The branch, build-baikal has been updated via 55a9311fb1df3b58f73efa575318e7341243392b (commit) from aefdef62fc10335a94cbc5bf3cb86b24c8bc1c9f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: nx-X11/CHANGELOG | 8 ++++++++ nx-X11/CHANGELOG.NX.original | 8 ++++++++ nx-X11/programs/Xserver/fb/fbtrap.c | 3 +++ .../Xserver/fb/{fbtrap.c => fbtrap.c.NX.original} | 3 +++ .../Xserver/fb/{fbtrap.c => fbtrap.c.X.original} | 0 nx-X11/programs/Xserver/os/utils.c | 13 +++++++++++++ nx-X11/programs/Xserver/os/utils.c.NX.original | 13 +++++++++++++ nx-X11/programs/Xserver/render/renderedge.c | 1 + .../{renderedge.c => renderedge.c.NX.original} | 1 + .../{renderedge.c => renderedge.c.X.original} | 0 10 files changed, 50 insertions(+) copy nx-X11/programs/Xserver/fb/{fbtrap.c => fbtrap.c.NX.original} (99%) copy nx-X11/programs/Xserver/fb/{fbtrap.c => fbtrap.c.X.original} (100%) copy nx-X11/programs/Xserver/render/{renderedge.c => renderedge.c.NX.original} (99%) copy nx-X11/programs/Xserver/render/{renderedge.c => renderedge.c.X.original} (100%) The diff of changes is: diff --git a/nx-X11/CHANGELOG b/nx-X11/CHANGELOG index 800eb02..a6c169d 100644 --- a/nx-X11/CHANGELOG +++ b/nx-X11/CHANGELOG @@ -1,5 +1,13 @@ ChangeLog: +nx-X11-3.3.0-5 + +- Fixed TR01G02163. Signals need to be blocked before the call to + fork() in the Popen() utility. + +- Fixed TR01G02164. Trapezoid data need to be validated before use. + This issue was the same of CVE-2007-2437. + nx-X11-3.3.0-4 - Enabled the code resetting the Xlib buffer if an IO error occured. diff --git a/nx-X11/CHANGELOG.NX.original b/nx-X11/CHANGELOG.NX.original index 800eb02..a6c169d 100644 --- a/nx-X11/CHANGELOG.NX.original +++ b/nx-X11/CHANGELOG.NX.original @@ -1,5 +1,13 @@ ChangeLog: +nx-X11-3.3.0-5 + +- Fixed TR01G02163. Signals need to be blocked before the call to + fork() in the Popen() utility. + +- Fixed TR01G02164. Trapezoid data need to be validated before use. + This issue was the same of CVE-2007-2437. + nx-X11-3.3.0-4 - Enabled the code resetting the Xlib buffer if an IO error occured. diff --git a/nx-X11/programs/Xserver/fb/fbtrap.c b/nx-X11/programs/Xserver/fb/fbtrap.c index 39483d8..1940bc2 100644 --- a/nx-X11/programs/Xserver/fb/fbtrap.c +++ b/nx-X11/programs/Xserver/fb/fbtrap.c @@ -115,6 +115,9 @@ fbRasterizeTrapezoid (PicturePtr pPicture, RenderEdge l, r; xFixed t, b; + if (!xTrapezoidValid (trap)) + return; + fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff); width = pPicture->pDrawable->width; diff --git a/nx-X11/programs/Xserver/fb/fbtrap.c b/nx-X11/programs/Xserver/fb/fbtrap.c.NX.original similarity index 99% copy from nx-X11/programs/Xserver/fb/fbtrap.c copy to nx-X11/programs/Xserver/fb/fbtrap.c.NX.original index 39483d8..1940bc2 100644 --- a/nx-X11/programs/Xserver/fb/fbtrap.c +++ b/nx-X11/programs/Xserver/fb/fbtrap.c.NX.original @@ -115,6 +115,9 @@ fbRasterizeTrapezoid (PicturePtr pPicture, RenderEdge l, r; xFixed t, b; + if (!xTrapezoidValid (trap)) + return; + fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff); width = pPicture->pDrawable->width; diff --git a/nx-X11/programs/Xserver/fb/fbtrap.c b/nx-X11/programs/Xserver/fb/fbtrap.c.X.original similarity index 100% copy from nx-X11/programs/Xserver/fb/fbtrap.c copy to nx-X11/programs/Xserver/fb/fbtrap.c.X.original diff --git a/nx-X11/programs/Xserver/os/utils.c b/nx-X11/programs/Xserver/os/utils.c index c806621..104ff86 100644 --- a/nx-X11/programs/Xserver/os/utils.c +++ b/nx-X11/programs/Xserver/os/utils.c @@ -1847,12 +1847,19 @@ Popen(char *command, char *type) if (OsVendorStartRedirectErrorFProc != NULL) { OsVendorStartRedirectErrorFProc(); } + OsBlockSignals (); #endif switch (pid = fork()) { case -1: /* error */ close(pdes[0]); close(pdes[1]); xfree(cur); +#ifdef NX_TRANS_EXIT + if (OsVendorEndRedirectErrorFProc != NULL) { + OsVendorEndRedirectErrorFProc(); + } + OsReleaseSignals (); +#endif return NULL; case 0: /* child */ if (setgid(getgid()) == -1) @@ -1917,12 +1924,18 @@ Popen(char *command, char *type) #endif + #ifdef NX_TRANS_EXIT + OsReleaseSignals (); + #endif + execl("/bin/sh", "sh", "-c", command, (char *)NULL); _exit(127); } +#ifndef NX_TRANS_EXIT /* Avoid EINTR during stdio calls */ OsBlockSignals (); +#endif /* parent */ if (*type == 'r') { diff --git a/nx-X11/programs/Xserver/os/utils.c.NX.original b/nx-X11/programs/Xserver/os/utils.c.NX.original index c806621..104ff86 100644 --- a/nx-X11/programs/Xserver/os/utils.c.NX.original +++ b/nx-X11/programs/Xserver/os/utils.c.NX.original @@ -1847,12 +1847,19 @@ Popen(char *command, char *type) if (OsVendorStartRedirectErrorFProc != NULL) { OsVendorStartRedirectErrorFProc(); } + OsBlockSignals (); #endif switch (pid = fork()) { case -1: /* error */ close(pdes[0]); close(pdes[1]); xfree(cur); +#ifdef NX_TRANS_EXIT + if (OsVendorEndRedirectErrorFProc != NULL) { + OsVendorEndRedirectErrorFProc(); + } + OsReleaseSignals (); +#endif return NULL; case 0: /* child */ if (setgid(getgid()) == -1) @@ -1917,12 +1924,18 @@ Popen(char *command, char *type) #endif + #ifdef NX_TRANS_EXIT + OsReleaseSignals (); + #endif + execl("/bin/sh", "sh", "-c", command, (char *)NULL); _exit(127); } +#ifndef NX_TRANS_EXIT /* Avoid EINTR during stdio calls */ OsBlockSignals (); +#endif /* parent */ if (*type == 'r') { diff --git a/nx-X11/programs/Xserver/render/renderedge.c b/nx-X11/programs/Xserver/render/renderedge.c index b403194..f095038 100644 --- a/nx-X11/programs/Xserver/render/renderedge.c +++ b/nx-X11/programs/Xserver/render/renderedge.c @@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge *e, dx = x_bot - x_top; dy = y_bot - y_top; e->dy = dy; + e->dx = 0; if (dy) { if (dx >= 0) diff --git a/nx-X11/programs/Xserver/render/renderedge.c b/nx-X11/programs/Xserver/render/renderedge.c.NX.original similarity index 99% copy from nx-X11/programs/Xserver/render/renderedge.c copy to nx-X11/programs/Xserver/render/renderedge.c.NX.original index b403194..f095038 100644 --- a/nx-X11/programs/Xserver/render/renderedge.c +++ b/nx-X11/programs/Xserver/render/renderedge.c.NX.original @@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge *e, dx = x_bot - x_top; dy = y_bot - y_top; e->dy = dy; + e->dx = 0; if (dy) { if (dx >= 0) diff --git a/nx-X11/programs/Xserver/render/renderedge.c b/nx-X11/programs/Xserver/render/renderedge.c.X.original similarity index 100% copy from nx-X11/programs/Xserver/render/renderedge.c copy to nx-X11/programs/Xserver/render/renderedge.c.X.original hooks/post-receive -- nx-libs.git (NX (redistributed)) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "nx-libs.git" (NX (redistributed)).