summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libXRes/ChangeLog62
-rw-r--r--lib/libXRes/configure36
-rw-r--r--lib/libXRes/configure.ac10
-rw-r--r--lib/libXRes/src/Makefile.am2
-rw-r--r--lib/libXRes/src/Makefile.in2
5 files changed, 98 insertions, 14 deletions
diff --git a/lib/libXRes/ChangeLog b/lib/libXRes/ChangeLog
index 5832f5948..bfd4c5905 100644
--- a/lib/libXRes/ChangeLog
+++ b/lib/libXRes/ChangeLog
@@ -1,3 +1,65 @@
+commit b51a7b0ccf0d5ccb53fbd5d34ed8fe57603d2604
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu May 30 17:51:12 2013 -0700
+
+ libXres 1.0.7
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit ad156a716a324ee60362c8ba66a5ed8c835c219b
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Apr 12 23:36:13 2013 -0700
+
+ integer overflow in XResQueryClientResources() [CVE-2013-1988 2/2]
+
+ The CARD32 rep.num_types needs to be bounds checked before multiplying
+ by sizeof(XResType) to avoid integer overflow leading to underallocation
+ and writing data from the network past the end of the allocated buffer.
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 3ec2db9eeb9ba8fb561802b0c4b8bf79e321b7a2
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Apr 12 23:36:13 2013 -0700
+
+ integer overflow in XResQueryClients() [CVE-2013-1988 1/2]
+
+ The CARD32 rep.num_clients needs to be bounds checked before multiplying
+ by sizeof(XResClient) to avoid integer overflow leading to underallocation
+ and writing data from the network past the end of the allocated buffer.
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 95b352b0f4a1ab1bc254e78adbc73cd65223ded4
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat Apr 13 10:34:22 2013 -0700
+
+ Use _XEatDataWords to avoid overflow of rep.length shifting
+
+ rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit d54acff47096cf52a9b8e018a26f7165e1092eb5
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Jan 18 23:06:20 2013 -0800
+
+ Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
+
+ Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
+
+ - Support for the long-deprecated INCLUDES variable will be removed
+ altogether in Automake 1.14. The AM_CPPFLAGS variable should be
+ used instead.
+
+ This variable was deprecated in Automake releases prior to 1.10, which is
+ the current minimum level required to build X.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ (cherry picked from commit 83e7693515369d57dcd11c2bb1f03563f51bc500)
+
commit e6e0e02e4bf764fa58798540793bdeb44a60cc7f
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed Mar 7 20:53:56 2012 -0800
diff --git a/lib/libXRes/configure b/lib/libXRes/configure
index a6a585e8d..38bf883b8 100644
--- a/lib/libXRes/configure
+++ b/lib/libXRes/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libXres 1.0.6.
+# Generated by GNU Autoconf 2.69 for libXres 1.0.7.
#
# Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=xorg>.
#
@@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='libXres'
PACKAGE_TARNAME='libXres'
-PACKAGE_VERSION='1.0.6'
-PACKAGE_STRING='libXres 1.0.6'
+PACKAGE_VERSION='1.0.7'
+PACKAGE_STRING='libXres 1.0.7'
PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg'
PACKAGE_URL=''
@@ -1346,7 +1346,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libXres 1.0.6 to adapt to many kinds of systems.
+\`configure' configures libXres 1.0.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1416,7 +1416,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libXres 1.0.6:";;
+ short | recursive ) echo "Configuration of libXres 1.0.7:";;
esac
cat <<\_ACEOF
@@ -1535,7 +1535,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libXres configure 1.0.6
+libXres configure 1.0.7
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1859,7 +1859,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libXres $as_me 1.0.6, which was
+It was created by libXres $as_me 1.0.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2688,7 +2688,7 @@ fi
# Define the identity of the package.
PACKAGE='libXres'
- VERSION='1.0.6'
+ VERSION='1.0.7'
cat >>confdefs.h <<_ACEOF
@@ -17640,6 +17640,22 @@ done
LIBS="$SAVE_LIBS"
+# Check for _XEatDataWords function that may be patched into older Xlib release
+SAVE_LIBS="$LIBS"
+LIBS="$XRES_LIBS"
+for ac_func in _XEatDataWords
+do :
+ ac_fn_c_check_func "$LINENO" "_XEatDataWords" "ac_cv_func__XEatDataWords"
+if test "x$ac_cv_func__XEatDataWords" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE__XEATDATAWORDS 1
+_ACEOF
+
+fi
+done
+
+LIBS="$SAVE_LIBS"
+
ac_config_files="$ac_config_files Makefile src/Makefile man/Makefile xres.pc"
cat >confcache <<\_ACEOF
@@ -18176,7 +18192,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libXres $as_me 1.0.6, which was
+This file was extended by libXres $as_me 1.0.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -18242,7 +18258,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libXres config.status 1.0.6
+libXres config.status 1.0.7
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/lib/libXRes/configure.ac b/lib/libXRes/configure.ac
index 2f8303493..74f2a0ac0 100644
--- a/lib/libXRes/configure.ac
+++ b/lib/libXRes/configure.ac
@@ -1,5 +1,5 @@
dnl
-dnl $Id: configure.ac,v 1.5 2013/05/23 22:42:11 matthieu Exp $
+dnl $Id: configure.ac,v 1.6 2013/05/31 15:23:23 matthieu Exp $
#
# Copyright © 2003 Keith Packard, Noah Levitt
#
@@ -31,7 +31,7 @@ AC_PREREQ([2.60])
# digit in the version number to track changes which don't affect the
# protocol, so XRes version l.n.m corresponds to protocol version l.n
#
-AC_INIT([libXres], [1.0.6],
+AC_INIT([libXres], [1.0.7],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXres])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
@@ -63,6 +63,12 @@ LIBS="$XRES_LIBS"
AC_CHECK_FUNCS([_XEatDataWords])
LIBS="$SAVE_LIBS"
+# Check for _XEatDataWords function that may be patched into older Xlib release
+SAVE_LIBS="$LIBS"
+LIBS="$XRES_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
AC_CONFIG_FILES([Makefile
src/Makefile
man/Makefile
diff --git a/lib/libXRes/src/Makefile.am b/lib/libXRes/src/Makefile.am
index fd508da4c..bf66d6863 100644
--- a/lib/libXRes/src/Makefile.am
+++ b/lib/libXRes/src/Makefile.am
@@ -10,7 +10,7 @@ AM_CFLAGS = \
$(XRES_CFLAGS) \
$(MALLOC_ZERO_CFLAGS)
-INCLUDES = -I$(top_srcdir)/include
+AM_CPPFLAGS = -I$(top_srcdir)/include
libXRes_la_LDFLAGS = -version-number 1:0:0 -no-undefined
diff --git a/lib/libXRes/src/Makefile.in b/lib/libXRes/src/Makefile.in
index 449bff732..50d403065 100644
--- a/lib/libXRes/src/Makefile.in
+++ b/lib/libXRes/src/Makefile.in
@@ -297,7 +297,7 @@ AM_CFLAGS = \
$(XRES_CFLAGS) \
$(MALLOC_ZERO_CFLAGS)
-INCLUDES = -I$(top_srcdir)/include
+AM_CPPFLAGS = -I$(top_srcdir)/include
libXRes_la_LDFLAGS = -version-number 1:0:0 -no-undefined
libXResincludedir = $(includedir)/X11/extensions
libXResinclude_HEADERS = $(top_srcdir)/include/X11/extensions/XRes.h