Tag 'xorg-server-2_1.16.2.901-1' created by Julien Cristau
<[email protected]> at 2014-12-09 21:27 +0000
Tagging upload of xorg-server 2:1.16.2.901-1 to unstable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJUh2kuAAoJEDEBgAUJBeQMnT0P/2hnNLQz6e9uAPNNaL1ZiZeZ
yvRZk5TukaCPx0Ib9tQY5+ngzHCujhN3gAuVnL3Ba3R1jj5RWhveA4OQR/8cDKlA
lH7jrRJ8vzVXUp6sSJD5IlshiAY1yqbRyBnyg5DLvJorVDhWQ1vCNjrBeWcCyGfc
nOM5vivuj2lSgJkNUzYcJXpYTdyvQ7NklEHleeQVheIsg3fSwbBGyjgZSRkB+dmM
hwu3CFrl5QbZYf9dxHFvfyyfLhQkEXSBmociRWGWulzFpU2VQcrSl5Z/vBxf9c4w
eXTBnDnkY7UEF+t/8hsF+x8ukO04qm9fXySxy6/BwWwZaP9oh8rl2n0cpCr3JKd9
ioc3JSbwk+J3jukKYeEln9Xjxv3rKbQZpF/55hE64R3oxv+SN1um+SWzokzRXdbM
0Xk1RceZzlSO0CtJyiYCNngFOn51dmEb/ZAw2zCBC+Ycs/SoA3OnMqncIs+Y+wE0
5Aj8ooJJGIYpC4wk03+fKh0P7ztlsevXPmgTAQghnW0FxrMOS8p8hq7pm7guLbcC
5W3tW5qZH29hEpgDH2XF2nnTt/w9la8kYZ7395VMypPZ9KpYV5wEFDai5r92UdpK
ghJw+az21h29a+uEckC52YL2OOEufF5XVIZiFS2OByqCCuQ14cmZH+NJyjqx9KkC
O2SfFtP/h3iEBSwBBt1L
=uM+f
-----END PGP SIGNATURE-----
Changes since xorg-server-2_1.16.1.901-1:
Adam Jackson (12):
glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]
glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093
2/6]
glx: Additional paranoia in __glXGetAnswerBuffer /
__GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]
glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098
1/8]
glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]
glx: Integer overflow protection for non-generated render requests (v3)
[CVE-2014-8093 5/6]
glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]
glx: Top-level length checking for swapped VendorPrivate requests
[CVE-2014-8098 4/8]
glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]
glx: Length-checking for non-generated vendor private requests
[CVE-2014-8098 6/8]
glx: Length checking for non-generated single requests (v2)
[CVE-2014-8098 7/8]
glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]
Alan Coopersmith (19):
Add -iglx & +iglx to Xserver.man
unchecked malloc may allow unauthed client to crash Xserver
[CVE-2014-8091]
dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]
dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]
dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]
dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]
dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]
Xi: unvalidated lengths in Xinput extension [CVE-2014-8095]
xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]
Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]
dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103
1/2]
present: unvalidated lengths in Present extension procs [CVE-2014-8103
2/2]
randr: unvalidated lengths in RandR extension swapped procs
[CVE-2014-8101]
render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100
2/2]
xfixes: unvalidated length in SProcXFixesSelectSelectionInput
[CVE-2014-8102]
Add request length checking test cases for some Xinput 1.x requests
Add request length checking test cases for some Xinput 2.x requests
Add REQUEST_FIXED_SIZE testcases to test/misc.c
Alex Orange (1):
fb: Fix Bresenham algorithms for commonly used small segments.
Julien Cristau (7):
Bump to 1.16.2
render: check request size before reading it [CVE-2014-8100 1/2]
glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8]
Bump to 1.16.2.901
Merge tag 'xorg-server-1.16.2.901' into debian-unstable
Merge 1.16.2.901
Upload to unstable
Keith Packard (6):
present: Support PresentOptionCopy
glx: check return from __glXGetAnswerBuffer
dbe: Call to DDX SwapBuffers requires address of int, not unsigned int
[CVE-2014-8097 pt. 2]
glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt.
9]
Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]
Mario Kleiner (2):
present: Avoid crashes in DebugPresent(), a bit more info.
present: Fix use of vsynced pageflips and honor PresentOptionAsync. (v4)
Robert Morell (1):
glx: Fix mask truncation in __glXGetAnswerBuffer [CVE-2014-8093 6/6]
---
ChangeLog |
781 ++++++++++
Xext/xcmisc.c |
1
Xext/xvdisp.c |
20
Xi/chgdctl.c |
8
Xi/chgfctl.c |
2
Xi/sendexev.c |
3
Xi/xiallowev.c |
2
Xi/xichangecursor.c |
2
Xi/xichangehierarchy.c |
35
Xi/xigetclientpointer.c |
1
Xi/xigrabdev.c |
9
Xi/xipassivegrab.c |
12
Xi/xiproperty.c |
14
Xi/xiquerydevice.c |
1
Xi/xiquerypointer.c |
2
Xi/xiselectev.c |
8
Xi/xisetclientpointer.c |
3
Xi/xisetdevfocus.c |
4
Xi/xiwarppointer.c |
2
configure.ac |
5
dbe/dbe.c |
17
debian/changelog |
20
debian/patches/06_Revert-fb-reorder-Bresenham-error-correction-to-avoi.diff |
68
debian/patches/09_Xserver-man-iglx.diff |
16
debian/patches/series |
2
dix/dispatch.c |
3
dix/region.c |
20
dri3/dri3_request.c |
6
fb/fbseg.c |
20
glx/clientinfo.c |
20
glx/glxcmds.c |
85 -
glx/glxcmdsswap.c |
4
glx/glxserver.h |
43
glx/indirect_dispatch.c |
25
glx/indirect_dispatch_swap.c |
26
glx/indirect_program.c |
2
glx/indirect_reqsize.c |
142 -
glx/indirect_reqsize.h |
181 +-
glx/indirect_texture_compression.c |
4
glx/indirect_util.c |
9
glx/rensize.c |
114 -
glx/single2.c |
23
glx/single2swap.c |
19
glx/singlepix.c |
60
glx/singlepixswap.c |
50
glx/swap_interval.c |
2
glx/unpack.h |
3
hw/xfree86/dri2/dri2ext.c |
3
include/dix.h |
7
include/regionstr.h |
10
man/Xserver.man |
10
os/access.c |
6
os/rpcauth.c |
4
present/present.c |
18
present/present_request.c |
6
randr/rrsdispatch.c |
4
render/render.c |
20
test/Makefile.am |
2
test/misc.c |
37
test/xi1/Makefile.am |
34
test/xi1/protocol-xchangedevicecontrol.c |
122 +
test/xi2/protocol-xigetclientpointer.c |
5
test/xi2/protocol-xipassivegrabdevice.c |
8
test/xi2/protocol-xiquerypointer.c |
4
test/xi2/protocol-xiwarppointer.c |
3
xfixes/select.c |
1
66 files changed, 1802 insertions(+), 401 deletions(-)
---
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
