Commit Graph

783 Commits

Author SHA1 Message Date
matthieu
05ed5123d1 Security fixes from X.Org Advisory:
X Font Service Protocol & Font metadata file handling issues in libXfont
May 13, 2014

- CVE-2014-0209: integer overflow of allocations in font metadata file parsing

    When a local user who is already authenticated to the X server adds
    a new directory to the font path, the X server calls libXfont to open
    the fonts.dir and fonts.alias files in that directory and add entries
    to the font tables for every line in it.  A large file (~2-4 gb) could
    cause the allocations to overflow, and allow the remaining data read
    from the file to overwrite other memory in the heap.

    Affected functions: FontFileAddEntry(), lexAlias()

- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies

    When parsing replies received from the font server, these calls do not
    check that the lengths and/or indexes returned by the font server are
    within the size of the reply or the bounds of the memory allocated to
    store the data, so could write past the bounds of allocated memory when
    storing the returned data.

    Affected functions: _fs_recv_conn_setup(), fs_read_open_font(),
    fs_read_query_info(), fs_read_extent_info(), fs_read_glyphs(),
    fs_read_list(), fs_read_list_info()

- CVE-2014-0211: integer overflows calculating memory needs for xfs replies

    These calls do not check that their calculations for how much memory
    is needed to handle the returned data have not overflowed, so can
    result in allocating too little memory and then writing the returned
    data past the end of the allocated buffer.

    Affected functions: fs_get_reply(), fs_alloc_glyphs(),
    fs_read_extent_info()

Reported by Ilja van Sprundel of IOActive
Fixes by Alan Coopersmith of Oracle
2014-05-13 19:09:22 +00:00
jsg
7391d4da2b update to libdrm 2.4.54
ok matthieu@
2014-05-13 05:44:06 +00:00
matthieu
3be5e5d5ea Update to libXi 1.7.2.
Tested by ajacoutot@ against gnome.
2014-05-09 19:55:33 +00:00
matthieu
a88567318b Update to libFS 1.0.6. 2014-05-03 19:33:59 +00:00
jsg
3caad18866 sync LLVM_VERSION with the llvm port. 2014-04-20 10:58:20 +00:00
dcoppa
bd97a70148 unbreak: le32toh() is letoh32() here.
ok matthieu@
2014-04-15 10:23:27 +00:00
matthieu
aa0c7c0d3e Update list of xcb libs to build 2014-04-14 19:33:09 +00:00
matthieu
ad0e152808 Import xcb-util-wm 0.4.1 2014-04-14 19:31:46 +00:00
matthieu
bb22f1b693 Update xcb-util-renderutil 0.3.8 2014-04-14 19:30:59 +00:00
matthieu
f5afeffdb0 Import xcb-util-keysyms 0.3.9 2014-04-14 19:30:20 +00:00
matthieu
6f298b56b1 Import xcb-util-image 0.3.9 2014-04-14 19:29:32 +00:00
matthieu
497c9caab2 Import xcb-util-cursor 0.1.1 2014-04-14 19:28:44 +00:00
matthieu
7283b34154 Update xcb-utils to 0.3.9. Tested by naddy@, shadchin@ and ajacoutot@
who I forgot to thank for testing libxcb-1.10 too.
2014-04-14 19:26:35 +00:00
matthieu
778645a09b Update build system and generated files for libxcb 1.10. 2014-04-14 19:20:17 +00:00
matthieu
35be34cf37 Update to xtrans 1.3.4 2014-04-13 11:57:04 +00:00
jsg
41460e9da0 update to libdrm 2.4.53
For us the only code change is some new radeon_drm.h defines
as the xf86drmMode.c change is ifdef __FreeBSD__.
2014-04-11 06:15:17 +00:00
kettenis
de0199f63b Increase the send buffer for UNIX sockets to be at least 64k such that large
sends (for example, XGetImage() replies in the X server) happen at non-glacial
speeds.  Makes Firefox useable again on web pages with large images.  Already
pushed upstream.

ok matthieu@
2014-03-31 12:09:00 +00:00
matthieu
d7ab44da6c Revert previous. This was not part of our local changes and the
commit wasn't approved. The correct fix is in ../../Makefile
2014-03-15 18:09:43 +00:00
matthieu
e95d5fc7c6 Fix freetype-config after update to freetype 2.5.3. reported by nigel@ 2014-03-15 18:02:09 +00:00
dcoppa
ab67cce656 (re)fix freetype-config too.
Spotted by nigel@
2014-03-15 17:27:50 +00:00
jsg
fd836bcc99 update to libdrm 2.4.52
ok matthieu@
2014-03-15 05:05:55 +00:00
dcoppa
c9a482a02a Revert to the freetype2.pc we had before.
There were local changes and I accidentally removed them.

ok matthieu@

Sorry for breaking the xenocara tree!
2014-03-14 20:41:41 +00:00
dcoppa
6842467b3b Security/bugfixing update to freetype-2.5.3, featuring a fix for a
vulnerability in the CFF driver (CVE-2014-2240) and assorted minor
fixes.

ok matthieu@
2014-03-14 08:17:59 +00:00
kettenis
833d4245d3 We don't need the VGA arbiter if direct hardware access has been disabled.
ok matthieu@
2014-02-20 21:29:07 +00:00
matthieu
44a7f0fe9b type1cid.c appears twice in sources lists for no reason. Noticed by miod@ 2014-02-16 08:10:36 +00:00
kettenis
6dbbb49403 If opening /dev/pciN read-write fails, try opening it read-only. This allows
X to run with machdep.allowaperture=0 on inteldrm(4) and radeondrm(4).

ok matthieu@
2014-02-15 09:48:07 +00:00
jsg
b2251fdbcd Mesa 9.2.5 2014-01-19 03:20:40 +00:00
jsg
dbee37c000 Update libdrm to 2.4.51.
ok mpi@ kettenis@
2014-01-18 08:29:32 +00:00
matthieu
02fca8e3e4 Update to freetype 2.5.2.
With help for handling ports breakage from at least landry@, naddy@,
ajacoutot@, jasper@, and dcoppa@. Thanks to all.

Need an up to date /etc/mtree/BSD.x11.dist (from a base system build)
before building.
2014-01-12 15:08:24 +00:00
miod
f4d0252ced m68k needs libGL compiled with -fPIC 2014-01-11 12:39:14 +00:00
matthieu
4d9b427baa Update to libXfont 1.4.7. Include fix for CVE-2013-6462.
unlimited sscanf overflows stack buffer in bdfReadCharacters
2014-01-07 20:42:20 +00:00
matthieu
c5ffd11875 MFC: Use FT_*_H macros instead of including <freetype/*.h>
freetype moved its headers around in 2.5.1.
2014-01-03 13:01:26 +00:00
matthieu
c754a7ad75 Update to libpciacces 0.13.2. 2014-01-03 09:44:24 +00:00
matthieu
27ccb204c3 Remove the atexit() hack from OpenGL drivers
now that atexit() is behaving like on Linux.
ok matthew@, millert@, dcoppa@, miod@
2013-12-30 18:32:47 +00:00
matthieu
4b4a5ac59b regen ChangeLog for pixman 0.32.4
This file is empty in upstreams tarballs. sigh.
2013-12-26 16:13:01 +00:00
matthieu
4db6d49dbc Update to pixman 0.32.4. Tested by naddy@ and ajacoutot@ 2013-12-01 20:34:20 +00:00
jsg
f0c6bb9965 Mesa 9.2.3 2013-11-24 06:23:35 +00:00
kettenis
2748158d08 update to libdrm 2.4.47
ok mpi@, jsg@
2013-11-21 13:30:07 +00:00
jsg
fd926d2624 Mesa 9.2.2 2013-11-09 02:54:53 +00:00
matthieu
d730882b48 Use arc4random() 2013-10-20 12:40:02 +00:00
matthieu
fe7f17ac1e Reduce diff with upstreams. 2013-10-20 12:34:21 +00:00
matthieu
8e0a332fda Update to freetype 2.5.0.1. Tested by many. 2013-10-10 19:49:34 +00:00
jsg
e14706fc9b regen for Mesa 9.2.1 2013-10-05 10:12:54 +00:00
matthieu
f0a97458d0 Update to libXv 1.0.10 2013-09-28 17:51:20 +00:00
matthieu
4624618994 Update to libXrandr 1.4.2 2013-09-28 17:47:01 +00:00
matthieu
aaee18903a Update to libXpm 3.5.11 2013-09-28 17:40:32 +00:00
matthieu
a52fe2326c Update to libXmu 1.1.2 2013-09-28 17:31:50 +00:00
matthieu
640a513825 Update to libXaw 1.0.12 2013-09-28 17:25:07 +00:00
matthieu
8c1effea43 Update to libX11 1.6.2. No API change. 2013-09-28 17:03:13 +00:00
matthieu
50c06b35c5 Update to libSM 1.2.2 2013-09-14 09:23:02 +00:00