Age | Commit message (Collapse) | Author |
|
& build system refresh. Minor library version bump
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789
|
|
that would cause Xlib to write entries out-of-bounds of the arrays to
store them, though this would only overwrite other parts of the Display
struct, not outside the bounds allocated for that structure.
|
|
to call function that can take the Display lock.
|
|
It triggers bugs in some applications. In particular x11/fvwm{2,3}
in ports for which the fix is not straitforward.
Tested by Walter Alejandro Iglesias.
|
|
|
|
|
|
|
|
|
|
Also remove a superfluous include. This synchronises -current with
upstream and the code we shipped in the errata.
OK matthieu@
|
|
The X protocol uses CARD16 values to represent the length so
this would overflow.
CVE-2021-31535
|
|
|
|
Reported by Jayden Rivers.
|
|
FreeBSD bugzilla reference:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248549
|
|
The check here guards the read below.
For `XimType_XIMStyles`, these are `num` of `CARD32` and for
`XimType_XIMHotKeyTriggers` these are `num` of `XIMTRIGGERKEY` ref[1]
which is defined as 3 x `CARD32`. (There are data after the
`XIMTRIGGERKEY` according to the spec but they are not read by this
function and doesn't need to be checked.)
The old code here used the native datatype size instead of the wire
protocol size causing the check to always fail.
Also fix the size calculation for the header (size). It is 2 x CARD16
for both types despite the unused `CARD16` for `XimType_XIMStyles`.
This fixes a regression caused by previous commit.
|
|
CVE-2020-14344
These where reported to X.Org and patches proposed by Todd Carson.
Thanks.
|
|
|
|
suggested by jsg@, tested on luna88k by me, ok by jsg@ and matthieu@
|
|
|
|
no objections from naddy@, espie@ and ajacoutot@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
of the makekeys util. This means it's also rebuilt during install. First
as root during build, later by the BUILDUSER during release, which won't
be able to rewrite it, because it's now owned by root. With this result:
override rw-r--r-- root/wheel for ks_tables.h?
One step closer towards noperm release builds for xenocara.
ok matthieu
|
|
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
From Tobias Stoeckmann / Xorg Securiry adrvisory Oct 4, 2016.
|
|
ok matthieu@
|
|
|
|
|
|
ok matthieu@
|
|
|
|
|
|
|
|
|
|
not bumped by this that will be corrected soon.
heavy lifting by todd@
|
|
|
|
|
|
discovered by Ilja van Sprundel.
CVE-2013-1981 X.org libX11 1.5.99.901 (1.6 RC1) integer overflows
CVE-2013-1982 X.org libXext 1.3.1 integer overflows
CVE-2013-1983 X.org libXfixes 5.0 integer overflows
CVE-2013-1984 X.org libXi 1.7.1 integer overflows
CVE-2013-1985 X.org libXinerama 1.1.2 integer overflows
CVE-2013-1986 X.org libXrandr 1.4.0 integer overflows
CVE-2013-1987 X.org libXrender 0.9.7 integer overflows
CVE-2013-1988 X.org libXRes 1.0.6 integer overflows
CVE-2013-1989 X.org libXv 1.0.7 integer overflows
CVE-2013-1990 X.org libXvMC 1.0.7 integer overflows
CVE-2013-1991 X.org libXxf86dga 1.1.3 integer overflows
CVE-2013-1992 X.org libdmx 1.1.2 integer overflows
CVE-2013-1994 X.org libchromeXvMC & libchromeXvMCPro in openChrome
0.3.2 integer overflows
CVE-2013-1995 X.org libXi 1.7.1 sign extension issues
CVE-2013-1996 X.org libFS 1.0.4 sign extension issues
CVE-2013-1997 X.org libX11 1.5.99.901 (1.6 RC1) buffer overflows
CVE-2013-1998 X.org libXi 1.7.1 buffer overflows
CVE-2013-1999 X.org libXvMC 1.0.7 buffer overflows
CVE-2013-2000 X.org libXxf86dga 1.1.3 buffer overflows
CVE-2013-2001 X.org libXxf86vm 1.1.2 buffer overflows
CVE-2013-2002 X.org libXt 1.1.3 buffer overflows
CVE-2013-2003 X.org libXcursor 1.1.13 integer overflows
CVE-2013-2004 X.org libX11 1.5.99.901 (1.6 RC1) unbounded recursion
CVE-2013-2005 X.org libXt 1.1.3 memory corruption
CVE-2013-2066 X.org libXv 1.0.7 buffer overflows
|
|
|
|
|