsrc/external/mit/xorg-server/dist/xfixes: cursor.c region.c saveset.c
            xfixes.c

Log Message:
apply fixes for CVEs 2017-12176 to 2017-12187.

--
>From 1b1d4c04695dced2463404174b50b3581dbd857b Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd%opentext.com@localhost>
Date: Sun, 21 Dec 2014 01:10:03 -0500
Subject: hw/xfree86: unvalidated lengths

This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
--
>From 211e05ac85a294ef361b9f80d689047fa52b9076 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb%suse.com@localhost>
Date: Fri, 7 Jul 2017 17:21:46 +0200
Subject: Xi: Test exact size of XIBarrierReleasePointer

Otherwise a client can send any value of num_barriers and cause reading or swapping of values on heap behind the receive buffer.
--
>From 4ca68b878e851e2136c234f40a25008297d8d831 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd%opentext.com@localhost>
Date: Fri, 9 Jan 2015 10:09:14 -0500
Subject: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo
 (CVE-2017-12177)

v2: Protect against integer overflow (Alan Coopersmith)
--
>From 55caa8b08c84af2b50fbc936cf334a5a93dd7db5 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd%opentext.com@localhost>
Date: Fri, 9 Jan 2015 11:43:05 -0500
Subject: xfixes: unvalidated lengths (CVE-2017-12183)

v2: Use before swap (Jeremy Huddleston Sequoia)

v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
--
>From 859b08d523307eebde7724fd1a0789c44813e821 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd%opentext.com@localhost>
Date: Wed, 24 Dec 2014 16:22:18 -0500
Subject: Xi: fix wrong extra length check in ProcXIChangeHierarchy
 (CVE-2017-12178)
--
>From 9c23685009aa96f4b861dcc5d2e01dbee00c4dd9 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb%suse.com@localhost>
Date: Fri, 7 Jul 2017 17:04:03 +0200
Subject: os: Make sure big requests have sufficient length.

A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF.  Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
--
>From b747da5e25be944337a9cd1415506fc06b70aa81 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd%opentext.com@localhost>
Date: Fri, 9 Jan 2015 10:15:46 -0500
Subject: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6 -r1.2 \
    xsrc/external/mit/xorg-server/dist/Xext/panoramiX.c
cvs rdiff -u -r1.1.1.7 -r1.2 xsrc/external/mit/xorg-server/dist/Xext/saver.c
cvs rdiff -u -r1.1.1.1 -r1.2 \
    xsrc/external/mit/xorg-server/dist/Xext/vidmode.c
cvs rdiff -u -r1.1.1.4 -r1.2 xsrc/external/mit/xorg-server/dist/Xext/xres.c
cvs rdiff -u -r1.6 -r1.7 xsrc/external/mit/xorg-server/dist/Xext/xvdisp.c
cvs rdiff -u -r1.1.1.1 -r1.2 \
    xsrc/external/mit/xorg-server/dist/Xi/xibarriers.c
cvs rdiff -u -r1.3 -r1.4 \
    xsrc/external/mit/xorg-server/dist/Xi/xichangehierarchy.c
cvs rdiff -u -r1.3 -r1.4 xsrc/external/mit/xorg-server/dist/dbe/dbe.c
cvs rdiff -u -r1.3 -r1.4 xsrc/external/mit/xorg-server/dist/dix/dispatch.c
cvs rdiff -u -r1.1.1.5 -r1.2 \
    xsrc/external/mit/xorg-server/dist/hw/dmx/dmxpict.c
cvs rdiff -u -r1.1.1.7 -r1.2 \
    xsrc/external/mit/xorg-server/dist/hw/xfree86/common/xf86DGA.c
cvs rdiff -u -r1.1.1.5 -r1.2 \
    xsrc/external/mit/xorg-server/dist/hw/xfree86/dri/xf86dri.c
cvs rdiff -u -r1.1.1.1 -r1.2 \
    xsrc/external/mit/xorg-server/dist/pseudoramiX/pseudoramiX.c
cvs rdiff -u -r1.3 -r1.4 xsrc/external/mit/xorg-server/dist/render/render.c
cvs rdiff -u -r1.1.1.7 -r1.2 \
    xsrc/external/mit/xorg-server/dist/xfixes/cursor.c
cvs rdiff -u -r1.1.1.6 -r1.2 \
    xsrc/external/mit/xorg-server/dist/xfixes/region.c
cvs rdiff -u -r1.1.1.4 -r1.2 \
    xsrc/external/mit/xorg-server/dist/xfixes/saveset.c
cvs rdiff -u -r1.1.1.5 -r1.2 \
    xsrc/external/mit/xorg-server/dist/xfixes/xfixes.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index