Hello community, here is the log from the commit of package libXv for openSUSE:Factory checked in at 2013-06-05 11:58:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libXv (Old) and /work/SRC/openSUSE:Factory/.libXv.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXv" Changes: -------- --- /work/SRC/openSUSE:Factory/libXv/libXv.changes 2013-03-22 12:00:10.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libXv.new/libXv.changes 2013-06-05 11:58:10.000000000 +0200 @@ -1,0 +2,8 @@ +Sat Jun 1 20:25:05 UTC 2013 - [email protected] + +- Update to version 1.0.8: + This release delivers the fixes for the recently announced security issues + CVE-2013-1989 & CVE-2013-2066, plus a couple build configuration changes + and man page fixes. + +------------------------------------------------------------------- Old: ---- libXv-1.0.7.tar.bz2 New: ---- libXv-1.0.8.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXv.spec ++++++ --- /var/tmp/diff_new_pack.zhfYf8/_old 2013-06-05 11:58:11.000000000 +0200 +++ /var/tmp/diff_new_pack.zhfYf8/_new 2013-06-05 11:58:11.000000000 +0200 @@ -18,7 +18,7 @@ Name: libXv %define lname libXv1 -Version: 1.0.7 +Version: 1.0.8 Release: 0 Summary: X Video extension library License: MIT ++++++ libXv-1.0.7.tar.bz2 -> libXv-1.0.8.tar.bz2 ++++++ ++++ 14280 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXv-1.0.7/ChangeLog new/libXv-1.0.8/ChangeLog --- old/libXv-1.0.7/ChangeLog 2012-03-08 06:27:11.000000000 +0100 +++ new/libXv-1.0.8/ChangeLog 2013-06-01 02:51:42.000000000 +0200 @@ -1,3 +1,106 @@ +commit 179ed259e75a62e74532e36f52f3838deb2aac92 +Author: Alan Coopersmith <[email protected]> +Date: Fri May 31 17:49:24 2013 -0700 + + libXv 1.0.8 + + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 50fc4cb18069cb9450a02c13f80223ef23511409 +Author: Alan Coopersmith <[email protected]> +Date: Sat Apr 13 00:03:03 2013 -0700 + + integer overflow in XvCreateImage() [CVE-2013-1989 3/3] + + num_planes is a CARD32 and needs to be bounds checked before bit shifting + and adding to sizeof(XvImage) to come up with the total size to allocate, + to avoid integer overflow leading to underallocation and writing data from + the network past the end of the allocated buffer. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 59301c1b5095f7dc6359d5b396dbbcdee7038270 +Author: Alan Coopersmith <[email protected]> +Date: Sat Apr 13 00:03:03 2013 -0700 + + integer overflow in XvListImageFormats() [CVE-2013-1989 2/3] + + num_formats is a CARD32 and needs to be bounds checked before multiplying + by sizeof(XvImageFormatValues) to come up with the total size to allocate, + to avoid integer overflow leading to underallocation and writing data from + the network past the end of the allocated buffer. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 15ab7dec17d686c38f2c82ac23a17cac5622322a +Author: Alan Coopersmith <[email protected]> +Date: Sat Apr 13 00:16:14 2013 -0700 + + buffer overflow in XvQueryPortAttributes() [CVE-2013-2066] + + Each attribute returned in the reply includes the number of bytes + to read for its marker. We had been always trusting it, and never + validating that it wouldn't cause us to write past the end of the + buffer we allocated based on the reported text_size. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 6e1b743a276651195be3cd68dff41e38426bf3ab +Author: Alan Coopersmith <[email protected]> +Date: Sat Apr 13 00:03:03 2013 -0700 + + integer overflow in XvQueryPortAttributes() [CVE-2013-1989 1/3] + + The num_attributes & text_size members of the reply are both CARD32s + and need to be bounds checked before multiplying & adding them together + to come up with the total size to allocate, to avoid integer overflow + leading to underallocation and writing data from the network past the + end of the allocated buffer. + + Reported-by: Ilja Van Sprundel <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + +commit 79362c764a6df7e7fbe5247756bdbf60f3a58baf +Author: Alan Coopersmith <[email protected]> +Date: Sat Apr 13 00:28:34 2013 -0700 + + Use _XEatDataWords to avoid overflow of rep.length shifting + + rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds + + Signed-off-by: Alan Coopersmith <[email protected]> + +commit ed13edeac5adc2e6afcd87f63b5ae1ff9ad47958 +Author: Colin Walters <[email protected]> +Date: Wed Jan 4 17:37:06 2012 -0500 + + autogen.sh: Implement GNOME Build API + + http://people.gnome.org/~walters/docs/build-api.txt + + Signed-off-by: Adam Jackson <[email protected]> + +commit 1006d44b8674b5d9c5d7e893878776fbd34dbed2 +Author: Adam Jackson <[email protected]> +Date: Tue Jan 15 14:28:48 2013 -0500 + + configure: Remove AM_MAINTAINER_MODE + + Signed-off-by: Adam Jackson <[email protected]> + +commit ddec3b412e1d857d1a2daa75df61de377e1de9bd +Author: Thomas Klausner <[email protected]> +Date: Tue Jul 17 21:56:28 2012 +0200 + + Uppercase SH arguments. + + Signed-off-by: Thomas Klausner <[email protected]> + Reviewed-by: Alan Coopersmith <[email protected]> + Signed-off-by: Alan Coopersmith <[email protected]> + commit 0f4fa1820041394e879517abb49c0391ecc796f7 Author: Alan Coopersmith <[email protected]> Date: Wed Mar 7 21:25:38 2012 -0800 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXv-1.0.7/config.h.in new/libXv-1.0.8/config.h.in --- old/libXv-1.0.7/config.h.in 2012-03-08 06:25:54.000000000 +0100 +++ new/libXv-1.0.8/config.h.in 2013-06-01 02:49:38.000000000 +0200 @@ -30,6 +30,9 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H +/* Define to 1 if you have the `_XEatDataWords' function. */ +#undef HAVE__XEATDATAWORDS + /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #undef LT_OBJDIR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXv-1.0.7/configure.ac new/libXv-1.0.8/configure.ac --- old/libXv-1.0.7/configure.ac 2012-03-08 06:25:45.000000000 +0100 +++ new/libXv-1.0.8/configure.ac 2013-06-01 02:49:29.000000000 +0200 @@ -22,14 +22,13 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXv], [1.0.7], +AC_INIT([libXv], [1.0.8], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXv]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) # Initialize Automake AM_INIT_AUTOMAKE([foreign dist-bzip2]) -AM_MAINTAINER_MODE # Initialize libtool AC_PROG_LIBTOOL @@ -44,6 +43,12 @@ # Obtain compiler/linker options for depedencies PKG_CHECK_MODULES(XV, x11 xext xextproto videoproto) +# Check for _XEatDataWords function that may be patched into older Xlib release +SAVE_LIBS="$LIBS" +LIBS="$XV_LIBS" +AC_CHECK_FUNCS([_XEatDataWords]) +LIBS="$SAVE_LIBS" + # Allow checking code with lint, sparse, etc. XORG_WITH_LINT XORG_LINT_LIBRARY([Xv]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXv-1.0.7/man/XvListImageFormats.man new/libXv-1.0.8/man/XvListImageFormats.man --- old/libXv-1.0.7/man/XvListImageFormats.man 2012-03-08 06:25:45.000000000 +0100 +++ new/libXv-1.0.8/man/XvListImageFormats.man 2013-06-01 02:49:29.000000000 +0200 @@ -1,15 +1,15 @@ .TH XvListImageFormats __libmansuffix__ __vendorversion__ "libXv Functions" -.SH Name +.SH NAME XvListImageFormats \- return list of image formats supported by a video port .\" -.SH Syntax +.SH SYNTAX .B #include <X11/extensions/Xvlib.h> .sp .nf .BI "XvImageFormatValues * XvListImageFormats (Display *" dpy "," .BI " XvPortID " port ", int *" p_num_formats ");" .fi -.SH Arguments +.SH ARGUMENTS .\" .IP \fIdpy\fR 8 Specifies the connection to the X server. @@ -18,12 +18,12 @@ .IP \fIp_num_formats\fR 8 A pointer to where the number of formats returned in the array is written. .\" -.SH Description +.SH DESCRIPTION .BR XvListImageFormats (__libmansuffix__) returns the XvImageFormatValues supported by the specified port. This list should be freed with .BR XFree (__libmansuffix__). -.SH Returned Values +.SH RETURN VALUES XvImageFormatValues has the following structure: .EX @@ -93,15 +93,15 @@ .IP \fIscanline_order\fR 8 XvTopToBottom or XvBottomToTop. .\" -.SH Notes +.SH NOTES Since some formats (particularly some planar YUV formats) may not be completely defined by the parameters above, the guid, when available, should provide the most accurate description of the format. .\" -.SH Diagnostics +.SH DIAGNOSTICS .IP [XvBadPort] 8 Generated if the requested port does not exist. .\" -.SH See Also +.SH SEE ALSO .BR XvCreateImage (__libmansuffix__), .BR XvCreateShmImage (__libmansuffix__) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXv-1.0.7/missing new/libXv-1.0.8/missing --- old/libXv-1.0.7/missing 2012-03-08 06:25:55.000000000 +0100 +++ new/libXv-1.0.8/missing 2013-06-01 02:49:39.000000000 +0200 @@ -1,11 +1,10 @@ #! /bin/sh -# Common stub for a few missing GNU programs while installing. +# Common wrapper for a few potentially missing GNU programs. -scriptversion=2009-04-28.21; # UTC +scriptversion=2012-06-26.16; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, -# 2008, 2009 Free Software Foundation, Inc. -# Originally by Fran,cois Pinard <[email protected]>, 1996. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -26,69 +25,40 @@ # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "Try '$0 --help' for more information" exit 1 fi -run=: -sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' -sed_minuso='s/.* -o \([^ ]*\).*/\1/p' - -# In the cases where this matters, `missing' is being run in the -# srcdir already. -if test -f configure.ac; then - configure_ac=configure.ac -else - configure_ac=configure.in -fi +case $1 in -msg="missing on your system" + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; -case $1 in ---run) - # Try to run requested program, and just exit if it succeeds. - run= - shift - "$@" && exit 0 - # Exit code 63 means version mismatch. This often happens - # when the user try to use an ancient version of a tool on - # a file that requires a minimum version. In this case we - # we should proceed has if the program had been absent, or - # if --run hadn't been passed. - if test $? = 63; then - run=: - msg="probably too old" - fi - ;; + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an -error status if there is no known handling for PROGRAM. +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit - --run try to run the given command, and emulate it if it fails Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`config.h.in' - autom4te touch the output file, or create a stub one - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c - help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c - makeinfo touch the output file - tar try tar, gnutar, gtar, then tar without non-portable flags - yacc create \`y.tab.[ch]', if possible, from existing .[ch] + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man -Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and -\`g' are ignored when checking the name. +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. Send bug reports to <[email protected]>." exit $? @@ -100,272 +70,141 @@ ;; -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac -# normalize program name to check for. -program=`echo "$1" | sed ' - s/^gnu-//; t - s/^gnu//; t - s/^g//; t'` - -# Now exit if we have it, but it failed. Also exit now if we -# don't have it and --version was passed (most likely to detect -# the program). This is about non-GNU programs, so use $1 not -# $program. -case $1 in - lex*|yacc*) - # Not GNU programs, they don't have --version. - ;; - - tar*) - if test -n "$run"; then - echo 1>&2 "ERROR: \`tar' requires --run" - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - exit 1 - fi - ;; +# Run the given program, remember its exit status. +"$@"; st=$? - *) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - # Could not run --version or --help. This is probably someone - # running `$TOOL --version' or `$TOOL --help' to check whether - # $TOOL exists and not knowing $TOOL uses missing. - exit 1 - fi - ;; -esac - -# If it does not exist, or fails to run (possibly an outdated version), -# try to emulate it. -case $program in - aclocal*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from - any GNU archive site." - touch aclocal.m4 - ;; - - autoconf*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU - archive site." - touch configure - ;; - - autoheader*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them - from any GNU archive site." - files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` - test -z "$files" && files="config.h" - touch_files= - for f in $files; do - case $f in - *:*) touch_files="$touch_files "`echo "$f" | - sed -e 's/^[^:]*://' -e 's/:.*//'`;; - *) touch_files="$touch_files $f.in";; - esac - done - touch $touch_files - ;; - - automake*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. - Grab them from any GNU archive site." - find . -type f -name Makefile.am -print | - sed 's/\.am$/.in/' | - while read f; do touch "$f"; done - ;; +# If it succeeded, we are done. +test $st -eq 0 && exit 0 - autom4te*) - echo 1>&2 "\ -WARNING: \`$1' is needed, but is $msg. - You might have modified some files without having the - proper tools for further handling them. - You can get \`$1' as part of \`Autoconf' from any GNU - archive site." - - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo "#! /bin/sh" - echo "# Created by GNU Automake missing as a replacement of" - echo "# $ $@" - echo "exit 0" - chmod +x $file - exit 1 - fi - ;; - - bison*|yacc*) - echo 1>&2 "\ -WARNING: \`$1' $msg. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package - in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." - rm -f y.tab.c y.tab.h - if test $# -ne 1; then - eval LASTARG="\${$#}" - case $LASTARG in - *.y) - SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" y.tab.c - fi - SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" y.tab.h - fi - ;; - esac - fi - if test ! -f y.tab.h; then - echo >y.tab.h - fi - if test ! -f y.tab.c; then - echo 'main() { return 0; }' >y.tab.c - fi - ;; - - lex*|flex*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package - in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." - rm -f lex.yy.c - if test $# -ne 1; then - eval LASTARG="\${$#}" - case $LASTARG in - *.l) - SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" lex.yy.c - fi - ;; - esac - fi - if test ! -f lex.yy.c; then - echo 'main() { return 0; }' >lex.yy.c - fi - ;; - - help2man*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." - - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo ".ab help2man is required to generate this page" - exit $? - fi - ;; - - makeinfo*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file - indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." - # The file to touch is that specified with -o ... - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -z "$file"; then - # ... or it is the one specified with @setfilename ... - infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` - file=`sed -n ' - /^@setfilename/{ - s/.* \([^ ]*\) *$/\1/ - p - q - }' $infile` - # ... or it is derived from the source name (dir/f.texi becomes f.info) - test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info - fi - # If the file does not exist, the user really needs makeinfo; - # let's fail without touching anything. - test -f $file || exit 1 - touch $file - ;; - - tar*) - shift - - # We have already tried tar in the generic part. - # Look for gnutar/gtar before invocation to avoid ugly error - # messages. - if (gnutar --version > /dev/null 2>&1); then - gnutar "$@" && exit 0 - fi - if (gtar --version > /dev/null 2>&1); then - gtar "$@" && exit 0 - fi - firstarg="$1" - if shift; then - case $firstarg in - *o*) - firstarg=`echo "$firstarg" | sed s/o//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - case $firstarg in - *h*) - firstarg=`echo "$firstarg" | sed s/h//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - fi - - echo 1>&2 "\ -WARNING: I can't seem to be able to run \`tar' with the given arguments. - You may want to install GNU tar or Free paxutils, or check the - command line arguments." - exit 1 - ;; - - *) - echo 1>&2 "\ -WARNING: \`$1' is needed, and is $msg. - You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, - it often tells you about the needed prerequisites for installing - this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." - exit 1 - ;; -esac +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi -exit 0 +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'automa4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXv-1.0.7/src/Xv.c new/libXv-1.0.8/src/Xv.c --- old/libXv-1.0.7/src/Xv.c 2012-03-08 06:25:45.000000000 +0100 +++ new/libXv-1.0.8/src/Xv.c 2013-06-01 02:49:29.000000000 +0200 @@ -49,11 +49,27 @@ ** */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include <stdio.h> #include "Xvlibint.h" #include <X11/extensions/Xext.h> #include <X11/extensions/extutil.h> #include <X11/extensions/XShm.h> +#include <limits.h> + +#ifndef HAVE__XEATDATAWORDS +static inline void _XEatDataWords(Display *dpy, unsigned long n) +{ +# ifndef LONG64 + if (n >= (ULONG_MAX >> 2)) + _XIOError(dpy); +# endif + _XEatData (dpy, n << 2); +} +#endif static XExtensionInfo _xv_info_data; static XExtensionInfo *xv_info = &_xv_info_data; @@ -835,25 +851,37 @@ } if(rep.num_attributes) { - int size = (rep.num_attributes * sizeof(XvAttribute)) + rep.text_size; + unsigned long size; + /* limit each part to no more than one half the max size */ + if ((rep.num_attributes < ((INT_MAX / 2) / sizeof(XvAttribute))) && + (rep.text_size < (INT_MAX / 2))) { + size = (rep.num_attributes * sizeof(XvAttribute)) + rep.text_size; + ret = Xmalloc(size); + } - if((ret = Xmalloc(size))) { + if (ret != NULL) { char* marker = (char*)(&ret[rep.num_attributes]); xvAttributeInfo Info; int i; + /* keep track of remaining room for text strings */ + size = rep.text_size; + for(i = 0; i < rep.num_attributes; i++) { _XRead(dpy, (char*)(&Info), sz_xvAttributeInfo); ret[i].flags = (int)Info.flags; ret[i].min_value = Info.min; ret[i].max_value = Info.max; ret[i].name = marker; - _XRead(dpy, marker, Info.size); - marker += Info.size; + if (Info.size <= size) { + _XRead(dpy, marker, Info.size); + marker += Info.size; + size -= Info.size; + } (*num)++; } } else - _XEatData(dpy, rep.length << 2); + _XEatDataWords(dpy, rep.length); } UnlockDisplay(dpy); @@ -890,9 +918,10 @@ } if(rep.num_formats) { - int size = (rep.num_formats * sizeof(XvImageFormatValues)); + if (rep.num_formats < (INT_MAX / sizeof(XvImageFormatValues))) + ret = Xmalloc(rep.num_formats * sizeof(XvImageFormatValues)); - if((ret = Xmalloc(size))) { + if (ret != NULL) { xvImageFormatInfo Info; int i; @@ -923,7 +952,7 @@ (*num)++; } } else - _XEatData(dpy, rep.length << 2); + _XEatDataWords(dpy, rep.length); } UnlockDisplay(dpy); @@ -963,7 +992,10 @@ return NULL; } - if((ret = (XvImage*)Xmalloc(sizeof(XvImage) + (rep.num_planes << 3)))) { + if (rep.num_planes < ((INT_MAX >> 3) - sizeof(XvImage))) + ret = Xmalloc(sizeof(XvImage) + (rep.num_planes << 3)); + + if (ret != NULL) { ret->id = id; ret->width = rep.width; ret->height = rep.height; @@ -976,7 +1008,7 @@ _XRead(dpy, (char*)(ret->pitches), rep.num_planes << 2); _XRead(dpy, (char*)(ret->offsets), rep.num_planes << 2); } else - _XEatData(dpy, rep.length << 2); + _XEatDataWords(dpy, rep.length); UnlockDisplay(dpy); SyncHandle(); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
