Hello community, here is the log from the commit of package libXext for openSUSE:Factory checked in at 2013-06-05 11:56:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libXext (Old) and /work/SRC/openSUSE:Factory/.libXext.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXext" Changes: -------- --- /work/SRC/openSUSE:Factory/libXext/libXext.changes 2013-03-22 11:55:04.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libXext.new/libXext.changes 2013-06-05 11:56:10.000000000 +0200 @@ -1,0 +2,9 @@ +Sat Jun 1 20:18:37 UTC 2013 - [email protected] + +- Update to version 1.3.2: + This release provides fixes for the recently announced security issue + CVE-2013-1982, as well as build configuration improvements, man page + macro cleanups to work better with doclifter, and several other small + fixes. + +------------------------------------------------------------------- Old: ---- libXext-1.3.1.tar.bz2 New: ---- libXext-1.3.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXext.spec ++++++ --- /var/tmp/diff_new_pack.FNXuIt/_old 2013-06-05 11:56:11.000000000 +0200 +++ /var/tmp/diff_new_pack.FNXuIt/_new 2013-06-05 11:56:11.000000000 +0200 @@ -18,7 +18,7 @@ Name: libXext %define lname libXext6 -Version: 1.3.1 +Version: 1.3.2 Release: 0 Summary: Common extensions to the X11 protocol License: MIT ++++++ libXext-1.3.1.tar.bz2 -> libXext-1.3.2.tar.bz2 ++++++ ++++ 14143 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/COPYING new/libXext-1.3.2/COPYING --- old/libXext-1.3.1/COPYING 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/COPYING 2013-05-31 23:35:08.000000000 +0200 @@ -160,7 +160,8 @@ of the information in this document. This documentation is provided ``as is'' without express or implied warranty. -Copyright (c) 1999, 2005, 2006, Oracle and/or its affiliates. All rights reserved. +Copyright (c) 1999, 2005, 2006, 2013, Oracle and/or its affiliates. +All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/ChangeLog new/libXext-1.3.2/ChangeLog --- old/libXext-1.3.1/ChangeLog 2012-03-08 05:01:08.000000000 +0100 +++ new/libXext-1.3.2/ChangeLog 2013-05-31 23:39:36.000000000 +0200 @@ -1,3 +1,180 @@ +commit d8366afbb0d2e4fbb1e419b1187f490522270bea +Author: Alan Coopersmith <[email protected]> +Date: Fri May 31 14:34:58 2013 -0700 + + libXext 1.3.2 + + Signed-off-by: Alan Coopersmith <[email protected]> + +commit dfe6e1f3b8ede3d0bab7a5fa57f73513a09ec649 +Author: Alan Coopersmith <[email protected]> +Date: Sat Mar 9 14:40:33 2013 -0800 + + integer overflow in XSyncListSystemCounters() [CVE-2013-1982 6/6] + + If the number of counters or amount of data reported by the server is + large enough that it overflows when multiplied by the size of the + appropriate struct, then memory corruption can occur when more bytes + are read from the X server than the size of the buffers we allocated + to hold them. + + V2: Make sure we don't walk past the end of the reply when converting + data from wire format to the structures returned to the caller. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 6ecd96e8be3c33e2ffad6631cea4aa0a030d93c2 +Author: Alan Coopersmith <[email protected]> +Date: Sat Mar 9 14:40:33 2013 -0800 + + integer overflow in XShapeGetRectangles() [CVE-2013-1982 5/6] + + If the number of rectangles reported by the server is large enough that + it overflows when multiplied by the size of the appropriate struct, then + memory corruption can occur when more bytes are read from the X server + than the size of the buffer we allocated to hold them. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 67ecdcf7e29de9fa78b421122620525ed2c7db88 +Author: Alan Coopersmith <[email protected]> +Date: Sat Mar 9 14:40:33 2013 -0800 + + integer overflow in XeviGetVisualInfo() [CVE-2013-1982 4/6] + + If the number of visuals or conflicts reported by the server is large + enough that it overflows when multiplied by the size of the appropriate + struct, then memory corruption can occur when more bytes are read from + the X server than the size of the buffer we allocated to hold them. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 96d1da55a08c4cd52b763cb07bdce5cdcbec4da8 +Author: Alan Coopersmith <[email protected]> +Date: Sat Mar 9 14:40:33 2013 -0800 + + several integer overflows in XdbeGetVisualInfo() [CVE-2013-1982 3/6] + + If the number of screens or visuals reported by the server is large enough + that it overflows when multiplied by the size of the appropriate struct, + then memory corruption can occur when more bytes are read from the X server + than the size of the buffer we allocated to hold them. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 082d70b19848059ba78c9d1c315114fb07e8c0ef +Author: Alan Coopersmith <[email protected]> +Date: Sat Mar 9 14:40:33 2013 -0800 + + integer overflow in XcupStoreColors() [CVE-2013-1982 2/6] + + If the computed number of entries is large enough that it overflows when + multiplied by the size of a xColorItem struct, or is treated as negative + when compared to the size of the stack allocated buffer, then memory + corruption can occur when more bytes are read from the X server than the + size of the buffer we allocated to hold them. + + The requirement to match the number of colors specified by the caller makes + this much harder to hit than the one in XcupGetReservedColormapEntries() + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit d05f27a6f74cb419ad5a437f2e4690b17e7faee5 +Author: Alan Coopersmith <[email protected]> +Date: Sat Mar 9 14:40:33 2013 -0800 + + integer overflow in XcupGetReservedColormapEntries() [CVE-2013-1982 1/6] + + If the computed number of entries is large enough that it overflows when + multiplied by the size of a xColorItem struct, or is treated as negative + when compared to the size of the stack allocated buffer, then memory + corruption can occur when more bytes are read from the X server than the + size of the buffer we allocated to hold them. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit ca84a813716f9de691dc3f60390d83af4b5ae534 +Author: Alan Coopersmith <[email protected]> +Date: Sat Apr 13 09:32:12 2013 -0700 + + Use _XEatDataWords to avoid overflow of rep.length bit shifting + + rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds + + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 8eee1236041d46a21faba32e0d27c26985267d89 +Author: Colin Walters <[email protected]> +Date: Wed Jan 4 17:37:06 2012 -0500 + + autogen.sh: Implement GNOME Build API + + http://people.gnome.org/~walters/docs/build-api.txt + + Signed-off-by: Adam Jackson <[email protected]> + +commit dbf4b9ec4a8aa97b0c47d58ee158dd3aa8832af5 +Author: Adam Jackson <[email protected]> +Date: Tue Jan 15 14:28:48 2013 -0500 + + configure: Remove AM_MAINTAINER_MODE + + Signed-off-by: Adam Jackson <[email protected]> + +commit 7081afc98643e3ef8a3ed711183c8fc8fef30cfa +Author: Eric S. Raymond <[email protected]> +Date: Thu Aug 23 13:34:16 2012 -0400 + + Replace presentationm-level requests with .RS/RE. + + This will assist translation to DocBook. + + Signed-off-by: Eric S. Raymond <[email protected]> + +commit d618eac132fc9e13bbfb9e58e3375f015db2a179 +Author: Eric S. Raymond <[email protected]> +Date: Thu Aug 23 13:25:27 2012 -0400 + + Replace various unsafe presentation-level requests with .RS/.RE and .EX/EE. + + These can be translated structurally into DocBook. + +commit e78e51359fd22b69e646167bc9d3f9b28a5c755f +Author: Thomas Klausner <[email protected]> +Date: Wed Jul 18 23:40:18 2012 +0200 + + Avoid having macros expand code to be: ((f) ? (f)->m1 : NULL)->m2 + + From Matthew R. Green <[email protected]> + + Signed-off-by: Thomas Klausner <[email protected]> + Signed-off-by: Peter Hutterer <[email protected]> + +commit ed8d50ba3a6f837d213ed7c39c2b63d33fc75a38 +Author: Chase Douglas <[email protected]> +Date: Fri Apr 20 15:08:08 2012 -0700 + + Destroy generic event extension after last display is removed + + The extension record is currently leaked and never freed. + + Signed-off-by: Chase Douglas <[email protected]> + Signed-off-by: Peter Hutterer <[email protected]> + +commit c6fc799a81334a223cf0e924cd9e7e94ba147835 +Author: Peter Hutterer <[email protected]> +Date: Mon Apr 23 14:59:51 2012 +1000 + + sync: fix copy/paste error in comment + + Signed-off-by: Peter Hutterer <[email protected]> + commit e9c1e346c90e697d5d8f0e756ef8b6e3ed339e29 Author: Alan Coopersmith <[email protected]> Date: Wed Mar 7 19:54:50 2012 -0800 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/config.h.in new/libXext-1.3.2/config.h.in --- old/libXext-1.3.1/config.h.in 2012-03-08 04:55:13.000000000 +0100 +++ new/libXext-1.3.2/config.h.in 2013-05-31 23:35:18.000000000 +0200 @@ -30,6 +30,9 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H +/* Define to 1 if you have the `_XEatDataWords' function. */ +#undef HAVE__XEATDATAWORDS + /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #undef LT_OBJDIR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/configure.ac new/libXext-1.3.2/configure.ac --- old/libXext-1.3.1/configure.ac 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/configure.ac 2013-05-31 23:35:08.000000000 +0200 @@ -1,14 +1,13 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXext], [1.3.1], +AC_INIT([libXext], [1.3.2], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXext]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) # Initialize Automake AM_INIT_AUTOMAKE([foreign dist-bzip2]) -AM_MAINTAINER_MODE # Initialize libtool AC_PROG_LIBTOOL @@ -39,6 +38,12 @@ # Obtain compiler/linker options for depedencies PKG_CHECK_MODULES(XEXT, [xproto >= 7.0.13] [x11 >= 1.1.99.1] [xextproto >= 7.1.99]) +# Check for _XEatDataWords function that may be patched into older Xlib releases +SAVE_LIBS="$LIBS" +LIBS="$XEXT_LIBS" +AC_CHECK_FUNCS([_XEatDataWords]) +LIBS="$SAVE_LIBS" + # Allow checking code with lint, sparse, etc. XORG_WITH_LINT XORG_LINT_LIBRARY([Xext]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/include/X11/extensions/sync.h new/libXext-1.3.2/include/X11/extensions/sync.h --- old/libXext-1.3.1/include/X11/extensions/sync.h 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/include/X11/extensions/sync.h 2013-05-31 23:35:08.000000000 +0200 @@ -203,7 +203,7 @@ } XSyncCounterNotifyEvent; typedef struct { - int type; /* event base + XSyncCounterNotify */ + int type; /* event base + XSyncAlarmNotify */ unsigned long serial; /* # of last request processed by server */ Bool send_event; /* true if this came from a SendEvent request */ Display *display; /* Display the event was read from */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/man/XShape.man new/libXext-1.3.2/man/XShape.man --- old/libXext-1.3.1/man/XShape.man 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/man/XShape.man 2013-05-31 23:35:08.000000000 +0200 @@ -123,8 +123,7 @@ .fi .SH STRUCTURES .nf -.LP -.ta 3i +.ft CW typedef struct { int type; /\&* of event */ unsigned long serial; /\&* # of last request processed by server */ @@ -137,38 +136,39 @@ Time time; /\&* server timestamp when region changed */ Bool shaped; /\&* true if the region exists */ } XShapeEvent; +.ft .fi .SH DESCRIPTION The \fIX11 Nonrectangular Window Shape Extension\fP adds nonrectangular windows to the X Window System. .SH PREDEFINED VALUES Operations: -.in +.5i +.RS .nf .ZN ShapeSet .ZN ShapeUnion .ZN ShapeIntersect .ZN ShapeSubtract .ZN ShapeInvert -.in -.5i .fi +.RE .sp Shape Kinds: -.in +.5i +.RS .nf .ZN ShapeBounding .ZN ShapeClip -.in -.5i .fi +.RE .sp Event defines: -.in +.5i +.RS .nf .ZN ShapeNotifyMask .ZN ShapeNotify -.in -.5i .fi +.RE .SH BUGS -This manual pages needs a lot more work. +This manual page needs a lot more work. .SH SEE ALSO \fIX11 Nonrectangular Window Shape Extension\fP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/man/Xmbuf.man new/libXext-1.3.2/man/Xmbuf.man --- old/libXext-1.3.1/man/Xmbuf.man 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/man/Xmbuf.man 2013-05-31 23:35:08.000000000 +0200 @@ -36,25 +36,32 @@ .ie t \fB\^\\$1\^\fR\\$2 .el \fI\^\\$1\^\fP\\$2 .. +.de EX +.nf +.ft CW +.. +.de EE +.ft +.fi +.. .TH XMBUF __libmansuffix__ __xorgversion__ "X FUNCTIONS" .SH NAME XmbufQueryExtension, XmbufGetVersion, XmbufCreateBuffers, XmbufDestroyBuffers, XmbufDisplayBuffers, XmbufGetWindowAttributes, XmbufChangeWindowAttributes, XmbufGetBufferAttributes, XmbufChangeBufferAttributes, XmbufGetScreenInfo, XmbufCreateStereoWindow - X multibuffering functions .SH SYNTAX -.nf -.LP +.EX \&#include <X11/extensions/multibuf.h> -.LP + Bool XmbufQueryExtension( Display *dpy, Display *dpy, int *event_base_return, int *error_base_return); -.LP + Status XmbufGetVersion( Display *dpy, int *major_version_return, int *minor_version_return); -.LP + int XmbufCreateBuffers( Display *dpy, Window window, @@ -62,40 +69,40 @@ int update_action, int update_hint, Multibuffer *buffers_update); -.LP + void XmbufDestroyBuffers( Display *dpy, Window window); -.LP + void XmbufDisplayBuffers( Display *dpy, int count, Multibuffer *buffers, int min_delay, int max_delay); -.LP + Status XmbufGetWindowAttributes( Display *dpy, Window window, XmbufWindowAttributes *attributes); -.LP + void XmbufChangeWindowAttributes( Display *dpy, Window window, unsigned long valuemask, XmbufSetWindowAttributes *attributes); -.LP + Status XmbufGetBufferAttributes( Display *dpy, Multibuffer buffer, XmbufBufferAttributes *attributes); -.LP + void XmbufChangeBufferAttributes( Display *dpy, Multibuffer buffer, unsigned long valuemask, XmbufSetBufferAttributes *attributes); -.LP + Status XmbufGetScreenInfo( Display *dpy, Drawable drawable, @@ -103,7 +110,7 @@ XmbufBufferInfo **mono_info_return, int *nstereo_return, XmbufBufferInfo **stereo_info_return); -.LP + Window XmbufCreateStereoWindow( Display *dpy, Window parent, @@ -119,29 +126,31 @@ XSetWindowAttributes *attributes, Multibuffer *left_return, Multibuffer *right_return); -.fi +.EE .SH STRUCTURES -.nf -.ta 3i \fIEvents:\fP +.EX typedef struct { - int type; /\&* of event */ - unsigned long serial; /\&* # of last request processed by server */ - int send_event; /\&* true if this came from a SendEvent request */ - Display *display; /\&* Display the event was read from */ - Multibuffer buffer; /\&* buffer of event */ - int state; /\&* see Clobbered constants above */ + int type; /\&* of event */ + unsigned long serial; /\&* # of last request processed by server */ + int send_event; /\&* true if this came from a SendEvent request */ + Display *display; /\&* Display the event was read from */ + Multibuffer buffer; /\&* buffer of event */ + int state; /\&* see Clobbered constants above */ } XmbufClobberNotifyEvent; -.LP + typedef struct { - int type; /\&* of event */ - unsigned long serial; /\&* # of last request processed by server */ - int send_event; /\&* true if this came from a SendEvent request */ - Display *display; /\&* Display the event was read from */ - Multibuffer buffer; /\&* buffer of event */ + int type; /\&* of event */ + unsigned long serial; /\&* # of last request processed by server */ + int send_event; /\&* true if this came from a SendEvent request */ + Display *display; /\&* Display the event was read from */ + Multibuffer buffer; /\&* buffer of event */ } XmbufUpdateNotifyEvent; -.LP +.EE + \fIPer-window attributes that can be got:\fP + +.EX typedef struct { int displayed_index; /\&* which buffer is being displayed */ int update_action; /\&* Undefined, Background, Untouched, Copied */ @@ -150,32 +159,44 @@ int nbuffers; /\&* Number of buffers */ Multibuffer *buffers; /\&* Buffers */ } XmbufWindowAttributes; -.LP +.EE + \fIPer-window attributes that can be set:\fP + +.EX typedef struct { int update_hint; /\&* Frequent, Intermittent, Static */ } XmbufSetWindowAttributes; -.LP +.EE + \fIPer-buffer attributes that can be got:\fP + +.EX typedef struct { Window window; /\&* which window this belongs to */ unsigned long event_mask; /\&* events that have been selected */ int buffer_index; /\&* which buffer is this */ int side; /\&* Mono, Left, Right */ } XmbufBufferAttributes; -.LP +.EE + \fIPer-buffer attributes that can be set:\fP + +.EX typedef struct { unsigned long event_mask; /\&* events that have been selected */ } XmbufSetBufferAttributes; -.LP +.EE + \fIPer-screen buffer info (there will be lists of them):\fP + +.EX typedef struct { VisualID visualid; /\&* visual usable at this depth */ int max_buffers; /\&* most buffers for this visual */ int depth; /\&* depth of buffers to be created */ } XmbufBufferInfo; -.fi +.EE .SH DESCRIPTION The application programming library for the \fIX11 Double-Buffering, Multi-Buffering, and Stereo Extension\fP @@ -279,54 +300,54 @@ .SH PREDEFINED VALUES .sp Update_action field: -.in +.5i +.RS .nf .ZN MultibufferUpdateActionUndefined .ZN MultibufferUpdateActionBackground .ZN MultibufferUpdateActionUntouched .ZN MultibufferUpdateActionCopied -.in -.5i .fi +.RE .sp Update_hint field: -.in +.5i +.RS .nf .ZN MultibufferUpdateHintFrequent .ZN MultibufferUpdateHintIntermittent .ZN MultibufferUpdateHintStatic -.in -.5i -.sp .fi +.RE +.sp Valuemask fields: -.in +.5i +.RS .nf .ZN MultibufferWindowUpdateHint .ZN MultibufferBufferEventMask -.in -.5i .fi +.RE .sp Mono vs. stereo and left vs. right: -.in +.5i +.RS .nf .ZN MultibufferModeMono .ZN MultibufferModeStereo .ZN MultibufferSideMono .ZN MultibufferSideLeft .ZN MultibufferSideRight -.in -.5i .fi +.RE .sp Clobber state: -.in +.5i +.RS .nf .ZN MultibufferUnclobbered .ZN MultibufferPartiallyClobbered .ZN MultibufferFullyClobbered -.in -.5i .fi +.RE .sp Event stuff: -.in +.5i +.RS .nf .ZN MultibufferClobberNotifyMask .ZN MultibufferUpdateNotifyMask @@ -335,8 +356,8 @@ .ZN MultibufferNumberEvents .ZN MultibufferBadBuffer .ZN MultibufferNumberErrors -.in -.5i .fi +.RE .SH BUGS This manual page needs more work. .SH SEE ALSO diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/missing new/libXext-1.3.2/missing --- old/libXext-1.3.1/missing 2012-03-08 04:55:14.000000000 +0100 +++ new/libXext-1.3.2/missing 2013-05-31 23:35:22.000000000 +0200 @@ -1,11 +1,10 @@ #! /bin/sh -# Common stub for a few missing GNU programs while installing. +# Common wrapper for a few potentially missing GNU programs. -scriptversion=2009-04-28.21; # UTC +scriptversion=2012-06-26.16; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, -# 2008, 2009 Free Software Foundation, Inc. -# Originally by Fran,cois Pinard <[email protected]>, 1996. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -26,69 +25,40 @@ # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "Try '$0 --help' for more information" exit 1 fi -run=: -sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' -sed_minuso='s/.* -o \([^ ]*\).*/\1/p' - -# In the cases where this matters, `missing' is being run in the -# srcdir already. -if test -f configure.ac; then - configure_ac=configure.ac -else - configure_ac=configure.in -fi +case $1 in -msg="missing on your system" + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; -case $1 in ---run) - # Try to run requested program, and just exit if it succeeds. - run= - shift - "$@" && exit 0 - # Exit code 63 means version mismatch. This often happens - # when the user try to use an ancient version of a tool on - # a file that requires a minimum version. In this case we - # we should proceed has if the program had been absent, or - # if --run hadn't been passed. - if test $? = 63; then - run=: - msg="probably too old" - fi - ;; + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an -error status if there is no known handling for PROGRAM. +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit - --run try to run the given command, and emulate it if it fails Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`config.h.in' - autom4te touch the output file, or create a stub one - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c - help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c - makeinfo touch the output file - tar try tar, gnutar, gtar, then tar without non-portable flags - yacc create \`y.tab.[ch]', if possible, from existing .[ch] + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man -Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and -\`g' are ignored when checking the name. +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. Send bug reports to <[email protected]>." exit $? @@ -100,272 +70,141 @@ ;; -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac -# normalize program name to check for. -program=`echo "$1" | sed ' - s/^gnu-//; t - s/^gnu//; t - s/^g//; t'` - -# Now exit if we have it, but it failed. Also exit now if we -# don't have it and --version was passed (most likely to detect -# the program). This is about non-GNU programs, so use $1 not -# $program. -case $1 in - lex*|yacc*) - # Not GNU programs, they don't have --version. - ;; - - tar*) - if test -n "$run"; then - echo 1>&2 "ERROR: \`tar' requires --run" - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - exit 1 - fi - ;; +# Run the given program, remember its exit status. +"$@"; st=$? - *) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - # Could not run --version or --help. This is probably someone - # running `$TOOL --version' or `$TOOL --help' to check whether - # $TOOL exists and not knowing $TOOL uses missing. - exit 1 - fi - ;; -esac - -# If it does not exist, or fails to run (possibly an outdated version), -# try to emulate it. -case $program in - aclocal*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from - any GNU archive site." - touch aclocal.m4 - ;; - - autoconf*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU - archive site." - touch configure - ;; - - autoheader*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them - from any GNU archive site." - files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` - test -z "$files" && files="config.h" - touch_files= - for f in $files; do - case $f in - *:*) touch_files="$touch_files "`echo "$f" | - sed -e 's/^[^:]*://' -e 's/:.*//'`;; - *) touch_files="$touch_files $f.in";; - esac - done - touch $touch_files - ;; - - automake*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. - Grab them from any GNU archive site." - find . -type f -name Makefile.am -print | - sed 's/\.am$/.in/' | - while read f; do touch "$f"; done - ;; +# If it succeeded, we are done. +test $st -eq 0 && exit 0 - autom4te*) - echo 1>&2 "\ -WARNING: \`$1' is needed, but is $msg. - You might have modified some files without having the - proper tools for further handling them. - You can get \`$1' as part of \`Autoconf' from any GNU - archive site." - - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo "#! /bin/sh" - echo "# Created by GNU Automake missing as a replacement of" - echo "# $ $@" - echo "exit 0" - chmod +x $file - exit 1 - fi - ;; - - bison*|yacc*) - echo 1>&2 "\ -WARNING: \`$1' $msg. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package - in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." - rm -f y.tab.c y.tab.h - if test $# -ne 1; then - eval LASTARG="\${$#}" - case $LASTARG in - *.y) - SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" y.tab.c - fi - SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" y.tab.h - fi - ;; - esac - fi - if test ! -f y.tab.h; then - echo >y.tab.h - fi - if test ! -f y.tab.c; then - echo 'main() { return 0; }' >y.tab.c - fi - ;; - - lex*|flex*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package - in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." - rm -f lex.yy.c - if test $# -ne 1; then - eval LASTARG="\${$#}" - case $LASTARG in - *.l) - SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" lex.yy.c - fi - ;; - esac - fi - if test ! -f lex.yy.c; then - echo 'main() { return 0; }' >lex.yy.c - fi - ;; - - help2man*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." - - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo ".ab help2man is required to generate this page" - exit $? - fi - ;; - - makeinfo*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file - indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." - # The file to touch is that specified with -o ... - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -z "$file"; then - # ... or it is the one specified with @setfilename ... - infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` - file=`sed -n ' - /^@setfilename/{ - s/.* \([^ ]*\) *$/\1/ - p - q - }' $infile` - # ... or it is derived from the source name (dir/f.texi becomes f.info) - test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info - fi - # If the file does not exist, the user really needs makeinfo; - # let's fail without touching anything. - test -f $file || exit 1 - touch $file - ;; - - tar*) - shift - - # We have already tried tar in the generic part. - # Look for gnutar/gtar before invocation to avoid ugly error - # messages. - if (gnutar --version > /dev/null 2>&1); then - gnutar "$@" && exit 0 - fi - if (gtar --version > /dev/null 2>&1); then - gtar "$@" && exit 0 - fi - firstarg="$1" - if shift; then - case $firstarg in - *o*) - firstarg=`echo "$firstarg" | sed s/o//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - case $firstarg in - *h*) - firstarg=`echo "$firstarg" | sed s/h//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - fi - - echo 1>&2 "\ -WARNING: I can't seem to be able to run \`tar' with the given arguments. - You may want to install GNU tar or Free paxutils, or check the - command line arguments." - exit 1 - ;; - - *) - echo 1>&2 "\ -WARNING: \`$1' is needed, and is $msg. - You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, - it often tells you about the needed prerequisites for installing - this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." - exit 1 - ;; -esac +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi -exit 0 +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'automa4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/Makefile.am new/libXext-1.3.2/src/Makefile.am --- old/libXext-1.3.1/src/Makefile.am 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/Makefile.am 2013-05-31 23:35:08.000000000 +0200 @@ -12,6 +12,7 @@ libXext_la_LIBADD = $(XEXT_LIBS) libXext_la_SOURCES = \ + eat.h \ DPMS.c \ MITMisc.c \ XAppgroup.c \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/XEVI.c new/libXext-1.3.2/src/XEVI.c --- old/libXext-1.3.1/src/XEVI.c 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/XEVI.c 2013-05-31 23:35:08.000000000 +0200 @@ -30,6 +30,9 @@ #include <X11/extensions/Xext.h> #include <X11/extensions/extutil.h> #include <X11/Xutil.h> +#include <limits.h> +#include "eat.h" + static XExtensionInfo *xevi_info;/* needs to move to globals.c */ static const char *xevi_extension_name = EVINAME; #define XeviCheckExtension(dpy,i,val) \ @@ -163,15 +166,22 @@ return BadAccess; } Xfree(temp_visual); - sz_info = rep.n_info * sizeof(ExtendedVisualInfo); - sz_xInfo = rep.n_info * sz_xExtendedVisualInfo; - sz_conflict = rep.n_conflicts * sizeof(VisualID); - sz_xConflict = rep.n_conflicts * sz_VisualID32; - infoPtr = *evi_return = (ExtendedVisualInfo *)Xmalloc(sz_info + sz_conflict); - xInfoPtr = temp_xInfo = (xExtendedVisualInfo *)Xmalloc(sz_xInfo); - xConflictPtr = temp_conflict = (VisualID32 *)Xmalloc(sz_xConflict); + if ((rep.n_info < 65536) && (rep.n_conflicts < 65536)) { + sz_info = rep.n_info * sizeof(ExtendedVisualInfo); + sz_xInfo = rep.n_info * sz_xExtendedVisualInfo; + sz_conflict = rep.n_conflicts * sizeof(VisualID); + sz_xConflict = rep.n_conflicts * sz_VisualID32; + *evi_return = Xmalloc(sz_info + sz_conflict); + temp_xInfo = Xmalloc(sz_xInfo); + temp_conflict = Xmalloc(sz_xConflict); + } else { + sz_xInfo = sz_xConflict = 0; + *evi_return = NULL; + temp_xInfo = NULL; + temp_conflict = NULL; + } if (!*evi_return || !temp_xInfo || !temp_conflict) { - _XEatData(dpy, (sz_xInfo + sz_xConflict + 3) & ~3); + _XEatDataWords(dpy, rep.length); UnlockDisplay(dpy); SyncHandle(); if (evi_return) @@ -186,6 +196,9 @@ _XRead(dpy, (char *)temp_conflict, sz_xConflict); UnlockDisplay(dpy); SyncHandle(); + infoPtr = *evi_return; + xInfoPtr = temp_xInfo; + xConflictPtr = temp_conflict; n_data = rep.n_info; conflict = (VisualID *)(infoPtr + n_data); while (n_data-- > 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/XMultibuf.c new/libXext-1.3.2/src/XMultibuf.c --- old/libXext-1.3.1/src/XMultibuf.c 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/XMultibuf.c 2013-05-31 23:35:08.000000000 +0200 @@ -34,6 +34,7 @@ #include <X11/extensions/extutil.h> #include <X11/extensions/multibufproto.h> #include <X11/extensions/multibuf.h> +#include "eat.h" static XExtensionInfo _multibuf_info_data; static XExtensionInfo *multibuf_info = &_multibuf_info_data; @@ -408,7 +409,7 @@ attr->buffers = (Multibuffer *) Xmalloc((unsigned) nbytes); nbytes = rep.length << 2; if (! attr->buffers) { - _XEatData(dpy, (unsigned long) nbytes); + _XEatDataWords(dpy, rep.length); UnlockDisplay(dpy); SyncHandle(); return (0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/XSecurity.c new/libXext-1.3.2/src/XSecurity.c --- old/libXext-1.3.1/src/XSecurity.c 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/XSecurity.c 2013-05-31 23:35:08.000000000 +0200 @@ -33,6 +33,7 @@ #include <X11/extensions/extutil.h> #include <X11/extensions/securproto.h> #include <X11/extensions/security.h> +#include "eat.h" static XExtensionInfo _Security_info_data; static XExtensionInfo *Security_info = &_Security_info_data; @@ -282,7 +283,7 @@ } else { - _XEatData(dpy, (unsigned long) (rep.dataLength + 3) & ~3); + _XEatDataWords(dpy, rep.length); } UnlockDisplay (dpy); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/XShape.c new/libXext-1.3.2/src/XShape.c --- old/libXext-1.3.1/src/XShape.c 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/XShape.c 2013-05-31 23:35:08.000000000 +0200 @@ -35,6 +35,8 @@ #include <X11/extensions/extutil.h> #include <X11/extensions/shape.h> #include <X11/extensions/shapeproto.h> +#include <limits.h> +#include "eat.h" static XExtensionInfo _shape_info_data; static XExtensionInfo *shape_info = &_shape_info_data; @@ -442,7 +444,7 @@ xShapeGetRectanglesReply rep; XRectangle *rects; xRectangle *xrects; - int i; + unsigned int i; ShapeCheckExtension (dpy, info, (XRectangle *)NULL); @@ -460,20 +462,23 @@ *count = rep.nrects; *ordering = rep.ordering; rects = NULL; - if (*count) { - xrects = (xRectangle *) Xmalloc (*count * sizeof (xRectangle)); - rects = (XRectangle *) Xmalloc (*count * sizeof (XRectangle)); + if (rep.nrects) { + if (rep.nrects < (INT_MAX / sizeof (XRectangle))) { + xrects = Xmalloc (rep.nrects * sizeof (xRectangle)); + rects = Xmalloc (rep.nrects * sizeof (XRectangle)); + } else { + xrects = NULL; + rects = NULL; + } if (!xrects || !rects) { - if (xrects) - Xfree (xrects); - if (rects) - Xfree (rects); - _XEatData (dpy, *count * sizeof (xRectangle)); + Xfree (xrects); + Xfree (rects); + _XEatDataWords (dpy, rep.length); rects = NULL; *count = 0; } else { - _XRead (dpy, (char *) xrects, *count * sizeof (xRectangle)); - for (i = 0; i < *count; i++) { + _XRead (dpy, (char *) xrects, rep.nrects * sizeof (xRectangle)); + for (i = 0; i < rep.nrects; i++) { rects[i].x = (short) cvtINT16toInt (xrects[i].x); rects[i].y = (short) cvtINT16toInt (xrects[i].y); rects[i].width = xrects[i].width; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/XSync.c new/libXext-1.3.2/src/XSync.c --- old/libXext-1.3.1/src/XSync.c 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/XSync.c 2013-05-31 23:35:08.000000000 +0200 @@ -59,6 +59,8 @@ #include <X11/extensions/extutil.h> #include <X11/extensions/sync.h> #include <X11/extensions/syncproto.h> +#include <limits.h> +#include "eat.h" static XExtensionInfo _sync_info_data; static XExtensionInfo *sync_info = &_sync_info_data; @@ -107,8 +109,8 @@ }; #define NUM_VERSIONS (sizeof(supported_versions)/sizeof(supported_versions[0])) -#define GET_VERSION(info) ((info) ? (const SyncVersionInfo*)(info)->data : NULL) -#define IS_VERSION_SUPPORTED(info) (!!GET_VERSION(info)) +#define GET_VERSION(info) ((const SyncVersionInfo*)(info)->data) +#define IS_VERSION_SUPPORTED(info) (!!(info)) static const SyncVersionInfo* GetVersionInfo(Display *dpy) @@ -351,20 +353,29 @@ if (rep.nCounters > 0) { xSyncSystemCounter *pWireSysCounter, *pNextWireSysCounter; + xSyncSystemCounter *pLastWireSysCounter; XSyncCounter counter; - int replylen; + unsigned int replylen; int i; - list = Xmalloc(rep.nCounters * sizeof(XSyncSystemCounter)); - replylen = rep.length << 2; - pWireSysCounter = Xmalloc ((unsigned) replylen + sizeof(XSyncCounter)); - /* +1 to leave room for last counter read-ahead */ + if (rep.nCounters < (INT_MAX / sizeof(XSyncSystemCounter))) + list = Xmalloc(rep.nCounters * sizeof(XSyncSystemCounter)); + if (rep.length < (INT_MAX >> 2)) { + replylen = rep.length << 2; + pWireSysCounter = Xmalloc (replylen + sizeof(XSyncCounter)); + /* +1 to leave room for last counter read-ahead */ + pLastWireSysCounter = (xSyncSystemCounter *) + ((char *)pWireSysCounter) + replylen; + } else { + replylen = 0; + pWireSysCounter = NULL; + } if ((!list) || (!pWireSysCounter)) { - if (list) Xfree((char *) list); - if (pWireSysCounter) Xfree((char *) pWireSysCounter); - _XEatData(dpy, (unsigned long) replylen); + Xfree(list); + Xfree(pWireSysCounter); + _XEatDataWords(dpy, rep.length); list = NULL; goto bail; } @@ -387,6 +398,14 @@ pNextWireSysCounter = (xSyncSystemCounter *) (((char *)pWireSysCounter) + ((SIZEOF(xSyncSystemCounter) + pWireSysCounter->name_length + 3) & ~3)); + /* Make sure we haven't gone too far */ + if (pNextWireSysCounter > pLastWireSysCounter) { + Xfree(list); + Xfree(pWireSysCounter); + list = NULL; + goto bail; + } + counter = pNextWireSysCounter->counter; list[i].name = ((char *)pWireSysCounter) + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/Xcup.c new/libXext-1.3.2/src/Xcup.c --- old/libXext-1.3.1/src/Xcup.c 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/Xcup.c 2013-05-31 23:35:08.000000000 +0200 @@ -36,6 +36,8 @@ #include <X11/extensions/cupproto.h> #include <X11/extensions/Xext.h> #include <X11/extensions/extutil.h> +#include <limits.h> +#include "eat.h" static XExtensionInfo _xcup_info_data; static XExtensionInfo *xcup_info = &_xcup_info_data; @@ -133,18 +135,22 @@ req->xcupReqType = X_XcupGetReservedColormapEntries; req->screen = screen; if (_XReply(dpy, (xReply *)&rep, 0, xFalse)) { - long nbytes; + unsigned long nbytes; xColorItem* rbufp; - int nentries = rep.length / 3; + unsigned int nentries = rep.length / 3; - nbytes = nentries * SIZEOF (xColorItem); - if (nentries > TYP_RESERVED_ENTRIES) - rbufp = (xColorItem*) Xmalloc (nbytes); - else - rbufp = rbuf; + if (nentries < (INT_MAX / SIZEOF (xColorItem))) { + nbytes = nentries * SIZEOF (xColorItem); + + if (nentries > TYP_RESERVED_ENTRIES) + rbufp = Xmalloc (nbytes); + else + rbufp = rbuf; + } else + rbufp = NULL; if (rbufp == NULL) { - _XEatData (dpy, (unsigned long) nbytes); + _XEatDataWords(dpy, rep.length); UnlockDisplay (dpy); SyncHandle (); return False; @@ -213,27 +219,24 @@ } if (_XReply(dpy, (xReply *)&rep, 0, xFalse)) { - long nbytes; + unsigned long nbytes; xColorItem* rbufp; xColorItem* cs; - int nentries = rep.length / 3; - - nbytes = nentries * SIZEOF (xColorItem); - - if (nentries != ncolors) { - _XEatData (dpy, (unsigned long) nbytes); - UnlockDisplay (dpy); - SyncHandle (); - return False; - } + unsigned int nentries = rep.length / 3; - if (ncolors > 256) - rbufp = (xColorItem*) Xmalloc (nbytes); - else - rbufp = rbuf; + if ((nentries == ncolors) && + (nentries < (INT_MAX / SIZEOF (xColorItem)))) { + nbytes = nentries * SIZEOF (xColorItem); + + if (ncolors > 256) + rbufp = Xmalloc (nbytes); + else + rbufp = rbuf; + } else + rbufp = NULL; if (rbufp == NULL) { - _XEatData (dpy, (unsigned long) nbytes); + _XEatDataWords(dpy, rep.length); UnlockDisplay (dpy); SyncHandle (); return False; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/Xdbe.c new/libXext-1.3.2/src/Xdbe.c --- old/libXext-1.3.1/src/Xdbe.c 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/Xdbe.c 2013-05-31 23:35:08.000000000 +0200 @@ -39,6 +39,8 @@ #include <X11/extensions/extutil.h> #include <X11/extensions/Xdbe.h> #include <X11/extensions/dbeproto.h> +#include <limits.h> +#include "eat.h" static XExtensionInfo _dbe_info_data; static XExtensionInfo *dbe_info = &_dbe_info_data; @@ -352,9 +354,12 @@ *num_screens = rep.m; /* allocate list of visual information to be returned */ - if (!(scrVisInfo = - (XdbeScreenVisualInfo *)Xmalloc( - (unsigned)(*num_screens * sizeof(XdbeScreenVisualInfo))))) { + if ((*num_screens > 0) && (*num_screens < 65536)) + scrVisInfo = Xmalloc(*num_screens * sizeof(XdbeScreenVisualInfo)); + else + scrVisInfo = NULL; + if (scrVisInfo == NULL) { + _XEatDataWords(dpy, rep.length); UnlockDisplay (dpy); SyncHandle (); return NULL; @@ -362,25 +367,27 @@ for (i = 0; i < *num_screens; i++) { - int nbytes; int j; - long c; + unsigned long c; - _XRead32 (dpy, &c, sizeof(CARD32)); - scrVisInfo[i].count = c; + _XRead32 (dpy, (long *) &c, sizeof(CARD32)); - nbytes = scrVisInfo[i].count * sizeof(XdbeVisualInfo); + if (c < 65536) { + scrVisInfo[i].count = c; + scrVisInfo[i].visinfo = Xmalloc(c * sizeof(XdbeVisualInfo)); + } else + scrVisInfo[i].visinfo = NULL; /* if we can not allocate the list of visual/depth info * then free the lists that we already allocate as well * as the visual info list itself */ - if (!(scrVisInfo[i].visinfo = (XdbeVisualInfo *)Xmalloc( - (unsigned)nbytes))) { + if (scrVisInfo[i].visinfo == NULL) { for (j = 0; j < i; j++) { Xfree ((char *)scrVisInfo[j].visinfo); } Xfree ((char *)scrVisInfo); + _XEatDataWords(dpy, rep.length); UnlockDisplay (dpy); SyncHandle (); return NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/Xge.c new/libXext-1.3.2/src/Xge.c --- old/libXext-1.3.1/src/Xge.c 2012-03-08 04:54:58.000000000 +0100 +++ new/libXext-1.3.2/src/Xge.c 2013-05-31 23:35:08.000000000 +0200 @@ -218,7 +218,15 @@ XFree(xge_data); } - return XextRemoveDisplay(xge_info, dpy); + if(!XextRemoveDisplay(xge_info, dpy)) + return 0; + + if (xge_info->ndisplays == 0) { + XextDestroyExtension(xge_info); + xge_info = NULL; + } + + return 1; } /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXext-1.3.1/src/eat.h new/libXext-1.3.2/src/eat.h --- old/libXext-1.3.1/src/eat.h 1970-01-01 01:00:00.000000000 +0100 +++ new/libXext-1.3.2/src/eat.h 2013-05-31 23:35:08.000000000 +0200 @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice (including the next + * paragraph) shall be included in all copies or substantial portions of the + * Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifndef HAVE__XEATDATAWORDS +#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */ +#include <limits.h> + +static inline void _XEatDataWords(Display *dpy, unsigned long n) +{ +# ifndef LONG64 + if (n >= (ULONG_MAX >> 2)) + _XIOError(dpy); +# endif + _XEatData (dpy, n << 2); +} +#endif -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
