Path to this page:
./
x11/libXi,
X Input extension library
Branch: pkgsrc-2013Q2,
Version: 1.7.2,
Package name: libXi-1.7.2,
Maintainer: joergThis package contains the Xi extension. This is the X Input extension
library.
This is part of the X Libraries and Protocol Headers Project at
freedesktop.org.
Required to run:[
x11/Xfixes]
Required to build:[
pkgtools/x11-links] [
x11/fixesproto4] [
x11/xextproto] [
x11/xproto] [
x11/inputproto]
Master sites: (Expand)
SHA1: 53c90cd52e40065e04886f046383c1e5c507e0c4
RMD160: 514199e00894f280400f86b613b4f208133d7ee1
Filesize: 430.634 KB
Version history: (Expand)
- (2013-07-16) Updated to version: libXi-1.7.2
- (2013-07-08) Package added to pkgsrc.se, version libXi-1.7.1 (created)
CVS history: (Expand)
2013-07-15 21:41:34 by Matthias Scheler | Files touched by this commit (2) | |
Log message:
Pullup ticket #4177 - requested by taca
x11/libXi: security update
Revisions pulled up:
- x11/libXi/Makefile 1.24
- x11/libXi/distinfo 1.20
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jul 3 06:27:03 UTC 2013
Modified Files:
pkgsrc/x11/libXi: Makefile distinfo
Log message:
Update to 1.7.2.
Changes in 1.7.2:
Only one minor change since the RC. Again, this release contains the fixes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995 so you're encouraged to
update.
Peter Hutterer (1):
libXi 1.7.2
Thomas Klausner (1):
Remove check that can never be true.
Changses in 1.7.1.901:
First and likely only RC for libXi 1.7.2. This one has a bunch of changes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various
integer overflows and other corruption that happens if we trust the server
a bit too much on the data we're being sent.
On top of those fixes, the sequence number in XI2 events is now set
propertly too (#64687).
Please test, if you find any issues let me know.
Alan Coopersmith (14):
Expand comment on the memory vs. reply ordering in XIGetSelectedEvents()
Use _XEatDataWords to avoid overflow of rep.length bit shifting
Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3]
memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3]
unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3]
integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8]
integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8]
integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8]
integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8]
integer overflow in XIGetProperty() [CVE-2013-1984 5/8]
integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8]
Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8]
Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8]
sign extension issue in XListInputDevices() [CVE-2013-1995]
Peter Hutterer (7):
Copy the sequence number into the target event too (#64687)
Don't overwrite the cookies serial number
Fix potential corruption in mask_len handling
Change size += to size = in XGetDeviceControl
If the XGetDeviceDontPropagateList reply has an invalid length, return 0
Include limits.h to prevent build error: missing INT_MAX
libXi 1.7.1.901
|