[Frugalware-git] frugalware-current: xorg-server-1.4.0.90-4-i686

Miklos Vajna Wed, 23 Jan 2008 09:50:35 -0800

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=fd08d80c99c608393a7be96d901ee2b3bfb9fc0a


commit fd08d80c99c608393a7be96d901ee2b3bfb9fc0a
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date:   Wed Jan 23 18:49:14 2008 +0100

xorg-server-1.4.0.90-4-i686
fix breakage introduced by commit ae7ded04e909fa61e124f15589da358f968d4c9d

diff --git a/source/x11/xorg-server/CVE-2007-6429_2.patch 
b/source/x11/xorg-server/CVE-2007-6429_2.patch
deleted file mode 100644
index 877a28a..0000000
--- a/source/x11/xorg-server/CVE-2007-6429_2.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From b6d4cdf64f43ae805beada6122c8be2ed138742c Mon Sep 17 00:00:00 2001
-From: Adam Jackson <[EMAIL PROTECTED]>
-Date: Fri, 18 Jan 2008 14:41:20 -0500
-Subject: [PATCH] CVE-2007-6429: Don't spuriously reject <8bpp shm pixmaps.
-
-Move size validation after depth validation, and only validate size if
-the bpp of the pixmap format is > 8.  If bpp < 8 then we're already
-protected from overflow by the width and height checks.
-(cherry picked from commit e9fa7c1c88a8130a48f772c92b186b8b777986b5)
----
- Xext/shm.c |   36 ++++++++++++++++++++----------------
- 1 files changed, 20 insertions(+), 16 deletions(-)
-
-diff --git a/Xext/shm.c b/Xext/shm.c
-index 5633be9..6f99e90 100644
---- a/Xext/shm.c
-+++ b/Xext/shm.c
-@@ -737,14 +737,6 @@ ProcPanoramiXShmCreatePixmap(
-     }
-     if (width > 32767 || height > 32767)
-         return BadAlloc;
--    size = PixmapBytePad(width, depth) * height;
--    if (sizeof(size) == 4) {
--        if (size < width * height)
--            return BadAlloc;
--        /* thankfully, offset is unsigned */
--        if (stuff->offset + size < size)
--            return BadAlloc;
--    }
-
-     if (stuff->depth != 1)
-     {
-@@ -755,7 +747,17 @@ ProcPanoramiXShmCreatePixmap(
-       client->errorValue = stuff->depth;
-         return BadValue;
-     }
-+
- CreatePmap:
-+    size = PixmapBytePad(width, depth) * height;
-+    if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
-+        if (size < width * height)
-+            return BadAlloc;
-+        /* thankfully, offset is unsigned */
-+        if (stuff->offset + size < size)
-+            return BadAlloc;
-+    }
-+
-     VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
-
-     if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes))))
-@@ -1080,14 +1082,6 @@ ProcShmCreatePixmap(client)
-     }
-     if (width > 32767 || height > 32767)
-       return BadAlloc;
--    size = PixmapBytePad(width, depth) * height;
--    if (sizeof(size) == 4) {
--      if (size < width * height)
--          return BadAlloc;
--      /* thankfully, offset is unsigned */
--      if (stuff->offset + size < size)
--          return BadAlloc;
--    }
-
-     if (stuff->depth != 1)
-     {
-@@ -1098,7 +1092,17 @@ ProcShmCreatePixmap(client)
-       client->errorValue = stuff->depth;
-         return BadValue;
-     }
-+
- CreatePmap:
-+    size = PixmapBytePad(width, depth) * height;
-+    if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
-+      if (size < width * height)
-+          return BadAlloc;
-+      /* thankfully, offset is unsigned */
-+      if (stuff->offset + size < size)
-+          return BadAlloc;
-+    }
-+
-     VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
-     pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
-                           pDraw->pScreen, stuff->width,
---
-1.5.3.8
-
diff --git a/source/x11/xorg-server/CVE-2007-6429_3.patch 
b/source/x11/xorg-server/CVE-2007-6429_3.patch
new file mode 100644
index 0000000..1fba567
--- /dev/null
+++ b/source/x11/xorg-server/CVE-2007-6429_3.patch
@@ -0,0 +1,38 @@
+From: Matthias Hopf <[EMAIL PROTECTED]>
+Date: Mon, 21 Jan 2008 15:13:21 +0000 (+0100)
+Subject: CVE-2007-6429: Always test for size+offset wrapping.
+X-Git-Url: 
http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161
+
+CVE-2007-6429: Always test for size+offset wrapping.
+---
+
+--- a/Xext/shm.c
++++ b/Xext/shm.c
+@@ -799,10 +799,10 @@ CreatePmap:
+     if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
+         if (size < width * height)
+             return BadAlloc;
+-        /* thankfully, offset is unsigned */
+-        if (stuff->offset + size < size)
+-            return BadAlloc;
+     }
++    /* thankfully, offset is unsigned */
++    if (stuff->offset + size < size)
++      return BadAlloc;
+
+     VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+
+@@ -1144,10 +1144,10 @@ CreatePmap:
+     if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
+       if (size < width * height)
+           return BadAlloc;
+-      /* thankfully, offset is unsigned */
+-      if (stuff->offset + size < size)
+-          return BadAlloc;
+     }
++    /* thankfully, offset is unsigned */
++    if (stuff->offset + size < size)
++      return BadAlloc;
+
+     VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+     pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
diff --git a/source/x11/xorg-server/FrugalBuild 
b/source/x11/xorg-server/FrugalBuild
index b24d3d3..1185ee2 100644
--- a/source/x11/xorg-server/FrugalBuild
+++ b/source/x11/xorg-server/FrugalBuild
@@ -3,7 +3,7 @@

pkgname=xorg-server
pkgver=1.4.0.90
-pkgrel=3
+pkgrel=4
mesaver=7.0.2
pkgdesc="Modular X.Org X Server"
groups=('x11' 'xorg-core')
@@ -27,8 +27,9 @@ backup=('etc/sysconfig/desktop')
Finclude sourceforge xorg
source=([EMAIL PROTECTED] \
http://$_F_sourceforge_mirror.dl.sourceforge.net/sourceforge/mesa3d/MesaLib-$mesaver.tar.bz2
 \
-       
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows.diff
 \
-       CVE-2007-6429_2.patch \
+       
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows-v2.diff
 \
+       CVE-2007-6429_3.patch \
+       CVE-2007-3069.patch \
bug13308-Verify-and-reject-obviously-broken-modes.patch \
fix-bgPixel-unsigned-long-issues.patch \
OS-Don-t-leak-connection-translation-table.patch \
@@ -54,8 +55,9 @@ source=([EMAIL PROTECTED] \
1.4-fix-xephyr-link.patch)
sha1sums=('7c492ac32bd83b521f5c016e4728fccf9cba55db' \
'd16eaeb1d9d95d11d3b6d289b1ba87108b88da90' \
-          'b3c9013aa6abc30fabd8f6a85e427f5fd6e6ef6c' \
-          '3350a781d333a04220a328b0174f6dff77ab9dc7' \
+          'af92fd389e72a3bb59d25dbf9cbb06e827b75d7d' \
+          '0dccea5821d612255d415fb994b69780a6c39c29' \
+          'eef5c663f5728e70969126d13c5a22ba3d0b08d1' \
'838c1144516368be4b15ab1b22d1a557fc8261ba' \
'03313ab37223329913354321449d7e818c69c937' \
'4d35fe70d5af830ac732fe74260d8483c390461c' \
@@ -157,9 +159,12 @@ build() {
Fpatch 1.4-fix-dmx-link.patch
Fpatch 1.4-fix-kdrive-automake.patch
## SEC fixes - FS#2709
-       Fpatch xorg-xserver-1.4-multiple-overflows.diff
-       # the fix for the sec fix =)
-       Fpatch CVE-2007-6429_2.patch
+       Fpatch xorg-xserver-1.4-multiple-overflows-v2.diff
+       ## the fix for the sec fix =)
+       ## 
http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commit;h=be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161
+       Fpatch CVE-2007-6429_3.patch
+       ## http://lists.freedesktop.org/archives/xorg/2008-January/032129.html
+       Fpatch CVE-2007-3069.patch
## fixes from 1.4-branch
Fpatch bug13308-Verify-and-reject-obviously-broken-modes.patch
Fpatch fix-bgPixel-unsigned-long-issues.patch
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

[Frugalware-git] frugalware-current: xorg-server-1.4.0.90-4-i686

Reply via email to