kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/x11/libXi
History
wiz 940786ea6f Update to 1.7.2. 
Changes in 1.7.2:
Only one minor change since the RC. Again, this release contains the fixes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995 so you're encouraged to
update.

Peter Hutterer (1):
      libXi 1.7.2

Thomas Klausner (1):
      Remove check that can never be true.

Changses in 1.7.1.901:
First and likely only RC for libXi 1.7.2. This one has a bunch of changes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various
integer overflows and other corruption that happens if we trust the server
a bit too much on the data we're being sent.

On top of those fixes, the sequence number in XI2 events is now set
propertly too (#64687).

Please test, if you find any issues let me know.

Alan Coopersmith (14):
      Expand comment on the memory vs. reply ordering in XIGetSelectedEvents()
      Use _XEatDataWords to avoid overflow of rep.length bit shifting
      Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3]
      memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3]
      unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3]
      integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8]
      integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8]
      integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8]
      integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8]
      integer overflow in XIGetProperty() [CVE-2013-1984 5/8]
      integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8]
      Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8]
      Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8]
      sign extension issue in XListInputDevices() [CVE-2013-1995]

Peter Hutterer (7):
      Copy the sequence number into the target event too (#64687)
      Don't overwrite the cookies serial number
      Fix potential corruption in mask_len handling
      Change size += to size = in XGetDeviceControl
      If the XGetDeviceDontPropagateList reply has an invalid length, return 0
      Include limits.h to prevent build error: missing INT_MAX
      libXi 1.7.1.901
2013-07-03 06:27:03 +00:00
..
buildlink3.mk Needs libXfixes now (PR 47721) 2013-04-06 08:18:01 +00:00
DESCR
distinfo Update to 1.7.2. 2013-07-03 06:27:03 +00:00
Makefile Update to 1.7.2. 2013-07-03 06:27:03 +00:00
PLIST Update to 1.7: 2013-03-07 06:36:28 +00:00