libx11: Changes to 'refs/tags/libx11-2_1.5.0-1+deb7u1'
Tag 'libx11-2_1.5.0-1+deb7u1' created by Julien Cristau <jcristau@debian.org> at 2013-05-21 21:46 +0000
Tagging upload of libx11 2:1.5.0-1+deb7u1 to wheezy-security.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABCAAGBQJRm+stAAoJEDEBgAUJBeQMfcUQAMfMX11E3YdvFDGY5tA6T0Ku
udxMFV6wbr+QPfq2JqpCQjDt9yCiMIrfpcWAAPZYZYGlU2UgM5i853bf7p81YZ0s
Afo5Sq145Rp7RhqjGDXPDWUuJVWHa4zSlV02eLfllginDSuFm0LG9disSJ5Tm7Ea
vUC7o1kQ4orYwcrZ5PjFUlDpt6z6iiXTzi3c/lZDdUlFa8F6KgmHRHIBT6WEVtJl
Stobf2ZPInETnajI3tK2VXRxVRYqn+aZJhKHBmWhzxRe/kAVhxGoFfe5smayXvUG
mQGAlkY6ayXVekxqayJZK0FWVg6DWH4MfGpNqo5R6kBe1zcWF6qRE/yZKpIakHJZ
fUb5N5al4XJFuqL2AgT5ZGQWHWr3ng8MoodkgcR4wENrZYTd1CfjpQi4zzEjiPbT
CU+uTK1sMYdsqBAXCrxLLGFOV92SEJTPHT8HHFquMeIrW1d0ohjAgoJkSeH0MOAu
Zz9QNN5Z+pVvM9twT4sCOAmMF8XbiLGTN0Zs6WJT046+ZL2n59EsF75v1qAZPd/o
IPn38/IJTg0Q/yac4MlIUtF4kbLCGVcGhBIJ+239EqN6n7lsfwwSCFjmsvMIZWrn
TAWw1PV4sydSMDC/YUPNERv+hHB7ItM9W2uAr7BQdmPfgltwZLqd5Z/RZ614WJY4
49AzR3BGYooSO8Pp8Yu+
=fz4N
-----END PGP SIGNATURE-----
Changes since libx11-2_1.5.0-1:
Alan Coopersmith (38):
Move repeated #ifdef magic to find PATH_MAX into a common header
Add _XEatDataWords to discard a given number of 32-bit words of reply data
integer overflow in _XQueryFont() on 32-bit platforms [CVE-2013-1981 1/13]
integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]
integer overflow in XListFontsWithInfo() [CVE-2013-1981 3/13]
integer overflow in XGetMotionEvents() [CVE-2013-1981 4/13]
integer overflow in XListHosts() [CVE-2013-1981 5/13]
unvalidated lengths in XAllocColorCells() [CVE-2013-1997 1/15]
unvalidated index in _XkbReadGetDeviceInfoReply() [CVE-2013-1997 2/15]
unvalidated indexes in _XkbReadGeomShapes() [CVE-2013-1997 3/15]
unvalidated indexes in _XkbReadGetGeometryReply() [CVE-2013-1997 4/15]
unvalidated index in _XkbReadKeySyms() [CVE-2013-1997 5/15]
unvalidated index in _XkbReadKeyActions() [CVE-2013-1997 6/15]
unvalidated index in _XkbReadKeyBehaviors() [CVE-2013-1997 7/15]
unvalidated index in _XkbReadModifierMap() [CVE-2013-1997 8/15]
unvalidated index in _XkbReadExplicitComponents() [CVE-2013-1997 9/15]
unvalidated index in _XkbReadVirtualModMap() [CVE-2013-1997 10/15]
unvalidated index/length in _XkbReadGetNamesReply() [CVE-2013-1997 11/15]
unvalidated length in _XimXGetReadData() [CVE-2013-1997 12/15]
Integer overflows in stringSectionSize() cause buffer overflow in ReadColornameDB() [CVE-2013-1981 6/13]
integer overflow in ReadInFile() in Xrm.c [CVE-2013-1981 7/13]
Unbounded recursion in GetDatabase() when parsing include files [CVE-2013-2004 1/2]
Unbounded recursion in _XimParseStringFile() when parsing include files [CVE-2013-2004 2/2]
integer truncation in _XimParseStringFile() [CVE-2013-1981 8/13]
integer overflows in TransFileName() [CVE-2013-1981 9/13]
integer overflow in XGetWindowProperty() [CVE-2013-1981 10/13]
integer overflow in XGetImage() [CVE-2013-1981 11/13]
integer overflow in XGetPointerMapping() & XGetKeyboardMapping() [CVE-2013-1981 12/13]
integer overflow in XGetModifierMapping() [CVE-2013-1981 13/13]
Avoid overflows in XListFonts() [CVE-2013-1997 13/15]
Avoid overflows in XGetFontPath() [CVE-2013-1997 14/15]
Avoid overflows in XListExtensions() [CVE-2013-1997 15/15]
Make XGetWindowProperty() always initialize returned values
Convert more _XEatData callers to _XEatDataWords
Remove more unnecessary casts from Xmalloc/calloc calls
Use calloc in XOpenDisplay to initialize structs containing pointers
_XkbReadGetMapReply: reject maxKeyCodes smaller than the minKeyCode
Give GNU & Solaris Studio compilers hints about XEatData branches
Julien Cristau (3):
Hide _XEatDataWords
Add a couple fixups for the security patches
Upload to wheezy-security
Matthieu Herrb (1):
XListFontsWithInfo: Re-decrement flist[0] before calling free() on it.
Nickolai Zeldovich (1):
XListFontsWithInfo: avoid accessing realloc'ed memory
---
debian/changelog | 10 ++
debian/patches/001_hide_xeatdatawords.diff | 33 +++++++
debian/patches/002_security_fixups.diff | 43 ++++++++++
debian/patches/series | 2
include/X11/Xlibint.h | 18 ++++
modules/im/ximcp/Makefile.am | 1
modules/im/ximcp/imLcPrs.c | 68 +++++++++++++---
modules/im/ximcp/imTrX.c | 2
src/AllCells.c | 9 +-
src/Context.c | 8 -
src/CrGC.c | 2
src/Depths.c | 2
src/FSWrap.c | 6 -
src/Font.c | 89 +++++++++++++--------
src/FontInfo.c | 120 ++++++++++++++---------------
src/FontNames.c | 35 +++++---
src/GetAtomNm.c | 12 +-
src/GetDflt.c | 25 ------
src/GetFPath.c | 36 +++++---
src/GetHints.c | 9 --
src/GetImage.c | 12 +-
src/GetMoEv.c | 26 ++----
src/GetPntMap.c | 31 ++++---
src/GetProp.c | 33 +++++--
src/GetRGBCMap.c | 3
src/ImUtil.c | 6 -
src/InitExt.c | 4
src/IntAtom.c | 6 -
src/KeyBind.c | 8 -
src/LiHosts.c | 22 +++--
src/LiICmaps.c | 8 -
src/LiProps.c | 8 -
src/ListExt.c | 36 +++++---
src/Makefile.am | 1
src/ModMap.c | 17 ++--
src/OpenDis.c | 23 +----
src/PixFormats.c | 4
src/PolyReg.c | 13 +--
src/PropAlloc.c | 9 --
src/PutBEvent.c | 2
src/PutImage.c | 13 +--
src/QuColors.c | 10 +-
src/QuTree.c | 8 -
src/Quarks.c | 9 --
src/RdBitF.c | 2
src/Region.c | 19 ++--
src/RegstFlt.c | 4
src/SetFPath.c | 2
src/SetHints.c | 6 -
src/StrToText.c | 2
src/TextToStr.c | 4
src/VisUtil.c | 8 -
src/WrBitF.c | 2
src/XlibInt.c | 20 ++--
src/Xrm.c | 50 ++++++------
src/locking.c | 8 -
src/pathmax.h | 82 +++++++++++++++++++
src/udcInf.c | 9 --
src/xcb_io.c | 17 ++++
src/xcms/cmsColNm.c | 27 +++++-
src/xkb/XKBExtDev.c | 6 +
src/xkb/XKBGeom.c | 15 ++-
src/xkb/XKBGetMap.c | 33 +++++++
src/xkb/XKBNames.c | 2
src/xlibi18n/lcFile.c | 24 -----
65 files changed, 751 insertions(+), 433 deletions(-)
---
Reply to: