[X2Go-Commits] [nx-libs] 02/02: Security fixes: X.Org CVE-2014-8099:
git-admin at x2go.org
git-admin at x2go.org
Tue Jun 2 18:44:28 CEST 2015
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch 3.5.0.x
in repository nx-libs.
commit dd9d54ad1e29fd3e9a304a9538c5204a839ab211
Author: Mihai Moldovan <ionic at ionic.de>
Date: Tue Jun 2 18:38:59 2015 +0200
Security fixes: X.Org CVE-2014-8099:
v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo)
v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
Changes:
- 1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch
---
debian/changelog | 6 +
...ted-lengths-in-XVideo-extension-swap.full.patch | 169 +++++++++++++++++++-
2 files changed, 170 insertions(+), 5 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3201670..db70137 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -181,6 +181,12 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low
v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
Changes:
+ 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
+ * Security fixes:
+ - X.Org CVE-2014-8099:
+ v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo)
+ v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
+ Changes:
+ + 1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch
[ Bernard Cafarelli ]
* nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'.
diff --git a/debian/patches/1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch b/debian/patches/1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch
index 1d458a7..73e0ac6 100644
--- a/debian/patches/1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch
+++ b/debian/patches/1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch
@@ -5,6 +5,8 @@ Subject: [PATCH 26/40] Xv: unvalidated lengths in XVideo extension swapped
procs [CVE-2014-8099]
v2: backport to nx-libs 3.6.x (Mike DePaulo)
+v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo)
+v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
@@ -15,8 +17,6 @@ Conflicts:
nx-X11/programs/Xserver/Xext/xvdisp.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
-diff --git a/nx-X11/programs/Xserver/Xext/xvdisp.c b/nx-X11/programs/Xserver/Xext/xvdisp.c
-index 21ab0b6..b361c0f 100644
--- a/nx-X11/programs/Xserver/Xext/xvdisp.c
+++ b/nx-X11/programs/Xserver/Xext/xvdisp.c
@@ -1347,6 +1347,7 @@ SProcXvQueryExtension(ClientPtr client)
@@ -179,6 +179,165 @@ index 21ab0b6..b361c0f 100644
swaps(&stuff->length, n);
swapl(&stuff->port, n);
return ProcXvListImageFormats(client);
---
-2.1.4
-
+--- a/nx-X11/programs/Xserver/hw/nxagent/NXxvdisp.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/NXxvdisp.c
+@@ -1423,6 +1423,7 @@ SProcXvQueryExtension(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvQueryExtensionReq);
++ REQUEST_SIZE_MATCH(xvQueryExtensionReq);
+ swaps(&stuff->length, n);
+ return ProcXvQueryExtension(client);
+ }
+@@ -1432,6 +1433,7 @@ SProcXvQueryAdaptors(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvQueryAdaptorsReq);
++ REQUEST_SIZE_MATCH(xvQueryAdaptorsReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->window, n);
+ return ProcXvQueryAdaptors(client);
+@@ -1442,6 +1444,7 @@ SProcXvQueryEncodings(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvQueryEncodingsReq);
++ REQUEST_SIZE_MATCH(xvQueryEncodingsReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ return ProcXvQueryEncodings(client);
+@@ -1452,6 +1455,7 @@ SProcXvGrabPort(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvGrabPortReq);
++ REQUEST_SIZE_MATCH(xvGrabPortReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->time, n);
+@@ -1463,6 +1467,7 @@ SProcXvUngrabPort(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvUngrabPortReq);
++ REQUEST_SIZE_MATCH(xvUngrabPortReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->time, n);
+@@ -1474,6 +1479,7 @@ SProcXvPutVideo(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvPutVideoReq);
++ REQUEST_SIZE_MATCH(xvPutVideoReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->drawable, n);
+@@ -1494,6 +1500,7 @@ SProcXvPutStill(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvPutStillReq);
++ REQUEST_SIZE_MATCH(xvPutStillReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->drawable, n);
+@@ -1514,6 +1521,7 @@ SProcXvGetVideo(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvGetVideoReq);
++ REQUEST_SIZE_MATCH(xvGetVideoReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->drawable, n);
+@@ -1534,6 +1542,7 @@ SProcXvGetStill(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvGetStillReq);
++ REQUEST_SIZE_MATCH(xvGetStillReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->drawable, n);
+@@ -1554,6 +1563,7 @@ SProcXvPutImage(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvPutImageReq);
++ REQUEST_AT_LEAST_SIZE(xvPutImageReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->drawable, n);
+@@ -1578,6 +1588,7 @@ SProcXvShmPutImage(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvShmPutImageReq);
++ REQUEST_SIZE_MATCH(xvShmPutImageReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->drawable, n);
+@@ -1605,6 +1616,7 @@ SProcXvSelectVideoNotify(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvSelectVideoNotifyReq);
++ REQUEST_SIZE_MATCH(xvSelectVideoNotifyReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->drawable, n);
+ return ProcXvSelectVideoNotify(client);
+@@ -1615,6 +1627,7 @@ SProcXvSelectPortNotify(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvSelectPortNotifyReq);
++ REQUEST_SIZE_MATCH(xvSelectPortNotifyReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ return ProcXvSelectPortNotify(client);
+@@ -1625,6 +1638,7 @@ SProcXvStopVideo(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvStopVideoReq);
++ REQUEST_SIZE_MATCH(xvStopVideoReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->drawable, n);
+@@ -1636,6 +1650,7 @@ SProcXvSetPortAttribute(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvSetPortAttributeReq);
++ REQUEST_SIZE_MATCH(xvSetPortAttributeReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->attribute, n);
+@@ -1647,6 +1662,7 @@ SProcXvGetPortAttribute(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvGetPortAttributeReq);
++ REQUEST_SIZE_MATCH(xvGetPortAttributeReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swapl(&stuff->attribute, n);
+@@ -1658,6 +1674,7 @@ SProcXvQueryBestSize(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvQueryBestSizeReq);
++ REQUEST_SIZE_MATCH(xvQueryBestSizeReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ swaps(&stuff->vid_w, n);
+@@ -1672,6 +1689,7 @@ SProcXvQueryPortAttributes(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvQueryPortAttributesReq);
++ REQUEST_SIZE_MATCH(xvQueryPortAttributesReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ return ProcXvQueryPortAttributes(client);
+@@ -1682,6 +1700,7 @@ SProcXvQueryImageAttributes(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvQueryImageAttributesReq);
++ REQUEST_SIZE_MATCH(xvQueryImageAttributesReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->id, n);
+ swaps(&stuff->width, n);
+@@ -1694,6 +1713,7 @@ SProcXvListImageFormats(ClientPtr client)
+ {
+ register char n;
+ REQUEST(xvListImageFormatsReq);
++ REQUEST_SIZE_MATCH(xvListImageFormatsReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->port, n);
+ return ProcXvListImageFormats(client);
--
Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
More information about the x2go-commits
mailing list