libx11: Changes to 'refs/tags/libx11-2_1.3.3-4+squeeze1'
Tag 'libx11-2_1.3.3-4+squeeze1' created by Julien Cristau <jcristau@debian.org> at 2013-05-21 20:59 +0000
Tagging upload of libx11 2:1.3.3-4+squeeze1 to squeeze-security.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABCAAGBQJRm+A9AAoJEDEBgAUJBeQMewIP/jbPSFHmS8t7mq3C//3yczWO
2REVOOUu7iq29ouiRfK0ob45ySBOJgHDl8tpM/5FNAB0FEVazm+v/8rWDvqYvvPX
ccENLZa7MBD9GAxqzn9pzxKL1fK0naU37syu8K6F02SdKTwvdwb4v1Ij2PO23xtj
mxCcOv7MMaCWoAzI8OHTg88277kP8Kes0fzX6dUSLfQX3Z1LxO/mTbOLynkZd/y0
uEaAO53ZYjWrVhD2+oe7QvvoRMVzMZdtZdqQqArHvmDAOXRAz3AEDDiPx+Xpq6ay
0f9dy35j1yIFVK2ihsvxubLVV53cPuGl8iiZJJ9oeVuKSZ1mLTFg5mkHb4oTKG9a
MasiADC7DUj5K6Xf6v42Vl7ihp1GlcILwPuCFfG+qZw/EaCglb1Ssgn8ev3reLem
A2yfMotPcmkG4p/zMPyUtxHr8I7s0oQM5TTKM6kCukRJg9vJLAkRSCd9ox5JDHr9
rvSx4zhiN2zxxZE1/s5pQjBLw9vnUG3BYiKMOacmqNWD18l9X49jYR1XRhVCpjH6
7Y/8AzwuttYExpx7w3sUtFeB+3NPJqov6bPY0UdRVN2xyiml9nYAn2UsEvz6lSPe
2f3nGEN4sz0ughVqGzromvEZK/LzcabZhpFRpy7TloGYa4LvrQiPE6CUc7cqdS7x
q58w4abxeBG4F3BJ6F9c
=O94z
-----END PGP SIGNATURE-----
Changes since libx11-2_1.3.3-4:
Alan Coopersmith (38):
Move repeated #ifdef magic to find PATH_MAX into a common header
Add _XEatDataWords to discard a given number of 32-bit words of reply data
integer overflow in _XQueryFont() on 32-bit platforms [CVE-2013-1981 1/13]
integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]
integer overflow in XListFontsWithInfo() [CVE-2013-1981 3/13]
integer overflow in XGetMotionEvents() [CVE-2013-1981 4/13]
integer overflow in XListHosts() [CVE-2013-1981 5/13]
unvalidated lengths in XAllocColorCells() [CVE-2013-1997 1/15]
unvalidated index in _XkbReadGetDeviceInfoReply() [CVE-2013-1997 2/15]
unvalidated indexes in _XkbReadGeomShapes() [CVE-2013-1997 3/15]
unvalidated indexes in _XkbReadGetGeometryReply() [CVE-2013-1997 4/15]
unvalidated index in _XkbReadKeySyms() [CVE-2013-1997 5/15]
unvalidated index in _XkbReadKeyActions() [CVE-2013-1997 6/15]
unvalidated index in _XkbReadKeyBehaviors() [CVE-2013-1997 7/15]
unvalidated index in _XkbReadModifierMap() [CVE-2013-1997 8/15]
unvalidated index in _XkbReadExplicitComponents() [CVE-2013-1997 9/15]
unvalidated index in _XkbReadVirtualModMap() [CVE-2013-1997 10/15]
unvalidated index/length in _XkbReadGetNamesReply() [CVE-2013-1997 11/15]
unvalidated length in _XimXGetReadData() [CVE-2013-1997 12/15]
Integer overflows in stringSectionSize() cause buffer overflow in ReadColornameDB() [CVE-2013-1981 6/13]
integer overflow in ReadInFile() in Xrm.c [CVE-2013-1981 7/13]
Unbounded recursion in GetDatabase() when parsing include files [CVE-2013-2004 1/2]
Unbounded recursion in _XimParseStringFile() when parsing include files [CVE-2013-2004 2/2]
integer truncation in _XimParseStringFile() [CVE-2013-1981 8/13]
ximcp: Prevent memory leak & double free if multiple %L in string
integer overflows in TransFileName() [CVE-2013-1981 9/13]
integer overflow in XGetWindowProperty() [CVE-2013-1981 10/13]
integer overflow in XGetImage() [CVE-2013-1981 11/13]
integer overflow in XGetPointerMapping() & XGetKeyboardMapping() [CVE-2013-1981 12/13]
integer overflow in XGetModifierMapping() [CVE-2013-1981 13/13]
Avoid overflows in XListFonts() [CVE-2013-1997 13/15]
Avoid overflows in XGetFontPath() [CVE-2013-1997 14/15]
Avoid overflows in XListExtensions() [CVE-2013-1997 15/15]
Make XGetWindowProperty() always initialize returned values
Convert more _XEatData callers to _XEatDataWords
Use calloc in XOpenDisplay to initialize structs containing pointers
_XkbReadGetMapReply: reject maxKeyCodes smaller than the minKeyCode
Give GNU & Solaris Studio compilers hints about XEatData branches
Erkki Seppälä (1):
Xrm: Handle the extremely unlikely situation of fstat failing
Julien Cristau (3):
Hide _XEatDataWords
Add a couple fixups for the security patches
Upload to squeeze-security
Matthieu Herrb (1):
XListFontsWithInfo: Re-decrement flist[0] before calling free() on it.
Nickolai Zeldovich (1):
XListFontsWithInfo: avoid accessing realloc'ed memory
---
debian/changelog | 10 ++
debian/patches/001_hide_xeatdatawords.diff | 33 +++++++
debian/patches/002_security_fixups.diff | 43 ++++++++++
debian/patches/series | 2
include/X11/Xlibint.h | 18 ++++
modules/im/ximcp/Makefile.am | 1
modules/im/ximcp/imLcPrs.c | 73 +++++++++++++----
modules/im/ximcp/imTrX.c | 2
src/AllCells.c | 9 +-
src/Font.c | 77 +++++++++++-------
src/FontInfo.c | 120 ++++++++++++++---------------
src/FontNames.c | 35 +++++---
src/GetAtomNm.c | 4
src/GetDflt.c | 25 ------
src/GetFPath.c | 36 +++++---
src/GetImage.c | 12 +-
src/GetMoEv.c | 26 ++----
src/GetPntMap.c | 31 ++++---
src/GetProp.c | 33 +++++--
src/LiHosts.c | 22 +++--
src/LiICmaps.c | 8 -
src/LiProps.c | 8 -
src/ListExt.c | 36 +++++---
src/Makefile.am | 1
src/ModMap.c | 13 ++-
src/OpenDis.c | 15 +--
src/QuColors.c | 10 +-
src/QuTree.c | 8 -
src/Xrm.c | 30 +++++--
src/XrmI.h | 4
src/pathmax.h | 82 +++++++++++++++++++
src/xcb_io.c | 17 ++++
src/xcms/cmsColNm.c | 27 +++++-
src/xkb/XKBExtDev.c | 6 +
src/xkb/XKBGeom.c | 15 ++-
src/xkb/XKBGetMap.c | 33 +++++++
src/xkb/XKBNames.c | 2
src/xlibi18n/lcFile.c | 24 -----
38 files changed, 648 insertions(+), 303 deletions(-)
---
Reply to: