- security fixes (from RH7)

Changed files:
    XFree86-moresecurity.patch -> 1.1
    XFree86-xdmsecurity.patch -> 1.1

diff --git a/XFree86-moresecurity.patch b/XFree86-moresecurity.patch
new file mode 100644 (file)
index 0000000..2ac4497
--- /dev/null
+++ b/XFree86-moresecurity.patch
@@ -0,0 +1,14 @@
+--- XFree86-4.0/xc/lib/X11/OpenDis.c.moresecurity      Wed Jun 28 18:54:22 2000
++++ XFree86-4.0/xc/lib/X11/OpenDis.c   Wed Jun 28 18:54:58 2000
+@@ -397,6 +397,11 @@
+  * now extract the vendor string...  String must be null terminated,
+  * padded to multiple of 4 bytes.
+  */
++        /* Check for a sane vendor string length */
++        if (u.setup->nbytesVendor > 256) {
++            OutOfMemory(dpy, setup);
++            return (NULL);
++        }                                                                       
+       dpy->vendor = (char *) Xmalloc((unsigned) (u.setup->nbytesVendor + 1));
+       if (dpy->vendor == NULL) {
+           OutOfMemory(dpy, setup);

diff --git a/XFree86-xdmsecurity.patch b/XFree86-xdmsecurity.patch
new file mode 100644 (file)
index 0000000..e37c572
--- /dev/null
+++ b/XFree86-xdmsecurity.patch
@@ -0,0 +1,11 @@
+--- XFree86-4.0/xc/programs/xdm/xdmcp.c.xdmsecurity.patch      Sat Oct 10 11:25:40 1998
++++ XFree86-4.0/xc/programs/xdm/xdmcp.c        Wed Jun 28 18:30:13 2000
+@@ -1128,7 +1128,7 @@
+     XdmcpHeader       header;
+     ARRAY8    status;
+ 
+-    sprintf (buf, "Session %ld failed for display %s: %s",
++    snprintf (buf, sizeof(buf), "Session %ld failed for display %s: %s",
+            (long) sessionID, name, reason);
+     Debug ("Send failed %ld %s\n", (long) sessionID, buf);
+     status.length = strlen (buf);