diff options
| author | wiz <wiz@pkgsrc.org> | 2013-07-03 06:27:03 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2013-07-03 06:27:03 +0000 |
| commit | c2e29492c4fcb0bb4e1a9626baafbe8e98d7fd4e (patch) | |
| tree | b488fec84928555d16549075eded403b56f9765c /x11/libXi | |
| parent | 5d30a7977e032c63ae5f3e7a15351356005fa2e0 (diff) | |
| download | pkgsrc-c2e29492c4fcb0bb4e1a9626baafbe8e98d7fd4e.tar.gz | |
Update to 1.7.2.
Changes in 1.7.2:
Only one minor change since the RC. Again, this release contains the fixes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995 so you're encouraged to
update.
Peter Hutterer (1):
libXi 1.7.2
Thomas Klausner (1):
Remove check that can never be true.
Changses in 1.7.1.901:
First and likely only RC for libXi 1.7.2. This one has a bunch of changes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various
integer overflows and other corruption that happens if we trust the server
a bit too much on the data we're being sent.
On top of those fixes, the sequence number in XI2 events is now set
propertly too (#64687).
Please test, if you find any issues let me know.
Alan Coopersmith (14):
Expand comment on the memory vs. reply ordering in XIGetSelectedEvents()
Use _XEatDataWords to avoid overflow of rep.length bit shifting
Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3]
memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3]
unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3]
integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8]
integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8]
integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8]
integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8]
integer overflow in XIGetProperty() [CVE-2013-1984 5/8]
integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8]
Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8]
Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8]
sign extension issue in XListInputDevices() [CVE-2013-1995]
Peter Hutterer (7):
Copy the sequence number into the target event too (#64687)
Don't overwrite the cookies serial number
Fix potential corruption in mask_len handling
Change size += to size = in XGetDeviceControl
If the XGetDeviceDontPropagateList reply has an invalid length, return 0
Include limits.h to prevent build error: missing INT_MAX
libXi 1.7.1.901
Diffstat (limited to 'x11/libXi')
| -rw-r--r-- | x11/libXi/Makefile | 5 | ||||
| -rw-r--r-- | x11/libXi/distinfo | 8 |
2 files changed, 6 insertions, 7 deletions
diff --git a/x11/libXi/Makefile b/x11/libXi/Makefile index 634396dbfee..799129db05e 100644 --- a/x11/libXi/Makefile +++ b/x11/libXi/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.23 2013/04/05 09:11:57 wiz Exp $ -# +# $NetBSD: Makefile,v 1.24 2013/07/03 06:27:03 wiz Exp $ -DISTNAME= libXi-1.7.1 +DISTNAME= libXi-1.7.2 CATEGORIES= x11 devel MASTER_SITES= ${MASTER_SITE_XORG:=lib/} EXTRACT_SUFX= .tar.bz2 diff --git a/x11/libXi/distinfo b/x11/libXi/distinfo index 88ae0917c34..b0efe3ade14 100644 --- a/x11/libXi/distinfo +++ b/x11/libXi/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.19 2013/04/05 09:11:57 wiz Exp $ +$NetBSD: distinfo,v 1.20 2013/07/03 06:27:03 wiz Exp $ -SHA1 (libXi-1.7.1.tar.bz2) = 0737f2344c661523bd5903a727c3371cebb2b0f3 -RMD160 (libXi-1.7.1.tar.bz2) = 7e871fead6d1c276480868a1099fbd05b519df30 -Size (libXi-1.7.1.tar.bz2) = 434569 bytes +SHA1 (libXi-1.7.2.tar.bz2) = 53c90cd52e40065e04886f046383c1e5c507e0c4 +RMD160 (libXi-1.7.2.tar.bz2) = 514199e00894f280400f86b613b4f208133d7ee1 +Size (libXi-1.7.2.tar.bz2) = 440969 bytes |