[X2Go-Commits] [nx-libs] 01/06: Security fixes: X.Org CVE-2014-8100:

git-admin at x2go.org git-admin at x2go.org
Tue May 26 19:12:27 CEST 2015


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository nx-libs.

commit c19b58d09070aa54eb7458b0377bd4bd975e539d
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Tue May 26 18:00:00 2015 +0200

    Security fixes: X.Org CVE-2014-8100:
    
    v3: port to NXrender.c rather than render.c (Mike DePaulo)
    v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
    
    Changes:
      - 1027-render-check-request-size-before-reading-it-CVE.full.patch
---
 ...k-request-size-before-reading-it-CVE.full.patch |   24 +++++++++++++++-----
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch b/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
index 9540dde..7e8fe35 100644
--- a/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
+++ b/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
@@ -7,6 +7,8 @@ Subject: [PATCH 27/40] render: check request size before reading it
 Otherwise we may be reading outside of the client request.
 
 v2: backport to nx-libs 3.6.x (Mike DePaulo)
+v3: port to NXrender.c rather than render.c (Mike DePaulo)
+v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
 
 Signed-off-by: Julien Cristau <jcristau at debian.org>
 Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
@@ -18,11 +20,24 @@ Conflicts:
  nx-X11/programs/Xserver/render/render.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-diff --git a/nx-X11/programs/Xserver/render/render.c b/nx-X11/programs/Xserver/render/render.c
-index d25d497..ebbce81 100644
 --- a/nx-X11/programs/Xserver/render/render.c
 +++ b/nx-X11/programs/Xserver/render/render.c
-@@ -283,10 +283,11 @@ ProcRenderQueryVersion (ClientPtr client)
+@@ -283,10 +283,11 @@ ProcRenderQueryVersion (ClientPtr client
+     register int n;
+     REQUEST(xRenderQueryVersionReq);
+ 
++    REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
++
+     pRenderClient->major_version = stuff->majorVersion;
+     pRenderClient->minor_version = stuff->minorVersion;
+ 
+-    REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
+     rep.type = X_Reply;
+     rep.length = 0;
+     rep.sequenceNumber = client->sequence;
+--- a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
+@@ -326,10 +326,11 @@ ProcRenderQueryVersion (ClientPtr client
      register int n;
      REQUEST(xRenderQueryVersionReq);
  
@@ -35,6 +50,3 @@ index d25d497..ebbce81 100644
      rep.type = X_Reply;
      rep.length = 0;
      rep.sequenceNumber = client->sequence;
--- 
-2.1.4
-

--
Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git


More information about the x2go-commits mailing list