libxxf86vm: Changes to 'debian-wheezy'
New branch 'debian-wheezy' available with the following commits:
commit a0177def7b14474bdb475c3c316ffd9b2821008c
Author: Julien Cristau <jcristau@debian.org>
Date: Wed May 15 19:59:30 2013 +0200
Upload to wheezy-security
commit 405fc9e9decd363e18fe4220820f11eaf1641f2b
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 14:43:48 2013 -0700
avoid integer overflow in XF86VidModeGetModeLine()
rep.privsize is a CARD32 and needs to be bounds checked before multiplying
by sizeof(INT32) to come up with the total size to allocate & read to avoid
integer overflow, though it would not result in buffer overflow as the same
calculation was used for both allocation & reading from the network.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
commit 4bc7287b38a085203b6a64ba1dadccc6aa629f76
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 14:33:32 2013 -0700
memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001]
We trusted the server not to return more data than the client said it had
allocated room for, and would overflow the provided buffers if it did.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
commit 2044c62b7704fdd1c12206abee919afdacc2df71
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 14:24:12 2013 -0700
Use _XEatDataWords to avoid overflow of length calculations
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
commit 9576ff151de495ab2b4950644076d3e5c2237a40
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 17:58:28 2013 -0700
Unlock display before returning alloc error in XF86VidModeGetDotClocks()
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit d0355b28dd53fba6fb29c350e090ed4a73d4c480)
Signed-off-by: Julien Cristau <jcristau@debian.org>
commit 1669e72a11709b7b096d2deafb8c76885b20c9f9
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 17:54:45 2013 -0700
Unlock display before returning alloc error in XF86VidModeGetAllModeLines()
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 6c82906f25abcb0f8ec92bcdaf1872bd8b63ca5d)
Signed-off-by: Julien Cristau <jcristau@debian.org>
commit fbf34fff944c44272eef151dd4b4e647d7531d04
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 17:52:12 2013 -0700
Unlock display before returning alloc error in XF86VidModeGetModeLine()
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 8ed00bd0a7c44c7fece687e2566d920ea74ef809)
Signed-off-by: Julien Cristau <jcristau@debian.org>
commit 44cb00bb95b05a64fb524901b5c05a493377f908
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 17:40:24 2013 -0700
Improve error handling in XF86VidModeGetMonitor()
Ensure that when we return an error we unlock the display first, and
NULL out any pointers we freed in error cleanup.
Instead of adding these fixes to every error check, instead combine
the error handling cleanup into a single copy.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit a89b1ad3377bfef9bab52f15f98b00f6540d531a)
Signed-off-by: Julien Cristau <jcristau@debian.org>
commit 43dd2ff96958f225bd167ac8209679b58689e640
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 15:13:06 2013 -0700
When Xcalloc() returns NULL, you don't need to Xfree() it
I have no words to explain how this ever happened.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit ef95f1c3737d9efc7d97fb1784f80ef3540a846b)
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reply to: