diff options
| -rw-r--r-- | lib/libdmx/ChangeLog | 57 | ||||
| -rw-r--r-- | lib/libdmx/configure | 37 | ||||
| -rw-r--r-- | lib/libdmx/configure.ac | 9 |
3 files changed, 92 insertions, 11 deletions
diff --git a/lib/libdmx/ChangeLog b/lib/libdmx/ChangeLog index cdc3e13e8..62dd42eb4 100644 --- a/lib/libdmx/ChangeLog +++ b/lib/libdmx/ChangeLog @@ -1,3 +1,60 @@ +commit 76e841968ceb69095eb0efcd435fc47440e86d2c +Author: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Tue May 28 16:45:02 2013 -0700 + + libdmx 1.1.3 + + Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> + +commit 5074d9d64192bd04519a438062b7d5bf216d06ee +Author: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Sat Mar 9 13:48:28 2013 -0800 + + integer overflow in DMXGetInputAttributes() [CVE-2013-1992 3/3] + + If the server provided nameLength causes integer overflow + when padding length is added, a smaller buffer would be allocated + than the amount of data written to it. + + Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> + Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> + +commit b6fe1a7af34ea620e002fc453f9c5eacf7db3969 +Author: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Sat Mar 9 13:48:28 2013 -0800 + + integer overflow in DMXGetWindowAttributes() [CVE-2013-1992 2/3] + + If the server provided screenCount causes integer overflow when + multiplied by the size of each array element, a smaller buffer + would be allocated than the amount of data written to it. + + Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> + Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> + +commit 78e11efe70d00063c830475eaaaa42f19380755d +Author: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Sat Mar 9 13:48:28 2013 -0800 + + integer overflow in DMXGetScreenAttributes() [CVE-2013-1992 1/3] + + If the server provided displayNameLength causes integer overflow + when padding length is added, a smaller buffer would be allocated + than the amount of data written to it. + + Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> + Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> + +commit f34f6f64698c3b957aadba7315bb13726e3d79b0 +Author: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Fri May 3 23:10:47 2013 -0700 + + Use _XEatDataWords to avoid overflow of rep.length bit shifting + + rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds + + Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> + commit 9f470c92bc2d194c8abb9154f42864e6c82f43ef Author: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Wed Mar 7 21:43:10 2012 -0800 diff --git a/lib/libdmx/configure b/lib/libdmx/configure index fc8d09450..f1f86ff05 100644 --- a/lib/libdmx/configure +++ b/lib/libdmx/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libdmx 1.1.2. +# Generated by GNU Autoconf 2.69 for libdmx 1.1.3. # # Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=xorg>. # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libdmx' PACKAGE_TARNAME='libdmx' -PACKAGE_VERSION='1.1.2' -PACKAGE_STRING='libdmx 1.1.2' +PACKAGE_VERSION='1.1.3' +PACKAGE_STRING='libdmx 1.1.3' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg' PACKAGE_URL='' @@ -1346,7 +1346,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libdmx 1.1.2 to adapt to many kinds of systems. +\`configure' configures libdmx 1.1.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1416,7 +1416,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libdmx 1.1.2:";; + short | recursive ) echo "Configuration of libdmx 1.1.3:";; esac cat <<\_ACEOF @@ -1535,7 +1535,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libdmx configure 1.1.2 +libdmx configure 1.1.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1859,7 +1859,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libdmx $as_me 1.1.2, which was +It was created by libdmx $as_me 1.1.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2688,7 +2688,7 @@ fi # Define the identity of the package. PACKAGE='libdmx' - VERSION='1.1.2' + VERSION='1.1.3' cat >>confdefs.h <<_ACEOF @@ -17637,6 +17637,23 @@ done LIBS="$SAVE_LIBS" +# Check for _XEatDataWords function that may be patched into older Xlib releases +SAVE_LIBS="$LIBS" +LIBS="$DMX_LIBS" +for ac_func in _XEatDataWords +do : + ac_fn_c_check_func "$LINENO" "_XEatDataWords" "ac_cv_func__XEatDataWords" +if test "x$ac_cv_func__XEatDataWords" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE__XEATDATAWORDS 1 +_ACEOF + +fi +done + +LIBS="$SAVE_LIBS" + + ac_config_files="$ac_config_files Makefile src/Makefile man/Makefile dmx.pc" cat >confcache <<\_ACEOF @@ -18173,7 +18190,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libdmx $as_me 1.1.2, which was +This file was extended by libdmx $as_me 1.1.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18239,7 +18256,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libdmx config.status 1.1.2 +libdmx config.status 1.1.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/lib/libdmx/configure.ac b/lib/libdmx/configure.ac index 4629cf822..47f511e23 100644 --- a/lib/libdmx/configure.ac +++ b/lib/libdmx/configure.ac @@ -21,7 +21,7 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libdmx], [1.1.2], +AC_INIT([libdmx], [1.1.3], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libdmx]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) @@ -50,6 +50,13 @@ AC_CHECK_FUNCS([_XEatDataWords]) LIBS="$SAVE_LIBS" +# Check for _XEatDataWords function that may be patched into older Xlib releases +SAVE_LIBS="$LIBS" +LIBS="$DMX_LIBS" +AC_CHECK_FUNCS([_XEatDataWords]) +LIBS="$SAVE_LIBS" + + AC_CONFIG_FILES([Makefile src/Makefile man/Makefile |