head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.14 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.12 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.10 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.8 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.6 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.4 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.2 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.2.0.6 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.4 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.2 pkgsrc-2008Q1:1.1.0.2 pkgsrc-2008Q1-base:1.1; locks; strict; comment @# @; 1.3 date 2008.09.18.20.56.01; author bjs; state dead; branches; next 1.2; 1.2 date 2008.06.20.13.34.40; author joerg; state Exp; branches; next 1.1; 1.1 date 2008.02.25.15.39.16; author joerg; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.06.25.10.20.58; author tron; state Exp; branches; next ; desc @@ 1.3 log @Welcome to modular-xorg-server-1.4.2. This long-overdue update brings many improvements: - Many improvements to EXA - Input Hotplugging via HAL or dbus (not enabled yet) - Support for RandR 1.2. Users using a dual-head configuration are encouraged to see for more information. - The server now uses the same version of Mesa we have in pkgsrc; this likely will result in more reliable OpenGL/DRI operation. I realize that this server is still not the latest release (1.5.0); upgrading to that version will require an involved mesa update, libpciaccess, etc. I hope that by the next quarter, that work will be done. Please file a problem report and/or contact us via the usual means (mailing lists, etc.) should you encounter any issues. @ text @$NetBSD: patch-ed,v 1.2 2008/06/20 13:34:40 joerg Exp $ --- Xext/security.c.orig 2006-11-16 18:39:03.000000000 +0100 +++ Xext/security.c @@@@ -651,15 +651,19 @@@@ SProcSecurityGenerateAuthorization( register char n; CARD32 *values; unsigned long nvalues; + int values_offset; swaps(&stuff->length, n); REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq); swaps(&stuff->nbytesAuthProto, n); swaps(&stuff->nbytesAuthData, n); swapl(&stuff->valueMask, n); - values = (CARD32 *)(&stuff[1]) + - ((stuff->nbytesAuthProto + (unsigned)3) >> 2) + - ((stuff->nbytesAuthData + (unsigned)3) >> 2); + values_offset = ((stuff->nbytesAuthProto + (unsigned)3) >> 2) + + ((stuff->nbytesAuthData + (unsigned)3) >> 2); + if (values_offset > + stuff->length - (sz_xSecurityGenerateAuthorizationReq >> 2)) + return BadLength; + values = (CARD32 *)(&stuff[1]) + values_offset; nvalues = (((CARD32 *)stuff) + stuff->length) - values; SwapLongs(values, nvalues); return ProcSecurityGenerateAuthorization(client); @@@@ -1567,9 +1571,9 @@@@ SecurityLoadPropertyAccessList(void) return; #ifndef __UNIXOS2__ - f = fopen(SecurityPolicyFile, "r"); + f = Fopen(SecurityPolicyFile, "r"); #else - f = fopen((char*)__XOS2RedirRoot(SecurityPolicyFile), "r"); + f = Fopen((char*)__XOS2RedirRoot(SecurityPolicyFile), "r"); #endif if (!f) { @@@@ -1653,7 +1657,7 @@@@ SecurityLoadPropertyAccessList(void) } #endif /* PROPDEBUG */ - fclose(f); + Fclose(f); } /* SecurityLoadPropertyAccessList */ @ 1.2 log @modular-xorg-server-1.3.0.0nb9: Fix CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361 and CVE-2008-2362 based on upstream patches. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @modular-xorg-server-1.3.0nb5: Fix a number of buffer-overflows, privacy-leaks and memory corruptions. @ text @d5 24 a28 1 @@@@ -1567,9 +1567,9 @@@@ SecurityLoadPropertyAccessList(void) d40 1 a40 1 @@@@ -1653,7 +1653,7 @@@@ SecurityLoadPropertyAccessList(void) @ 1.1.2.1 log @Pullup ticket #2433 - requested by joerg Security patch for modular-xorg-server Revisions pulled up: - x11/modular-xorg-server/Makefile 1.30 via patch - x11/modular-xorg-server/distinfo 1.21 - x11/modular-xorg-server/patches/patch-ac 1.3 - x11/modular-xorg-server/patches/patch-ae 1.5 - x11/modular-xorg-server/patches/patch-da delete - x11/modular-xorg-server/patches/patch-ed 1.2 - x11/modular-xorg-server/patches/patch-ef 1.2 --- Module Name: pkgsrc Committed By: joerg Date: Fri Jun 20 13:34:40 UTC 2008 Modified Files: pkgsrc/x11/modular-xorg-server: Makefile distinfo pkgsrc/x11/modular-xorg-server/patches: patch-ed patch-ef Added Files: pkgsrc/x11/modular-xorg-server/patches: patch-ac patch-ae Removed Files: pkgsrc/x11/modular-xorg-server/patches: patch-da Log Message: modular-xorg-server-1.3.0.0nb9: Fix CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361 and CVE-2008-2362 based on upstream patches. @ text @d5 1 a5 24 @@@@ -651,15 +651,19 @@@@ SProcSecurityGenerateAuthorization( register char n; CARD32 *values; unsigned long nvalues; + int values_offset; swaps(&stuff->length, n); REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq); swaps(&stuff->nbytesAuthProto, n); swaps(&stuff->nbytesAuthData, n); swapl(&stuff->valueMask, n); - values = (CARD32 *)(&stuff[1]) + - ((stuff->nbytesAuthProto + (unsigned)3) >> 2) + - ((stuff->nbytesAuthData + (unsigned)3) >> 2); + values_offset = ((stuff->nbytesAuthProto + (unsigned)3) >> 2) + + ((stuff->nbytesAuthData + (unsigned)3) >> 2); + if (values_offset > + stuff->length - (sz_xSecurityGenerateAuthorizationReq >> 2)) + return BadLength; + values = (CARD32 *)(&stuff[1]) + values_offset; nvalues = (((CARD32 *)stuff) + stuff->length) - values; SwapLongs(values, nvalues); return ProcSecurityGenerateAuthorization(client); @@@@ -1567,9 +1571,9 @@@@ SecurityLoadPropertyAccessList(void) d17 1 a17 1 @@@@ -1653,7 +1657,7 @@@@ SecurityLoadPropertyAccessList(void) @