Security fixes: X.Org CVE-2014-8100:

v3: port to NXrender.c rather than render.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1027-render-check-request-size-before-reading-it-CVE.full.patch
author: Mihai Moldovan <ionic@ionic.de> 2015-05-26 18:00:00 +0200
committer: Mihai Moldovan <ionic@ionic.de> 2015-05-26 18:00:00 +0200
commit: c19b58d09070aa54eb7458b0377bd4bd975e539d (patch)
tree: 8d9cb74eed536d203a9d6b37cdd020fe473b1e74 /debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
parent: 5a9f8294ce2f9c4265c5359323d7ad157974d016 (diff)
download: nx-libs-c19b58d09070aa54eb7458b0377bd4bd975e539d.tar.gz
nx-libs-c19b58d09070aa54eb7458b0377bd4bd975e539d.tar.bz2
nx-libs-c19b58d09070aa54eb7458b0377bd4bd975e539d.zip
1 files changed, 18 insertions, 6 deletions
diff --git a/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch b/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
index 9540ddeda..7e8fe352f 100644
--- a/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
+++ b/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
@@ -7,6 +7,8 @@ Subject: [PATCH 27/40] render: check request size before reading it
 Otherwise we may be reading outside of the client request.
 
 v2: backport to nx-libs 3.6.x (Mike DePaulo)
+v3: port to NXrender.c rather than render.c (Mike DePaulo)
+v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
 
 Signed-off-by: Julien Cristau <jcristau@debian.org>
 Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
@@ -18,11 +20,24 @@ Conflicts:
  nx-X11/programs/Xserver/render/render.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-diff --git a/nx-X11/programs/Xserver/render/render.c b/nx-X11/programs/Xserver/render/render.c
-index d25d497..ebbce81 100644
 --- a/nx-X11/programs/Xserver/render/render.c
 +++ b/nx-X11/programs/Xserver/render/render.c
-@@ -283,10 +283,11 @@ ProcRenderQueryVersion (ClientPtr client)
+@@ -283,10 +283,11 @@ ProcRenderQueryVersion (ClientPtr client
+     register int n;
+     REQUEST(xRenderQueryVersionReq);
+ 
++    REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
++
+     pRenderClient->major_version = stuff->majorVersion;
+     pRenderClient->minor_version = stuff->minorVersion;
+ 
+-    REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
+     rep.type = X_Reply;
+     rep.length = 0;
+     rep.sequenceNumber = client->sequence;
+--- a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
+@@ -326,10 +326,11 @@ ProcRenderQueryVersion (ClientPtr client
      register int n;
      REQUEST(xRenderQueryVersionReq);
  
@@ -35,6 +50,3 @@ index d25d497..ebbce81 100644
      rep.type = X_Reply;
      rep.length = 0;
      rep.sequenceNumber = client->sequence;
--- 
-2.1.4
-
author	Mihai Moldovan <ionic@ionic.de>	2015-05-26 18:00:00 +0200
committer	Mihai Moldovan <ionic@ionic.de>	2015-05-26 18:00:00 +0200
commit	c19b58d09070aa54eb7458b0377bd4bd975e539d (patch)
tree	8d9cb74eed536d203a9d6b37cdd020fe473b1e74 /debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
parent	5a9f8294ce2f9c4265c5359323d7ad157974d016 (diff)
download	nx-libs-c19b58d09070aa54eb7458b0377bd4bd975e539d.tar.gz nx-libs-c19b58d09070aa54eb7458b0377bd4bd975e539d.tar.bz2 nx-libs-c19b58d09070aa54eb7458b0377bd4bd975e539d.zip