Date: 04 Sep 2002 23:26:25 -0700 From: Eric Anholt <eta@lclark.edu> To: ports@freebsd.org Subject: XFree86 4.2.1 update (security patch) Message-ID: <1031207186.913.221.camel@anholt.dyndns.org>
next in thread | raw e-mail | index | archive | help
I've committed the 4.2.1 update of XFree86-4-libraries,
XFree86-4-clients, and XFree86-4-Servers to ports, which fixes a bug in
Xlib that "made it possible to load arbitrary code into privileged
clients" (e.g. xterm, which in ports is setuid root).
XFree86-4-libraries update should be all that's necessary to fix that
bug. I'll look at whether the other XFree86-4-* need updating soon. I
don't know about the MIT-SHM change below.
Hopefully by this weekend I'll commit the build trimming patch, and at
that time I should bring in CVS ati and nv drivers to our
Servers-4.2.1. There have been major updates since 4.2.0 (better ATI
DFP support, r200 xv, more geforce support), and there haven't been
changes to them for a while as far as I've seen, which suggests
stability.
List of changes that could apply to us between 4.2.0 and 4.2.1:
XFree86 4.2.1 (03 September 2002)
715. [SECURITY] Fix an Xlib problem that made it possible to load arbitrary
code into privileged clients.
XFree86 4.2.0.1 (21 August 2002)
710. When using the vesa driver and the DisplaySize option the server
would crash with a floating point exception due to a divide by zero
in miscreeninit() (#5298, Mike A. Harris).
709. Updated patch from head to fix problem described in #5244
(freed memory being deref'd in xaw) (jik@kamens.brookline.ma.us)
708. The function MoveLine in lib/Xaw/TextAction.c sometimes attempts to
read uninitialized memory when hit ctrl-N in a Text widget to move to
the next line (#5245, Johnathan Kamens).
703. [SECURITY] MIT-SHM update: try to avoid using SHM segments that the
client user doesn't have sufficient privileges to access
(Roberto Zunino, Matthieu Herrb).
702. Fix a problem related to reserving the overlay key in the default
colormap in 24+8 mode. This caused some clients using the 8-bit
visuals to fail (David Dawes).
698. Fix startx script for ksh (Philip B. Bruce).
695. Fix SIGSEGV when printing modes that have no flags (Marc La France).
694. Fix an unresolved symbol in libGLU.so that shows up when building it
with gcc-3 (David Dawes).
693. Fix incorrect symbol prefixing with Xlib's i18n modules on Solaris,
and fix invalid code caused by a memcpy() macro being split by a
directive (Keith Packard, David Dawes, #5150, Sami Farin).
692. Don't try to print mode names when NULL (David Dawes).
691. Revert the ATI driver's composite sync default to off (Marc La France).
--
Eric Anholt <eta@lclark.edu>
http://people.freebsd.org/~anholt/dri/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1031207186.913.221.camel>