Hello community,
here is the log from the commit of package libXrandr for openSUSE:Factory
checked in at 2016-10-10 17:35:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libXrandr (Old)
and /work/SRC/openSUSE:Factory/.libXrandr.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXrandr"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libXrandr/libXrandr.changes 2015-12-27
01:57:37.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libXrandr.new/libXrandr.changes 2016-10-10
17:35:46.000000000 +0200
@@ -1,0 +2,9 @@
+Thu Oct 6 12:43:25 UTC 2016 - sndir...@suse.com
+
+- Update to version 1.5.1
+ * Avoid out of boundary accesses on illegal responses
+ * fix: doGetScreenResources() info: redundant null check on
+ calling free()
+ * fix: redundant null check on calling free()
+
+-------------------------------------------------------------------
Old:
----
libXrandr-1.5.0.tar.bz2
New:
----
libXrandr-1.5.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libXrandr.spec ++++++
--- /var/tmp/diff_new_pack.nS1vyE/_old 2016-10-10 17:35:47.000000000 +0200
+++ /var/tmp/diff_new_pack.nS1vyE/_new 2016-10-10 17:35:47.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libXrandr
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: libXrandr
%define lname libXrandr2
-Version: 1.5.0
+Version: 1.5.1
Release: 0
Summary: X Resize, Rotate and Reflection extension library
License: MIT
++++++ libXrandr-1.5.0.tar.bz2 -> libXrandr-1.5.1.tar.bz2 ++++++
++++ 8025 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/ChangeLog new/libXrandr-1.5.1/ChangeLog
--- old/libXrandr-1.5.0/ChangeLog 2015-05-17 06:50:04.000000000 +0200
+++ new/libXrandr-1.5.1/ChangeLog 2016-10-04 22:23:09.000000000 +0200
@@ -1,3 +1,44 @@
+commit 54ac1eb5d14636002b018607227c6d52cca0b754
+Author: Matthieu Herrb <matthieu.he...@laas.fr>
+Date: Tue Oct 4 21:23:23 2016 +0200
+
+ libXrandr 1.5.1
+
+ Signed-off-by: Matthieu Herrb <matthieu.he...@laas.fr>
+
+commit a0df3e1c7728205e5c7650b2e6dce684139254a6
+Author: Tobias Stoeckmann <tob...@stoeckmann.org>
+Date: Sun Sep 25 22:21:40 2016 +0200
+
+ Avoid out of boundary accesses on illegal responses
+
+ The responses of the connected X server have to be properly checked
+ to avoid out of boundary accesses that could otherwise be triggered
+ by a malicious server.
+
+ Signed-off-by: Tobias Stoeckmann <tob...@stoeckmann.org>
+ Reviewed-by: Matthieu Herrb <matth...@herrb.eu>
+
+commit 8ac94020b018105240ea45a87df2603d1eb5808b
+Author: walter harms <wha...@bfs.de>
+Date: Thu Jul 28 19:32:46 2016 +0200
+
+ fix: redundant null check on calling free()
+
+ janitorial patch: remove some unneeded if() before free()
+
+ Signed-off-by: Hans de Goede <hdego...@redhat.com>
+
+commit 4ed36e386b21c1a65d614d5bf2b2c82d1e74ae2e
+Author: walter harms <wha...@bfs.de>
+Date: Thu Jul 28 19:31:10 2016 +0200
+
+ fix: doGetScreenResources() info: redundant null check on calling free()
+
+ janitorial patch: remove some unneeded if() before free()
+
+ Signed-off-by: Hans de Goede <hdego...@redhat.com>
+
commit 4437436906cbba5121115e552d564262e8b4c784
Author: Keith Packard <kei...@keithp.com>
Date: Tue Dec 16 01:55:30 2014 -0800
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/INSTALL new/libXrandr-1.5.1/INSTALL
--- old/libXrandr-1.5.0/INSTALL 2015-05-17 06:50:04.000000000 +0200
+++ new/libXrandr-1.5.1/INSTALL 2016-10-04 22:23:09.000000000 +0200
@@ -1,13 +1,11 @@
Installation Instructions
*************************
-Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation,
-Inc.
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008 Free Software Foundation, Inc.
- Copying and distribution of this file, with or without modification,
-are permitted in any medium without royalty provided the copyright
-notice and this notice are preserved. This file is offered as-is,
-without warranty of any kind.
+ This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
Basic Installation
==================
@@ -15,11 +13,7 @@
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
-instructions specific to this package. Some packages provide this
-`INSTALL' file but do not implement all of the features documented
-below. The lack of an optional feature in a given package is not
-necessarily a bug. More recommendations for GNU packages can be found
-in *note Makefile Conventions: (standards)Makefile Conventions.
+instructions specific to this package.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
@@ -48,7 +42,7 @@
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
- The simplest way to compile this package is:
+The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
@@ -59,22 +53,12 @@
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
- the package, generally using the just-built uninstalled binaries.
+ the package.
4. Type `make install' to install the programs and any data files and
- documentation. When installing into a prefix owned by root, it is
- recommended that the package be configured and built as a regular
- user, and only the `make install' phase executed with root
- privileges.
-
- 5. Optionally, type `make installcheck' to repeat any self-tests, but
- this time using the binaries in their final installed location.
- This target does not install anything. Running this target as a
- regular user, particularly if the prior `make install' required
- root privileges, verifies that the installation completed
- correctly.
+ documentation.
- 6. You can remove the program binaries and object files from the
+ 5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
@@ -83,15 +67,8 @@
all sorts of other programs in order to regenerate files that came
with the distribution.
- 7. Often, you can also type `make uninstall' to remove the installed
- files again. In practice, not all packages have tested that
- uninstallation works correctly, even though it is required by the
- GNU Coding Standards.
-
- 8. Some packages, particularly those that use Automake, provide `make
- distcheck', which can by used by developers to test that all other
- targets like `make install' and `make uninstall' work correctly.
- This target is generally not run by end users.
+ 6. Often, you can also type `make uninstall' to remove the installed
+ files again.
Compilers and Options
=====================
@@ -116,8 +93,7 @@
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'. This
-is known as a "VPATH" build.
+source code in the directory that `configure' is in and in `..'.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
@@ -144,8 +120,7 @@
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX', where PREFIX must be an
-absolute file name.
+`configure' the option `--prefix=PREFIX'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
@@ -156,46 +131,15 @@
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them. In general, the
-default for these options is expressed in terms of `${prefix}', so that
-specifying just `--prefix' will affect all of the other directory
-specifications that were not explicitly provided.
-
- The most portable way to affect installation locations is to pass the
-correct locations to `configure'; however, many packages provide one or
-both of the following shortcuts of passing variable assignments to the
-`make install' command line to change installation locations without
-having to reconfigure or recompile.
-
- The first method involves providing an override variable for each
-affected directory. For example, `make install
-prefix=/alternate/directory' will choose an alternate location for all
-directory configuration variables that were expressed in terms of
-`${prefix}'. Any directories that were specified during `configure',
-but not in terms of `${prefix}', must each be overridden at install
-time for the entire installation to be relocated. The approach of
-makefile variable overrides for each directory variable is required by
-the GNU Coding Standards, and ideally causes no recompilation.
-However, some platforms have known limitations with the semantics of
-shared libraries that end up requiring recompilation when using this
-method, particularly noticeable in packages that use GNU Libtool.
-
- The second method involves providing the `DESTDIR' variable. For
-example, `make install DESTDIR=/alternate/directory' will prepend
-`/alternate/directory' before all installation names. The approach of
-`DESTDIR' overrides is not required by the GNU Coding Standards, and
-does not work on platforms that have drive letters. On the other hand,
-it does better at avoiding recompilation issues, and works well even
-when some directory options were not specified in terms of `${prefix}'
-at `configure' time.
-
-Optional Features
-=================
+you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+Optional Features
+=================
+
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
@@ -208,13 +152,6 @@
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
- Some packages offer the ability to configure how verbose the
-execution of `make' will be. For these packages, running `./configure
---enable-silent-rules' sets the default to minimal output, which can be
-overridden with `make V=1'; while running `./configure
---disable-silent-rules' sets the default to verbose, which can be
-overridden with `make V=0'.
-
Particular systems
==================
@@ -222,15 +159,10 @@
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+ ./configure CC="cc -Ae"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
- HP-UX `make' updates targets which have the same time stamps as
-their prerequisites, which makes it generally unusable when shipped
-generated files such as `configure' are involved. Use GNU `make'
-instead.
-
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
@@ -242,16 +174,6 @@
./configure CC="cc -nodtk"
- On Solaris, don't put `/usr/ucb' early in your `PATH'. This
-directory contains several dysfunctional programs; working variants of
-these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
-in your `PATH', put it _after_ `/usr/bin'.
-
- On Haiku, software installed for all users goes in `/boot/common',
-not `/usr/local'. It is recommended to use the following options:
-
- ./configure --prefix=/boot/common
-
Specifying the System Type
==========================
@@ -267,8 +189,7 @@
where SYSTEM can have one of these forms:
- OS
- KERNEL-OS
+ OS KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
@@ -356,7 +277,7 @@
`configure' can determine that directory automatically.
`--prefix=DIR'
- Use DIR as the installation prefix. *note Installation Names::
+ Use DIR as the installation prefix. *Note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/compile new/libXrandr-1.5.1/compile
--- old/libXrandr-1.5.0/compile 1970-01-01 01:00:00.000000000 +0100
+++ new/libXrandr-1.5.1/compile 2016-10-04 00:54:16.000000000 +0200
@@ -0,0 +1,347 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand '-c -o'.
+
+scriptversion=2012-10-14.11; # UTC
+
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Written by Tom Tromey <tro...@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-autom...@gnu.org> or send patches to
+# <automake-patc...@gnu.org>.
+
+nl='
+'
+
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" "" $nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+ file=$1
+ case $file in
+ / | /[!/]*) # absolute file, and not a UNC file
+ if test -z "$file_conv"; then
+ # lazily determine how to convert abs files
+ case `uname -s` in
+ MINGW*)
+ file_conv=mingw
+ ;;
+ CYGWIN*)
+ file_conv=cygwin
+ ;;
+ *)
+ file_conv=wine
+ ;;
+ esac
+ fi
+ case $file_conv/,$2, in
+ *,$file_conv,*)
+ ;;
+ mingw/*)
+ file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+ ;;
+ cygwin/*)
+ file=`cygpath -m "$file" || echo "$file"`
+ ;;
+ wine/*)
+ file=`winepath -w "$file" || echo "$file"`
+ ;;
+ esac
+ ;;
+ esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+ func_file_conv "$1"
+ if test -z "$lib_path"; then
+ lib_path=$file
+ else
+ lib_path="$lib_path;$file"
+ fi
+ linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+ lib=$1
+ found=no
+ save_IFS=$IFS
+ IFS=';'
+ for dir in $lib_path $LIB
+ do
+ IFS=$save_IFS
+ if $shared && test -f "$dir/$lib.dll.lib"; then
+ found=yes
+ lib=$dir/$lib.dll.lib
+ break
+ fi
+ if test -f "$dir/$lib.lib"; then
+ found=yes
+ lib=$dir/$lib.lib
+ break
+ fi
+ if test -f "$dir/lib$lib.a"; then
+ found=yes
+ lib=$dir/lib$lib.a
+ break
+ fi
+ done
+ IFS=$save_IFS
+
+ if test "$found" != yes; then
+ lib=$lib.lib
+ fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+ # Assume a capable shell
+ lib_path=
+ shared=:
+ linker_opts=
+ for arg
+ do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ eat=1
+ case $2 in
+ *.o | *.[oO][bB][jJ])
+ func_file_conv "$2"
+ set x "$@" -Fo"$file"
+ shift
+ ;;
+ *)
+ func_file_conv "$2"
+ set x "$@" -Fe"$file"
+ shift
+ ;;
+ esac
+ ;;
+ -I)
+ eat=1
+ func_file_conv "$2" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -I*)
+ func_file_conv "${1#-I}" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -l)
+ eat=1
+ func_cl_dashl "$2"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -l*)
+ func_cl_dashl "${1#-l}"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -L)
+ eat=1
+ func_cl_dashL "$2"
+ ;;
+ -L*)
+ func_cl_dashL "${1#-L}"
+ ;;
+ -static)
+ shared=false
+ ;;
+ -Wl,*)
+ arg=${1#-Wl,}
+ save_ifs="$IFS"; IFS=','
+ for flag in $arg; do
+ IFS="$save_ifs"
+ linker_opts="$linker_opts $flag"
+ done
+ IFS="$save_ifs"
+ ;;
+ -Xlinker)
+ eat=1
+ linker_opts="$linker_opts $2"
+ ;;
+ -*)
+ set x "$@" "$1"
+ shift
+ ;;
+ *.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+ func_file_conv "$1"
+ set x "$@" -Tp"$file"
+ shift
+ ;;
+ *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+ func_file_conv "$1" mingw
+ set x "$@" "$file"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+ done
+ if test -n "$linker_opts"; then
+ linker_opts="-link$linker_opts"
+ fi
+ exec "$@" $linker_opts
+ exit 1
+}
+
+eat=
+
+case $1 in
+ '')
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file 'INSTALL'.
+
+Report bugs to <bug-autom...@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "compile $scriptversion"
+ exit $?
+ ;;
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ func_cl_wrapper "$@" # Doesn't return...
+ ;;
+esac
+
+ofile=
+cfile=
+
+for arg
+do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ # So we strip '-o arg' only if arg is an object.
+ eat=1
+ case $2 in
+ *.o | *.obj)
+ ofile=$2
+ ;;
+ *)
+ set x "$@" -o "$2"
+ shift
+ ;;
+ esac
+ ;;
+ *.c)
+ cfile=$1
+ set x "$@" "$1"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+ # If no '-o' option was seen then we might have been invoked from a
+ # pattern rule where we don't need one. That is ok -- this is a
+ # normal compilation that the losing compiler can handle. If no
+ # '.c' file was seen then we are probably linking. That is also
+ # ok.
+ exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file. Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+ if mkdir "$lockdir" >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+ test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+ test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/configure.ac new/libXrandr-1.5.1/configure.ac
--- old/libXrandr-1.5.0/configure.ac 2015-05-17 06:39:55.000000000 +0200
+++ new/libXrandr-1.5.1/configure.ac 2016-10-04 21:14:23.000000000 +0200
@@ -29,7 +29,7 @@
# digit in the version number to track changes which don't affect the
# protocol, so Xrandr version l.n.m corresponds to protocol version l.n
#
-AC_INIT([libXrandr], [1.5.0],
+AC_INIT([libXrandr], [1.5.1],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXrandr])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/missing new/libXrandr-1.5.1/missing
--- old/libXrandr-1.5.0/missing 2015-05-17 06:40:18.000000000 +0200
+++ new/libXrandr-1.5.1/missing 2016-10-04 00:54:16.000000000 +0200
@@ -1,7 +1,7 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
-scriptversion=2012-06-26.16; # UTC
+scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996.
@@ -160,7 +160,7 @@
;;
autom4te*)
echo "You might have modified some maintainer files that require"
- echo "the 'automa4te' program to be rebuilt."
+ echo "the 'autom4te' program to be rebuilt."
program_details 'autom4te'
;;
bison*|yacc*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/src/XrrConfig.c new/libXrandr-1.5.1/src/XrrConfig.c
--- old/libXrandr-1.5.0/src/XrrConfig.c 2014-04-03 01:54:06.000000000 +0200
+++ new/libXrandr-1.5.1/src/XrrConfig.c 2016-09-25 22:18:48.000000000 +0200
@@ -29,6 +29,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -272,23 +273,30 @@
rep.rate = 0;
rep.nrateEnts = 0;
}
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytes = (long) rep.length << 2;
+ nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
+ ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
- nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
- ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
+
+ rbytes = sizeof (XRRScreenConfiguration) +
+ (rep.nSizes * sizeof (XRRScreenSize) +
+ rep.nrateEnts * sizeof (int));
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
-
- rbytes = sizeof (XRRScreenConfiguration) +
- (rep.nSizes * sizeof (XRRScreenSize) +
- rep.nrateEnts * sizeof (int));
+ scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ scp = NULL;
+ }
- scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
if (scp == NULL) {
_XEatData (dpy, (unsigned long) nbytes);
return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/src/XrrCrtc.c new/libXrandr-1.5.1/src/XrrCrtc.c
--- old/libXrandr-1.5.0/src/XrrCrtc.c 2015-05-17 06:39:55.000000000 +0200
+++ new/libXrandr-1.5.1/src/XrrCrtc.c 2016-09-23 09:56:49.000000000 +0200
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -57,22 +58,33 @@
return NULL;
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2)
+ {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nOutput * 4 +
- rep.nPossibleOutput * 4);
+ nbytesRead = (long) (rep.nOutput * 4 +
+ rep.nPossibleOutput * 4);
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
+
+ rbytes = (sizeof (XRRCrtcInfo) +
+ rep.nOutput * sizeof (RROutput) +
+ rep.nPossibleOutput * sizeof (RROutput));
- rbytes = (sizeof (XRRCrtcInfo) +
- rep.nOutput * sizeof (RROutput) +
- rep.nPossibleOutput * sizeof (RROutput));
+ xci = (XRRCrtcInfo *) Xmalloc(rbytes);
+ }
+ else
+ {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xci = NULL;
+ }
- xci = (XRRCrtcInfo *) Xmalloc(rbytes);
if (xci == NULL) {
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
@@ -194,12 +206,21 @@
if (!_XReply (dpy, (xReply *) &rep, 0, xFalse))
goto out;
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2)
+ {
+ nbytes = (long) rep.length << 2;
- /* three channels of CARD16 data */
- nbytesRead = (rep.size * 2 * 3);
+ /* three channels of CARD16 data */
+ nbytesRead = (rep.size * 2 * 3);
- crtc_gamma = XRRAllocGamma (rep.size);
+ crtc_gamma = XRRAllocGamma (rep.size);
+ }
+ else
+ {
+ nbytes = 0;
+ nbytesRead = 0;
+ crtc_gamma = NULL;
+ }
if (!crtc_gamma)
{
@@ -357,7 +378,7 @@
xRRGetCrtcTransformReq *req;
int major_version, minor_version;
XRRCrtcTransformAttributes *attr;
- char *extra = NULL, *e;
+ char *extra = NULL, *end = NULL, *e;
int p;
*attributes = NULL;
@@ -395,9 +416,17 @@
else
{
int extraBytes = rep.length * 4 - CrtcTransformExtra;
- extra = Xmalloc (extraBytes);
+ if (rep.length < INT_MAX / 4 &&
+ rep.length * 4 >= CrtcTransformExtra) {
+ extra = Xmalloc (extraBytes);
+ end = extra + extraBytes;
+ } else
+ extra = NULL;
if (!extra) {
- _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
+ if (rep.length > (CrtcTransformExtra >> 2))
+ _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >>
2));
+ else
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
@@ -429,22 +458,38 @@
e = extra;
+ if (e + rep.pendingNbytesFilter > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (attr->pendingFilter, e, rep.pendingNbytesFilter);
attr->pendingFilter[rep.pendingNbytesFilter] = '\0';
e += (rep.pendingNbytesFilter + 3) & ~3;
for (p = 0; p < rep.pendingNparamsFilter; p++) {
INT32 f;
+ if (e + 4 > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (&f, e, 4);
e += 4;
attr->pendingParams[p] = (XFixed) f;
}
attr->pendingNparams = rep.pendingNparamsFilter;
+ if (e + rep.currentNbytesFilter > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (attr->currentFilter, e, rep.currentNbytesFilter);
attr->currentFilter[rep.currentNbytesFilter] = '\0';
e += (rep.currentNbytesFilter + 3) & ~3;
for (p = 0; p < rep.currentNparamsFilter; p++) {
INT32 f;
+ if (e + 4 > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (&f, e, 4);
e += 4;
attr->currentParams[p] = (XFixed) f;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/src/XrrMonitor.c new/libXrandr-1.5.1/src/XrrMonitor.c
--- old/libXrandr-1.5.0/src/XrrMonitor.c 2015-05-17 06:39:55.000000000
+0200
+++ new/libXrandr-1.5.1/src/XrrMonitor.c 2016-09-23 09:56:49.000000000
+0200
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -65,6 +66,15 @@
return NULL;
}
+ if (rep.length > INT_MAX >> 2 ||
+ rep.nmonitors > INT_MAX / SIZEOF(xRRMonitorInfo) ||
+ rep.noutputs > INT_MAX / 4 ||
+ rep.nmonitors * SIZEOF(xRRMonitorInfo) > INT_MAX - rep.noutputs * 4) {
+ _XEatData (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
nbytes = (long) rep.length << 2;
nmon = rep.nmonitors;
noutput = rep.noutputs;
@@ -84,8 +94,8 @@
mon = Xmalloc (rbytes);
if (buf == NULL || mon == NULL) {
- if (buf != NULL) Xfree(buf);
- if (mon != NULL) Xfree(mon);
+ Xfree(buf);
+ Xfree(mon);
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
@@ -111,6 +121,14 @@
mon[m].outputs = output;
buf += SIZEOF (xRRMonitorInfo);
xoutput = (CARD32 *) buf;
+ if (xmon->noutput > rep.noutputs) {
+ Xfree(buf);
+ Xfree(mon);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ rep.noutputs -= xmon->noutput;
for (o = 0; o < xmon->noutput; o++)
output[o] = xoutput[o];
output += xmon->noutput;
@@ -194,7 +212,6 @@
void
XRRFreeMonitors(XRRMonitorInfo *monitors)
{
- if (monitors)
- Xfree(monitors);
+ Xfree(monitors);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/src/XrrOutput.c new/libXrandr-1.5.1/src/XrrOutput.c
--- old/libXrandr-1.5.0/src/XrrOutput.c 2015-05-17 06:39:55.000000000 +0200
+++ new/libXrandr-1.5.1/src/XrrOutput.c 2016-09-23 09:56:49.000000000 +0200
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -60,6 +61,16 @@
return NULL;
}
+ if (rep.length > INT_MAX >> 2 || rep.length < (OutputInfoExtra >> 2))
+ {
+ if (rep.length > (OutputInfoExtra >> 2))
+ _XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2));
+ else
+ _XEatDataWords (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
nbytes = ((long) (rep.length) << 2) - OutputInfoExtra;
nbytesRead = (long) (rep.nCrtcs * 4 +
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/src/XrrProvider.c new/libXrandr-1.5.1/src/XrrProvider.c
--- old/libXrandr-1.5.0/src/XrrProvider.c 2015-05-17 06:39:55.000000000
+0200
+++ new/libXrandr-1.5.1/src/XrrProvider.c 2016-09-23 09:56:49.000000000
+0200
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -59,12 +60,20 @@
return NULL;
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nProviders * 4);
+ nbytesRead = (long) (rep.nProviders * 4);
- rbytes = (sizeof(XRRProviderResources) + rep.nProviders *
sizeof(RRProvider));
- xrpr = (XRRProviderResources *) Xmalloc(rbytes);
+ rbytes = (sizeof(XRRProviderResources) + rep.nProviders *
+ sizeof(RRProvider));
+ xrpr = (XRRProviderResources *) Xmalloc(rbytes);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xrpr = NULL;
+ }
if (xrpr == NULL) {
_XEatDataWords (dpy, rep.length);
@@ -119,6 +128,17 @@
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
+ }
+
+ if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2)
+ {
+ if (rep.length < ProviderInfoExtra >> 2)
+ _XEatDataWords (dpy, rep.length);
+ else
+ _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
}
nbytes = ((long) rep.length << 2) - ProviderInfoExtra;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libXrandr-1.5.0/src/XrrScreen.c new/libXrandr-1.5.1/src/XrrScreen.c
--- old/libXrandr-1.5.0/src/XrrScreen.c 2015-05-17 06:39:55.000000000 +0200
+++ new/libXrandr-1.5.1/src/XrrScreen.c 2016-09-23 09:56:49.000000000 +0200
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -105,30 +106,39 @@
xrri->has_rates = _XRRHasRates (xrri->minor_version,
xrri->major_version);
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nCrtcs * 4 +
- rep.nOutputs * 4 +
- rep.nModes * SIZEOF (xRRModeInfo) +
- ((rep.nbytesNames + 3) & ~3));
-
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
-
- rbytes = (sizeof (XRRScreenResources) +
- rep.nCrtcs * sizeof (RRCrtc) +
- rep.nOutputs * sizeof (RROutput) +
- rep.nModes * sizeof (XRRModeInfo) +
- rep.nbytesNames + rep.nModes); /* '\0' terminate names */
+ nbytesRead = (long) (rep.nCrtcs * 4 +
+ rep.nOutputs * 4 +
+ rep.nModes * SIZEOF (xRRModeInfo) +
+ ((rep.nbytesNames + 3) & ~3));
+
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
+
+ rbytes = (sizeof (XRRScreenResources) +
+ rep.nCrtcs * sizeof (RRCrtc) +
+ rep.nOutputs * sizeof (RROutput) +
+ rep.nModes * sizeof (XRRModeInfo) +
+ rep.nbytesNames + rep.nModes); /* '\0' terminate names */
+
+ xrsr = (XRRScreenResources *) Xmalloc(rbytes);
+ wire_names = (char *) Xmalloc (rep.nbytesNames);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xrsr = NULL;
+ wire_names = NULL;
+ }
- xrsr = (XRRScreenResources *) Xmalloc(rbytes);
- wire_names = (char *) Xmalloc (rep.nbytesNames);
if (xrsr == NULL || wire_names == NULL) {
- if (xrsr) Xfree (xrsr);
- if (wire_names) Xfree (wire_names);
+ Xfree (xrsr);
+ Xfree (wire_names);
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
@@ -174,6 +184,14 @@
wire_name = wire_names;
for (i = 0; i < rep.nModes; i++) {
xrsr->modes[i].name = names;
+ if (xrsr->modes[i].nameLength > rep.nbytesNames) {
+ Xfree (xrsr);
+ Xfree (wire_names);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ rep.nbytesNames -= xrsr->modes[i].nameLength;
memcpy (names, wire_name, xrsr->modes[i].nameLength);
names[xrsr->modes[i].nameLength] = '\0';
names += xrsr->modes[i].nameLength + 1;
