03ff880...
by
Matthieu Herrb
on 2011-10-17
Fix CVE-2011-4029: File permission change vulnerability.
Use fchmod() to change permissions of the lock file instead
of chmod(), thus avoid the race that can be exploited to set
a symbolic link to any file or directory in the system.
Signed-off-by: Matthieu Herrb <email address hidden>
Reviewed-by: Alan Coopersmith <email address hidden>
(cherry picked from commit b67581cf825940f df52bf2e0af4330 e695d724a4)
(cherry picked from commit 12f65819ffb0410 3f170ecd7e28134 8de618fc4c)
3394ae3...
by
Matthieu Herrb
on 2011-10-17
Fix CVE-2011-4028: File disclosure vulnerability.
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file.
Signed-off-by: Matthieu Herrb <email address hidden>
Reviewed-by: Alan Coopersmith <email address hidden>
(cherry picked from commit 6ba44b91e37622e f8c146d8f2ac92d 708a18ed34)
(cherry picked from commit f80d23357874db1 9bc124dee70239f b182977883)
656307e...
by
Julien Cristau
on 2011-01-23
glx: Work around wrong request lengths sent by mesa
mesa used to send too long requests for GLXDestroyPixmap,
GLXDestroyWindow, GLXChangeDrawab leAttributes, GLXGetDrawableA ttributes
and GLXGetFBConfigs SGIX.
Fixes a regression introduced in ec9c97c6bf70b52 3bc500bd3adf621 76f1bb33a4
X.Org bug#33324 <https:/ /bugs.freedeskt op.org/ show_bug. cgi?id= 33324 >
Reported-by: <email address hidden>
Signed-off-by: Julien Cristau <email address hidden>
Reviewed-by: Adam Jackson <email address hidden>
(cherry picked from commit 402b329c3aa8ddb ebaa1f593306a02 d4cd6fed26)
c821bd8...
by
Julien Cristau
on 2011-01-26
glx: fix BindTexImageEXT length check
The request is followed by a list of attributes.
X.Org bug#33449
Reported- and-tested- by: meng <email address hidden>
Signed-off-by: Julien Cristau <email address hidden>
Reviewed-by: Adam Jackson <email address hidden>
(cherry picked from commit 1137c11be0f8204 9d28024eaf963c6 f76e0d4334)
5b76d71...
by
Julien Cristau
on 2011-01-23
glx: fix request length check for CreateGLXPbuffe rSGIX
The request is followed by an attribute list.
Signed-off-by: Julien Cristau <email address hidden>
Reviewed-by: Adam Jackson <email address hidden>
(cherry picked from commit a883cf1545abd89 bb2cadfa6597188 84b56fd234)
7ed56f7...
by
Julien Cristau
on 2010-11-10
glx: validate numAttribs field before using it
Reviewed-by: Kristian Høgsberg <email address hidden>
Reviewed-by: Daniel Stone <email address hidden>
Signed-off-by: Julien Cristau <email address hidden>
(cherry picked from commit d9225b9602c8560 3ae616a7381c784 f5cf5e811c)
4f6ee61...
by
Julien Cristau
on 2010-08-22
glx: swap the request arrays entirely, not just half of them
Various glx requests include a list of pairs of attributes. We were
only swapping the first half.
Reviewed-by: Kristian Høgsberg <email address hidden>
Reviewed-by: Daniel Stone <email address hidden>
Signed-off-by: Julien Cristau <email address hidden>
(cherry picked from commit 62319e8381ebd64 5ae36b25e5fc3c0 e9b098387b)
0013026...
by
Julien Cristau
on 2010-08-21
glx: check request length before swapping
Reviewed-by: Kristian Høgsberg <email address hidden>
Reviewed-by: Daniel Stone <email address hidden>
Signed-off-by: Julien Cristau <email address hidden>
(cherry picked from commit 6c69235a9dfc52e 4b4e47630ff4bab 1a820eb543)
6ff0bcf...
by
Julien Cristau
on 2010-07-03
glx: validate request lengths
Reviewed-by: Adam Jackson <email address hidden>
Reviewed-by: Kristian Høgsberg <email address hidden>
Reviewed-by: Daniel Stone <email address hidden>
Signed-off-by: Julien Cristau <email address hidden>
(cherry-picked from commit ec9c97c6bf70b52 3bc500bd3adf621 76f1bb33a4)
94458a6...
by
Jeremy Sequoia
on 2011-03-13
XQuartz GL: Add $(GL_CFLAGS) to CFLAGS
This fixes a build failure I found on tinderbox.
Signed-off-by: Jeremy Huddleston <email address hidden>
(cherry picked from commit f641e4b34aa91ec da29e546b8b975e 72ce037ed0)
Conflicts:
hw/xquartz/ GL/Makefile. am
Signed-off-by: Jeremy Huddleston <email address hidden>