Commit Graph

27 Commits

Author SHA1 Message Date
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
matthieu
26cabdb32f Validate lengths while parsing server data.
Individual lengths inside received server data can overflow
the previously reserved memory.

It is therefore important to validate every single length
field to not overflow the previously agreed sum of all invidual
length fields.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:05:13 +00:00
matthieu
9f957a9f79 Avoid OOB write in XRenderQueryFilters
The memory for filter names is reserved right after receiving the reply.
After that, filters are iterated and each individual filter name is
stored in that reserved memory.

The individual name lengths are not checked for validity, which means
that a malicious server can reserve less memory than it will write to
during each iteration.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:03:48 +00:00
matthieu
5a65a1959d Update to libXrender 0.9.9 2015-05-10 09:25:49 +00:00
guenther
b5bb12998e Bump the major on every single base library. There are a couple
not bumped by this that will be corrected soon.

heavy lifting by todd@
2013-08-13 07:07:07 +00:00
matthieu
6f80097364 Update to libXrender 0.9.8. 2013-06-14 21:35:39 +00:00
matthieu
52f6d0ba20 Merge upstream fixes for several X libs vulnerabilities
discovered by Ilja van Sprundel.

CVE-2013-1981 X.org libX11 1.5.99.901 (1.6 RC1) integer overflows
CVE-2013-1982 X.org libXext 1.3.1 integer overflows
CVE-2013-1983 X.org libXfixes 5.0 integer overflows
CVE-2013-1984 X.org libXi 1.7.1 integer overflows
CVE-2013-1985 X.org libXinerama 1.1.2 integer overflows
CVE-2013-1986 X.org libXrandr 1.4.0 integer overflows
CVE-2013-1987 X.org libXrender 0.9.7 integer overflows
CVE-2013-1988 X.org libXRes 1.0.6 integer overflows
CVE-2013-1989 X.org libXv 1.0.7 integer overflows
CVE-2013-1990 X.org libXvMC 1.0.7 integer overflows
CVE-2013-1991 X.org libXxf86dga 1.1.3 integer overflows
CVE-2013-1992 X.org libdmx 1.1.2 integer overflows
CVE-2013-1994 X.org libchromeXvMC & libchromeXvMCPro in openChrome
0.3.2 integer overflows
CVE-2013-1995 X.org libXi 1.7.1 sign extension issues
CVE-2013-1996 X.org libFS 1.0.4 sign extension issues
CVE-2013-1997 X.org libX11 1.5.99.901 (1.6 RC1) buffer overflows
CVE-2013-1998 X.org libXi 1.7.1 buffer overflows
CVE-2013-1999 X.org libXvMC 1.0.7 buffer overflows
CVE-2013-2000 X.org libXxf86dga 1.1.3 buffer overflows
CVE-2013-2001 X.org libXxf86vm 1.1.2 buffer overflows
CVE-2013-2002 X.org libXt 1.1.3 buffer overflows
CVE-2013-2003 X.org libXcursor 1.1.13 integer overflows
CVE-2013-2004 X.org libX11 1.5.99.901 (1.6 RC1) unbounded recursion
CVE-2013-2005 X.org libXt 1.1.3 memory corruption
CVE-2013-2066 X.org libXv 1.0.7 buffer overflows
2013-05-23 22:42:07 +00:00
matthieu
26866f3012 Regen with util-macros 1.17. Fixes configure on landisk (and probably the
other gcc3 architectures).
2012-03-14 11:24:40 +00:00
matthieu
14550f95a6 update to libXrender 0.9.7 2012-03-10 14:33:10 +00:00
matthieu
7da8b0321b update to libXrender 0.9.6 2010-07-17 15:28:21 +00:00
matthieu
a5210f52a0 missed files in libXrender 0.9.5 update. 2009-10-31 18:42:41 +00:00
matthieu
e03850b02d update to libXrender 0.9.5 2009-10-31 18:41:19 +00:00
matthieu
7830df18ed Regen with autoconf 2.59-p2, with AM_SANITY check zapped. 2008-03-15 18:08:24 +00:00
matthieu
6261cdbe9e merge libXrender 0.9.4 2007-09-30 07:51:53 +00:00
matthieu
d4ca04b2e7 libXrender 0.9.4 2007-09-30 07:47:05 +00:00
matthieu
8370179c25 regen 2007-07-29 10:50:16 +00:00
matthieu
930101c636 regen with libtool 1.5.22p10 and metaauto 0.7 2007-04-14 20:44:09 +00:00
matthieu
00a847b3f8 regen with libtool 1.5.22p9 2007-03-25 13:02:54 +00:00
matthieu
6637a9a36e regen with automake 1.9.6p2 2007-03-18 22:29:12 +00:00
matthieu
5954aa6578 regen 2007-03-15 23:28:08 +00:00
matthieu
854f5def06 Bump major of shared libs that depend on libX11 (which already got bumped).
ok todd@
2007-03-15 23:00:47 +00:00
matthieu
cd9eb53273 regen 2006-11-28 19:02:33 +00:00
matthieu
b6a46a2b93 Try to prevent endless regeneration of Makefile.in caused to RCS Id expansion. 2006-11-28 11:48:11 +00:00
matthieu
882dc8459e regenerate with OpenBSD autotools 2006-11-27 12:40:38 +00:00
matthieu
e5ca1d526f regen with OpenBSD autotools 2006-11-26 13:42:42 +00:00
matthieu
ab5c078d6e Build infrastructure for lib 2006-11-26 12:07:34 +00:00
matthieu
bb1ca95773 import from X.Org 7.2RC1 2006-11-25 17:54:58 +00:00