[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
06/09: gnu: libxrender: Update to 0.9.10.
|
From: |
Leo Famulari |
|
Subject: |
06/09: gnu: libxrender: Update to 0.9.10. |
|
Date: |
Wed, 5 Oct 2016 23:43:00 +0000 (UTC) |
lfam pushed a commit to branch core-updates
in repository guix.
commit 9eb76bd3e5d15f93ff71c356f4b0bf6a6412cf19
Author: Leo Famulari <address@hidden>
Date: Wed Oct 5 19:28:08 2016 -0400
gnu: libxrender: Update to 0.9.10.
* gnu/packages/xorg.scm (libxrender): Update to 0.9.10.
[replacement]: Remove field.
(libxrender/fixed): Remove variable.
* gnu/packages/patches/libxrender-CVE-2016-7949.patch,
gnu/packages/patches/libxrender-CVE-2016-7950.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
gnu/local.mk | 2 -
.../patches/libxrender-CVE-2016-7949.patch | 66 ------------------
.../patches/libxrender-CVE-2016-7950.patch | 73 --------------------
gnu/packages/xorg.scm | 14 +---
4 files changed, 2 insertions(+), 153 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 5745bf9..74b57b0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -668,8 +668,6 @@ dist_patch_DATA =
\
%D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
- %D%/packages/patches/libxrender-CVE-2016-7949.patch \
- %D%/packages/patches/libxrender-CVE-2016-7950.patch \
%D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch \
%D%/packages/patches/libxv-CVE-2016-5407.patch \
%D%/packages/patches/libxvmc-CVE-2016-7953.patch \
diff --git a/gnu/packages/patches/libxrender-CVE-2016-7949.patch
b/gnu/packages/patches/libxrender-CVE-2016-7949.patch
deleted file mode 100644
index 3a2be4e..0000000
--- a/gnu/packages/patches/libxrender-CVE-2016-7949.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Fix CVE-2016-7949:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
-
-From 9362c7ddd1af3b168953d0737877bc52d79c94f4 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <address@hidden>
-Date: Sun, 25 Sep 2016 21:43:09 +0200
-Subject: [PATCH] Validate lengths while parsing server data.
-
-Individual lengths inside received server data can overflow
-the previously reserved memory.
-
-It is therefore important to validate every single length
-field to not overflow the previously agreed sum of all invidual
-length fields.
-
-v2: consume remaining bytes in the reply buffer on error.
-
-Signed-off-by: Tobias Stoeckmann <address@hidden>
-Reviewed-by: Matthieu address@hidden
----
- src/Xrender.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/src/Xrender.c b/src/Xrender.c
-index 3102eb2..71cf3e6 100644
---- a/src/Xrender.c
-+++ b/src/Xrender.c
-@@ -533,12 +533,30 @@ XRenderQueryFormats (Display *dpy)
- screen->fallback = _XRenderFindFormat (xri, xScreen->fallback);
- screen->subpixel = SubPixelUnknown;
- xDepth = (xPictDepth *) (xScreen + 1);
-+ if (screen->ndepths > rep.numDepths) {
-+ Xfree (xri);
-+ Xfree (xData);
-+ _XEatDataWords (dpy, rep.length);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return 0;
-+ }
-+ rep.numDepths -= screen->ndepths;
- for (nd = 0; nd < screen->ndepths; nd++)
- {
- depth->depth = xDepth->depth;
- depth->nvisuals = xDepth->nPictVisuals;
- depth->visuals = visual;
- xVisual = (xPictVisual *) (xDepth + 1);
-+ if (depth->nvisuals > rep.numVisuals) {
-+ Xfree (xri);
-+ Xfree (xData);
-+ _XEatDataWords (dpy, rep.length);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return 0;
-+ }
-+ rep.numVisuals -= depth->nvisuals;
- for (nv = 0; nv < depth->nvisuals; nv++)
- {
- visual->visual = _XRenderFindVisual (dpy, xVisual->visual);
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxrender-CVE-2016-7950.patch
b/gnu/packages/patches/libxrender-CVE-2016-7950.patch
deleted file mode 100644
index 1a64b6e..0000000
--- a/gnu/packages/patches/libxrender-CVE-2016-7950.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Fix CVE-2016-7950:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
-
-From 8fad00b0b647ee662ce4737ca15be033b7a21714 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <address@hidden>
-Date: Sun, 25 Sep 2016 21:42:09 +0200
-Subject: [PATCH] Avoid OOB write in XRenderQueryFilters
-
-The memory for filter names is reserved right after receiving the reply.
-After that, filters are iterated and each individual filter name is
-stored in that reserved memory.
-
-The individual name lengths are not checked for validity, which means
-that a malicious server can reserve less memory than it will write to
-during each iteration.
-
-v2: consume remaining bytes in reply buffer on error.
-
-Signed-off-by: Tobias Stoeckmann <address@hidden>
-Reviewed-by: Matthieu Herrb <address@hidden>
----
- src/Filter.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/src/Filter.c b/src/Filter.c
-index edfa572..8d701eb 100644
---- a/src/Filter.c
-+++ b/src/Filter.c
-@@ -38,7 +38,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
- char *name;
- char len;
- int i;
-- unsigned long nbytes, nbytesAlias, nbytesName;
-+ unsigned long nbytes, nbytesAlias, nbytesName, reply_left;
-
- if (!RenderHasExtension (info))
- return NULL;
-@@ -114,6 +114,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
- * Read the filter aliases
- */
- _XRead16Pad (dpy, filters->alias, 2 * rep.numAliases);
-+ reply_left = 8 + rep.length - 2 * rep.numAliases;;
-
- /*
- * Read the filter names
-@@ -122,9 +123,19 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
- {
- int l;
- _XRead (dpy, &len, 1);
-+ reply_left--;
- l = len & 0xff;
-+ if ((unsigned long)l + 1 > nbytesName) {
-+ _XEatDataWords(dpy, reply_left);
-+ Xfree(filters);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return NULL;
-+ }
-+ nbytesName -= l + 1;
- filters->filter[i] = name;
- _XRead (dpy, name, l);
-+ reply_left -= l;
- name[l] = '\0';
- name += l + 1;
- }
---
-2.10.1
-
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 85bd916..19b5d31 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4602,8 +4602,7 @@ cannot be adequately worked around on the client side of
the wire.")
(define-public libxrender
(package
(name "libxrender")
- (replacement libxrender/fixed)
- (version "0.9.9")
+ (version "0.9.10")
(source
(origin
(method url-fetch)
@@ -4613,7 +4612,7 @@ cannot be adequately worked around on the client side of
the wire.")
".tar.bz2"))
(sha256
(base32
- "06myx7044qqdswxndsmd82fpp670klnizkgzdm194h51h1wyabzw"))))
+ "0j89cnb06g8x79wmmnwzykgkkfdhin9j7hjpvsxwlr3fz1wmjvf0"))))
(build-system gnu-build-system)
(propagated-inputs
`(("renderproto" ,renderproto)))
@@ -4627,15 +4626,6 @@ cannot be adequately worked around on the client side of
the wire.")
(description "Library for the Render Extension to the X11 protocol.")
(license license:x11)))
-(define libxrender/fixed
- (package
- (inherit libxrender)
- (source (origin
- (inherit (package-source libxrender))
- (patches (search-patches
- "libxrender-CVE-2016-7949.patch"
- "libxrender-CVE-2016-7950.patch"))))))
-
(define-public libxtst
(package
(name "libxtst")
- branch core-updates updated (6524c1c -> 22f08f0), Leo Famulari, 2016/10/05
- 01/09: Merge branch 'master' into core-updates, Leo Famulari, 2016/10/05
- 06/09: gnu: libxrender: Update to 0.9.10.,
Leo Famulari <=
- 02/09: gnu: libx11: Update to 1.6.4., Leo Famulari, 2016/10/05
- 09/09: gnu: libxvmc: Update to 1.0.10., Leo Famulari, 2016/10/05
- 03/09: gnu: libxfixes: Update to 5.0.3., Leo Famulari, 2016/10/05
- 04/09: gnu: libxi: Update to 1.7.7., Leo Famulari, 2016/10/05
- 07/09: gnu: libxtst: Update to 1.2.3., Leo Famulari, 2016/10/05
- 08/09: gnu: libxv: Update to 1.0.11., Leo Famulari, 2016/10/05
- 05/09: gnu: libxrandr: Update to 1.5.1., Leo Famulari, 2016/10/05