19811326 problem in X11/VNC
20738319 Refactor gtf(1) out of the primary X server package
--- a/open-src/xserver/xorg/Makefile Wed Apr 15 12:39:55 2015 -0700
+++ b/open-src/xserver/xorg/Makefile Fri Apr 24 08:05:44 2015 -0700
@@ -115,6 +115,8 @@
SUNTOUCH_MAN_FLAGS_Xvfb = -o '{Availability, $(MODULE_PKGNAME:%xorg=%xvfb)}'
SUNTOUCH_MAN_FLAGS_Xdmx = -o '{Availability, $(MODULE_PKGNAME:%xorg=%xdmx)}'
SUNTOUCH_MAN_FLAGS_Xserver = -o '{Availability, $(MODULE_PKGNAME:%xorg=%xserver-common)}'
+SUNTOUCH_MAN_FLAGS_cvt = -o '{Availability, x11/modeline-utilities}'
+SUNTOUCH_MAN_FLAGS_gtf = -o '{Availability, x11/modeline-utilities}'
SUNTOUCH_MAN_FLAGS_xdmxconfig = $(SUNTOUCH_MAN_FLAGS_Xdmx)
SUNTOUCH_MAN_FLAGS_vdltodmx = $(SUNTOUCH_MAN_FLAGS_Xdmx)
SUNTOUCH_MAN_FLAGS_dmxtodmx = $(SUNTOUCH_MAN_FLAGS_Xdmx)
@@ -296,12 +298,14 @@
XVFB_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-xorg=%-xvfb)
XDMX_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-xorg=%-xdmx)
XTSOL_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-server-xorg=%-trusted-trusted-xorg)
+MODES_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-server-xorg=%-modeline-utilities)
EXTRA_METADATA_DIRS = $(XCOMMON_PKG_METADATA_DIR) \
$(XEPHYR_PKG_METADATA_DIR) \
$(XVFB_PKG_METADATA_DIR) \
$(XDMX_PKG_METADATA_DIR) \
- $(XTSOL_PKG_METADATA_DIR)
+ $(XTSOL_PKG_METADATA_DIR) \
+ $(MODES_PKG_METADATA_DIR)
EXTRA_ATTRDATA_FILES = $(EXTRA_METADATA_DIRS:%=%/$(ATTRDATA_FILE_NAME))
EXTRA_LICENSE_FILES = $(EXTRA_METADATA_DIRS:%=%/$(LICENSE_FILE_NAME))
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/open-src/xserver/xvnc/CVE-2014-8240.patch Fri Apr 24 08:05:44 2015 -0700
@@ -0,0 +1,34 @@
+--- a/unix/x0vncserver/Image.cxx Wed Oct 22 10:30:27 2014
++++ b/unix/x0vncserver/Image.cxx Wed Oct 22 10:46:12 2014
+@@ -79,6 +79,13 @@
+
+ xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)),
+ ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0);
++ if (xim->bytes_per_line <= 0 ||
++ xim->height <= 0 ||
++ xim->height >= INT_MAX / xim->bytes_per_line) {
++ vlog.error("Invalid display size");
++ XDestroyImage(xim);
++ exit(1);
++ }
+
+ xim->data = (char *)malloc(xim->bytes_per_line * xim->height);
+ if (xim->data == NULL) {
+@@ -256,6 +263,17 @@
+ return;
+ }
+
++ if (xim->bytes_per_line <= 0 ||
++ xim->height <= 0 ||
++ xim->height >= INT_MAX / xim->bytes_per_line) {
++ vlog.error("Invalid display size");
++ XDestroyImage(xim);
++ xim = NULL;
++ delete shminfo;
++ shminfo = NULL;
++ return;
++ }
++
+ shminfo->shmid = shmget(IPC_PRIVATE,
+ xim->bytes_per_line * xim->height,
+ IPC_CREAT|0777);
--- a/open-src/xserver/xvnc/Makefile Wed Apr 15 12:39:55 2015 -0700
+++ b/open-src/xserver/xvnc/Makefile Fri Apr 24 08:05:44 2015 -0700
@@ -80,6 +80,7 @@
SOURCE_PATCHES += solaris-port.patch,-p1
SOURCE_PATCHES += solaris-audit.patch,-p1
SOURCE_PATCHES += 17950657.patch,-p1
+SOURCE_PATCHES += CVE-2014-8240.patch,-p1
# Need to regenerate autoconf/automake files after patching
AUTORECONF=yes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/pkg/manifests/x11-modeline-utilities.p5m Fri Apr 24 08:05:44 2015 -0700
@@ -0,0 +1,29 @@
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice (including the next
+# paragraph) shall be included in all copies or substantial portions of the
+# Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+#
+set name=pkg.fmri value=pkg:/x11/modeline-utilities@__version:xorg-server__
+set name=pkg.summary value="Utilities for generating modelines"
+set name=pkg.description \
+ value="This a collection of small utilities for calculating Coordinated Video Timing (CVT) and Generalized Timing Formula (GTF) VESA mode lines. They provide output suitable for use with the Xorg xorg.conf(4) configuration file."
+file path=usr/bin/cvt
+file path=usr/bin/gtf
+file path=usr/share/man/man1/cvt.1
+file path=usr/share/man/man1/gtf.1
--- a/pkg/manifests/x11-server-xorg.p5m Wed Apr 15 12:39:55 2015 -0700
+++ b/pkg/manifests/x11-server-xorg.p5m Fri Apr 24 08:05:44 2015 -0700
@@ -1,4 +1,4 @@
-# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
@@ -38,8 +38,6 @@
# On SPARC, Xorg only requires setuid root in order to create the
# Xorg.*.log file in /var/log
file path=usr/bin/Xorg owner=root mode=4555
-file path=usr/bin/cvt
-file path=usr/bin/gtf
dir path=usr/include/xorg
file path=usr/include/xorg/BT.h
file path=usr/include/xorg/IBM.h
@@ -246,8 +244,6 @@
path=usr/share/doc/release-notes/x11:server:xorg:driver:xorg-video-trident-1.txt \
release-note=pkg:/x11/server/xorg/driver/[email protected],5.11-0.175.2.0.0.22.0
file path=usr/share/man/man1/Xorg.1
-file path=usr/share/man/man1/cvt.1
-file path=usr/share/man/man1/gtf.1
file path=usr/share/man/man1/xorgcfg.1
file path=usr/share/man/man1/xorgconfig.1
file path=usr/share/man/man4/xorg.conf.4
@@ -261,6 +257,10 @@
desc="X Window System server based on X.Org Foundation open source release" \
name="X.Org Foundation Xserver"
+# cvt and gtf were part of the Xorg pkg - moving them to a different pkg
+# as per 20738319
+depend type=group fmri=pkg:/x11/modeline-utilities
+
# keyboard & mouse drivers used to be part of this package, so we preserve
# the dependency to ensure they're not lost on upgrade, and normally installed
# on fresh install, but make it a group dependency, so that users can choose