Hello community, here is the log from the commit of package libXtst for openSUSE:Factory checked in at 2016-11-05 21:22:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libXtst (Old) and /work/SRC/openSUSE:Factory/.libXtst.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXtst" Changes: -------- --- /work/SRC/openSUSE:Factory/libXtst/libXtst.changes 2013-06-05 11:57:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libXtst.new/libXtst.changes 2016-11-05 21:22:12.000000000 +0100 @@ -1,0 +2,12 @@ +Wed Nov 2 10:38:17 UTC 2016 - sndir...@suse.com + +- tagged baselibs.conf as source in specfile + +------------------------------------------------------------------- +Sat Oct 29 00:00:07 UTC 2016 - tobias.johannes.klausm...@mni.thm.de + +- Update to version 1.2.3: + + Remove fallback for _XEatDataWords, require libX11 1.6 for it + + Out of boundary access and endless loop in libXtst + +------------------------------------------------------------------- Old: ---- libXtst-1.2.2.tar.bz2 New: ---- libXtst-1.2.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXtst.spec ++++++ --- /var/tmp/diff_new_pack.T6wVZ9/_old 2016-11-05 21:22:13.000000000 +0100 +++ /var/tmp/diff_new_pack.T6wVZ9/_new 2016-11-05 21:22:13.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libXtst # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: libXtst %define lname libXtst6 -Version: 1.2.2 +Version: 1.2.3 Release: 0 Summary: Xlib-based client API for the XTEST and RECORD extensions License: MIT @@ -28,7 +28,7 @@ #Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXtst #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXtst/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 - +Source1: baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires: autoconf >= 2.60, automake, libtool BuildRequires: fdupes ++++++ libXtst-1.2.2.tar.bz2 -> libXtst-1.2.3.tar.bz2 ++++++ ++++ 16603 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/ChangeLog new/libXtst-1.2.3/ChangeLog --- old/libXtst-1.2.2/ChangeLog 2013-05-31 04:10:37.000000000 +0200 +++ new/libXtst-1.2.3/ChangeLog 2016-10-04 22:24:10.000000000 +0200 @@ -1,3 +1,47 @@ +commit 9f5621a410f18149d4c76b02daa7f1a98b4a2c16 +Author: Matthieu Herrb <matthieu.he...@laas.fr> +Date: Tue Oct 4 21:28:17 2016 +0200 + + libXtst 1.2.3 + + Signed-off-by: Matthieu Herrb <matthieu.he...@laas.fr> + +commit 9556ad67af3129ec4a7a4f4b54a0d59701beeae3 +Author: Tobias Stoeckmann <tob...@stoeckmann.org> +Date: Sun Sep 25 21:37:01 2016 +0200 + + Out of boundary access and endless loop in libXtst + + A lack of range checks in libXtst allows out of boundary accesses. + The checks have to be done in-place here, because it cannot be done + without in-depth knowledge of the read data. + + If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied + without a client sequence have attached data, an endless loop would + occur. The do-while-loop continues until the current index reaches + the end. But in these cases, the current index would not be + incremented, leading to an endless processing. + + Signed-off-by: Tobias Stoeckmann <tob...@stoeckmann.org> + Reviewed-by: Matthieu Herrb <matth...@herrb.eu> + +commit 48d2656fa1dd98e9d88b31211fa4f09f813e7b30 +Author: Michael Joost <m...@michael-joost.de> +Date: Mon Nov 18 16:11:26 2013 +0100 + + Remove fallback for _XEatDataWords, require libX11 1.6 for it + + _XEatDataWords was orignally introduced with the May 2013 security + patches, and in order to ease the process of delivering those, + fallback versions of _XEatDataWords were included in the X extension + library patches so they could be applied to older versions that didn't + have libX11 1.6 yet. Now that we're past that hurdle, we can drop + the fallbacks and just require libX11 1.6 for building new versions + of the extension libraries. + + Reviewed-by: Alan Coopersmith <alan.coopersm...@oracle.com> + Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> + commit cdc04f06325e55916e0c95b61db626d22b76e2ff Author: Alan Coopersmith <alan.coopersm...@oracle.com> Date: Thu May 30 19:09:42 2013 -0700 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/compile new/libXtst-1.2.3/compile --- old/libXtst-1.2.2/compile 1970-01-01 01:00:00.000000000 +0100 +++ new/libXtst-1.2.3/compile 2016-10-04 00:55:12.000000000 +0200 @@ -0,0 +1,347 @@ +#! /bin/sh +# Wrapper for compilers which do not understand '-c -o'. + +scriptversion=2012-10-14.11; # UTC + +# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Written by Tom Tromey <tro...@cygnus.com>. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to <bug-autom...@gnu.org> or send patches to +# <automake-patc...@gnu.org>. + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to <bug-autom...@gnu.org>. +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/config.h.in new/libXtst-1.2.3/config.h.in --- old/libXtst-1.2.2/config.h.in 2013-05-31 04:09:57.000000000 +0200 +++ new/libXtst-1.2.3/config.h.in 2016-10-04 21:25:55.000000000 +0200 @@ -30,9 +30,6 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to 1 if you have the `_XEatDataWords' function. */ -#undef HAVE__XEATDATAWORDS - /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #undef LT_OBJDIR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/configure.ac new/libXtst-1.2.3/configure.ac --- old/libXtst-1.2.2/configure.ac 2013-05-31 04:09:49.000000000 +0200 +++ new/libXtst-1.2.3/configure.ac 2016-10-04 21:25:18.000000000 +0200 @@ -22,7 +22,7 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXtst], [1.2.2], +AC_INIT([libXtst], [1.2.3], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXtst]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) @@ -45,13 +45,7 @@ XORG_CHECK_SGML_DOCTOOLS(1.8) # Obtain compiler/linker options for depedencies -PKG_CHECK_MODULES(XTST, x11 [xext >= 1.0.99.4] xi [recordproto >= 1.13.99.1] [xextproto >= 7.0.99.3] inputproto) - -# Check for _XEatDataWords function that may be patched into older Xlib release -SAVE_LIBS="$LIBS" -LIBS="$XTST_LIBS" -AC_CHECK_FUNCS([_XEatDataWords]) -LIBS="$SAVE_LIBS" +PKG_CHECK_MODULES(XTST, [x11 >= 1.6] [xext >= 1.0.99.4] xi [recordproto >= 1.13.99.1] [xextproto >= 7.0.99.3] inputproto) # Determine if the source for man pages is available # It may already be present (tarball) or can be generated using xmlto diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/man/XTestQueryExtension.man new/libXtst-1.2.3/man/XTestQueryExtension.man --- old/libXtst-1.2.2/man/XTestQueryExtension.man 2013-05-31 04:10:19.000000000 +0200 +++ new/libXtst-1.2.3/man/XTestQueryExtension.man 2016-10-04 21:25:56.000000000 +0200 @@ -1,7 +1,7 @@ '\" t .\" Title: XTest .\" Author: Kieron Drake -.\" Generator: DocBook XSL Stylesheets vsnapshot_9276 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> .\" Date: <pubdate>6 June 2007</pubdate> .\" Manual: XTST FUNCTIONS .\" Source: __xorgversion__ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/missing new/libXtst-1.2.3/missing --- old/libXtst-1.2.2/missing 2013-05-31 04:09:58.000000000 +0200 +++ new/libXtst-1.2.3/missing 2016-10-04 00:55:12.000000000 +0200 @@ -1,7 +1,7 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2012-06-26.16; # UTC +scriptversion=2013-10-28.13; # UTC # Copyright (C) 1996-2013 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996. @@ -160,7 +160,7 @@ ;; autom4te*) echo "You might have modified some maintainer files that require" - echo "the 'automa4te' program to be rebuilt." + echo "the 'autom4te' program to be rebuilt." program_details 'autom4te' ;; bison*|yacc*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/src/XRecord.c new/libXtst-1.2.3/src/XRecord.c --- old/libXtst-1.2.2/src/XRecord.c 2013-05-31 04:09:49.000000000 +0200 +++ new/libXtst-1.2.3/src/XRecord.c 2016-09-23 09:56:49.000000000 +0200 @@ -61,17 +61,6 @@ #include <X11/extensions/record.h> #include <limits.h> -#ifndef HAVE__XEATDATAWORDS -static inline void _XEatDataWords(Display *dpy, unsigned long n) -{ -# ifndef LONG64 - if (n >= (ULONG_MAX >> 2)) - _XIOError(dpy); -# endif - _XEatData (dpy, n << 2); -} -#endif - static XExtensionInfo _xrecord_info_data; static XExtensionInfo *xrecord_info = &_xrecord_info_data; static const char *xrecord_extension_name = RECORD_NAME; @@ -760,15 +749,23 @@ switch (rep->category) { case XRecordFromServer: if (rep->elementHeader&XRecordFromServerTime) { + if (current_index + 4 > rep->length << 2) + return Error; EXTRACT_CARD32(rep->clientSwapped, reply->buf+current_index, data->server_time); current_index += 4; } + if (current_index + 1 > rep->length << 2) + return Error; switch (reply->buf[current_index]) { case X_Reply: /* reply */ + if (current_index + 8 > rep->length << 2) + return Error; EXTRACT_CARD32(rep->clientSwapped, reply->buf+current_index+4, datum_bytes); + if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8)) + return Error; datum_bytes = (datum_bytes+8) << 2; break; default: /* error or event */ @@ -777,52 +774,73 @@ break; case XRecordFromClient: if (rep->elementHeader&XRecordFromClientTime) { + if (current_index + 4 > rep->length << 2) + return Error; EXTRACT_CARD32(rep->clientSwapped, reply->buf+current_index, data->server_time); current_index += 4; } if (rep->elementHeader&XRecordFromClientSequence) { + if (current_index + 4 > rep->length << 2) + return Error; EXTRACT_CARD32(rep->clientSwapped, reply->buf+current_index, data->client_seq); current_index += 4; } + if (current_index + 4 > rep->length<<2) + return Error; if (reply->buf[current_index+2] == 0 && reply->buf[current_index+3] == 0) /* needn't swap 0 */ { /* BIG-REQUESTS */ + if (current_index + 8 > rep->length << 2) + return Error; EXTRACT_CARD32(rep->clientSwapped, reply->buf+current_index+4, datum_bytes); } else { EXTRACT_CARD16(rep->clientSwapped, reply->buf+current_index+2, datum_bytes); } + if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2) + return Error; datum_bytes <<= 2; break; case XRecordClientStarted: + if (current_index + 8 > rep->length << 2) + return Error; EXTRACT_CARD16(rep->clientSwapped, reply->buf+current_index+6, datum_bytes); datum_bytes = (datum_bytes+2) << 2; break; case XRecordClientDied: if (rep->elementHeader&XRecordFromClientSequence) { + if (current_index + 4 > rep->length << 2) + return Error; EXTRACT_CARD32(rep->clientSwapped, reply->buf+current_index, data->client_seq); current_index += 4; - } - /* fall through */ + } else if (current_index < rep->length << 2) + return Error; + datum_bytes = 0; + break; case XRecordStartOfData: case XRecordEndOfData: + if (current_index < rep->length << 2) + return Error; datum_bytes = 0; + break; } if (datum_bytes > 0) { - if (current_index + datum_bytes > rep->length << 2) + if (INT_MAX - datum_bytes < (rep->length << 2) - current_index) { fprintf(stderr, "XRecord: %lu-byte reply claims %d-byte element (seq %lu)\n", - (long)rep->length << 2, current_index + datum_bytes, + (unsigned long)rep->length << 2, current_index + datum_bytes, dpy->last_request_read); + return Error; + } /* * This assignment (and indeed the whole buffer sharing * scheme) assumes arbitrary 4-byte boundaries are @@ -872,6 +890,12 @@ UnlockDisplay(dpy); SyncHandle(); return 0; + } + + if (rep.length > INT_MAX >> 2) { + UnlockDisplay(dpy); + SyncHandle(); + return 0; } if (rep.length > 0) {
