rpms/xorg-x11-server/FC-5 xserver-cve-2007-1003.patch, NONE, 1.1 xorg-x11-server.spec, 1.55, 1.56
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sun Apr 8 17:34:32 UTC 2007
Author: ajackson
Update of /cvs/dist/rpms/xorg-x11-server/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv32199
Modified Files:
xorg-x11-server.spec
Added Files:
xserver-cve-2007-1003.patch
Log Message:
* Sun Apr 08 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.7
- xserver-cve-2007-1003.patch: Fix CVE 2007-1003 in XC-MISC extension.
- xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport an Intel PCI bridge
fix from FC6.
xserver-cve-2007-1003.patch:
xcmisc.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
--- NEW FILE xserver-cve-2007-1003.patch ---
From: Matthieu Herrb <matthieu at roadrock.(none)>
Date: Tue, 3 Apr 2007 13:47:18 +0000 (+0200)
Subject: CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory Corruption
X-Git-Url: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=645d87cf8ef724d4591614f9994cdc4d7549a7a8
CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory Corruption
---
--- a/Xext/xcmisc.c
+++ b/Xext/xcmisc.c
@@ -42,6 +42,12 @@ from The Open Group.
#include <X11/extensions/xcmiscstr.h>
#include "modinit.h"
+#if HAVE_STDINT_H
+#include <stdint.h>
+#elif !defined(UINT32_MAX)
+#define UINT32_MAX 0xffffffffU
+#endif
+
#if 0
static unsigned char XCMiscCode;
#endif
@@ -143,7 +149,10 @@ ProcXCMiscGetXIDList(client)
REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq);
- pids = (XID *)ALLOCATE_LOCAL(stuff->count * sizeof(XID));
+ if (stuff->count > UINT32_MAX / sizeof(XID))
+ return BadAlloc;
+
+ pids = (XID *)Xalloc(stuff->count * sizeof(XID));
if (!pids)
{
return BadAlloc;
@@ -164,7 +173,7 @@ ProcXCMiscGetXIDList(client)
client->pSwapReplyFunc = (ReplySwapPtr) Swap32Write;
WriteSwappedDataToClient(client, count * sizeof(XID), pids);
}
- DEALLOCATE_LOCAL(pids);
+ Xfree(pids);
return(client->noClientException);
}
Index: xorg-x11-server.spec
===================================================================
RCS file: /cvs/dist/rpms/xorg-x11-server/FC-5/xorg-x11-server.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- xorg-x11-server.spec 9 Jan 2007 22:51:19 -0000 1.55
+++ xorg-x11-server.spec 8 Apr 2007 17:34:30 -0000 1.56
@@ -4,7 +4,7 @@
Summary: X.Org X11 X server
Name: xorg-x11-server
Version: 1.0.1
-Release: 9.fc5.6
+Release: 9.fc5.7
URL: http://www.x.org
License: MIT/X11
Group: User Interface/X
@@ -36,11 +36,13 @@
Patch11: xorg-x11-server-1.0.1-setuid.patch
# http://xorg.freedesktop.org/releases/X11R7.0/patches/xorg-xserver-1.0.1-dbe-render.diff
Patch12: xorg-xserver-1.0.1-dbe-render.diff
+Patch13: xserver-cve-2007-1003.patch
# Patches taken from xserver/xorg CVS HEAD, post-1.0.1
Patch100: xorg-x11-server-1.0.1-fbpict-fix-rounding.patch
Patch101: xorg-x11-server-1.0.1-SEGV-on-null-interface.patch
Patch102: xorg-x11-server-1.0.99.901-render-x4a4-crash.patch
+Patch103: xorg-x11-server-1.0.1-intel-bridge-fix.patch
Patch1000: xorg-redhat-die-ugly-pattern-die-die-die.patch
Patch1001: xorg-x11-server-1.0.1-Red-Hat-extramodes.patch
@@ -269,10 +271,12 @@
%patch10 -p0 -b .render-tris-CVE-2006-1526
%patch11 -p2 -b .setuid
%patch12 -p1 -b .alloca
+%patch13 -p1 -b .xcmisc
%patch100 -p2 -b .fbpict-fix-rounding
%patch101 -p2 -b .SEGV-on-null-interface
%patch102 -p0 -b .render-x4a4-crash
+%patch103 -p1 -b .intel-bridge
%patch1000 -p0 -b .redhat-die-ugly-pattern-die-die-die
%patch1001 -p1 -b .Red-Hat-extramodes
@@ -548,6 +552,11 @@
# -------------------------------------------------------------------
%changelog
+* Sun Apr 08 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.7
+- xserver-cve-2007-1003.patch: Fix CVE 2007-1003 in XC-MISC extension.
+- xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport an Intel PCI bridge
+ fix from FC6.
+
* Tue Jan 09 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.6
- xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101.
More information about the fedora-cvs-commits
mailing list