From 8ff4f2f51a6cf07fc33742ce3bee81328896e49b Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Fri, 25 May 2018 23:29:36 +0000
Subject: Fri May 25 23:29:36 UTC 2018

patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.1.txz:  Rebuilt.
  Handle removal of US/Pacific-New timezone. If we see that the machine is
  using this, it will be automatically switched to US/Pacific.
---
 ...ted-lengths-in-XVideo-extension-swapped-p.patch | 180 +++++++++++++++++++++
 1 file changed, 180 insertions(+)
 create mode 100644 patches/source/xorg-server/patch/xorg-server/0010-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch

(limited to 'patches/source/xorg-server/patch/xorg-server/0010-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch')

diff --git a/patches/source/xorg-server/patch/xorg-server/0010-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch b/patches/source/xorg-server/patch/xorg-server/0010-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch
new file mode 100644
index 000000000..6e5111c68
--- /dev/null
+++ b/patches/source/xorg-server/patch/xorg-server/0010-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch
@@ -0,0 +1,180 @@
+From 70127f3e8ee7cdf57e775720a642c0cbe8b8a140 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sun, 26 Jan 2014 19:23:17 -0800
+Subject: [PATCH 10/31] Xv: unvalidated lengths in XVideo extension swapped
+ procs [CVE-2014-8099]
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Fedora X Ninjas <x@fedoraproject.org>
+---
+ Xext/xvdisp.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/Xext/xvdisp.c b/Xext/xvdisp.c
+index 31b7783..6ac2366 100644
+--- a/Xext/xvdisp.c
++++ b/Xext/xvdisp.c
+@@ -1218,6 +1218,7 @@ static int
+ SProcXvQueryExtension(ClientPtr client)
+ {
+     REQUEST(xvQueryExtensionReq);
++    REQUEST_SIZE_MATCH(xvQueryExtensionReq);
+     swaps(&stuff->length);
+     return XvProcVector[xv_QueryExtension] (client);
+ }
+@@ -1226,6 +1227,7 @@ static int
+ SProcXvQueryAdaptors(ClientPtr client)
+ {
+     REQUEST(xvQueryAdaptorsReq);
++    REQUEST_SIZE_MATCH(xvQueryAdaptorsReq);
+     swaps(&stuff->length);
+     swapl(&stuff->window);
+     return XvProcVector[xv_QueryAdaptors] (client);
+@@ -1235,6 +1237,7 @@ static int
+ SProcXvQueryEncodings(ClientPtr client)
+ {
+     REQUEST(xvQueryEncodingsReq);
++    REQUEST_SIZE_MATCH(xvQueryEncodingsReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     return XvProcVector[xv_QueryEncodings] (client);
+@@ -1244,6 +1247,7 @@ static int
+ SProcXvGrabPort(ClientPtr client)
+ {
+     REQUEST(xvGrabPortReq);
++    REQUEST_SIZE_MATCH(xvGrabPortReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->time);
+@@ -1254,6 +1258,7 @@ static int
+ SProcXvUngrabPort(ClientPtr client)
+ {
+     REQUEST(xvUngrabPortReq);
++    REQUEST_SIZE_MATCH(xvUngrabPortReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->time);
+@@ -1264,6 +1269,7 @@ static int
+ SProcXvPutVideo(ClientPtr client)
+ {
+     REQUEST(xvPutVideoReq);
++    REQUEST_SIZE_MATCH(xvPutVideoReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->drawable);
+@@ -1283,6 +1289,7 @@ static int
+ SProcXvPutStill(ClientPtr client)
+ {
+     REQUEST(xvPutStillReq);
++    REQUEST_SIZE_MATCH(xvPutStillReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->drawable);
+@@ -1302,6 +1309,7 @@ static int
+ SProcXvGetVideo(ClientPtr client)
+ {
+     REQUEST(xvGetVideoReq);
++    REQUEST_SIZE_MATCH(xvGetVideoReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->drawable);
+@@ -1321,6 +1329,7 @@ static int
+ SProcXvGetStill(ClientPtr client)
+ {
+     REQUEST(xvGetStillReq);
++    REQUEST_SIZE_MATCH(xvGetStillReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->drawable);
+@@ -1340,6 +1349,7 @@ static int
+ SProcXvPutImage(ClientPtr client)
+ {
+     REQUEST(xvPutImageReq);
++    REQUEST_AT_LEAST_SIZE(xvPutImageReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->drawable);
+@@ -1363,6 +1373,7 @@ static int
+ SProcXvShmPutImage(ClientPtr client)
+ {
+     REQUEST(xvShmPutImageReq);
++    REQUEST_SIZE_MATCH(xvShmPutImageReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->drawable);
+@@ -1390,6 +1401,7 @@ static int
+ SProcXvSelectVideoNotify(ClientPtr client)
+ {
+     REQUEST(xvSelectVideoNotifyReq);
++    REQUEST_SIZE_MATCH(xvSelectVideoNotifyReq);
+     swaps(&stuff->length);
+     swapl(&stuff->drawable);
+     return XvProcVector[xv_SelectVideoNotify] (client);
+@@ -1399,6 +1411,7 @@ static int
+ SProcXvSelectPortNotify(ClientPtr client)
+ {
+     REQUEST(xvSelectPortNotifyReq);
++    REQUEST_SIZE_MATCH(xvSelectPortNotifyReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     return XvProcVector[xv_SelectPortNotify] (client);
+@@ -1408,6 +1421,7 @@ static int
+ SProcXvStopVideo(ClientPtr client)
+ {
+     REQUEST(xvStopVideoReq);
++    REQUEST_SIZE_MATCH(xvStopVideoReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->drawable);
+@@ -1418,6 +1432,7 @@ static int
+ SProcXvSetPortAttribute(ClientPtr client)
+ {
+     REQUEST(xvSetPortAttributeReq);
++    REQUEST_SIZE_MATCH(xvSetPortAttributeReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->attribute);
+@@ -1429,6 +1444,7 @@ static int
+ SProcXvGetPortAttribute(ClientPtr client)
+ {
+     REQUEST(xvGetPortAttributeReq);
++    REQUEST_SIZE_MATCH(xvGetPortAttributeReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->attribute);
+@@ -1439,6 +1455,7 @@ static int
+ SProcXvQueryBestSize(ClientPtr client)
+ {
+     REQUEST(xvQueryBestSizeReq);
++    REQUEST_SIZE_MATCH(xvQueryBestSizeReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swaps(&stuff->vid_w);
+@@ -1452,6 +1469,7 @@ static int
+ SProcXvQueryPortAttributes(ClientPtr client)
+ {
+     REQUEST(xvQueryPortAttributesReq);
++    REQUEST_SIZE_MATCH(xvQueryPortAttributesReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     return XvProcVector[xv_QueryPortAttributes] (client);
+@@ -1461,6 +1479,7 @@ static int
+ SProcXvQueryImageAttributes(ClientPtr client)
+ {
+     REQUEST(xvQueryImageAttributesReq);
++    REQUEST_SIZE_MATCH(xvQueryImageAttributesReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     swapl(&stuff->id);
+@@ -1473,6 +1492,7 @@ static int
+ SProcXvListImageFormats(ClientPtr client)
+ {
+     REQUEST(xvListImageFormatsReq);
++    REQUEST_SIZE_MATCH(xvListImageFormatsReq);
+     swaps(&stuff->length);
+     swapl(&stuff->port);
+     return XvProcVector[xv_ListImageFormats] (client);
+-- 
+1.9.3
+
-- 
cgit v1.2.3