CVS commit: [netbsd-7-0] xsrc/external/mit/libX11/dist/src
Module Name:xsrc Committed By: martin Date: Wed Aug 29 07:55:51 UTC 2018 Modified Files: xsrc/external/mit/libX11/dist/src [netbsd-7-0]: FontNames.c GetFPath.c LiHosts.c ListExt.c Log Message: Apply patch, requested by mrg in ticket #1635: xsrc/external/mit/libX11/dist/src/FontNames.c xsrc/external/mit/libX11/dist/src/GetFPath.c xsrc/external/mit/libX11/dist/src/LiHosts.c xsrc/external/mit/libX11/dist/src/ListExt.c Apply fixes from libX11 1.6.5 for the following vulnerabilities: Fixed off-by-one writes (CVE-2018-14599) Validation of server response in XListHosts Fixed out of boundary write (CVE-2018-14600) Fixed crash on invalid reply (CVE-2018-14598) (Backport of upstream git commits b469da1430cdcee06e31c6251b83aede072a1ff0, d81da209fd4d0c2c9ad0596a8078e58864479d0d, dbf72805fd9d7b1846fe9a11b46f3994bfc27fea, e83722768fd5c467ef61fa159e8c6278770b45c2 resp) To generate a diff of this commit: cvs rdiff -u -r1.3.4.1 -r1.3.4.2 \ xsrc/external/mit/libX11/dist/src/FontNames.c \ xsrc/external/mit/libX11/dist/src/ListExt.c cvs rdiff -u -r1.3 -r1.3.4.1 xsrc/external/mit/libX11/dist/src/GetFPath.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.6.1 \ xsrc/external/mit/libX11/dist/src/LiHosts.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/libX11/dist/src/FontNames.c diff -u xsrc/external/mit/libX11/dist/src/FontNames.c:1.3.4.1 xsrc/external/mit/libX11/dist/src/FontNames.c:1.3.4.2 --- xsrc/external/mit/libX11/dist/src/FontNames.c:1.3.4.1 Wed Oct 5 09:42:35 2016 +++ xsrc/external/mit/libX11/dist/src/FontNames.c Wed Aug 29 07:55:51 2018 @@ -86,23 +86,16 @@ int *actualCount) /* RETURN */ /* * unpack into null terminated strings. */ - chend = ch + (rlen + 1); + chend = ch + rlen; length = *(unsigned char *)ch; *ch = 1; /* make sure it is non-zero for XFreeFontNames */ for (i = 0; i < rep.nFonts; i++) { if (ch + length < chend) { flist[i] = ch + 1; /* skip over length */ ch += length + 1; /* find next length ... */ - if (ch <= chend) { - length = *(unsigned char *)ch; - *ch = '\0'; /* and replace with null-termination */ - count++; - } else { -Xfree(flist); -flist = NULL; -count = 0; -break; - } + length = *(unsigned char *)ch; + *ch = '\0'; /* and replace with null-termination */ + count++; } else { Xfree(flist); flist = NULL; Index: xsrc/external/mit/libX11/dist/src/ListExt.c diff -u xsrc/external/mit/libX11/dist/src/ListExt.c:1.3.4.1 xsrc/external/mit/libX11/dist/src/ListExt.c:1.3.4.2 --- xsrc/external/mit/libX11/dist/src/ListExt.c:1.3.4.1 Wed Oct 5 09:42:35 2016 +++ xsrc/external/mit/libX11/dist/src/ListExt.c Wed Aug 29 07:55:51 2018 @@ -74,19 +74,20 @@ char **XListExtensions( /* * unpack into null terminated strings. */ - chend = ch + (rlen + 1); - length = *ch; + chend = ch + rlen; + length = *(unsigned char *)ch; for (i = 0; i < rep.nExtensions; i++) { if (ch + length < chend) { list[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - if (ch <= chend) { - length = *ch; - *ch = '\0'; /* and replace with null-termination */ - count++; - } else { - list[i] = NULL; - } + length = *(unsigned char *)ch; + *ch = '\0'; /* and replace with null-termination */ + count++; + } else if (i == 0) { + Xfree(list); + Xfree(ch); + list = NULL; + break; } else list[i] = NULL; } Index: xsrc/external/mit/libX11/dist/src/GetFPath.c diff -u xsrc/external/mit/libX11/dist/src/GetFPath.c:1.3 xsrc/external/mit/libX11/dist/src/GetFPath.c:1.3.4.1 --- xsrc/external/mit/libX11/dist/src/GetFPath.c:1.3 Sun Mar 16 22:48:34 2014 +++ xsrc/external/mit/libX11/dist/src/GetFPath.c Wed Aug 29 07:55:51 2018 @@ -69,15 +69,20 @@ char **XGetFontPath( /* * unpack into null terminated strings. */ - chend = ch + (nbytes + 1); - length = *ch; + chend = ch + nbytes; + length = *(unsigned char *)ch; for (i = 0; i < rep.nPaths; i++) { if (ch + length < chend) { flist[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - length = *ch; + length = *(unsigned char *)ch; *ch = '\0'; /* and replace with null-termination */ count++; + } else if (i == 0) { + Xfree(flist); + Xfree(ch); + flist = NULL; + break; } else flist[i] = NULL; } Index: xsrc/external/mit/libX11/dist/src/LiHosts.c diff -u xsrc/external/mit/libX11/dist/src/LiHosts.c:1.1.1.5 xsrc/external/mit/libX11/dist/src/LiHosts.c:1.1.1.5.6.1 --- xsrc/external/mit/libX11/dist/src/LiHosts.c:1.1.1.5 Thu May 30 23:04:40 2013 +++
CVS commit: [netbsd-7-0] xsrc/external/mit/libX11/dist/src
Module Name:xsrc Committed By: martin Date: Wed Aug 29 07:55:51 UTC 2018 Modified Files: xsrc/external/mit/libX11/dist/src [netbsd-7-0]: FontNames.c GetFPath.c LiHosts.c ListExt.c Log Message: Apply patch, requested by mrg in ticket #1635: xsrc/external/mit/libX11/dist/src/FontNames.c xsrc/external/mit/libX11/dist/src/GetFPath.c xsrc/external/mit/libX11/dist/src/LiHosts.c xsrc/external/mit/libX11/dist/src/ListExt.c Apply fixes from libX11 1.6.5 for the following vulnerabilities: Fixed off-by-one writes (CVE-2018-14599) Validation of server response in XListHosts Fixed out of boundary write (CVE-2018-14600) Fixed crash on invalid reply (CVE-2018-14598) (Backport of upstream git commits b469da1430cdcee06e31c6251b83aede072a1ff0, d81da209fd4d0c2c9ad0596a8078e58864479d0d, dbf72805fd9d7b1846fe9a11b46f3994bfc27fea, e83722768fd5c467ef61fa159e8c6278770b45c2 resp) To generate a diff of this commit: cvs rdiff -u -r1.3.4.1 -r1.3.4.2 \ xsrc/external/mit/libX11/dist/src/FontNames.c \ xsrc/external/mit/libX11/dist/src/ListExt.c cvs rdiff -u -r1.3 -r1.3.4.1 xsrc/external/mit/libX11/dist/src/GetFPath.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.6.1 \ xsrc/external/mit/libX11/dist/src/LiHosts.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] xsrc/external/mit
Module Name:xsrc Committed By: bouyer Date: Wed Oct 5 09:42:36 UTC 2016 Modified Files: xsrc/external/mit/libX11/dist/src [netbsd-7-0]: FontNames.c GetImage.c ListExt.c ModMap.c xsrc/external/mit/libXfixes/dist/src [netbsd-7-0]: Region.c xsrc/external/mit/libXi/dist/src [netbsd-7-0]: XGMotion.c XGetBMap.c XGetDCtl.c XGetFCtl.c XGetKMap.c XGetMMap.c XIQueryDevice.c XListDev.c XOpenDev.c XQueryDv.c xsrc/external/mit/libXrandr/dist/src [netbsd-7-0]: XrrConfig.c XrrCrtc.c XrrOutput.c XrrProvider.c XrrScreen.c xsrc/external/mit/libXrender/dist/src [netbsd-7-0]: Filter.c Xrender.c xsrc/external/mit/libXtst/dist/src [netbsd-7-0]: XRecord.c xsrc/external/mit/libXv/dist/src [netbsd-7-0]: Xv.c xsrc/external/mit/libXvMC/dist/src [netbsd-7-0]: XvMC.c Log Message: Apply patch, requested my mrg in ticket 1262: xsrc/external/mit/libX11/dist/src/FontNames.c patch xsrc/external/mit/libX11/dist/src/GetImage.cpatch xsrc/external/mit/libX11/dist/src/ListExt.c patch xsrc/external/mit/libX11/dist/src/ModMap.c patch xsrc/external/mit/libXfixes/dist/src/Region.c patch xsrc/external/mit/libXi/dist/src/XGMotion.c patch xsrc/external/mit/libXi/dist/src/XGetBMap.c patch xsrc/external/mit/libXi/dist/src/XGetDCtl.c patch xsrc/external/mit/libXi/dist/src/XGetFCtl.c patch xsrc/external/mit/libXi/dist/src/XGetKMap.c patch xsrc/external/mit/libXi/dist/src/XGetMMap.c patch xsrc/external/mit/libXi/dist/src/XIQueryDevice.cpatch xsrc/external/mit/libXi/dist/src/XListDev.c patch xsrc/external/mit/libXi/dist/src/XOpenDev.c patch xsrc/external/mit/libXi/dist/src/XQueryDv.c patch xsrc/external/mit/libXrandr/dist/src/XrrConfig.cpatch xsrc/external/mit/libXrandr/dist/src/XrrCrtc.c patch xsrc/external/mit/libXrandr/dist/src/XrrOutput.cpatch xsrc/external/mit/libXrandr/dist/src/XrrProvider.c patch xsrc/external/mit/libXrandr/dist/src/XrrScreen.cpatch xsrc/external/mit/libXrender/dist/src/Filter.c patch xsrc/external/mit/libXrender/dist/src/Xrender.c patch xsrc/external/mit/libXtst/dist/src/XRecord.cpatch xsrc/external/mit/libXv/dist/src/Xv.c patch xsrc/external/mit/libXvMC/dist/src/XvMC.c patch Fix (backported from upstream) the following issues in X client libraries: libX11 - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()). Affected versions libX11 <= 1.6.3 libXfixes - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures. Affected versions : libXfixes <= 5.0.2 libXi - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). Affected versions libXi <= 1.7.6 libXrandr - insufficient validation of data from the X server can cause out of boundary memory writes. Affected versions: libXrandr <= 1.5.0 libXrender - insufficient validation of data from the X server can cause out of boundary memory writes. Affected version: libXrender <= 0.9.9 XRecord - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). Affected version libXtst <= 1.2.2 libXv - insufficient validation of data from the X server can cause out of boundary memory and memory corruption. CVE-2016-5407 affected versions libXv <= 1.0.10 libXvMC - insufficient validation of data from the X server can cause a one byte buffer read underrun. Affected versions: libXvMC <= 1.0.9 To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.3.4.1 xsrc/external/mit/libX11/dist/src/FontNames.c \ xsrc/external/mit/libX11/dist/src/ListExt.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.6.1 \ xsrc/external/mit/libX11/dist/src/GetImage.c cvs rdiff -u -r1.4 -r1.4.4.1 xsrc/external/mit/libX11/dist/src/ModMap.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.6.1 \ xsrc/external/mit/libXfixes/dist/src/Region.c cvs rdiff -u -r1.3 -r1.3.4.1 xsrc/external/mit/libXi/dist/src/XGMotion.c \ xsrc/external/mit/libXi/dist/src/XGetDCtl.c \ xsrc/external/mit/libXi/dist/src/XListDev.c \ xsrc/external/mit/libXi/dist/src/XQueryDv.c cvs rdiff -u -r1.2 -r1.2.6.1 xsrc/external/mit/libXi/dist/src/XGetBMap.c cvs rdiff -u -r1.4 -r1.4.4.1 xsrc/external/mit/libXi/dist/src/XGetFCtl.c cvs rdiff -u -r1.1.1.4
CVS commit: [netbsd-7-0] xsrc/external/mit
Module Name:xsrc Committed By: bouyer Date: Wed Oct 5 09:42:36 UTC 2016 Modified Files: xsrc/external/mit/libX11/dist/src [netbsd-7-0]: FontNames.c GetImage.c ListExt.c ModMap.c xsrc/external/mit/libXfixes/dist/src [netbsd-7-0]: Region.c xsrc/external/mit/libXi/dist/src [netbsd-7-0]: XGMotion.c XGetBMap.c XGetDCtl.c XGetFCtl.c XGetKMap.c XGetMMap.c XIQueryDevice.c XListDev.c XOpenDev.c XQueryDv.c xsrc/external/mit/libXrandr/dist/src [netbsd-7-0]: XrrConfig.c XrrCrtc.c XrrOutput.c XrrProvider.c XrrScreen.c xsrc/external/mit/libXrender/dist/src [netbsd-7-0]: Filter.c Xrender.c xsrc/external/mit/libXtst/dist/src [netbsd-7-0]: XRecord.c xsrc/external/mit/libXv/dist/src [netbsd-7-0]: Xv.c xsrc/external/mit/libXvMC/dist/src [netbsd-7-0]: XvMC.c Log Message: Apply patch, requested my mrg in ticket 1262: xsrc/external/mit/libX11/dist/src/FontNames.c patch xsrc/external/mit/libX11/dist/src/GetImage.cpatch xsrc/external/mit/libX11/dist/src/ListExt.c patch xsrc/external/mit/libX11/dist/src/ModMap.c patch xsrc/external/mit/libXfixes/dist/src/Region.c patch xsrc/external/mit/libXi/dist/src/XGMotion.c patch xsrc/external/mit/libXi/dist/src/XGetBMap.c patch xsrc/external/mit/libXi/dist/src/XGetDCtl.c patch xsrc/external/mit/libXi/dist/src/XGetFCtl.c patch xsrc/external/mit/libXi/dist/src/XGetKMap.c patch xsrc/external/mit/libXi/dist/src/XGetMMap.c patch xsrc/external/mit/libXi/dist/src/XIQueryDevice.cpatch xsrc/external/mit/libXi/dist/src/XListDev.c patch xsrc/external/mit/libXi/dist/src/XOpenDev.c patch xsrc/external/mit/libXi/dist/src/XQueryDv.c patch xsrc/external/mit/libXrandr/dist/src/XrrConfig.cpatch xsrc/external/mit/libXrandr/dist/src/XrrCrtc.c patch xsrc/external/mit/libXrandr/dist/src/XrrOutput.cpatch xsrc/external/mit/libXrandr/dist/src/XrrProvider.c patch xsrc/external/mit/libXrandr/dist/src/XrrScreen.cpatch xsrc/external/mit/libXrender/dist/src/Filter.c patch xsrc/external/mit/libXrender/dist/src/Xrender.c patch xsrc/external/mit/libXtst/dist/src/XRecord.cpatch xsrc/external/mit/libXv/dist/src/Xv.c patch xsrc/external/mit/libXvMC/dist/src/XvMC.c patch Fix (backported from upstream) the following issues in X client libraries: libX11 - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()). Affected versions libX11 <= 1.6.3 libXfixes - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures. Affected versions : libXfixes <= 5.0.2 libXi - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). Affected versions libXi <= 1.7.6 libXrandr - insufficient validation of data from the X server can cause out of boundary memory writes. Affected versions: libXrandr <= 1.5.0 libXrender - insufficient validation of data from the X server can cause out of boundary memory writes. Affected version: libXrender <= 0.9.9 XRecord - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). Affected version libXtst <= 1.2.2 libXv - insufficient validation of data from the X server can cause out of boundary memory and memory corruption. CVE-2016-5407 affected versions libXv <= 1.0.10 libXvMC - insufficient validation of data from the X server can cause a one byte buffer read underrun. Affected versions: libXvMC <= 1.0.9 To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.3.4.1 xsrc/external/mit/libX11/dist/src/FontNames.c \ xsrc/external/mit/libX11/dist/src/ListExt.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.6.1 \ xsrc/external/mit/libX11/dist/src/GetImage.c cvs rdiff -u -r1.4 -r1.4.4.1 xsrc/external/mit/libX11/dist/src/ModMap.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.6.1 \ xsrc/external/mit/libXfixes/dist/src/Region.c cvs rdiff -u -r1.3 -r1.3.4.1 xsrc/external/mit/libXi/dist/src/XGMotion.c \ xsrc/external/mit/libXi/dist/src/XGetDCtl.c \ xsrc/external/mit/libXi/dist/src/XListDev.c \ xsrc/external/mit/libXi/dist/src/XQueryDv.c cvs rdiff -u -r1.2 -r1.2.6.1 xsrc/external/mit/libXi/dist/src/XGetBMap.c cvs rdiff -u -r1.4 -r1.4.4.1 xsrc/external/mit/libXi/dist/src/XGetFCtl.c cvs rdiff -u -r1.1.1.4