Commit Graph

62 Commits

Author SHA1 Message Date
matthieu
89e55bbf5a Validation of server responses in XGetImage()
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 14:58:26 +00:00
matthieu
bd2560e2ec The validation of server responses avoids out of boundary accesses.
From Tobias Stoeckmann / Xorg Securiry adrvisory Oct 4, 2016.
2016-10-04 14:56:37 +00:00
okan
27f67406f3 Remove support vax and XENOCARA_HAVE_SHARED_LIBS scaffolding.
ok matthieu@
2016-03-11 13:09:42 +00:00
matthieu
8252bb00ee update to libX11 1.6.3 2015-04-06 20:57:55 +00:00
matthieu
936b4cf06e Fix bad merges. 2015-01-01 17:37:52 +00:00
schwarze
01412a19db fix wrong name in .TH, NAME, and SYNOPSIS (obviously bad pastos...)
ok matthieu@
2014-12-09 09:29:52 +00:00
matthieu
8c1effea43 Update to libX11 1.6.2. No API change. 2013-09-28 17:03:13 +00:00
matthieu
ce84febd9d Update to libX11 1.6.1. 2013-08-26 19:57:22 +00:00
matthieu
acee5d3c07 Repair guenther's damage that I didn't ok. 2013-08-13 18:52:10 +00:00
guenther
426afb6384 Bump major on libX11-xcb to match the 64bit time_t change 2013-08-13 08:01:13 +00:00
guenther
b5bb12998e Bump the major on every single base library. There are a couple
not bumped by this that will be corrected soon.

heavy lifting by todd@
2013-08-13 07:07:07 +00:00
matthieu
4b8a5f471a Update to libX11 1.6.0 2013-06-04 03:19:34 +00:00
matthieu
9573aeb427 Update to libX11 1.5.99.902 aka 1.6rc2 2013-05-31 21:17:09 +00:00
matthieu
52f6d0ba20 Merge upstream fixes for several X libs vulnerabilities
discovered by Ilja van Sprundel.

CVE-2013-1981 X.org libX11 1.5.99.901 (1.6 RC1) integer overflows
CVE-2013-1982 X.org libXext 1.3.1 integer overflows
CVE-2013-1983 X.org libXfixes 5.0 integer overflows
CVE-2013-1984 X.org libXi 1.7.1 integer overflows
CVE-2013-1985 X.org libXinerama 1.1.2 integer overflows
CVE-2013-1986 X.org libXrandr 1.4.0 integer overflows
CVE-2013-1987 X.org libXrender 0.9.7 integer overflows
CVE-2013-1988 X.org libXRes 1.0.6 integer overflows
CVE-2013-1989 X.org libXv 1.0.7 integer overflows
CVE-2013-1990 X.org libXvMC 1.0.7 integer overflows
CVE-2013-1991 X.org libXxf86dga 1.1.3 integer overflows
CVE-2013-1992 X.org libdmx 1.1.2 integer overflows
CVE-2013-1994 X.org libchromeXvMC & libchromeXvMCPro in openChrome
0.3.2 integer overflows
CVE-2013-1995 X.org libXi 1.7.1 sign extension issues
CVE-2013-1996 X.org libFS 1.0.4 sign extension issues
CVE-2013-1997 X.org libX11 1.5.99.901 (1.6 RC1) buffer overflows
CVE-2013-1998 X.org libXi 1.7.1 buffer overflows
CVE-2013-1999 X.org libXvMC 1.0.7 buffer overflows
CVE-2013-2000 X.org libXxf86dga 1.1.3 buffer overflows
CVE-2013-2001 X.org libXxf86vm 1.1.2 buffer overflows
CVE-2013-2002 X.org libXt 1.1.3 buffer overflows
CVE-2013-2003 X.org libXcursor 1.1.13 integer overflows
CVE-2013-2004 X.org libX11 1.5.99.901 (1.6 RC1) unbounded recursion
CVE-2013-2005 X.org libXt 1.1.3 memory corruption
CVE-2013-2066 X.org libXv 1.0.7 buffer overflows
2013-05-23 22:42:07 +00:00
matthieu
f2c99c06c2 Update to libX11 1.6RC. No bump needed. 2013-04-28 16:55:55 +00:00
matthieu
be4020d279 Update to libX11 1.5.0 2012-06-11 19:18:54 +00:00
matthieu
08ecf5f3a3 Upate to libX11 1.5rc1. Tested by krw@, mpi@, shadchin@. 2012-03-27 19:19:37 +00:00
matthieu
f476ec5831 Fix _Xthr_once_stub_() to call the init routine for each different id.
With tweaks from and ok ariane@
2011-09-19 20:21:37 +00:00
matthieu
5577d754a3 Update to libX11 1.4.4. Tested by ajacoutot@, shadchin@. 2011-08-27 15:34:14 +00:00
dcoppa
651d3577d4 Fix libpthread linkage
OK matthieu@
2011-07-14 12:33:19 +00:00
matthieu
8cc0378bfd Update to libX11 1.4.3 which was released during the 1.4.2 tests.
Mostly churn in the doc build system, which is disabled on Xenocara
for now.
2011-05-30 20:52:47 +00:00
matthieu
d6643088f7 those files were added by mistake. remove them 2011-05-30 20:48:00 +00:00
matthieu
857c658f08 Update to libx11 1.4.2. Tested by ajacoutot@, jasper@ krw@, landry@,
shadchin@ on various architectures.
Bump major.
2011-05-30 19:19:29 +00:00
matthieu
7ae39052df xcb is no longer optional. 2011-03-08 20:48:59 +00:00
matthieu
54c946e7c3 Explicitely disable groff. 2010-10-22 19:50:32 +00:00
matthieu
502b62f99f Update to libX11 1.3.6.
Tested by ajacoutot@, jasper@ and krw@.
2010-10-05 19:50:57 +00:00
matthieu
a6c32b4cbf Add 2 missed files in previous update to libX11 1.3.5. 2010-09-04 10:36:30 +00:00
matthieu
6c940574a9 Update to libX11 1.3.5 2010-09-04 10:33:11 +00:00
matthieu
71cc7797d8 Disable the compose cache code.
It can't be used without proper libc locale support.
2010-06-01 05:26:44 +00:00
matthieu
aa3c9f9344 Update to libX11 1.3.3. Tested on a bulk ports build by naddy@. 2010-05-18 19:37:28 +00:00
matthieu
7edc2b5a56 Enable XCB on architectures with shared libs.
requested by sthen@.
2009-08-04 15:45:41 +00:00
matthieu
1793e9a798 Fix building without xcb. Found by david@. Thanks. 2009-06-04 16:36:07 +00:00
matthieu
72b4e41b8f if XENOCARA_BUILD_XCB is set, build the XCB version of libX11. 2009-06-04 00:13:56 +00:00
matthieu
be2770bef1 Use XENOCARA_HAVE_SHARED_LIBS from bsd.xconf.mk instead of hard-coding
the list here.
2009-06-03 23:56:07 +00:00
matthieu
8bb5fd8a8f update to libX11 1.2.1 2009-05-03 12:59:09 +00:00
matthieu
8d46f8e4f0 Update to libX11 1.1.4. I've carefully checked that there's no API/ABI
change in this version. Only small bug fixes, manual page fixes and
some more data in the i18n tables.
2008-06-11 20:55:41 +00:00
matthieu
f01cdd7229 - actually zero the memory returned by realloc().
- set the return value for the pthread_once() stub.
2008-06-10 22:01:31 +00:00
oga
eb88ad3f01 Include stdlib.h so we have the prototype for realloc. This means that we don't
assume realloc returns an int. This causes problems...

This took me hours to find.

Ok matthieu@.
2008-06-10 21:24:16 +00:00
matthieu
42f2fadde6 pthread_key_create(3) explicitely says that the value associated
with a new key is NULL. So set the allocated memory to zero.
2008-04-17 20:25:05 +00:00
matthieu
08aaed925b - get rid of recalloc() that got introduced here.
- while there fix the computation of the new allocated size.
Issue reported by naddy@, ok naddy@.
2008-03-30 15:54:33 +00:00
naddy
e4bcb354a2 Fix segfaults if you use XDM-AUTHORIZATION-1 authorization keys for
remote X11 clients over IPv6.  ok matthieu@
2008-03-18 15:50:38 +00:00
matthieu
7830df18ed Regen with autoconf 2.59-p2, with AM_SANITY check zapped. 2008-03-15 18:08:24 +00:00
miod
c6e9e7751a Disable loadable cursor on m88k systems (no shared libraries). 2008-02-14 20:28:10 +00:00
matthieu
bfba922c91 Re-enable pthread support in libGL, by providing proper weak stubs in
libX11 (together with other pthread stubs, already there for libX11).
ok kurt@, art@, kettenis@
2007-11-26 15:10:19 +00:00
matthieu
5f86a80368 Merge libX11 1.1.3
bump major
2007-09-30 10:35:10 +00:00
matthieu
a72daf0a1a libX11 1.1.3 2007-09-30 10:11:57 +00:00
matthieu
8370179c25 regen 2007-07-29 10:50:16 +00:00
matthieu
930101c636 regen with libtool 1.5.22p10 and metaauto 0.7 2007-04-14 20:44:09 +00:00
todd
d943586aca libX11 CVE-2007-1667
Multiple integer overflows in the XGetPixel() and XInitImage functions
in ImUtil.c

from matthieu@
2007-04-04 02:52:41 +00:00
matthieu
77cb7f251b Revert local debug stuff that wasn't meant to be committed. 2007-03-25 13:22:40 +00:00