Hello community, here is the log from the commit of package libXaw for openSUSE:Factory checked in at 2012-09-25 14:04:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libXaw (Old) and /work/SRC/openSUSE:Factory/.libXaw.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXaw", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/libXaw/libXaw.changes 2012-05-08 11:57:21.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libXaw.new/libXaw.changes 2012-09-25 14:18:23.000000000 +0200 @@ -1,0 +2,9 @@ +Wed Sep 19 22:21:17 UTC 2012 - [email protected] + +- Update to version 1.0.11: + + Only call XawStackFree if XawStackAlloc was used for allocation + + Correct order of arguments to XawStackFree() + + Correct undefined behavior access to out of scope pointer + contents + +------------------------------------------------------------------- Old: ---- libXaw-1.0.10.tar.bz2 New: ---- libXaw-1.0.11.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXaw.spec ++++++ --- /var/tmp/diff_new_pack.DktakW/_old 2012-09-25 14:18:24.000000000 +0200 +++ /var/tmp/diff_new_pack.DktakW/_new 2012-09-25 14:18:24.000000000 +0200 @@ -17,7 +17,7 @@ Name: libXaw -Version: 1.0.10 +Version: 1.0.11 Release: 0 Summary: The X Athena Widget Set License: MIT ++++++ libXaw-1.0.10.tar.bz2 -> libXaw-1.0.11.tar.bz2 ++++++ ++++ 5558 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXaw-1.0.10/ChangeLog new/libXaw-1.0.11/ChangeLog --- old/libXaw-1.0.10/ChangeLog 2012-03-23 03:54:40.000000000 +0100 +++ new/libXaw-1.0.11/ChangeLog 2012-06-02 06:35:56.000000000 +0200 @@ -1,3 +1,95 @@ +commit ffaad7ee2ef6e06b4585567df04f6b64356fb6fe +Author: Alan Coopersmith <[email protected]> +Date: Fri Jun 1 20:31:30 2012 -0700 + + libXaw 1.0.11 + + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 52081b462ff7d1844d014bf9be887197caa88160 +Author: Alan Coopersmith <[email protected]> +Date: Sat May 26 15:07:07 2012 -0700 + + Only call XawStackFree if XawStackAlloc was used for allocation + + In FormParagraph() in TextAction.c, the #if OLDXAW case always uses + fixed length buffers, while the !OLDXAW case uses XawStackAlloc & + XawStackFree to switch to dynamic allocations when the buffers aren't + large enough. + + A couple instances of XawStackFree slipped into the wrong side of + the #if checks though, so move them back where they belong. Also + reset pos afterwards, in the case we continue and may use it again, + to avoid the chance of a double free. + + Found by the Parfait 0.5.0.1 bug checking tool: + + Error: Free memory not allocated dynamically by alloc (CWE 590) + Free() was called on a pointer 'buf' to the auto variable 'buf'. Free() must only be used on dynamically allocated memory + at line 3946 of TextAction.c in function 'FormParagraph'. + 'buf' allocated at line 0 as auto variable. + at line 4000 of TextAction.c in function 'FormParagraph'. + 'buf' allocated at line 0 as auto variable. + Error: Use after free (CWE 416) + Use after free of pointer '&buf' + at line 3995 of TextAction.c in function 'FormParagraph'. + Previously freed at line 3946 with XtFree. + Error: Use after free + Double free (CWE 415): Double free of pointer '&buf' in call to XtFree + at line 4000 of TextAction.c in function 'FormParagraph'. + Previously freed at line 3946 with XtFree. + Double free (CWE 415): Double free of pointer '<unknown>' in call to XtFree + at line 4000 of TextAction.c in function 'FormParagraph'. + Previously freed at line 3946 with XtFree. + + Signed-off-by: Alan Coopersmith <[email protected]> + Acked-by: pcpa <[email protected]> + +commit ca35cff72a3100c9367b7e7f4811117c8733b8be +Author: Alan Coopersmith <[email protected]> +Date: Sat May 26 14:44:26 2012 -0700 + + Correct order of arguments to XawStackFree() + + XawStackAlloc() & XawStackFree() are macros to automate the process of + using a fixed size stack buffer for strings smaller than the buffer size, + and allocating/freeing memory for larger strings. + + XawStackFree is defined in src/Private.h as taking (pointer, stk_buffer) + and freeing pointer if it's not pointing to the stack buffer. + + Most of the calls of this macro get the ordering right, but a couple + got it reversed, passing a stack buffer to free() instead of the + allocated pointer. + + Found by the Parfait 0.5.0.1 bug checking tool: + + Error: Free memory not allocated dynamically by alloc (CWE 590) + Free() was called on a pointer 'buf' to the auto variable 'buf'. Free() must only be used on dynamically allocated memory + at line 2281 of TextAction.c in function 'DoFormatText'. + 'buf' allocated at line 0 as auto variable. + at line 2296 of TextAction.c in function 'DoFormatText'. + 'buf' allocated at line 0 as auto variable. + + Signed-off-by: Alan Coopersmith <[email protected]> + Acked-by: pcpa <[email protected]> + +commit 11c3a104141e1a4946ad949dfb5514df0b66a031 +Author: pcpa <[email protected]> +Date: Tue May 22 20:42:32 2012 -0300 + + Correct undefined behavior access to out of scope pointer contents. + + This problem is triggered in gcc 4.7 DCE (dead code elimination). + In the Xaw code, the local constant "String" is not guaranteed to + have global scope. + The problem was found when debugging the reason xedit built with + gcc 4.7 would be very unstable, and that happens regardless of using + a libXaw built with gcc 4.6. + + Signed-off-by: pcpa <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + commit b16cc35e551860a0bff54c47b33317536ddeae52 Author: Alan Coopersmith <[email protected]> Date: Thu Mar 22 19:51:33 2012 -0700 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXaw-1.0.10/compile new/libXaw-1.0.11/compile --- old/libXaw-1.0.10/compile 2012-03-23 03:52:05.000000000 +0100 +++ new/libXaw-1.0.11/compile 2012-06-02 05:31:48.000000000 +0200 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand `-c -o'. -scriptversion=2009-10-06.20; # UTC +scriptversion=2010-11-15.09; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009 Free Software +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010 Free Software # Foundation, Inc. # Written by Tom Tromey <[email protected]>. # @@ -29,6 +29,171 @@ # bugs to <[email protected]> or send patches to # <[email protected]>. +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Win32 hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as `compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l*) + lib=${1#-l} + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + set x "$@" "$dir/$lib.dll.lib" + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + set x "$@" "$dir/$lib.lib" + break + fi + done + IFS=$save_IFS + + test "$found" != yes && set x "$@" "$lib.lib" + shift + ;; + -L*) + func_file_conv "${1#-L}" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + case $1 in '') echo "$0: No command. Try \`$0 --help' for more information." 1>&2 @@ -53,11 +218,13 @@ echo "compile $scriptversion" exit $? ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; esac ofile= cfile= -eat= for arg do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXaw-1.0.10/configure.ac new/libXaw-1.0.11/configure.ac --- old/libXaw-1.0.10/configure.ac 2012-03-23 03:51:54.000000000 +0100 +++ new/libXaw-1.0.11/configure.ac 2012-06-02 05:31:36.000000000 +0200 @@ -1,7 +1,7 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXaw], [1.0.10], +AC_INIT([libXaw], [1.0.11], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXaw]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXaw-1.0.10/src/Text.c new/libXaw-1.0.11/src/Text.c --- old/libXaw-1.0.10/src/Text.c 2012-03-23 03:51:54.000000000 +0100 +++ new/libXaw-1.0.11/src/Text.c 2012-06-02 05:31:37.000000000 +0200 @@ -3146,7 +3146,7 @@ if (nelems == 1 && !strcmp (list[0], "none")) return; if (nelems == 0) { - String defaultSel = "PRIMARY"; + static String defaultSel = "PRIMARY"; list = &defaultSel; nelems = 1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXaw-1.0.10/src/TextAction.c new/libXaw-1.0.11/src/TextAction.c --- old/libXaw-1.0.10/src/TextAction.c 2012-03-23 03:51:54.000000000 +0100 +++ new/libXaw-1.0.11/src/TextAction.c 2012-06-02 05:31:37.000000000 +0200 @@ -2278,7 +2278,7 @@ text.length = bytes; bytes -= text.length; if (_XawTextReplace(ctx, tmp, tmp, &text)) { - XawStackFree(buf, text.ptr); + XawStackFree(text.ptr, buf); return (XawEditError); } if (num_pos) { @@ -2293,7 +2293,7 @@ } position += count; right += count; - XawStackFree(buf, text.ptr); + XawStackFree(text.ptr, buf); } break; } @@ -3935,6 +3935,8 @@ } if (FormRegion(ctx, from, to, pos, src->textSrc.num_text) == XawReplaceError) { + XawStackFree(pos, buf); + pos = buf; #else from = SrcScan(ctx->text.source, ctx->text.insertPos, XawstParagraph, XawsdLeft, 1, False); @@ -3943,7 +3945,6 @@ if (FormRegion(ctx, from, to, pos, 1) == XawReplaceError) { #endif - XawStackFree(pos, buf); XBell(XtDisplay(w), 0); #ifndef OLDXAW if (undo) { @@ -3991,13 +3992,13 @@ XawsdLeft, 1, False), False); tw->text.clear_to_eol = True; } + XawStackFree(pos, buf); #else ctx->text.old_insert = ctx->text.insertPos = *pos; _XawTextBuildLineTable(ctx, SrcScan(ctx->text.source, ctx->text.lt.top, XawstEOL, XawsdLeft, 1, False), False); ctx->text.clear_to_eol = True; #endif - XawStackFree(pos, buf); ctx->text.showposition = True; EndAction(ctx); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
