From owner-freebsd-ports Wed Sep 4 23:26:35 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95D4F37B400 for ; Wed, 4 Sep 2002 23:26:32 -0700 (PDT) Received: from haystack.lclark.edu (haystack.lclark.edu [149.175.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D91943E42 for ; Wed, 4 Sep 2002 23:26:28 -0700 (PDT) (envelope-from eta@lclark.edu) Received: from copeland-30-191.lclark.edu (anholt@copeland-30-191.lclark.edu [149.175.30.191]) by haystack.lclark.edu (8.9.3/8.9.3) with ESMTP id XAA11518 for ; Wed, 4 Sep 2002 23:26:24 -0700 (PDT) Subject: XFree86 4.2.1 update (security patch) From: Eric Anholt To: ports@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 04 Sep 2002 23:26:25 -0700 Message-Id: <1031207186.913.221.camel@anholt.dyndns.org> Mime-Version: 1.0 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've committed the 4.2.1 update of XFree86-4-libraries, XFree86-4-clients, and XFree86-4-Servers to ports, which fixes a bug in Xlib that "made it possible to load arbitrary code into privileged clients" (e.g. xterm, which in ports is setuid root). XFree86-4-libraries update should be all that's necessary to fix that bug. I'll look at whether the other XFree86-4-* need updating soon. I don't know about the MIT-SHM change below. Hopefully by this weekend I'll commit the build trimming patch, and at that time I should bring in CVS ati and nv drivers to our Servers-4.2.1. There have been major updates since 4.2.0 (better ATI DFP support, r200 xv, more geforce support), and there haven't been changes to them for a while as far as I've seen, which suggests stability. List of changes that could apply to us between 4.2.0 and 4.2.1: XFree86 4.2.1 (03 September 2002) 715. [SECURITY] Fix an Xlib problem that made it possible to load arbitrary code into privileged clients. XFree86 4.2.0.1 (21 August 2002) 710. When using the vesa driver and the DisplaySize option the server would crash with a floating point exception due to a divide by zero in miscreeninit() (#5298, Mike A. Harris). 709. Updated patch from head to fix problem described in #5244 (freed memory being deref'd in xaw) (jik@kamens.brookline.ma.us) 708. The function MoveLine in lib/Xaw/TextAction.c sometimes attempts to read uninitialized memory when hit ctrl-N in a Text widget to move to the next line (#5245, Johnathan Kamens). 703. [SECURITY] MIT-SHM update: try to avoid using SHM segments that the client user doesn't have sufficient privileges to access (Roberto Zunino, Matthieu Herrb). 702. Fix a problem related to reserving the overlay key in the default colormap in 24+8 mode. This caused some clients using the 8-bit visuals to fail (David Dawes). 698. Fix startx script for ksh (Philip B. Bruce). 695. Fix SIGSEGV when printing modes that have no flags (Marc La France). 694. Fix an unresolved symbol in libGLU.so that shows up when building it with gcc-3 (David Dawes). 693. Fix incorrect symbol prefixing with Xlib's i18n modules on Solaris, and fix invalid code caused by a memcpy() macro being split by a directive (Keith Packard, David Dawes, #5150, Sami Farin). 692. Don't try to print mode names when NULL (David Dawes). 691. Revert the ATI driver's composite sync default to off (Marc La France). -- Eric Anholt http://people.freebsd.org/~anholt/dri/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message